| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
+ Add suite with UDP encap.
+ Add suite with anti replay enabled.
+ Add new enums where needed by the new suites.
+ Apply trimming in enum_util to support "3DES".
+ All 10ktnl suites written and tested.
+ New robot tags added.
+ Fix one comment from the parent.
Change-Id: I2581814dbb327891d8658dd009c4e52ffd318e3b
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Only related to enums appearing in ipsec suites.
+ Add conversion utility as enum_utils.py file.
+ Rename PolicyAction closer to ipsec_types.api: IpsecSpdAction.
+ Device and perf suites updated to use str in Variables table.
- Perf suites are being tested.
Change-Id: I3b1678c4d6cc303c590e5e3665ab1b05d104a121
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
This reverts commit 79635f7cdfb7046230473570068f97a159cf87b4.
Peter says he is using those.
Change-Id: I47886ba0676bc74d5189a2986ac347f49fdde36c
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
When deleting ipsec nvf density suites,
I removed the main L2 Robot keyword,
but forgot to remove the associated L1 Python keywords.
Change-Id: I0f72699dcab272aec5c531cdaacceed30356cd02
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
They are broken for more than two years
and they relied on CLIs that changed in VPP anyway.
Ticket: CSIT-1856
Change-Id: I0f278ff61a9da5e6040e08bf3e92049cb33c8a93
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Update docstrings to match.
Change-Id: I20f8f0247a9cf38a2d9a98fa8905eb55d91817f7
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ One more pylint improvement not worth a separate change.
Change-Id: I5a2a3a4c70909fefd3fdf6f3ed8b344d19fc823e
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Fix typo "enale".
- Many style and complexity issues remain:
C0302, R0904, R0914, R0913, R1735, R0915, R1734.
Change-Id: I7e8c7ecefd8f8f94dcbc28427baa52a9c8ea1227
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Separate sad into two cycles.
+ Do not update flags in each iteration.
+ Update inner dicts.
Change-Id: Ic81dfc6e614cc78ff321fba748d48a30678cc88a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Change-Id: I7cc2bc69c6849360abff0bd18b2ae3b93e2303c4
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ gtpu_add_del_tunnel_v2
+ Add comments on used values and unused fields.
+ ipsec_sad_entry_add_v2
+ Explicitly pass current default values.
+ ipsec_sa_v5_dump
+ policer_add
+ The old is_add argument removed, it was never false.
+ sr_policy_add_v2
+ Add comments about currently unused fields.
+ Support also older VP builds with wrong reply.
+ rdma_create_v4
+ Add comments about unused fields.
Change-Id: I3d5bc345c4cf099661626770c4d86bc230643cca
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Post-release rdma_create_v4 will be added next cycle.
Change-Id: Ief129b5be4a2c5d27f4674491c96c548573ecfb1
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: Id646ab09ae51d3153446f1ae334f62ba7710be14
|
|
Performance of adaptive mode is bad (different bug),
keep continuity of ipsec swasync tests (when VPP allows).
As 23.06-release does not have the new API message,
the new CSIT code needs to be more careful around CRC checking.
+ Add new crc collection with the new API call used.
+ Also keep the old collection so older VPP does not fail.
+ Document how papi executor works with VPP without a message.
+ Prevent CRC checker from raising bodus errors with old VPP.
Change-Id: I9ff933a8a9558289d22d55526905d63e7894378c
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: I782b87190dbee6e0a12c97f616b80539cd6614bd
|
|
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I3708253adf4c7421ff48eee6aefb735b39726359
|
|
New features are generally not used in CSIT,
but some edits in code are needed to continue using defaults.
3 messages have newer versions:
* bridge_domain_add_del_v2
* ipsec_spd_entry_add_del_v2
* lb_add_del_vip_v2
Change-Id: Ibcc089ccbf933c019b5e7188c06ef229e68d39a8
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Move papi_exec resource out of for loops.
Change-Id: I39d75ad2552986f82f7e2c8e3aae2fbc07f042e0
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Introduce two explicit handling modes to save memory in scale test.
+ Connect in async mode for both handling modes (to avoid reconnects).
+ Support both pre- and post-37758 VPP PAPI async behavior.
+ Use control-ping in dumps to emulate sync mode.
+ Do not use it for single reply to avoid VPP-2033.
+ Fix call sites to get their replies with correct handling mode.
+ Drain enqueued replies to avoid subsequent errors.
+ Retry if read returns None too early.
+ Update docstrings.
- Complexity issues reported by pylint postponed, needs larger refactor.
- Explicit replace of VAT is done in subsequent changes.
Ticket: CSIT-1547 CSIT-1671
Change-Id: I3c63fa5c578975cc4dd7fce0babe3ab04ec15ed3
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Updated for what is available in (last common ancestor of) 2206.
(So newer messages such as ipsec_spd_entry_add_del_v2 are not used yet.)
+ Removed messgages documented as unused.
- Did not check if more become unused.
+ Restored alphabetical order.
Change-Id: I4191c3f8629106f52ce387d03f30f9f973ffbefe
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
The test scenario is about two private networks which communication was
protected by ipsec.
The test suites are to show performance impovement about ipsec esp flow
lookup that offloaded by NIC flow director and rss.
Verified on 3n-clx and Intel E810 NIC environment, with 64B ipsec packet
flow, performance improved ~31% with 1C2T, ~110% with 2C4T, ~250% with 4C8T.
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I30aec8c5115e5a6fbef88c11d1bef2624029d1b9
|
|
Replace the hardcoded SPD inbound/outbound ranges with values derived
from test inputs.
Add the necessary routes now that the tunnel endpoints are not in the
same subnet. Also add ip neighbor entry on DUT2 for the same reason.
Also replace ipsec sa dump with show ipsec all in teardown of tests
where both SAs and SPDs are configured to improve troubleshooting.
Change-Id: I7d89a99fcf457a701c87bf6ac07364b62802677d
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
+ Just few obvious one
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I9bbac293a56d6b2943bef03cb3b8943e967dae6b
|
|
Based on latest common ancestor of master and stable/2106:
1372178e0e674143bfec14b17050d5e92e4fcf1a
Only ipsec_sad_entry_add_del_v3 needs non-trivial argument edits.
Change-Id: I813367292a830e5a1fac765e9f24057b6b0192ee
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Set 1 as default value for increment.
+ Update IPsecUtil.
+ Tolerate address with host bits set when incrementing.
+ Call sites can check initial value on their own.
+ Support multiple ways of converting to string.
- Only the previous "dash" format is supported here.
+ Update docstrings.
Change-Id: I0c71a6327cca6a319715b3fcfbbee800cac14287
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Add testcases with plain ipv4 forwarding with 1, 10, 100 and 1000 SPD
entries on outbound traffic in both directions both directions. Only
match the last SPD entry and process others before the matching entry.
Add testcases only without flow cache optimization.
Refactor the Python functions that add SPD entries:
- Unify the args in functions that add one and multiple entries.
- For multiple entries, add the ability to pass an object that will
handle how values in each iteration (i.e. for each entry) are modified.
Change-Id: I061922eec6acc75a4e115202c07e72d89bf1f4d3
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I6826add7b3032041632c3952c45a3c64409400b0
|
|
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I909942dbb920df7f0fe15c0c92cda92c3cd8d8ad
|
|
Add more granularity test policy tests. Mirror the number of tunnels in
other IPsec tests under 1000 tunnels.
Change-Id: I9bde7447a5d809bab05db132bf6cb524e97e19b3
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Add 2n1l udir 1 and 1000 tunnel sw policy IPsec tests to mirror the
existing 3n tests.
Add static ip neighbor mac entries which can't be retrieved in 2node
setups.
Change-Id: I13dd557cbeed7f907fa9b4c21e4e245d48916513
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
The tunnel specification in "ipsec sa add" has changed. Update the cli
the reflect this.
Change-Id: I11d788798419b96b1289c53052eedb9767252df6
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Some tests use a crypto algorithm with no integrity algorithm.
Generate empty binary strings as fake integrity keys
to keep return values of low level methods consistent.
+ Add return_keys argument to avoid returning long lists.
+ Improve various docstrings.
Change-Id: Idae1877bdde32d194ce4e3bb3053c8dba39d377a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
This patch is to add test suites for vpp plugin crypto_sw_scheduler,
IPsec sync mode is to do crypto and packet forward work in same worker cores,
crypto_sw_scheduler can schedule crypto work to other async crypto cores to
improve whole crypto processing capability.
This test suites configure fixed 1 rx queues per port, then measure IPsec
performance with 1, 2, 3 crypto cores.
This patchset include 1, 2, 4, 8 ipsec tunnels test cases.
+Vratko help to change to count total physical cores instead of previous only
count crypto cores in test cases.
Change-Id: I0e67182e3d13273890a23703d838101900e25126
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Signed-off-by: pmikus <pmikus@cisco.com>
|
|
The mesages are the newest present in last common ancestor
of master and rls2101 (so not yet ipsec_sad_entry_add_del_v3).
Added a TODO for the RDMA create improvement,
to be implemented in a separate change.
Change-Id: I94bcd2f1bc109fb995c4dd6df44f8928865634f5
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Jira: CSIT-1597
+ add ipsec_sa tear down action
Change-Id: I4d1e6f26c14e61e8ddc6f29fbf5528a034c84eb0
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
In VPP 20.05, vpp added async crypto engine that support to use QAT hardware
to do encryption and decryption, vnet/ipsec enabled async mode to use async
crypto engine.
Current async crypto engine also use dpdk_cryptodev as async handlers, in the
future it may add other native QAT driver as async handlers.
Note that async crypto engine is to support vnet/ipsec, it is different
with current existing dpdk backend which itself has ESP implementation
in plugins/dpdk/ipsec.
Change-Id: I4e6eaa7ca1eddb8b1c45212de0684fb26907119b
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
- cover API changes in VPP: https://gerrit.fd.io/r/c/vpp/+/26276
- update vpp stable to version 20.05-rc0~727
Change-Id: I39a0b5e60fac6a74aff2426f6a448c0e117ab647
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
+ some pylint fixies
Change-Id: I650ce16282ae953a1a5ee96e810702c01f71efd6
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Reason: with upcomming vpp api changes the ip object will be used
in more csit python libraries, e.g. InterfaceUtil.py, so we need
to avoid circular import issue
(e.g. InterfaceUtil.pyu <-> IPUtil.py)
Change-Id: Ia658b187d4e326f58e33019dd54f8ac7b9137d78
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
- cover API changes in VPP: https://gerrit.fd.io/r/c/vpp/+/25529
- update vpp stable to version 20.05-rc0~312-g287d5e109
Change-Id: I6c7b3520f4bb306c3b0b59247b4ba2d5f170686c
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
- Not adding nf_density tests.
- Not adding hardware ipsec tests.
- Not adding -policy- tests.
- Using old crypto_ia32_plugin.so plugin name.
+ Suitable for cherry-picking to rls2001.
Change-Id: Ibf44d6d91e2afa2320637ecd9eb69d5d5dc364aa
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Because arp->neigbor was so important to do.
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: I552e175b7555ebf5053d7994c0c9173c0c96fc58
|
|
Change-Id: Ie64d662e81879bd52785e0188450d998bf056bda
Signed-off-by: Ludovit Mikula <ludovit.mikula@pantheon.tech>
|
|
Change-Id: Ibf1979b87aeea0f4c195b97c8e6b59a4a23b1b77
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Change-Id: I066a8b85649654c1c575eb63722de6c51f3d4f78
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I1392c06b1d64f62b141d24c0d42a8e36913b15e2
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: I6e3ce086978c383303724d989702b1c1273c50c0
|
|
CSIT code alignment with API changes in VPP introduced
by patch https://gerrit.fd.io/r/c/vpp/+/18361
Change-Id: Ib0357bba79f55d297ef1086fbf3b760caca16cdb
Signed-off-by: Jan Gelety <jgelety@cisco.com>
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
- if we are trying to update ip field of already existing IP object
in more iterations of e.g. ip_route_add_del the PapiExecutor uses
value from last iteration for all iterations so it ends up in
creation of ip route only for one IP not for all required IPs
Change-Id: I5ffa622e2a06d0c5c71720d2cf743a4c2104ab79
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Because:
>>> for i in xrange(4):
... if i > 0 and i % 250 / 3 == 0:
... i
...
1
2
Change-Id: Ia4eba227ea1e4c6222f32ac598f254428d95adc9
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
Vratko Polak
pmikus
Yulong Pei
Juraj Linkeš
pmikus
Jan Gelety
Ludovit Mikula