summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2020-01-30map: Prevent IPv4 prefix spoofing during IPv6 -> IPv4Jon Loeliger2-2/+279
Prevent malicious packets with spoofed embedded IPv4 addresses by limiting the IPv6 ingress packets to known MAP-T domains. Drop spoofed packets. Add several tests that ensure spoofing isn't allowed. Type: fix Fixes: fc7344f9be Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2020-01-30map: handle ip4 ttl=1 packets in map-tAlexander Chernavin3-10/+20
With this commit, ICMP Time Exceeded is sent to sender when TTL expires at MAP BR. Type: fix Change-Id: I8effe163beab32596883127b819308cc355512c3 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-30crypto-native: don't expand aes-cbc keys twiceDamjan Marion2-11/+7
Type: refactor Change-Id: If0d9ec70f9e8c228c39505864a4a73bf94b67479 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-30bfd: add missing castKlement Sekera1-1/+1
Add missing cast to time conversion function to to deal with arbitrary clocks-per-second values. Type: fix Change-Id: I5075a823e7a95c972c513ac765252337d5f59fbf Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-01-29tests: add map-t fragmentation verificationsAlexander Chernavin1-10/+36
Type: test Change-Id: I5522e88ee178d0563c246895393e835d125f1b81 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-28dhcp: disable extraneous vlib_log spewDave Barach1-9/+12
When there are no dhcp client interfaces configured, it's not useful to make periodic / timeout log entries. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I16b68fe15ad9de789e49ad1b782b3b0e536bad60
2020-01-28session tcp: fix packet tracingFlorin Coras5-13/+15
Type: fix Change-Id: Ib823d016c64998779fb1d00b8aad3acb5e8340be Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-28hsa: proxy rcv wnd update acks after full fifosFlorin Coras1-6/+87
Avoid rcv wnd probing after zero window advertisments by registering for tx dequeue notifications and forcing acks that open the rcv wnd. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8f33e3cf917f8c83d412f370ca66013aa4cd6e67
2020-01-28crypto-native: rename crypto_ia32 to crypto_nativeDamjan Marion8-93/+93
Type: refactor Change-Id: I9f21b3bf669ff913ff50afe5459cf52ff987e701 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-28map: ip4-map-t more RFC compliantVladimir Ratnikov1-8/+20
When MTU is not set, ignore_df and mtu check always returns true and packets are dropped. This patch puts MTU checks after it was compared with 0 and set to maximum if not set. Added trace node. If MTU is less than the total length value of the IPv4 packet plus 20, the translator MUST send an ICMPv4 "Fragmentation Needed" error message to the IPv4 source address Type: fix Fixes: 87663cdf644fb7c94c0fec9460829b7e4e7c35ca Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I35b99bc2648984cdbf5b6a57ddec91c586b15bef
2020-01-27crypto-ia32: add VAES support for AES-CBCDamjan Marion6-50/+250
Type: feature Change-Id: Ic8aa6c48913677537301971469f9627b70c1cec8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-27sr: fix possible null-pointer dereferenceIgnas Bacius2-10/+27
Steps to reproduce VPP crash: 1. configure localsid End behavior 2. ping the localsid address Type: fix Signed-off-by: Ignas Bacius <ignas@noia.network> Change-Id: Id780e0875ec9cdb25252217990919fb3dddbf06a
2020-01-27vppinfra: use CPUID provided base frequency if availableDamjan Marion1-0/+32
Type: fix Change-Id: Ifb007207be97119e07c3a0eba4714eb519de043c Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-27vppinfra: add x86 CPU definitionsDamjan Marion1-0/+8
Type: feature Change-Id: I9d1f9f00ac011a93709850186dcf4cf5ea3bf88a Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-27classify: pcap / packet trace debug CLI bugsDave Barach2-1/+5
"classify filter trace ... " and "classify filter pcap ..." are mutually exclusive. vnet_pcap_dispatch_trace_configure needs to check for set->table_indices == NULL. Type: fix Ticket: VPP-1827 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I43733364087ffb0a43de92e450955033431d559d
2020-01-27interface: Add missing ip4 udp->checksum = 0 prior to computing checksumSteven Luong1-1/+4
For ip4 tcp, ip6 tcp, and ip6 udp packet, we set checksum = 0 prior to computing the checksum. We missed ip4 udp case. This oversight requires all clients to set udp->checksum = 0 if ip4 udp checksum offload is needed. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ic608811e82099f3bec469e123671e9b281f38d76
2020-01-27ipip: Multi-point interfaceNeale Ranns22-143/+522
Type: feature plus fixes for gre Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0eca5f94b8b8ea0fcfb058162cafea4491708db6
2020-01-27tunnel: Common types for IP tunnelsNeale Ranns21-233/+324
Type: refactor Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I18dcdb7af3e327f6cacdbcb1e52b89f13d6ba6e2
2020-01-27map: api: fix tag overflow and leakBenoît Ganne2-4/+6
The 'tag' parameter is expected to be a NULL-terminated C-string in callees: - make sure it is null-terminated in both API and CLI cases - do not allocate & copy the string into a non-NULL-terminated vector in API case - fix leak in CLI case Type: fix Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-01-27bfd: reset peer discriminator on timeoutKlement Sekera1-0/+13
More RFC compliance. Ticket: VPP-1816 BFD: peer discriminator not reset on timeout Type: fix Change-Id: I68063c18097d282b3527e3fb485c1d0d1fd1b0c8 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-01-27fib: Reload the adj after possible realloc (VPP-1822)Neale Ranns1-0/+1
Type: fix Fixes: 418b225931634f6d113d2971cb9550837d69929d Change-Id: Ia5f4ea24188c4f3de87e06a7fd07b40bcb47cfc1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-27devices: vhost: fix data offset on inputBenoît Ganne1-11/+1
Regardless of whether the virtio_net_hdr is sent as a separate descriptors or in the same descriptor as the data, we always want to skip the header length - maybe moving to the next descriptor along the way. Type: fix Change-Id: Iaa70aeb310e589639b20f8c7029aaa8d3ce5d307 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-01-27docs nat: fix nat-ha ascii artPaul Vinciguerra1-0/+2
See: https://docs.fd.io/vpp/19.08/nat_ha_doc.html Type: docs Change-Id: I43ecf1dfb6976ebafee04d820f0e1b07393a0b93 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-01-24session: fix node runtime in pre-input queue handlerFlorin Coras1-0/+1
Call session queue node with the right node runtime instead of the pre-input node runtime. Type: fix Change-Id: I43d20bed4930fc877b187ce7ecdce62034b393c5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-24nat: in2out-output nodes work with acl reflectMatthew Smith2-2/+107
Type: feature The current feature ordering of NAT44 nodes with respect to the ACL plugin's IPv4 input/output features is: ip4-output: acl-plugin-out-ip4-fa runs before any NAT44 nodes ip4-unicast: acl-plugin-in-ip4-fa runs before any NAT44 nodes ACL rules with action permit+reflect can keep track of outbound flows and allow the replies inbound without an explicit inbound rule. If ACL permit+reflect rules are configured on an interface that also has NAT44 configured with output-feature/postrouting translation of outbound packets, the ACL rules cannot allow inbound packets. The ACL state that was stored on the outbound flow contains the IP addresses of the original packet, prior to translation. The inbound packets are being evaluated by the ACL node using the translated addresses. The order of processing inbound needs to be the opposite of what it was outbound for this to work. Change the NAT44 features on ip4-output so that they run before outbound ACL nodes. This matches the existing behavior of the NAT44 nodes which rewrite source addresses as an input feature instead of an output feature. This was only done for endpoint dependent mode because the regular endpoint independent in2out-output node currently selects an explicit next node rather than using the next node on the feature arc. Unit test added to configure both NAT and an ACL and ensure that out2in packets matching an in2out flow are permitted by the ACL and translated by NAT. Change-Id: Ibd679c28b64c3fc3cc8c0606ea93123e384e839f Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-01-23vcl: always report EPOLLHUP/EPOLLRDHUP on closeFlorin Coras1-4/+0
Type: fix Change-Id: I3d24a7973c7113ffeb9109e89cda7fa960e73a5b Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-23vcl session: udp session migration notificationsFlorin Coras4-1/+70
Type: feature Change-Id: I402549818ba6e078802e914293304174dc6625c2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-23srv6-mobile: fix the converity issueTetsuya Murakami1-26/+21
Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I358a290f4ac121f075f7ee52941beabe478bfba0
2020-01-23api: mark api_trace_command_fn thread-safeDave Barach1-1/+20
Binary API trace replay with multiple worker threads depends in many cases on worker thread graph replica maintenance. If we (implicitly) assert a worker thread barrier at the debug CLI level, all graph replica changes are deferred until the replay operation completes. If an interface is deleted, the wheels may fall off. Type: fix Ticket: VPP-1824 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I9b07d43f8501caa5519e5ff9ae4c19dc2661cc84
2020-01-22ipsec: re-enable DPDK IPSec for tunnel decap/encap (VPP-1823)Neale Ranns7-14/+55
Type: fix Change-Id: Iff9b1960b122f7d326efc37770b4ae3e81eb3122 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-22fib: Adjacency realloc during rewrite update walk (VPP-1822)Neale Ranns1-4/+4
Type: fix Change-Id: I0e826284c50713d322ee7943d87fd3363cfbdfbc Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-22hsa: proxy app fixesFlorin Coras1-33/+15
Type: fix Change-Id: Icb4b331c9346d3781f4ddd6f62891c78d4059c1f Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-22fib: FIB crash removing labelled route (VPP-1818)Neale Ranns1-7/+12
Type: fix The crash occured trying to retreive a NULL path list to walk the path extensions. A walk shoul not be required, because there should be no extensins, since all paths are removed. The problem is that when the paths were added, they were not sorted, hence neither were the extensions and when they were updated, duplicate extensions were added, and hence a path removal did not remove them all. Fix is to make sure paths are sorted. Change-Id: I069d937de8e7bc8aae3d92f588db4daff727d863 Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 257749c40946a9269140d322e374d74c3b6eefb8)
2020-01-22nsim: enable output scheduling on main threadDave Wallace2-2/+29
Type: fix Change-Id: I5d47cb9bc7eb7f3c8485e3b42f0701e81d87ba2a Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2020-01-21nat: fix dhcp client on outside interface with output featureAlexander Chernavin2-18/+18
There was an attempt to fix this problem in the commit: d3b8c861a44e70c197ab721fa3ce7f38bbeab7fd But checking the LOCALLY_ORIGINATED flag didn't work because this flag gets reset before it can reach the NAT nodes. With this commit, replace the check for the LOCALLY_ORIGINATED flag with a check to see if the packet is a DHCP broadcast. Type: fix Change-Id: I069c08a785b5988b10192f528e4f9c4c7cc2f8a3 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-21nat: removed obsolete fragmentation codeFilip Varga1-84/+16
Type: fix Ticket: VPP-1817 Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: Id4d694ce636b0a213e65ce27c32a8150df9af0f8
2020-01-20classify: fix pcap filter set initFlorin Coras1-4/+2
Type: fix Change-Id: I6a48a6c14bfb84b3460e8211021bc9df6e915dba Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-17lb: fix that lb_add_del_vip and lb_add_del_as api doesn't work correctlyYulong Pei4-12/+18
Currently if user want to set ip4 address to the api, it must convert to ip6 format, e.g. user want to ip4 "90.1.2.1" but must convert to "::5A01:0201", it is not acceptable, this fix solved the issue. Ticket: FDIO-753 Type: fix Change-Id: I2ffa5a3d38400ee176cf601421074f71fc395f03 Signed-off-by: Yulong Pei <yulong.pei@intel.com>
2020-01-17nat: refactor of port/address allocation functionsFilip Varga8-15/+429
Change-Id: Ie2a3c0f44322dd8415603b7ce51bb72d72769c95 Ticket: VPP-1815 Type: refactor Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-01-16sr: some fixes for SRv6 CLI/APIAhmed Abdelsalam2-4/+19
Return FIB table_id instead of vrf_index to clients Type: fix Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Change-Id: I76a97bad3ecd3ac8eb045efb1657eaa90c2a57b6
2020-01-16misc: binary-api sw_interface_vhost_user_dump is brokenSteven Luong2-0/+2
Recent modificaton to vhost_user APIs for typing which added a sw_if_index filter to the API sw_interface_vhost_user_dump with the default value -1 to mean all interfaces. But the default is not set from api_format.c, causing the binary-api command for sw_interface_vhost_user_dump to display nothing. Also missing is the proper display on custom dump for the aformentioned API. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I05546e2318165af7531977fbed66ea7224c4a7ce
2020-01-16gso: fix typo in the quad-loopSteven Luong1-3/+3
Fix minor typo in the quad-loop for swif which may actually causes problem if swif0 != swif1 or swif2 or swif3. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ib81f323479c7ecbd28d84956cffbc20b1072d2c2
2020-01-16tcp: fix rxt delivered without sacksFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I69c245cb0e3f6d599a3270a485fa0a5845cde8eb
2020-01-16vcl: add rx event on epoll ctl if neededFlorin Coras2-2/+18
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib6d0387076a4bb0b52e4cdfdcd62b6060b704fe6
2020-01-16udp: fix ipv6 listen port registrationFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7f2233eb9bf3d81a697f76ba985083cf1040e2e9
2020-01-16tcp: fix listen node coverity warningFlorin Coras1-11/+12
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5ec3ec4f46d3840c2b3c3005f093b5dddefc289
2020-01-16vppinfra: fixing compilation issues in 32-bitVijayabhaskar Katamreddy1-2/+3
Fixing compilation issuues for 32-bit also setting init flag for shm based bihash Type: fix Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: Ic2072c5ba7fc77d061ca9f1b844a71f6e22e58b2
2020-01-15build: Add missing version.h dependency in vnetChris Luke1-1/+1
Two modules in vnet include vpp/app/version.h but there is no explicit build dependency for this generated file. This leaves a race condition in the build system that the Coverity build has recently started triggering. Change-Id: I8e2bb32feeb16e1bdd8efb0d2633cfdba60f51aa Type: fix Signed-off-by: Chris Luke <chrisy@flirble.org>
2020-01-15ip: align reass.save_rewrite_lengthv20.05-rc0Klement Sekera3-20/+13
By aligning vnet_buffer_opaque.ip.save_rewrite_length and vnet_buffer_opaque.ip.reass.save_rewrite_length we prevent shallow virtual reassembly code from overwrite save_rewrite_length, allowing other features down the pipe to rely on this value. A static assert is added to guard this alignment. Type: fix Fixes: f126e746fc01c75bc99329d10ce9127b26b23814 Change-Id: Ie7c7f3abc2a221bbcf2830c0f006a4368088b342 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-01-15build: install vpp_echo for CSIT QUIC perf testsDave Wallace1-1/+0
Type: make Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Iddfcce1f662efe63c5a6788a0a604917b1c9d81e