For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
We should not install symlinks to local build directory.
Type: fix
Change-Id: I81e624dd5775ec9c5dd8c58f578ee51c5acfef73
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 521a9f8eb9d35d2d8783175b89821c6a157237ca)
- VOM was deprecated in VPP 21.06, but the boost library
dependencies did not get cleaned up.
Type: make
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I0fb860a7a37676c1a1a0981c91f383882d9a820a
(cherry picked from commit bfcd23968246086b5b884f7df1e78adb1a059724)
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Type: fix
This patch fixes the missing symbol of dpdk_plugin.so when
creating symmetric key. The solution is to add dependency
of libssl to dpdk cryptodev and disable cryptodev engine
when libssl is not presented.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I30aa6e3e3af1faefa82883bad613e1d82235a2ec
(cherry picked from commit 3f3da0d27dcf83808f2691205b891a42ac2b4679)
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Ie5c197f6ec0d41d5e405b22662701d83ad94d29e
(cherry picked from commit c9ae8cfaccd75fbc2dc27bdebccdbd14fc0cb60c)
When recycling a debug CLI process node, unix_cli_file_add() needs to
delete and recreate the related node_by_name hash table entry.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I635da4918509d5b22eae37627c2d9b3608380ca6
(cherry picked from commit 52c33d60bc63626d400067e38ab0af312fdb8594)
TCP and (D)TLS clean up half-opens on main without a lock/barrier so
cleanup initiated from first worker, e.g., cut-throughs, can corrupt the
session pool.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2e5162831c0e201b22454f17fe55bfac44b85fa9
(cherry picked from commit 6bd54caf46aaa68dddbae6161688d428ce60550b)
The path pool can expand during in fib_path_attached_next_hop_get_adj()
when calling adj_nbr_add_or_lock(). If dpo points to a path->fp_dpo, its
reference becomes stale.
Use a temporary copy instead.
Type: fix
Change-Id: Ie966cb5f3f7b416425964dca12f1f586bfc2010c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit e9d7b0982d7bd189097260b6581abff472da251a)
The adj can be deleted during fib_walk_sync(), make sure it can happen
only after clearing the SYNC_WALK_ACTIVE flag.
Type: fix
Change-Id: I68be00e9602e2783d9dced71c51547c38b7e8a00
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 9f10edbb46dc1937ed99469a581723cb1ac1ff45)
When both chained and non-chained buffers are processed in the same
vector, make sure the non-chained buffers are processed as non-chained
crypto ops.
Type: fix
Change-Id: I19fc02c25a0d5e2e8a1342e2b88bbae3fe92862f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit e631ece4aa32b33651ed458200ab551ffb8fbb47)
Test added to the unittest plugin / test_vlib.py
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I73445e57918347c102ff6f5e8c9ddb9bd96f1407
(cherry picked from commit 4de5f9be88857197ddf17e3bff66318f78f4b6bb)
Only try once and return what was found.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I50b1d26babf1b7431d36f6b7472a1fb01475bb35
(cherry picked from commit 233683180638d1c7f517b713722cbbeb3b4be86e)
- return VPPCOM_EEXIST if attempting to re-add a session
- return VPPCOM_ENOENT if the session to be removed is not epolled
- generate EPOLLIN if adding it through a mod operation on a session
that has data and did not have the event previously set.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I728a06b8cf84af8d8c1dea7406e284de8886dffc
(cherry picked from commit 2645f68985df4955fd8a161224595dad9f4ab488)
ninja: error: '/home/vpp/src/vpp-api/vapi/fake.api.json',
needed by 'CMakeFiles/vpp-api/vapi/fake.api.vapi.h',
missing and no known rule to make it
Recent fake.api.json has been moved from test/ to src/,
update make wipe to reflect the movement.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I1e8ef414a3f8a2fce11767e0778fe21e14d54e6f
(cherry picked from commit 0b652134752890fd987152005ed378a9520d2c68)
snat_set_frame_queue_nelts has been replaced with
nat44_ed_set_frame_queue_nelts.
Type: fix
Signed-off-by: Ruslan Babayev <ruslan@babayev.com>
Change-Id: I8d970be71376fdbb2bfd383d4d5824a8def93bb3
Fix an issue where multiple VPP instances with DPDK starting at the
same time would not initialize VFs properly. This is done by using the
iavf PMD (where the issue can't be reproduced) instead of the i40evf
PMD.
Type: fix
Ticket: VPP-1943
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
Change-Id: I444bd24722f81faec836478851e7cc3c72143227
Added syslogs
Added support for symlinks
Relocated make commands in a local Makefile
Dumping stats on index instead of paths
Updated README
Added go.mod and go.sum with relevant dependencies for the module
Type: fix
Change-Id: I2c91317939b2f4d765771ab7038372ae27d3109d
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
(cherry picked from commit 9cfbd3b7869db3ca5131c6fd0c0f77b787fa4312)
Unless a software interface is actually unnumbered, do not set
ip[46]_main.lookup_main.if_address_pool_index_by_sw_if_index [sw_if_index]
to ~0
Fixes this scenario:
loop create
set int state loop0 up
create sub-interface loop0 1
set interface ip addr loop0.1 192.168.1.1/24
delete sub-interface loop0.1
set int ip addr loop0 192.168.1.1/24
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I46141d862fa57d70b93d7bb0c105403708165264
(cherry picked from commit 64d20e76b9108c9158b2b538cd2312d740f48103)
