For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
We should not install symlinks to local build directory.
Type: fix
Change-Id: I81e624dd5775ec9c5dd8c58f578ee51c5acfef73
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 521a9f8eb9)
- VOM was deprecated in VPP 21.06, but the boost library
dependencies did not get cleaned up.
Type: make
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I0fb860a7a37676c1a1a0981c91f383882d9a820a
(cherry picked from commit bfcd239682)
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Type: fix
This patch fixes the missing symbol of dpdk_plugin.so when
creating symmetric key. The solution is to add dependency
of libssl to dpdk cryptodev and disable cryptodev engine
when libssl is not presented.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I30aa6e3e3af1faefa82883bad613e1d82235a2ec
(cherry picked from commit 3f3da0d27d)
When recycling a debug CLI process node, unix_cli_file_add() needs to
delete and recreate the related node_by_name hash table entry.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I635da4918509d5b22eae37627c2d9b3608380ca6
(cherry picked from commit 52c33d60bc)
TCP and (D)TLS clean up half-opens on main without a lock/barrier so
cleanup initiated from first worker, e.g., cut-throughs, can corrupt the
session pool.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2e5162831c0e201b22454f17fe55bfac44b85fa9
(cherry picked from commit 6bd54caf46)
The path pool can expand during in fib_path_attached_next_hop_get_adj()
when calling adj_nbr_add_or_lock(). If dpo points to a path->fp_dpo, its
reference becomes stale.
Use a temporary copy instead.
Type: fix
Change-Id: Ie966cb5f3f7b416425964dca12f1f586bfc2010c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit e9d7b0982d)
The adj can be deleted during fib_walk_sync(), make sure it can happen
only after clearing the SYNC_WALK_ACTIVE flag.
Type: fix
Change-Id: I68be00e9602e2783d9dced71c51547c38b7e8a00
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 9f10edbb46)
When both chained and non-chained buffers are processed in the same
vector, make sure the non-chained buffers are processed as non-chained
crypto ops.
Type: fix
Change-Id: I19fc02c25a0d5e2e8a1342e2b88bbae3fe92862f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit e631ece4aa)
Test added to the unittest plugin / test_vlib.py
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I73445e57918347c102ff6f5e8c9ddb9bd96f1407
(cherry picked from commit 4de5f9be88)
Only try once and return what was found.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I50b1d26babf1b7431d36f6b7472a1fb01475bb35
(cherry picked from commit 2336831806)
- return VPPCOM_EEXIST if attempting to re-add a session
- return VPPCOM_ENOENT if the session to be removed is not epolled
- generate EPOLLIN if adding it through a mod operation on a session
that has data and did not have the event previously set.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I728a06b8cf84af8d8c1dea7406e284de8886dffc
(cherry picked from commit 2645f68985)
ninja: error: '/home/vpp/src/vpp-api/vapi/fake.api.json',
needed by 'CMakeFiles/vpp-api/vapi/fake.api.vapi.h',
missing and no known rule to make it
Recent fake.api.json has been moved from test/ to src/,
update make wipe to reflect the movement.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I1e8ef414a3f8a2fce11767e0778fe21e14d54e6f
(cherry picked from commit 0b65213475)
snat_set_frame_queue_nelts has been replaced with
nat44_ed_set_frame_queue_nelts.
Type: fix
Signed-off-by: Ruslan Babayev <ruslan@babayev.com>
Change-Id: I8d970be71376fdbb2bfd383d4d5824a8def93bb3
Fix an issue where multiple VPP instances with DPDK starting at the
same time would not initialize VFs properly. This is done by using the
iavf PMD (where the issue can't be reproduced) instead of the i40evf
PMD.
Type: fix
Ticket: VPP-1943
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
Change-Id: I444bd24722f81faec836478851e7cc3c72143227
Added syslogs
Added support for symlinks
Relocated make commands in a local Makefile
Dumping stats on index instead of paths
Updated README
Added go.mod and go.sum with relevant dependencies for the module
Type: fix
Change-Id: I2c91317939b2f4d765771ab7038372ae27d3109d
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
(cherry picked from commit 9cfbd3b786)
Unless a software interface is actually unnumbered, do not set
ip[46]_main.lookup_main.if_address_pool_index_by_sw_if_index [sw_if_index]
to ~0
Fixes this scenario:
loop create
set int state loop0 up
create sub-interface loop0 1
set interface ip addr loop0.1 192.168.1.1/24
delete sub-interface loop0.1
set int ip addr loop0 192.168.1.1/24
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I46141d862fa57d70b93d7bb0c105403708165264
(cherry picked from commit 64d20e76b9)
