| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Previously it was linked and worker properly. While rdma build
was simplified, link was lost so all encrypted data won't pass
via Mellanox interfaces(ipsec, ipip, ssh etc) and NetVSC taps
won't created the right way.
Errors:
mlx5_common: Verbs device not found: 21a5:00:02.0
mlx5_common: Failed to initialize device context.
EAL: Requested device 21a5:00:02.0 cannot be used
Tested on Azure. Same errors appears on physical machine with
Mellanox connect adapter
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Ib68976282e0ed91c016a7318db6b5eddf5510c47
(cherry picked from commit 413447451e3f842815f45bae5d3cd3f87a0876e5)
|
|
While before the my_client_index variable was stored as global variable
in api_main_t, after commit 2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f
the my_client_index becomes part of vapi_ctx_t.
Each API client (internal/external) connected to VPP stores its
client index in vapi_ctx_t.
The issue is in the client disconnection. The vapi_disconnect is
untouched in patch 2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f,
so it keeps the behavior of using the my_client_index stored
in api_main_t.
Ticket: VPP-2069
Type: fix
Fixes: 2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Change-Id: Idf8c1d1056cbd631cc3057cf7acc486216fa8303
(cherry picked from commit 8c626b41eaab5c74e7e023205f1c6cd655d40f44)
|
|
the batch
Type: fix
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Icd1e43a5764496784c355c93066273435f16dd35
(cherry picked from commit fe2d23f916d1991f4a1a8384eae41b5cceb80189)
|
|
The documentation for the cnat plugin is highly outdated specially on
the snat section.
Type: docs
Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com>
Change-Id: I30b0c6295d3c812b636374753af3c37f29b0cc53
(cherry picked from commit 938bff8084d6f79b368fabd4a60b49117cad11be)
|
|
fixes coverity 282527
Type: fix
Fixes: fecb2524ab
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I9ac72c3802e66369a8f24c92451e33f22c058f24
(cherry picked from commit 0d36720f8d28964be2df32d354583047b6194e14)
|
|
When there are several workers, iterator can and will skip
head iterator and it will last until BARRIER_SYNC_TIMEOUT won't
expire and will cause SIGABRT with `worker thread deadlock`
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Id4def4d5894e077ae27592367b141ecd822e86af
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 65bff88c3671ec6ee561e70f17c60ea9784a39dd)
|
|
Type: fix
fixes: 561ae5d
Change-Id: I0d98f5b43bc9ab5d31463b285177a11a10b864d2
Signed-off-by: Damjan Marion <dmarion@me.com>
(cherry picked from commit fecb2524ab71b105422a9a4377429c1871220234)
|
|
otherwise the next time the counter is validated this is dangling.
Type: fix
Fixes: 58fd481d73
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ifa8d5ff27175cf6dfb30cbf023fa3251fe5c780e
(cherry picked from commit 80c0ae24378f249b3be9a02774d844c13143cd99)
|
|
Change-Id: I2040b560b2a00f8bd176ae6ad46035678a2b249e
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
(cherry picked from commit 45e4e9444d961351178ee108b20525a9c929902d)
|
|
The previous patch[37164] was a bit flawed.
Type: fix
Signed-off-by: Yacan Liu <liuyacan@corp.netease.com>
Change-Id: Ia9d8b9c7853e8f4b960ce7de26d0384243deb667
(cherry picked from commit ab15770ec63367498dd277c83a577a52594953e8)
|
|
Type: docs
Change-Id: Icfa2bdc9367f8438b53da7c89caec263ed6ab056
Signed-off-by: Filip Varga <fivarga@cisco.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
This adds the ability to specify we want an IPv4 route via an IPv6 adj
and vice-versa.
Type: improvement
Change-Id: I5f7f1ab89fc60244d31c26155bbd9b0db690257c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
When manually adding neighbor entries for proxy-arp, those will be
fib-adj entries. Check for proxy-arp instead of dropping immediately.
Type: improvement
Change-Id: Id311159f2966c99719dc2a67d4d2bc92bf366029
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
When ESTABLISHED TCP connection is terminated by an RST packet,
EPOLLHUP + EPOLLRDHUP would be updeliever by VCL. If not using
VPP, app would receive EPOLLHUP + EPOLLERR + EPOLLIN(if requested) +
EPOLLRDHUP(if requested).
libevent will interpret the two cases as different EV combinations.
Below is the code snippet for libevent v2.12:
if (what & EPOLLERR) {
ev = EV_READ | EV_WRITE;
} else if ((what & EPOLLHUP) && !(what & EPOLLRDHUP)) {
ev = EV_READ | EV_WRITE;
} else {
if (what & EPOLLIN)
ev |= EV_READ;
if (what & EPOLLOUT)
ev |= EV_WRITE;
if (what & EPOLLRDHUP)
ev |= EV_CLOSED;
}
Type: fix
Signed-off-by: Yacan Liu <liuyacan@corp.netease.com>
Change-Id: Ice3d2861183b6ea499f66b727bbe175eeae5cb05
|
|
Type: fix
Change-Id: Ib127331507724f853071e66ca1ddfc773a8ed200
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
It's known there're one or more 32-bit increments in the ip
header. So just check ip router alert option length with minimal
performance impact, and don't care of the total options length.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I46dd06516f793846b931a1dc8612f2735f8d24d3
|
|
Also check for non-zero rpath length in CLI cmd.
While there, no need to use "else" after a return.
Also while there, notice and fix numerous input_line
buffer leaks and fix them.
Type: fix
Fixes: 669d07dc016757b856e1014a415996cf9f0ebc58
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I18ea44b7b82e8938c3e793e7c2a04dfe157076d8
|
|
Type: fix
Change-Id: I4eb2a7190de90553c91133f940e068ed649120cb
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
If an attempt is made to delete a teib entry and the entry does not
exist, a message is logged. The format string contained an extra "%U",
which results in a segv.
Change-Id: I9b1d6ba63601982ba6ac8607cf710e34c311702a
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
When we follow arp feature arc for proxy-arp, we should still update
the error reason in case proxy-arp cannot handle the arp request and
drops it.
Type: improvement
Change-Id: I046df017ca2056cfc12af0f0a968b401058bcd6d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
If unrecognized input was provided to the commands which add or delete a
pair, the error message was being created incorrectly and only displayed
something like "unknown input `'". Provide the correct argument to
format_unformat_error so that the actual unrecognized input is printed.
There also was no error or useful information printed if only the base
command were provided without any additional arguments. This should
print a warning about what required data was missing. Reorganize code to
handle this and to make sure that memory gets freed appropriately.
Change-Id: If454714f50cf41b3b56cfadfbf017f1d160e13a4
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Handle the case of the mapping not being found by GID.
Type: fix
Change-Id: Ibce3b9e8419c0dddca97b4d0d5a71f25dfd529d8
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I21a701a556b88a9d81f0e074a59fa34b3746b1d9
|
|
add hugepage for vcl configure and svm
Type: feature
Signed-off-by: Junfeng Wang <drenfong.wang@intel.com>
Change-Id: I6a8905e3fec23d840e629114b1e5a403d0a258ef
|
|
add dma support to session, acclerate host-stack with dma
Type: feature
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Signed-off-by: Junfeng Wang <drenfong.wang@intel.com>
Change-Id: I3d492921d69d9e3e0b34d33adc33fba3bde9e1cc
|
|
If one attempts to add a pattern with zero length, first time
it will succeed, and the second time it will cause an invalid memcmp call.
Solution: do not allow to add zero-length patterns.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ic08e021486153be605a4b12a2fe4422307bf68d2
|
|
The number of available dynamic ports is set to (0xffff - 1024) =
64511, which is not divisable by the pow2 number of workers - the
only integer divisors are 31 and 2081.
So, total dynamic port range of all workers will be less than it:
1 wrk: n = (port_per_thread = 64511/1)*1 = 64511 + 1025 = 65536
2 wrk: n = (port_per_thread = 64511/2)*2 = 64510 + 1025 = 65535
4 wrk: n = (port_per_thread = 64511/4)*4 = 64508 + 1025 = 65533
8 wrk: n = (port_per_thread = 64511/8)*8 = 64504 + 1025 = 65529
...
As seen, with multiple workers there are unused trailing ports for every
nat pool address and that is the reason of out-of-bound index in the
worker array on out2in path due (port - 1024) / port_per_thread math.
This was fixed in 5c9f9968de63fa627b4a72b344df36cdc686d18a, so packets
to unused ports will go to existing worker and dropped there.
Per RFC 6335 https://www.rfc-editor.org/rfc/rfc6335#section-6:
6. Port Number Ranges
o the System Ports, also known as the Well Known Ports, from 0-1023
(assigned by IANA)
o the User Ports, also known as the Registered Ports, from 1024-
49151 (assigned by IANA)
o the Dynamic Ports, also known as the Private or Ephemeral Ports,
from 49152-65535 (never assigned)
According that let's allocate dynamic ports from 1024 and have full port
range with a wide range of the workers number - 64 integer divisors in
total, including pow2 ones:
1 wrk: n = (port_per_thread = 64512/1)*1 = 64512 + 1024 = 65536
2 wrk: n = (port_per_thread = 64512/2)*2 = 64512 + 1024 = 65536
3 wrk: n = (port_per_thread = 64512/3)*3 = 64512 + 1024 = 65536
4 wrk: n = (port_per_thread = 64512/4)*4 = 64512 + 1024 = 65536
5 wrk: n = (port_per_thread = 64512/5)*5 = 64510 + 1024 = 65534
6 wrk: n = (port_per_thread = 64512/6)*6 = 64512 + 1024 = 65536
7 wrk: n = (port_per_thread = 64512/7)*7 = 64512 + 1024 = 65536
8 wrk: n = (port_per_thread = 64512/8)*8 = 64512 + 1024 = 65536
...
Modulo from 5c9f9968de63fa627b4a72b344df36cdc686d18a is still required
when the numbers of workers is not the integer divisor of 64512.
Type: fix
Fixes: 5c9f9968de63fa627b4a72b344df36cdc686d18a
Change-Id: I9edaea07e58ff4888812b0d86cbf41a3784b189e
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
|
|
Type: fix
Signed-off-by: luoyaozu <luoyaozu@foxmail.com>
Change-Id: Ibfebe4da0197d1f60bf9edd3873fe1f776b680a4
|
|
Type: improvement
Change-Id: I371237803e2c3cb0e1b42b94f422867465e2bff6
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
Type: feature
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I4e03f60f34acd7809ddc5a743650bedbb95b2e98
|
|
Type: improvement
Change-Id: I2f3fab893a10b060f91b07ee17b8727d241830ea
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
This patch introduces fast path matching for inbound traffic ipv4.
Fast path uses bihash tables in order to find matching policy. Adding
and removing policies in fast path is much faster than in current
implementation. It is still new feature and further work needs
and can be done in order to improve perfromance.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ifbd5bfecc21b76ddf8363f5dc089d77595196675
|
|
DPO in the new copy was not locked ...
Type: fix
Fixes: 0bfe5d8
Change-Id: I39f1368de459af91c4bb857d98a4b531bd5692a6
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
Free node frames in worker mains on refork. Otherwise these frames are
never returned to free pool and it causes massive memory leaks if
performed under traffic load
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I15cbf024a3f4b4082445fd5e5aaa10bfcf77f363
|
|
Type: improvement
Change-Id: Idf1fb054d5ff495d772d01a79cbc6cd1b409d377
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
When a session is found expired, the next node of in2out fast path
should be in2out slow path instead of out2in slow path.
Type: fix
Signed-off-by: Jing Peng <jing@meter.com>
Change-Id: If1dd920502089c25b33bea5434823b0496a44499
|
|
Type: improvement
Change-Id: I7f52222706200c31a731fadfb84513549ccb532d
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
Type: improvement
Roaming functionality allows the peer address to change. The main thread
was being called to update a peer's address if necessary after
processing a received packet. Check in the worker whether this is
necessary before incurring the overhead of the RPC to the main thread.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I02184b92dc658e0f57dd39993a3b2f9944187b45
|
|
The ability to modify the vlan setting must be checked prior to using
VIRTCHNL_OP_DISABLE_VLAN_STRIPPING_V2 both for inner and outer vlan
stripping
Change-Id: Iffe306c34b81a6077ad6ba5deb3f5b61b5475897
Type: fix
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
Originally initialization cryptodev device(s) calls double request
to enabled async mode and increased ref count twice for async mode.
Due to this cannot be change any assigned async handlers to other
async crypto engine.
The fixes reduce double request to enable async mode in initialization
cryptodev device(s) and VPP can be change assigned async handlers
to other crypto engine after disabled all async feature, for example:
ipsec, wireguard.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If22e682c3c10de781d05c2e09b5420f75be151c3
|
|
test output before fix:
DBGvpp# vrrp proto start sw_if_index 1 vr_id 1
vrrp proto: unknown input `sw_if_index 1 vr_id 1'
DBGvpp# vrrp vr track-if add sw_if_index 1 vr_id 1 track-index 1
priority 30
vrrp vr track-if: Please specify an interface
Type: fix
Signed-off-by: luoyaozu <luoyaozu@foxmail.com>
Change-Id: Ib8ba67e920b23008d9246318ec8f8f17bf0bea95
|
|
client_pathname is usually smaller than pc->caddr.sun_path. snprint()
ensures we stop at the NULL character or sizeof(sun_path) whichever
comes 1st. It also guarantees NULL character termination.
Type: fix
Change-Id: I9fc2a706beab931d50d32d03f7fafca7c6c2fb0b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
cmake MATCHES directive with the empty regex "" always match, including
non-empty strings.
Type: fix
Fixes: 534dfc1f18db74f4a2c78d62fe6893daba56dc86
Change-Id: If085b29da15a6d7fc680cebb823183fd3c7eea68
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
zero-initialize the variables
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I51c3856865eab037f646a0d184e82ecb3b5b3216
|
|
Store mss and sw_if_index to udp_connection_t and display them via
show sessipn verbose 2
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I32928f3f4195b178873dc1bada702e035d99c464
|
|
Zero-initialize a variable.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Iccf2eb4bf26755d6cd93fc70df3c5481d69ce7eb
|
|
Zero-initialize the variable
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I4ee127ac3e2a3beffa11bbc96db1f3254b3f7c5d
|
|
Initialize the session index in case of error to ~0,
so is defined in case trace needs to copy it.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Iddf6df42c09d2abc11e5821944eb4f41692e6e3e
|
|
It may contain garbage in debug builds resulting in wrong
gho detected flags and offsets.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ia79633262185016f527e7dc6c67334cda6f055f2
|
Benoît Ganne
Vladimir Ratnikov
Mauro Sardara
Neale Ranns
Miguel Borges de Freitas
Andrew Yourtchenko
Damjan Marion
Mohammed Hawari
Yacan Liu
Filip Varga
Nathan Skrzypczak
Vladislav Grishenko
Jon Loeliger
Matthew Smith
Mohsin Kazmi
Junfeng Wang
Marvin Liu
luoyaozu
Damjan Marion
Piotr Bronowski
Dmitry Valter
Jing Peng
Gabriel Oginski
Steven Luong