Now UDP encapsulation doesn't work in transport mode because:
- the encrypt node misses filling of UDP header and it gets sent with
all zeros;
- the decrypt node misses filling of new IP header and it contains
garbage data.
With this commit, fill UDP header during encryption and fill IP header
during decryption.
Change-Id: I87a7bd594f0e312b16d3e5eb19e568b4e3164d36
Type: fix
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit 82fc98fa4578dbbfb156effb11dea6a4e2d0b898)
The vector is initialized to 1024 entries which is guaranteed to be
enough, but as its size can shrink between calls, make sure ASan is
aware of the expected size before using it.
Type: fix
Change-Id: I4bcc39867a886b3cb463854d2cda0b32155650e9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 77100efb37f7cb333f9ab55dc206bf1431e3ae50)
When merging proxy groups in igmp_proxy_device_merge_group(), the call
to igmp_proxy_device_merge_src() can end up removing the current proxy
group via igmp_group_clear(). When that happens, it must returns NULL so
that igmp_proxy_device_merge_config() does not send a IGMPv3 report for
a dead proxy group.
Make igmp_group_clear() reset the group pointer to NULL to fix this bug
and to detect similar bugs more easily.
Type: fix
Change-Id: I229e55b5bfa71734d7844893f5209a66fa3cc8ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit bd7f3422bbe38ba87888b765e94b56bfcbb9602c)
If vlib_buffer_clone (...) fails due to a buffer allocation error, update
*n_dispatched with the actual number of clones, not the requested
number of clones.
Punt_replicate(...) should not set *to_next[0] = bi0. The original
buffer is enqueued separately in punt_dispatch_node(...)
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I774ad8f8c1a0633de4cf8ae5530629201c229347
(cherry picked from commit 1adc7e78ad3eb7e800d0ce3ace56f53ab7aebffe)
Along with related static analysis warnings...
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I2c6949c7a2250b8f76a63508c7c210daecfe0f91
(cherry picked from commit 3e07a4a1e843267892dc291a833d93bd70597011)
DPDK recently added a check in the virtio driver to make sure that
rxmode->mq_mode == ETH_MQ_RX_NONE. We were passing ETH_MQ_RX_RSS
and the device initialization was not accepted.
The reason for the change in DPDK was that there is no controls
(algorithm, redirection table, hash function). So they thought ETH_MQ_RX_NONE
was the best choice for the value of mq_mode.
Type: fix
Ticket: VPP-1853
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ifa0fc4206cedc56a851f94f6434a2a7500bbd419
(cherry picked from commit b32436aab9626cb8b7bc4099142135c5c9e19beb)
One actual bugfix.
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Icef25167f97a70cc795c0a481174de319ed79ad5
(cherry picked from commit c35f3e835b4078fedabc1ff5013bc4727f533e16)
This prevents a crash with quic listeners, and enables the display
of udp fifo status.
Change-Id: Ib9f48818ee3e51a3fa43ad8ab175e8aa7750df8f
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
(cherry picked from commit 6eef40bce3f5ae2b06ba75d5b4cf32f168a801e4)
Type: fix
The data populated into an ipsec_tunnel_protect_details message includes
an outbound SA and a list of inbound SAs for a tunnel interface. These
are populated with SA indices. The values used by an API client
to refer to an SA in other messages is the SA id rather than the index.
Use the SA id instead of the index.
Change-Id: Ifaad32801092a7f87bd0dcf19de418d36613f8dd
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 5cee0bca5d0f01d3f26e90dee79780382e843d04)
Type: fix
it was marked MP safe in the CLI (which it shouldn't be) but
it it not marked MP safe on the API.
Change-Id: I4bdea498a510a8b406d13d62a899b6d03656f7e8
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 31d6c738c20d3baa619dbbb08af6125fab32bc08)
If buffer alloc fails, it may happend that rx queue will be stuck
as old code only refills if at least one packet is received.
Type: fix
Change-Id: I388c4f8a9fb2c208bdc222e31b443cbe6b94af82
Signed-off-by: Damjan Marion <damarion@cisco.com>
(cherry picked from commit e7f7190381c66cca6c1c3c77b3d43148818a5a4e)
Turn on gso, turn off both indirect and mrg_rxbuf caused traffic received
and sent with checksum error. The problem is we are not mapping the hdr
correctly in the shared memory address.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I7ef3bc2755544167b0e624365988111b17399e89
(cherry picked from commit b232d192f2f77114e26cf7f99b57bcd6140872d0)
This issue is observed with X520-2 NICs on FD.io lab Taishan server.
After VPP booting up and bringing up the interfaces with command "set
interface state <interface> up", it still shows link down status from
the command "show hardware-interfaces". However, the hardware link
status is actually up. dpdk_process() cannot get the hardware link
status correctly via rte_eth_link_get_nowait().
In ixgbe_dev_link_update_share(), if the media type is fiber and the
link is down, a flag (IXGBE_FLAG_NEED_LINK_CONFIG) is set. A callback to
ixgbe_dev_setup_link_alarm_handler() is scheduled trying to set up the
link and clear the flag afterwards.
If the device is started or stopped before the flag is cleared, the
scheduled callback is canceled. This causes the flag to remain set and
subsequent calls to ixgbe_dev_link_update_share() return without trying
to retrieve the link state because the flag is set.
When the callback is canceled by either interface start or stop
operation, in ixgbe_dev_cancel_link_thread(), after cancelling the
callback/thread, unset the flag on the device to avoid this condition.
Type: fix
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Reviewed-by: Honnappa Nagarahalli <Honnappa.Nagarahalli@arm.com>
Reviewed-by: Jieqiang Wang <Jieqiang.Wang@arm.com>
Change-Id: I04de377dc048307a78a5b7109ebdfaf376d5e029
(cherry picked from commit 1690dcb49527934e83748e7b6db8501b33c3758a)
Right now following configuration leads to crash:
cpu {
corelist-workers 2
workers 2
}
because threads count will be set to 2, but we have only
one core in coremask.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: Ia93b892733971e7c8ddfceaaec5f4eb8bf9063ac
(cherry picked from commit 18a4a371646bccfd299e6a509e801a524aeb4c92)
On SMP architecture, '/sys/bus/pci/devices/<devices id>/numa_node' file
will return -1 as a valid value if it does not have any NUMA node information.
Using -1 as a valid node id to access data structures will cause memory issue.
Fix the error by setting the value of numa_node to 0 if '/sys/bus/pci/devices/
<devices id>/numa_node' returns -1 and it is a SMP system.
Type: fix
Change-Id: Ib60e79c3656fe5b17e08fd9011122683e8b08b6f
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
(cherry picked from commit 76c6159d83c2dfe29f84dc4b05d399cdbbdf2878)
Rather than leaving 2 bytes of junk in the upper word
of a mac address represented as a u64, zero them out.
That way later compairsons stand a chance of matching
when deleting a bridge's arp termination entries.
The volatile qualifier shouldn't be needed here, but
without it the compiler removes the clib_memcpy() at -O2.
Bad compiler. No biscuit.
Type: fix
commit: faf22cb303b65e2a6bf8dad959d7f5ee6d031c4f
Change-Id: Iebcf35fdd421293dccbcaefadef767f7e139438e
Signed-off-by: Jon Loeliger <jdl@netgate.com>
(cherry picked from commit 6a32ce326495bfe48ebef74dfbb8a9c1cf37a530)
The port registry uses host byte order for while the session API
uses network order. In a single place the conversion was missing.
Type: fix
Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com>
Change-Id: Ic8cfe2cb4e0711b3e0614060ff6b4f2fe4ed4391
(cherry picked from commit 49a11cff8e7892858d946d3f93ae19502236c358)
policycoreutils-python is now called python3-policycoreutils on
CentOS 8.
Type: fix
Signed-off-by: Renato Botelho do Couto <renato@netgate.com>
Change-Id: I46264c66a2a719d546e0926f3bd716e986461963
(cherry picked from commit 1d94ab5f1b4557c9e017af7e9da0f821cae1fa72)
This path flag FIB_API_PATH_TYPE_INTERFACE_RX is not copied to the client bin_api.
Type: fix
Change-Id:
Signed-off-by: IJsbrand Wijnands <ice@cisco.com>
Change-Id: I612044d2f564c852f83fceb63ce750a6330e1365
(cherry picked from commit 79437c8dbc707e6f60e7a2425fac15c4153f71b3)
Type: fix
Signed-off-by: Mark Nelson <manelso2@cisco.com>
Change-Id: I4f121e49d3c05c21eed3fed2469bd88fc84e2271
(cherry picked from commit ea2abbaeaf34a4652e970fd1e2f60c0d377ebde4)
VIP prefix index becomes always 0 when adding a VIP which is already registered different port, causing LB config crash.
This change assigns the same VIP prefix index to the same VIP.
Ticket: https://jira.fd.io/browse/VPP-1834
Type: fix
Signed-off-by: Yasuhiro Nakamura <yanakamu@yahoo-corp.jp>
Change-Id: Ib63b3e58db9bd85714d68cd1292aadd0c8580da8
(cherry picked from commit 551775eaaa9c162c73e15690e4d7580935e9a70a)
Without this patch offset for TCP/UDP headers was not calculated
correctly if there is one or more IPv6 extension headers.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I04d6f5e42f8f072987192d6236085afbd74a4420
(cherry picked from commit 7d4cd0cf6f1a94953ef97ab885752424dea6948c)
coverity complains that the subject test may cause dst buffer overrun
problem and it is right. The problem is when __builtin_constant_p (n)
returns true, memcpy_s_inline skips all the errors checking and does the
copy blindly. Please see the code in memcpy_s_inline.
The fix is to skip the subject test when the aformentioned builtin function
returns true.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I50de91cc0c853a134b3bcf3b0cd8d45d7668b092
(cherry picked from commit 2da39718f560478678caacccd198ee4c0c9673c3)