summaryrefslogtreecommitdiffstats
path: root/test
AgeCommit message (Collapse)AuthorFilesLines
2023-06-14udp: fix local port reuse checkv23.06-rc2Florin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I323946f7838507110c663f5a904399a74fc76691 (cherry picked from commit d921b8988044f708318eb73a1fa883fce094a4d6)
2023-05-20tests: support for expected failuresKlement Sekera4-156/+204
- Add support for @unittest.expectedFailure decorator. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I761751cda505e962225dc680b97c1fffa96f5176 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-05-20tests: enhance counter comparison error messageKlement Sekera2-4/+8
- Make error message more human readable. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Iefc276b3a85ff82b927028a72bb91ed87ebd04ba Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-05-19tests: refactor extra_vpp_punt_configKlement Sekera6-11/+11
Rename extra_vpp_punt_config to a more generic name extra_vpp_config to better fit its purpose. It's fit for general use and already used that way by quic and vcl tests anyway. Type: refactor Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Ib0a5789b0dbb3a8c3cae654dea4e32ac5e56dd41
2023-05-16ip_session_redirect: add session redirect pluginBenoît Ganne1-0/+229
This feature enables the use of the classifier and ip-in-out-acl nodes to redirect matching sessions via arbitrary fib paths instead of relying on additional VRFs. Type: feature Change-Id: Ia59d35481c2555aec96c806b62bf29671abb295a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-04-28session: update due to clib_socket refactoringNathan Skrzypczak6-14/+14
After the clib_socket_init syntax changed, the behavior of VCL socket creation was broken. This patch introduces app_namespace_add_del_v4 to address the behavioral change. Type: refactor Change-Id: Ice016bdb372233fd3317f166d45625e086e9b4df Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-04-25tests: fix parallel runs skipping some testsKlement Sekera1-3/+5
Fix corner case when a test would be skipped if it was not possible to start it due to insufficient cpus available in the middle of the loop. Type: fix Change-Id: Ie4580685ff55688375d649d7009131d9fe1e4f33 Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2023-04-25tests: fix test-help formattingKlement Sekera1-1/+1
Type: improvement Change-Id: Ib7703359b998456bff88caee88c2734c7724bc09 Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2023-04-25tests: support multiple filter expressionsKlement Sekera3-64/+202
Support multiple comma-delimited filter expressions, e.g. to run both bfd and ip4 tests, it's now possible to do: make test TEST=bfd,ip4 Same goes for wildcards, e.g.: make test TEST=bfd,..test_longest_prefix_match,..test_icmp_error Type: improvement Change-Id: I0cceaa443cb612dca955f301c7407959f9a71a6e Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2023-04-12ip: punt socket - take the tags in Ethernet header into considerationAndrew Yourtchenko1-0/+82
The punt socket code rewinds the current_data pointer by sizeof (ethernet_header_t), which is incorrect if the header is tagged - resulting in truncated destination MAC address. Use ethernet_buffer_header_size() instead, which takes tags into account. Also add the unittest that verifies the issue and the fix. Type: fix Change-Id: I6352a174df144ca1e4230390c126f4b698724ebc Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2023-03-31ip: support flow-hash gtpv1teidTakeru Hayasaka1-1/+45
support with GTPv1 TEID added to the flow hash. This can able to ECMP to PGW and parallelization. Type: feature Change-Id: I6f758579027caf6123831ef2db7afe17e424a6eb Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
2023-03-23ipsec: add per-SA error countersArthur de Kerhor4-13/+43
Error counters are added on a per-node basis. In Ipsec, it is useful to also track the errors that occured per SA. Type: feature Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2023-03-06stats: fix tests with multiple workersBenoît Ganne1-16/+26
Type: fix Change-Id: Ic4b8478d390c7373bfb43a39ae6a70e978ae9321 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-03-06vppinfra: fix clib_bitmap_will_expand() result inversionVladislav Grishenko1-9/+6
Pool's pool_put_will_expand() calls clib_bitmap_will_expand(), so every put except ones that leads to free_bitmap reallocation will get false positive results and vice versa. Unfortunatelly there's no related test and existing bitmap tests are failing silently with false positive result as well. Fortunatelly neither clib_bitmap_will_expand() nor pool_put_will_expand() are being used by current vpp codebase. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Id5bb900cf6a1b1002d37670f5c415c74165b5421
2023-02-14tests: support tmp-dir on different filesystemDmitry Valter4-4/+6
Support running tests with `--tmp-dir` on a filesystem different from /tmp. os.rename withs only within a single FS whereas shutil.move works accross different filesystems. Type: improvement Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I5371f5d75386bd2b82a75b3e6c1f2c850bc62356
2023-02-10sr: support define src ipv6 per encap policyTakeru Hayasaka2-2/+193
Can to define src ip of outer IPv6 Hdr for each encap policy. Along with that, I decided to develop it as API version V2. This is useful in the SRv6 MUP case. For example, it will be possible to handle multiple UPF destinations. Type: feature Change-Id: I44ff7b54e8868619069621ab53e194e2c7a17435 Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
2023-02-10tests: use existing pip compiled req file for building the run.py venvNaveen Joy1-18/+1
pip compiled requirements file named requirements-3.txt exists in the test directory. No need to auto-generate it again Type: improvement Change-Id: Ib2b51c983af8d0e4b000e4544012b6cd94405519 Signed-off-by: Naveen Joy <najoy@cisco.com>
2023-02-10tests: use iperf3 for running interface tests on the hostNaveen Joy1-1/+20
Type: improvement Change-Id: I7123591932d51ce0c5b372893454945bbd3913b2 Signed-off-by: Naveen Joy <najoy@cisco.com>
2023-02-08ip6-nd: support dump/details for IPv6 RAAlexander Chernavin1-0/+79
Type: improvement With this change, add support for dumping IPv6 Router Advertisements details on a per-interface basis (or all). Also, cover that with a test. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I89fa93439d33cc36252377f27187b18b3d30a1d4
2023-02-06ipsec: fix SA names consistency in testsArthur de Kerhor5-127/+127
In some IPsec tests, the SA called scapy_sa designs the SA that encrypts Scapy packets and decrypts them in VPP, and the one called vpp_sa the SA that encrypts VPP packets and decrypts them with Scapy. However, this pattern is not consistent across all tests. Some tests use the opposite logic. Others even mix both correlating scapy_tra_spi with vpp_tra_sa_id and vice-versa. Because of that, sometimes, the SA called vpp_sa_in is used as an outbound SA and vpp_sa_out as an inbound one. This patch forces all the tests to follow the same following logic: - scapy_sa is the SA used to encrypt Scapy packets and decrypt them in VPP. It matches the VPP inbound SA. - vpp_sa is the SA used to encrypt VPP packets and decrypt them in Scapy. It matches the VPP outbound SA. Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: Iadccdccbf98e834add13b5f4ad87af57e2ea3c2a
2023-02-03nat: fix accidental o2i deletion/reuseDmitry Valter1-2/+73
Nat session is allocated before the port allocation. During port allocation candidate address+port are set to o2i 6-tuple and tested against the flow hash. If insertion fails, the port is busy and rejected. When all N attempts are unsuccessful, "out-of-ports" error is recorded and the session is to be deleted. During session deletion o2i and i2o tuples are deleted from the flow hash. In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers to **some other** session that's known to be allocated. By backing match tuple up session should be invalidated well enough not to collide with any valid one. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
2023-02-02policer: API policer selection by indexMaxime Peim2-22/+116
Policer API calls were only by policer name. It is now possible to select a policer by its index. Some functionalities are also added to allow updating a policer configuration and to refill its token buckets. Some dead codes are being removed, and small fixes made. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I4cc8fda0fc7c635a4110da3e757356b150f9b606
2023-02-01wireguard: update ESTABLISHED flagArtem Glazychev1-1/+29
We cannot confidently say that if we have received and processed the handshake_initiation message, then the connection has been established. Because we also send a response. The fact that the connection is established can only be considered if a keepalive packet was received. Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I61731916071990f28cdebcd1d0e4d302fa1dee15
2023-01-31tests: refactor quic tests to use app-socket-apiDave Wallace1-25/+40
- clean up nomenclature & use f-strings where applicable Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I561b7808cfc3fbfa463f7698732d19759d9ddcd4
2023-01-26wireguard: sending the first handshakeArtem Glazychev1-0/+33
After creating a peer, we send a handshake request. But it's not quite right to call wg_send_keepalive() directly. According to documentation, handshake initiation is sent after (REKEY_TIMEOUT + jitter) ms. Since it's the first one - we don't need to take REKEY_TIMEOUT into account, but we still have jitter. It also makes no sense to immediately send keepalives, because the connection is not created yet. Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I61707e4be79be65abc3396b5f1dbd48ecbf7ba60
2023-01-25api: pcap capture api updateMaxime Peim1-1/+73
Allow enabling and disabling pcap capture via the API. A little bug is fixed along the way in vl_api_classify_pcap_set_table_t_handler. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I096129c82aecdc82bee5dbfb5e19c76a51d80aab
2023-01-18lb: add source ip based sticky load balancingNobuhiro MIKI1-2/+42
This patch adds source ip based sticky session, which is already implemented in many hardware LBs and software LBs. Note that sticky sessions may be reset if the hash is recalculated as ASs are added or deleted. Since this feature is unrelated to the other existing options, the lb_add_del_vip API version has been upgraded to v2 and a new option "src_ip_sticky" has been added. Type: feature Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp> Change-Id: I3eb3680a28defbc701f28c873933ec2fb54544ab
2023-01-18tests: improve packet checksum functionsKlement Sekera1-6/+21
Fool-proof assert_checksum_valid so that one does not verify checksum on wrong layer (because of how scapy internally works). Make assert_packet_checksums_valid start checksum checking at inner layers and outwards to make it more obvious where the error is. With old behaviour, if one received an ICMP packet carrying a truncated TCP packet, an error would be raised for ICMP checksum, as that one would be the first to be wrong after recalculating all packet checksums, while the real issue is TCP header being truncated and thus unsuitable for use with this function. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I39a2b50ec5610f969cfde9796416ee3a50ae0ba3
2023-01-16ipsec: fix transpose local ip range position with remote ip range in fast ↵Piotr Bronowski1-32/+35
path implementation In fast path implementation of spd policy lookup opposite convention to the original implementation has been applied and local ip range has been interchanged with the remote ip range. This fix addresses this issue. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I0b6cccc80bf52b34524e98cfd1f1d542008bb7d0
2023-01-12abf: exclude networks with deny rulesJosh Dorsey1-0/+126
Type: improvement Signed-off-by: Josh Dorsey <jdorsey@netgate.com> Change-Id: Iee43ca9278922fc7396764b88cff1a87bcb28349
2022-12-21quic: fix quic plugin with openssl 3.xDave Wallace1-2/+1
- load openssl legacy providers during quic init when building with openssl 3.0 or greater - re-enable quic 'make test' testcases on ubuntu-22.04 Type: fix Change-Id: Icfd429b6bc1bddf9f9937baa44cc47cd535ac5f2 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-12-16ipsec: new api for sa ips and ports updatesArthur de Kerhor3-6/+61
Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA without having to rekey. Could be done by deleting and re-adding the SA but it would not preserve the anti-replay window if there is one. Use case: a nat update/reboot between the 2 endpoints of the tunnel. Type: feature Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2022-12-15nat: disable nat44-ed/ei features on interface deletionVladislav Grishenko2-2/+100
After deleting a sw interface with nat44 features, the next created sw interface will get the same sw_index reused and therefore will erroneously have the same nat features enabled. Type: fix Change-Id: I1d84f842ab7ab2a757668ae1a111efe67e1e924d Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-12-13tests: tapv2, tunv2 and af_packet interface tests for vppNaveen Joy7-135/+1191
Tests gso/gro-coalesce features on tapv2, tunv2 and af_packet interfaces to ensure that packet transmission is enabled correctly for various MTU sizes and interface combinations in bridged and routed topologies for IPv4 and IPv6. Interface tests are dynamically generated at run time from the config file vm_test_config.py. Type: test Change-Id: I5f9d8cc80d20b4e34011fc8a87e35659bd9613bc Signed-off-by: Naveen Joy <najoy@cisco.com>
2022-12-07tests: multiple apidir locationsOle Troan3-2/+15
To support testing of external plugins, add support to the test framework and PAPI for specifying a list of locations to look for api.json files. Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I128a306e3c091dc8ef994801b1470b82d2f4595d Signed-off-by: Ole Troan <ot@cisco.com>
2022-11-29wireguard: compute checksum for outer ipv6 headerArtem Glazychev1-9/+86
Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I477e92712e441c91789afdf9be389d967acfa799
2022-11-21tests: add VCL Thru Host Stack TLS in interrupt modeFilip Tehlar1-0/+22
Type: test Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I7d5a9e9fedfc85bd7fad88f8eae1e46476ec0b7b
2022-11-18ipsec: Failure at the start of the batch should not invalidate the rest of ↵Neale Ranns1-0/+28
the batch Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Icd1e43a5764496784c355c93066273435f16dd35
2022-11-09tests: initial asf framework refactoring for 'make test'Pratikshya Prasai45-47/+1907
Type: refactor Change-Id: I41455b759a5d302ad5c4247c13634c471e7d49a8 Signed-off-by: Pratikshya Prasai <pratikshyaprasai2112@gmail.com> Signed-off-by: Saima Yunus <yunus.saima.234@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-10-31tests: session in interrupt modeFilip Tehlar1-0/+9
Type: test Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I2deba97a8dfff907f0e2452e9347d6a68474ce92
2022-10-20tests: enable extended test runs in run.pyNaveen Joy1-0/+14
Change-Id: I5f712614910dc69f04c43efd8958ef8e87906b9e Type: test Signed-off-by: Naveen Joy <najoy@cisco.com>
2022-10-11l2: Add bridge_domain_add_del_v2 to l2 apiLaszlo Kiraly12-48/+90
https://jira.fd.io/browse/VPP-2034 Type: fix Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech> Change-Id: Ieb6919f958f437fc603d5e1f48cab01de780951d
2022-10-11tests: don't use tmp as the default log dir with run.pyNaveen Joy1-2/+4
The log file directory is configurable with run.py using the --log-dir argument. This patch removes the use of /tmp as the default dir for storing all test logs. The default log dir is now set to show the year, month and day of the test run. This provides a more meaningful aggregation of test logs for effective troubleshooting. The default log dir is set to <CWD>/test-run-YYYY-MM-DD. Type: improvement Change-Id: I6c9002e961f6e06fc953ca42d86febf4f218e566 Signed-off-by: Naveen Joy <najoy@cisco.com>
2022-10-07tests: disable broken wireguard tests on vpp_debug imageDave Wallace2-1/+13
Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I3a53d57e42f4c1f5ba0de6d2b181c7f2ad083a3a
2022-09-30fib: fix dpo-receive address in ip6-ll fibsVladislav Grishenko1-1/+3
Need to fill frp_addr for local path, it's used by dpo-receive. If not, address output can be invalid: $ sudo vppctl sh ip6-ll fe80::dcad:ff:fe00:3/128 IP6-link-local:loop3, fib_index:2, locks:[IPv6-nd:1, ] fe80::dcad:ff:fe00:3/128 fib:2 index:55 locks:2 IPv6-nd refs:1 entry-flags:connected,import,local, src-flags:added,contributing,active, path-list:[72] locks:2 flags:shared,local, uPRF-list:58 len:0 itfs:[] path:[82] pl-index:72 ip6 weight=1 pref=0 receive: oper-flags:resolved, cfg-flags:local,glean, [@0]: dpo-receive: 8000:100:fe80::dcad:ff on loop3 forwarding: unicast-ip6-chain [@0]: dpo-load-balance: [proto:ip6 index:57 buckets:1 uRPF:58 to:[0:0]] [0] [@2]: dpo-receive: 8000:100:fe80::dcad:ff on loop3 Type: fix Change-Id: Ib9874c5eac74af789e721098d512a1058cb8e404 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-09-30udp: add udp encap source port entropy supportVladislav Grishenko1-4/+199
Encode entropy value in UDP source port when requested per RFC 7510. CLI already has "src-port-is-entropy", use zero UDP source port in API to avoid breaking changes, since zero port is not something to be used in wild. Also, mark UDP encapsualtion API as mp-safe as already done for CLI. Type: feature Change-Id: Ieb61ee11e058179ed566ff1f251a3391eb169d52 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-09-28tests: stabilize wireguard ratelimiting testAlexander Chernavin1-29/+13
Type: test "test_wg_handshake_ratelimiting_multi_peer" has been unstable recently because the test strongly relies on execution speed. Currently, the test triggers ratelimiting for peer 1 and sends handshake initiations from peer 1 and 2 mixed up. After that, the test expects that all handshake initiations for peer 1 are ratelimited and a handshake response for peer 2 is received. Ratelimiting is based on the token bucket algorithm. The more time passes between triggering ratelimiting for peer 1 and sending a mixture of handshake initiations from peer 1 and 2, the more tokens will be added into the bucket for peer 1. Depending on delays between these steps, the number of tokens might be enough to process handshake initiations from peer 1 while they are expected to be rejected due to ratelimiting. With this change, these two steps are combined into one and the logic modified. The test triggers ratelimiting for both peer 1 and 2. Packets that trigger ratelimiting and that are to be rejected are sent in one batch that is going to reduce delays between packet processing. Also, verify that number of rejected handshake messages is in expected range instead of verifying the exact number as it still may slightly vary. Also, this should finish making the wireguard tests stable on Ubuntu 22.04 and Debian 11. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I3407d15abe1356dde23a241ac3650e84401c9802
2022-09-27tests: enable ipsec-esp 'make test' testcases on ubuntu-22.04Dave Wallace2-59/+1
Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I016fd169813e369208089df122477152aaf9ffc2
2022-09-27wireguard: stop sending handshakes when wg intf is downAlexander Chernavin1-1/+133
Type: fix Currently, when a wg interface is administratively disabled initially or during operation, handshake packets continue to be sent. Data packets stop being sent because routes pointing to the wg interface will not be used. But data keys remain. With this fix, when a wg interface is administratively disabled during peer creation, avoid connection initialization to the peer. Data keys and timers should be empty at this point. When a wg interface is disabled during operation, disable all peers (i.e. stop all timers, clear data keys, etc.). Thus, state should be identical in both cases. When a wg interface is administratively enabled, enable all peers (i.e. get ready to exchange data packets and initiate a connection). Also, cover these scenarios with tests. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ie9a620077e55d519d21b0abc8c0d3c87b378bca3
2022-09-27wireguard: fix re-handshake timer when response sentAlexander Chernavin1-22/+48
Type: fix As per the protocol: A handshake initiation is retried after "REKEY_TIMEOUT + jitter" ms, if a response has not been received... Currently, if retransmit handshake timer is started, it will trigger after "REKEY_TIMEOUT + jitter" ms and will try to send a handshake initiation via wg_send_handshake() given that no responses have been received. wg_send_handshake() will verify that time stored in REKEY_TIMEOUT has passed since last handshake initiation sending and if has, will send a handshake initiation. Time when a handshake initiation was last sent is stored in last_sent_handshake. The problem is that last_sent_handshake is not only updated in wg_send_handshake() when sending handshake initiations but also in wg_send_handshake_response() when sending handshake responses. When retransmit handshake timer triggers and a handshake response has been sent recently, a handshake initiation will not be sent because for wg_send_handshake() it will look like that time stored in REKEY_TIMEOUT has not passed yet. Also, the timer will not be restarted. wg_send_handshake_response() must not update last_sent_handshake, because this time is used only when sending handshake intitiations. And the protocol does not say that handshake initiation retransmission and handshake response sending (i.e. replying to authenticated handshake initiations) must coordinate. With this fix, stop updating last_sent_handshake in wg_send_handshake_response(). Also, this fixes tests that used to wait for "REKEY_TIMEOUT + 1" seconds and did not receive any handshake initiations. Then they fail. Also, long-running tests that send wrong packets and do not expect anything in reply may now receive handshake intiations, consider them as replies to the wrond packets, and fail. Those are updated to filter out handshake initiations in such verifications. Moreover, after sending wrong packets, error counters are already inspected there to confirm packet processing was unsuccessful. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I43c428c97ce06cb8a79d239453cb5f6d1ed609d6