For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
dpdk 22.03 introduces iavf driver but misses rx vector path on Arm.
This causes VF fail to receive packet when running VPP device test
with no-multi-seg configuration.
Add iavf basic Neon RX support to fix this.
Type: fix
Fixes: 2f132efc3caf ("dpdk: bump to DPDK v22.03")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I75ae74c8060428cee0e1c235feab1246c014801e
Type: improvement
When packets were received and processed successfully, increment the
byte/packet counters for the tunnel interface.
Change-Id: I42855607ac6916de641be42aac86c9942cc97140
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 42928beec9f4dc87dcf61332a39801a454c1d7bc)
The flow_report_process_send() function always allocates a frame.
However, when no template_send is needed, template_bi is ~0.
When this happens, no vectors are placed in the frame. When
the frame is then "put", a check for n_vectors == 0 prevents
the frame from actually being placed back on the free list.
Fix that by using a direct call to vlib_frame_free() when
there are no frame vctors.
Type: fix
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I936b5cea4cb3c358247c3d2e1a77d034a322ea76
(cherry picked from commit eaa83c0439c13b76525224267c23d0cf52a6668b)
Type: fix
A packet passing through nat44-ei-in2out-output,
has its ttl value validated in earlier nodes.
"ip4-input" node checks ttl for locally generated packets.
"ip4-rewrite" node validates ttl in forwarded packets.
Thus for example, the ED counterpart disables ttl checks
in its "nat44-ed-in2out-output" node.
This patch updates nat44 EI conditions for ttl checks to
those currently used in nat44 ED case, meaning no extra ttl
validation for in2out when output-feature is enabled.
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: Idd15d7c9a746b60c0a6dac5537d00ef10c257fdc
(cherry picked from commit d1ca70c7e11dac7b9fff802ca5f1d9051c984c34)
if when the rx_fifo grows, svm_fifo_enqueue() return -4,
stream_data->app_rx_data_len += rlen type conversion occurs,
Finally,stream->recvstate.data_off calculation is wrong.
Type:fix
Signed-off-by: fanxb <fxb_mail@163.com>
Change-Id: Iae11f0c453f32d836f4148d70e3b121545a53a90
(cherry picked from commit 5b4b4c05ff06b866b90b0df9b2be2ed28e606f16)
This patch makes the `make docs` directive incremental
avoiding re-running the siphon when the source hasn't
changed, and leveraging sphinx internal cache.
It adds a `make rebuild-docs` directive for cases where
this caching logic might break, e.g. in CI.
The virtualenv doesn't also get recreated on each build,
which might be enough when writing docs, provided
automated process leverage its rebuild counterpart.
Type: improvement
Change-Id: Ie90de3adebeed017b249cad81c6c160719f71e8d
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Serveral IPSec SPD cases re-use the same test class name,
leads to test error when do parrallel test with TEST_JOBS=16,
change the test class names to unique values.
Type: fix
Fixes: 7cd35f5d688d9e3bddf66602655274dae944b086
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Ia5768654ddb6274531222761cc82b226d97325a9
When running tests via run.sh, default setting of None would cause
failed directory symlink to appear in vpp workspace with an ugly name.
This patch places the symlink in temporary directory.
Type: fix
Fixes: b23ffd7ef216463c35b75c831e6a27e58971f4ec
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Ic1715eba7ac1f82f71855e2aeb9b659d27bbb3af
Add generic flow type and rss action type to vapi. It is to support
creating generic flow rule via vapi.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ifeaa007679487e02bd2903dc591d80a1caba33bc
Type: fix
reset the memory trace if mem trace is turned on
Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com>
Change-Id: Ib99355b9ed42ff66c720bbea5cbbf03c65820d12
C enum values by default start from 0.
All unassigned names should get value as value of previous name plus one.
The problem was that default value was 0 and adding one for the first
value would make generated api files start from 1 instead of 0.
Type: fix
Change-Id: I772d6411435648de3ec514f57025ef1acae87338
Signed-off-by: Filip Varga <fivarga@cisco.com>
Type: fix
Correct vnet_hw_interface_t flags update on link state changes.
Currently incomplete set of flags is applied on each change,
only flags related to the most recent change are being set correct.
E.g. setting the link up would erase the duplex part of the flags.
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: I5b95e1c0eaea0c283b108dbf7f809682ec9064eb
Type: fix
Don't set link speed for tap interface when link speed is unknown
Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
Change-Id: Ia97277b3bf7c958fa665e4ead8d0e48f02921e69
Type: fix
pool_is_free_index() check is performed only for the first element
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Icadc715a9b54761ec69805a134a69a262137536d
Type: fix
Custom node functionality is missing in v6, so bringing in similar to v4 functionality into ip6 as well
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I28b0be2fc55a00bfc0b456b1caaa1dcf5641a44e
single struct to hold all api handler, flags, etc.
Provide functions to toggle flags instead of writing directly to
internal data.
Type: refactor
Change-Id: I4730d7290e57489de8eda34a72211527e015b721
Signed-off-by: Damjan Marion <damarion@cisco.com>
Type: fix
Pace the main thread activity for reassembly timeouts, to avoid barrier syncs
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: If8c62a05c7d28bfa6ac530c2cd5124834b4e8a70
A node name is not bound to a node index. For example, if an interface
is deleted and re-added, the indexes of its nodes "<itfc_name>-tx"
and "<itfc_name>-output" may change. Thus, when the collector updates
the nodes stats, it should first delete all the symlinks for nodes that
have changed their names before adding new symlinks. Otherwise, it
could attempt to add already existing symlinks or delete valid ones.
Example of a series of command that triggers a crash in the assert
`ASSERT (node_data[i].symlinks[j] != CLIB_U32_MAX);`:
```
create loopback interface
create loopback interface
```
Wait for the nodes stats to update, then:
```
delete loopback interface intfc loop0
delete loopback interface intfc loop1
create loopback interface
create loopback interface
```
Type: fix
Change-Id: Ief8e7135e5c02dc6bc64dc94b76cff21ea9ab3a9
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Type: fix
Adding stats from debugging point of view
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I3118d3fd5d630fad80a42ab960e30459789123cf
Type: fix
as number of reass contexts increasing based on workers, increasing the number of nbuckets for bihash
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I83d061a709ecb8845ce745b18d03fdefc795787f
Type: fix
There were several places where mbps were converted to kbps for
link_speed, but often drivers of devices set link speed to unknown
(0xFFFFFFFF) on initialization, so there was multiplication of
link_speed equal 0xFFFFFFFF(UINT32_MAX) by 1000, this provides
overflow of unsigned int, and as result link_speed was equal
4295 Gbps, but actually link_speed is unknown.
Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
Change-Id: Ib462ed6ed685654af4687041e115bfb74e640f13
The statement
pw0->pending_clear_sw_if_index_bitmap =
clib_bitmap_dup (pw0->serviced_sw_if_index_bitmap);
will cause pw0->pending_clear_sw_if_index_bitmap's previous
vector to be gone. Need to free it prior to calling clib_bitmap_dup()
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I20de780e73daea7be17efa0bf660af2592cd4680
Type: improvement
With this change:
- add dump/details messages to obtain interfaces for which IPFIX flow
record generation is enabled;
- add get message to obtain parameters;
- add a new message to set parameters with validation present and to
correspond with get/set naming;
- add tests for get/set parameters and dump/details interfaces.
Change-Id: I09f6ec990171ac8bcb9d2f5c92629803b8ab6c28
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
This fixes long standing annoyance that CLIs with optional args cannot
be executed from file, as they cannot distinguish between valid optional
args and next line in the file.
Multiline statements can be provided simply by using backslash before \n.
Also comments are supported - everything after # is ignored up to the
end of the line.
Example:
# multiline cli using backslash
show version \
verbose # end of line comment
packet-generator new { \
name x \
limit 5 \
# comment inside cmultiline cli \
size 128-128 \
interface local0 \
node null-node \
data { \
incrementing 30 \
} \
}
Type: fix
Change-Id: Ia6d588169bae14e6e3f18effe94820d05ace1dbf
Signed-off-by: Damjan Marion <damarion@cisco.com>
When the driver's max_rx_pktlen is >= 65536, max_supported_frame_size
overflows and queue creation fails.
Change-Id: If78707cb698adf8619ec44a852dd05d570917577
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
Type: fix
*Buffer leaks and corruptions during internal errors, either overriding
or missing to add the buffer to the list
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I6c2406cff53a741e800e2d05593696f3e9fd6ff5
Type: feature
Currently, the plugin supports only IPFIX flow record generation for
outbound packets.
With this change:
- add a new API message for enabling the feature on an interface that
accepts direction (rx, tx, both);
- update existing debug command for feature enabling to accept
direction;
- update existing debug command for showing currently enabled feature
on interfaces to display direction;
- update templates to include a direction field;
- generate flow records on the specified direction and data path;
- report direction in flow data;
- update tests to use the new API;
- add tests for inbound flows.
Change-Id: I121fd904b38408641036ebeea848df7a4e5e0b30
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
