aboutsummaryrefslogtreecommitdiffstats
path: root/test
AgeCommit message (Collapse)AuthorFilesLines
2020-09-07ipsec: fix padding/alignment for native IPsec encryptionChristian Hopps4-33/+101
Not all ESP crypto algorithms require padding/alignment to be the same as AES block/IV size. CCM, CTR and GCM all have no padding/alignment requirements, and the RFCs indicate that no padding (beyond ESPs 4 octet alignment requirement) should be used unless TFC (traffic flow confidentiality) has been requested. CTR: https://tools.ietf.org/html/rfc3686#section-3.2 GCM: https://tools.ietf.org/html/rfc4106#section-3.2 CCM: https://tools.ietf.org/html/rfc4309#section-3.2 - VPP is incorrectly using the IV/AES block size to pad CTR and GCM. These modes do not require padding (beyond ESPs 4 octet requirement), as a result packets will have unnecessary padding, which will waste bandwidth at least and possibly fail certain network configurations that have finely tuned MTU configurations at worst. Fix this as well as changing the field names from ".*block_size" to ".*block_align" to better represent their actual (and only) use. Rename "block_sz" in esp_encrypt to "esp_align" and set it correctly as well. test: ipsec: Add unit-test to test for RFC correct padding/alignment test: patch scapy to not incorrectly pad ccm, ctr, gcm modes as well - Scapy is also incorrectly using the AES block size of 16 to pad CCM, CTR, and GCM cipher modes. A bug report has been opened with the and acknowledged with the upstream scapy project as well: https://github.com/secdev/scapy/issues/2322 Ticket: VPP-1928 Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: Iaa4d6a325a2e99fdcb2c375a3395bcfe7947770e
2020-09-04vpp: Fix node APIsNathan Skrzypczak1-1/+1
Type: fix Change-Id: Ic6e2b7e05b50945a8e2222019c2942a6ee52e465 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-02bonding: add bond_create2 API to include gso optionSteven Luong2-16/+26
gso option is available for the debug CLI version of bond create. This patch is to create a new API to have the corresponding option in the binary API. The old binary API bond_create is marked deprecated. Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id9501b8e6d267ae09e2b411957f181343da459c0
2020-08-31vpp_config: update node variants to skx and iclRay Kinsella1-2/+2
Node variant names have changed to skx and icl. Type: fix Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I5be832aa59e4e440df53869077d801c011e3defa
2020-08-27tests: "force solo" testcase supportAndrew Yourtchenko6-8/+102
Some of the tests are time-sensitive, and at present require a non-trivial modification in order to run at high concurrency. Without these modifications, they intermittently fail, and require the test retries. Rather than setting them to the extended tests and forgetting about them, put them into a "solo" set, which gets run in a single-threaded mode after the rest of the tests are done. Mark a few of the tests that showed errors during TEST_JOBS=48 as forced-solo. Also, give a better diagnostic if the testcase misses a docstring needed to represent it in the diagnostic outputs. Type: fix Change-Id: I33fe62eb17edc1885bd2c3523892051d52da6546 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-08-14gso: packet coalesce libraryMohsin Kazmi2-0/+162
Type: feature Change-Id: Ia19d3611e596d9ec47509889b34e8fe793a0ccc3 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-08-06misc: harmonize namesDave Barach1-2/+2
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ibad744788e200ce012ad88ff59c2c34920742454
2020-08-03unittest: add clib_count_equal_u8/16/32/64 testsBenoît Ganne1-1/+1
Type: test Change-Id: I490c1b1a2fa49badda038e6be014c77b9bee6c56 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-31ip-neighbor: Allow to replace dynamic entryVladimir Isaev1-0/+110
Before this patch it was not allowed to replace a dynamic ARP entry with a static one with the same mac-address. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: I6cfc0e510ffdf141c61874288f11a60395182374
2020-07-28bonding: toggle bond admin state may cause hw link state to downSteven Luong1-2/+37
For bond interface, we set hardware link state to up initially when admin state is set to up. Thereafter, if we toggle the admin state to down and up, we require at least one active member in the bond prior to bringing up the hardware state which is inconsistent. The fix is to remove the unnecessary condition. This is a rework of the original proposed patch which is more complex and could be tricky to get it right https://gerrit.fd.io/r/c/vpp/+/27141 Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I65f4fee55299b5b4d5645f6e05e1be15b46b73cd
2020-07-28ip: svr: improve performance for non-fragmentsKlement Sekera1-0/+66
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ia77ce41a8f1a032c5e027c4bb47347752cfda0a9
2020-07-28bonding lacp: replace slave string with memberSteven Luong2-39/+42
- Replace textual string slave with member except APIs. - For APIs, mark the existing APIs as deprecated and introduce new APIs - While introducing sw_bond_interface_dump, add the optional filter by sw_if_index and enhance the testcases to make use of it. Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ib6626c514e45350308aeeda0decb70f3aba2f63e
2020-07-24geneve: support geneve interface acting as a bviOle Troan1-2/+71
create geneve tunnel local 10.10.10.10 remote 10.10.10.9 vni 48 decap-next node ethernet-input l3-mode set interface ip address geneve_tunnel0 11.11.11.12/24 Type: feature Change-Id: I579ce879553d72a2e8048e33d0c0122674996b81 Signed-off-by: Ole Troan <ot@cisco.com>
2020-07-21ipsec: Dedicated IPSec interface typeNeale Ranns3-4/+343
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ie8bd50df163aea2798e9f9d35a13dcadc4a4a4b2
2020-07-16gre: fix outer ip6 lengthAloys Augustin1-0/+9
This updates the computation of the outer ip6 header payload_length field in order to take into account the GRE header length. Change-Id: Ie9f982521aeaef7279a9e329a33272d6fae0a428 Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2020-06-24tests: fix deps pinning / patchingAloys Augustin1-5/+3
This ensures we don't recompute the requirements-{2,3}.txt on each make test run, and skips patching scapy if it is already patched instead of failing. Change-Id: I3da57182ae49f3dd04db139d96734a5d145fedff Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2020-06-20tests: improve lcov stats for memory_api.cDave Barach1-1/+19
Cover vl_mem_api_dead_client_scan(...), which is not so simple. Spin up vpp_api_test using pexpect.spawn, make it bootstrap a private memory segment, kill vpp_api_test, and wait for the dead client scanner to run a few times so that it declares the client dead. The test only runs if GCOV_TESTS=yes is set in the environment. Type: test Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I3c712fa011df2e23761a2e73c1aba0c7e50123a6
2020-06-16gso: fix the udp checksum in testMohsin Kazmi1-2/+2
Type: fix Change-Id: I7005e4763e73f3679c40f94bdab26d439cd23188 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-06-10vapi: memset allocated messages to zeroKlement Sekera2-20/+0
This avoids using dirty data from shared memory by client. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I96eecf655bf344ec29609cedbd8dc891b572e207
2020-06-08vxlan: Fixed checksum caclculation offsetVladimir Isaev5-6/+41
VXLAN uses csum_offload for IPv6 packets. But without gso node we have csum calculated only for inner packet. This patch adds support for outer header csum calculation. Checksum for inner packet should be calculated before interface-output node (for example in vxlan node). Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Ica68429ede4426293769207cd83c791ebe72fe56
2020-05-29bonding: Revert adjust link stateMatthew Smith1-58/+1
This reverts commit 9121c415a91904be50071ec55143d9c89b2f1b91. Reason for revert: causes deadlock with multiple worker threads Type: fix Change-Id: Icf3d6d343d99d887abacbaa03acbf04d4628514e Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-05-29gso: add checksum and payload size testingMohsin Kazmi1-49/+148
Type: test Change-Id: I9e4f7cf44d465712aa26e5dd6a0ff38588964a39 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-05-27bonding: adjust link state based on active slavesMatthew Smith1-1/+58
Type: improvement Bond link state is being maintained inconsistently. It is initially set to up. If the bond interface admin state is set to down, the link state is set to down. If the bond interface admin state is set to up, the link state is only set to up if there are active slave interfaces at that point. If slaves become active at some later time, it does not get updated. Its next chance to be updated is the next time the bond interface is set to admin up. To address this, do not set the link state to up after creating a bond. Adjust the link state as slave interfaces are attached or detached based on whether the bond is getting its first active slave or losing its last one. Unit test added to verify correct maintenance of link state. Change-Id: I31f17321f7f0e727e1ab1e01713423af6566dad9 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-05-25tests: update pip and pip-toolsAloys Augustin4-216/+387
This fixes an issue where the pinned requirements file can be modified when running the tests. Change-Id: Ic89d1844d1fd8d00f62211a9b051a26ac34ee316 Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2020-05-24ipsec: fixed chaining ops after add footer and icvPiotrX Kleski1-0/+1
In case there is no free space in first buffer for ICV and footer, additional buffer will be added, but esp_encrypt will stay in single buffer mode. The issue happens for the following payload sizes: - TCP packets with payload 1992 - ICMP packets with payload 2004 This fix moves the single/chained buffer ops selection to after esp_add_footer_and_icv call. Type: fix Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Change-Id: Ic5ceba418f738933f96edb3e489ca2d149033b79
2020-05-15ikev2: add support for NAT traversalFilip Tehlar1-4/+1
Type: feature * initiator behind NAT supported * tested with static NAT mappings * works only with pre-configured tunnels The pre-configured tunnel has to be defined as follows: initiator (i) side: src=ip(i) dst=ip(r) responder (r) side: src=ip(r) dst=ip(nat) Change-Id: Ia9f79ddbbcc3f7dc8fde6bbeca2a433e3b784e94 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-14nat: "users" dump for ED-NATKlement Sekera1-1/+1
Since the removal of "users" concept in ED-NAT nat44_user_dump API returns empty array. This brings back previous behaviour at a considerable runtime cost until a better API is introduced. Type: improvement Change-Id: I5a45923cfeb6b8ebe6fc906601264d6567386991 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-05-14ip: fix interface ip address del sw_if_index checkyedg2-0/+36
Type: fix Signed-off-by: Ye donggang <yedg@wangsu.com> Change-Id: Ia9f72ff2be455ecd4ff3d16e884c5a50f9df69fe
2020-05-13feature: Config end nodes are user specificNeale Ranns1-0/+12
Type: fix it is possible for a user to change the end node of a feature arc, but this change should only apply to that 'instnace' of the arc, not all arcs. for example, if a tunnel has its ipx-output end node changed to adj-midchain-tx, this shouldn't affect all ipx-output arcs. obviously... Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I41daea7ba6907963e42140307d065c8bcfdcb585
2020-05-13ipsec: Support 4o6 and 6o4 for SPD tunnel mode SAsNeale Ranns1-1/+75
Type: feature the es4-encrypt and esp6-encrypt nodes need to be siblings so they both have the same edges for the DPO on which the tunnel mode SA stacks. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I2126589135a1df6c95ee14503dfde9ff406df60a
2020-05-05tests: clean up loggingPaul Vinciguerra2-30/+25
Tests currently expect the logger to be poked from run_tests.py. The tests should run without any magic values. This change sets a default null logger and removes the hasattr checks for the logger. For reference, see: https://docs.python-guide.org/writing/logging/ Type: test Change-Id: I98f953d73d12d00e74b59c94a0fb8c7a625b9c44 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-05ipsec: User can choose the UDP source portNeale Ranns5-97/+252
Type: feature thus allowing NAT traversal, Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-05gso: fix the make test for ipipMohsin Kazmi1-2/+15
Type: test This commit fixes the make test for GSO/IPIP which are added in following commit id: 84f91fa9c54f82c54b58ea3bf6e9ba22ff735d3a Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I66a57fe195e626b432ff0acba3a5bdf242a7a46e
2020-05-05api: ip: add IP_ROUTE_LOOKUP APIChristian Hopps2-0/+148
Add an IP_ROUTE_LOOKUP function that does either an exact match or longest prefix match in a given fib table for a given prefix returning the match if present. Add API test. Type: improvement Signed-off-by: Christian Hopps <chopps@labn.net> Change-ID: I67ec5a61079f4acf1349a9c646185f91f5f11806
2020-05-05gso: add support for IP-IPMohsin Kazmi1-6/+199
Type: feature Change-Id: I37752af8496e0042a1da91124f3d94216b39ff11 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-05-04fib: midchain adjacency optimisationsNeale Ranns1-2/+3
Type: improvement - inline some common encap fixup functions into the midchain rewrite node so we don't incur the cost of the virtual function call - change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header - add adj-midchain-tx to multiarch sources - don't run adj-midchain-tx as a feature, instead put this node as the adj's next and at the end of the feature arc. - cache the feature arc config index (to save the cache miss going to fetch it) - don't check if features are enabled when taking the arc (since we know they are) the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc) for IPSec: - don't run esp_encrypt as a feature, instead when required insert this node into the adj's next and into the end of the feature arc. this implies that encrypt is always 'the last feature' run, which is symmetric with decrypt always being the first. - esp_encrpyt for tunnels has adj-midchain-tx as next node Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-05-04misc: binary api fuzz test fixesDave Barach2-2/+9
Add a hook to src/vlibapi/api_shared.c to fuzz (screw up) binary API messages, e.g. by xoring random data into them before processing. We specifically exempt client connection messages, and inband debug CLI messages. We step over msg_id, client index, client context, and sw_if_index. Otherwise, "make test" vectors fail too rapidly to learn anything. The goal is to reduce the number of crashes caused to zero. We're fairly close with this patch. Add vl_msg_api_max_length(void *mp), which returns the maximum plausible length for a binary API message. Use it to hardern vl_api_from_api_to_new_vec(...) which takes an additional argument - message pointer - so it can verify that astr->length is sane. If it's not sane, return a u8 *vector of the form "insane astr->length nnnn\0". Verify array lengths in vl_api_dhcp6_send_client_message_t_handler(...) and vl_api_dhcp6_pd_send_client_message_t_handler(...). Add a fairly effective binary API fuzz hook to the unittest plugin, and modify the "make test" framework.py to pass "api-fuzz { on|off }" to enable API fuzzing: "make API_FUZZ=on TEST=xxx test-debug" or similar Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0157267652a163c01553d5267620f719cc6c3bde
2020-05-03tests: vpp_interface remove deprecated packed propertiesPaul Vinciguerra12-102/+67
The api no longer requires packed ip addresses. Type: test Change-Id: If67365d86b7c3189f871a58234e99f9c8f875371 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-03tests: improve vpp_papi_provider exception outputPaul Vinciguerra1-4/+12
saves time debugging tests by replacing 'API call' with the actual function signature: vpp_papi_provider.UnexpectedApiReturnValueError: API call failed, expected 0 return value instead of -2 in vxlan_add_del_tunnel_reply(_0=247, context=5052, retval=-2, sw_if_index=4294967295) vpp_papi_provider.UnexpectedApiReturnValueError: vxlan_add_del_tunnel(is_add=0, src_address=172.16.1.1, dst_address=239.1.1.209, vni=209, sw_if_index=26, mcast_sw_if_index=1, encap_vrf_id=None, instance=None, decap_next_index=None) failed, expected 0 return value instead of -2 in vxlan_add_del_tunnel_reply(_0=247, context=5052, retval=-2, sw_if_index=4294967295) Type: test Change-Id: Ie3b6a5fdb4e1d427d60c51f7a7bf815af0bb3de6 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-01tap: implement sw_interface_tap_v2_dump filtering by sw_if_indexPaul Vinciguerra2-9/+19
Type: feature Change-Id: I6f607f383dc77a71e8712124f7613b38b4ac065a Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-30ip-neighbor: Add flush APINeale Ranns1-6/+156
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I96509c274895b917c3e220204d7959d9270de30d
2020-04-30build: rework x86 CPU variantsDamjan Marion1-15/+40
Type: improvement Change-Id: Ief243f88e654e578ef9b8060fcf535b364aececb Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-04-28vppinfra: improve test coverageDave Barach2-0/+46
Bonus corner-case bugfix in bitmap.h, found during the exercise. Issue dates from 2001 or thereabouts. Please review this specific change carefully. lcov_post: filter system include directories and generated files in build-root Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Iaa0b63e9dc571dfe3d992197ac49ba4d93403c61
2020-04-28tests: fix update_path_flags for multicast in vpp_ip_routePaul Vinciguerra1-2/+2
add support for the case where the first path doesn't match the searched interface. Type: test Change-Id: I29bd724cfe275ec5489d32c37ef2af12d6d1102a Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-28tests: implement ipaddress convenience methodsPaul Vinciguerra5-85/+40
Add vpp specific properties to ip addresses for use in the api. .vapi_af -- returns [ADDRESS_IP4, ADDRESS_IP6] .vapi_af_name -- returns the string ['ip4', 'ip6'] Update tests to demonstrate usage. Type: feature Change-Id: I43447a1522769d99f89debdc714c51700068d771 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-28lisp: API cleanupJakub Grajciar3-204/+94
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: Ib7f73a0b6de188982a09040f7739dc46be3cb1de Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-04-28vlib: startup multi-arch variant configurationRay Kinsella3-0/+126
Support for startup node multi-arch variant selection through startup.conf. This is to facilitate unit, functional testing and benchmarking of non-default multi-arch variant node code path. Also added parameters to make test, to specific using multi-arch variants in unit testing. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I94fd332bb629683b7a7dd770ee9f615a9a424060
2020-04-28tests: move defaults from defaultmapping to .api filesPaul Vinciguerra1-16/+1
facilitates use of papi beyond the tests. Type: improvement Change-Id: I3d502d9130b81a7fb65ee69bb06fe55802b28a27 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-27virtio: support virtio 1.1 packed ring in vhostSteven Luong1-2/+4
virtio 1.1 defines a number of new features. Packed ring is among the most notable and important one. It combines used, available, and descripptor rings into one. This patch provides experimental support for packed ring. To avoid regression, when packed ring is configured for the interface, it is branched to a separate RX and TX driver. Non packed ring should continue to perform as it was before. Packed ring is tested using qemu4.2 and ubuntu focal fossa (kernel 5.4.0-12) on the guess VM which supports packed ring. To configure VPP with packed ring, just add the optional keyword "packed" when creating the vhost interface. To bring up the guest VM with packed ring, add "packed=on" in the qemu launch command. To facilitate troubleshooting, also added "verbose" option in show vhost desc CLI to include displaying the indirect descriptors. Known qemu reconnect issue - If VPP is restarted, guest VMs also need to be restarted. The problem is kernel virtio-net-pci keeps track of the previous available and used indices. For virtio 1.0, these indices are in shared memory and qemu can easily copy them to pass to the backend for reconnect. For virio 1.1, these indices are no longer in shared memory. Qemu needs a new mechanism to retrieve them and it is not currently implemented. So when the protocol reconnects, qemu does not have the correct available and used indices to pass to the backend. As a result, after the reconnect, virtio-net-pci is reading the TX ring from the wrong position in the ring, not the same position which the backend is writing. Similar problem exists also in the RX. Type: feature Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I5afc50b0bafab5a1de7a6dd10f399db3fafd144c
2020-04-27vlib: pcap rx/tx/dispatch trace testDave Barach1-0/+89
Mainly intended to improve code coverage, but since the test only runs for 0.3 seconds we might as well run it all the time. Type: test Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Icfd0f4dbcdbf76abbaa12e16cee1136413c8ae2e