Age | Commit message (Collapse) | Author | Files | Lines |
|
(VPP-682)
This fixes the previously-implicit "drop all non-first fragments" behavior
to be more in line with security rules: a non-first fragment is treated
for the purposes of matching the ACL as a packet with the port
match succeeding. This allows to change the behavior to permit
the fragmented packets for the default "permit specific rules"
ruleset, but also gives the flexibility to block the non-initial
fragments by inserting into the begining a bogus rule
which would deny the L4 traffic.
Also, add a knob which allows to potentially turn this behavior off
in case of a dire need (and revert to dropping all non-initial fragments),
via a debug CLI.
Change-Id: I546b372b65ff2157d9c68b1d32f9e644f1dd71b4
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
usage:
env EXTERN_PLUGINS=/path/to/plugins make test
Change-Id: I8eece726dfafeff1cffd921c1e18cd3eb7eb64ed
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
env EXTERN_TESTS="/path/to/extra/tests" make test
causes to run the default test set and tests collected from
test_*.py files under subtree specified in EXTERN_TESTS.
Change-Id: I58c5471dd6010730278a5b47d4318737d920bc28
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I8187b43129b80fadd90ea493afb922064f79abbe
Signed-off-by: Martin <magalik@cisco.com>
|
|
L3 path support, L2+L3 unified processing node, skip IPv6 EH support.
Change-Id: Iac37a466ba1c035e5c2997b03c0743bfec5c9a08
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Drop comes before lookup when enabled. is_first_or_last is not required when setting a feature, the anchor is added in find_config_with_features().
Don't make the PG interfaces automatically L3 enabled, this way we can have tests that check the L3 protocol disbaled behaviour.
Change-Id: Icef22a920b27ff9cec6ab2da6b05f05c532cb60f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
allow this config to function:
set int ip address loop0 169.254.1.1/32 (the default GW address for attached hosts)
set int unnumbered af_packet0 use loop0 ('enable' IP on the host interface)
ip route add 192.168.1.1/32 via af_packet0 (where to find the host)
repeat for each host and host interface.
Inter-host communication is throught the /32 routes.
To allow this:
1 - attached host routes have the ATTACHED flag set, so the ARP code accepts then as legitimate sources
2 - unnumbered interfaces inherit the source address from the IP interface
Change-Id: Ib66c5f0e848c528f79372813adc3a0c11b50717f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I3fa2f35056b74e479288bb956f2713f727a81c72
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I03e52466fb3f909ae52b8fba601168f3eadbd972
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I7e8556af833ca0e00fadc96dcd2077ff1104541b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Interface can be in promiscuous mode if more than one of its sub-
interface is in L2 mode. In promiscuous mode, L3 interface need to
verify DMAC of packet to match that of the interface and drop if not.
This check was done on sub-interface only and now also added to main
interface path.
Fix incorrect MAC addresses in the flow-per-pkt plugin test, which
caused it to fail.
Fix MAC address usage in BFD tests.
Change-Id: I12a17ec05c7ab298ad10d400c90d082c97eca521
Signed-off-by: John Lo <loj@cisco.com>
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I95113a277b94cce5ff332fcf9f57ec6f385acec0
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
vpp_lite platform is not needed anymore as same efect can be
achieved with following startup.conf config:
plugins {
plugin dpdk_plugin.so { disable }
}
Change-Id: I690ea8ceb1c6e1fe32e01e7da54e9958019a93bf
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
next-hops. UT checks for no-leftover-state now pass
Change-Id: I9e980ee117c0b6aebc6c7a0fcc153a7c0eaf0c72
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iee0302a7a4856712f27f97f9cc953b2e9e71698c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Check if vpp_papi is importable before running the tests to avoid
confusing python crashes.
Change-Id: I6adf406e353bf381d590f2ef988a1ea79b95cf37
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
This starts a bash with the same environment as the test framework
uses, allowing easy debugging.
Change-Id: I956deda913b73dae5b1e1976417834ae4731f88a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
neighbor entry
Change-Id: I952039e101031ee6a06e63f4c73d8eb359423e1a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I9ea16881caf7aee57f0daf4ac2e8b82c672f87e9
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ic6ac7e441a7b75baa02f03c1585d1ae00903a399
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iead6dc6a0fe15a0b8e148e780c3aeadd0b378824
Signed-off-by: Martin <magalik@cisco.com>
|
|
Implement plumbing to allow decorating tests as extended, e.g.:
@unittest.skipUnless(running_extended_tests(), "part of extended tests")
both methods and classes can be decorated this way.
Change make test and make test-debug to run only non-extended tests.
Introduce make test-all and make test-all-debug to run the full suite.
Run full suite as part of make verify.
Decorate most BFD tests as extended.
Change-Id: I3bc64f59e9fe238f7f767d7e043dc165d03e9dfa
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I0ffab147c3218a75b7c3bb829983f538c7b637ee
Signed-off-by: Martin <magalik@cisco.com>
|
|
bridging. That is hosts in one sub-net reachable via differenet interfaces.
Introducate a new API command:
ip6 nd proxy <host-address> <interface>
this indicates 2 things;
1) that host <host-address> is reachable out of interface <interface>. VPP will thus install that route.
2) NS requests sent to <host-address> will be responeded to (i.e. proxied).
Change-Id: I863f967fdb5097ab3b574769c70afdbfc8d5478a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Multiple DHCP (4 and/or 6) servers can be added and removed through multiple calls to the 'set dhcp server' API.
All 4/6/ discover/solicit messages will then be replicated to all servers in the list. The expectation is that the servers/system is configured in such a way that this is viable.
If VSS information is providied for the clinet VRF which also has multiple servers configured, then the same VSS information is sent to each server. Likewise the source address of packets sent to from VPP to each server is the same.
Change-Id: I3287cb084c84b3f612b78bc69cfcb5b9c1f8934d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Inside user is statically mapped to a set of outside ports. Support endpoint
dependent mapping to deal with overloading of the outside ports.
Change-Id: I8014438744597a976f8ae459283e8b91f63b7f72
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I9c0bb35ba16e04206ac481495f6638d3763754a1
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: If0e30837e07a21f3912676f5147cb242d3d2b235
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Unless overridden by COREDUMP_SIZE env variable, tell VPP to set
coredump size to unlimited, otherwise use $COREDUMP_SIZE as
the argument.
Change-Id: Ia2a6508207c66a171b33d272c820b1deb4a83e82
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Check if there are existing vpp processes before running the test suite
and refuse to run if there are. This prevents the removal of other test
suite temporary files and also makes sure that if the machine is loaded
by (zombie) vpp processes, interactive tests (like bfd) won't fail.
Change-Id: I88a74098188cb3f51966de5db19d7f80f39e51e2
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
1) tests for RA options
2) memleaks deleteing a ip6_radv_info_t
3) MLD prefix code refactoring
Change-Id: I34db103994bd8fbdbbec50b202d72770dd145681
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
has an address configured (VPP-601)
Change-Id: I311fc264f73dd3b2b3ce9d7d1c33cd0515b36c4a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This change improves vpp_papi behaviour by introducing alternate way of
calling vpp APIs.
The common code is the same:
vpp = VPP(...)
vpp.connect(...)
Calling VPP API is different, instead of deprecated:
vpp.show_version() # deprecated
one should write
vpp.api.show_version()
this allows VPP messages like "connect" and "disconnect" to be used,
once the old API is dropped (in 17.07). Also part of this patch is a
check for name conflict, to prevent VPP object overwriting its own
functionality with generated code based on json files.
Change-Id: I22e573b6a45f8b2a1f0340c5c2597c194fe42ca4
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: If75a35dbdcb43c1ce0128b8649f2ca3970d3fff5
Signed-off-by: Martin <magalik@cisco.com>
|
|
Change-Id: Icf0d72f6af1f98c86f78e586c354515ac69804aa
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Implement command line interface to the BFD binary APIs. Add
corresponding unit tests.
Change-Id: Ia0542d0bc4c8d78e6f7b777a08fd94ebfe4d524f
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I40d6d763b55a26cdee0afef85d1acdd19dd10dd6
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ib1e301d62b687d4e42434239e7cd412065c28da0
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
- needed to filter out ICMPv6 Neighbor Discovery - Neighbor
Advertisement packets
- needed to reset routes of reset VRFs learned from ICMPv6
Neighbor Discovery - Neighbor Advertisement packets after
run_verify_test()
Change-Id: I8238d8f73428d511ab68ab7765d99ce7dc3a6633
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Change-Id: I2776e0a0661794b1c0076519b08807080a1282fb
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
The DHCP proxy and VSS information maintained by VPP is the same for v4 and v6, so we can manage this state using the same code.
Packet handling is cleary different, so this is kept separate.
Change-Id: I10f10cc1f7f19debcd4c4b099c6de64e56bb0c69
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
DHCP additions:
1) DHCPv4 will only relay a message back to the client, if the Option82 information is present. So make this the default.
2) It is no longer possible to select via the API to "insert circuit ID" - since this is now default
3) Remove the version 2 API since it's now the same as version 1.
4) Adding the VSS option is now conditional only on the presence of VSS config (not the 'insert' option in the set API)
5) DHCP proxy dump via API
Change-Id: Ia7271ba8c1d4dbf34a02c401d268ccfbb1b74f17
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I2d812153d7afe7980346382b525af89b3c47e796
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
- add/delete IPv6 VRF instances and verify results by parsing output
of ip6_fib_dump API command and by traffic
- small changes in assert_nothing_captured and get_capture to get logged
unexpected packets
Change-Id: I32207447be2df942e335aa9890ff52fb88e46597
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Add IP[46] MFIB dump.
Change-Id: I4a2821f65e67a5416b291e4912c84f64989883b8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I20aacc927f2b04f42b0a7220c4283560b4d2a359
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: I7d8889dce8495607106593ad83320c9af0f2fa07
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I322bfb3469b3d0d5b0cac39a6c2dba1c6f83ce3d
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: I8d2022b7cb3ef3da736c085bccbb5b9c057a8d76
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
snat_static_mapping_dump
Change-Id: Ib560b397700fe058ad1e2970989d98e3debf54aa
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|