summaryrefslogtreecommitdiffstats
path: root/test
AgeCommit message (Collapse)AuthorFilesLines
2021-08-19nat: handle ED in2out ICMP errors with workersMatthew Smith1-0/+45
Type: fix With endpoint dependent NAT44, When there are multiple workers we look for a flow which matches the packet in order to figure out which worker should handle the packet. If the packet is an ICMP error, it may be associated with an existing flow by inspecting the L3/L4 headers that are included in the message payload. This was not being done for in2out packets in nat44_ed_get_in2out_worker_index(), so some packets which were related to an open session were not being associated with that session and were being passed to a different thread than the one where the session was created. Later on, when the packet was processed by the fast path in2out node, the L3/L4 headers in the payload are inspected and the fast path node finds the existing session. Since that session is owned by a different thread than the one the packet is being processed by, the in2out fast path node can potentially access the wrong session and/or memory adjacent to the session pool. This can cause a SEGV. Make nat44_ed_get_in2out_worker_index() look at the inner headers when processing an ICMP error. THis is already done in nat44_ed_get_out2in_worker_index() and in the fast path in2out node. Change-Id: Icdc1abebcbce452ee7be7cb23fc563e09bf575f2 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-08-17nat: fix counters increment for output featureAlexander Chernavin1-1/+1
Type: fix The NAT plugin stores packet counters and a counter represents a vector indexed by interface index. When an interface is assigned a NAT role, the counters are validated to be long enough for the given interface index. When a packet traverses NAT in2out and output feature is disabled, the appropriate counters are updated by the RX interface index. In this case, translation happens on the inside interface and its index was ensured to be valid in all of the counters during NAT role assignment. When a packet traverses NAT in2out and output feature is enabled, the appropriate counters are updated by the RX interface index too. In this case, translation happens on the outside interface and the packet could be received on any interface, even with no NAT role assigned. If that's the case and its index is greater than the greatest index validated in the counters, a new counter value will be written to memory that does not belong to the counter. As a result, a crash will occur at some point. With this change, use TX interface index to update the counters when output feature is enabled. TX interface is an actual interface where translation happens and its index is always valid in the counters. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I53a52af949fe96419e1b5fef4134ab4062198f51
2021-08-13tests docs: upgrade python packagesDave Wallace16-354/+439
- Upgrade python package requirements for test & docs - Clean up docs generation warnings - Consolidate python requirements for docs in test requirements specs. - Upgrade pip Type: make Change-Id: I74a3924b43ed93d15b32ec9f6fc41ed1ba95b69b Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2021-08-09ip6-nd: only respond to RS if sending RA is enabledOle Troan1-1/+15
Even when periodic RAs are disabled VPP would respond to router solicitations. Making it impossible to have an IPv6 enabled interface with hosts connected to it without VPP acting as a default router. This change drops RS messages if the radv_info->send_radv is off. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I9a68f8e12c93c1c00125b54f8fd454f48fa22caa Signed-off-by: Ole Troan <ot@cisco.com>
2021-07-29nat: fix ICMP checksum validationKlement Sekera1-0/+44
Handle case where extra data is present in buffer which is not part of IP/ICMP headers. Type: fix Fixes: 05b5a5b3b4b04823776feed6403b5a99b2e06d76 Change-Id: Icfef811470056d38c60fc45cc302139ed7594385 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-07-28gre: set proper fib index for unnumbered interfaces, unset fib index before ↵Stanislav Zaikin1-7/+9
forwarding gre payload This commit introduces 2 fixes: 1) After GRE decapsulation sw_if_index[VLIB_TX] is set as fib index of GRE tunnel. But since GRE tunnel can work on v4 endpoints and have v6 payload, we need to reset it. In case we get IPv6 packet inside IPv4 GRE tunnel (or vice-versa) fib index can be (and usually is) invalid. 2) Check that ip-table and ip6-table are the same when setting interface as an unnumbered one. Also, fix for the pipe test include setting the right unnumbered interface for the pipes Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: Id13d239cfdd21e0db6b1c9725f01c40d4af4d800
2021-07-19nat: harden ICMP handlingKlement Sekera1-0/+4
Verify that headers are not truncated and that checksums are valid. Correct checksum computation in translation code. Type: fix Change-Id: I6acfcec4661411f83c86b15aafac90cd4538c0b5 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-07-14nat: adding support for icmp-error msgFilip Varga1-0/+35
Extending tests. Type: test Change-Id: I98cc1d214ead10ac53fed34a1492d9b5f37975a2 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-07-14nat: refactoring NAT44ED cfg functionsFilip Varga1-11/+2
Refactored & fixed NAT44ED configuration functions used for handling interfaces and nodes. Type: refactor Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I6fbbb7f0fe35d572675997745d53290152987424
2021-07-13fib: Set the GLEAN flag on attached export routes so that the SAS worksNeale Ranns2-1/+14
correctly. Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I4bc2eb394a8f9d01c5a12de2ce963c22209d5439
2021-07-12papi: remove shared memory transportOle Troan2-2/+1
This patch removes the papi transport shared memory plugin. It also removes any dependency on CFFI. Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ia81701c0dc506871e511495d837e41420e1fdf72 Signed-off-by: Ole Troan <ot@cisco.com>
2021-07-09gso: add ipsec tunnel testsMohsin Kazmi1-0/+247
Type: test Change-Id: I831bc8c21f8ce869054eafcb14542508039c1b82 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-07-06vrrp: Fix for test-all testcases failure.Rajaselvam1-18/+16
Failure due to the method vrrp_adv_packet scope and self reference. Type: fix Signed-off-by: rajaselvam <rajaselvam@gmail.com> Change-Id: I4ec14ea37928142651eb08fcc5736bc9c24ab062
2021-06-30ipsec: Derive the TUNNEL_V6 flag from the configured address typesNeale Ranns1-2/+0
Type: improvement There's no need for the user to set the TUNNEL_V6 flag, it can be derived from the tunnel's address type. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I073073dc970b8a3f2b2645bc697fc00db1adbb47
2021-06-29ipsec: Fix setting the hi-sequence number for decryptNeale Ranns2-192/+1016
Type: fix two problems; 1 - just because anti-reply is not enabled doesn't mean the high sequence number should not be used. - fix, there needs to be some means to detect a wrapped packet, so we use a window size of 2^30. 2 - The SA object was used as a scratch pad for the high-sequence number used during decryption. That means that once the batch has been processed the high-sequence number used is lost. This means it is not possible to distinguish this case: if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl)) { ... if (post_decrypt) { if (hi_seq_used == sa->seq_hi) /* the high sequence number used to succesfully decrypt this * packet is the same as the last-sequnence number of the SA. * that means this packet did not cause a wrap. * this packet is thus out of window and should be dropped */ return 1; else /* The packet decrypted with a different high sequence number * to the SA, that means it is the wrap packet and should be * accepted */ return 0; } - fix: don't use the SA as a scratch pad, use the 'packet_data' - the same place that is used as the scratch pad for the low sequence number. other consequences: - An SA doesn't have seq and last_seq, it has only seq; the sequence numnber of the last packet tx'd or rx'd. - there's 64bits of space available on the SA's first cache line. move the AES CTR mode IV there. - test the ESN/AR combinations to catch the bugs this fixes. This doubles the amount of tests, but without AR on they only run for 2 seconds. In the AR tests, the time taken to wait for packets that won't arrive is dropped from 1 to 0.2 seconds thus reducing the runtime of these tests from 10-15 to about 5 sceonds. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iaac78905289a272dc01930d70decd8109cf5e7a5
2021-06-28ipsec: Split the SA add_del API into an separate add and delNeale Ranns1-20/+2
Type: improvement the rationale being that the del only requires the SA's ID, so it's a bit mean to require the client to fill out all the other information as well. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibbc20405e74d6a0e1a3797465ead5271f15888e4
2021-06-28ipsec: Enable the extended Sequence Number IPSec tests for GCMNeale Ranns1-2/+72
Type: test Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie691b1c8841f5e195525bfff990f12ab918ba394
2021-06-25stats: revert "add a retry mechanism in a symlink test"Beno�t Ganne1-15/+1
This reverts commit d70777aa60a87001f323f3b226d7e5cee2cd23d8. Reason for revert: wrong fix Type: fix Change-Id: Ibff1b977eae8d2cc85888165ebf83c42eb661698 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-06-22nat: don't drop packet with ttl=1 if output featureKlement Sekera1-0/+26
TTL was already decremented in ip4-rewrite so it's okay if it's 1. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I587dc343737c15247eb62837a06d5e44c0d11acc
2021-06-22stats: add a retry mechanism in a symlink testArthur de Kerhor1-1/+15
When creating a new node, a corresponding node symlink is created when the nodes counters update. To be sure we are able to access this symlink, a retry mechanism was added. Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: Ieb08d8554b4fd13d01e79062b5f820b235be9a13
2021-06-17tests: Tests for cross AF routingNeale Ranns1-0/+124
Type: test Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iebee39d0974c6f458863ce6144c6a83bc3cf4cb7
2021-06-17mpls: CLI to show the MPLS forwarding state of an interfaceNeale Ranns1-0/+7
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I28b98154bbff36e8391a09a2b30302dda4349946
2021-06-16api: remove custom dumpFilip Tehlar1-2/+0
Type: improvement Change-Id: I4b9b2be8817be10e46accc19219deb2b544f266b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-06-14linux-cp: Add tests for tun devicesNeale Ranns3-5/+252
Type: test Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iec69d8624b15766ed65e7d09777819d2242dee17
2021-06-14pg: A Tunnel mode variant of a pg interfaceNeale Ranns3-4/+129
Type: feature this allows VPP to simulate linux tun devices. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3adf38b49a254804370f78edd5d275d192fd00a6
2021-06-08vppinfra: pool_free_elts() now supports fixed-size poolsDave Barach1-0/+13
Test added to the unittest plugin / test_vlib.py Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I73445e57918347c102ff6f5e8c9ddb9bd96f1407
2021-06-03fib: fix flags updates when adding routes with a udp encap pathArthur de Kerhor1-5/+5
When adding a route via a udp encap instance, FIB_ENTRY_FLAG_IMPORT should not be set. In particular, fib_route_attached_cross_table should always return false for such paths. Modified test_udp_encap to leverage the bug that needed to be fixed. Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: Iaa9489e96d1cff09751f92c62caf7999d924fd7f
2021-05-29udp: add udp decapsulationArthur de Kerhor2-4/+179
Possibility to register a port via CLI or API to decap incoming UDP packets: - For CLI, a user needs to specify the inner protocol (only MPLS supported for now) - For API, the protocol is specified by index Added unittests Type: feature Change-Id: Ifedd86d8db2e355b7618472554fd67d77a13a4aa Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2021-05-28svm: fix inadequate atomic load for chunk mgrDave Wallace1-3/+1
- Fixes intermittent LDP cut thru iperf3 test failure on AARCH64 Type: fix Change-Id: Id21a078d642e03d974bacacd1f4d0faa42fb6652 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2021-05-27ip: allow the 'ip6 enable' on tunnel interface typesNeale Ranns1-2/+78
Type: feature This was limited to HW interface types (for historical reason AFAICT) Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3785a356ae31722fa60d84f64ec9aa53ebdd615f
2021-05-26tests: Fix 'test-wipe'Neale Ranns1-1/+0
Type: fix Error: vagrant@ ~/vpp (make-test-wipe) $ make test-wipe make[1]: Entering directory '/home/vagrant/vpp/test' make[2]: Entering directory '/home/vagrant/vpp/test' make[2]: *** ext: No such file or directory. Stop. make[2]: Leaving directory '/home/vagrant/vpp/test' make[1]: *** [Makefile:239: wipe] Error 2 make[1]: Leaving directory '/home/vagrant/vpp/test' make: *** [Makefile:440: test-wipe] Error 2 Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3615a962882d5d56c394aa628e9942fed07cde84
2021-05-26fib: During the mfib lookup set the unicast FIB index in the packet so that ↵Neale Ranns1-2/+39
a uRPF check on a for-us packet is done in the correct VRF Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iafa6efea0d96962aa9136dccefc148a961f74476
2021-05-26tests: move vapi C/C++ test files into src/Damjan Marion6-1562/+9
Type: improvement Change-Id: Iaad004661db1e9076e6c27227878f1612fa7289f Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-05-25nat: report correct EI per-user session limitMatthew Smith1-0/+6
Type: fix When enabling the endpoint independent NAT44 plugin, user_sessions determines the maximum number of translations that can be active for a single inside address. If 0 is passed in, a default value is used but 0 is still stored in the field that is used to populate reply messages to nat44_ei_show_running_config, At the time of enabling the plugin, if user_sessions is 0, update the field which is used by nat44_ei_show_running_config to contain the default per-user limit which gets used by the EI nodes. Change-Id: I6b060d85bcd42d91db879b95a8b07c6844bcd2a5 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-05-24tests: skip hoststack iperf3 cut thru test on aarch64Dave Wallace1-1/+3
- Temporary fix for intermittent unrelated test failure on AARCH64 CI verify/merge jobs. To be reverted when the root cause is fixed. Type: test Change-Id: Ie28e5a7b9fa9a20469ac7e91766f4c226e44d244 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2021-05-21bfd: use vnet cryptoKlement Sekera1-1/+1
Type: improvement Change-Id: I873a99c1258a97ed5ed195b9756e8302f865e7f0 Signed-off-by: Klement Sekera <ksekera@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-05-21tests: add role to VCLAppWorkerDave Wallace2-8/+9
- Improve readability of log output with respect to worker role Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I1a5787421b31483fa1a2558951568417dfc111d9
2021-05-21quic: add extended vcl testFlorin Coras1-0/+42
Only works with release binaries. Type: test Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iede88713e1dbc4d1c6ae62651ff9150f88953f4d
2021-05-20tests: don't buffer worker stdin/stdoutDave Wallace1-2/+3
- Required to get VCLAppWorker stdin / stdout data into log.txt when a test fails. Type: test Change-Id: I4db467986940f701750aec6d842a4d9aee22b4e6 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2021-05-18tls: fix dtls with no workersFlorin Coras1-2/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iecc33fda7f28c037289775ffe0525a50f89a2b8c
2021-05-18nat: refactor multiple vrf testsKlement Sekera1-25/+120
Replace VRF test testing multiple scenarios into more simpler tests to improve readability and ease of debugging. Type: refactor Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ibaad5328c73b401f52c5fe513dc0ed68ff3e3374
2021-05-13tests: move test source to vpp/testDave Wallace92-38/+55932
- Generate copyright year and version instead of using hard-coded data Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e
2021-05-08tests: fix another race condition in punt testsDave Wallace1-5/+7
- Don't close the socket and don't stop receiving until after draining the existing data in the socket. Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I38dfff4d6273eeddb5196f5cf2a60b580e1c93e6
2021-05-06vcl: add dtls testFlorin Coras1-0/+40
Type: test Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I726ab3a22399e970b0dd37a5b174062137265914
2021-05-06tests: fix race condition in punt testsDave Wallace1-1/+1
Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I6cb13e044bbb966cbb61802094e96220d3a0c951
2021-05-06vcl: move tests to src/testsFlorin Coras1-0/+872
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If622dfcc6f98d90cac0487e6bb9eb8c0bb01cf85
2021-05-04stats: adding symlinks for nodes and interfaces in the stat segmentArthur de Kerhor2-1/+99
A given interface counter (e.g rx) can be accessed via /interfaces/<interface_name>/<counter_name>. Same goes with nodes: /nodes/<node_name>/<counter_name> As interfaces may contain '/' in their names, these are replaced by '_' in symlinks Also added 2 tests for the stat segment Type: feature Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: I27da252e7b3dc177815616ca46b5c200a456bf0f Signed-off-by: Ole Troan <ot@cisco.com>
2021-04-29crypto: fix chained buffer integrity supportBenoît Ganne1-1/+1
Type: fix Change-Id: I984a3e577a4209e41d046eaf3a8eef8986dc6147 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-04-28tests: add worker count to class descriptionKlement Sekera1-1/+9
While running test: ============================================================================== NAT44ED Test Case ============================================================================== ==> ============================================================================== NAT44ED Test Case [main thread only] ============================================================================== ============================================================================== NAT44ED Test Case [1 worker thread] ============================================================================== ============================================================================== NAT44ED Test Case [4 worker threads] ============================================================================== Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I61904b411ff1b58700564698079dc4c07cea5c5e
2021-04-26vapi: silence warningsDamjan Marion1-4/+4
Type: fix Change-Id: I91d7bfbfaafc7b780f91dec7c9e5ce07241e6394 Signed-off-by: Damjan Marion <damarion@cisco.com>