Age | Commit message (Collapse) | Author | Files | Lines |
|
(VPP-682)
This fixes the previously-implicit "drop all non-first fragments" behavior
to be more in line with security rules: a non-first fragment is treated
for the purposes of matching the ACL as a packet with the port
match succeeding. This allows to change the behavior to permit
the fragmented packets for the default "permit specific rules"
ruleset, but also gives the flexibility to block the non-initial
fragments by inserting into the begining a bogus rule
which would deny the L4 traffic.
Also, add a knob which allows to potentially turn this behavior off
in case of a dire need (and revert to dropping all non-initial fragments),
via a debug CLI.
Change-Id: I546b372b65ff2157d9c68b1d32f9e644f1dd71b4
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 9fc0c26c6b28fd6c8b8142ea52f52eafa7e8c7ac)
|
|
- single-hop BFD: attach a delegate to the appropriate adjacency
- multi-hop BFD [not supported yet]: attach a delegate to the FIB entry.
adjacency/fib_entry state tracks the BFD session state. when the state is down the object does not contribute forwarding hence and hence dependent objects will not use it.
For example, if a route is ECMP via two adjacencies and one of them is BFD down, then only the other is used to forward (i.e. we don't drop half the traffic).
Change-Id: I0ef53e20e73b067001a132cd0a3045408811a822
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Refactors the GRE node to work with both IPv4 and IPv6 transports.
Note that this changes the binary configuration API to support both
address families; each address uses the same memory for either
address type and a flag to indicate which is in use.
The CLI and VAT syntax remains unchanged; the code detects whether
an IPv4 or an IPv6 address was given.
Configuration examples:
IPv4 CLI: create gre tunnel src 192.168.1.1 dst 192.168.1.2
IPv6 CLI: create gre tunnel src 2620:124:9000::1 dst 2620:124:9000::2
IPv4 VAT: gre_add_del_tunnel src 192.168.1.1 dst 192.168.1.2
IPv6 VAT: gre_add_del_tunnel src 2620:124:9000::1 dst 2620:124:9000::2
Change-Id: Ica8ee775dc101047fb8cd41617ddc8fafc2741b0
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
|
|
Increased time intervals mean longer test runs, but also reduce
the chance of getting annoying (especially in gerrit) random failures.
Now that tests are split into `basic' and `all', the increased runtime
of BFD tests (of which majority doesn't run in basic case) doesn't
matter too much..
Change-Id: I4a15bb4facad634f123bc9cc6f45eddbf4976fd1
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Iee6016757e45c832e8868f0bdcfd4192dd3380c8
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Allows easy running of test(s) in a loop with configurable
action (e.g. git pull) run between test runs and possible
email notification on failure.
Usage:
test-loop.sh [-p <pre-exec-cmd>] [-m <email>] -- <make test options>
Example:
Run 'make test-debug' in a loop until a failure is encountered,
upon which an email is fired to ksekera@cisco.com. In between test
runs, update the workspace using via 'git pull' and if anything changed,
perform 'git clean' before running another 'make test-debug':
test/scripts/test-loop.sh -p test/scripts/git_pull_or_clean.sh \
-m ksekera@cisco.com -- test-debug
Change-Id: I114321c6c152d2c7e181e915fc8c51aab1ff3693
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Fix the bug and add the unit test to start with ping test coverage
Change-Id: Ibeacbed1f1660e677faa2dbb2ebe386216693e96
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I399257e372f83f4d12dc7873617980af6e46a9bc
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: Ib2189d01e8bc61de57404159690fb70f89c47277
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
packet streams in additional test cases
Change-Id: I2265f8acfa63a7ea920a7cb981819a14806a3d58
Signed-off-by: Martin Gálik <magalik@cisco.com>
|
|
Change-Id: Ie9f48a0d5e0a9cd08eb8f07d49149eee40f04131
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
use a 32bit mask in the adjacency to AND with the IP address and OR into the rewrite.
Change-Id: I80b0f246c18fd74f3e43c5d49e25833412f34665
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I25a6882ec503fc5bb3694411fbdc2eb1f1e1fafc
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
usage:
env EXTERN_PLUGINS=/path/to/plugins make test
Change-Id: I8eece726dfafeff1cffd921c1e18cd3eb7eb64ed
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
env EXTERN_TESTS="/path/to/extra/tests" make test
causes to run the default test set and tests collected from
test_*.py files under subtree specified in EXTERN_TESTS.
Change-Id: I58c5471dd6010730278a5b47d4318737d920bc28
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I8187b43129b80fadd90ea493afb922064f79abbe
Signed-off-by: Martin <magalik@cisco.com>
|
|
L3 path support, L2+L3 unified processing node, skip IPv6 EH support.
Change-Id: Iac37a466ba1c035e5c2997b03c0743bfec5c9a08
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Drop comes before lookup when enabled. is_first_or_last is not required when setting a feature, the anchor is added in find_config_with_features().
Don't make the PG interfaces automatically L3 enabled, this way we can have tests that check the L3 protocol disbaled behaviour.
Change-Id: Icef22a920b27ff9cec6ab2da6b05f05c532cb60f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
allow this config to function:
set int ip address loop0 169.254.1.1/32 (the default GW address for attached hosts)
set int unnumbered af_packet0 use loop0 ('enable' IP on the host interface)
ip route add 192.168.1.1/32 via af_packet0 (where to find the host)
repeat for each host and host interface.
Inter-host communication is throught the /32 routes.
To allow this:
1 - attached host routes have the ATTACHED flag set, so the ARP code accepts then as legitimate sources
2 - unnumbered interfaces inherit the source address from the IP interface
Change-Id: Ib66c5f0e848c528f79372813adc3a0c11b50717f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I3fa2f35056b74e479288bb956f2713f727a81c72
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I03e52466fb3f909ae52b8fba601168f3eadbd972
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I7e8556af833ca0e00fadc96dcd2077ff1104541b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Interface can be in promiscuous mode if more than one of its sub-
interface is in L2 mode. In promiscuous mode, L3 interface need to
verify DMAC of packet to match that of the interface and drop if not.
This check was done on sub-interface only and now also added to main
interface path.
Fix incorrect MAC addresses in the flow-per-pkt plugin test, which
caused it to fail.
Fix MAC address usage in BFD tests.
Change-Id: I12a17ec05c7ab298ad10d400c90d082c97eca521
Signed-off-by: John Lo <loj@cisco.com>
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I95113a277b94cce5ff332fcf9f57ec6f385acec0
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
vpp_lite platform is not needed anymore as same efect can be
achieved with following startup.conf config:
plugins {
plugin dpdk_plugin.so { disable }
}
Change-Id: I690ea8ceb1c6e1fe32e01e7da54e9958019a93bf
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
next-hops. UT checks for no-leftover-state now pass
Change-Id: I9e980ee117c0b6aebc6c7a0fcc153a7c0eaf0c72
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iee0302a7a4856712f27f97f9cc953b2e9e71698c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Check if vpp_papi is importable before running the tests to avoid
confusing python crashes.
Change-Id: I6adf406e353bf381d590f2ef988a1ea79b95cf37
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
This starts a bash with the same environment as the test framework
uses, allowing easy debugging.
Change-Id: I956deda913b73dae5b1e1976417834ae4731f88a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
neighbor entry
Change-Id: I952039e101031ee6a06e63f4c73d8eb359423e1a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I9ea16881caf7aee57f0daf4ac2e8b82c672f87e9
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ic6ac7e441a7b75baa02f03c1585d1ae00903a399
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iead6dc6a0fe15a0b8e148e780c3aeadd0b378824
Signed-off-by: Martin <magalik@cisco.com>
|
|
Implement plumbing to allow decorating tests as extended, e.g.:
@unittest.skipUnless(running_extended_tests(), "part of extended tests")
both methods and classes can be decorated this way.
Change make test and make test-debug to run only non-extended tests.
Introduce make test-all and make test-all-debug to run the full suite.
Run full suite as part of make verify.
Decorate most BFD tests as extended.
Change-Id: I3bc64f59e9fe238f7f767d7e043dc165d03e9dfa
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I0ffab147c3218a75b7c3bb829983f538c7b637ee
Signed-off-by: Martin <magalik@cisco.com>
|
|
bridging. That is hosts in one sub-net reachable via differenet interfaces.
Introducate a new API command:
ip6 nd proxy <host-address> <interface>
this indicates 2 things;
1) that host <host-address> is reachable out of interface <interface>. VPP will thus install that route.
2) NS requests sent to <host-address> will be responeded to (i.e. proxied).
Change-Id: I863f967fdb5097ab3b574769c70afdbfc8d5478a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Multiple DHCP (4 and/or 6) servers can be added and removed through multiple calls to the 'set dhcp server' API.
All 4/6/ discover/solicit messages will then be replicated to all servers in the list. The expectation is that the servers/system is configured in such a way that this is viable.
If VSS information is providied for the clinet VRF which also has multiple servers configured, then the same VSS information is sent to each server. Likewise the source address of packets sent to from VPP to each server is the same.
Change-Id: I3287cb084c84b3f612b78bc69cfcb5b9c1f8934d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Inside user is statically mapped to a set of outside ports. Support endpoint
dependent mapping to deal with overloading of the outside ports.
Change-Id: I8014438744597a976f8ae459283e8b91f63b7f72
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I9c0bb35ba16e04206ac481495f6638d3763754a1
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: If0e30837e07a21f3912676f5147cb242d3d2b235
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Unless overridden by COREDUMP_SIZE env variable, tell VPP to set
coredump size to unlimited, otherwise use $COREDUMP_SIZE as
the argument.
Change-Id: Ia2a6508207c66a171b33d272c820b1deb4a83e82
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Check if there are existing vpp processes before running the test suite
and refuse to run if there are. This prevents the removal of other test
suite temporary files and also makes sure that if the machine is loaded
by (zombie) vpp processes, interactive tests (like bfd) won't fail.
Change-Id: I88a74098188cb3f51966de5db19d7f80f39e51e2
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
1) tests for RA options
2) memleaks deleteing a ip6_radv_info_t
3) MLD prefix code refactoring
Change-Id: I34db103994bd8fbdbbec50b202d72770dd145681
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
has an address configured (VPP-601)
Change-Id: I311fc264f73dd3b2b3ce9d7d1c33cd0515b36c4a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This change improves vpp_papi behaviour by introducing alternate way of
calling vpp APIs.
The common code is the same:
vpp = VPP(...)
vpp.connect(...)
Calling VPP API is different, instead of deprecated:
vpp.show_version() # deprecated
one should write
vpp.api.show_version()
this allows VPP messages like "connect" and "disconnect" to be used,
once the old API is dropped (in 17.07). Also part of this patch is a
check for name conflict, to prevent VPP object overwriting its own
functionality with generated code based on json files.
Change-Id: I22e573b6a45f8b2a1f0340c5c2597c194fe42ca4
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: If75a35dbdcb43c1ce0128b8649f2ca3970d3fff5
Signed-off-by: Martin <magalik@cisco.com>
|
|
Change-Id: Icf0d72f6af1f98c86f78e586c354515ac69804aa
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Implement command line interface to the BFD binary APIs. Add
corresponding unit tests.
Change-Id: Ia0542d0bc4c8d78e6f7b777a08fd94ebfe4d524f
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I40d6d763b55a26cdee0afef85d1acdd19dd10dd6
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ib1e301d62b687d4e42434239e7cd412065c28da0
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|