| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Replace the hardcoded SPD inbound/outbound ranges with values derived
from test inputs.
Add the necessary routes now that the tunnel endpoints are not in the
same subnet. Also add ip neighbor entry on DUT2 for the same reason.
Also replace ipsec sa dump with show ipsec all in teardown of tests
where both SAs and SPDs are configured to improve troubleshooting.
Change-Id: I7d89a99fcf457a701c87bf6ac07364b62802677d
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
+ Just few obvious one
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I9bbac293a56d6b2943bef03cb3b8943e967dae6b
|
|
Based on latest common ancestor of master and stable/2106:
1372178e0e674143bfec14b17050d5e92e4fcf1a
Only ipsec_sad_entry_add_del_v3 needs non-trivial argument edits.
Change-Id: I813367292a830e5a1fac765e9f24057b6b0192ee
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Set 1 as default value for increment.
+ Update IPsecUtil.
+ Tolerate address with host bits set when incrementing.
+ Call sites can check initial value on their own.
+ Support multiple ways of converting to string.
- Only the previous "dash" format is supported here.
+ Update docstrings.
Change-Id: I0c71a6327cca6a319715b3fcfbbee800cac14287
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Add testcases with plain ipv4 forwarding with 1, 10, 100 and 1000 SPD
entries on outbound traffic in both directions both directions. Only
match the last SPD entry and process others before the matching entry.
Add testcases only without flow cache optimization.
Refactor the Python functions that add SPD entries:
- Unify the args in functions that add one and multiple entries.
- For multiple entries, add the ability to pass an object that will
handle how values in each iteration (i.e. for each entry) are modified.
Change-Id: I061922eec6acc75a4e115202c07e72d89bf1f4d3
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I6826add7b3032041632c3952c45a3c64409400b0
|
|
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I909942dbb920df7f0fe15c0c92cda92c3cd8d8ad
|
|
Add more granularity test policy tests. Mirror the number of tunnels in
other IPsec tests under 1000 tunnels.
Change-Id: I9bde7447a5d809bab05db132bf6cb524e97e19b3
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Add 2n1l udir 1 and 1000 tunnel sw policy IPsec tests to mirror the
existing 3n tests.
Add static ip neighbor mac entries which can't be retrieved in 2node
setups.
Change-Id: I13dd557cbeed7f907fa9b4c21e4e245d48916513
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
The tunnel specification in "ipsec sa add" has changed. Update the cli
the reflect this.
Change-Id: I11d788798419b96b1289c53052eedb9767252df6
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Some tests use a crypto algorithm with no integrity algorithm.
Generate empty binary strings as fake integrity keys
to keep return values of low level methods consistent.
+ Add return_keys argument to avoid returning long lists.
+ Improve various docstrings.
Change-Id: Idae1877bdde32d194ce4e3bb3053c8dba39d377a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
This patch is to add test suites for vpp plugin crypto_sw_scheduler,
IPsec sync mode is to do crypto and packet forward work in same worker cores,
crypto_sw_scheduler can schedule crypto work to other async crypto cores to
improve whole crypto processing capability.
This test suites configure fixed 1 rx queues per port, then measure IPsec
performance with 1, 2, 3 crypto cores.
This patchset include 1, 2, 4, 8 ipsec tunnels test cases.
+Vratko help to change to count total physical cores instead of previous only
count crypto cores in test cases.
Change-Id: I0e67182e3d13273890a23703d838101900e25126
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Signed-off-by: pmikus <pmikus@cisco.com>
|
|
The mesages are the newest present in last common ancestor
of master and rls2101 (so not yet ipsec_sad_entry_add_del_v3).
Added a TODO for the RDMA create improvement,
to be implemented in a separate change.
Change-Id: I94bcd2f1bc109fb995c4dd6df44f8928865634f5
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Jira: CSIT-1597
+ add ipsec_sa tear down action
Change-Id: I4d1e6f26c14e61e8ddc6f29fbf5528a034c84eb0
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
In VPP 20.05, vpp added async crypto engine that support to use QAT hardware
to do encryption and decryption, vnet/ipsec enabled async mode to use async
crypto engine.
Current async crypto engine also use dpdk_cryptodev as async handlers, in the
future it may add other native QAT driver as async handlers.
Note that async crypto engine is to support vnet/ipsec, it is different
with current existing dpdk backend which itself has ESP implementation
in plugins/dpdk/ipsec.
Change-Id: I4e6eaa7ca1eddb8b1c45212de0684fb26907119b
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
- cover API changes in VPP: https://gerrit.fd.io/r/c/vpp/+/26276
- update vpp stable to version 20.05-rc0~727
Change-Id: I39a0b5e60fac6a74aff2426f6a448c0e117ab647
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
+ some pylint fixies
Change-Id: I650ce16282ae953a1a5ee96e810702c01f71efd6
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Reason: with upcomming vpp api changes the ip object will be used
in more csit python libraries, e.g. InterfaceUtil.py, so we need
to avoid circular import issue
(e.g. InterfaceUtil.pyu <-> IPUtil.py)
Change-Id: Ia658b187d4e326f58e33019dd54f8ac7b9137d78
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
- cover API changes in VPP: https://gerrit.fd.io/r/c/vpp/+/25529
- update vpp stable to version 20.05-rc0~312-g287d5e109
Change-Id: I6c7b3520f4bb306c3b0b59247b4ba2d5f170686c
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
- Not adding nf_density tests.
- Not adding hardware ipsec tests.
- Not adding -policy- tests.
- Using old crypto_ia32_plugin.so plugin name.
+ Suitable for cherry-picking to rls2001.
Change-Id: Ibf44d6d91e2afa2320637ecd9eb69d5d5dc364aa
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Because arp->neigbor was so important to do.
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: I552e175b7555ebf5053d7994c0c9173c0c96fc58
|
|
Change-Id: Ie64d662e81879bd52785e0188450d998bf056bda
Signed-off-by: Ludovit Mikula <ludovit.mikula@pantheon.tech>
|
|
Change-Id: Ibf1979b87aeea0f4c195b97c8e6b59a4a23b1b77
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Change-Id: I066a8b85649654c1c575eb63722de6c51f3d4f78
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I1392c06b1d64f62b141d24c0d42a8e36913b15e2
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: I6e3ce086978c383303724d989702b1c1273c50c0
|
|
CSIT code alignment with API changes in VPP introduced
by patch https://gerrit.fd.io/r/c/vpp/+/18361
Change-Id: Ib0357bba79f55d297ef1086fbf3b760caca16cdb
Signed-off-by: Jan Gelety <jgelety@cisco.com>
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
- if we are trying to update ip field of already existing IP object
in more iterations of e.g. ip_route_add_del the PapiExecutor uses
value from last iteration for all iterations so it ends up in
creation of ip route only for one IP not for all required IPs
Change-Id: I5ffa622e2a06d0c5c71720d2cf743a4c2104ab79
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Because:
>>> for i in xrange(4):
... if i > 0 and i % 250 / 3 == 0:
... i
...
1
2
Change-Id: Ia4eba227ea1e4c6222f32ac598f254428d95adc9
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: Iecfd7e69a72c8d5893a703fa93439cde0a3edf5f
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: Iac790bf5755a70697e4c4eff32242b04f8e7f789
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Ticket: CSIT-1541
Ticket: VPP-1722
Ticket: CSIT-1546
+ Increase timeout to hide x520 slownes of show hardware detail.
- Install sshpass and update ssh client in virl bootstrap.
+ Added TODOs to remove when CSIT-1546 is fixed.
+ Enable default socksvr on any startup conf.
+ Improve OptionString init and repr.
- The non-socket executor still kept for stats.
+ Remove everything unrelated to stats from non-socket executor.
- Remove some debug-loooking calls to avoid failures.
TODO: Introduce proper parsing to the affected keywords.
+ Reduce logging from PAPI code to level INFO.
- Needs https://gerrit.fd.io/r/20660 to fully work.
+ Change default values for LocalExecution.run()
+ Return code check enabled by default.
Code is more readable when rc!=0 is allowed explicitly,
and the test code will now detect unexpected failures.
+ Logging disabled by default.
Output XML is large already. Important logging can be enabled explicitly.
+ Restore alphabetical order in common.sh functions.
Change-Id: I05882cb6b620ad14638f7404b5ad38c7a5de9e6c
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Do not support returning unverified replies anymore.
Basically, ".get_replies().verify_replies()" is now just ".get_replies()".
This allows fairly large simplifications both at call sites
and in PapiExecutor.py
+ Rename get_dumps to get_details.
+ Introduce get_reply and get_sw_if_index.
+ Rename variables holding get_*() value,
+ e.g. get_stats() value is stored to variable named "stats".
+ Rename "item" of subsequent loop to hint the type instead.
+ Rename "details" function argument to "verbose".
+ Process reply details in place, instead of building new list.
- Except hybrid blocks which can return both list or single item.
- Except human readable text building blocks.
+ Rename most similar names to sw_if_index.
- Except "vpp_sw_index" and some function names.
+ Use single run_cli_cmd from PapiExecutor.
+ Do not chain methods over multiple lines.
+ Small space gain is not worth readability loss.
+ Include minor code and docstrings improvement.
+ Add some TODOs.
Change-Id: Ib2110a3d2101a74d5837baab3a58dc46aafc6ce3
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Stop attempting to check test/ as module inits are not there.
Change-Id: Ia4e498061be3e3118b07e98c9c2f761f2454653e
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Change-Id: Ib52e1735b6b82ea9fea44c06c379f117068e94c1
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: Ide82ae5fa03d3fec8f4db9db7634be0a1e339cd1
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I286490280b6e62f9f212831a5bf1d14db1838fa7
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I10eeb4ee30a57712824e68176d92d1ecb5f0d1b0
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
- Add:
aes-128-gcm aes-128-gcm
aes-256-gcm aes-256-gcm
aes-128-cbc hmac-sha-256
aes-256-cbc hmac-sha-512
- Remove:
hmac-sha1
- Scale will follow in next patch
Change-Id: I789f71cf66cf61b8dbb3c6dbe9b6fdc79866ac33
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I4c756cc4b29901184594a728f6184c30cadd9c1a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
- use exec ipsec sa add
- use exec ipsec spd add
- use exec set ipsec sa
Change-Id: I69d59dd230b99d8efc9bcb5e3fbab79a8b11b18a
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Change-Id: I008b9e0fd62cdc8e29136930762bd7412bd50181
Signed-off-by: Jan Gelety <jgelety@cisco.com>
(cherry picked from commit 2230a8ab108fa114752decfc69321ec5a47f36a6)
|
|
+ Docstring warnings fixed.
+ Multiline param descriptions indented by 4 spaces.
- Except the PacketVerifier.py one
- I have tried several quote-like blocks, nothing works.
- Rst warnings not fixed.
- How can I fix them? They refer to temporarily created files.
+ Other improvements:
+ Python lines no longer than 80 characters.
+ :return: -> :returns:
+ Notes before params.
+ :raises
+ closing colon after exception class.
+ Description is a sentence.
+ Present tense in conditional sentences.
+ Bumped copyright year in edited files.
Change-Id: I462c194eeecb666dc146e26858486a07c990be9b
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Currently, VAT history looks like this:
sw_interface_set_flags sw_if_index 2 admin-up
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_dump
sw_interface_set_flags sw_if_index 2 admin-up
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 2 192.168.10.1/24
sw_interface_add_del_address sw_if_index 1 172.168.1.1/24
ip_neighbor_add_del sw_if_index 2 dst 192.168.10.2 mac 68:05:ca:3a:af:40
ip_neighbor_add_del sw_if_index 1 dst 172.168.1.2 mac 68:05:ca:35:78:e9
ip_add_del_route 10.0.0.0/8 via 192.168.10.2 sw_if_index 2
resolve-attempts 10 count 1
exec exec /tmp/ipsec_create_tunnel_dut1.config
It should be like this:
sw_interface_add_del_address sw_if_index 2 192.168.10.1/24
sw_interface_add_del_address sw_if_index 1 172.168.1.1/24
ip_neighbor_add_del sw_if_index 2 dst 192.168.10.2 mac 68:05:ca:3a:af:40
ip_neighbor_add_del sw_if_index 1 dst 172.168.1.2 mac 68:05:ca:35:78:e9
ip_add_del_route 10.0.0.0/8 via 192.168.10.2 sw_if_index 2
resolve-attempts 10 count 1
exec exec /tmp/ipsec_create_tunnel_dut1.config
sw_interface_set_flags sw_if_index 2 admin-up
sw_interface_set_flags sw_if_index 1 admin-up
Change-Id: I4e943436dee00166966b4f53d9d0a40440bbf1e4
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
- add following line per interface tunnel:
set int unnum <ipsec> use <interface>
Change-Id: Iff75f27b7cf25f3d24eea92366b1fd4a718c253b
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Change-Id: I4b0ba83960e50089f29cab9a30ab760241c6f566
Signed-off-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
|
|
- Fix PyLint errors
- Fix comments in touched python modules
Change-Id: I26db2d292a41969cf38b9b0bdd49c4fb15349102
Signed-off-by: Tibor Frank <tifrank@cisco.com>
|
|
- encryption/integrity key update tests
Change-Id: Iddbe35e2f421b5048e60663bff2b0bf1968a9782
Signed-off-by: Patrik Hrnciar <phrnciar@cisco.com>
Signed-off-by: Matej Klotton <mklotton@cisco.com>
|
|
- use integrity and/or encryption key(s) different from
integrity and encryption keys stored on VPP node to create
tx packet on TG
Change-Id: I38bf7e1dd6f488e605bad991c7a7f4d1ff226e8c
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
- use all supported encryption and integrity algorithms in tunnel mode
and in transport mode
Change-Id: I2ae395d88d514b2ca3f62ab9aecbb27d8fb827b0
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
Juraj Linkeš
pmikus
Vratko Polak
Yulong Pei
Jan Gelety
Ludovit Mikula
Kirill Rybalchenko
Tibor Frank
Patrik Hrnciar