Age | Commit message (Collapse) | Author | Files | Lines |
|
Prevent malicious packets with spoofed embedded IPv4 addresses
by limiting the IPv6 ingress packets to known MAP-T domains.
Drop spoofed packets.
Add several tests that ensure spoofing isn't allowed.
Type: fix
Fixes: fc7344f9be
Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2
Signed-off-by: Jon Loeliger <jdl@netgate.com>
(cherry picked from commit 65866f03d96bd41b99b1c823ea6f38cd77fac58c)
|
|
Type: fix
Change-Id: Ib823d016c64998779fb1d00b8aad3acb5e8340be
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 30928f87a3c9d98e288d1364d50c032e052e69ab)
|
|
Steps to reproduce VPP crash:
1. configure localsid End behavior
2. ping the localsid address
Type: fix
Signed-off-by: Ignas Bacius <ignas@noia.network>
Change-Id: Id780e0875ec9cdb25252217990919fb3dddbf06a
(cherry picked from commit bd5c49a1615e36260a86184d087b5b47a5e747be)
|
|
"classify filter trace ... " and "classify filter pcap ..." are
mutually exclusive.
vnet_pcap_dispatch_trace_configure needs to check for
set->table_indices == NULL.
Type: fix
Ticket: VPP-1827
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I43733364087ffb0a43de92e450955033431d559d
(cherry picked from commit 196fce2b62c0d215722dd233aa8bf70a43aa0a66)
|
|
For ip4 tcp, ip6 tcp, and ip6 udp packet, we set checksum = 0 prior to
computing the checksum. We missed ip4 udp case. This oversight requires all
clients to set udp->checksum = 0 if ip4 udp checksum offload is needed.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic608811e82099f3bec469e123671e9b281f38d76
(cherry picked from commit 03328ec8bb86b93fa70bb6b2a9b37c40e686a1f7)
|
|
The 'tag' parameter is expected to be a NULL-terminated C-string in
callees:
- make sure it is null-terminated in both API and CLI cases
- do not allocate & copy the string into a non-NULL-terminated vector
in API case
- fix leak in CLI case
Type: fix
Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 3b37125bdb0251181f90a429a4532b339711cf89)
|
|
Call session queue node with the right node runtime instead of the
pre-input node runtime.
Type: fix
Change-Id: I43d20bed4930fc877b187ce7ecdce62034b393c5
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 2d8829cbb5f3d214fbc09bf4258573659e0c5e60)
|
|
Type: fix
Change-Id: I3d24a7973c7113ffeb9109e89cda7fa960e73a5b
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit ddb90a063cb3fa797257d8a632cba8cf2a01a455)
|
|
Type: fix
Change-Id: I5d47cb9bc7eb7f3c8485e3b42f0701e81d87ba2a
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit c0c4eec3bc309bcc656eade82f17754875f9ed7c)
|
|
Type: fix
Change-Id: I6a48a6c14bfb84b3460e8211021bc9df6e915dba
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit cd681adab40f49d1305144b6bbbd5118e63a2805)
|
|
Currently if user want to set ip4 address to the api, it must convert to ip6
format, e.g. user want to ip4 "90.1.2.1" but must convert to "::5A01:0201",
it is not acceptable, this fix solved the issue.
Ticket: FDIO-753
Type: fix
Change-Id: I2ffa5a3d38400ee176cf601421074f71fc395f03
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
(cherry picked from commit db43bb6af78c33e47d29889b047cced4b11fe4d7)
|
|
Return FIB table_id instead of vrf_index to clients
Type: fix
Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com>
Change-Id: I76a97bad3ecd3ac8eb045efb1657eaa90c2a57b6
(cherry picked from commit 13e6fce7c5b3a16a6af0b27fc259ef3f65d8c861)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I69c245cb0e3f6d599a3270a485fa0a5845cde8eb
(cherry picked from commit 56cef059ef44434efe26d523caec1bb0af9c1d3b)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib6d0387076a4bb0b52e4cdfdcd62b6060b704fe6
(cherry picked from commit 6e3c1f8ec3faa8f0cad591fada32ad2f506ec0a0)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7f2233eb9bf3d81a697f76ba985083cf1040e2e9
(cherry picked from commit ff2fad1701d8274d602cc46f3f2323154d96dc9f)
|
|
Fixing compilation issuues for 32-bit also setting init flag for shm based bihash
Type: fix
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Ic2072c5ba7fc77d061ca9f1b844a71f6e22e58b2
(cherry picked from commit f0bae64f6fd4c410c19f6ece688443f389932688)
|
|
Two modules in vnet include vpp/app/version.h but there is
no explicit build dependency for this generated file. This
leaves a race condition in the build system that the Coverity
build has recently started triggering.
Change-Id: I8e2bb32feeb16e1bdd8efb0d2633cfdba60f51aa
Type: fix
Signed-off-by: Chris Luke <chrisy@flirble.org>
(cherry picked from commit c171d01cdb5183c8bf640951e94af6b1fd5e3efc)
|
|
Type: fix
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
Change-Id: I3b8755831d762abf51e1cbe1b57024f9297de9a4
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
(cherry picked from commit 79bfb9e09c7bf2072d34b2ed6159ba11815dab3a)
|
|
Type: fix
Change-Id: Iab7c65614c94497e8ec5a96624be72c1a139e486
Signed-off-by: Yu Ping <ping.yu@intel.com>
(cherry picked from commit d63b356bdf29fbb80f810d341dcaf8f5f92121c1)
|
|
All translated ICMPv6 packets that exceed the minimal IPv6 MTU get
truncated but according to RFC 4443 2.4 only ICMPv6 error messages
(type < 128) need to be truncated.
With this commit, truncate only ICMPv6 error messages.
Type: fix
Change-Id: Ic455352de2ff4ff6aa3421b46a2a54923f2d3f80
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit 180210f99b74b97b127b7800bdc7bd243713cbf4)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9afba8dc9e087b8c436fe568531c02614a577a7c
(cherry picked from commit c95eefb393d05167ce6e35e5617179f536de0bda)
|
|
n_retry was never decremented and so never enforced.
Type: fix
Change-Id: I71d60a72c156286f7e5b82b1c77a723361317c69
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 207a1633094526697729f322269b937f841aaf47)
|
|
Type: fix
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I266fa5dc637383fd8dac6592c9c266a1b70a73e9
(cherry picked from commit 629e268aa171a8bc03fb93fc995725b78ae64063)
|
|
Type: fix
Change-Id: Id1602981fcc6efed1b0efe79a1fc8177457acdb5
Signed-off-by: Yu Ping <ping.yu@intel.com>
(cherry picked from commit 1c6486f7b8a00a1358d5c8f4ea1d874073bbcd6c)
|
|
Type: fix
Fixes: be2286b0
This patch does following:
- If terminating frame has consecutive packets with same source IP, this patch
avoids fib lookup for those packets in ip4-local node. This drops cycle count
for ip4-local node on both ARM and x86. It being done by enabling dead code in
else {} case of ip4_local_check_src_x2() and ip4_local_check_src() functions.
- In case all packets in terminating frame have unique source IP (e.g:
incrementing), ip4-local is costlier by 2 cycles (broadwell)
Change-Id: I472ddc324716cec8bfe601568b8aeb7565f97ab3
Signed-off-by: Nitin Saxena <nsaxena@marvell.com>
(cherry picked from commit 2d18d2ea9f0e3d6c47d365ec135af651b14e8165)
|
|
Type: fix
Change-Id: I684910837ca4d9c8a07262459158bbb0423a33af
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
(cherry picked from commit d3d7ef5ec828ec895c6f90090118782e497b9084)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I166ab7b96444587a3252925d3a28505e0db52d74
(cherry picked from commit 87b0c892947006cbfa80fd2af15e8edb4029f327)
|
|
Type: fix
Persist and retransmit can pop at the same time.
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia9530645cc84c83a881a75d7b4627197dc50ed29
(cherry picked from commit a6696719cb9fcd8ab54a5007e91dac6aeffe4e70)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3c70b331932708a1b773392e089aed9dba9b3b31
(cherry picked from commit edf1da94dc099c6e2ab1d455ce8652fada3cdb04)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id12b0a9b8bc47aef8b393544e5b4c8228ed6a606
(cherry picked from commit 479f7fec6a876bf06f6007c03fd7b9fa3404df54)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I93577acf559a8fa639aab7ec3f7cdbe7df9a248d
(cherry picked from commit 42ddf69ed0560cff70a2f3fafc732fc5a33255c0)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I706c8642ca0877430a42cc0ca5bc61a45428fc98
(cherry picked from commit e4a08c1f3bf58670ff94382b2821518ad954a854)
|
|
The path must be next-to-impossible to hit, because the code has been
wrong for at least 5 years.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I23b8c4e1631827e7931f353c561c1e19c596c598
(cherry picked from commit 5c944eef7012e7c5b363399ed92966fb659196b7)
|
|
Type: fix
Change-Id: I8cfb48bd7f92689b296861dd368186408918061b
Signed-off-by: Yu Ping <ping.yu@intel.com>
(cherry picked from commit a9ed934745403461834b4361f06bd3865682f368)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6f7fb91e059996ff702eb9c36e3abaed237fe221
(cherry picked from commit 067f8f963d64b1cbc70f2b78ebd2c6d3791e7d22)
|
|
Type: fix
Change-Id: Ieab35bbfba81faae61b1267d8661df5195877824
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 2f04cb9f142abef82cd379432cecdafef9e776db)
|
|
Type: fix
Change-Id: I0cac9001290e7ed4e2e318ae62c56e97ec75a3db
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit fea813ae3de5343a2bc91306fddf6dbd1832f93d)
|
|
Type: fix
Call trace of LDBG:
LDBG->clib_warning->_clib_error->dispatch_message->os_puts->writev
However, writev will hijacked by LDP, and then execute following code:
if ((errno = -ldp_init ()))
return -1;
Now, errno will be set.
Because we always call LDBG just before return from ldp_accept4, listen,
and etc. So errno will be overwritted after LDBG called.
Signed-off-by: hanlin <hanlin_wang@163.com>
Change-Id: I7a90f3a14772994f11f09650481411796e3f5630
(cherry picked from commit 9f3f18f99fd321cdcfc331e92b10b64f0ef590b3)
|
|
event
Type: fix
When we call epoll_ctl to add or mod fd with EPOLLOUT event, mostly to
check if we can write. So we expect a EPOLLOUT event should be generated
immediately unless tx queue is full.
Signed-off-by: hanlin <hanlin_wang@163.com>
Change-Id: Ie99986a44dbb07b6ff2fba6512171056f79e77bd
(cherry picked from commit 475c9d7bcd0f2ceca77022eaef67ad9a84365609)
|
|
Type: fix
Change-Id: Iead1303ca3dec7593eb3ce54f291b82d94c821a4
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 1de7167e7a12a80cc5996959aeb1fbe4b2853ccb)
|
|
Someone much more knowledgeable than I wrote:
For L3 IP forwarding, any VLAN tags on a packet must be exact
match to a sub-interface which means both outer and inner VLAN
tag IDs must be exact-matched to specific values defined of that
sub-interface. Without exact match on a L3 sub-interface, VPP
has no mechanism to know what VLAN tags to use for packet output,
such as ARP request packets or IP packets, on that sub-interface.
Thus, sub-interface with "inner-dot1q any" is not an exact match
sub-interface by definition since no match is present on inner
tag.
While in the area, fix a memory leak that would ensue on poorly
configured interfaces.
Change-Id: I8d17a96dbca3e3724c297ecc935ca61764e6ce2e
Type: fix
Signed-off-by: Jon Loeliger <jdl@netgate.com>
(cherry picked from commit b22e1f06bbebc48ec72ce8effa529e69ffbb12ca)
|
|
Type: make
Change-Id: If822c85d6ff26982516ea1d597ca81aa84773b2b
Signed-off-by: Damjan Marion <damarion@cisco.com>
(cherry picked from commit 2baa115da3b752cd7e44cc477f2c45bda22d444b)
|
|
RR sourcing the destination FIB entry limits the number of tunnels
to 255 for a particular destination. This change removes this limit.
Type: fix
The patch is based on 1f50bf8fc57ebf78f9056185a342493be460a847
that introduced the FIB entry tracking but did not update
the gtpu plugin.
Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
Change-Id: I8a4a87382a6eb5120e2bb65b9bc3c446bbfdbd3b
(cherry picked from commit 75c72369186f6341a13374d2dd6e60ce3c7a88a6)
|
|
It's not typical for a program to core when it receives a SIGINT, so
keep this from happening.
Type: fix
Signed-off-by: Christian E. Hopps <chopps@chopps.org>
Change-Id: I2c15985a57e6ea898ff05c4001e4b30b41154eba
(cherry picked from commit 10a8bda37eed33ada1e7c6ece7bda1fe066ba541)
|
|
Fix pg code to close it's open file descriptors before zero'ing the
pcap_main structure for re-use.
Ticket: VPP-1780
Type: fix
Signed-off-by: Christian E. Hopps <chopps@chopps.org>
Change-Id: I32945c6476ae83b8d210ee67ac78db3e8f786f46
(cherry picked from commit 19871f25394fa9a4bfb55006092cbcc28b446c04)
|
|
Type: fix
"# <feature-name>: <subject>
Change-Id: I8b6b6b8c70faec7cd95e1842259e907fb9587017
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
(cherry picked from commit 0812aea046209dc990ec704258570f46d3fa74c8)
|
|
Type: fix
Change-Id: Id53eb6ed15f270d747b9831a7b585cbafe515dd2
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
(cherry picked from commit 5fb2278cb8badbbfe727acbdcaeda008a7fd2833)
|
|
Make the help string consistent with the cli parser.
Type: fix
Change-Id: I7140bd589c2a94dbf5af5cc633cb495457a6af22
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
(cherry picked from commit 32c4d38f7ac6fe22abb0b4859f6075bb9b661773)
|
|
DBGvpp# set interface feature local0 arp-foo arc bad-arc
set interface feature: Unknown arc name (bad-arc)...
DBGvpp# set interface feature local0 arp-foo arc arp
set interface feature: Feature (arp-foo) not registered to arc (arp)...
See 'show features verbose' for valid feature/arc combinations.
DBGvpp# set interface feature local0 arp-disabled arc arp
Type: fix
Change-Id: I036bb2a75dd2d40f6901e4fde3eb14925238e19b
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
(cherry picked from commit a4e2e7cc95250220e0d892eb11dcc0adc9fd7e22)
|
|
Type: fix
Change-Id: Idf694477c18852e5541c28a493a56b302122e46c
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
(cherry picked from commit baa171041bc950f192c147f7b79a8add2299b74a)
|