Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: fix
Change-Id: I7bd2696541c8b3824837e187de096fdde19b2c44
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If5300653edd2dad470985f4591959d00cad2a43b
|
|
Nat session is allocated before the port allocation. During port allocation
candidate address+port are set to o2i 6-tuple and tested against the flow hash.
If insertion fails, the port is busy and rejected. When all N attempts are
unsuccessful, "out-of-ports" error is recorded and the session is to be
deleted.
During session deletion o2i and i2o tuples are deleted from the flow hash.
In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers
to **some other** session that's known to be allocated.
By backing match tuple up session should be invalidated well enough not to
collide with any valid one.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
|
|
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I241cefbbce98cf6fef83f36bd87ae2c1f4b067f0
|
|
When application performs SSL_read from the app rx-fifo, it can
pre-allocate multiple segments, but there is an issue if the OpenSSL
manages to partially fill in the first segment, in this case, since
data is assumed to be copied over by OpenSSL to the pre-allocated
segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs
zero copy by passing the pre-allocated segment to SSL_read.
If the decrypted data size is smaller than the pre-allocated fifo
segment buffer size, application will fetch buffers including zero
in the area not filled in by SSL_read.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
|
|
lcp_itf_pair_pool could grew during sub-interface creation.
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: Ideafe392f9bb2b418ce9d6faa4f08dfe26f4a273
|
|
If we match a next table, we must save its index in the trace instead of
the index of the 1st table.
Type: fix
Change-Id: Idd862242e7fc200eb3ab29b17a26131b844af2c0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change to get ad->linux_ifindex in af_xdp_create_if() instead of in
af_xdp_load_program(), previous if did not load custom XDP program,
ad->linux_ifindex will be none, but bpf_xdp_detach() need it, so default
xdp program will be not unloaded when delete af_xdp interface.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: Id8a640204e8d29152f03349a0b58104b275635aa
|
|
Policer API calls were only by policer name. It is now possible to
select a policer by its index.
Some functionalities are also added to allow updating a policer
configuration and to refill its token buckets.
Some dead codes are being removed, and small fixes made.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I4cc8fda0fc7c635a4110da3e757356b150f9b606
|
|
adj_delegate_remove() makes 'ad' invalid, invalidate it only after its
use.
Type: fix
Change-Id: I6908d3dd2962ebd3fdf37e946cb19dae727bda09
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: I12b120d988347cced3df82810e86dc2fd5cfca80
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
We cannot confidently say that if we have received and processed
the handshake_initiation message, then the connection has been established.
Because we also send a response.
The fact that the connection is established can only be considered if a keepalive packet was received.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I61731916071990f28cdebcd1d0e4d302fa1dee15
|
|
The vector size must be increased before setting the element so that
AddressSanitizer can keep track of the accessible memory.
Type: fix
Change-Id: I7b13ce98ff29d98e643f399ec1ecb4681d3cec92
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: Id8ab75ef4384a1029ab7ee84048f347708307830
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
Playing with vector length prevents AddressSanitizer to track accessible
memory. Make sure we update the size of the vector once we received the
data.
Type: fix
Change-Id: If7808254d46d7ab37d516e3de49e3583d07bb9ff
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
socket_tx_buffer is a vector, update its length accordingly so that
AddressSanitizer can keep track of the allowed memory area.
By doing so we can get rid of socket_tx_nbytes which becomes redundant
with the vector length.
Type: fix
Change-Id: Ied7cb430b5dd40d5ed1390aa15bd5f455a0dba62
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: I793206068b8dca15b2f7f525ae1049139333c5b8
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: I0ae4071ee317f38daa882fec17087a55afe75d1d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
This patch allows to pass a tag when specifying
the dpdk `dev { }` interface configuration.
It allows a control plane generating a vpp.conf
file to retreive the resulting mapping between
dpdk interfaces & sw_if_indices in VPP without
having to change the interface name exposed
to the user.
Type: feature
Change-Id: I55907417de0083b82d4a127172816cec3459acf3
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
After creating a peer, we send a handshake request. But it's not quite right
to call wg_send_keepalive() directly.
According to documentation, handshake initiation is sent after (REKEY_TIMEOUT + jitter) ms.
Since it's the first one - we don't need to take REKEY_TIMEOUT into account,
but we still have jitter.
It also makes no sense to immediately send keepalives,
because the connection is not created yet.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I61707e4be79be65abc3396b5f1dbd48ecbf7ba60
|
|
Allow enabling and disabling pcap capture via the API.
A little bug is fixed along the way in
vl_api_classify_pcap_set_table_t_handler.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I096129c82aecdc82bee5dbfb5e19c76a51d80aab
|
|
In libbpf code, xsk_socket__create will call xsk_link_lookup to get the
xdp_sock bpf prog. But xsk_link_lookup can't get any bpf prog. This will
cause Libbpf not to insert the fd into xsks_map and return ERROR.
The solution to this problem is to insert fd into xsks_map ourselves
instead of libbpf.
Type: fix
Change-Id: Ic5d279c6ddc02d67371262d6106a5b53b70e7913
Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>
|
|
Enable codegen for C type from 'rpc A returns B stream C' notation
Type: improvement
Change-Id: I05cfce71c385d414d7b177a080009628bc8c8fad
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
|
|
Don't truncate with vec_set_len bytes before they can be used. When
built with ASAN, it these bytes are poisoned and trigger SIGSEGV when
read.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I912dbbd83822b884f214b3ddcde02e3527848592
|
|
vec_alloc_aligned() pre-allocates the vector memory but does not
update its size, making ASan unhappy when trying to access it.
Type: fix
Change-Id: I80e753cf2458cf516d1180a24cfaca4f382339d5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
In clib_bitmap_set_region and clib_bitmap_set_multiple the index of
the last bit to set was off by 1. If this index was pointing to the
last bit of the bitmap, another uword would have been allocated,
even though it was unnecessary.
Moreover, in clib_bitmap_set_region, bits in the last word were not
properly set. Indeed, the n_bits_left value is wrong since n_bits
is not decreased by the number of already set bits.
Type: fix
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I8d7ef6f47abb9f1f64f38297da2c59509d74dd72
|
|
per https://jira.fd.io/browse/VPP-2058
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ica0828de218d25ada2d0d1491e373c3b78179ac1
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I64283648985c98e81f315da32a451cef6e60f933
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ifb790c25b38b2b1865cda7d95891bddd4195c601
|
|
This patch adds source ip based sticky session, which is already
implemented in many hardware LBs and software LBs. Note that sticky
sessions may be reset if the hash is recalculated as ASs are added
or deleted.
Since this feature is unrelated to the other existing options, the
lb_add_del_vip API version has been upgraded to v2 and a new option
"src_ip_sticky" has been added.
Type: feature
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Change-Id: I3eb3680a28defbc701f28c873933ec2fb54544ab
|
|
In some situations, CMake will find ccache in /usr/bin but /usr/bin
might not present in PATH. The former fix for this was to place the
ccache configuration logic before the project() declaration, but since
CMake 3.4 there is a new variable to be used which handles this case.
For the original problem, see also
https://crascit.com/2016/04/09/using-ccache-with-cmake/
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Ie026e02b2b06e2dca2d62da5fea7b1a104bcc7c3
|
|
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ibd796adea734b64d9209c5e18c5b9800cbaf62c6
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
In function ‘memcpy’,
inlined from ‘clib_memcpy_fast’ at /home/vpp/src/vppinfra/string.h:86:10,
inlined from ‘memcpy_s_inline’ at /home/vpp/src/vppinfra/string.h:157:7,
inlined from ‘vnet_pppoe_add_del_session’ at /home/vpp/src/plugins/pppoe/pppoe.c:356:7:
error: ‘__builtin_memcpy’ offset [0, 5] is out of the bounds [0, 0] [-Werror=array-bounds]
34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cc1: all warnings being treated as errors
Hardware address is zero length vector for PPP, use vec_len instead.
Type: fix
Fixes: 62f9cdd82c52 ("Add PPPoE Plugin")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If9fb409cfbbac77c15559d103987f0130bf30255
|
|
Type: improvement
Signed-off-by: aihua2013 <51931196@qq.com>
Change-Id: I22670f49abfb5d1fd728686fc7d65fb40ea6bda2
|
|
The musl libc does not support closedir(0) resulting in a crash. Only
call closedir() if we successfully opened it.
Type: fix
Change-Id: I3198454f44735501047afc42b94b2fea273212f4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Allow the CLI caller to specify an optional [index <idx>] index,
which will remove the ACL at that index. This mimicks the API behavior,
Add a 'delete acl-plugin acl index <idx>' to mimick the API acl_del
call, which will refuse to delete a non-existent index, as well as
an index that is referenced by an interface.
Type: improvement
Signed-off-by: pim@ipng.nl
Change-Id: I5f240f7a4e3bca14e8122917e8a5186d80094de2
|
|
Change-Id: I7888ab58abced93859ce15d0dbd1c3d7c94a02f5
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
Fixes: 0654242d1ef51566f0d58445a16053cf376e5a6e
|
|
The current implementation of wireguard use dereference value from
pointer, but between get and dereference the value from pointer can be
occur change in pool memory, which means that this pointer can be
invalid. Since current implementation doesn't handle with invalid
pointers, segfault can occur.
The fix add a local variable to keep index of peer from pool and also
handle with null pointers from get pointer from pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ic161ab08266e584493338c682d827ea1fd754b98
|
|
path implementation
In fast path implementation of spd policy lookup opposite convention to
the original implementation has been applied and local ip range has been
interchanged with the remote ip range. This fix addresses this issue.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I0b6cccc80bf52b34524e98cfd1f1d542008bb7d0
|
|
These functions do not need modifiable strings.
It helps with linker sections as well as C++ compatibility.
It is a good style to use const where approriate.
Type: refactor
Signed-off-by: void234@gmail.com
Change-Id: Ib437a01663aa61860c6a938d869ed1111da71ec7
|
|
These functions do not need modifiable strings.
It helps with linker sections as well as C++ compatibility.
It is a good style to use const where approriate.
Type: refactor
Signed-off-by: void234@gmail.com
Change-Id: I8d1e922197b3594122296e8c1af57e0a8ec0bf3d
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I021f8e8bba247b0050d390a37dbc75900dc6a598
|
|
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: I1f757abccd228b9e73f25c96754738c8e6bff259
|
|
Installs the unversioned .so symlink in the -dev component.
This prevent debian lintian error:
link-to-shared-library-in-wrong-package
NAMELINK_COMPONENT was added in cmake 3.12
Type: make
Change-Id: I9d743218fa1f6b677659d745525e399ff66e73f4
Signed-off-by: Nick Brown <nickbroon@gmail.com>
|
|
AF_XDP support is deprecated in libbpf since v0.7.0 [1], the libxdp library
now provides the functionality which once was in libbpf, this commit updates
af_xdp plugin to depend on libxdp, libbpf still remains a dependency even if
libxdp is present, as it need use libbpf APIs for program loading.
libxdp is distributed within xdp-tool [2], xdp-tools package also
include libbpf in it as dependency, so here installed libxdp v1.2.9 and
libbpf v0.8.0, both from xdp-tool-1.2.9 package.
More information about libxdp compatibility can be found in the libxdp
README [3].
In libbpf v0.8.0, The bpf_prog_load function was deprecated and changed to
bpf_object__open_file and bpf_object__next_program and bpf_object__load,
The bpf_get_link_xdp_id and bpf_set_link_xdp_fd functions were deprecated
and changed to bpf_xdp_attach and bpf_xdp_detach, The bpf_object__unload
function was deprecated and changed to bpf_object__close.
[1] https://github.com/libbpf/libbpf/commit/277846bc6c15
[2] https://github.com/xdp-project/xdp-tools/releases/tag/v1.2.9
[3] https://github.com/xdp-project/xdp-tools/blob/master/lib/libxdp/README.org
Type: improvement
Change-Id: Ifbf6e3aa38bc6e0b77561f26311fd11c15ddb47e
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
serialize_get() -> serialize_write_not_inline(...) was losing track of
the current buffer index when it managed to empty the overflow vector
but had to turn around and use it again.
Test-case added to test_serialize.c.
This issue dates from 2010.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I024a03f7a50fd6df543ddbc7c45d85def4f1981d
|
|
Musl is stricter than glibc and has a warning that including fctnl.h and
poll.h should be prefered rather than their sys/ counterparts, which
breaks -Wall setups.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Id101e999371951b0927cc8c4109f8f1536de1bc2
|
|
Type: improvement
Signed-off-by: Josh Dorsey <jdorsey@netgate.com>
Change-Id: Iee43ca9278922fc7396764b88cff1a87bcb28349
|
|
Type: improvement
Change-Id: I30e66370c927afeb62ba3a2b3334bdc2a31d4561
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: Ifea4badd58f7e2b5e792d7506f6747851a08587f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|