diff options
-rw-r--r-- | src/plugins/acl/acl.c | 211 | ||||
-rw-r--r-- | src/plugins/http/http_timer.c | 2 | ||||
-rw-r--r-- | src/plugins/unittest/session_test.c | 64 | ||||
-rw-r--r-- | src/vnet/session/application_local.c | 14 | ||||
-rw-r--r-- | src/vnet/session/session.c | 3 | ||||
-rw-r--r-- | src/vnet/tcp/tcp_timer.c | 2 | ||||
-rw-r--r-- | test/asf/asfframework.py | 13 | ||||
-rw-r--r-- | test/test_flowprobe.py | 4 | ||||
-rw-r--r-- | test/test_ikev2.py | 10 | ||||
-rw-r--r-- | test/test_nat44_ed.py | 2 | ||||
-rw-r--r-- | test/test_nat64.py | 2 |
11 files changed, 313 insertions, 14 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index e52e82fcf28..fbd94761027 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -2845,6 +2845,17 @@ acl_set_aclplugin_interface_fn (vlib_main_t * vm, } \ } while (0) +#define vec_validate_macip_acl_rules(v, idx) \ + do \ + { \ + if (vec_len (v) < idx + 1) \ + { \ + vec_validate (v, idx); \ + v[idx].is_permit = 0x1; \ + } \ + } \ + while (0) + static clib_error_t * acl_set_aclplugin_acl_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) @@ -3062,6 +3073,160 @@ acl_show_aclplugin_macip_interface_fn (vlib_main_t * vm, return error; } +static clib_error_t * +acl_set_aclplugin_macip_acl_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + vl_api_macip_acl_rule_t *rules = 0; + int rule_idx = 0; + int rv = 0; + u32 acl_index = ~0; + u32 action = 0; + u8 src_mac[6]; + u8 *tag = 0; + u8 mac_mask_all_1[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; + ip_prefix_t src_ip; + + unformat_input_t _line_input, *line_input = &_line_input; + if (!unformat_user (input, unformat_line_input, line_input)) + return 0; + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + vec_validate_macip_acl_rules (rules, rule_idx); + if (unformat (line_input, "permit")) + { + rules[rule_idx].is_permit = 1; + } + else if (unformat (line_input, "deny")) + { + rules[rule_idx].is_permit = 0; + } + else if (unformat (line_input, "action %d", &action)) + { + rules[rule_idx].is_permit = action; + } + else if (unformat (line_input, "ip %U", unformat_ip_prefix, &src_ip)) + { + ip_prefix_encode2 (&src_ip, &rules[rule_idx].src_prefix); + } + else if (unformat (line_input, "src")) + { + /* Everything in MACIP is "source" but allow this verbosity */ + } + else if (unformat (line_input, "mac %U", unformat_mac_address, &src_mac)) + { + memcpy (rules[rule_idx].src_mac, &src_mac, + sizeof (rules[rule_idx].src_mac)); + memcpy (rules[rule_idx].src_mac_mask, &mac_mask_all_1, + sizeof (rules[rule_idx].src_mac_mask)); + } + else if (unformat (line_input, "mask %U", unformat_mac_address, + &src_mac)) + { + memcpy (rules[rule_idx].src_mac_mask, &src_mac, + sizeof (rules[rule_idx].src_mac_mask)); + } + else if (unformat (line_input, "tag %s", &tag)) + ; + else if (unformat (line_input, ",")) + { + rule_idx++; + } + else + break; + } + + if (!tag) + vec_add (tag, "cli", 4); + + rv = macip_acl_add_list (vec_len (rules), rules, &acl_index, tag); + vec_free (rules); + vec_free (tag); + + unformat_free (line_input); + if (rv) + return clib_error_return (0, "Failed to set MACIP ACL rule"); + + vlib_cli_output (vm, "ACL index:%u", acl_index); + return 0; +} + +static clib_error_t * +acl_macip_delete_aclplugin_acl_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + unformat_input_t _line_input, *line_input = &_line_input; + int rv; + u32 macip_acl_index = ~0; + + if (!unformat_user (input, unformat_line_input, line_input)) + return 0; + + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (line_input, "index %u", &macip_acl_index)) + { + /* operate on this acl index (which must exist) */ + } + else + break; + } + + if (macip_acl_index == ~0) + return (clib_error_return (0, "invalid acl index")); + + rv = macip_acl_del_list (macip_acl_index); + + unformat_free (line_input); + if (rv) + return (clib_error_return (0, "Failed to delete ACL index")); + + vlib_cli_output (vm, "Deleted ACL index:%u", macip_acl_index); + return 0; +} + +static clib_error_t * +acl_set_aclplugin_macip_interface_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + int rv = 0; + u32 sw_if_index = ~0; + u32 acl_index = ~0; + u32 is_add = 1; + unformat_input_t _line_input, *line_input = &_line_input; + + if (!unformat_user (input, unformat_line_input, line_input)) + return 0; + + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (line_input, "%U", unformat_vnet_sw_interface, + vnet_get_main (), &sw_if_index)) + ; + else if (unformat (line_input, "add")) + is_add = 1; + else if (unformat (line_input, "del")) + is_add = 0; + else if (unformat (line_input, "acl %u", &acl_index)) + ; + else + break; + } + + if (sw_if_index == ~0) + return (clib_error_return (0, "invalid interface")); + + if (acl_index == ~0) + return (clib_error_return (0, "invalid acl index")); + + rv = macip_acl_interface_add_del_acl (sw_if_index, is_add, acl_index); + + if (rv) + return (clib_error_return (0, "Failed to add acl rule to interface")); + + return 0; +} + static void acl_plugin_show_acl (acl_main_t * am, u32 acl_index) { @@ -3632,6 +3797,38 @@ VLIB_CLI_COMMAND (aclplugin_set_acl_command, static) = { }; /*? + * Create an MACIP Access Control List (ACL) + * A MACIP ACL is used to add L2-L3 ACL rules. + * A MACIP ACL can be added similar to ACL rules by using following command : + * + * @cliexcmd{set acl-plugin macip acl <permit|deny|action N> + * ip <PREFIX> mac <MAC> mask <int> [tag FOO] {use comma + * separated list for multiple rules}} + ?*/ +VLIB_CLI_COMMAND (aclplugin_macip_set_acl_command, static) = { + .path = "set acl-plugin macip acl ", + .short_help = "set acl-plugin macip acl <permit|deny|action N> " + "ip <PREFIX> mac <MAC> mask <int> [tag FOO] {use comma " + "separated list for multiple rules}", + .function = acl_set_aclplugin_macip_acl_fn, +}; + +/*? + * [un]Apply a MACIP ACL to an interface. + * The ACL being applied must already exist. + * + * @cliexpar + * <b><em> set acl-plugin macip interface <interface> <acl INDEX> [del] + </b></em> + * @cliexend + ?*/ +VLIB_CLI_COMMAND (aclplugin_macip_set_interface_command, static) = { + .path = "set acl-plugin macip interface", + .short_help = "set acl-plugin macip interface <interface> <acl INDEX> [del]", + .function = acl_set_aclplugin_macip_interface_fn, +}; + +/*? * Delete an Access Control List (ACL) * Removes an ACL at the specified index, which must exist but not in use by * any interface. @@ -3644,6 +3841,20 @@ VLIB_CLI_COMMAND (aclplugin_delete_acl_command, static) = { .function = acl_delete_aclplugin_acl_fn, }; +/*? + * Delete a MACIP Access Control List (ACL) + * Removes an MACIP ACL at the specified index, which must exist but not in + * use by + * any interface. + * + * @cliexcmd{delete acl-plugin macip acl index <idx>} + ?*/ +VLIB_CLI_COMMAND (aclplugin_macip_delete_acl_command, static) = { + .path = "delete acl-plugin macip acl", + .short_help = "delete acl-plugin macip acl index <idx>", + .function = acl_macip_delete_aclplugin_acl_fn, +}; + static clib_error_t * acl_plugin_config (vlib_main_t * vm, unformat_input_t * input) { diff --git a/src/plugins/http/http_timer.c b/src/plugins/http/http_timer.c index 42fe69076fe..c8fc6328855 100644 --- a/src/plugins/http/http_timer.c +++ b/src/plugins/http/http_timer.c @@ -71,6 +71,8 @@ http_timers_init (vlib_main_t *vm, http_conn_timeout_fn *cb_fn) http_tw_ctx_t *twc = &http_tw_ctx; vlib_node_t *n; + if (twc->tw.timers) + return; tw_timer_wheel_init_2t_1w_2048sl (&twc->tw, http_timer_process_expired_cb, 1.0 /* timer interval */, ~0); clib_spinlock_init (&twc->tw_lock); diff --git a/src/plugins/unittest/session_test.c b/src/plugins/unittest/session_test.c index b7627acc129..12d000bd46f 100644 --- a/src/plugins/unittest/session_test.c +++ b/src/plugins/unittest/session_test.c @@ -2073,6 +2073,66 @@ session_test_mq_basic (vlib_main_t * vm, unformat_input_t * input) return 0; } +static f32 +session_get_memory_usage (void) +{ + clib_mem_heap_t *heap = clib_mem_get_per_cpu_heap (); + u8 *s = 0; + char *ss; + f32 used = 0.0; + + s = format (s, "%U\n", format_clib_mem_heap, heap, 0); + ss = strstr ((char *) s, "used:"); + if (ss) + sscanf (ss, "used: %f", &used); + else + clib_warning ("substring 'used:' not found from show memory"); + vec_free (s); + return (used); +} + +static int +session_test_enable_disable (vlib_main_t *vm, unformat_input_t *input) +{ + u32 iteration = 100, i; + uword was_enabled; + f32 was_using, now_using; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "repeat %d", &iteration)) + ; + else + { + vlib_cli_output (vm, "parse error: '%U'", format_unformat_error, + input); + return -1; + } + } + + was_enabled = clib_mem_trace_enable_disable (0); + /* warm up */ + for (i = 0; i < 10; i++) + { + vnet_session_enable_disable (vm, 0); + vnet_session_enable_disable (vm, 1); + } + was_using = session_get_memory_usage (); + + for (i = 0; i < iteration; i++) + { + vnet_session_enable_disable (vm, 0); + vnet_session_enable_disable (vm, 1); + } + now_using = session_get_memory_usage (); + + clib_mem_trace_enable_disable (was_enabled); + SESSION_TEST ((was_using == now_using), "was using %.2fM, now using %.2fM", + was_using, now_using); + + return 0; +} + static clib_error_t * session_test (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd_arg) @@ -2099,6 +2159,8 @@ session_test (vlib_main_t * vm, res = session_test_mq_speed (vm, input); else if (unformat (input, "mq-basic")) res = session_test_mq_basic (vm, input); + else if (unformat (input, "enable-disable")) + res = session_test_enable_disable (vm, input); else if (unformat (input, "all")) { if ((res = session_test_basic (vm, input))) @@ -2117,6 +2179,8 @@ session_test (vlib_main_t * vm, goto done; if ((res = session_test_mq_basic (vm, input))) goto done; + if ((res = session_test_enable_disable (vm, input))) + goto done; } else break; diff --git a/src/vnet/session/application_local.c b/src/vnet/session/application_local.c index 3cb743d10e0..064dd6fe77e 100644 --- a/src/vnet/session/application_local.c +++ b/src/vnet/session/application_local.c @@ -1350,13 +1350,21 @@ ct_enable_disable (vlib_main_t * vm, u8 is_en) ct_main_t *cm = &ct_main; ct_worker_t *wrk; + if (is_en == 0) + return 0; + cm->n_workers = vlib_num_workers (); cm->fwrk_thread = transport_cl_thread (); vec_validate (cm->wrk, vtm->n_vlib_mains); vec_foreach (wrk, cm->wrk) - clib_spinlock_init (&wrk->pending_connects_lock); - clib_spinlock_init (&cm->ho_reuseable_lock); - clib_rwlock_init (&cm->app_segs_lock); + { + if (wrk->pending_connects_lock == 0) + clib_spinlock_init (&wrk->pending_connects_lock); + } + if (cm->ho_reuseable_lock == 0) + clib_spinlock_init (&cm->ho_reuseable_lock); + if (cm->app_segs_lock == 0) + clib_rwlock_init (&cm->app_segs_lock); vec_validate (cm->fwrk_pending_connects, cm->n_workers); return 0; } diff --git a/src/vnet/session/session.c b/src/vnet/session/session.c index 2ca867c166f..5897693c34e 100644 --- a/src/vnet/session/session.c +++ b/src/vnet/session/session.c @@ -1869,7 +1869,8 @@ session_register_update_time_fn (session_update_time_fn fn, u8 is_add) } else { - vec_del1 (smm->update_time_fns, fi_pos); + if (found) + vec_del1 (smm->update_time_fns, fi_pos); } } diff --git a/src/vnet/tcp/tcp_timer.c b/src/vnet/tcp/tcp_timer.c index d98d0d14b17..8ae3f22eaa6 100644 --- a/src/vnet/tcp/tcp_timer.c +++ b/src/vnet/tcp/tcp_timer.c @@ -20,6 +20,8 @@ void tcp_timer_initialize_wheel (tcp_timer_wheel_t * tw, void (*expired_timer_cb) (u32 *), f64 now) { + if (tw->timers) + return; tw_timer_wheel_init_tcp_twsl (tw, expired_timer_cb, TCP_TIMER_TICK, ~0); tw->last_run_time = now; } diff --git a/test/asf/asfframework.py b/test/asf/asfframework.py index 24880044cec..4cd4d94ab7b 100644 --- a/test/asf/asfframework.py +++ b/test/asf/asfframework.py @@ -317,6 +317,12 @@ class VppAsfTestCase(CPUInterface, unittest.TestCase): cls = unittest.skip("Skipping @tag_fixme_asan tests")(cls) @classmethod + def skip_fixme_ubuntu2204(cls): + """if @tag_fixme_ubuntu2204 & is Ubuntu22.04 - mark for skip""" + if cls.has_tag(TestCaseTag.FIXME_UBUNTU2204) and is_distro_ubuntu2204 == True: + cls = unittest.skip("Skipping @tag_fixme_ubuntu2204 tests")(cls) + + @classmethod def instance(cls): """Return the instance of this testcase""" return cls.test_instance @@ -1361,6 +1367,13 @@ class VppTestResult(unittest.TestResult): test_title = colorize(f"FIXME with ASAN: {test_title}", RED) test.skip_fixme_asan() + if ( + test.has_tag(TestCaseTag.FIXME_UBUNTU2204) + and is_distro_ubuntu2204 == True + ): + test_title = colorize(f"FIXME with Ubuntu 22.04: {test_title}", RED) + test.skip_fixme_ubuntu2204() + if hasattr(test, "vpp_worker_count"): if test.vpp_worker_count == 0: test_title += " [main thread only]" diff --git a/test/test_flowprobe.py b/test/test_flowprobe.py index 8e3fecfd7b4..89ac97ea88c 100644 --- a/test/test_flowprobe.py +++ b/test/test_flowprobe.py @@ -183,9 +183,7 @@ class MethodHolder(VppTestCase): variables and configure VPP. """ super(MethodHolder, cls).setUpClass() - if (is_distro_ubuntu2204 == True or is_distro_debian11 == True) and not hasattr( - cls, "vpp" - ): + if (is_distro_debian11 == True) and not hasattr(cls, "vpp"): return try: # Create pg interfaces diff --git a/test/test_ikev2.py b/test/test_ikev2.py index fd065b47c98..ea425e2e489 100644 --- a/test/test_ikev2.py +++ b/test/test_ikev2.py @@ -2036,6 +2036,7 @@ class TestResponderBehindNAT(TemplateResponder, Ikev2Params): @tag_fixme_vpp_workers +@tag_fixme_ubuntu2204 class TestInitiatorNATT(TemplateInitiator, Ikev2Params): """test ikev2 initiator - NAT traversal (intitiator behind NAT)""" @@ -2068,6 +2069,7 @@ class TestInitiatorNATT(TemplateInitiator, Ikev2Params): @tag_fixme_vpp_workers +@tag_fixme_ubuntu2204 class TestInitiatorPsk(TemplateInitiator, Ikev2Params): """test ikev2 initiator - pre shared key auth""" @@ -2099,6 +2101,7 @@ class TestInitiatorPsk(TemplateInitiator, Ikev2Params): @tag_fixme_vpp_workers +@tag_fixme_ubuntu2204 class TestInitiatorRequestWindowSize(TestInitiatorPsk): """test initiator - request window size (1)""" @@ -2148,6 +2151,7 @@ class TestInitiatorRequestWindowSize(TestInitiatorPsk): @tag_fixme_vpp_workers +@tag_fixme_ubuntu2204 class TestInitiatorRekey(TestInitiatorPsk): """test ikev2 initiator - rekey""" @@ -2193,6 +2197,7 @@ class TestInitiatorRekey(TestInitiatorPsk): @tag_fixme_vpp_workers +@tag_fixme_ubuntu2204 class TestInitiatorDelSAFromResponder(TemplateInitiator, Ikev2Params): """test ikev2 initiator - delete IKE SA from responder""" @@ -2413,9 +2418,7 @@ class TestResponderVrf(TestResponderPsk, Ikev2Params): globals()["ikev2"] = _ikev2 super(IkePeer, cls).setUpClass() - if (is_distro_ubuntu2204 == True or is_distro_debian11 == True) and not hasattr( - cls, "vpp" - ): + if (is_distro_debian11 == True) and not hasattr(cls, "vpp"): return cls.create_pg_interfaces(range(1)) cls.vapi.cli("ip table add 1") @@ -2525,6 +2528,7 @@ class Test_IKE_AES_GCM_16_256(TemplateResponder, Ikev2Params): @tag_fixme_vpp_workers +@tag_fixme_ubuntu2204 class TestInitiatorKeepaliveMsg(TestInitiatorPsk): """ Test for keep alive messages diff --git a/test/test_nat44_ed.py b/test/test_nat44_ed.py index eed89f1a399..d3d6d07457b 100644 --- a/test/test_nat44_ed.py +++ b/test/test_nat44_ed.py @@ -162,8 +162,6 @@ class TestNAT44ED(VppTestCase): @classmethod def setUpClass(cls): super().setUpClass() - if is_distro_ubuntu2204 == True and not hasattr(cls, "vpp"): - return cls.create_pg_interfaces(range(12)) cls.interfaces = list(cls.pg_interfaces[:4]) diff --git a/test/test_nat64.py b/test/test_nat64.py index f650b8d5f43..7333181e7f0 100644 --- a/test/test_nat64.py +++ b/test/test_nat64.py @@ -55,8 +55,6 @@ class TestNAT64(VppTestCase): def setUpClass(cls): super(TestNAT64, cls).setUpClass() - if is_distro_ubuntu2204 == True and not hasattr(cls, "vpp"): - return cls.tcp_port_in = 6303 cls.tcp_port_out = 6303 cls.udp_port_in = 6304 |