aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/map/test
AgeCommit message (Collapse)AuthorFilesLines
2020-05-25api: add new stream message conventionOle Troan1-0/+43
Instead of having to wrap dump/detail calls in control ping, send details messages in between a normal reply / request pair. As expressed in the below service statement. Example: service { rpc map_domains_gets returns map_domains_get_reply stream map_domain_details; }; define map_domains_get { u32 client_index; u32 context; u32 cursor; }; define map_domains_get_reply { u32 context; i32 retval; u32 cursor; }; To avoid blocking the main thread for too long, the replies are now sent in client message queue size chunks. The reply message returns VNET_API_ERROR_EAGAIN when there is more to read. The API handler must also include a "cursor" that is used to the next call to the get function. API handler example: REPLY_AND_DETAILS_MACRO (VL_API_MAP_DOMAINS_GET_REPLY, mm->domains, ({ send_domain_details (cursor, rp, mp->context); })); The macro starts from cursor and iterates through the pool until vl_api_process_may_suspend() returns true or the iteration reaches the end of the list. Client Example: cursor = 0 d = [] while True: rv, details = map_domains_get(cursor=cursor) d += details if rv.retval == 0 or rv.retval != -165: break cursor = rv.cursor or the convenience iterator: for x in vpp.details_iter(vpp.api.map_domains_get): pass or list(details_iter(map_domains_get)) Change-Id: Iad9f6b41b0ef886adb584c97708dd91cf552749e Type: feature Signed-off-by: Ole Troan <ot@cisco.com>
2020-03-25map: fix hop limit expiration at brVladimir Ratnikov1-1/+16
Before this patch, packet was dropped in ip4-input, but ip4-map-t node dropped response due to 'security check failed' This patch checkes if hop_limit==1 and sets error and next frame and sends icmp6 response correctly Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I85a6af58205b05754ef8c45a94817bb84f915c85
2020-03-24map: fix translation of icmp6 error messagesAlexander Chernavin1-1/+80
Translation of ICMPv6 error messages to ICMP error messages fails because the sender port is not set that leads to securtiy check failure. With this commit, during ICMPv6 error messages translation, get the sender port value from the inner packet. Type: fix Change-Id: I1ee295a3685fab4837172edfb629a699f49afbee Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-15map: fix translation of icmp4 error messagesAlexander Chernavin1-2/+43
ICMP error messages are translated to ICMPv6 error messages with erroneous destination address in the outer IPv6 header because sender port is used instead of receiver port. Both source and destination addresses in the inner IPv6 header are translated erroneously because source and destination addresses of the inner IPv4 header are getting zeroed during the translation. With this commit, use receiver port for translation and save addresses of the inner IPv4 header before translation of the inner header. Type: fix Change-Id: I1e93d54c1bbc154b401adcbb0fb661299655d01a Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-04map: fix map port calculation for ICMPVladimir Isaev2-10/+74
type should be used to get ICMP type instead of code. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Iabf4ae38befde18309caff8efd9e1d956a2fde82
2020-02-20map: honor pre-resolve param in map-tAlexander Chernavin1-0/+83
With this commit, forward the translated packet directly to the specified next-hop if pre-resolve param is enabled in MAP-T. Type: fix Change-Id: Ie26080c7820318c7982599577a4af6e4d01a0574 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-02-20map: honor icmp6-unreachables param in map-tAlexander Chernavin1-1/+31
With this commit, send ICMPv6 unreachable messages back if security check fails and icmp6-unreachables param enabled in MAP-T. Type: fix Change-Id: I9a8869df7763c764a1672e3faa1fde8dc13ec85a Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-02-04ip: translate fragmented icmp to fragmented icmp6Alexander Chernavin1-7/+32
The first translated ICMPv6 packet of a fragmented ICMP message does not have a IPv6 fragment header. All subsequent have. With this commit, add a IPv6 fragment header to the first translated ICMPv6 packet. Type: fix Change-Id: Id89409ce7273cbeed801e2e18a09d3e7c3c4e4bc Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-30map: Add several more MAP-T BR testsJon Loeliger1-8/+294
Add several more MAP-T BR tests for normal packet flow. Type: test Change-Id: Ica880dd23c923795279e9d08dca2796f2925069a Signed-off-by: Jon Loeliger <jdl@netgate.com>
2020-01-30map: Prevent IPv4 prefix spoofing during IPv6 -> IPv4Jon Loeliger1-0/+265
Prevent malicious packets with spoofed embedded IPv4 addresses by limiting the IPv6 ingress packets to known MAP-T domains. Drop spoofed packets. Add several tests that ensure spoofing isn't allowed. Type: fix Fixes: fc7344f9be Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2020-01-30map: handle ip4 ttl=1 packets in map-tAlexander Chernavin1-9/+8
With this commit, ICMP Time Exceeded is sent to sender when TTL expires at MAP BR. Type: fix Change-Id: I8effe163beab32596883127b819308cc355512c3 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-29tests: add map-t fragmentation verificationsAlexander Chernavin1-10/+36
Type: test Change-Id: I5522e88ee178d0563c246895393e835d125f1b81 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-12-14tests: changes for scapy 2.4.3 migrationsnaramre1-1/+2
Type: fix Change-Id: I7e041b666dabd90df23a920a1f1d99db4c10ddfe Signed-off-by: snaramre <snaramre@cisco.com>
2019-12-05map: fix MAP-T ip6 port checkMatthew Smith1-0/+55
Type: fix Ticket: VPP-1804 Fix a regression introduced by 640edcd90. The port set ID on received IPv6 packets for MAP-T was being checked against the destination port. It should be checked against the source port. Added a new unit test to verify that a v6 packet with a good source port is translated and forwarded and a v6 packet with a bad source port is dropped. The important part of the test which will prevent similar future regressions is that the source port and destination port are not equal. The existing unit test used the same source and destination port which is why it did not fail when the regression was introduced. Change-Id: Idc144ea509722bb9e0f80b3887d220384a04e6d6 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-11-19map: Fix TCP MSS clamping for MAP-E traffic.Jon Loeliger1-2/+70
Original MSS clamp patch by Vladimir Ratnikov. Modified to apply only to TCP packets. Type: fix Test: Wrote new unit test to ensure MAP-E TCP MSS clamping. Change-Id: I77c69714a2e3cc3b7473aa12b645243bb595c2a2 Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-11-15tests: Remove the unrequired VPP IP address/prefix class wrappersNeale Ranns1-1/+0
Type: refactor Change-Id: I204f3f8eebc5f5d5a377e91262f91c615fd00168 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-11-11ip: functional interface to ip fragmentationOle Troan1-2/+72
This provides a functional interface to IP fragmentation. Allowing external features to fragment. Supports arbitrary encap size, for e.g. MPLS or inner fragmentation of tunnels. This also removed dual loop in MAP that was fundamentally broken. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ia89ecec8ee3cbe2416edbe87630fdb714898c2a8 Signed-off-by: Ole Troan <ot@cisco.com>
2019-11-05misc: Fix python scripts shebang lineRenato Botelho do Couto1-1/+1
Type: fix Since CentOS 8, RPM build script doesn't accept '#!/usr/bin/env python' as a valid shebang line. It requires scripts to explicitly chose between python2 or python3. Change all to use python3 as suggested by Paul Vinciguerra. Depends-On: https://gerrit.fd.io/r/23170 Signed-off-by: Renato Botelho do Couto <renato@netgate.com> Change-Id: Ie72af9f60fd0609e07f05b70f8d96e738b2754d1
2019-10-18map: python3 support in testsOle Troan1-8/+8
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Icbe9ca3dc738c6575fe382740a1cc9d29a4a74ff
2019-10-09map: use ip6-full-reassembly instead of own codeKlement Sekera1-1/+24
Remove map's implementation of reassembly and use common ip6-full-reassembly functionality. This makes it easier to maintain by removing duplicate code/functionality. Type: refactor Change-Id: I430e888b704e28c100a9ce075d1460cb529e4676 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-10-01map: use SVR for MAP-TKlement Sekera1-9/+3
This change is part of an effort to unify reassembly code. By removing shallow virtual reassembly functionality in MAP and using the common vnet provided shallow virtual reassembly, code size and complexity is reduced. Type: refactor Change-Id: Iec8edd039f7b967b53e17bb9bca228a8b452ac0c Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-09-26map: use SVR for MAP-EKlement Sekera1-21/+75
This change is part of an effort to unify reassembly code. By removing shallow virtual reassembly functionality in MAP and using the common vnet provided shallow virtual reassembly, code size and complexity is reduced. Type: refactor Change-Id: I431f47d4db97154fecaeaecd6719cfc3b83cfc4a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-08-22tests: move plugin tests to src/plugins/*/testDave Wallace1-0/+437
- Relocate plugin tests for 'make test' into src/plugins/*/test so that plugin test cases are co-located with the plugin source code. Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I503e6a43528e14981799b735fa65674155713f67 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>