| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
portrange matches on the same hash key (VPP-938)
Multiple portranges that land on the same hash key will always report the match
on the first portrange - even when the subsequent portranges have matched.
Test escape, so make a corresponding test case and fix the code so it passes.
Change-Id: Idbeb8a122252ead2468f5f9dbaf72cf0e8bb78f1
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
The packet that was creating the session was not tracked,
consequently the TCP flags seen within the session record
never got the value for the session to get treated as
being in the established state.
Test-escape, so add the TCP tests which test the
three phases of the TCP session life and make them all pass.
Change-Id: Ib048bc30c809a7f03be2de7e8361c2c281270348
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Idf46a03803125babd9bb880363686359fbcca27d
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
fixed instability in l2bd_multi_instnce test - sometimes failing with extra
packets captured
it appears l2-learn was not updating hit entries but rather a copy of them.
if the ager did not have a chance to run before the test was running the
learning cycle - entries were not updated with the packet's seq num - causing
packets to flood when hitting the stale seq_num in l2-fwd - hence the extra
packets
fixed handling of filter entries
revert workaround for instability in test
Change-Id: I16d918e6310a5bf40bad5b7335b2140c2867cb71
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
It is useful to have the CLI to clear the existing sessions.
There was a work-in-progress CLI but it did not work properly.
Fix it and split into a separate "clear acl-plugin sessions",
and add a unit test into the extended connection-oriented tests.
Change-Id: I55889165ebcee139841fdac88747390903a05394
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: If397b49861468eed29b964fa64b186f80eb0eceb
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
source is connected
Change-Id: I39fb0ec44cc322eaa12c0ff0700fc405d3982bfc
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
re-enable l2 fib flush tests
reorder l2bd multi instance tests - move flags test as last
enabling of uu-flood will now flood when entry is stale
Change-Id: I052663ec3eb4acee5f296fb7525dd535924e0003
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I15813167e7c8529f229143de4a8f64f0fb530951
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
l2_classify memeber table_index was overlaid over l2.l2fib_seq_num
which over written when table_index gets initialized in l2_input_classify
solved by overlaying both table_index and opaque_index as only one is used
seperated l2fib seq num from l2_input configs
for better handling of theoretical ABA issue where an entry for a deleted
interface is considered valid by the ager because a different interface with
same sw_if_index and seq_num was created before the ager got a chance to delete
Change-Id: I7b0eeded971627406f1c80834d7e02c0ebe62136
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: Ic81c6098d615fdb6a874e532921efd833fed872c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Add a bihash-based ACL lookup mechanism and make it a new default.
This changes the time required to lookup a 5-tuple match
from O(total_N_entries) to O(total_N_mask_types), where
"mask type" is an overall mask on the 5-tuple required
to represent an ACE.
For testing/comparison there is a temporary debug CLI
"set acl-plugin use-hash-acl-matching {0|1}", which,
when set to 0, makes the plugin use the "old" linear lookup,
and when set to 1, makes it use the hash-based lookup.
Based on the discussions on vpp-dev mailing list,
prevent assigning the ACL index to an interface,
when the ACL with that index is not defined,
also prevent deleting an ACL if that ACL is applied.
Also, for the easier debugging of the state, there are
new debug CLI commands to see the ACL plugin state at
several layers:
"show acl-plugin acl [index N]" - show a high-level
ACL representation, used for the linear lookup and
as a base for building the hashtable-based lookup.
Also shows if a given ACL is applied somewhere.
"show acl-plugin interface [sw_if_index N]" - show
which interfaces have which ACL(s) applied.
"show acl-plugin tables" - a lower-level debug command
used to see the state of all of the related data structures
at once. There are specifiers possible, which make
for a more focused and maybe augmented output:
"show acl-plugin tables acl [index N]"
show the "bitmask-ready" representations of the ACLs,
we well as the mask types and their associated indices.
"show acl-plutin tables mask"
show the derived mask types and their indices only.
"show acl-plugin tables applied [sw_if_index N]"
show the table of all of the ACEs applied for a given
sw_if_index or all interfaces.
"show acl-plugin tables hash [verbose N]"
show the 48x8 bihash used for the ACL lookup.
Change-Id: I89fff051424cb44bcb189e3cee04c1b8f76efc28
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I83a6c277fa211ac2c2ca2d603650c992886af0a7
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Updated test to reduce tests runtime.
Change-Id: I7904628fc19d349d6c26502e49d4c990cb8816ff
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Change-Id: I5077fcf3671a6116b475f87e43120efc10ecaa08
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
after deleting a sub interface it's l2fib entries are left with a dangling
sw_if_index (while waiting for the ager to delete them).
changed "show l2fib" to reflect that state with "Deleted" as the interface name.
added sleep in test_l2_fib as a workaround for packets still passing after flush
will investigate...
Change-Id: Id998d7d3c6a073ef5005c5f3009e1cfb7febf7db
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Added ICMP error messages translation.
Added check for multi thread (not supported yet, so init failed).
Added API definition for custom NAT64 refix.
Change-Id: Ice2f04631af63e594aecc09087a1cf59f3b676fb
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Basic NAT64 feature (no hairpinning, no multi-thread).
Change-Id: I392fccbce93e70c117f4a9a7ec7cf08d6c537f2d
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Introduce faulthandler to print stack trace to stderr on python crash.
Don't disable automatic garbage collection to decrease the chances of
running out of memory.
Change-Id: I6927a5f6ea9569735d084d4ed3d258950a400d74
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I21b1ad39275495d4d006023b58f630a213445854
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I0324f945bdb4dd3b19151be6f3ce24a47a000104
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
Change-Id: I9d63133bd1db72917571ade868040c4597c896a1
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ie5b88fd7187ed62218a2e4e0e493c33e3e9ecc2f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I121eaee6b752a6b3bfe1d5ecf803f67147c77beb
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I67839281623721bf42f0a918a53356143d9dc78a
Signed-off-by: Ole Troan <ot@cisco.com>
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I7de6b96631d1645d0eadd38525860d84d78e316d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
don't add duplicate extensions.
Change-Id: Icf72d6e1b004d0dda532bec2b51f6b74544925bb
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I28e98f445c01493562b6196a4f5b532a51f178af
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ifa9582962710a3601fcccbbf388529043fc7f08a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ibc0e1910a4926fdfbf74571efb5fd5810bfa09da
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iae04c57bba87ab3665388eadd0805f75171636a5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
flush tests will now enable learning on the bridge, and send broadcast packets
to add dynamic entries to the l2_fib. it will then disable learning, flush, and
will verify packets are not forwarded to flushed "hosts".
Change-Id: Ie6f123e59f6c89af511bdc5a02dd199420c424e9
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: Ic86617c9c3217122043656ce2ea70bb106df5b2d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
These tests attempt to flush static entries from a bridge-domain that has no aging configured. for both reasons it will fail.
The fact thtat they occationally pass is due to the fact that the assert_nothing_cpatured does not actually capture packets, so it misses the fact that there are some.
Change-Id: Ie5c98a42944e29a3d482156f7e9246511380372f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Check whether an ARP src hw addr starts with 00:00:5e:00:01
before rejecting due to a mismatch between ARP src hw addr
and ethernet frame src addr.
Change-Id: Ia3ecd5d6dba34876aca8d90bc622a0a1397e48fb
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
learn ARP peers if, 1) it's a reply to a local address, 2) we are sending a response to a request.
send proxy ARP responses only in the interface the request was sent.
Change-Id: I22b949c65122824233076492b7dd537daca07bc2
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
add tests for flush int/bd/all
Change-Id: Ia589ec5925b9c8acbb2fc16dafbf4842aa1a6eff
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Basic GTP-U feature
Change-Id: I31226f890a92c5303ac06e112ed7820cae52d9bd
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
Change-Id: Ibd7828b1e1c699630ff450122d8aa317b1c9da26
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: If864182ec656cc6c6353be642e22910a4fc89870
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Fix a logic error related to timing out of the connections
following the active one. To avoid this class of issue in
the future, create corresponding testcases, as well as some
trivial sanity testcases for both IPv4 and IPv6.
Since these tests are timing-dependent and take up time,
mark them as extended tests.
Change-Id: I2c72bad5efda7db8aa9cb05801fe47928dc47927
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I7edea5d7b105ba66e0e04d509968b92cfb64c84a
Signed-off-by: Martin Gálik <magalik@cisco.com>
|
|
Instead, drop the BFD session associated with it..
Change-Id: Ie09877d5c94844be2e833900d9dde7f23edaf8cd
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I19a6015fde7342588cfa9c7a4f07016aa339cc72
Signed-off-by: Martin Gálik <magalik@cisco.com>
|
|
- the flow hash config is (and was) cached on the load-balance object so the fib_table_t struct is not used a switch time. Therefore changes to the table's flow hash config need to be propagated to all load-balances and hance all FIB entries in the table.
- enable API for setting the IPv6 table flow hash config
- use only the hash config in the fib_table_t object and not on the ipX_fib_t
- add tests.
Change-Id: Ib804c11162c6d4972c764957562c372f663e05d4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ib542b2b3ee023fbe3d0e01ceaf4b4ab7a0ec80dc
Signed-off-by: Martin Gálik <magalik@cisco.com>
|
|
Change-Id: I9c8636bd2c4b8da2907e8e4a4f2be1a2c3a8e0bb
Signed-off-by: Martin Gálik <magalik@cisco.com>
|
|
Change-Id: Iaed59cca1c9fd69eadb86c15be6417a956cb9d5a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
- only build them for popular path-lists (where popular means more than 64 children)
the reason to have a map is to improve convergence speed for recursive prefixes - if there are only a few this technique is not needed
- only build them when there is at least one path that has recursive constraints, i.e. a path that can 'fail' in a PIC scenario.
- Use the MAPS in the switch path.
- PIC test cases for functionality (not convergence performance)
Change-Id: I70705444c8469d22b07ae34be82cfb6a01358e10
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
maximum entries per user exceeded event
Change-Id: Ie35d7f40f55001e2ef4a38f934f176594f25b189
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
Andrew Yourtchenko
Matus Fabian
Eyal Bari
Neale Ranns
Pavel Kotucek
Klement Sekera
Hongjun Ni
Ole Troan
Matthew Smith
Martin Gálik