aboutsummaryrefslogtreecommitdiffstats
path: root/test/patches
AgeCommit message (Collapse)AuthorFilesLines
2020-09-07ipsec: fix padding/alignment for native IPsec encryptionChristian Hopps2-30/+76
Not all ESP crypto algorithms require padding/alignment to be the same as AES block/IV size. CCM, CTR and GCM all have no padding/alignment requirements, and the RFCs indicate that no padding (beyond ESPs 4 octet alignment requirement) should be used unless TFC (traffic flow confidentiality) has been requested. CTR: https://tools.ietf.org/html/rfc3686#section-3.2 GCM: https://tools.ietf.org/html/rfc4106#section-3.2 CCM: https://tools.ietf.org/html/rfc4309#section-3.2 - VPP is incorrectly using the IV/AES block size to pad CTR and GCM. These modes do not require padding (beyond ESPs 4 octet requirement), as a result packets will have unnecessary padding, which will waste bandwidth at least and possibly fail certain network configurations that have finely tuned MTU configurations at worst. Fix this as well as changing the field names from ".*block_size" to ".*block_align" to better represent their actual (and only) use. Rename "block_sz" in esp_encrypt to "esp_align" and set it correctly as well. test: ipsec: Add unit-test to test for RFC correct padding/alignment test: patch scapy to not incorrectly pad ccm, ctr, gcm modes as well - Scapy is also incorrectly using the AES block size of 16 to pad CCM, CTR, and GCM cipher modes. A bug report has been opened with the and acknowledged with the upstream scapy project as well: https://github.com/secdev/scapy/issues/2322 Ticket: VPP-1928 Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: Iaa4d6a325a2e99fdcb2c375a3395bcfe7947770e
2020-05-05ipsec: User can choose the UDP source portNeale Ranns1-1/+10
Type: feature thus allowing NAT traversal, Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-02-13vrrp: add plugin providing vrrp supportMatthew Smith1-0/+35
Type: feature Add a new plugin to support HA using VRRPv3 (RFC 5798). Change-Id: Iaa2c37e6172f8f41e9165f178f44d481f6e247b9 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-02-11sr: update NH value for Ethernet payloadspcamaril1-1/+1
Upon encapsulation of L2 frames, IETF has replaced the NextHeader value from 59 (IPv6 No Next Header) to 143 (Ethernet). https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml Type: fix Signed-off-by: pcamaril <pcamaril@cisco.com> Change-Id: I88aa5590c81d16700ff7a0bbe6337e113179496e Signed-off-by: pcamaril <pcamaril@cisco.com>
2019-12-18tests: fix cdp patch for scapy 2.4.3Paul Vinciguerra1-20/+2
Type: test Fixes: 5d4b8912d2fe186b4fb920a72b3a2f7b556f4e7d Change-Id: Ib64ae00eba41b2b6afc728142cbccc02d07f4997 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-12-14tests: changes for scapy 2.4.3 migrationsnaramre2-0/+193
Type: fix Change-Id: I7e041b666dabd90df23a920a1f1d99db4c10ddfe Signed-off-by: snaramre <snaramre@cisco.com>
2019-11-05misc: Fix python scripts shebang lineRenato Botelho do Couto2-2/+2
Type: fix Since CentOS 8, RPM build script doesn't accept '#!/usr/bin/env python' as a valid shebang line. It requires scripts to explicitly chose between python2 or python3. Change all to use python3 as suggested by Paul Vinciguerra. Depends-On: https://gerrit.fd.io/r/23170 Signed-off-by: Renato Botelho do Couto <renato@netgate.com> Change-Id: Ie72af9f60fd0609e07f05b70f8d96e738b2754d1
2019-10-23cdp: re-enable skipped tests for python3Ole Troan1-3/+10
CDP uses the running sytems host name, which caused different failures on different systems. The root cause was an python3 specific error in checksum calculation. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I205436682d46e7e8cbb8c057c03a76dbbcab4d72
2019-07-24ipsec: GCM, Anti-replay and ESN fixessNeale Ranns1-23/+29
Type: fix Several Fixes: 1 - Anti-replay did not work with GCM becuase it overwrote the sequence number in the ESP header. To fix i added the seq num to the per-packet data so it is preserved 2 - The high sequence number was not byte swapped during ESP encrypt. 3 - openssl engine was the only one to return FAIL_DECRYPT for bad GCM the others return BAD_HMAC. removed the former 4 - improved tracing to show the low and high seq numbers 5 - documented the anti-replay window checks 6 - fixed scapy patch for ESN support for GCM 7 - tests for anti-reply (w/ and w/o ESN) for each crypto algo Change-Id: Id65d96b6d1d4dd821b2ab557e87468fff6d70e5b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-16IPSEC: support GCM in ESPNeale Ranns1-15/+37
Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-11IPSEC: ESP with ESN tests and fixesNeale Ranns1-14/+21
Change-Id: Ie42b26e6d5cdb7b23f370ea2933c65079e8d1089 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-25IPSEC tests fnd fix or Extended Sequence NumbersNeale Ranns1-0/+156
Change-Id: Iad6c4b867961ec8036110a4e15a829ddb93193ed Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-02cdp scapy protocol & cdp unit testsFilip Varga1-0/+24
Change-Id: Ieb362523f81f7ae3e1a9dceb341c499ff1f402c8 Signed-off-by: Filip Varga <fivarga@cisco.com>
2018-09-27IPIP and IPv6 fragmentationOle Troan1-0/+12
- Error where ICMPv6 error code doesn't reset VLIB_TX = -1 Leading to crash for ICMP generated on tunnelled packets - Missed setting VNET_BUFFER_F_LOCALLY_ORIGINATED, so IP in IPv6 packets never got fragmented. - Add support for fragmentation of buffer chains. - Remove support for inner fragmentation in frag code itself. Change-Id: If9a97301b7e35ca97ffa5c0fada2b9e7e7dbfb27 Signed-off-by: Ole Troan <ot@cisco.com>
2018-09-10vxlan-gbp: Add support for vxlan gbpMohsin Kazmi2-0/+13
This patch implements vxlan with extension of group based policy support. Change-Id: I70405bf7332c02867286da8958d9652837edd3c2 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-07-11srv6: Fixing SRH parsing bug in Scapy 2.4Francois Clad1-0/+28
Change-Id: Ib2cb345d07665735697bf54ad48d353ba4112eda Signed-off-by: Francois Clad <fclad@cisco.com>
2018-03-19Scapy upgrade to 2.4.0.rc5Neale Ranns5-0/+197
- many of the patches fd.io applies in test/patches/2.3.3 are now upstreamed in 2.4 - 2.4 adds support for IGMPv3 which is my main motivation for the upgrade Change-Id: If2c0a524e3cba320b4a5d8cd07817c6ea2bf0c5a Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-01Fix ERSPAN encap to set EN bits in the header and add test caseJohn Lo1-1/+29
For ERSPAN encap, both bits in the EN field of the header should be set to indicate any VLAN tag in the original Ethernet frame is preserved. Added SPAN L2 test case where the mirrored packet output is a GRE ERSPAN tunnel. Change-Id: Ie7a40992a9278469c24aa6fa9e122b4505797d10 Signed-off-by: John Lo <loj@cisco.com>
2018-02-26update BIER scapy patch to match the scapy repo PRNeale Ranns1-4/+2
Change-Id: I4953b8444b49d1ad445c98a199ae8fd1635e24a5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-02-06BIER: fix support for longer bit-string lengthsNeale Ranns1-30/+35
Change-Id: I2421197b76be58099e5f8ed5554410adff202109 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-02-01IPv4/6 reassemblyKlement Sekera1-12/+13
Change-Id: Ic5dcadd13c88b8a5e7896dab82404509c081614a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-12-13GRE: fix single loop decap and add testNeale Ranns1-0/+9
Change-Id: I64e8a76a17057ae69de72a5a80c0a194cd0c21cb Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-12-09BIER in non-MPLS netowrksNeale Ranns1-3/+17
as decsribed in section 2.2 ihttps://tools.ietf.org/html/draft-ietf-bier-mpls-encapsulation-10 with BIFT encoding from: https://tools.ietf.org/html/draft-wijnandsxu-bier-non-mpls-bift-encoding-00 changes: 1 - introduce the new BIFT lookup table. BIER tables that have an associated MPLS label are added to the MPLS-FIB. Those that don't are added to the BIER table 2 - BIER routes that have no associated output MPLS label will add a BIFT label. 3 - The BIER FMask has a path-list as a member to resolve via any possible path. Change-Id: I1fd4d9dbd074f0e855c16e9329b81460ebe1efce Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-15vxlan extended tests - fix scapy-related issuesGabriel Ganne1-0/+11
- Add vxlan-gpe binding on udp port 4790 (taken from scapy upstream) - VXLAN.VNI -> VXLAN.vni Change-Id: If7ad38fa04fbfec01e01c81a06e88ffe70183672 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-11-09BIERNeale Ranns2-8/+72
- see draft-ietf-bier-mpls-encapsulation-10 - midpoint, head and tail functions - supported payload protocols; IPv4 and IPv6 only. Change-Id: I59d7363bb6fdfdce8e4016a68a9c8f5a5e5791cb Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-06Initial GENEVE TUNNEL implementation and tests.Marco Varlese2-0/+69
Notes on this first implementation: * First version of the implementation does NOT support GENEVE OPTIONS HEADER: it isn't well understood what the purpose of the OPTIONS will be and/or what content would be placed in the variable option data; Once the IETF work will evolve and further information will be available it could be possible to modify the frame rewrite to contemplate the actual GENEVE OPTIONS. Change-Id: Iddfe6f408cc45bb0800f00ce6a3e302e48a4ed52 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-08-22SRv6 testsKris Michielsen1-0/+185
Change-Id: Ib1d2fc5a83d9d007a0468591a73881675f1bec9b Signed-off-by: Kris Michielsen <kmichiel@cisco.com>
2017-05-25MPLS hash function improvementsNeale Ranns1-0/+5
Change-Id: I28e98f445c01493562b6196a4f5b532a51f178af Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-26DHCPv[46] proxy testsNeale Ranns1-0/+58
Change-Id: I6aaf9c602cd515ed9d4416d286f9191d048c1a87 Signed-off-by: Neale Ranns <nranns@cisco.com>
2016-12-02MPLS infrastructure improvmentsNeale Ranns1-0/+13
- deprecate MPLSoEth and MPLSoGRE; replace with generic MPLS tunnel. - deprecates CLI 'mpls encap ..'; replace with addition of MPLS out label to a route/tunnel. - support for MPLS 'routes', e.g. MPLS x-connects. - deprecates CLI 'mpls decap ..'; replace with 'mpls route .. ' Change-Id: Ibda46544912f880d0200f22bf9ff9b52828fcc2f Signed-off-by: Neale Ranns <nranns@cisco.com>
2016-11-22GRE tests and fixesNeale Ranns1-0/+25
Change-Id: I234240e9bdd4b69ad64a17b1449ae1e81c0edaca Signed-off-by: Neale Ranns <nranns@cisco.com>