aboutsummaryrefslogtreecommitdiffstats
path: root/test
AgeCommit message (Collapse)AuthorFilesLines
2024-09-06session: add Source Deny ListSteven Luong2-0/+372
With this feature, session enable is now modified to have 3 modes of operation session enable -- only enable session session enable rt-backend sdl -- enable session with sdl session enable rt-backend rule-table -- enable session with rule-table session rule tables are now created on demand, upon adding first rule to the rule table. refactor session table to remove depenency from sesssion rules table. Now session rules table APIs take srtg_handle and transport proto instead of srt pointer. Type: feature Change-Id: Idde6a9b2f46b29bb931f9039636562575572aa14 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-08-22tests: fix make test python issues on ubuntu 24.04Dave Wallace6-11/+625
- add patch to scapy to use latest six module instead of the old scapy specific six module which fails to import moves sub-module on python 3.12 - fix warning for deprecated legacy editable install of vpp_papi - skip failing testcases on ubuntu-24.04 Type: test Change-Id: Idc1a008c6e45ba69caa50c2e245012eb05effed7 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2024-08-20http_static: make max-age configurableAdrian Villin1-0/+2
Type: improvement Change-Id: I629add6e3f4219d56610c3785013f69dbe847844 Signed-off-by: Adrian Villin <avillin@cisco.com>
2024-08-08tests: fix scapy 2.4.5 IPsec patch for AH + ESNBenoît Ganne2-18/+35
Type: fix Change-Id: Ifac0e2aca83fa2a79b65d8d1a40add02051287d2 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-08-07tests: fix ipv6 fragmented esp w/ scapy 2.4.5Benoît Ganne2-5/+4
Since scapy 2.4.4, scapy will not decode the next layer if the fragment offset is not 0 - IOW it will decode only for the 1st fragment. See https://github.com/secdev/scapy/commit/f1c26e77c535598f84b01035ac8ac465def30c72 Type: fix Change-Id: If738734f90b15b24c0d98fec4bce4ff48c6d5fea Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-08-07ikev2: handoff packetsStanislav Zaikin1-23/+35
current approach saves state in per-thread data structure. in multi-worker + nat-t cases udp/500 and udp/4500 might be dispatched on different workers. this patch adds hands off packet to 1 explicit thread - 1st worker (or main thread in case there're no workers) or to thread that was explicitly set by user via configuration Type: improvement Change-Id: Ib5cd9a4b8612dfaa63b276035709524f7a492d4f Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
2024-08-07ikev2: fix BN_bn2bin re-allocationStanislav Zaikin1-10/+0
the former code was re-allocating the vector when padding takes place. it's not necessary since we have the correct size. also, it caused issues since upper layer doesn't know about re-allocation and it caused crash. with this patch many test-cases are enabled again. Type: fix Change-Id: Idf0b320101670ec64d62e9aac6399cc7c54c996f Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
2024-08-07tests: update scapy to version 2.4.5Dave Wallace28-288/+585
- Required for Ubuntu 24.04 LTS jobs - temporarily disable TestIpsecEsp1 and TestIpsecAhAll tests until a patch can be added to fix them Type: test Change-Id: I1ae7b170117182c3252629bbbb770775e2c496c9 Signed-off-by: Benoît Ganne <bganne@cisco.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2024-08-01misc: remove deprecated builtinurl pluginMatus Fabian1-2/+2
Plugin code is incorporated in http_static plugin for longer time. Type: refactor Change-Id: Ib74adb2a79d3ee715bbc994d77bc7718faf7184f Signed-off-by: Matus Fabian <matfabia@cisco.com>
2024-07-24prom: test_prom fixMatus Fabian1-0/+1
Type: test Change-Id: I022a3435429976590b8e8e2e1abe924188d1c3f9 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2024-07-24session: delete and add application namespace do not create the global ↵Steven Luong1-28/+0
session table When an application namespace is added, we call session_table_is_alloced to see if we need to allocate a new session table. That check returns true even if we removed the session table. The fix is when we delete an application's global session table, we need to invalidate fib_index_to_table_index. Fixed test_vcl test script to run two tests back to back. The 1st test deletes the application namespace at the end. The 2nd test adds the application namespace in the beginning. Type: fix Fixes: 67bae20b05cb46e5f6d19afeaf1f7a52a5309d59 Change-Id: I67f5cc1b726a07659597a9479df011717db08d0a Signed-off-by: Steven Luong <sluong@cisco.com>
2024-07-18tests: output raw packet data when decoding pcap filesDave Wallace1-1/+1
Type: test Change-Id: I4e945b2bd067466afdaa58a6f07a1ab2c567bc2b Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2024-07-15session: application namespace may reference a deleted vrf tableSteven Luong6-0/+80
lock the vrf table when adding an application namespace and unlock the vrf table when deleting an application namespace. Free the session table when no more application namespace uses it anymore to avoid memory leaks. Type: fix Change-Id: I10422c9a3b549bd4403962c925e29dd61a058eb0 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-07-15tests: more options for decoding pcapsKlement Sekera3-18/+25
Introduce "none", "all" and "failed" options for --decode-pcaps parameter. Keep "failed" as default to be consistent with current behaviour. Add missing documentation to test/Makefile and passthrough to Makefile. Rationale: running tshark binary takes about 100-150ms and if there are thousands of pcap files, it takes minutes to decode them. This might not be desirable if rerunning the tests repeatedly during development. Type: improvement Change-Id: Ie033521d51d18b9d499b9bc40fe6eff21c94622d Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2024-07-12tests: skip more excluded plugin testsDmitry Valter68-0/+351
Check and skip VPP_EXCLUDED_PLUGINS tests for most of plugins. Type: improvement Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Change-Id: I23fd3666729251c639aa8da72a676058e3f5bb4e
2024-07-12fib: make mfib optionalBenoît Ganne7-26/+34
In some cases we do not need multicast support. Making it optional helps scaling to high number of VRFs, by reducing the control plane operations and memory consumption. Type: improvement Change-Id: Ib34ed3fe2806e2f4624981da4e4a3c49c69f70be Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-07-03tests: disable failing tests on Ubuntu 22.04Andrew Yourtchenko5-10/+21
Also rework the logic so the skipping of marked Ubuntu 22.04 occurs at framework level Leave debian11 special cases as-is. Type: fix Change-Id: I481eb32cd1a0860935482e9f930ced409da653c9 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2024-06-19fib: fix ip drop path crashesDmitry Valter1-0/+13
Do not mark drop paths as imported to avoid crashes on invalid table lookup. ``` vpp[8478]: /build/Vpp2310/source/src/vnet/fib/fib_table.c:35 (fib_table_get) assertion `! pool_is_free (ip4_main.fibs, _e)' fails #9 0x00007ff21785da1d in _clib_error () from /lib/x86_64-linux-gnu/libvppinfra.so.23.10 #10 0x00007ff218087698 in fib_table_get (index=4294967295, proto=FIB_PROTOCOL_IP4) at /build/Vpp2310/source/src/vnet/fib/fib_table.c:35 #11 0x00007ff218087a37 in fib_table_lookup_exact_match (fib_index=4294967295, prefix=0x7ff0eae0d354) at /build/Vpp2310/source/src/vnet/fib/fib_table.c:100 #12 0x00007ff2180bc938 in fib_attached_export_import (fib_entry=0x7ff0eceac3e0, export_fib=4294967295) at /build/Vpp2310/source/src/vnet/fib/fib_attached_export.c:264 #13 0x00007ff218098ade in fib_entry_post_flag_update_actions (fib_entry=0x7ff0eceac3e0, old_flags=FIB_ENTRY_FLAG_NONE, new_fib_index=4294967295) at /build/Vpp2310/source/src/vnet/fib/fib_entry.c:624 #14 0x00007ff218098b90 in fib_entry_post_install_actions (fib_entry=0x7ff0eceac3e0, source=FIB_SOURCE_API, old_flags=FIB_ENTRY_FLAG_NONE) at /build/Vpp2310/source/src/vnet/fib/fib_entry.c:674 #15 0x00007ff218098cce in fib_entry_create (fib_index=1, prefix=0x7ff0d3244d80, source=FIB_SOURCE_API, flags=FIB_ENTRY_FLAG_NONE, paths=0x7ff0eac15ab8) at /build/Vpp2310/source/src/vnet/fib/fib_entry.c:712 #16 0x00007ff218088db4 in fib_table_entry_update (fib_index=1, prefix=0x7ff0d3244d80, source=FIB_SOURCE_API, flags=FIB_ENTRY_FLAG_NONE, paths=0x7ff0eac15ab8) at /build/Vpp2310/source/src/vnet/fib/fib_table.c:799 #17 0x00007ff2180c026c in fib_api_route_add_del (is_add=1 '\001', is_multipath=0 '\000', fib_index=1, prefix=0x7ff0d3244d80, src=FIB_SOURCE_API, entry_flags=FIB_ENTRY_FLAG_NONE, rpaths=0x7ff0eac15ab8) at /build/Vpp2310/source/src/vnet/fib/fib_api.c:485 #18 0x00007ff217d4b6dd in ip_route_add_del_t_handler (mp=0x7ff0eb08b998, stats_index=0x7ff0d3244dc8) at /build/Vpp2310/source/src/vnet/ip/ip_api.c:718 #19 0x00007ff217d4b986 in vl_api_ip_route_add_del_t_handler (mp=0x7ff0eb08b998) at /build/Vpp2310/source/src/vnet/ip/ip_api.c:789 ``` Type: fix Fixes: 4b08632748727486e7ebfdcf4d992743595bc500 Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Change-Id: I647899533771c35f44c9ecde517a30f111b36ad9
2024-06-05tests: organize test coverage report generationDave Wallace1-7/+45
- Remove code from test report that is effectively untested and categorize based on reason for lack of testing. Type: test Change-Id: I6ca5444055b3a81a4880945b6845afc867556277 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2024-06-04ipsec: fix missing udp port checkFan Zhang2-10/+10
Type: fix This patch fixes the missing UDP port check in IPsec NAT-T case. As of RFC3948 UDP encapped ESP traffic should have destination port ID of 4500, which was missing. The related tests are updated with this port ID, too. Change-Id: I73ecc6a93de8d0f4b642313b0f4d9c2f214a7790 Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
2024-06-03fib: set the value of the sw_if_index for DROP routeMohsin Kazmi1-2/+45
Type: fix fib_api_path_decode() is utilized by the IP route API call to translate the path from the API to the fib_route_path_t structure. The ip_route_add_del_handler_t function initializes the fib_route_path_t structure to zeros, consequently setting the sw_if_index value to 0, which is a valid value in VPP. Typically, the default VRF (Virtual Routing and Forwarding) has a local interface at index 0, leading to normal functionality. However, a custom VRF table without any interface will result in a crash. The issue arises because the DROP route in fib_api_path_decode() does not override the sw_if_index value with the one provided in vl_api_fib_path_t. Subsequently, when this sw_if_index is attempted to be resolved in the VRF table where the interface does not exist, it leads to a crash. This patch addresses the problem by setting the sw_if_index of fib_route_path_t to the sw_if_index value of the API path. To reproduce the issue, please remove the fix and run the following command: make test-debug TEST=test_ip4.TestIPv4RouteLookup.test_exact_match Change-Id: I5d72e91e5c701e749a92873941bee7b7b5eabd41 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2024-05-30hs-test: added targets to makefiles to get coverage from HS testsadrianvillin1-6/+9
Type: make Change-Id: Iae7998692890264dfeea98c165617d0efa024d42 Signed-off-by: adrianvillin <avillin@cisco.com>
2024-05-08ethernet: check destination mac for L3 in ethernet-input nodeSteven Luong19-54/+58
When the NIC does not support mac filter, we rely on ethernet-input node to do the destination mac check, ie, when the interface is in L3, the mac address for the packet must be the mac address of the interface where the packet arrives. This works fine in ethernet-input node when all packets in the frame might have different interfaces, ie, ETH_INPUT_FRAME_F_SINGLE_SW_IF_ID is not set in the frame. However, when all packets are having the same interface, ETH_INPUT_FRAME_F_SINGLE_SW_IF_ID is set, ethernet-input node goes through the optimized routine eth_input_single_int -> eth_input_process_frame. That is where dmac check has a bug when all packets in the frame are either, ip4, ip6, or mpls without vlan tags. Because without vlan tags, the code handles all packets in fast path and ignores dmac check. With vlan tags, the code goes to slow path where dmac check is handled properly. The fix is to check if we have a bad dmac in the fast path and force the code to go to slow path which will handle dmac check properly. Also do a wholesale correction on all the testcases which do not use the proper dmac when sending L3 packets. Type: fix Change-Id: I73153a805cecdc24c4eefcc781676de04737ae2c Signed-off-by: Steven Luong <sluong@cisco.com>
2024-05-06vlib: revert automatic core pinning changesHadi Rayan Al-Sandid1-328/+0
This reverts commit 71c32a898941e32b5d4f865b50fbe775560c582d. Type: fix Reason for revert: vnet pinning is not considered in this patch. This causes keywords 'workers' and 'skip-cores' to be broken, as well as keyword 'main-core auto' introduced in this patch. If this patch is ever reconsidered, it must account for vnet pinning fix in commit https://gerrit.fd.io/r/c/vpp/+/40711. Change-Id: I1f3154a6c7e830b100f824375aa00e95b192f7f3 Signed-off-by: hsandid <halsandi@cisco.com>
2024-05-02gso: use the header offsets from buffer metadataMohsin Kazmi1-2/+2
Type: improvement Change-Id: I955fbef0e0238cb69307e96cd1c677061737e5f3 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2024-05-01tests: remove duplicate SVR test caseKlement Sekera1-10/+0
Type: fix Change-Id: I4105109c1c659190fc2da4ee1802ef53449a3c15 Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2024-04-23tests: allow ip table nameMaxime Peim1-2/+4
Type: refactor Change-Id: I4abbc77a447358f4beaa05505299cae732a3f374 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-04-09tests: allow to add paths to default routeMaxime Peim1-2/+12
After adding a path to the default route, the prefix still be there in the table as it is a mandatory prefix. However, the registry hence fail to remove the route from VPP. Type: fix Change-Id: Ic4ad72455ac7a1a2f1d8baba59a7a3afe1610726 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-04-09tests: Added a simple prom(etheus exporter) plugin testadrianvillin1-0/+58
Type: test Change-Id: Ibceabc411f09d80cc23be6f2e7c8abd56d4c4ac2 Signed-off-by: adrianvillin <avillin@cisco.com>
2024-04-09mpls: fix default mpls lb hash configVladislav Grishenko1-6/+101
In case of multiple path within tunnel, mpls lookup node computes lb hash with mpls_compute_flow_hash config value 0, so only mpls label and l4 ports gets accounted, not 5-tuple. This leads to flow traffic polarization and disbalance over mpls paths. Use mpls hash config from lb instead, usually it'll be MPLS_FLOw_HASH_DEFAULT with 5-tuple plus flowlabel. As optimization, fix flow hash reuse from the previous lookup node if present, like ip_lookup does. Previously mpls lookup always calcs the hash. Test lb distribution for both cases. Also, use the same flow hash hex format in ip4/ip6 and mpls traces for easier reading, most code changes is due fixstyle formatting. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ib89e1ab3edec14269866fe825a3e887d6c817b7c
2024-04-09vnet: fix ARP for unnumberedPim van Pelt1-6/+16
On unnumbered interfaces, ARP fails because there is no attached route. Allow replies to peer-to-peer addresses on unnumbered interfaces: eg. 192.0.2.1/32 <-> 192.0.2.2/32 Type: fix Change-Id: Ibeb8d8ebc8d58d5bfb0724739a17694e0217356e Signed-off-by: Pim van Pelt <pim@ipng.nl>
2024-04-03tests: upgrade python packagesDave Wallace8-477/+521
Type: test Change-Id: I01500466f3d15c79e38028677ce7e5c75d427fdc Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2024-04-02tests: figure out correct version of sed to runMatthew Smith1-1/+3
In run_in_venv_with_cleanup.sh, sed was changed to gsed to allow the script to run properly on FreeBSD because the sed script uses an expression that is specific to the gnu sed. Gnu sed is available to be invoked as gsed on FreeBSD systems, but there is no executable or symlink which allows sed to be run by the name gsed on ubuntu 22.04. Check for the existence of gsed. If it's found, use it. Otherwise, just use sed. Type: fix Fixes: b3c863eae4 Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I487197e486f500711aa3e87ec7ba899a53606b40
2024-04-02tests: Use gnu sed explicitly in test setup/tear downTom Jones1-1/+1
Type: improvement Change-Id: Ie79fd8a5bcfd72a97bf460ef6437913ac34f439c Signed-off-by: Tom Jones <thj@freebsd.org>
2024-04-02tests: Add missing socket imports in testsTom Jones3-0/+4
Type: fix Change-Id: I646f96517d3bda5c0f5644e6bb89ade7818fc466 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-04-02l2: fix vxlan src port entropy with mpls payloadVladislav Grishenko2-3/+80
l2 tunnels like vxlan, gtpu, geneva use vnet_l2_compute_flow_hash() to compute flow hash for udp src port entropy. In case of inner mpls tunnels to the same lsr ethernet src and dst macs are the same, so l2 flow hash is also the same leading to no src port entropy and the only rss queue overflow on receiver side. Fix it for all the possible vnet_l2_compute_flow_hash callers by making mpls playload hash in additon to ip4/ip6. Visible performance impact is not expected as it's only one check for mpls ethertype for common cases. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I69153d42fb3d7c094a670c674fac8d14039c626a
2024-03-29vlib: improve automatic core pinninghsandid1-0/+328
Type: feature Auto core pinning now fetches vpp cpu affinity list using pthread api. This enables us to do core-pinning in environments where the host cpu list does not necessarily align with cpus available to vpp Change-Id: Ife8c2a2351c08c5c6c4fdf7c729eeff2697bc39a Signed-off-by: hsandid <halsandi@cisco.com>
2024-03-26tests: Add support for getting corefile patterns on FreeBSDTom Jones2-2/+9
Type: improvement Change-Id: I960edc05a9a77eb55f67cb1ec01d2b3122298ef8 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-03-26tests: Add platform handling for FreeBSDTom Jones1-1/+6
FreeBSD doesn't have an easy mechanism to discover CPU features currently. For tests declare we don't support anything we are asked about. Add the FreeBSD spelling of amd64 while we are here. Type: improvement Change-Id: I3eb5db856ee5cbc71250e47eee619e2f620de33a Signed-off-by: Tom Jones <thj@freebsd.org>
2024-03-26tests: Add missing struct importTom Jones1-0/+1
Type: fix Change-Id: I957877d7a82dea437c072e493561894f11321aaf Signed-off-by: Tom Jones <thj@freebsd.org>
2024-03-26tests: Use errno value rather than a specific intTom Jones1-1/+2
For portability we use errno defines rather than explicit int values when checking for errors. Type: improvement Change-Id: Ib5fc1db357da150d008d5a11bef5dbc7ec354cfb Signed-off-by: Tom Jones <thj@freebsd.org>
2024-03-21ip: add support for buffer offload metadata in ip midchainArthur de Kerhor1-0/+201
The offload should be handled by gso node or by the NIC if the latter has the relevant capabilities. But ip midchain is missing the support for buffer offload metadata in case of GSO packet. This patch adds the relevant support to add the buffer metadata if the packet is GSO/IPIP to be handled accordingly. Type: improvement Change-Id: I17f5d71bf4c5f43a85ca3f2fbebfa1426b42ef69 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2024-03-18vapi: uds transport supportStanislav Zaikin1-9/+20
introduce ability to connect over unix socket instead of shared memory Type: improvement Change-Id: Id9042c74e33ad4e418896c4d7ae48bb9106195c9 Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com> Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2024-03-12tests: use proper unit test skip instead of printsKlement Sekera1-3/+1
Using unittest skip instead of print unclutters display by not printing skip messages when not applicable, e.g. when somebody runs tests which are unrelated to netns tests, e.g. with FILTER=vapi. Type: fix Fixes: e416893a59 Change-Id: Ie09e213249aa47da7e4ff484c3d072fbce3c2001 Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2024-03-07flowprobe: fix flush callbacks when multiple workersAlexander Chernavin1-2/+0
IPFIX buffers are stored on a per worker thread basis. Currently, the flush callbacks will flush only buffers stored for the main thread. And buffers for worker threads will not be sent until their size reach the path MTU configured for the exporter. So if traffic is constant, the problem will unlikely to be visible. Buffers will be sent once they reach the maximum size. However, if traffic stops at some point and flush is triggered in order to make the plugin send all currently buffered data, this will not happen. And collectors will not receive that data. The plugin will keep the remaining data until traffic starts again, the buffers reach the maximum size, and be sent. With this fix, flush buffers for worker threads and for the main thread when the flush callbacks are triggered. This will allow to remove @tag_fixme_vpp_workers from the unit tests that don't set timers. The tests that set timers will still be failing for other multi-worker related problems. Type: fix Change-Id: I9a7d9cef8ddbec7ee68c79309e48e7bc0953d488 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2024-03-04misc: fix icmpMaxime Peim2-3/+3
- fix ICMPv6 lookup FIB (don't reset sw_if_index[VLIB_TX] to -1) - add locally generated flag in ICMPv4 buffers (reflect ICMPv6) Type: fix Change-Id: If25a176a9952cbe185a030f8b136718af1bff9e8 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-03-04bpf_trace_filter: support bpf filter optimization and dumpVladislav Grishenko1-1/+32
BPF filter w/o optimization can take x2 - x3 more instructions, causing significant slow down in fast path. Enable pcap optimization by default via cli and introduce api v2 with pcap optimization control, keep v1 for a while as it exists in previous release already. Intriduce bpf filter cli dump, similar to tcpdump -d. Also fix memleak, function name typo, cli pcap format hint and add related tests. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I92b2b519e92326f1b8e1a4dda6a3e3edc52f87ad
2024-03-04fib: fix crash while adding intf-rx routesVladislav Grishenko2-0/+266
Fix crash while adding intf-rx ip4 and ip6 routes via api due invalid exporting of interface rx routes as attached. Also, add missed route path via rx-ip6 cli support. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I15711c8c0787398dd7e3baa4787019bb1f317666
2024-02-19ipsec: check each packet for no algs in esp-encryptMatthew Smith1-1/+23
In esp_encrypt_inline(), if two or more consecutive packets are associated with the same SA which has no crypto or integrity algorithms set, only the first one gets dropped. Subsequent packets either get sent (synchronous crypto) or cause a segv (asynchronous crypto). The current SA's index and pool entry are cached before it can be determined whether the packet should be dropped due to no algorithms being set. The check for no algorithms is only performed when the cached SA index is different than the SA index for the current packet. So packets after the first one associated with the "none" alg SA aren't handled properly. This was broken by my previous commit ("ipsec: keep esp encrypt pointer and index synced") which fixed a segv that occurred under a different set of circumstances. Check whether each packet should be dropped instead of only checking when a new SA is encountered. Update unit tests: - Add a test for no algs on tunnel interface which enables asynchronous crypto. - Send more than one packet in the tests for no algs. Type: fix Fixes: dac9e566cd16fc375fff14280b37cb5135584fc6 Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
2024-02-14tests: refactor virtual interface testsNaveen Joy17-98/+718
Split virtual interface tests in VPP into smaller and modular tests for testing various interface types and features. Type: test Change-Id: Ic38af88379f75eee3090679d411edbdc8fd5d2e5 Signed-off-by: Naveen Joy <najoy@cisco.com>