Age | Commit message (Collapse) | Author | Files | Lines |
|
The tunnel specification in "ipsec sa add" has changed. Update the cli
the reflect this.
Change-Id: I11d788798419b96b1289c53052eedb9767252df6
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Some tests use a crypto algorithm with no integrity algorithm.
Generate empty binary strings as fake integrity keys
to keep return values of low level methods consistent.
+ Add return_keys argument to avoid returning long lists.
+ Improve various docstrings.
Change-Id: Idae1877bdde32d194ce4e3bb3053c8dba39d377a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
This patch is to add test suites for vpp plugin crypto_sw_scheduler,
IPsec sync mode is to do crypto and packet forward work in same worker cores,
crypto_sw_scheduler can schedule crypto work to other async crypto cores to
improve whole crypto processing capability.
This test suites configure fixed 1 rx queues per port, then measure IPsec
performance with 1, 2, 3 crypto cores.
This patchset include 1, 2, 4, 8 ipsec tunnels test cases.
+Vratko help to change to count total physical cores instead of previous only
count crypto cores in test cases.
Change-Id: I0e67182e3d13273890a23703d838101900e25126
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Signed-off-by: pmikus <pmikus@cisco.com>
|
|
The mesages are the newest present in last common ancestor
of master and rls2101 (so not yet ipsec_sad_entry_add_del_v3).
Added a TODO for the RDMA create improvement,
to be implemented in a separate change.
Change-Id: I94bcd2f1bc109fb995c4dd6df44f8928865634f5
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Jira: CSIT-1597
+ add ipsec_sa tear down action
Change-Id: I4d1e6f26c14e61e8ddc6f29fbf5528a034c84eb0
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
In VPP 20.05, vpp added async crypto engine that support to use QAT hardware
to do encryption and decryption, vnet/ipsec enabled async mode to use async
crypto engine.
Current async crypto engine also use dpdk_cryptodev as async handlers, in the
future it may add other native QAT driver as async handlers.
Note that async crypto engine is to support vnet/ipsec, it is different
with current existing dpdk backend which itself has ESP implementation
in plugins/dpdk/ipsec.
Change-Id: I4e6eaa7ca1eddb8b1c45212de0684fb26907119b
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
- cover API changes in VPP: https://gerrit.fd.io/r/c/vpp/+/26276
- update vpp stable to version 20.05-rc0~727
Change-Id: I39a0b5e60fac6a74aff2426f6a448c0e117ab647
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
+ some pylint fixies
Change-Id: I650ce16282ae953a1a5ee96e810702c01f71efd6
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Reason: with upcomming vpp api changes the ip object will be used
in more csit python libraries, e.g. InterfaceUtil.py, so we need
to avoid circular import issue
(e.g. InterfaceUtil.pyu <-> IPUtil.py)
Change-Id: Ia658b187d4e326f58e33019dd54f8ac7b9137d78
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
- cover API changes in VPP: https://gerrit.fd.io/r/c/vpp/+/25529
- update vpp stable to version 20.05-rc0~312-g287d5e109
Change-Id: I6c7b3520f4bb306c3b0b59247b4ba2d5f170686c
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
- Not adding nf_density tests.
- Not adding hardware ipsec tests.
- Not adding -policy- tests.
- Using old crypto_ia32_plugin.so plugin name.
+ Suitable for cherry-picking to rls2001.
Change-Id: Ibf44d6d91e2afa2320637ecd9eb69d5d5dc364aa
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Because arp->neigbor was so important to do.
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: I552e175b7555ebf5053d7994c0c9173c0c96fc58
|
|
Change-Id: Ie64d662e81879bd52785e0188450d998bf056bda
Signed-off-by: Ludovit Mikula <ludovit.mikula@pantheon.tech>
|
|
Change-Id: Ibf1979b87aeea0f4c195b97c8e6b59a4a23b1b77
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Change-Id: I066a8b85649654c1c575eb63722de6c51f3d4f78
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I1392c06b1d64f62b141d24c0d42a8e36913b15e2
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: I6e3ce086978c383303724d989702b1c1273c50c0
|
|
CSIT code alignment with API changes in VPP introduced
by patch https://gerrit.fd.io/r/c/vpp/+/18361
Change-Id: Ib0357bba79f55d297ef1086fbf3b760caca16cdb
Signed-off-by: Jan Gelety <jgelety@cisco.com>
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
- if we are trying to update ip field of already existing IP object
in more iterations of e.g. ip_route_add_del the PapiExecutor uses
value from last iteration for all iterations so it ends up in
creation of ip route only for one IP not for all required IPs
Change-Id: I5ffa622e2a06d0c5c71720d2cf743a4c2104ab79
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Because:
>>> for i in xrange(4):
... if i > 0 and i % 250 / 3 == 0:
... i
...
1
2
Change-Id: Ia4eba227ea1e4c6222f32ac598f254428d95adc9
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: Iecfd7e69a72c8d5893a703fa93439cde0a3edf5f
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: Iac790bf5755a70697e4c4eff32242b04f8e7f789
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Ticket: CSIT-1541
Ticket: VPP-1722
Ticket: CSIT-1546
+ Increase timeout to hide x520 slownes of show hardware detail.
- Install sshpass and update ssh client in virl bootstrap.
+ Added TODOs to remove when CSIT-1546 is fixed.
+ Enable default socksvr on any startup conf.
+ Improve OptionString init and repr.
- The non-socket executor still kept for stats.
+ Remove everything unrelated to stats from non-socket executor.
- Remove some debug-loooking calls to avoid failures.
TODO: Introduce proper parsing to the affected keywords.
+ Reduce logging from PAPI code to level INFO.
- Needs https://gerrit.fd.io/r/20660 to fully work.
+ Change default values for LocalExecution.run()
+ Return code check enabled by default.
Code is more readable when rc!=0 is allowed explicitly,
and the test code will now detect unexpected failures.
+ Logging disabled by default.
Output XML is large already. Important logging can be enabled explicitly.
+ Restore alphabetical order in common.sh functions.
Change-Id: I05882cb6b620ad14638f7404b5ad38c7a5de9e6c
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Do not support returning unverified replies anymore.
Basically, ".get_replies().verify_replies()" is now just ".get_replies()".
This allows fairly large simplifications both at call sites
and in PapiExecutor.py
+ Rename get_dumps to get_details.
+ Introduce get_reply and get_sw_if_index.
+ Rename variables holding get_*() value,
+ e.g. get_stats() value is stored to variable named "stats".
+ Rename "item" of subsequent loop to hint the type instead.
+ Rename "details" function argument to "verbose".
+ Process reply details in place, instead of building new list.
- Except hybrid blocks which can return both list or single item.
- Except human readable text building blocks.
+ Rename most similar names to sw_if_index.
- Except "vpp_sw_index" and some function names.
+ Use single run_cli_cmd from PapiExecutor.
+ Do not chain methods over multiple lines.
+ Small space gain is not worth readability loss.
+ Include minor code and docstrings improvement.
+ Add some TODOs.
Change-Id: Ib2110a3d2101a74d5837baab3a58dc46aafc6ce3
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Stop attempting to check test/ as module inits are not there.
Change-Id: Ia4e498061be3e3118b07e98c9c2f761f2454653e
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Change-Id: Ib52e1735b6b82ea9fea44c06c379f117068e94c1
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: Ide82ae5fa03d3fec8f4db9db7634be0a1e339cd1
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I286490280b6e62f9f212831a5bf1d14db1838fa7
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I10eeb4ee30a57712824e68176d92d1ecb5f0d1b0
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
- Add:
aes-128-gcm aes-128-gcm
aes-256-gcm aes-256-gcm
aes-128-cbc hmac-sha-256
aes-256-cbc hmac-sha-512
- Remove:
hmac-sha1
- Scale will follow in next patch
Change-Id: I789f71cf66cf61b8dbb3c6dbe9b6fdc79866ac33
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I4c756cc4b29901184594a728f6184c30cadd9c1a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
- use exec ipsec sa add
- use exec ipsec spd add
- use exec set ipsec sa
Change-Id: I69d59dd230b99d8efc9bcb5e3fbab79a8b11b18a
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Change-Id: I008b9e0fd62cdc8e29136930762bd7412bd50181
Signed-off-by: Jan Gelety <jgelety@cisco.com>
(cherry picked from commit 2230a8ab108fa114752decfc69321ec5a47f36a6)
|
|
+ Docstring warnings fixed.
+ Multiline param descriptions indented by 4 spaces.
- Except the PacketVerifier.py one
- I have tried several quote-like blocks, nothing works.
- Rst warnings not fixed.
- How can I fix them? They refer to temporarily created files.
+ Other improvements:
+ Python lines no longer than 80 characters.
+ :return: -> :returns:
+ Notes before params.
+ :raises
+ closing colon after exception class.
+ Description is a sentence.
+ Present tense in conditional sentences.
+ Bumped copyright year in edited files.
Change-Id: I462c194eeecb666dc146e26858486a07c990be9b
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Currently, VAT history looks like this:
sw_interface_set_flags sw_if_index 2 admin-up
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_dump
sw_interface_set_flags sw_if_index 2 admin-up
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 2 192.168.10.1/24
sw_interface_add_del_address sw_if_index 1 172.168.1.1/24
ip_neighbor_add_del sw_if_index 2 dst 192.168.10.2 mac 68:05:ca:3a:af:40
ip_neighbor_add_del sw_if_index 1 dst 172.168.1.2 mac 68:05:ca:35:78:e9
ip_add_del_route 10.0.0.0/8 via 192.168.10.2 sw_if_index 2
resolve-attempts 10 count 1
exec exec /tmp/ipsec_create_tunnel_dut1.config
It should be like this:
sw_interface_add_del_address sw_if_index 2 192.168.10.1/24
sw_interface_add_del_address sw_if_index 1 172.168.1.1/24
ip_neighbor_add_del sw_if_index 2 dst 192.168.10.2 mac 68:05:ca:3a:af:40
ip_neighbor_add_del sw_if_index 1 dst 172.168.1.2 mac 68:05:ca:35:78:e9
ip_add_del_route 10.0.0.0/8 via 192.168.10.2 sw_if_index 2
resolve-attempts 10 count 1
exec exec /tmp/ipsec_create_tunnel_dut1.config
sw_interface_set_flags sw_if_index 2 admin-up
sw_interface_set_flags sw_if_index 1 admin-up
Change-Id: I4e943436dee00166966b4f53d9d0a40440bbf1e4
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
- add following line per interface tunnel:
set int unnum <ipsec> use <interface>
Change-Id: Iff75f27b7cf25f3d24eea92366b1fd4a718c253b
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Change-Id: I4b0ba83960e50089f29cab9a30ab760241c6f566
Signed-off-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
|
|
- Fix PyLint errors
- Fix comments in touched python modules
Change-Id: I26db2d292a41969cf38b9b0bdd49c4fb15349102
Signed-off-by: Tibor Frank <tifrank@cisco.com>
|
|
- encryption/integrity key update tests
Change-Id: Iddbe35e2f421b5048e60663bff2b0bf1968a9782
Signed-off-by: Patrik Hrnciar <phrnciar@cisco.com>
Signed-off-by: Matej Klotton <mklotton@cisco.com>
|
|
- use integrity and/or encryption key(s) different from
integrity and encryption keys stored on VPP node to create
tx packet on TG
Change-Id: I38bf7e1dd6f488e605bad991c7a7f4d1ff226e8c
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
- use all supported encryption and integrity algorithms in tunnel mode
and in transport mode
Change-Id: I2ae395d88d514b2ca3f62ab9aecbb27d8fb827b0
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Change-Id: I06e4000d93a86d885200ef1d0dd9b00e520ba77f
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
JIRA: CSIT-28
Change-Id: I9513f14a9920bfbdaf34c5cc5d4619d16a383ca2
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|