aboutsummaryrefslogtreecommitdiffstats
path: root/test
AgeCommit message (Collapse)AuthorFilesLines
2017-04-04acl-plugin: make the IPv4/IPv6 non-first fragment handling in line with ACL ↵Andrew Yourtchenko2-9/+91
(VPP-682) This fixes the previously-implicit "drop all non-first fragments" behavior to be more in line with security rules: a non-first fragment is treated for the purposes of matching the ACL as a packet with the port match succeeding. This allows to change the behavior to permit the fragmented packets for the default "permit specific rules" ruleset, but also gives the flexibility to block the non-initial fragments by inserting into the begining a bogus rule which would deny the L4 traffic. Also, add a knob which allows to potentially turn this behavior off in case of a dire need (and revert to dropping all non-initial fragments), via a debug CLI. Change-Id: I546b372b65ff2157d9c68b1d32f9e644f1dd71b4 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-03-22make test: support out-of-tree pluginsKlement Sekera2-2/+14
usage: env EXTERN_PLUGINS=/path/to/plugins make test Change-Id: I8eece726dfafeff1cffd921c1e18cd3eb7eb64ed Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-03-22make test: support out-of-tree testsKlement Sekera2-4/+58
env EXTERN_TESTS="/path/to/extra/tests" make test causes to run the default test set and tests collected from test_*.py files under subtree specified in EXTERN_TESTS. Change-Id: I58c5471dd6010730278a5b47d4318737d920bc28 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-03-22SNAT: added actual delete to snat_det_mapMartin1-0/+4
Change-Id: I8187b43129b80fadd90ea493afb922064f79abbe Signed-off-by: Martin <magalik@cisco.com>
2017-03-21ACL plugin 1.2Andrew Yourtchenko1-0/+722
L3 path support, L2+L3 unified processing node, skip IPv6 EH support. Change-Id: Iac37a466ba1c035e5c2997b03c0743bfec5c9a08 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-03-17Fix IP feature ordering.Neale Ranns6-20/+304
Drop comes before lookup when enabled. is_first_or_last is not required when setting a feature, the anchor is added in find_config_with_features(). Don't make the PG interfaces automatically L3 enabled, this way we can have tests that check the L3 protocol disbaled behaviour. Change-Id: Icef22a920b27ff9cec6ab2da6b05f05c532cb60f Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-17Attached hostsNeale Ranns2-12/+166
allow this config to function: set int ip address loop0 169.254.1.1/32 (the default GW address for attached hosts) set int unnumbered af_packet0 use loop0 ('enable' IP on the host interface) ip route add 192.168.1.1/32 via af_packet0 (where to find the host) repeat for each host and host interface. Inter-host communication is throught the /32 routes. To allow this: 1 - attached host routes have the ATTACHED flag set, so the ARP code accepts then as legitimate sources 2 - unnumbered interfaces inherit the source address from the IP interface Change-Id: Ib66c5f0e848c528f79372813adc3a0c11b50717f Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-17Adjacency refinement; check the cover's interface against the adjacency'sNeale Ranns1-20/+53
Change-Id: I3fa2f35056b74e479288bb956f2713f727a81c72 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-15Python API: Change from cPython to CFFI.Ole Troan2-2/+2
Change-Id: I03e52466fb3f909ae52b8fba601168f3eadbd972 Signed-off-by: Ole Troan <ot@cisco.com>
2017-03-15No vector allocation during buffer copyNeale Ranns1-9/+38
Change-Id: I7e8556af833ca0e00fadc96dcd2077ff1104541b Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-13Add MAC address check in ethernet-input node if interface in L3 modeJohn Lo2-2/+11
Interface can be in promiscuous mode if more than one of its sub- interface is in L2 mode. In promiscuous mode, L3 interface need to verify DMAC of packet to match that of the interface and drop if not. This check was done on sub-interface only and now also added to main interface path. Fix incorrect MAC addresses in the flow-per-pkt plugin test, which caused it to fail. Fix MAC address usage in BFD tests. Change-Id: I12a17ec05c7ab298ad10d400c90d082c97eca521 Signed-off-by: John Lo <loj@cisco.com> Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-03-13ACL plugin rejects ICMP messages (VPP-624)Pavel Kotucek2-1/+1023
Change-Id: I95113a277b94cce5ff332fcf9f57ec6f385acec0 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-03-10Retire vpp_liteDamjan Marion1-1/+3
vpp_lite platform is not needed anymore as same efect can be achieved with following startup.conf config: plugins { plugin dpdk_plugin.so { disable } } Change-Id: I690ea8ceb1c6e1fe32e01e7da54e9958019a93bf Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-10Fix MAP-E UT. Add functionality in MAP code to delete the pre-resolved ↵Neale Ranns2-10/+20
next-hops. UT checks for no-leftover-state now pass Change-Id: I9e980ee117c0b6aebc6c7a0fcc153a7c0eaf0c72 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-09make test: temporary disable MAP-E testDamjan Marion1-0/+1
Change-Id: Iee0302a7a4856712f27f97f9cc953b2e9e71698c Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-09make test: automatic sanity checkKlement Sekera2-2/+18
Check if vpp_papi is importable before running the tests to avoid confusing python crashes. Change-Id: I6adf406e353bf381d590f2ef988a1ea79b95cf37 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-03-09make test: add make test-shell[-debug] targetsKlement Sekera1-0/+13
This starts a bash with the same environment as the test framework uses, allowing easy debugging. Change-Id: I956deda913b73dae5b1e1976417834ae4731f88a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-03-09IMplementation for option to not create a FIB table entry when adding a ↵Neale Ranns5-40/+98
neighbor entry Change-Id: I952039e101031ee6a06e63f4c73d8eb359423e1a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-09MAP pre-resolve - use FIB to track pre-resolved next-hopNeale Ranns2-0/+199
Change-Id: I9ea16881caf7aee57f0daf4ac2e8b82c672f87e9 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-09Tests to target holes in adjacency and DPO test coverageNeale Ranns6-15/+281
Change-Id: Ic6ac7e441a7b75baa02f03c1585d1ae00903a399 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-08SNAT: deterministic map dumpMartin2-1/+28
Change-Id: Iead6dc6a0fe15a0b8e148e780c3aeadd0b378824 Signed-off-by: Martin <magalik@cisco.com>
2017-03-08make test: split into basic and extended testsKlement Sekera3-7/+64
Implement plumbing to allow decorating tests as extended, e.g.: @unittest.skipUnless(running_extended_tests(), "part of extended tests") both methods and classes can be decorated this way. Change make test and make test-debug to run only non-extended tests. Introduce make test-all and make test-all-debug to run the full suite. Run full suite as part of make verify. Decorate most BFD tests as extended. Change-Id: I3bc64f59e9fe238f7f767d7e043dc165d03e9dfa Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-03-08SNAT: user_session_dump is_ip4 and vat unformating addedMartin1-2/+4
Change-Id: I0ffab147c3218a75b7c3bb829983f538c7b637ee Signed-off-by: Martin <magalik@cisco.com>
2017-03-08Proxy ND (RFC4389 - or a sub-set thereof). This allows the 'emulation' of ↵Neale Ranns2-17/+282
bridging. That is hosts in one sub-net reachable via differenet interfaces. Introducate a new API command: ip6 nd proxy <host-address> <interface> this indicates 2 things; 1) that host <host-address> is reachable out of interface <interface>. VPP will thus install that route. 2) NS requests sent to <host-address> will be responeded to (i.e. proxied). Change-Id: I863f967fdb5097ab3b574769c70afdbfc8d5478a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-07DHCP Multiple Servers (VPP-602, VPP-605)Neale Ranns1-44/+312
Multiple DHCP (4 and/or 6) servers can be added and removed through multiple calls to the 'set dhcp server' API. All 4/6/ discover/solicit messages will then be replicated to all servers in the list. The expectation is that the servers/system is configured in such a way that this is viable. If VSS information is providied for the clinet VRF which also has multiple servers configured, then the same VSS information is sent to each server. Likewise the source address of packets sent to from VPP to each server is the same. Change-Id: I3287cb084c84b3f612b78bc69cfcb5b9c1f8934d Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-07CGN: Deterministic NAT (VPP-623)Matus Fabian2-0/+100
Inside user is statically mapped to a set of outside ports. Support endpoint dependent mapping to deal with overloading of the outside ports. Change-Id: I8014438744597a976f8ae459283e8b91f63b7f72 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-03-07Add setting of tenant VRF id for SNAT addresses (VPP-641)Juraj Sloboda2-3/+74
Change-Id: I9c0bb35ba16e04206ac481495f6638d3763754a1 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-03-06make test: reset object registry if vpp diesKlement Sekera2-2/+9
Change-Id: If0e30837e07a21f3912676f5147cb242d3d2b235 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-03-06make test: tell vpp to set coredump sizeKlement Sekera2-6/+14
Unless overridden by COREDUMP_SIZE env variable, tell VPP to set coredump size to unlimited, otherwise use $COREDUMP_SIZE as the argument. Change-Id: Ia2a6508207c66a171b33d272c820b1deb4a83e82 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-03-06make test: don't run if other vpp process runsKlement Sekera1-2/+22
Check if there are existing vpp processes before running the test suite and refuse to run if there are. This prevents the removal of other test suite temporary files and also makes sure that if the machine is loaded by (zombie) vpp processes, interactive tests (like bfd) won't fail. Change-Id: I88a74098188cb3f51966de5db19d7f80f39e51e2 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-03-03IPv6 RA improvementsNeale Ranns4-6/+251
1) tests for RA options 2) memleaks deleteing a ip6_radv_info_t 3) MLD prefix code refactoring Change-Id: I34db103994bd8fbdbbec50b202d72770dd145681 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-03Changing the IP table for an interface is an error if the interface already ↵Neale Ranns6-4/+25
has an address configured (VPP-601) Change-Id: I311fc264f73dd3b2b3ce9d7d1c33cd0515b36c4a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-03python API: work towards python/vpp api separationKlement Sekera1-6/+6
This change improves vpp_papi behaviour by introducing alternate way of calling vpp APIs. The common code is the same: vpp = VPP(...) vpp.connect(...) Calling VPP API is different, instead of deprecated: vpp.show_version() # deprecated one should write vpp.api.show_version() this allows VPP messages like "connect" and "disconnect" to be used, once the old API is dropped (in 17.07). Also part of this patch is a check for name conflict, to prevent VPP object overwriting its own functionality with generated code based on json files. Change-Id: I22e573b6a45f8b2a1f0340c5c2597c194fe42ca4 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-03-02SNAT: user's dump and session dump of a certain snat user.magalik2-0/+82
Change-Id: If75a35dbdcb43c1ce0128b8649f2ca3970d3fff5 Signed-off-by: Martin <magalik@cisco.com>
2017-03-02Remove the unused VRF ID parameter from the IP neighbour Add/Del APINeale Ranns4-10/+7
Change-Id: Icf0d72f6af1f98c86f78e586c354515ac69804aa Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-02BFD: command line interfaceKlement Sekera4-23/+578
Implement command line interface to the BFD binary APIs. Add corresponding unit tests. Change-Id: Ia0542d0bc4c8d78e6f7b777a08fd94ebfe4d524f Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-02-27[Proxy] ARP testsNeale Ranns5-0/+587
Change-Id: I40d6d763b55a26cdee0afef85d1acdd19dd10dd6 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-02-26BFD: echo functionKlement Sekera4-49/+455
Change-Id: Ib1e301d62b687d4e42434239e7cd412065c28da0 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-02-25Enable tests with VRF resetJan Gelety1-37/+73
- needed to filter out ICMPv6 Neighbor Discovery - Neighbor Advertisement packets - needed to reset routes of reset VRFs learned from ICMPv6 Neighbor Discovery - Neighbor Advertisement packets after run_verify_test() Change-Id: I8238d8f73428d511ab68ab7765d99ce7dc3a6633 Signed-off-by: Jan Gelety <jgelety@cisco.com>
2017-02-23Remove prints from LISP testFilip Tehlar1-5/+0
Change-Id: I2776e0a0661794b1c0076519b08807080a1282fb Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-02-16Consolidate DHCP v4 and V6 implementation. No functional change intendedNeale Ranns1-1/+1
The DHCP proxy and VSS information maintained by VPP is the same for v4 and v6, so we can manage this state using the same code. Packet handling is cleary different, so this is kept separate. Change-Id: I10f10cc1f7f19debcd4c4b099c6de64e56bb0c69 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-02-21dhcp: multiple additionsNeale Ranns2-86/+86
DHCP additions: 1) DHCPv4 will only relay a message back to the client, if the Option82 information is present. So make this the default. 2) It is no longer possible to select via the API to "insert circuit ID" - since this is now default 3) Remove the version 2 API since it's now the same as version 1. 4) Adding the VSS option is now conditional only on the presence of VSS config (not the 'insert' option in the set API) 5) DHCP proxy dump via API Change-Id: Ia7271ba8c1d4dbf34a02c401d268ccfbb1b74f17 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-02-21Add basic 4o4 LISP unit testFilip Tehlar5-1/+646
Change-Id: I2d812153d7afe7980346382b525af89b3c47e796 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-02-21test: ip6 vrf instances multi-context test (CSIT-497)Jan Gelety4-7/+424
- add/delete IPv6 VRF instances and verify results by parsing output of ip6_fib_dump API command and by traffic - small changes in assert_nothing_captured and get_capture to get logged unexpected packets Change-Id: I32207447be2df942e335aa9890ff52fb88e46597 Signed-off-by: Jan Gelety <jgelety@cisco.com>
2017-02-20Python test IP and MPLS objects conform to infra.Neale Ranns6-197/+280
Add IP[46] MFIB dump. Change-Id: I4a2821f65e67a5416b291e4912c84f64989883b8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-02-19make test: save + dump VPP api trace log; VPP-640Dave Wallace1-0/+11
Change-Id: I20aacc927f2b04f42b0a7220c4283560b4d2a359 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-02-17BFD: put session admin-up/admin-downKlement Sekera2-8/+45
Change-Id: I7d8889dce8495607106593ad83320c9af0f2fa07 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-02-17Fix handling of ping to SNAT out interfaceJuraj Sloboda1-2/+30
Change-Id: I322bfb3469b3d0d5b0cac39a6c2dba1c6f83ce3d Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-02-16Add handling of ICMP error packets in SNAT (VPP-629)Juraj Sloboda1-8/+187
Change-Id: I8d2022b7cb3ef3da736c085bccbb5b9c057a8d76 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-02-15SNAT: add static mappings with unresolved external interface address to ↵Matus Fabian1-2/+5
snat_static_mapping_dump Change-Id: Ib560b397700fe058ad1e2970989d98e3debf54aa Signed-off-by: Matus Fabian <matfabia@cisco.com>