Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4e176e9ada32d5f61d10aeca1c68f72114dec9b8
|
|
Adding `UNCONFIGURE=true` argument when running `make test` will skip
test run and unconfigure existing topology for that test.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I197747a56ca68807f0b2c3f25b6f61c3dcc41ace
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1970408de52e53d24cea06b3ae0cc68a38cbc97a
|
|
This joins separate representations of veth and tap interfaces
into a single struct. It removes the need for type interface
and embedding which simplifies the code.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I1b2c368bfe90a5bdfaaa9a5129c27d7d96f8fe3b
|
|
This patch adds a missing file descriptor free handler to prevent
invalid dereferencing in the future
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Idc809a70b1fedec9a06446344d5481d467c78c19
|
|
The current implementation can cause memory leaks of async frames
and exhaust the async frames pool. Wireguard can early get async frame,
even when later it turns out it is not needed. Then such frame won't
be freed.
This fix changes the moment of acquiring async frame from the pool, so
it doesn't leak.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If7696de6a6f5db84e0dffef60caa31d4a5e6280e
|
|
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I9f4944f77ecf94f16f809392f28466e33f7f779d
|
|
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I50ad5d8c2e5066d8d24f7959aeb534a2f0a6fae0
|
|
This will make name of the test unique so that executing specifically
this test won't execute also other tests starting with same name.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I8013aa453c2a1c3c156e6476a93fd58bbb850b93
|
|
- add support for building/running debug/release images
- have one point of control (Makefile)
- list all test cases
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I97949abc2fff85d7a2b3784122be159aeec72b52
|
|
- The version of libsrtp2 (2.4.2) on ubuntu-22.04 changed
the 'ekt' field in srtp_policy_t to 'deprecated_ekt'.
Type: fix
Change-Id: Icb9d8f3b56c8305bcdac5066a5f8e3e5d17d37cf
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: test
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I9c59d98d16e387925057626ba9080210f4334c53
|
|
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I74c505920d1363d0ff2b3213fd831c181b70a173
|
|
Make sure applications, especially builtin ones, cannot close a session
multiple times.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I960a1ae89a48eb359e7e1873a59d47c298c37ef1
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3c15f38a4a3f5e92506059277948e7fca9cd8b55
|
|
For some apps(e.g. wrk2) upon vpp hoststack, ldp_epoll_pwait()
is called. In this function, epoll fd was created on one thread,
but it is now used on another thread. The vcl worker index is still
invalid, so the fetched ldp worker is also invalid and can corrupt
some already allocated memory.
Just as the ldp_epoll_pwait_eventfd(), make sure the vcl worker is valid
before getting the ldp worker in ldp_epoll_pwait().
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: I2ec23a4b5d5b0879a06642ffd80f95e948af4274
|
|
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I08cd492fff4b9d50a1761a29c2b231cc8544313b
|
|
Currently wg-output-tun() doesn't check if a buffer has enough space for
prepending an ethernet header (wg header over ipv6 vxlan header case
leaves only 8 bytes free).
In such a case move buffer's content.
Type: fix
Change-Id: Iad18860e6b86a3d81f3d96d782de7c59556152d0
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I70596ffcf90fa4cd57092584cb7a454f44208943
|
|
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I52cd825f903e41c35f6c4a9db71f00dbedbb8680
|
|
VPP build failed on Centos stream 8 when build xdp-tool
and dpdk mlx driver, Add the missing tools, libraries and headers.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Ie705dc8f558ceb872029f9ab4f1351b514c87405
|
|
Support running tests with `--tmp-dir` on a filesystem different from /tmp.
os.rename withs only within a single FS whereas shutil.move works accross
different filesystems.
Type: improvement
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I5371f5d75386bd2b82a75b3e6c1f2c850bc62356
|
|
The current implementation of vpp-swan plugin adds the same policy rule
in SPD twice, and it is not necessary to have two the same rules in
inbound-protect database.
This patch fixes an issue that prevents the addition of a second
identical policy rule in SPD.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ieef74288e5301455658e4e101433147d6d2482e9
|
|
When DPDK MLX PMDs are built, and the DPDK plugin is loaded, DPDK may
set the MLX5_CQE_SIZE environment variable to 128. This causes the RDMA
plugin to be unable to create completion queues. Since the RDMA plugin
expects the CQEs to be 64 bytes, set the cqe_size explicitly when
creating the CQ. This avoids any issues with different values for the
MLX5_CQE_SIZE environment variable.
Type: improvement
Signed-off-by: Nathan Brown <nathan.brown@arm.com>
Change-Id: Idfd078d3045a4dcb674325ef36f85a89df6fbebc
|
|
Type: docs
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I70374ea376c895d92d5789debf4b437113e3d884
(cherry picked from commit 57302fe52f141c19b5448997774271d2eedf5cb1)
|
|
Type: docs
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I8770a35c801126ffd2de8f58d79e6616642709a9
(cherry picked from commit 1513b381d8879d9d437bbbc9a270b4ff5f4b19ba)
|
|
Can to define src ip of outer IPv6 Hdr for each encap policy.
Along with that, I decided to develop it as API version V2.
This is useful in the SRv6 MUP case.
For example, it will be possible to handle multiple UPF destinations.
Type: feature
Change-Id: I44ff7b54e8868619069621ab53e194e2c7a17435
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
|
|
This converts remaining tests to configation of VPP from test context.
Type: test
Change-Id: I386714f6b290e03d1757c2a033a25fae0340f5d6
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
|
|
This converts more tests to configure VPP from test context.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: Idf26b0c16f87e87c97b198412af39b99d947ced6
|
|
pip compiled requirements file named requirements-3.txt exists in the
test directory. No need to auto-generate it again
Type: improvement
Change-Id: Ib2b51c983af8d0e4b000e4544012b6cd94405519
Signed-off-by: Naveen Joy <najoy@cisco.com>
|
|
Type: improvement
Change-Id: I7123591932d51ce0c5b372893454945bbd3913b2
Signed-off-by: Naveen Joy <najoy@cisco.com>
|
|
Instead of configuring VPP instances running inside of a container,
now the configuration is going to be done from within the test context
by using binary API and shared volume that exposes api socket.
This converts just some of the test cases, rest is to follow.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I87e4ab15de488f0eebb01ff514596265fc2a787f
|
|
Allow apps/vcl to provide updated local ips for dgrams. In particular,
allow sessions bound to 0/0 to send data with valid local ips.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I50a086b1c252731a32a15b6a181ad3dba0c687e0
|
|
Change-Id: I0e5090ec6978af0dc4baecc7654918cf40663f42
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: feature
|
|
In current flow creating process in native avf and dpdk-plugins, when
parsing the input arguments, it does not copy IPv6 src address correctly,
so that IPv6 src address will not be configured in any flow rule, and
any packet with the same address will not be matched.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ic957c57e3e1488b74e6281f4ed1df7fd491af35c
|
|
When parsing flow action type in avf, there is an incorrect flag for
flow director, which makes flow director rule created unexpectedly.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Id9fed5db8ccacd5cc6c2f4833183364d763188c1
|
|
Fix some configurations of avf checksum offload to get the correct
udp and tcp checksum. Change Tx checksum offload capability since
avf supports ipv4, tcp and udp offload all. Remove the operation to
swap bit of checksum.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I55a916cc9ee6bef5b2074b5b6bb5f517fc2c178d
|
|
In avf the function fls_u32 is used to calculate the power of 2.
Fix the expression of this function.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I27160de8588a5efb3f24306597a5a240deb3ab74
|
|
Type: improvement
With this change, add support for dumping IPv6 Router Advertisements
details on a per-interface basis (or all). Also, cover that with a test.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I89fa93439d33cc36252377f27187b18b3d30a1d4
|
|
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3bc2c7986f492b7b7dfbc84e4893202354223790
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7322abc3d3b0aa81399667bf02b03786fc62c958
|
|
Control use of apis that rely on _GNU_SOURCE being defined with compile
time macro.
Also fixes sendmmsg and recvmmsg which were not probably wrapped.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I207de23210d4b9dc960bb4289159502760c5614d
|
|
Add one new edge for ipv6 after gtppsc so that packetforge can parse
this protocol combination.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I1bae1ec617c4867de2e0b3de27eda77b89e5580c
|
|
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ic609cf70c1d381afa78f393700359434c8bd0452
|
|
Type: improvement
Change-Id: Ida2d044bccf0bc8914b4fe7d383f827400fa6a52
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
In some IPsec tests, the SA called scapy_sa designs the SA that
encrypts Scapy packets and decrypts them in VPP, and the one
called vpp_sa the SA that encrypts VPP packets and decrypts them
with Scapy. However, this pattern is not consistent across all
tests. Some tests use the opposite logic. Others even mix both
correlating scapy_tra_spi with vpp_tra_sa_id and vice-versa.
Because of that, sometimes, the SA called vpp_sa_in is used as an
outbound SA and vpp_sa_out as an inbound one.
This patch forces all the tests to follow the same following logic:
- scapy_sa is the SA used to encrypt Scapy packets and decrypt
them in VPP. It matches the VPP inbound SA.
- vpp_sa is the SA used to encrypt VPP packets and decrypt them in
Scapy. It matches the VPP outbound SA.
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: Iadccdccbf98e834add13b5f4ad87af57e2ea3c2a
|
|
Type: fix
Change-Id: I7bd2696541c8b3824837e187de096fdde19b2c44
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If5300653edd2dad470985f4591959d00cad2a43b
|
|
Nat session is allocated before the port allocation. During port allocation
candidate address+port are set to o2i 6-tuple and tested against the flow hash.
If insertion fails, the port is busy and rejected. When all N attempts are
unsuccessful, "out-of-ports" error is recorded and the session is to be
deleted.
During session deletion o2i and i2o tuples are deleted from the flow hash.
In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers
to **some other** session that's known to be allocated.
By backing match tuple up session should be invalidated well enough not to
collide with any valid one.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
|