1. 04 Oct, 2019 2 commits
  2. 03 Oct, 2019 2 commits
  3. 02 Oct, 2019 1 commit
  4. 30 Sep, 2019 2 commits
  5. 29 Sep, 2019 1 commit
  6. 28 Sep, 2019 1 commit
    • Jakub Safarik's avatar
      Patch ovs-monitor-ipsec · 8eb499a8
      Jakub Safarik authored
      * Open subprocesses in the text mode.
      * Use valid strongSwan configuration.
      * Use python3 dictionary iterators.
      8eb499a8
  7. 27 Sep, 2019 5 commits
  8. 24 Sep, 2019 4 commits
  9. 19 Sep, 2019 1 commit
  10. 15 Sep, 2019 1 commit
  11. 06 Aug, 2019 4 commits
  12. 27 Jul, 2019 1 commit
  13. 11 Jul, 2019 9 commits
  14. 10 Jul, 2019 2 commits
  15. 09 Jul, 2019 1 commit
  16. 28 Jun, 2019 2 commits
    • Ilya Maximets's avatar
      stream-ssl: Fix crash on NULL private key and valid certificate. · 9ebe7950
      Ilya Maximets authored
      Running ovsdb-server with empty private-key and non-empty certificate
      (or otherwise) causes crash:
      
       # ovsdb-tool create ./etc/openvswitch/conf.db ./vswitch.ovsschema
       # ovsdb-server --remote=punix:./db.sock \
                      --remote=db:Open_vSwitch,Open_vSwitch,manager_options \
                      --private-key=db:Open_vSwitch,SSL,private_key \
                      --certificate=db:Open_vSwitch,SSL,certificate \
                      --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert
      
       # ovs-vsctl --no-wait init
       # ovs-vsctl --no-wait set-ssl pkey.key cert.cert ca.cert
       # ovs-vsctl --no-wait set SSL . private_key='""'
       # ovs-vsctl --no-wait set SSL . certificate='cert.new'
      
       ==25513==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
       ==25513==The signal is caused by a READ memory access.
       ==25513==Hint: address points to the zero page.
          #0 0x7ff7582aa0a9 in __GI___strlen_sse2
          #1 0x7ff759bdde81  (/lib64/libasan.so.5+0xace81)
          #2 0x7ff759479932  (/lib64/libcrypto.so.1.1+0xb3932)
          #3 0x7ff759473c5a in BIO_ctrl (/lib64/libcrypto.so.1.1+0xadc5a)
          #4 0x7ff7598decc1 in SSL_CTX_use_certificate_file (/lib64/libssl.so.1.1+0x40cc1)
          #5 0x4dbaa7 in stream_ssl_set_certificate_file__ lib/stream-ssl.c:1170
          #6 0x4dca2e in stream_ssl_set_key_and_cert lib/stream-ssl.c:1216
          #7 0x4146b2 in reconfigure_ssl ovsdb/ovsdb-server.c:1254
          #8 0x409c83 in main ovsdb/ovsdb-server.c:368
          #9 0x7ff758233812 in __libc_start_main
          #10 0x40f6bd in _start (ovsdb-server+0x40f6bd)
      
       AddressSanitizer can not provide additional info.
       SUMMARY: AddressSanitizer: SEGV (/lib64/libc.so.6+0x9a0a9) in __GI___strlen_sse2
       ==25513==ABORTING
      
      Another way to reproduce is to use non-initialized DB entry for
      private-key and a file for certificate in ovsdb-server cmdline.
      
      The root cause is that stream_ssl_set_key_and_cert() triggers
      configuration for both key and cert if any of them is valid, keeping
      it possible for one of them to be NULL.
      
      Fixes: 6f1e91b1
      
       ("stream-ssl: Make changing keys and certificate at runtime reliable.")
      Signed-off-by: default avatarIlya Maximets <i.maximets@samsung.com>
      Acked-by: default avatarBen Pfaff <blp@ovn.org>
      9ebe7950
    • Kevin Traynor's avatar
      netdev-dpdk: Fix additional vhost tx retry. · cab869dc
      Kevin Traynor authored
      Fix minor issue of one possible additional retry.
      
      Fixes: c6ec9d17
      
       ("netdev-dpdk: Fix vHost stats.")
      Signed-off-by: default avatarKevin Traynor <ktraynor@redhat.com>
      Acked-by: default avatarEelco Chaudron <echaudro@redhat.com>
      Acked-by: default avatarFlavio Leitner <fbl@sysclose.org>
      Signed-off-by: default avatarIan Stokes <ian.stokes@intel.com>
      cab869dc
  17. 27 Jun, 2019 1 commit