Age | Commit message (Collapse) | Author | Files | Lines |
|
VXLAN uses csum_offload for IPv6 packets.
But without gso node we have csum calculated only for inner
packet.
This patch adds support for outer header csum calculation.
Checksum for inner packet should be calculated before
interface-output node (for example in vxlan node).
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: Ica68429ede4426293769207cd83c791ebe72fe56
|
|
This reverts commit 9121c415a91904be50071ec55143d9c89b2f1b91.
Reason for revert: causes deadlock with multiple worker threads
Type: fix
Change-Id: Icf3d6d343d99d887abacbaa03acbf04d4628514e
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: test
Change-Id: I9e4f7cf44d465712aa26e5dd6a0ff38588964a39
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: improvement
Bond link state is being maintained inconsistently. It is initially set to
up. If the bond interface admin state is set to down, the link state is
set to down. If the bond interface admin state is set to up, the link
state is only set to up if there are active slave interfaces at that point.
If slaves become active at some later time, it does not get updated. Its
next chance to be updated is the next time the bond interface is set to
admin up.
To address this, do not set the link state to up after creating a bond.
Adjust the link state as slave interfaces are attached or detached
based on whether the bond is getting its first active slave or losing
its last one.
Unit test added to verify correct maintenance of link state.
Change-Id: I31f17321f7f0e727e1ab1e01713423af6566dad9
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
This fixes an issue where the pinned requirements file can be modified
when running the tests.
Change-Id: Ic89d1844d1fd8d00f62211a9b051a26ac34ee316
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
In case there is no free space in first buffer for ICV and footer,
additional buffer will be added, but esp_encrypt will stay in single
buffer mode.
The issue happens for the following payload sizes:
- TCP packets with payload 1992
- ICMP packets with payload 2004
This fix moves the single/chained buffer ops selection to after
esp_add_footer_and_icv call.
Type: fix
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Change-Id: Ic5ceba418f738933f96edb3e489ca2d149033b79
|
|
Type: feature
* initiator behind NAT supported
* tested with static NAT mappings
* works only with pre-configured tunnels
The pre-configured tunnel has to be defined as follows:
initiator (i) side: src=ip(i) dst=ip(r)
responder (r) side: src=ip(r) dst=ip(nat)
Change-Id: Ia9f79ddbbcc3f7dc8fde6bbeca2a433e3b784e94
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Since the removal of "users" concept in ED-NAT nat44_user_dump API
returns empty array. This brings back previous behaviour at
a considerable runtime cost until a better API is introduced.
Type: improvement
Change-Id: I5a45923cfeb6b8ebe6fc906601264d6567386991
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Signed-off-by: Ye donggang <yedg@wangsu.com>
Change-Id: Ia9f72ff2be455ecd4ff3d16e884c5a50f9df69fe
|
|
Type: fix
it is possible for a user to change the end node of a feature arc, but
this change should only apply to that 'instnace' of the arc, not all
arcs. for example, if a tunnel has its ipx-output end node changed to
adj-midchain-tx, this shouldn't affect all ipx-output arcs. obviously...
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I41daea7ba6907963e42140307d065c8bcfdcb585
|
|
Type: feature
the es4-encrypt and esp6-encrypt nodes need to be siblings so they both have the same edges for the DPO on which the tunnel mode SA stacks.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I2126589135a1df6c95ee14503dfde9ff406df60a
|
|
Tests currently expect the logger to be poked from run_tests.py.
The tests should run without any magic values. This change sets a default
null logger and removes the hasattr checks for the logger.
For reference, see: https://docs.python-guide.org/writing/logging/
Type: test
Change-Id: I98f953d73d12d00e74b59c94a0fb8c7a625b9c44
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: feature
thus allowing NAT traversal,
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: test
This commit fixes the make test for GSO/IPIP which are added in
following commit id: 84f91fa9c54f82c54b58ea3bf6e9ba22ff735d3a
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I66a57fe195e626b432ff0acba3a5bdf242a7a46e
|
|
Add an IP_ROUTE_LOOKUP function that does either an exact match or
longest prefix match in a given fib table for a given prefix
returning the match if present.
Add API test.
Type: improvement
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-ID: I67ec5a61079f4acf1349a9c646185f91f5f11806
|
|
Type: feature
Change-Id: I37752af8496e0042a1da91124f3d94216b39ff11
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: improvement
- inline some common encap fixup functions into the midchain
rewrite node so we don't incur the cost of the virtual function call
- change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header
- add adj-midchain-tx to multiarch sources
- don't run adj-midchain-tx as a feature, instead put this node as the
adj's next and at the end of the feature arc.
- cache the feature arc config index (to save the cache miss going to fetch it)
- don't check if features are enabled when taking the arc (since we know they are)
the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc)
for IPSec:
- don't run esp_encrypt as a feature, instead when required insert this
node into the adj's next and into the end of the feature arc. this
implies that encrypt is always 'the last feature' run, which is
symmetric with decrypt always being the first.
- esp_encrpyt for tunnels has adj-midchain-tx as next node
Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add a hook to src/vlibapi/api_shared.c to fuzz (screw up) binary API
messages, e.g. by xoring random data into them before processing. We
specifically exempt client connection messages, and inband debug CLI
messages. We step over msg_id, client index, client context, and
sw_if_index. Otherwise, "make test" vectors fail too rapidly to learn
anything.
The goal is to reduce the number of crashes caused to zero. We're
fairly close with this patch.
Add vl_msg_api_max_length(void *mp), which returns the maximum
plausible length for a binary API message.
Use it to hardern vl_api_from_api_to_new_vec(...) which takes an
additional argument - message pointer - so it can verify that
astr->length is sane. If it's not sane, return a u8 *vector of the
form "insane astr->length nnnn\0".
Verify array lengths in vl_api_dhcp6_send_client_message_t_handler(...)
and vl_api_dhcp6_pd_send_client_message_t_handler(...).
Add a fairly effective binary API fuzz hook to the unittest plugin,
and modify the "make test" framework.py to pass "api-fuzz { on|off }"
to enable API fuzzing: "make API_FUZZ=on TEST=xxx test-debug" or similar
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I0157267652a163c01553d5267620f719cc6c3bde
|
|
The api no longer requires packed ip addresses.
Type: test
Change-Id: If67365d86b7c3189f871a58234e99f9c8f875371
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
saves time debugging tests by replacing 'API call' with
the actual function signature:
vpp_papi_provider.UnexpectedApiReturnValueError: API call failed, expected 0 return value instead of -2 in vxlan_add_del_tunnel_reply(_0=247, context=5052, retval=-2, sw_if_index=4294967295)
vpp_papi_provider.UnexpectedApiReturnValueError: vxlan_add_del_tunnel(is_add=0, src_address=172.16.1.1, dst_address=239.1.1.209, vni=209, sw_if_index=26, mcast_sw_if_index=1, encap_vrf_id=None, instance=None, decap_next_index=None) failed, expected 0 return value instead of -2 in vxlan_add_del_tunnel_reply(_0=247, context=5052, retval=-2, sw_if_index=4294967295)
Type: test
Change-Id: Ie3b6a5fdb4e1d427d60c51f7a7bf815af0bb3de6
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: feature
Change-Id: I6f607f383dc77a71e8712124f7613b38b4ac065a
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: feature
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I96509c274895b917c3e220204d7959d9270de30d
|
|
Type: improvement
Change-Id: Ief243f88e654e578ef9b8060fcf535b364aececb
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Bonus corner-case bugfix in bitmap.h, found during the exercise.
Issue dates from 2001 or thereabouts. Please review this specific
change carefully.
lcov_post: filter system include directories and generated files in
build-root
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Iaa0b63e9dc571dfe3d992197ac49ba4d93403c61
|
|
add support for the case where the first path doesn't
match the searched interface.
Type: test
Change-Id: I29bd724cfe275ec5489d32c37ef2af12d6d1102a
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Add vpp specific properties to ip addresses for use in the api.
.vapi_af -- returns [ADDRESS_IP4, ADDRESS_IP6]
.vapi_af_name -- returns the string ['ip4', 'ip6']
Update tests to demonstrate usage.
Type: feature
Change-Id: I43447a1522769d99f89debdc714c51700068d771
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: Ib7f73a0b6de188982a09040f7739dc46be3cb1de
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Support for startup node multi-arch variant selection through startup.conf.
This is to facilitate unit, functional testing and benchmarking of non-default
multi-arch variant node code path. Also added parameters to make test, to
specific using multi-arch variants in unit testing.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I94fd332bb629683b7a7dd770ee9f615a9a424060
|
|
facilitates use of papi beyond the tests.
Type: improvement
Change-Id: I3d502d9130b81a7fb65ee69bb06fe55802b28a27
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
virtio 1.1 defines a number of new features. Packed ring is among the most
notable and important one. It combines used, available, and descripptor rings
into one.
This patch provides experimental support for packed ring. To avoid
regression, when packed ring is configured for the interface, it is branched
to a separate RX and TX driver. Non packed ring should continue to perform
as it was before.
Packed ring is tested using qemu4.2 and ubuntu focal fossa (kernel 5.4.0-12)
on the guess VM which supports packed ring.
To configure VPP with packed ring, just add the optional keyword "packed"
when creating the vhost interface. To bring up the guest VM with packed ring,
add "packed=on" in the qemu launch command.
To facilitate troubleshooting, also added "verbose" option in
show vhost desc CLI to include displaying the indirect descriptors.
Known qemu reconnect issue -
If VPP is restarted, guest VMs also need to be restarted. The problem
is kernel virtio-net-pci keeps track of the previous available and used
indices. For virtio 1.0, these indices are in shared memory and qemu can
easily copy them to pass to the backend for reconnect. For virio 1.1, these
indices are no longer in shared memory. Qemu needs a new mechanism to retrieve
them and it is not currently implemented. So when the protocol reconnects,
qemu does not have the correct available and used indices to pass to the
backend. As a result, after the reconnect, virtio-net-pci is reading the TX
ring from the wrong position in the ring, not the same position which the
backend is writing. Similar problem exists also in the RX.
Type: feature
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I5afc50b0bafab5a1de7a6dd10f399db3fafd144c
|
|
Mainly intended to improve code coverage, but since the test only runs
for 0.3 seconds we might as well run it all the time.
Type: test
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Icfd0f4dbcdbf76abbaa12e16cee1136413c8ae2e
|
|
Use a hand-crafted packet generator script to inject packets with
deliberately broken ip4 and udp checksums - and the appropriate
checksum offload flags - into src/vnet/interface_output.c
vnet_interface_output_node_inline(...), and make sure that the
resulting checksums are correct.
Use the packet tracer to catch one of the packets. Parse through the
packet trace, and make sure that the checksums have been correctly
computed.
Type: test
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ic08b4b64d7ef27061558a3abf0b79917ead254b5
|
|
interface
Type: fix
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I0b7c189006e30a357cd6be4f3c9c61fded4157cb
|
|
Type: feature
- replace functions for prefixes attached to interfaces
- add ip_interface.[ch] to consoldate the functions
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I9c0c39c09dbf80ea1aadefee02c9bd16f094b6ad
|
|
Type: feature
DB replace is implemented with a mark and sweep algorithm (just the the
FIB)
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I54ab06e11552219e2a18e1b4a87d531321cf3829
|
|
Type: feature
Change-Id: I85f6ec77187a4983c66c5e22fd39fbb2cef82902
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: fix
- swipe away the vomit indent left last time.
- add tests for VNIs > 16bit
Change-Id: I2d1f591bfb9d7a18996c38969365a509168d4193
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add these two packages to requirements.txt so that their version and
the version of their dependencies are pinned to limit the risk of
unexpected breakage.
Change-Id: If330404f2e840af3d2628f997ce406cd14e7e128
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
1. Add uSID function in VNET SRv6
2. Add test case for uSID
Type: feature
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I354fc687192ed713ceb81fccc9f7b69b6777f6f6
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4a3861e31ca42faf0b59f8f09393fb10413bf3af
|
|
The vpp-make-test-docs-verify jobs started to fail. The last successful run of it shows:
reating file /w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc/api/vpp_vxlan_gbp_tunnel.rst.
Creating file /w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc/api/vpp_vxlan_tunnel.rst.
Creating file /w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc/api/vrf.rst.
Creating file /w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc/api/modules.rst.
sphinx-build -b html -d /w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc/.sphinx-cache /w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc/api -c /w/workspace/vpp-make-test-docs-verify-master/test/doc /w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc/html
Running Sphinx v2.4.4
making output directory... done
building [mo]: targets for 0 po files that are out of date
building [html]: targets for 161 source files that are out of date
updating environment: [new config] 161 added, 0 changed, 0 removed
reading sources... [ 0%] bfd
reading sources... [ 1%] debug
reading sources... [ 1%] debug_internal
reading sources... [ 2%] discover_tests
The failing jobs show:
Creating file /w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc/api/vpp_vxlan_tunnel.rst.
Creating file /w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc/api/vrf.rst.
Creating file /w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc/api/modules.rst.
sphinx-build -b html -d /w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc/.sphinx-cache /w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc/api -c /w/workspace/vpp-make-test-docs-verify-master/test/doc /w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc/html
Running Sphinx v3.0.0
making output directory... done
building [mo]: targets for 0 po files that are out of date
building [html]: targets for 161 source files that are out of date
updating environment: [new config] 161 added, 0 changed, 0 removed
reading sources... [ 0%] bfd
Exception occurred:
File "/usr/lib/python3.6/inspect.py", line 516, in unwrap
raise ValueError('wrapper loop when unwrapping {!r}'.format(f))
ValueError: wrapper loop when unwrapping scapy.fields.BitEnumField
The full traceback has been saved in /tmp/sphinx-err-n84dadfq.log, if you want to report the issue to the developers.
Please also report this if it was a user error, so that a better error message can be provided next time.
A bug report can be filed in the tracker at <https://github.com/sphinx-doc/sphinx/issues>. Thanks!
Makefile:39: recipe for target 'html' failed
make[2]: *** [html] Error 2
make[2]: Leaving directory '/w/workspace/vpp-make-test-docs-verify-master/test/doc'
Makefile:274: recipe for target '/w/workspace/vpp-make-test-docs-verify-master/build-root/build-test/doc' failed
Type: fix
Change-Id: Id98c0f94104e455ea819aacec62f605e53db13ce
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Fix of the top 11 python issues flagged as BLOCKER.
Ticket: VPP-1856
Type: fix
Change-Id: Icf4691e62f4a69d6ee196b6d6e2ab52d961b5c76
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
This fixes a special case when buffer chain enters decrypt node
and becomes a single buffer after decryption.
Type: fix
Change-Id: Id5da9e8a074f83ec3561949631ce613f35528312
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Now UDP enacapsulation doesn't work in transport mode with crypto
algorithms that have iv_sz=8 like AES GCM or 3DES CBC. That happens
because the inserted UDP header overlaps with the old IP header and
gets filled before the information from the old IP header can be
copied to a new IP header. The result is a broken packet:
00:03:39:620863: esp4-encrypt-tun
esp: sa-index 3 spi 3464048590 (0xce792fce) seq 31 sa-seq-hi 0
crypto aes-gcm-128 integrity none udp-encap-enabled
00:03:39:620867: adj-midchain-tx
...
00:03:39:620868: ip4-rewrite
...
00:03:39:620869: GigabitEthernet0/8/0-output
GigabitEthernet0/8/0
IP4: 08:00:27:a9:6b:d6 -> 08:00:27:5a:dd:0c
UDP: 10.255.0.10 -> 10.255.0.20
version 0, header length 0
tos 0x80, ttl 63, length 0, checksum 0x653e (should be 0xffff)
dscp CS4 ecn NON_ECN
fragment id 0x0000
UDP: 128 -> 0
length 0, checksum 0x0000
00:03:39:620870: GigabitEthernet0/8/0-tx
GigabitEthernet0/8/0 tx queue 0
...
IP4: 08:00:27:a9:6b:d6 -> 08:00:27:5a:dd:0c
UDP: 10.255.0.10 -> 10.255.0.20
version 0, header length 0
tos 0x80, ttl 63, length 0, checksum 0x653e (should be 0xffff)
dscp CS4 ecn NON_ECN
fragment id 0x0000
UDP: 128 -> 0
length 0, checksum 0x0000
With this commit, fill UDP header after copying the IP headers in
transport mode.
Type: fix
Change-Id: Ie9a6e562aa05a8378114329d6a9ff395189fa6a8
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I09fa6c1b6917936351bd376b56c414ce24488095
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
This reverts commit aad1ee149403994194cf37cef4530b042ba7df3a.
Reason for revert: Verify failure. Doesn't build.
Type: fix
Change-Id: I91b1b26ac43edde4853e4561a0083d0b3a06efee
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: If90d753f129312400c4c3669bb86289d0c3e0d99
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
... by removing duplicit test cacses.
There is little value in testing ESN flag when no integ algo
is used. This patch removes such test cases.
Type: improvement
Change-Id: Iae5baa1d39ac32a65d1d28ad57771a87962d8bb3
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This reverts commit c2c1bfd9b72aec88526c06479b128725eb525866.
Reason for revert: Seems it's breaking ipsec esp tests
Type: fix
Change-Id: Iac590eee23cbf92a10c62dafa789aa9c3b2284dd
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I3c348ad2fca8bb3d9a246af7a2aa9dc9c33f57c3
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|