summaryrefslogtreecommitdiffstats
path: root/src/vnet/session-apps
AgeCommit message (Collapse)AuthorFilesLines
2018-10-02tls: fix disconnects for sessions with pending dataFlorin Coras1-0/+1
TLS can enqueue events to itself when app session queue cannot be entirely drained. If a pending disconnect is handled before any such event, session layer may try to dequeue data on deallocated sessions. Change-Id: I5bfc4d53ce95bc16b6a01e1b0e644aafa1ca311b Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-07-31vcl: add read/write udp supportFlorin Coras1-4/+6
Change-Id: Ie6171c12055cde6915856de340839f5da1b1b1da Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-07-17session: send ctrl msg over mqFlorin Coras1-1/+2
Change-Id: I242056bc46ddb671064665916b2687860292dcb2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-07-17session: use msg queue for eventsFlorin Coras6-81/+27
Change-Id: I3c58367eec2243fe19b75be78a175c5261863e9e Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-06-11tcp: cleanup connection/session fixesFlorin Coras1-2/+2
- Cleanup session state after last ack and avoid using a cleanup timer. - Change session cleanup to free the session as opposed to waiting for delete notify. - When in close-wait, postpone sending the fin on close until all outstanding data has been sent. - Don't flush rx fifo unless in closed state Change-Id: Ic2a4f0d5568b65c83f4b55b6c469a7b24b947f39 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-06-11udp: fix for multiple workers and add testFlorin Coras1-2/+3
Since the main thread is not used for session polling anymore, when vpp is started with multiple wokers, allocate connections on the first. Also add a simple udp make test. Change-Id: Id869f5d89e0fced51048f0384fa86a5022258b7c Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-06-08http server: do not close connections after replyFlorin Coras1-22/+29
Change-Id: I7add46258fe44bc4d23d805ffc7eae75e37cab82 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-16echo client: used fixed pool for preallocated sessionsFlorin Coras2-14/+9
Change-Id: I9e2cf74ebe3e8750fa8d03930d2d72f4cae453c2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-14proxy: fix active open connection cleanupFlorin Coras1-2/+2
Thanks to DucTM for spotting the issue. Change-Id: I7985560f224c99cf0fdeea0c8457a3ac6f10b03c Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-10session: fix proxy app multithreadingFlorin Coras1-15/+50
Change-Id: Ic5304749935f69018eb00183bb4670bb9f16273c Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-09session: cleanup session tx functionFlorin Coras2-4/+56
- rework the function to declutter and avoid building more than one tx frame - add dual loop although benefits in my tests seem to be minimal - improve tcp/udp echo external apps. They have slightly better throughput than internal echo apps. - udp bugfixes Change-Id: Iea4a245b1b1bb407a7f403dedcce2664a49f774b Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-03tcp: fix echo server rx retries counter vec allocFlorin Coras1-0/+2
If sessions are not preallocated, the rx retries counters are not correctly validated/initialized Change-Id: Iaf7456f3a0e2181fcea0c370613d694f8e98276d Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-04-30tcp/session: debug improvements/fixesFlorin Coras1-2/+3
Change-Id: I906e58b4f9827a79a6ab673f8fa2e03036c69820 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-04-18session: coverity warningsFlorin Coras1-1/+1
Change-Id: I53bb1e289ba16ee6d9aed7285b18437c996077a4 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-04-18udp/session: refactor to support dgram modeFlorin Coras3-95/+132
- adds session layer support for datagram based protocols - updates udp to work in pure connectionless and datagram mode. The existing connected mode is now 'accessible' for apps as a dummy UDPC, as in, connected udp, protocol. - updates udp_echo, echo client, echo server code to work in datagram mode. Change-Id: I2960c0d2d246cb166005f545794ec31fe0d546dd Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-23tcp/session: sprinkle prefetchesFlorin Coras1-0/+1
Change-Id: Idef3c665580c13d72e99f43d16b8b13cc6ab746f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-15tls: add openssl engineFlorin Coras3-3/+11
Change-Id: I6c215858d2c9c620787632b570950b15274c0df2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-08tls: make tls engines pluggableFlorin Coras1-1234/+0
- add infra for pluggable tls "engines" - makes mbedtls specific code a plugin Change-Id: I2c5b099e2b69d2be0038e3ef02b208ff907727e7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-07tls: enforce certificate verificationFlorin Coras3-42/+90
- add option to use test certificate in the ca chain - add hostname to extended session endpoint fields and connect api parameters. If hostname is present, certificate validation is enforced. - use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A different path can be provided via startup config Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-05tls: add stop listen handlerFlorin Coras1-7/+28
Change-Id: I233d02a669b6a0504cd54590c6c8e4fefadc4713 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-02tls: clib_mem_alloc context to avoid dangling referencesFlorin Coras1-30/+32
Change-Id: I1e3b48dfd21c9dbebdbcc0af0d6e888b416b3ac5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-02session: first approximation implementation of tlsFlorin Coras5-9/+1204
It consists of two main parts. First, add an application transport type whereby applications can offer transport to other applications. For instance, a tls app can offer transport services to other applications. And second, a tls transport app that leverages the mbedtls library for tls protocol implementation. Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-14session: support local sessions and deprecate redirectsFlorin Coras3-18/+19
Memfd backed shared memory segments can only be negotiated over sockets. For such scenarios, the existing redirect mechanism that establishes cut-through sessions does not work anymore as the two peer application do not share such a socket. This patch adds support for local sessions, as opposed to sessions backed by a transport connection, in a way that is almost transparent to the two applications by reusing the existing binary api messages. Moreover, all segment allocations are now entirely done through the segment manager valloc, so segment overlaps due to independent allocations previously required for redirects are completely avoided. The one notable characteristic of local sessions (cut-through from app perspective) notification messages is that they carry pointers to two event queues, one for each app peer, instead of one. For transport-backed sessions one of the queues can be inferred but for local session they cannot. Change-Id: Ia443fb63e2d9d8e43490275062a708f039038175 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-05session: segment manager refactorFlorin Coras2-4/+14
- use valloc as a 'central' segment baseva manager - use per segment manager segment pools and use rwlocks to guard them - add session test that exercises segment creation - embed segment manager properties into application since they're shared - fix rw locks Change-Id: I761164c147275d9e8a926f1eda395e090d231f9a Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-27session: disconnect and echo client improvementsFlorin Coras1-7/+11
Change-Id: If421bad17b6cfe8e321257c93bb38931e37d7b64 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-26session: move builtin apps to their own folderFlorin Coras6-0/+2796
This consolidates builtin apps under session-apps folder. It also removes duplicate builtin echo server/client implementations. Change-Id: I75ed879399c5aa9b75b1eb38b33aedf69dd8df3f Signed-off-by: Florin Coras <fcoras@cisco.com>
*verify 1** - check VRF data by parsing output of ip_fib_dump API command - all packets received correctly in case of pg-ip4 interfaces in the same VRF - no packet received in case of pg-ip4 interfaces not in VRF - no packet received in case of pg-ip4 interfaces in different VRFs **config 2** - reset 2 VRFs **test 2** - send IP4 packets between all pg-ip4 interfaces in all VRF groups **verify 2** - all packets received correctly in case of pg-ip4 interfaces in the same VRF - no packet received in case of pg-ip4 interfaces not in VRF - no packet received in case of pg-ip4 interfaces in different VRFs **config 3** - add 1 of reset VRFs and 1 new VRF **test 3** - send IP4 packets between all pg-ip4 interfaces in all VRF groups **verify 3** - check VRF data by parsing output of ip_fib_dump API command - all packets received correctly in case of pg-ip4 interfaces in the same VRF - no packet received in case of pg-ip4 interfaces not in VRF - no packet received in case of pg-ip4 interfaces in different VRFs **config 4** - reset all created VRFs **test 4** - send IP4 packets between all pg-ip4 interfaces in all VRF groups **verify 4** - check VRF data by parsing output of ip_fib_dump API command - all packets received correctly in case of pg-ip4 interfaces in the same VRF - no packet received in case of pg-ip4 interfaces not in VRF - no packet received in case of pg-ip4 interfaces in different VRFs """ import unittest import random import socket from scapy.packet import Raw from scapy.layers.l2 import Ether from scapy.layers.inet import IP, UDP, ARP from framework import VppTestCase, VppTestRunner from util import ppp from vrf import VRFState def is_ipv4_misc(p): """ Is packet one of uninteresting IPv4 broadcasts? """ if p.haslayer(ARP): return True return False class TestIp4VrfMultiInst(VppTestCase): """ IP4 VRF Multi-instance Test Case """ @classmethod def setUpClass(cls): """ Perform standard class setup (defined by class method setUpClass in class VppTestCase) before running the test case, set test case related variables and configure VPP. """ super(TestIp4VrfMultiInst, cls).setUpClass() # Test variables cls.hosts_per_pg = 5 cls.nr_of_vrfs = 5 cls.pg_ifs_per_vrf = 3 try: # Create pg interfaces cls.create_pg_interfaces( range(cls.nr_of_vrfs * cls.pg_ifs_per_vrf)) # Packet flows mapping pg0 -> pg1, pg2 etc. cls.flows = dict() for i in range(len(cls.pg_interfaces)): multiplicand = i / cls.pg_ifs_per_vrf pg_list = [ cls.pg_interfaces[multiplicand * cls.pg_ifs_per_vrf + j] for j in range(cls.pg_ifs_per_vrf) if (multiplicand * cls.pg_ifs_per_vrf + j) != i] cls.flows[cls.pg_interfaces[i]] = pg_list # Packet sizes - jumbo packet (9018 bytes) skipped cls.pg_if_packet_sizes = [64, 512, 1518] # Set up all interfaces for pg_if in cls.pg_interfaces: pg_if.admin_up() pg_if.generate_remote_hosts(cls.hosts_per_pg) # Create list of VRFs cls.vrf_list = list() # Create list of reset VRFs cls.vrf_reset_list = list() # Create list of pg_interfaces in VRFs cls.pg_in_vrf = list() # Create list of pg_interfaces not in VRFs cls.pg_not_in_vrf = [pg_if for pg_if in cls.pg_interfaces] # Create mapping of pg_interfaces to VRF IDs cls.pg_if_by_vrf_id = dict() for i in range(cls.nr_of_vrfs): vrf_id = i + 1 pg_list = [ cls.pg_interfaces[i * cls.pg_ifs_per_vrf + j] for j in range(cls.pg_ifs_per_vrf)] cls.pg_if_by_vrf_id[vrf_id] = pg_list except Exception: super(TestIp4VrfMultiInst, cls).tearDownClass() raise def setUp(self): """ Clear trace and packet infos before running each test. """ super(TestIp4VrfMultiInst, self).setUp() self.reset_packet_infos() def tearDown(self): """ Show various debug prints after each test. """ super(TestIp4VrfMultiInst, self).tearDown() if not self.vpp_dead: self.logger.info(self.vapi.ppcli("show ip fib")) self.logger.info(self.vapi.ppcli("show ip arp")) def create_vrf_and_assign_interfaces(self, count, start=1): """ Create required number of FIB tables / VRFs, put 3 pg-ip4 interfaces to every FIB table / VRF. :param int count: Number of FIB tables / VRFs to be created. :param int start: Starting number of the FIB table / VRF ID. \ (Default value = 1) """ for i in range(count): vrf_id = i + start pg_if = self.pg_if_by_vrf_id[vrf_id][0] dest_addr = pg_if.local_ip4n dest_addr_len = 24 self.vapi.ip_table_add_del(vrf_id, is_add=1) self.logger.info("IPv4 VRF ID %d created" % vrf_id) if vrf_id not in self.vrf_list: self.vrf_list.append(vrf_id) if vrf_id in self.vrf_reset_list: self.vrf_reset_list.remove(vrf_id) for j in range(self.pg_ifs_per_vrf): pg_if = self.pg_if_by_vrf_id[vrf_id][j] pg_if.set_table_ip4(vrf_id) self.logger.info("pg-interface %s added to IPv4 VRF ID %d" % (pg_if.name, vrf_id)) if pg_if not in self.pg_in_vrf: self.pg_in_vrf.append(pg_if) if pg_if in self.pg_not_in_vrf: self.pg_not_in_vrf.remove(pg_if) pg_if.config_ip4() pg_if.configure_ipv4_neighbors() self.logger.debug(self.vapi.ppcli("show ip fib")) self.logger.debug(self.vapi.ppcli("show ip arp")) def reset_vrf_and_remove_from_vrf_list(self, vrf_id): """ Reset required FIB table / VRF and remove it from VRF list. :param int vrf_id: The FIB table / VRF ID to be reset. """ # self.vapi.reset_vrf(vrf_id, is_ipv6=0) self.vapi.reset_fib(vrf_id, is_ipv6=0) if vrf_id in self.vrf_list: self.vrf_list.remove(vrf_id) if vrf_id not in self.vrf_reset_list: self.vrf_reset_list.append(vrf_id) for j in range(self.pg_ifs_per_vrf): pg_if = self.pg_if_by_vrf_id[vrf_id][j] pg_if.unconfig_ip4() if pg_if in self.pg_in_vrf: self.pg_in_vrf.remove(pg_if) if pg_if not in self.pg_not_in_vrf: self.pg_not_in_vrf.append(pg_if) self.logger.info("IPv4 VRF ID %d reset finished" % vrf_id) self.logger.debug(self.vapi.ppcli("show ip fib")) self.logger.debug(self.vapi.ppcli("show ip arp")) self.vapi.ip_table_add_del(vrf_id, is_add=0) def create_stream(self, src_if, packet_sizes): """ Create input packet stream for defined interface using hosts list. :param object src_if: Interface to create packet stream for. :param list packet_sizes: List of required packet sizes. :return: Stream of packets. """ pkts = [] src_hosts = src_if.remote_hosts for dst_if in self.flows[src_if]: for dst_host in dst_if.remote_hosts: src_host = random.choice(src_hosts) pkt_info = self.create_packet_info(src_if, dst_if) payload = self.info_to_payload(pkt_info) p = (Ether(dst=src_if.local_mac, src=src_host.mac) / IP(src=src_host.ip4, dst=dst_host.ip4) / UDP(sport=1234, dport=1234) / Raw(payload)) pkt_info.data = p.copy() size = random.choice(packet_sizes) self.extend_packet(p, size) pkts.append(p) self.logger.debug("Input stream created for port %s. Length: %u pkt(s)" % (src_if.name, len(pkts))) return pkts def create_stream_crosswise_vrf(self, src_if, vrf_id, packet_sizes): """ Create input packet stream for negative test for leaking across different VRFs for defined interface using hosts list. :param object src_if: Interface to create packet stream for. :param int vrf_id: The FIB table / VRF ID where src_if is assigned. :param list packet_sizes: List of required packet sizes. :return: Stream of packets. """ pkts = [] src_hosts = src_if.remote_hosts vrf_lst = list(self.vrf_list) vrf_lst.remove(vrf_id) for vrf in vrf_lst: for dst_if in self.pg_if_by_vrf_id[vrf]: for dst_host in dst_if.remote_hosts: src_host = random.choice(src_hosts) pkt_info = self.create_packet_info(src_if, dst_if) payload = self.info_to_payload(pkt_info) p = (Ether(dst=src_if.local_mac, src=src_host.mac) / IP(src=src_host.ip4, dst=dst_host.ip4) / UDP(sport=1234, dport=1234) / Raw(payload)) pkt_info.data = p.copy() size = random.choice(packet_sizes) self.extend_packet(p, size) pkts.append(p) self.logger.debug("Input stream created for port %s. Length: %u pkt(s)" % (src_if.name, len(pkts))) return pkts def verify_capture(self, pg_if, capture): """ Verify captured input packet stream for defined interface. :param object pg_if: Interface to verify captured packet stream for. :param list capture: Captured packet stream. """ last_info = dict() for i in self.pg_interfaces: last_info[i.sw_if_index] = None dst_sw_if_index = pg_if.sw_if_index for packet in capture: try: ip = packet[IP] udp = packet[UDP] payload_info = self.payload_to_info(str(packet[Raw])) packet_index = payload_info.index self.assertEqual(payload_info.dst, dst_sw_if_index) self.logger.debug("Got packet on port %s: src=%u (id=%u)" % (pg_if.name, payload_info.src, packet_index)) next_info = self.get_next_packet_info_for_interface2( payload_info.src, dst_sw_if_index, last_info[payload_info.src]) last_info[payload_info.src] = next_info self.assertIsNotNone(next_info) self.assertEqual(packet_index, next_info.index) saved_packet = next_info.data # Check standard fields self.assertEqual(ip.src, saved_packet[IP].src) self.assertEqual(ip.dst, saved_packet[IP].dst) self.assertEqual(udp.sport, saved_packet[UDP].sport) self.assertEqual(udp.dport, saved_packet[UDP].dport) except: self.logger.error(ppp("Unexpected or invalid packet:", packet)) raise for i in self.pg_interfaces: remaining_packet = self.get_next_packet_info_for_interface2( i, dst_sw_if_index, last_info[i.sw_if_index]) self.assertIsNone( remaining_packet, "Port %u: Packet expected from source %u didn't arrive" % (dst_sw_if_index, i.sw_if_index)) def verify_vrf(self, vrf_id): """ Check if the FIB table / VRF ID is configured. :param int vrf_id: The FIB table / VRF ID to be verified. :return: 1 if the FIB table / VRF ID is configured, otherwise return 0. """ ip_fib_dump = self.vapi.ip_fib_dump() vrf_exist = False vrf_count = 0 for ip_fib_details in ip_fib_dump: if ip_fib_details.table_id == vrf_id: if not vrf_exist: vrf_exist = True addr = socket.inet_ntoa(ip_fib_details.address) found = False for pg_if in self.pg_if_by_vrf_id[vrf_id]: if found: break for host in pg_if.remote_hosts: if str(addr) == str(host.ip4): vrf_count += 1 found = True break if not vrf_exist and vrf_count == 0: self.logger.info("IPv4 VRF ID %d is not configured" % vrf_id) return VRFState.not_configured elif vrf_exist and vrf_count == 0: self.logger.info("IPv4 VRF ID %d has been reset" % vrf_id) return VRFState.reset else: self.logger.info("IPv4 VRF ID %d is configured" % vrf_id) return VRFState.configured def run_verify_test(self): """ Create packet streams for all configured pg interfaces, send all \ prepared packet streams and verify that: - all packets received correctly on all pg-ip4 interfaces assigned to VRFs - no packet received on all pg-ip4 interfaces not assigned to VRFs :raise RuntimeError: If no packet captured on pg-ip4 interface assigned to VRF or if any packet is captured on pg-ip4 interface not assigned to VRF. """ # Test # Create incoming packet streams for packet-generator interfaces for pg_if in self.pg_interfaces: pkts = self.create_stream(pg_if, self.pg_if_packet_sizes) pg_if.add_stream(pkts) # Enable packet capture and start packet sending self.pg_enable_capture(self.pg_interfaces) self.pg_start() # Verify # Verify outgoing packet streams per packet-generator interface for pg_if in self.pg_interfaces: if pg_if in self.pg_in_vrf: capture = pg_if.get_capture(remark="interface is in VRF") self.verify_capture(pg_if, capture) elif pg_if in self.pg_not_in_vrf: pg_if.assert_nothing_captured(remark="interface is not in VRF", filter_out_fn=is_ipv4_misc) self.logger.debug("No capture for interface %s" % pg_if.name) else: raise Exception("Unknown interface: %s" % pg_if.name) def run_crosswise_vrf_test(self): """ Create packet streams for every pg-ip4 interface in VRF towards all pg-ip4 interfaces in other VRFs, send all prepared packet streams and \ verify that: - no packet received on all configured pg-ip4 interfaces :raise RuntimeError: If any packet is captured on any pg-ip4 interface. """ # Test # Create incoming packet streams for packet-generator interfaces for vrf_id in self.vrf_list: for pg_if in self.pg_if_by_vrf_id[vrf_id]: pkts = self.create_stream_crosswise_vrf( pg_if, vrf_id, self.pg_if_packet_sizes) pg_if.add_stream(pkts) # Enable packet capture and start packet sending self.pg_enable_capture(self.pg_interfaces) self.pg_start() # Verify # Verify outgoing packet streams per packet-generator interface for pg_if in self.pg_interfaces: pg_if.assert_nothing_captured(remark="interface is in other VRF", filter_out_fn=is_ipv4_misc) self.logger.debug("No capture for interface %s" % pg_if.name) def test_ip4_vrf_01(self): """ IP4 VRF Multi-instance test 1 - create 4 VRFs """ # Config 1 # Create 4 VRFs self.create_vrf_and_assign_interfaces(4) # Verify 1 for vrf_id in self.vrf_list: self.assert_equal(self.verify_vrf(vrf_id), VRFState.configured, VRFState) # Test 1 self.run_verify_test() self.run_crosswise_vrf_test() def test_ip4_vrf_02(self): """ IP4 VRF Multi-instance test 2 - reset 2 VRFs """ # Config 2 # Reset 2 VRFs self.reset_vrf_and_remove_from_vrf_list(1) self.reset_vrf_and_remove_from_vrf_list(2) # Verify 2 for vrf_id in self.vrf_reset_list: self.assert_equal(self.verify_vrf(vrf_id), VRFState.reset, VRFState) for vrf_id in self.vrf_list: self.assert_equal(self.verify_vrf(vrf_id), VRFState.configured, VRFState) # Test 2 self.run_verify_test() self.run_crosswise_vrf_test() def test_ip4_vrf_03(self): """ IP4 VRF Multi-instance 3 - add 2 VRFs """ # Config 3 # Add 1 of reset VRFs and 1 new VRF self.create_vrf_and_assign_interfaces(1) self.create_vrf_and_assign_interfaces(1, start=5) # Verify 3 for vrf_id in self.vrf_reset_list: self.assert_equal(self.verify_vrf(vrf_id), VRFState.reset, VRFState) for vrf_id in self.vrf_list: self.assert_equal(self.verify_vrf(vrf_id), VRFState.configured, VRFState) # Test 3 self.run_verify_test() self.run_crosswise_vrf_test() def test_ip4_vrf_04(self): """ IP4 VRF Multi-instance test 4 - reset 4 VRFs """ # Config 4 # Reset all VRFs (i.e. no VRF except VRF=0 configured) for i in range(len(self.vrf_list)): self.reset_vrf_and_remove_from_vrf_list(self.vrf_list[0]) # Verify 4 for vrf_id in self.vrf_reset_list: self.assert_equal(self.verify_vrf(vrf_id), VRFState.reset, VRFState) vrf_list_length = len(self.vrf_list) self.assertEqual( vrf_list_length, 0, "List of configured VRFs is not empty: %s != 0" % vrf_list_length) # Test 4 self.run_verify_test() self.run_crosswise_vrf_test() if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)