ipsec: fix AES CBC IV generation (CVE-2022-46397)

For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.

Fixes: VPP-2037
Type: fix

Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>

.gitignore

@@ -99,6 +99,7 @@ GTAGS
 
 # Build files in the test directory
 /test/*.ok
+/test/ext/.d
 
 # vppctl command list
 /src/scripts/vppctl-cmd-list

.gitreview

@@ -2,3 +2,4 @@
 host=gerrit.fd.io
 port=29418
 project=vpp
+defaultbranch=stable/1908

INFO.yaml

@@ -34,65 +34,70 @@ repositories:
     - 'vpp'
 committers:
     - <<: *vpp_ptl
-    - name: 'Keith Burns'
-      company: 'gmail'
-      email: 'alagalah@gmail.com'
-      id: 'alagalah'
-      timezone: ''
-    - name: 'Chris Luke'
-      company: 'comcast'
-      email: 'chris_luke@comcast.com'
-      id: 'chrisluke'
-      timezone: ''
     - name: 'Dave Barach'
-      company: 'barachs'
+      company: 'cisco'
       email: 'openvpp@barachs.net'
       id: 'dbarach'
       timezone: ''
-    - name: 'Damjan Marion'
-      company: 'cisco'
-      email: 'damarion@cisco.com'
-      id: 'dmarion'
-      timezone: ''
-    - name: 'Dave Wallace'
-      company: 'gmail'
-      email: 'dwallacelf@gmail.com'
-      id: 'dwallacelf'
-      timezone: ''
     - name: 'Florin Coras'
-      company: 'gmail'
+      company: 'cisco'
       email: 'florin.coras@gmail.com'
       id: 'florin.coras'
       timezone: ''
-    - name: 'Ed Warnicke'
-      company: 'gmail'
-      email: 'hagbard@gmail.com'
-      id: 'hagbard'
+    - name: 'Benoit Ganne'
+      company: 'cisco'
+      email: 'bganne@cisco.com'
+      id: 'bganne'
       timezone: ''
     - name: 'John Lo'
       company: 'cisco'
       email: 'loj@cisco.com'
       id: 'lojohn'
       timezone: ''
-    - name: 'Marco Varlese'
-      company: 'suse'
-      email: 'marco.varlese@suse.de'
-      id: 'marco.varlese'
+    - name: 'Chris Luke'
+      company: 'comcast'
+      email: 'chris_luke@comcast.com'
+      id: 'chrisluke'
+      timezone: ''
+    - name: 'Damjan Marion'
+      company: 'cisco'
+      email: 'damarion@cisco.com'
+      id: 'dmarion'
       timezone: ''
     - name: 'Neale Ranns'
       company: 'cisco'
       email: 'nranns@cisco.com'
       id: 'nranns'
       timezone: ''
+    - name: 'Matthew Smith'
+      company: 'netgate'
+      email: 'mgsmith@netgate.com'
+      id: 'mgsmith'
+      timezone: ''
     - name: 'Ole Trøan'
       company: 'employees'
       email: 'otroan@employees.org'
       id: 'otroan'
       timezone: ''
-    - name: 'Sergio Gonzalez Monroy'
-      company: 'outlook'
-      email: 'sergio.gonzalez.monroy@outlook.com'
-      id: 'smonroy'
+    - name: 'Paul Vinciguerra'
+      company: 'vinciconsulting'
+      email: 'pvinci@vinciconsulting.com'
+      id: 'pvinci'
+      timezone: ''
+    - name: 'Dave Wallace'
+      company: 'gmail'
+      email: 'dwallacelf@gmail.com'
+      id: 'dwallacelf'
+      timezone: ''
+    - name: 'Ed Warnicke'
+      company: 'gmail'
+      email: 'hagbard@gmail.com'
+      id: 'hagbard'
+      timezone: ''
+    - name: 'Andrew Yourtchenko'
+      company: 'cisco'
+      email: 'ayourtch@cisco.com'
+      id: 'ayourtch'
       timezone: ''
 tsc:
     # yamllint disable rule:line-length

MAINTAINERS

@@ -49,6 +49,11 @@ I:	vppinfra
 M:	Dave Barach <dave@barachs.net>
 F:	src/vppinfra/
 
+Physical Memory Allocator
+I:	pmalloc
+M:	Damjan Marion <damarion@cisco.com>
+F:	src/vppinfra/pmalloc.[ch]
+
 Vector Library
 I:	vlib
 M:	Dave Barach <dave@barachs.net>
@@ -62,6 +67,13 @@ M:	Damjan Marion <damarion@cisco.com>
 M:	Dave Barach <dave@barachs.net>
 F:	src/vlib/buffer*.[ch]
 
+Vector Library - PCI
+I:      pci
+M:      Damjan Marion <damarion@cisco.com>
+F:      src/vlib/pci/
+F:      src/vlib/linux/pci.[ch]
+F:      src/vlib/linux/vfio.[ch]
+
 Binary API Libraries
 I:	api
 M:	Dave Barach <dave@barachs.net>
@@ -73,6 +85,11 @@ I:	bfd
 M:	Klement Sekera <ksekera@cisco.com>
 F:	src/vnet/bfd/
 
+VNET Classifier
+I:	classify
+M:	Dave Barach <dave@barachs.net>
+F:	src/vnet/classify
+
 VNET Device Drivers
 I:	devices
 M:	Damjan Marion <damarion@cisco.com>
@@ -86,9 +103,10 @@ M:	Mohsin Kazmi <sykazmi@cisco.com>
 F:	src/vnet/devices/tap/
 
 VNET Native Virtio Drivers
-I:      virtio
-M:      Mohsin Kazmi <sykazmi@cisco.com>
-F:      src/vnet/devices/virtio/
+I:	virtio
+M:	Mohsin Kazmi <sykazmi@cisco.com>
+M:	Damjan Marion <damarion@cisco.com>
+F:	src/vnet/devices/virtio/
 
 VNET Etherent
 I:	ethernet
@@ -111,11 +129,17 @@ F:	src/vnet/mfib/
 F:	src/vnet/dpo
 F:	src/vnet/adj
 
-VNET IPv4 and IPv6 LPM
+VNET IPv4 LPM
 I:	ip
 M:	Dave Barach <dave@barachs.net>
 F:	src/vnet/ip/
 
+VNET IPv6 LPM
+I:	ip6
+M:	Neale Ranns <nranns@cisco.com>
+M:	Jon Loeliger <jdl@netgate.com>
+F:	src/vnet/ip/
+
 VNET QoS
 I:	qos
 M:	Neale Ranns <nranns@cisco.com>
@@ -258,11 +282,26 @@ I:	syslog
 M:	Matus Fabian <matfabia@cisco.com>
 F:	src/vnet/syslog
 
+VNET GENEVE
+I:      geneve
+M:      N/A
+F:      src/vnet/geneve/
+
+VNET FLOW
+I:	flow
+M:	Damjan Marion <damarion@cisco.com>
+F:	src/vnet/flow/
+
 Plugin - Access Control List (ACL) Based Forwarding
 I:	abf
 M:	Neale Ranns <nranns@cisco.com>
 F:	src/plugins/abf/
 
+Plugin - Simple DNS name resolver
+I:	dns
+M:	Dave Barach <dave@barachs.net>
+F:	src/plugins/dns/
+
 Plugin - Group Based Policy (GBP)
 I:	gbp
 M:	Neale Ranns <nranns@cisco.com>
@@ -300,6 +339,11 @@ Y:	src/plugins/flowprobe/FEATURE.yaml
 M:	Ole Troan <otroan@employees.org>
 F:	src/plugins/flowprobe/
 
+Plugin - http_static
+I:	http_static
+M:	Dave Barach <dbarach@cisco.com>
+F:	src/plugins/http_static/
+
 Plugin - Group Based Policy (GBP)
 I:	gbp
 M:	Neale Ranns <nranns@cisco.com>
@@ -346,6 +390,11 @@ I:	pppoe
 M:	Hongjun Ni <hongjun.ni@intel.com>
 F:	src/plugins/pppoe/
 
+Plugin - Ping
+I:	ping
+M:	Andrew Yourtchenko <ayourtch@gmail.com>
+F:	src/plugins/ping
+
 Plugin - IPv6 Segment Routing Dynamic Proxy
 I:	srv6-ad
 M:	Francois Clad <fclad@cisco.com>
@@ -389,6 +438,17 @@ I:	nsim
 M:	Dave Barach <dave@barachs.net>
 F:	src/plugins/nsim/
 
+Plugin - Simple DNS name resolver
+I:	dns
+M:	Dave Barach <dave@barachs.net>
+F:	src/plugins/dns/
+
+Plugin - Unit Tests
+I:      unittest
+M:      Dave Barach <dave@barachs.net>
+M:      Florin Coras <fcoras@cisco.com
+F:      src/plugins/unittest/
+
 Test Infrastructure
 I:	tests
 M:	Klement Sekera <ksekera@cisco.com>
@@ -435,6 +495,11 @@ I:	vppapigen
 M:	Ole Troan <otroan@employees.org>
 F:	src/tools/vppapigen/
 
+API trace tool
+I:	vppapitrace
+M:	Ole Troan <otroan@employees.org>
+F:	src/tools/vppapitrace/
+
 Binary API Compiler for C and C++
 I:	vapi
 M:	Ole Troan <ot@cisco.com>
@@ -487,13 +552,21 @@ F:	src/plugins/hs_apps/
 Python binding for the VPP API
 I:	papi
 M:	Ole Troan <ot@cisco.com>
-M:	Paul Vinciguerra <pvinci@vinciconsulting.com>
 F:	src/vpp-api/python
 
+IPv6 Connection Tracker
+I:      ct6
+M:      Dave Barach <dave@barachs.net>
+F:      src/plugins/ct6
+
 Plugin - SCTP
 I:	sctp
 F:	src/plugins/sctp/
 
+IOAM
+I:      ioam
+F:      src/plugins/ioam
+
 THE REST
 I:	misc
 C:	Contact vpp-dev Mailing List <vpp-dev@fd.io>

Makefile

@@ -20,6 +20,7 @@ SAMPLE_PLUGIN?=no
 STARTUP_DIR?=$(PWD)
 MACHINE=$(shell uname -m)
 SUDO?=sudo
+DPDK_CONFIG?=no-pci
 
 ,:=,
 define disable_plugins
@@ -101,7 +102,7 @@ else
 	RPM_DEPENDS += yum-utils
 	RPM_DEPENDS += openssl-devel
 	RPM_DEPENDS += python-devel python36-ply
-	RPM_DEPENDS += python36-devel python36-pip
+	RPM_DEPENDS += python3-devel python3-pip
 	RPM_DEPENDS += python-virtualenv python36-jsonschema
 	RPM_DEPENDS += devtoolset-7
 	RPM_DEPENDS += cmake3
@@ -111,6 +112,11 @@ endif
 # +ganglia-devel if building the ganglia plugin
 
 RPM_DEPENDS += chrpath libffi-devel rpm-build
+
+RPM_DEPENDS_DEBUG  = glibc-debuginfo e2fsprogs-debuginfo
+RPM_DEPENDS_DEBUG += krb5-debuginfo openssl-debuginfo
+RPM_DEPENDS_DEBUG += zlib-debuginfo nss-softokn-debuginfo
+RPM_DEPENDS_DEBUG += yum-plugin-auto-update-debug-info
 # lowercase- replace spaces with dashes.
 SUSE_NAME= $(shell grep '^NAME=' /etc/os-release | cut -f2- -d= | sed -e 's/\"//g' | sed -e 's/ /-/' | awk '{print tolower($$0)}')
 SUSE_ID= $(shell grep '^VERSION_ID=' /etc/os-release | cut -f2- -d= | sed -e 's/\"//g' | cut -d' ' -f2)
@@ -178,57 +184,57 @@ endef
 
 help:
 	@echo "Make Targets:"
-	@echo " install-dep         - install software dependencies"
-	@echo " wipe                - wipe all products of debug build "
-	@echo " wipe-release        - wipe all products of release build "
-	@echo " build               - build debug binaries"
-	@echo " build-release       - build release binaries"
-	@echo " build-coverity      - build coverity artifacts"
-	@echo " rebuild             - wipe and build debug binares"
-	@echo " rebuild-release     - wipe and build release binares"
-	@echo " run                 - run debug binary"
-	@echo " run-release         - run release binary"
-	@echo " debug               - run debug binary with debugger"
-	@echo " debug-release       - run release binary with debugger"
-	@echo " test                - build and run (basic) functional tests"
-	@echo " test-debug          - build and run (basic) functional tests (debug build)"
-	@echo " test-all            - build and run (all) functional tests"
-	@echo " test-all-debug      - build and run (all) functional tests (debug build)"
-	@echo " test-gcov           - build and run functional tests (gcov build)"
-	@echo " test-shell          - enter shell with test environment"
-	@echo " test-shell-debug    - enter shell with test environment (debug build)"
-	@echo " test-wipe           - wipe files generated by unit tests"
-	@echo " retest              - run functional tests"
-	@echo " retest-debug        - run functional tests (debug build)"
-	@echo " test-help           - show help on test framework"
-	@echo " run-vat             - run vpp-api-test tool"
-	@echo " pkg-deb             - build DEB packages"
-	@echo " pkg-deb-debug       - build DEB debug packages"
-	@echo " vom-pkg-deb         - build vom DEB packages"
-	@echo " vom-pkg-deb-debug   - build vom DEB debug packages"
-	@echo " pkg-rpm             - build RPM packages"
-	@echo " install-ext-deps    - install external development dependencies"
-	@echo " ctags               - (re)generate ctags database"
-	@echo " gtags               - (re)generate gtags database"
-	@echo " cscope              - (re)generate cscope database"
-	@echo " checkstyle          - check coding style"
-	@echo " fixstyle            - fix coding style"
-	@echo " doxygen             - (re)generate documentation"
-	@echo " bootstrap-doxygen   - setup Doxygen dependencies"
-	@echo " wipe-doxygen        - wipe all generated documentation"
-	@echo " checkfeaturelist    - check FEATURE.yaml according to schema"
-	@echo " featurelist         - dump feature list in markdown"
-	@echo " json-api-files      - (re)-generate json api files"
+	@echo " install-dep          - install software dependencies"
+	@echo " wipe                 - wipe all products of debug build "
+	@echo " wipe-release         - wipe all products of release build "
+	@echo " build                - build debug binaries"
+	@echo " build-release        - build release binaries"
+	@echo " build-coverity       - build coverity artifacts"
+	@echo " rebuild              - wipe and build debug binares"
+	@echo " rebuild-release      - wipe and build release binares"
+	@echo " run                  - run debug binary"
+	@echo " run-release          - run release binary"
+	@echo " debug                - run debug binary with debugger"
+	@echo " debug-release        - run release binary with debugger"
+	@echo " test                 - build and run (basic) functional tests"
+	@echo " test-debug           - build and run (basic) functional tests (debug build)"
+	@echo " test-all             - build and run functional and extended tests"
+	@echo " test-all-debug       - build and run functional and extended tests (debug build)"
+	@echo " test-gcov            - build and run functional tests (gcov build)"
+	@echo " test-shell           - enter shell with test environment"
+	@echo " test-shell-debug     - enter shell with test environment (debug build)"
+	@echo " test-wipe            - wipe files generated by unit tests"
+	@echo " retest               - run functional tests"
+	@echo " retest-debug         - run functional tests (debug build)"
+	@echo " test-help            - show help on test framework"
+	@echo " run-vat              - run vpp-api-test tool"
+	@echo " pkg-deb              - build DEB packages"
+	@echo " pkg-deb-debug        - build DEB debug packages"
+	@echo " vom-pkg-deb          - build vom DEB packages"
+	@echo " vom-pkg-deb-debug    - build vom DEB debug packages"
+	@echo " pkg-rpm              - build RPM packages"
+	@echo " install-ext-deps     - install external development dependencies"
+	@echo " ctags                - (re)generate ctags database"
+	@echo " gtags                - (re)generate gtags database"
+	@echo " cscope               - (re)generate cscope database"
+	@echo " checkstyle           - check coding style"
+	@echo " fixstyle             - fix coding style"
+	@echo " doxygen              - (re)generate documentation"
+	@echo " bootstrap-doxygen    - setup Doxygen dependencies"
+	@echo " wipe-doxygen         - wipe all generated documentation"
+	@echo " checkfeaturelist     - check FEATURE.yaml according to schema"
+	@echo " featurelist          - dump feature list in markdown"
+	@echo " json-api-files       - (re)-generate json api files"
 	@echo " json-api-files-debug - (re)-generate json api files for debug target"
 	@echo " docs                 - Build the Sphinx documentation"
-	@echo " docs-venv         - Build the virtual environment for the Sphinx docs"
-	@echo " docs-clean        - Remove the generated files from the Sphinx docs"
-	@echo " test-doc            - generate documentation for test framework"
-	@echo " test-wipe-doc       - wipe documentation for test framework"
-	@echo " test-cov            - generate code coverage report for test framework"
-	@echo " test-wipe-cov       - wipe code coverage report for test framework"
-	@echo " test-checkstyle     - check PEP8 compliance for test framework"
-	@echo " test-refresh-deps   - refresh the Python dependencies for the tests"
+	@echo " docs-venv            - Build the virtual environment for the Sphinx docs"
+	@echo " docs-clean           - Remove the generated files from the Sphinx docs"
+	@echo " test-doc             - generate documentation for test framework"
+	@echo " test-wipe-doc        - wipe documentation for test framework"
+	@echo " test-cov             - generate code coverage report for test framework"
+	@echo " test-wipe-cov        - wipe code coverage report for test framework"
+	@echo " test-checkstyle      - check PEP8 compliance for test framework"
+	@echo " test-refresh-deps    - refresh the Python dependencies for the tests"
 	@echo ""
 	@echo "Make Arguments:"
 	@echo " V=[0|1]                  - set build verbosity level"
@@ -308,7 +314,7 @@ else ifeq ($(OS_ID),centos)
 	@sudo -E yum install $(CONFIRM) centos-release-scl-rh epel-release
 	@sudo -E yum groupinstall $(CONFIRM) $(RPM_DEPENDS_GROUPS)
 	@sudo -E yum install $(CONFIRM) $(RPM_DEPENDS)
-	@sudo -E debuginfo-install $(CONFIRM) glibc openssl-libs mbedtls-devel zlib
+	@sudo -E yum install $(CONFIRM) --enablerepo=base-debuginfo $(RPM_DEPENDS_DEBUG)
 else ifeq ($(OS_ID),fedora)
 	@sudo -E dnf groupinstall $(CONFIRM) $(RPM_DEPENDS_GROUPS)
 	@sudo -E dnf install $(CONFIRM) $(RPM_DEPENDS)

build-data/packages/vpp.mk

@@ -25,8 +25,7 @@ vpp_cmake_prefix_path := $(subst $() $(),;,$(vpp_cmake_prefix_path))
 
 vpp_cmake_args ?=
 vpp_cmake_args += -DCMAKE_INSTALL_PREFIX:PATH=$(PACKAGE_INSTALL_DIR)
-vpp_cmake_args += -DCMAKE_C_FLAGS="$($(TAG)_TAG_CFLAGS)"
-vpp_cmake_args += -DCMAKE_LINKER_FLAGS="$($(TAG)_TAG_LDFLAGS)"
+vpp_cmake_args += -DCMAKE_BUILD_TYPE="$($(TAG)_TAG_BUILD_TYPE)"
 vpp_cmake_args += -DCMAKE_PREFIX_PATH:PATH="$(vpp_cmake_prefix_path)"
 ifeq ("$(V)","1")
 vpp_cmake_args += -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON
@@ -42,12 +41,16 @@ ifneq ($(wildcard /opt/rh/devtoolset-7/enable),)
 vpp_cmake_args += -DCMAKE_PROGRAM_PATH:PATH="/opt/rh/devtoolset-7/root/bin"
 endif
 
+ifneq ($(VPP_EXTRA_CMAKE_ARGS),)
+vpp_cmake_args += $(VPP_EXTRA_CMAKE_ARGS)
+endif
+
 vpp_configure_depend += external-install
 vpp_configure = \
   cd $(PACKAGE_BUILD_DIR) && \
   $(CMAKE) -G Ninja $(vpp_cmake_args) $(call find_source_fn,$(PACKAGE_SOURCE))
 #vpp_make_args = --no-print-directory
-vpp_build = $(CMAKE) --build $(PACKAGE_BUILD_DIR)
+vpp_build = $(CMAKE) --build $(PACKAGE_BUILD_DIR) -- $(MAKE_PARALLEL_FLAGS)
 vpp_install = $(CMAKE) --build $(PACKAGE_BUILD_DIR) -- install | grep -v 'Set runtime path'
 
 vpp-package-deb: vpp-install

build-data/platforms/vpp.mk

@@ -22,29 +22,8 @@ endif
 
 vpp_root_packages = vpp vom
 
-vpp_common_cflags = \
-	-g \
-	-DFORTIFY_SOURCE=2 \
-	-fstack-protector \
-	-fPIC \
-	-Wall \
-	-Werror \
-	-fno-common
-
-vpp_debug_TAG_CFLAGS = -O0 -DCLIB_DEBUG $(vpp_common_cflags)
-vpp_debug_TAG_CXXFLAGS = -O0 -DCLIB_DEBUG $(vpp_common_cflags)
-vpp_debug_TAG_LDFLAGS = -O0 -DCLIB_DEBUG $(vpp_common_cflags)
-
-vpp_TAG_CFLAGS = -O2 $(vpp_common_cflags)
-vpp_TAG_CXXFLAGS = -O2 $(vpp_common_cflags)
-vpp_TAG_LDFLAGS = -O2 $(vpp_common_cflags) -pie
-
-vpp_clang_TAG_CFLAGS = -O2 $(vpp_common_cflags)
-vpp_clang_TAG_CXXFLAGS = -O2 $(vpp_common_cflags)
-vpp_clang_TAG_LDFLAGS = -O2 $(vpp_common_cflags)
-
-vpp_gcov_TAG_CFLAGS = -g -O0 -DCLIB_DEBUG -DCLIB_GCOV -fPIC -Werror -fprofile-arcs -ftest-coverage
-vpp_gcov_TAG_LDFLAGS = -g -O0 -DCLIB_DEBUG -DCLIB_GCOV -fPIC -Werror -coverage
-
-vpp_coverity_TAG_CFLAGS = -g -O2 -fPIC -Werror -D__COVERITY__
-vpp_coverity_TAG_LDFLAGS = -g -O2 -fPIC -Werror -D__COVERITY__
+vpp_debug_TAG_BUILD_TYPE = debug
+vpp_TAG_BUILD_TYPE = release
+vpp_clang_TAG_BUILD_TYPE = release
+vpp_gcov_TAG_BUILD_TYPE = gcov
+vpp_coverity_TAG_BUILD_TYPE = coverity

build-root/Makefile

@@ -190,7 +190,7 @@ ARCH_TARGET_tmp = $(call ifdef_fn,$(ARCH)_target,$(ARCH)-$(OS))
 TARGET = $(call ifdef_fn,$(PLATFORM)_target,$(ARCH_TARGET_tmp))
 TARGET_PREFIX = $(if $(not_native),$(TARGET)-,)
 
-# CPU microarchitecture detection. 
+# CPU microarchitecture detection.
 # Either set <platform>_march in build-data/platforms/<platform>.mk,
 # or detect and use the build-host instruction set
 
@@ -236,7 +236,7 @@ PACKAGE = $*
 # Build/install tags.  This lets you have different CFLAGS/CPPFLAGS/LDFLAGS
 # for e.g. debug versus optimized compiles.  Each tag has its own set of build/install
 # areas.
-TAG = 
+TAG =
 TAG_PREFIX = $(if $(TAG),$(TAG)-)
 
 # yes you need the space
@@ -309,8 +309,8 @@ endif
 
 # Always prefer our own tools to those installed on system.
 # Note: ccache-bin must be before tool bin.
-# 
-# Removed LD_LIBRARY_PATH from BUILD_ENV (drb, 10/31/17):  
+#
+# Removed LD_LIBRARY_PATH from BUILD_ENV (drb, 10/31/17):
 # export LD_LIBRARY_PATH=$(TOOL_INSTALL_DIR)/lib64:$(TOOL_INSTALL_DIR)/lib
 #   Reported to cause trouble. Only of historical interest, since we no longer
 #   build a full tool chain from source.
@@ -617,7 +617,7 @@ check_platform =								\
 	     try make PLATFORM=$(PLATFORM) install-tools) ;			\
     exit 1 ;									\
   fi
-    
+
 configure_check_timestamp =						\
   @$(BUILD_ENV) ;							\
   $(check_platform) ;							\
@@ -653,12 +653,10 @@ configure_check_timestamp =						\
 # NB: GNU Make 4.2 will let us use '$(file </proc/cpuinfo)' to both test
 # for file presence and content; for now this will have to do.
 ifndef MAKE_PARALLEL_JOBS
-MAKE_PARALLEL_JOBS = -j $(if $(shell [ -f /proc/cpuinfo ] && head /proc/cpuinfo), \
+MAKE_PARALLEL_JOBS = $(if $(shell [ -f /proc/cpuinfo ] && head /proc/cpuinfo), \
 	$(shell grep -c ^processor /proc/cpuinfo), 2)
-else
-MAKE_PARALLEL_JOBS := -j $(MAKE_PARALLEL_JOBS)
 endif
-MAKE_PARALLEL_FLAGS ?= $(if $($(PACKAGE)_make_parallel_fails),,$(MAKE_PARALLEL_JOBS))
+MAKE_PARALLEL_FLAGS ?= $(if $($(PACKAGE)_make_parallel_fails),,-j $(MAKE_PARALLEL_JOBS))
 
 # Make command shorthand for packages & tools.
 PACKAGE_MAKE =					\
@@ -805,7 +803,7 @@ pull-all:
 	make PLATFORM=$(PLATFORM) $(patsubst %,%-pull-all,$(ROOT_PACKAGES))
 
 .PHONY: %-diff
-%-diff:									
+%-diff:
 	@$(BUILD_ENV) ;							\
 	d=$(call find_source_fn,$(PACKAGE_SOURCE)) ;			\
 	$(call build_msg_fn,Git diff $(PACKAGE)) ;			\
@@ -814,12 +812,12 @@ pull-all:
         else								\
 	 $(call build_msg_fn, $(PACKAGE) not a git directory) ;		\
 	fi
-            
+
 
 
 # generate diffs for everything in source path
 .PHONY: diff-all
-diff-all:								
+diff-all:
 	@$(BUILD_ENV) ;							\
 	$(call build_msg_fn,Generate diffs) ;				\
 	for r in $(ABSOLUTE_SOURCE_PATH); do				\
@@ -917,7 +915,7 @@ basic_system_image_install =				\
   mkdir -p bin lib mnt proc root sbin sys tmp etc ;	\
   mkdir -p usr usr/{bin,sbin} usr/lib ;			\
   mkdir -p var var/{lib,lock,log,run,tmp} ;		\
-  mkdir -p var/lock/subsys var/lib/urandom 
+  mkdir -p var/lock/subsys var/lib/urandom
 
 .PHONY: basic_system-image_install
 basic_system-image_install: # linuxrc-install
@@ -927,7 +925,7 @@ basic_system-image_install: # linuxrc-install
 ROOT_PACKAGES = $(if $($(PLATFORM)_root_packages),$($(PLATFORM)_root_packages),$(default_root_packages))
 
 .PHONY: install-packages
-install-packages: $(patsubst %,%-find-source,$(ROOT_PACKAGES))	
+install-packages: $(patsubst %,%-find-source,$(ROOT_PACKAGES))
 	@$(BUILD_ENV) ;							        \
 	set -eu$(BUILD_DEBUG) ;							\
 	d=$(MU_BUILD_ROOT_DIR)/packages-$(PLATFORM) ;				\
@@ -949,7 +947,7 @@ install-packages: $(patsubst %,%-find-source,$(ROOT_PACKAGES))
 		    >& /dev/null ;						\
 	else									\
 	    $(call build_msg_fn, NOT stripping symbols) ;			\
-	fi 
+	fi
 
 # readonly root squashfs image
 # Note: $(call build_msg_fn) does not seem to work inside of fakeroot so we use echo
@@ -1089,7 +1087,7 @@ ccache-install:
 	$(MAKE) -C $(MU_BUILD_ROOT_DIR)	ccache-build
 	mkdir -p $(TOOL_INSTALL_DIR)/ccache-bin
 	ln -sf $(MU_BUILD_ROOT_DIR)/build-tool-native/ccache/ccache \
-		$(TOOL_INSTALL_DIR)/ccache-bin/$(TARGET_PREFIX)gcc 
+		$(TOOL_INSTALL_DIR)/ccache-bin/$(TARGET_PREFIX)gcc
 
 TOOL_MAKE = $(MAKE) is_build_tool=yes
 
@@ -1153,7 +1151,4 @@ distclean:
 	rm -rf $(MU_BUILD_ROOT_DIR)/*.deb
 	rm -rf $(MU_BUILD_ROOT_DIR)/*.rpm
 	rm -rf $(MU_BUILD_ROOT_DIR)/*.changes
-	rm -rf $(MU_BUILD_ROOT_DIR)/python
-	if [ -e /usr/bin/dh ];then (cd $(MU_BUILD_ROOT_DIR)/deb/;debian/rules clean); fi
-	rm -f $(MU_BUILD_ROOT_DIR)/deb/debian/*.install
-	rm -f $(MU_BUILD_ROOT_DIR)/deb/debian/changelog
+	rm -rf $(MU_BUILD_ROOT_DIR)/*.buildinfo

build-root/platforms.mk

@@ -35,7 +35,7 @@
 #
 
 # Platform selects e.g. Linux config file
-PLATFORM = native
+PLATFORM = vpp
 
 native_arch = native
 

build/external/packages/dpdk.mk

@@ -155,7 +155,8 @@ endif
 endif
 endif
 
-DPDK_EXTRA_CFLAGS += -L$(I)/lib -I$(I)/include
+DPDK_EXTRA_CFLAGS += -I$(I)/include
+DPDK_EXTRA_LDFLAGS += -L$(I)/lib
 
 # assemble DPDK make arguments
 DPDK_MAKE_ARGS := -C $(DPDK_SOURCE) -j $(JOBS) \
@@ -289,6 +290,7 @@ dpdk-config: $(B)/.dpdk-config.ok
 
 $(B)/.dpdk-build.ok: dpdk-config $(DPDK_BUILD_DEPS)
 	@if [ ! -e $(B)/.dpdk-config.ok ] ; then echo 'Please run "make config" first' && false ; fi
+	@rm -f $(B)/.*.install.ok #deals with build-root/Makefile line 709
 	@make $(DPDK_MAKE_ARGS) install
 	@touch $@
 

build/external/patches/dpdk_19.05/001-net-i40e-fix-TSO-pkt-exceeds-allowed-buf-size-issue.patch

@@ -0,0 +1,99 @@
+From: Xiaoyun Li <xiaoyun.li@intel.com>
+To: qi.z.zhang@intel.com, beilei.xing@intel.com,
+	ciara.loftus@intel.com, dev@dpdk.org
+Cc: Xiaoyun Li <xiaoyun.li@intel.com>, stable@dpdk.org
+Subject: [dpdk-stable] [PATCH v3] net/i40e: fix TSO pkt exceeds allowed buf size issue
+Date: Thu, 26 Dec 2019 14:45:44 +0800
+Message-ID: <20191226064544.48322-1-xiaoyun.li@intel.com> (raw)
+In-Reply-To: <20191223025547.88798-1-xiaoyun.li@intel.com>
+
+Hardware limits that max buffer size per tx descriptor should be
+(16K-1)B. So when TSO enabled, the mbuf data size may exceed the
+limit and cause malicious behavior to the NIC. This patch fixes
+this issue by using more tx descs for this kind of large buffer.
+
+Fixes: 4861cde46116 ("i40e: new poll mode driver")
+Cc: stable@dpdk.org
+
+Signed-off-by: Xiaoyun Li <xiaoyun.li@intel.com>
+---
+v3:
+ * Reused the existing macros to define I40E_MAX_DATA_PER_TXD
+v2:
+ * Each pkt can have several segments so the needed tx descs should sum
+ * all segments up.
+---
+ drivers/net/i40e/i40e_rxtx.c | 45 +++++++++++++++++++++++++++++++++++-
+ 1 file changed, 44 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/i40e/i40e_rxtx.c b/drivers/net/i40e/i40e_rxtx.c
+index 17dc8c78f..bbdba39b3 100644
+--- a/drivers/net/i40e/i40e_rxtx.c
++++ b/drivers/net/i40e/i40e_rxtx.c
+@@ -989,6 +989,24 @@ i40e_set_tso_ctx(struct rte_mbuf *mbuf, union i40e_tx_offload tx_offload)
+ 	return ctx_desc;
+ }
+ 
++/* HW requires that Tx buffer size ranges from 1B up to (16K-1)B. */
++#define I40E_MAX_DATA_PER_TXD \
++	(I40E_TXD_QW1_TX_BUF_SZ_MASK >> I40E_TXD_QW1_TX_BUF_SZ_SHIFT)
++/* Calculate the number of TX descriptors needed for each pkt */
++static inline uint16_t
++i40e_calc_pkt_desc(struct rte_mbuf *tx_pkt)
++{
++	struct rte_mbuf *txd = tx_pkt;
++	uint16_t count = 0;
++
++	while (txd != NULL) {
++		count += DIV_ROUND_UP(txd->data_len, I40E_MAX_DATA_PER_TXD);
++		txd = txd->next;
++	}
++
++	return count;
++}
++
+ uint16_t
+ i40e_xmit_pkts(void *tx_queue, struct rte_mbuf **tx_pkts, uint16_t nb_pkts)
+ {
+@@ -1046,8 +1064,15 @@ i40e_xmit_pkts(void *tx_queue, struct rte_mbuf **tx_pkts, uint16_t nb_pkts)
+ 		 * The number of descriptors that must be allocated for
+ 		 * a packet equals to the number of the segments of that
+ 		 * packet plus 1 context descriptor if needed.
++		 * Recalculate the needed tx descs when TSO enabled in case
++		 * the mbuf data size exceeds max data size that hw allows
++		 * per tx desc.
+ 		 */
+-		nb_used = (uint16_t)(tx_pkt->nb_segs + nb_ctx);
++		if (ol_flags & PKT_TX_TCP_SEG)
++			nb_used = (uint16_t)(i40e_calc_pkt_desc(tx_pkt) +
++					     nb_ctx);
++		else
++			nb_used = (uint16_t)(tx_pkt->nb_segs + nb_ctx);
+ 		tx_last = (uint16_t)(tx_id + nb_used - 1);
+ 
+ 		/* Circular ring */
+@@ -1160,6 +1185,24 @@ i40e_xmit_pkts(void *tx_queue, struct rte_mbuf **tx_pkts, uint16_t nb_pkts)
+ 			slen = m_seg->data_len;
+ 			buf_dma_addr = rte_mbuf_data_iova(m_seg);
+ 
++			while ((ol_flags & PKT_TX_TCP_SEG) &&
++				unlikely(slen > I40E_MAX_DATA_PER_TXD)) {
++				txd->buffer_addr =
++					rte_cpu_to_le_64(buf_dma_addr);
++				txd->cmd_type_offset_bsz =
++					i40e_build_ctob(td_cmd,
++					td_offset, I40E_MAX_DATA_PER_TXD,
++					td_tag);
++
++				buf_dma_addr += I40E_MAX_DATA_PER_TXD;
++				slen -= I40E_MAX_DATA_PER_TXD;
++
++				txe->last_id = tx_last;
++				tx_id = txe->next_id;
++				txe = txn;
++				txd = &txr[tx_id];
++				txn = &sw_ring[txe->next_id];
++			}
+ 			PMD_TX_LOG(DEBUG, "mbuf: %p, TDD[%u]:\n"
+ 				"buf_dma_addr: %#"PRIx64";\n"
+ 				"td_cmd: %#x;\n"

build/external/patches/dpdk_19.08/0001-ixgbe-fix-link-state-timing-issue-on-fiber-ports.patch

@@ -0,0 +1,49 @@
+From 0b12d6f9be7fe4101223491716d291ad1bf6ec33 Mon Sep 17 00:00:00 2001
+From: Matthew Smith <mgsmith@netgate.com>
+Date: Fri, 31 Jan 2020 11:36:21 -0600
+Subject: [PATCH] ixgbe: fix link state timing issue on fiber ports
+
+With some models of fiber ports (e.g. X552 device ID 0x15ac), it
+is possible when a port is started to experience a timing issue
+which prevents the link from ever being fully set up.
+
+In ixgbe_dev_link_update_share(), if the media type is fiber and the
+link is down, a flag (IXGBE_FLAG_NEED_LINK_CONFIG) is set. A callback
+to ixgbe_dev_setup_link_alarm_handler() is scheduled for 10us later
+which should try to set up the link and clear the flag afterwards.
+
+If the device is started before the flag is cleared, the scheduled
+callback is canceled. This causes the flag to remain set and
+subsequent calls to ixgbe_dev_link_update_share() return
+without trying to retrieve the link state because the flag is set.
+
+In ixgbe_dev_start(), after cancelling the callback, unset the flag
+on the device to avoid this condition.
+---
+ drivers/net/ixgbe/ixgbe_ethdev.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
+index 03fc1f7..3c2936d 100644
+--- a/drivers/net/ixgbe/ixgbe_ethdev.c
++++ b/drivers/net/ixgbe/ixgbe_ethdev.c
+@@ -2598,6 +2598,8 @@ static int eth_ixgbevf_pci_remove(struct rte_pci_device *pci_dev)
+ 	uint32_t *link_speeds;
+ 	struct ixgbe_tm_conf *tm_conf =
+ 		IXGBE_DEV_PRIVATE_TO_TM_CONF(dev->data->dev_private);
++	struct ixgbe_interrupt *intr =
++		IXGBE_DEV_PRIVATE_TO_INTR(dev->data->dev_private);
+ 
+ 	PMD_INIT_FUNC_TRACE();
+ 
+@@ -2614,6 +2616,7 @@ static int eth_ixgbevf_pci_remove(struct rte_pci_device *pci_dev)
+ 
+ 	/* Stop the link setup handler before resetting the HW. */
+ 	rte_eal_alarm_cancel(ixgbe_dev_setup_link_alarm_handler, dev);
++	intr->flags &= ~IXGBE_FLAG_NEED_LINK_CONFIG;
+ 
+ 	/* disable uio/vfio intr/eventfd mapping */
+ 	rte_intr_disable(intr_handle);
+-- 
+1.8.3.1
+

build/external/patches/dpdk_20.02/0001-ixgbe-fix-false-link-down-timing-issue.patch

@@ -0,0 +1,66 @@
+From 6033eeec2b029d99d4c0e46065f311fbbb2a1f1b Mon Sep 17 00:00:00 2001
+From: Lijian Zhang <Lijian.Zhang@arm.com>
+Date: Wed, 18 Mar 2020 17:21:08 +0800
+Subject: [PATCH] ixgbe: fix false link down timing issue
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This issue is observed with X520-2 NICs on FD.io Taishan server. After
+VPP booting up and bringing up the interfaces with command ‘set
+interface state <interface> up’, it still shows link down status from
+the command ‘show hardware-interfaces’. However, the hardware link
+status is actually up. dpdk_process() cannot get the hardware link
+status correctly via rte_eth_link_get_nowait().
+
+In ixgbe_dev_link_update_share(), if the media type is fiber and the
+link is down, a flag (IXGBE_FLAG_NEED_LINK_CONFIG) is set. A callback to
+ixgbe_dev_setup_link_alarm_handler() is scheduled trying to set up the
+link and clear the flag afterwards.
+
+If the device is started or stopped before the flag is cleared, the
+scheduled callback is canceled. This causes the flag to remain set and
+subsequent calls to ixgbe_dev_link_update_share() return without trying
+to retrieve the link state because the flag is set.
+
+When the callback is canceled by either interface start or stop
+operation, in ixgbe_dev_cancel_link_thread(), after cancelling the
+callback/thread, unset the flag on the device to avoid this condition.
+
+Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
+---
+ drivers/net/ixgbe/ixgbe_ethdev.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
+index 23b3f5b0c..aa882cb8b 100644
+--- a/drivers/net/ixgbe/ixgbe_ethdev.c
++++ b/drivers/net/ixgbe/ixgbe_ethdev.c
+@@ -4147,11 +4147,14 @@ static void
+ ixgbe_dev_cancel_link_thread(struct rte_eth_dev *dev)
+ {
+ 	struct ixgbe_adapter *ad = dev->data->dev_private;
++	struct ixgbe_interrupt *intr =
++		IXGBE_DEV_PRIVATE_TO_INTR(dev->data->dev_private);
+ 	void *retval;
+ 
+ 	if (rte_atomic32_read(&ad->link_thread_running)) {
+ 		pthread_cancel(ad->link_thread_tid);
+ 		pthread_join(ad->link_thread_tid, &retval);
++		intr->flags &= ~IXGBE_FLAG_NEED_LINK_CONFIG;
+ 		rte_atomic32_clear(&ad->link_thread_running);
+ 	}
+ }
+@@ -4262,8 +4265,8 @@ ixgbe_dev_link_update_share(struct rte_eth_dev *dev,
+ 
+ 	if (link_up == 0) {
+ 		if (ixgbe_get_media_type(hw) == ixgbe_media_type_fiber) {
+-			intr->flags |= IXGBE_FLAG_NEED_LINK_CONFIG;
+ 			if (rte_atomic32_test_and_set(&ad->link_thread_running)) {
++				intr->flags |= IXGBE_FLAG_NEED_LINK_CONFIG;
+ 				if (rte_ctrl_thread_create(&ad->link_thread_tid,
+ 					"ixgbe-link-handler",
+ 					NULL,
+-- 
+2.17.1
+

build/external/patches/quicly_0.0.5-vpp/0002-quicly-rtt-time-skew.patch

@@ -0,0 +1,15 @@
+diff --git a/lib/quicly.c b/lib/quicly.c
+index 95d5f13..200515f 100644
+--- a/lib/quicly.c
++++ b/lib/quicly.c
+@@ -3551,6 +3551,10 @@ static int handle_ack_frame(quicly_conn_t *conn, struct st_quicly_handle_payload
+ 
+     QUICLY_PROBE(QUICTRACE_RECV_ACK_DELAY, conn, probe_now(), frame.ack_delay);
+ 
++    /* Detect and fix time skew */
++    if (now < largest_newly_acked.sent_at)
++        now = largest_newly_acked.sent_at;
++
+     /* Update loss detection engine on ack. The function uses ack_delay only when the largest_newly_acked is also the largest acked
+      * so far. So, it does not matter if the ack_delay being passed in does not apply to the largest_newly_acked. */
+     quicly_loss_on_ack_received(&conn->egress.loss, largest_newly_acked.packet_number, now, largest_newly_acked.sent_at,

docs/featuresbyrelease/index.rst

@@ -9,6 +9,7 @@ This section provides information about the features that are provided for each
 .. toctree::
    :maxdepth: 1
 
+   vpp1908
    vpp1904
    vpp1901
    vpp18.10

docs/featuresbyrelease/vpp1908.md

@@ -0,0 +1,140 @@
+## Features for Release VPP 19.08
+
+### Infrastructure
+- API
+  - API language: new types and limits support
+  - Python API - add support for defaults
+  - Export ip_types.api for out-of-tree plugins use
+  - Refactor ipip.api with explicit types
+- DPDK
+  - 19.05 integration
+  - Remove bonding code
+  - Rework extended stats
+- Debugging & Servicability
+  - debug CLI leak-checker
+  - vlib: add "memory-trace stats-segment"
+  - vppapitrace JSON/API trace converter
+  - ARP: add arp-disabled node
+  - igmp: Trace more data from input packets
+  - ip: Trace the packet from the punt node
+  - Python API debug introspection improvements
+  - Pin dependencies for make test infra
+  - FEATURE.yaml meta-data infrastructure
+  - tcp: add cc stats plotting tools
+  - Packet tracer support for thread handoffs
+- libmemif: support for multi-thread connection establishment
+- svm
+  - fifo ooo reads/writes with multiple chunks
+  - support addition/removal of chunks to fifos
+- vppinfra
+  - Mapped pcap file support
+  - More AVX2 and AVX512 inlines
+  - VLIB_INIT_FUNCTION sequencing rework
+  - refactor spinlocks and rwlocks
+  - add rbtree
+  - add doubly linked list
+- rdma: bump rdma-core to v25.0
+- stats
+  - Add the number of worker threads and per worker thread vector rates
+  - Support multiple workers for error counters
+
+### VNET & Plugins
+- New Plugins
+  - HTTP static page server with TLS support
+  - L3 cross connect
+- acl: implement stat-segment counters
+- arp: add feature arcs: arp-reply, arp-input, arp-proxy
+- avf: improved logging and added 2.5/5 Gbps speeds
+- bonding: NUMA-related improvements
+- crypto: add support for AES-CTR cipher
+- fib
+  - FIB Entry tracking
+  - Support the POP of a Pseudo Wire Control Word
+- gbp
+  - Anonymous l3-out subnets support
+  - ARP unicast forward in gbp bridge domain
+  - An Endpoint can change sclass
+  - Consider data-plane learnt source better than control-plane
+  - VRF scoped contracts
+- gso (experimental)
+  - Add support to pg interfaces
+  - Add support to vhost user
+  - Add support to native virtio
+  - Add support for tagged interfaces
+- punt: allow to specify packets by IP protocol Type
+- ip6-local: hop-by-hop protocol demux table
+- ipsec
+  - intel-ipsec-mb version 0.52
+  - AH encrypt rework
+  - handle UDP keepalives
+  - support GCM in ESP
+- virtio
+  - Refactor control queue support
+- dhcp-client: DSCP marking for transmitted packets
+- Idle resource usage improvements
+  - Allocate bihash virtual space on demand
+  - gre: don't register gre input nodes unless a gre tunnel is created
+  - gtpu: don't register udp ports unless a tunnel is created
+  - lacp: create lacp-process on demand
+  - lisp-cp: start lisp retry service on demand
+  - start the cdp period and dns resolver process on demand
+  - vat: unload unused vat plugins
+- nat: api cleanup & update
+- nsim: make available as an output feature
+- load-balance performance improvements
+- l2: Add support for arp unicast forwarding
+- mactime
+  - Mini-ACLs
+  - Per-MAC allow-with-quota feature
+- qos
+  - QoS dump APIs
+  - Store function
+- rdma: add support for promiscuous mode (l2-switching and xconnect)
+- sr: update the Segment Routing definition to be compliant with current in IETF
+- udp-ping: disable due to conflict with mldv2
+- vxlan-gpe: improve encap performance
+- vom
+  - QoS support
+  - Bridge domain arp unicast forwarding flag
+  - Bridge domain unknown unicast flooding flag
+
+### Host stack
+- session
+  - API to support manual svm fifo resizing
+  - Improved session output scheduler and close state machine
+  - Transport and session cleanup notifications for builtin apps
+  - Session migration notifications for builtin apps
+  - Support for no session layer lookup transports (quic and tls)
+  - Ability to retrieve local/remote endpoint in transport vft
+  - Cleanup segment manager and fifo segment
+  - Fix vpp to app msg generation on enqueue fail
+  - Improve event logging
+  - Moved test applications to hsa plugin
+- tcp
+  - Congestion control algorithm enhancements
+  - Delivery rate estimator
+  - ACK/retransmission refactor and pacing
+  - Add tcp-input sibling nodes without full 6-tuple lookup
+  - More RFC4898 connection statistics
+  - Allow custom output next node
+  - Allow custom congestion control algorithms
+- quic
+  - Multi-thread support
+  - Logs readability improvements
+  - Multistream support
+- tls
+  - Fix close with data and listen failures
+  - Handle TCP transport rests
+  - Support endpoint retrieval interface
+- vcl
+  - support quic streams and "connectable listeners"
+  - worker unregister api
+  - fix epoll with large events batch
+  - ldp: add option to eanble transparent TLS connections
+- udp:
+  - support close with data
+  - fixed session migration
+- sctp
+  - add option to enable/disable default to disable
+  - moved from vnet to plugins
+

docs/gettingstarted/developers/vnet.md

@@ -469,3 +469,132 @@ metadata changes, header checksum changes, and so forth.
 This should be of significant value when developing new vpp graph
 nodes. If new code mispositions b->current_data, it will be completely
 obvious from looking at the dispatch trace in wireshark.
+
+## pcap rx, tx, and drop tracing
+
+vpp also supports rx, tx, and drop packet capture in pcap format,
+through the "pcap trace" debug CLI command.
+
+This command is used to start or stop a packet capture, or show the
+status of packet capture. Each of "pcap trace rx", "pcap trace tx",
+and "pcap trace drop" is implemented.  Supply one or more of "rx",
+"tx", and "drop" to enable multiple simultaneous capture types.
+
+These commands have the following optional parameters:
+
+- <b>rx</b> - trace received packets.
+
+- <b>tx</b> - trace transmitted packets.
+
+- <b>drop</b> - trace dropped packets.
+
+- <b>max _nnnn_</b> - file size, number of packet captures. Once
+  <nnnn> packets have been received, the trace buffer buffer is flushed
+  to the indicated file. Defaults to 1000. Can only be updated if packet
+  capture is off.
+
+- <b>max-bytes-per-pkt _nnnn_</b> - maximum number of bytes to trace
+  on a per-paket basis. Must be >32 and less than 9000. Default value:
+  512.
+
+- <b>filter</b> - Use the pcap rx / tx / drop trace filter, which must
+  be configured. Use <b>classify filter pcap...</b> to configure the
+  filter. The filter will only be executed if the per-interface or
+  any-interface tests fail.
+
+- <b>intfc _interface_ | _any_</b> - Used to specify a given interface,
+  or use '<em>any</em>' to run packet capture on all interfaces.
+  '<em>any</em>' is the default if not provided. Settings from a previous
+  packet capture are preserved, so '<em>any</em>' can be used to reset
+  the interface setting.
+
+- <b>file _filename_</b> - Used to specify the output filename. The
+  file will be placed in the '<em>/tmp</em>' directory.  If _filename_
+  already exists, file will be overwritten. If no filename is
+  provided, '<em>/tmp/rx.pcap or tx.pcap</em>' will be used, depending
+  on capture direction. Can only be updated when pcap capture is off.
+
+- <b>status</b> - Displays the current status and configured
+  attributes associated with a packet capture. If packet capture is in
+  progress, '<em>status</em>' also will return the number of packets
+  currently in the buffer. Any additional attributes entered on
+  command line with a '<em>status</em>' request will be ignored.
+
+- <b>filter</b> - Capture packets which match the current packet
+  trace filter set. See next section. Configure the capture filter
+  first.
+
+## packet trace capture filtering
+
+The "classify filter pcap | <interface-name> " debug CLI command
+constructs an arbitrary set of packet classifier tables for use with
+"pcap rx | tx | drop trace," and with the vpp packet tracer on a
+per-interrface basis.
+
+Packets which match a rule in the classifier table chain will be
+traced. The tables are automatically ordered so that matches in the
+most specific table are tried first.
+
+It's reasonably likely that folks will configure a single table with
+one or two matches. As a result, we configure 8 hash buckets and 128K
+of match rule space by default. One can override the defaults by
+specifiying "buckets <nnn>" and "memory-size <xxx>" as desired.
+
+To build up complex filter chains, repeatedly issue the classify
+filter debug CLI command. Each command must specify the desired mask
+and match values. If a classifier table with a suitable mask already
+exists, the CLI command adds a match rule to the existing table.  If
+not, the CLI command add a new table and the indicated mask rule
+
+### Configure a simple pcap classify filter
+
+```
+    classify filter pcap mask l3 ip4 src match l3 ip4 src 192.168.1.11"
+    pcap rx trace on max 100 filter
+```
+
+### Configure a simple interface packet-tracer filter
+
+```
+    classify filter GigabitEthernet3/0/0 mask l3 ip4 src match l3 ip4 src 192.168.1.11"
+    [device-driver debug CLI TBD]
+```
+
+### Configure another fairly simple pcap classify filter
+
+```
+   classify filter pcap mask l3 ip4 src dst match l3 ip4 src 192.168.1.10 dst 192.168.2.10
+   pcap tx trace on max 100 filter
+```
+
+### Clear all current classifier filters
+
+```
+    classify filter del
+```
+
+### To inspect the classifier tables
+
+```
+   show classify table [verbose]
+```
+
+The verbose form displays all of the match rules, with hit-counters.
+
+### Terse description of the "mask <xxx>" syntax:
+
+```
+    l2 src dst proto tag1 tag2 ignore-tag1 ignore-tag2 cos1 cos2 dot1q dot1ad
+    l3 ip4 <ip4-mask> ip6 <ip6-mask>
+    <ip4-mask> version hdr_length src[/width] dst[/width]
+               tos length fragment_id ttl protocol checksum
+    <ip6-mask> version traffic-class flow-label src dst proto
+               payload_length hop_limit protocol
+    l4 tcp <tcp-mask> udp <udp_mask> src_port dst_port
+    <tcp-mask> src dst  # ports
+    <udp-mask> src_port dst_port
+```
+
+To construct **matches**, add the values to match after the indicated
+keywords in the mask syntax. For example: "... mask l3 ip4 src" ->
+"... match l3 ip4 src 192.168.1.11"

extras/http/setup.http

@@ -0,0 +1,6 @@
+set term pag off
+create tap host-if-name lstack host-ip4-addr 192.168.10.2/24
+set int ip address tap0 192.168.10.1/24
+set int state tap0 up
+
+http static server www-root /scratch/fdio-site-fork/public uri tls://0.0.0.0/1234 cache-size 10m fifo-size 2048

extras/http/startup.cfg

@@ -0,0 +1,7 @@
+unix {
+     interactive
+}
+
+tls {
+    use-test-cert-in-ca
+}

extras/libmemif/docs/gettingstarted_doc.md

@@ -114,7 +114,7 @@ typedef struct
 ```
 
 5. Packet receive
-    - Api call memif\_rx\_burst will set all required fields in memif buffers provided by user application and dequeue received buffers.
+    - Api call memif\_rx\_burst will set all required fields in memif buffers provided by user application, dequeue received buffers and consume interrupt event on receive queue. The event is not consumed, if memif_rx_burst fails.
 ```C
 err = memif_rx_burst (c->conn, qid, c->bufs, MAX_MEMIF_BUFS, &rx);
 ```

extras/libmemif/examples/CMakeLists.txt

@@ -22,6 +22,7 @@ list(APPEND EXAMPLES_LIST
   icmp_responder/main.c
   icmp_responder-epoll/main.c
   icmp_responder-mt/main.c
+  icmp_responder-mt_3-1/main.c
   icmp_responder-eb/main.c
   icmp_responder-zero-copy-slave/main.c
 )
@@ -33,4 +34,3 @@ foreach (EXAMPLE_SRC ${EXAMPLES_LIST})
   target_include_directories(${EXECUTABLE} PRIVATE $<BUILD_INTERFACE:${HEADERS_DIR}>)
   target_link_libraries(${EXECUTABLE} ${LIBMEMIF} ${CMAKE_THREAD_LIBS_INIT})
 endforeach()
-

extras/libmemif/src/libmemif.h

@@ -23,7 +23,7 @@
 #define _LIBMEMIF_H_
 
 /** Libmemif version. */
-#define LIBMEMIF_VERSION "3.0"
+#define LIBMEMIF_VERSION "3.1"
 /** Default name of application using libmemif. */
 #define MEMIF_DEFAULT_APP_NAME "libmemif-app"
 
@@ -96,6 +96,12 @@ typedef enum
 #define MEMIF_FD_EVENT_MOD   (1 << 4)
 /** @} */
 
+/** \brief Memif per thread main handle
+    Pointer of type void, pointing to internal structure.
+    Used to identify internal per thread database.
+*/
+typedef void *memif_per_thread_main_handle_t;
+
 /** \brief Memif connection handle
     pointer of type void, pointing to internal structure
 */
@@ -139,9 +145,14 @@ typedef void (memif_free_t) (void *ptr);
 /** \brief Memif control file descriptor update (callback function)
     @param fd - new file descriptor to watch
     @param events - event type(s) to watch for
+    @param private_ctx - libmemif main private context. Is NULL for
+                         libmemif main created by memif_init()
+
 
     This callback is called when there is new fd to watch for events on
     or if fd is about to be closed (user mey want to stop watching for events on this fd).
+    Private context is taken from libmemif_main, 'private_ctx' passed to memif_per_thread_init()
+    or NULL in case of memif_init()
 */
 typedef int (memif_control_fd_update_t) (int fd, uint8_t events,
 					 void *private_ctx);
@@ -227,6 +238,24 @@ void memif_register_external_region (memif_add_external_region_t * ar,
 				     memif_del_external_region_t * dr,
 				     memif_get_external_buffer_offset_t * go);
 
+/** \brief Register external region
+    @param pt_main - per thread main handle
+    @param ar - add external region callback
+    @param gr - get external region addr callback
+    @param dr - delete external region callback
+    @param go - get external buffer offset callback (optional)
+*/
+void memif_per_thread_register_external_region (memif_per_thread_main_handle_t
+						pt_main,
+						memif_add_external_region_t *
+						ar,
+						memif_get_external_region_addr_t
+						* gr,
+						memif_del_external_region_t *
+						dr,
+						memif_get_external_buffer_offset_t
+						* go);
+
 /** @} */
 
 /**
@@ -246,7 +275,11 @@ typedef enum
 #endif /* _MEMIF_H_ */
 
 /** \brief Memif connection arguments
-    @param socket - memif socket handle, if NULL default socket will be used
+    @param socket - Memif socket handle, if NULL default socket will be used.
+		    Default socket is only supported in global database (see memif_init).
+		    Custom database does not create a default socket
+		    (see memif_per_thread_init).
+		    Memif connection is stored in the same database as the socket.
     @param secret - otional parameter used as interface autenthication
     @param num_s2m_rings - number of slave to master rings
     @param num_m2s_rings - number of master to slave rings
@@ -465,6 +498,28 @@ int memif_init (memif_control_fd_update_t * on_control_fd_update,
 		char *app_name, memif_alloc_t * memif_alloc,
 		memif_realloc_t * memif_realloc, memif_free_t * memif_free);
 
+/** \brief Memif per thread initialization
+    @param pt_main - per thread main handle
+    @param private_ctx - private context
+    @param on_control_fd_update - if control fd updates inform user to watch new fd
+    @param app_name - application name (will be truncated to 32 chars)
+    @param memif_alloc - cutom memory allocator, NULL = default
+    @param memif_realloc - custom memory reallocation, NULL = default
+    @param memif_free - custom memory free, NULL = default
+
+    Per thread version of memif_init ().
+    Instead of using global database, creates and initializes unique database,
+    identified by 'memif_per_thread_main_handle_t'.
+
+    \return memif_err_t
+*/
+int memif_per_thread_init (memif_per_thread_main_handle_t * pt_main,
+			   void *private_ctx,
+			   memif_control_fd_update_t * on_control_fd_update,
+			   char *app_name, memif_alloc_t * memif_alloc,
+			   memif_realloc_t * memif_realloc,
+			   memif_free_t * memif_free);
+
 /** \brief Memif cleanup
 
     Free libmemif internal allocations.
@@ -473,6 +528,15 @@ int memif_init (memif_control_fd_update_t * on_control_fd_update,
 */
 int memif_cleanup ();
 
+/** \brief Memif per thread cleanup
+    @param pt_main - per thread main handle
+
+    Free libmemif internal allocations and sets the handle to NULL.
+
+    \return memif_err_t
+*/
+int memif_per_thread_cleanup (memif_per_thread_main_handle_t * pt_main);
+
 /** \brief Memory interface create function
     @param conn - connection handle for client app
     @param args - memory interface connection arguments
@@ -521,6 +585,19 @@ int memif_create (memif_conn_handle_t * conn, memif_conn_args_t * args,
 */
 int memif_control_fd_handler (int fd, uint8_t events);
 
+/** \brief Memif per thread control file descriptor handler
+    @param pt_main - per thread main handle
+    @param fd - file descriptor on which the event occured
+    @param events - event type(s) that occured
+
+    Per thread version of memif_control_fd_handler.
+
+    \return memif_err_t
+
+*/
+int memif_per_thread_control_fd_handler (memif_per_thread_main_handle_t
+					 pt_main, int fd, uint8_t events);
+
 /** \brief Memif delete
     @param conn - pointer to memif connection handle
 
@@ -592,6 +669,9 @@ int memif_tx_burst (memif_conn_handle_t conn, uint16_t qid,
     @param count - number of memif buffers to receive
     @param rx - returns number of received buffers
 
+    Consume interrupt event for receive queue.
+    The event is not consumed, if memif_rx_burst fails.
+
     \return memif_err_t
 */
 int memif_rx_burst (memif_conn_handle_t conn, uint16_t qid,
@@ -608,6 +688,17 @@ int memif_rx_burst (memif_conn_handle_t conn, uint16_t qid,
 */
 int memif_poll_event (int timeout);
 
+/** \brief Memif poll event
+    @param pt_main - per thread main handle
+    @param timeout - timeout in seconds
+
+    Per thread version of memif_poll_event.
+
+    \return memif_err_t
+*/
+int memif_per_thread_poll_event (memif_per_thread_main_handle_t pt_main,
+				 int timeout);
+
 /** \brief Send signal to stop concurrently running memif_poll_event().
 
     The function, however, does not wait for memif_poll_event() to stop.
@@ -622,6 +713,15 @@ int memif_poll_event (int timeout);
 */
 #define MEMIF_HAVE_CANCEL_POLL_EVENT 1
 int memif_cancel_poll_event ();
+/** \brief Send signal to stop concurrently running memif_poll_event().
+    @param pt_main - per thread main handle
+
+    Per thread version of memif_cancel_poll_event.
+
+    \return memif_err_t
+*/
+int memif_per_thread_cancel_poll_event (memif_per_thread_main_handle_t
+					pt_main);
 
 /** \brief Set connection request timer value
     @param timer - new timer value
@@ -633,6 +733,19 @@ int memif_cancel_poll_event ();
 */
 int memif_set_connection_request_timer (struct itimerspec timer);
 
+/** \brief Set connection request timer value
+    @param pt_main - per thread main handle
+    @param timer - new timer value
+
+    Per thread version of memif_set_connection_request_timer
+
+    \return memif_err_t
+*/
+int
+memif_per_thread_set_connection_request_timer (memif_per_thread_main_handle_t
+					       pt_main,
+					       struct itimerspec timer);
+
 /** \brief Send connection request
     @param conn - memif connection handle
 
@@ -656,8 +769,22 @@ int memif_request_connection (memif_conn_handle_t conn);
 
     \return memif_err_t
 */
-int memif_create_socket (memif_socket_handle_t * sock, const char * filename,
-			 void * private_ctx);
+int memif_create_socket (memif_socket_handle_t * sock, const char *filename,
+			 void *private_ctx);
+
+/** \brief Create memif socket
+    @param pt_main - per thread main handle
+    @param sock - socket handle for client app
+    @param filename - path to socket file
+    @param private_ctx - private context
+
+    Per thread version of memif_create_sopcket.
+
+    \return memif_err_t
+*/
+int memif_per_thread_create_socket (memif_per_thread_main_handle_t pt_main,
+				    memif_socket_handle_t * sock,
+				    const char *filename, void *private_ctx);
 
 /** \brief Delete memif socket
     @param sock - socket handle for client app
@@ -669,6 +796,15 @@ int memif_create_socket (memif_socket_handle_t * sock, const char * filename,
 */
 int memif_delete_socket (memif_socket_handle_t * sock);
 
+/** \brief Get socket filename
+    @param sock - socket handle for client app
+
+    Return constant pointer to socket filename.
+
+    \return cosnt char *
+*/
+const char *memif_get_socket_filename (memif_socket_handle_t sock);
+
 /** @} */
 
 #endif /* _LIBMEMIF_H_ */

extras/libmemif/src/memif_private.h

@@ -120,6 +120,8 @@ typedef struct
   memif_log2_ring_size_t log2_ring_size;
 } memif_conn_run_args_t;
 
+struct libmemif_main;
+
 typedef struct memif_connection
 {
   uint16_t index;
@@ -165,19 +167,25 @@ typedef struct
   uint16_t use_count;
   memif_socket_type_t type;
   uint8_t *filename;
+  /* unique database */
+  struct libmemif_main *lm;
   uint16_t interface_list_len;
   void *private_ctx;
   memif_list_elt_t *interface_list;	/* memif master interfaces listening on this socket */
 } memif_socket_t;
 
-typedef struct
+typedef struct libmemif_main
 {
   memif_control_fd_update_t *control_fd_update;
   int timerfd;
+  int epfd;
+  int poll_cancel_fd;
   struct itimerspec arm, disarm;
   uint16_t disconn_slaves;
   uint8_t app_name[MEMIF_NAME_LEN];
 
+  void *private_ctx;
+
   memif_socket_handle_t default_socket;
 
   memif_add_external_region_t *add_external_region;
@@ -200,7 +208,6 @@ typedef struct
 } libmemif_main_t;
 
 extern libmemif_main_t libmemif_main;
-extern int memif_epfd;
 
 /* main.c */
 
@@ -215,7 +222,7 @@ int memif_disconnect_internal (memif_connection_t * c);
 /* map errno to memif error code */
 int memif_syscall_error_handler (int err_code);
 
-int add_list_elt (memif_list_elt_t * e, memif_list_elt_t ** list,
+int add_list_elt (libmemif_main_t *lm, memif_list_elt_t * e, memif_list_elt_t ** list,
 		  uint16_t * len);
 
 int get_list_elt (memif_list_elt_t ** e, memif_list_elt_t * list,
@@ -223,6 +230,8 @@ int get_list_elt (memif_list_elt_t ** e, memif_list_elt_t * list,
 
 int free_list_elt (memif_list_elt_t * list, uint16_t len, int key);
 
+libmemif_main_t *get_libmemif_main (memif_socket_t * ms);
+
 #ifndef __NR_memfd_create
 #if defined __x86_64__
 #define __NR_memfd_create 319

extras/libmemif/src/socket.c

@@ -71,7 +71,7 @@ memif_msg_send (int fd, memif_msg_t * msg, int afd)
 static_fn int
 memif_msg_enq_ack (memif_connection_t * c)
 {
-  libmemif_main_t *lm = &libmemif_main;
+  libmemif_main_t *lm = get_libmemif_main (c->args.socket);
   memif_msg_queue_elt_t *e =
     (memif_msg_queue_elt_t *) lm->alloc (sizeof (memif_msg_queue_elt_t));
   if (e == NULL)
@@ -99,9 +99,8 @@ memif_msg_enq_ack (memif_connection_t * c)
 }
 
 static_fn int
-memif_msg_send_hello (int fd)
+memif_msg_send_hello (libmemif_main_t * lm, int fd)
 {
-  libmemif_main_t *lm = &libmemif_main;
   memif_msg_t msg = { 0 };
   memif_msg_hello_t *h = &msg.hello;
   msg.type = MEMIF_MSG_TYPE_HELLO;
@@ -124,7 +123,7 @@ memif_msg_send_hello (int fd)
 static_fn int
 memif_msg_enq_init (memif_connection_t * c)
 {
-  libmemif_main_t *lm = &libmemif_main;
+  libmemif_main_t *lm = get_libmemif_main (c->args.socket);
   memif_msg_queue_elt_t *e =
     (memif_msg_queue_elt_t *) lm->alloc (sizeof (memif_msg_queue_elt_t));
   if (e == NULL)
@@ -166,7 +165,7 @@ memif_msg_enq_init (memif_connection_t * c)
 static_fn int
 memif_msg_enq_add_region (memif_connection_t * c, uint8_t region_index)
 {
-  libmemif_main_t *lm = &libmemif_main;
+  libmemif_main_t *lm = get_libmemif_main (c->args.socket);
   memif_region_t *mr = &c->regions[region_index];
 
   memif_msg_queue_elt_t *e =
@@ -203,7 +202,7 @@ memif_msg_enq_add_region (memif_connection_t * c, uint8_t region_index)
 static_fn int
 memif_msg_enq_add_ring (memif_connection_t * c, uint8_t index, uint8_t dir)
 {
-  libmemif_main_t *lm = &libmemif_main;
+  libmemif_main_t *lm = get_libmemif_main (c->args.socket);
   memif_msg_queue_elt_t *e =
     (memif_msg_queue_elt_t *) lm->alloc (sizeof (memif_msg_queue_elt_t));
   if (e == NULL)
@@ -250,7 +249,7 @@ memif_msg_enq_add_ring (memif_connection_t * c, uint8_t index, uint8_t dir)
 static_fn int
 memif_msg_enq_connect (memif_connection_t * c)
 {
-  libmemif_main_t *lm = &libmemif_main;
+  libmemif_main_t *lm = get_libmemif_main (c->args.socket);
   memif_msg_queue_elt_t *e =
     (memif_msg_queue_elt_t *) lm->alloc (sizeof (memif_msg_queue_elt_t));
   if (e == NULL)
@@ -285,7 +284,7 @@ memif_msg_enq_connect (memif_connection_t * c)
 static_fn int
 memif_msg_enq_connected (memif_connection_t * c)
 {
-  libmemif_main_t *lm = &libmemif_main;
+  libmemif_main_t *lm = get_libmemif_main (c->args.socket);
   memif_msg_queue_elt_t *e =
     (memif_msg_queue_elt_t *) lm->alloc (sizeof (memif_msg_queue_elt_t));
   if (e == NULL)
@@ -371,10 +370,11 @@ memif_msg_receive_init (memif_socket_t * ms, int fd, memif_msg_t * msg)
   memif_list_elt_t *elt = NULL;
   memif_list_elt_t elt2;
   memif_connection_t *c = NULL;
-  libmemif_main_t *lm = &libmemif_main;
+  libmemif_main_t *lm = get_libmemif_main (ms);
   uint8_t err_string[96];
   memset (err_string, 0, sizeof (char) * 96);
   int err = MEMIF_ERR_SUCCESS;	/* 0 */
+
   if (i->version != MEMIF_VERSION)
     {
       DBG ("MEMIF_VER_ERR");
@@ -464,14 +464,14 @@ memif_msg_receive_init (memif_socket_t * ms, int fd, memif_msg_t * msg)
   elt2.key = c->fd;
   elt2.data_struct = c;
 
-  add_list_elt (&elt2, &lm->control_list, &lm->control_list_len);
+  add_list_elt (lm, &elt2, &lm->control_list, &lm->control_list_len);
   free_list_elt (lm->pending_list, lm->pending_list_len, fd);
 
   return err;
 
 error:
   memif_msg_send_disconnect (fd, err_string, 0);
-  lm->control_fd_update (fd, MEMIF_FD_EVENT_DEL, c->private_ctx);
+  lm->control_fd_update (fd, MEMIF_FD_EVENT_DEL, lm->private_ctx);
   free_list_elt (lm->pending_list, lm->pending_list_len, fd);
   close (fd);
   fd = -1;
@@ -483,7 +483,7 @@ static_fn int
 memif_msg_receive_add_region (memif_connection_t * c, memif_msg_t * msg,
 			      int fd)
 {
-  libmemif_main_t *lm = &libmemif_main;
+  libmemif_main_t *lm = get_libmemif_main (c->args.socket);
 
   memif_msg_add_region_t *ar = &msg->add_region;
   memif_region_t *mr;
@@ -517,7 +517,7 @@ memif_msg_receive_add_region (memif_connection_t * c, memif_msg_t * msg,
 static_fn int
 memif_msg_receive_add_ring (memif_connection_t * c, memif_msg_t * msg, int fd)
 {
-  libmemif_main_t *lm = &libmemif_main;
+  libmemif_main_t *lm = get_libmemif_main (c->args.socket);
 
   memif_msg_add_ring_t *ar = &msg->add_ring;
 
@@ -580,7 +580,7 @@ static_fn int
 memif_msg_receive_connect (memif_connection_t * c, memif_msg_t * msg)
 {
   memif_msg_connect_t *cm = &msg->connect;
-  libmemif_main_t *lm = &libmemif_main;
+  libmemif_main_t *lm = get_libmemif_main (c->args.socket);
   memif_list_elt_t elt;
 
   int err;
@@ -598,10 +598,11 @@ memif_msg_receive_connect (memif_connection_t * c, memif_msg_t * msg)
 	{
 	  elt.key = c->rx_queues[i].int_fd;
 	  elt.data_struct = c;
-	  add_list_elt (&elt, &lm->interrupt_list, &lm->interrupt_list_len);
+	  add_list_elt (lm, &elt, &lm->interrupt_list,
+			&lm->interrupt_list_len);
 
 	  lm->control_fd_update (c->rx_queues[i].int_fd, MEMIF_FD_EVENT_READ,
-				 c->private_ctx);
+				 lm->private_ctx);
 	}
 
     }
@@ -616,7 +617,7 @@ static_fn int
 memif_msg_receive_connected (memif_connection_t * c, memif_msg_t * msg)
 {
   memif_msg_connect_t *cm = &msg->connect;
-  libmemif_main_t *lm = &libmemif_main;
+  libmemif_main_t *lm = get_libmemif_main (c->args.socket);
 
   int err;
   err = memif_connect1 (c);
@@ -632,7 +633,7 @@ memif_msg_receive_connected (memif_connection_t * c, memif_msg_t * msg)
       for (i = 0; i < c->run_args.num_s2m_rings; i++)
 	{
 	  lm->control_fd_update (c->rx_queues[i].int_fd, MEMIF_FD_EVENT_READ,
-				 c->private_ctx);
+				 lm->private_ctx);
 	}
     }
 
@@ -658,7 +659,7 @@ memif_msg_receive_disconnect (memif_connection_t * c, memif_msg_t * msg)
 }
 
 static_fn int
-memif_msg_receive (int ifd)
+memif_msg_receive (libmemif_main_t * lm, int ifd)
 {
   char ctl[CMSG_SPACE (sizeof (int)) +
 	   CMSG_SPACE (sizeof (struct ucred))] = { 0 };
@@ -669,7 +670,6 @@ memif_msg_receive (int ifd)
   int err = MEMIF_ERR_SUCCESS;	/* 0 */
   int fd = -1;
   int i;
-  libmemif_main_t *lm = &libmemif_main;
   memif_connection_t *c = NULL;
   memif_socket_t *ms = NULL;
   memif_list_elt_t *elt = NULL;
@@ -827,8 +827,10 @@ memif_conn_fd_error (memif_connection_t * c)
 int
 memif_conn_fd_read_ready (memif_connection_t * c)
 {
+  libmemif_main_t *lm = get_libmemif_main (c->args.socket);
   int err;
-  err = memif_msg_receive (c->fd);
+
+  err = memif_msg_receive (lm, c->fd);
   if (err != 0)
     {
       err = memif_disconnect_internal (c);
@@ -840,7 +842,7 @@ memif_conn_fd_read_ready (memif_connection_t * c)
 int
 memif_conn_fd_write_ready (memif_connection_t * c)
 {
-  libmemif_main_t *lm = &libmemif_main;
+  libmemif_main_t *lm = get_libmemif_main (c->args.socket);
   int err = MEMIF_ERR_SUCCESS;	/* 0 */
 
 
@@ -869,7 +871,7 @@ memif_conn_fd_accept_ready (memif_socket_t * ms)
   int addr_len;
   struct sockaddr_un client;
   int conn_fd;
-  libmemif_main_t *lm = &libmemif_main;
+  libmemif_main_t *lm = get_libmemif_main (ms);
 
   DBG ("accept called");
 
@@ -888,19 +890,19 @@ memif_conn_fd_accept_ready (memif_socket_t * ms)
   elt.key = conn_fd;
   elt.data_struct = ms;
 
-  add_list_elt (&elt, &lm->pending_list, &lm->pending_list_len);
+  add_list_elt (lm, &elt, &lm->pending_list, &lm->pending_list_len);
   lm->control_fd_update (conn_fd, MEMIF_FD_EVENT_READ | MEMIF_FD_EVENT_WRITE,
-			 ms->private_ctx);
+			 lm->private_ctx);
 
-  return memif_msg_send_hello (conn_fd);
+  return memif_msg_send_hello (lm, conn_fd);
 }
 
 int
-memif_read_ready (int fd)
+memif_read_ready (libmemif_main_t * lm, int fd)
 {
   int err;
 
-  err = memif_msg_receive (fd);
+  err = memif_msg_receive (lm, fd);
 
   return err;
 }

extras/libmemif/src/socket.h

@@ -39,7 +39,7 @@ int memif_conn_fd_error (memif_connection_t * c);
 
 int memif_conn_fd_accept_ready (memif_socket_t * ms);
 
-int memif_read_ready (int fd);
+int memif_read_ready (libmemif_main_t *lm, int fd);
 
 int memif_msg_send_disconnect (int fd, uint8_t * err_string,
 			       uint32_t err_code);
@@ -53,7 +53,7 @@ int memif_msg_send (int fd, memif_msg_t * msg, int afd);
 
 int memif_msg_enq_ack (memif_connection_t * c);
 
-int memif_msg_send_hello (int fd);
+int memif_msg_send_hello (libmemif_main_t *lm, int fd);
 
 int memif_msg_enq_init (memif_connection_t * c);
 

extras/libmemif/test/main_test.c

@@ -94,7 +94,7 @@ START_TEST (test_init_epoll)
   ck_assert_ptr_ne (lm, NULL);
   ck_assert_ptr_ne (lm->control_fd_update, NULL);
   ck_assert_int_gt (lm->timerfd, 2);
-  ck_assert_int_gt (memif_epfd, -1);
+  ck_assert_int_gt (lm->epfd, -1);
 
   if (lm->timerfd > 0)
     close (lm->timerfd);