Fix in nat44 hairpinning code to check if anything was actually
changed in the snat_hairpinning() routine, and return 0 if nothing
changed. This helps avoid an infinite loop repeating the three
nodes nat44-hairpinning-->ip4-lookup-->ip4-local in case there
was no change. Also add a corresponding test case.
This is essentially a cherry-pick of change 30284 but the
automatic cherry-picking did not work because of some filename
changes.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: I21a59ae7423f40abeff9fc0411330da58b3011f0
- The name of the powertools repo was changed [0]
in centos-8 from 'PowerTools' to 'powertools'.
Retrieve the correct name from 'dnf repolist all'
instead of hard coding it.
[0] b759b17557
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Ic1402e671eb1d70dec429bab82ad18d8251f4eef
(cherry picked from commit 1affb31ef528dcbc90b718bd70a9882a4225a385)
A simple counter is a two dimensional array by threads and
counter index. 28017 introduced an error missing the first
dimension.
If a vector is updated at the same time as a client reads,
an invalid pointer my result. This will be caught by the
optimistic locking after copying out the data, but if
following a pointer outside of the stat segment then
the stat client would crash. Add suitable boundary checks
for access to stat memory segment.
Fixes: 7d29e320fb2855a1ddb7a6af09078b8ed636de01
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I94f124ec71d98218c4eda5d124ac5594743d93d6
(cherry picked from commit 65c56c83ce4e58178b5ad90a8f325692c9904381)
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
IPSec punting to IKEv2 is valid only for NAT-T in IPv4.
Fix coverity CID 214915.
Type: fix
Change-Id: I6f2db38abf179565316f50c5d47c78acce3a0d01
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit d9ed0b67866fa6b8a5f449fdb8da8d6aacb5f225)
Type: test
Change-Id: I9c1129a8596344551f3f8f2e029846d22511482e
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit 2008e314537500975acbd666e38d3fa6e7261bf5)
This helps to resolve sporadic failures in unit tests.
Type: fix
Change-Id: I3abd77ed74310f9729a841e8569eafe6d7758dcb
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit 761f8f0eaaf43f38fdd9d160ba19ff833de7d210)
Type: fix
Ticket: VPP-1900
This fixes a crash when initiating IKE connection using interface
without any IP address.
It also ensures that the IKE connection is automatically retried once the
interface obtains an address.
Signed-off-by: jan_cavojsky <Jan.Cavojsky@pantheon.tech>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ia1919c349e64b3a0a4198365e075e177e3ba3de5
(cherry picked from commit 6960da528443ea40b1cdab323c76f978f7b16a8b)
When looking for existing SA connection to clean up search all per
thread data, not only current one.
Type: fix
Change-Id: I59312e08a07ca1f474b6389999e59320c5128e7d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit e7c8396982607634b4c747870499671ffa53868e)
Using vlib_main of another thread is prohibited.
Type: fix
Change-Id: I7ae294dfaf2526738e91408c9b4865ef9f801b8a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 7483a7272d15354486371be7a20c4bf35ab2eb38)
We should not use main thread vlib_main in workers.
Type: fix
Change-Id: I58c0a8cadf2dc7f768b20ac90e7ec7921e2e8ca4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 0a2fde105a5a0c996333d67d2901b4eaedf7cbe1)
dns cache should no longer be unlocked by caller.
Type: fix
Fixes: 84a563ae4050cc0389dcd438fbe9ea882f2b8404
Change-Id: I3708718ae8f00e4e4f4e04381caa0095c8494b82
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 2113c7f28b154df16af3637f67484971759a00a7)
crypto_native/main.h is being built as default,
and crypto_native_main is initialized with a size of 64 bytes.
crypto_native/aes_gcm.c and crypto_native/aes_cbc.c are march
variants, their ICL variants are expecting crypto_native_main
to be 256 bytes.
Type: fix
Signed-off-by: Georgii Tkachuk <georgii.tkachuk@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I4cddb75b712ea83c9cfca621887605d7bae104ec
When removing an interface we must reset all per-interface per-feature
arc data to ensure we do not get wrong feature arc config data when the
sw_if_index is recycled.
Type: fix
Change-Id: I8c9d850d7c62b7b77193da4258ab5fb9bdda85a6
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 6178bdafa6a318d50cc8ad82f07c6c798c7024ef)
NUMA node parsing with vlib_get_thread_core_numa() can failed on single
socket systems. Use clib_get_current_numa_node() instead as we already
pinned the main thread to the requested core.
Type: fix
Change-Id: I22339516d0305689a58584c92ded7c96eb53be39
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 33ce5e568f8b4fb1254bf5ee32865e9443c0185a)
ipsec_{crypto,integ}_alg_t are packed and smaller than u32. Callers are
using those enums so unformat functions should too instead of u32 to
not overflow the stack.
Type: fix
Change-Id: Ifc86366f1928ca6352f06f390a88ac64668289d5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit f6422ffbc82c55f50d06c8c7a2e230db7001ee35)
- fix fifo initialization overflowing chunk size
- stick to the default base virtual address to initialize fifo. ASAN
can be picky about address space
Type: fix
Change-Id: If9a29138d2c207859d72845e928290c808c4a982
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 07b94558087facbb16c0fa82a79fcbbd9b44c485)
Chunks can be allocated from another process. We need to manually
mark them as accessible for ASAN.
Type: fix
Change-Id: Ifbeef3346e9cee2c1231f80cbcf7f9673b5b54be
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit df601ae2d16ed127a9506a7a865484632ee1afe1)
This change mitigates software faults issued by some versions of the
linux kernel vfio-pci driver when VF PCI BARs are used without setting
the memory enable bit in the PCI configuration. This problem is
mentionned in https://lkml.org/lkml/2020/6/25/628
Change-Id: Idc177be4a5adb6ee467b4dd8f055f133ff267fe1
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
(cherry picked from commit 70fc36f26855fb4c7a56c5d1563d541b395f8f5d)
When GSO is enabled, vhost clears the checksum field prior to transmitting
the packet. Some newer kernel version does not like that and complains
about checksum error. This was seen with ip6 traffic.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I7c6f2a6148f4a30107bfa8b078f5990e64300cf1
(cherry picked from commit ac0f5363881fdce2721287bc5c756282166d9991)
