With this commit, forward the translated packet directly to the
specified next-hop if pre-resolve param is enabled in MAP-T.
Type: fix
Change-Id: Ie26080c7820318c7982599577a4af6e4d01a0574
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit f145c15631)
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Add an ALWAYS_ASSERT (...) macro, to (a) shut up coverity, and (b)
check the indicated condition in production images.
As in:
p = hash_get(...);
ALWAYS_ASSERT(p) /* was ASSERT(p) */
elt = pool_elt_at_index(pool, p[0]);
This may not be the best way to handle a specific case, but failure to
check return values at all followed by e.g. a pointer dereference
isn't ok.
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ia97c641cefcfb7ea7d77ea5a55ed4afea0345acb
(cherry picked from commit 47d41ad62c)
Type: fix
this patch fixes mark flow deletion crash issue, see below
test flow add src-ip any proto udp src-port 111 dst-port 222 mark 100
test flow enable index 0 1/1
test flow disable index 0 1/1
test flow enable index 0 1/1
test flow disable index 0 1/1 -> [crash]
This is because the code resets a wrong vector in flow lookup entry
recycle logic. See function dpdk_flow_ops_fn().
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: I2b0a1e531931ab25541d672d88da18dc2289f1ce
(cherry picked from commit cd120f9bbb)
According to the description in the startup.conf, the assignment
of worker threads starts with the lcore following the main_lcore.
A non-zero skip_cores will correctly achieve this assignment.
However, prior to this patch when workers are assigned, the code
picks up and assigns core 0 even thought it shouldn't.
This patch determins if a non-zero number of workers are desired
and if so, marks CPU unavailable for a worker assignment.
Type: fix
Change-Id: I1fdf73a6f218dcbf146fda2efc90c553f7cd6d20
Signed-off-by: Jon Loeliger <jdl@netgate.com>
(cherry picked from commit 4a06846dd6)
L4 checksums for IPv6 should be calculated using a pseudo header that
includes the source/destination addresses, payload length, and payload
protocol.
ip6_tcp_udp_icmp_compute_checksum() was using the payload length and
protocol from the IPv6 header. If there is a hop-by-hop header (or any
other extension header), the payload length used for the pseudo header
should only include the upper layer header and payload and not the
extension header bytes. Same deal with the protocol, the upper layer
next header value should be used instead of the extension header.
Type: fix
Fixes: cb9cadad57
Change-Id: Ifa2c9ad41c0fc4eea674f0671255b637c8e01f71
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 97677a26f7)
Using random addresses can confuse AddressSanitizer
Type: fix
Change-Id: I44368093f899672ac4d511cc5a01ed87c988e63a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit dc90c719bc)
Avoid using vec_del1() for directory vector to keep indexes valid all
the time.
There are state counters for each slave in LACP bond mode which can be
dynamically created and removed. Vector index is used to access these
counters. But also vec_del1() is used to remove counter from vector.
This function changes the index of the last element, so after this we
are unable to access ex-last element using old index.
As a result it is not possible to add-del-add two interfaces to the LACP
bond:
DBGvpp# create bond mode lacp
BondEthernet0
DBGvpp# create packet-generator interface pg1
DBGvpp# create packet-generator interface pg2
DBGvpp# bond add BondEthernet0 pg1
DBGvpp# bond add BondEthernet0 pg2
DBGvpp# bond del pg1
DBGvpp# bond del pg2
DBGvpp# bond add BondEthernet0 pg1
DBGvpp# bond add BondEthernet0 pg2
bond add: /if/lacp/1/3/partner-state is already register
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I2c86e13905eefdef6233369cd4ab5c1b53d123bd
(cherry picked from commit 72e31bc2d9)
Type: fix
Some fiber ports that are managed by the ixgbe PMD have the
possibility to get into a state where link can never be brought up.
This patch should fix it and will be submitted to upstream DPDK.
Change-Id: Ia4d0df2e70d098b2151e513b96e8bd742151e8ce
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 0860b2e193)
Recent modification added a call to vnet_gso_header_offset_parser in the
beginning of vhost_user_handle_tx_offload. The former routine may set tcp or
udp->checksum to 0. While it is appropriate to set it to 0 for the GSO packet,
it is broken and causes checksum error if the aformentiooned routine is called
by a non-GSO packet. The fix is to not call vhost_user_handle_tx_offload
if the buffer does not indicate checksum offload is needed.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I6e699d7a40b7887ff149cd8f77e8f0fa9374ef19
(cherry picked from commit 564e167291)
Prevent malicious packets with spoofed embedded IPv4 addresses
by limiting the IPv6 ingress packets to known MAP-T domains.
Drop spoofed packets.
Add several tests that ensure spoofing isn't allowed.
Type: fix
Fixes: fc7344f9be
Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2
Signed-off-by: Jon Loeliger <jdl@netgate.com>
(cherry picked from commit 65866f03d9)
For ip4 tcp, ip6 tcp, and ip6 udp packet, we set checksum = 0 prior to
computing the checksum. We missed ip4 udp case. This oversight requires all
clients to set udp->checksum = 0 if ip4 udp checksum offload is needed.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic608811e82099f3bec469e123671e9b281f38d76
(cherry picked from commit 03328ec8bb)
The 'tag' parameter is expected to be a NULL-terminated C-string in
callees:
- make sure it is null-terminated in both API and CLI cases
- do not allocate & copy the string into a non-NULL-terminated vector
in API case
- fix leak in CLI case
Type: fix
Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 3b37125bdb)
Call session queue node with the right node runtime instead of the
pre-input node runtime.
Type: fix
Change-Id: I43d20bed4930fc877b187ce7ecdce62034b393c5
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 2d8829cbb5)
Currently if user want to set ip4 address to the api, it must convert to ip6
format, e.g. user want to ip4 "90.1.2.1" but must convert to "::5A01:0201",
it is not acceptable, this fix solved the issue.
Ticket: FDIO-753
Type: fix
Change-Id: I2ffa5a3d38400ee176cf601421074f71fc395f03
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
(cherry picked from commit db43bb6af7)
Fixing compilation issuues for 32-bit also setting init flag for shm based bihash
Type: fix
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Ic2072c5ba7fc77d061ca9f1b844a71f6e22e58b2
(cherry picked from commit f0bae64f6f)
Two modules in vnet include vpp/app/version.h but there is
no explicit build dependency for this generated file. This
leaves a race condition in the build system that the Coverity
build has recently started triggering.
Change-Id: I8e2bb32feeb16e1bdd8efb0d2633cfdba60f51aa
Type: fix
Signed-off-by: Chris Luke <chrisy@flirble.org>
(cherry picked from commit c171d01cdb)
All translated ICMPv6 packets that exceed the minimal IPv6 MTU get
truncated but according to RFC 4443 2.4 only ICMPv6 error messages
(type < 128) need to be truncated.
With this commit, truncate only ICMPv6 error messages.
Type: fix
Change-Id: Ic455352de2ff4ff6aa3421b46a2a54923f2d3f80
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit 180210f99b)
