summaryrefslogtreecommitdiffstats
path: root/test
AgeCommit message (Collapse)AuthorFilesLines
2024-02-19ipsec: check each packet for no algs in esp-encryptMatthew Smith1-1/+23
In esp_encrypt_inline(), if two or more consecutive packets are associated with the same SA which has no crypto or integrity algorithms set, only the first one gets dropped. Subsequent packets either get sent (synchronous crypto) or cause a segv (asynchronous crypto). The current SA's index and pool entry are cached before it can be determined whether the packet should be dropped due to no algorithms being set. The check for no algorithms is only performed when the cached SA index is different than the SA index for the current packet. So packets after the first one associated with the "none" alg SA aren't handled properly. This was broken by my previous commit ("ipsec: keep esp encrypt pointer and index synced") which fixed a segv that occurred under a different set of circumstances. Check whether each packet should be dropped instead of only checking when a new SA is encountered. Update unit tests: - Add a test for no algs on tunnel interface which enables asynchronous crypto. - Send more than one packet in the tests for no algs. Type: fix Fixes: dac9e566cd16fc375fff14280b37cb5135584fc6 Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
2024-02-14tests: refactor virtual interface testsNaveen Joy17-98/+718
Split virtual interface tests in VPP into smaller and modular tests for testing various interface types and features. Type: test Change-Id: Ic38af88379f75eee3090679d411edbdc8fd5d2e5 Signed-off-by: Naveen Joy <najoy@cisco.com>
2024-02-14ikev2: dump state and profile name in CLI and APIDenys Haryachyy1-0/+89
Type: improvement Change-Id: Ide4b45da99e3a67376281f6438997f3148be08e5 Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
2024-02-09ikev2: accept rekey request for IKE SAAtzm Watanabe1-24/+152
RFC 7296 describes the way to rekey IKE SAs: to rekey an IKE SA, establish a new equivalent IKE SA with the peer to whom the old IKE SA is shared using a CREATE_CHILD_SA within the existing IKE SA. An IKE SA so created inherits all of the original IKE SA's Child SAs, and the new IKE SA is used for all control messages needed to maintain those Child SAs. Type: improvement Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: Icdf43b67c38bf183913a28a08a85236ba16343af
2024-01-29ip: don't export useless error counters for ip6 rewriteArthur de Kerhor1-0/+4
the error node is set to ip6_input in the inline funcition associated with ip6_rewrite. Thus, error counters defined for node ip6 rewrite are never used. Type: fix Change-Id: Id6bef633928b0fff9069498c2e39e9f5bea2cf9b Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2024-01-21build: Explicitly use gmakeTom Jones1-2/+2
VPP requires GNU Make to build, on GNU systems (such as Debian), GNU Make is installed as 'make', typically with a symlink from 'gmake'. On other systems (such as FreeBSD), 'make' is a BSD Make derriviative and GNU Make is installed a 'gmake'. Use $(MAKE) variable for make calls from within Makefiles. This variable is set to the path of the calling make program, i.e., /usr/local/bin/gmake on a bsd system. This is the recommended way to call make from Makefiles in the GNU Make documentation. Type: improvement Change-Id: Id9162a34a0f8358f22090718087918dae31c0fce Signed-off-by: Tom Jones <thj@freebsd.org>
2024-01-19build: Explicitly use bash for shell scriptsTom Jones6-6/+6
VPP requires bash for all shell scripts. Align shebang lines in build and test scripts to look up the location of bash rather than hard coding '/bin/bash'. Look up the location of bash for makefiles. Type: improvement Change-Id: I23b705d81d60389fa8af61c680cf0abd74f0ea24 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-01-18tests: preload api filesMaxime Peim4-5/+13
When sanity test is not done, API files are not loaded until the first test case is run. Hence, it is not possible to use enums, etc. outside of a test class. By preloading API files before running any tests, it prevents its issue. Type: fix Change-Id: I8730150374e6c5f8d6933ec037811372ac2a8da0 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-01-10urpf: add interface dump to APIPim van Pelt1-0/+55
Add an urpf_interface_dump() API call, with optional sw_if_index. If either a mode or a table is specified in any given interface address family and direction, return it in a list, otherwise omit it. TESTED: create loopback interface instance 0 create loopback interface instance 1 create loopback interface instance 2 create loopback interface instance 3 ip6 table add 8298 set urpf ip4 rx loose loop1 set urpf ip6 tx off loop2 table 8298 API call urpf_interface_dump(sw_if_index=~1) returns: [ urpf_interface_details(_0=658, context=2, sw_if_index=2, is_rx=True, mode=<vl_api_urpf_mode_t.URPF_API_MODE_LOOSE: 1>, af=<vl_api_address_family_t.ADDRESS_IP4: 0>, table_id=0), urpf_interface_details(_0=658, context=2, sw_if_index=3, is_rx=False, mode=<vl_api_urpf_mode_t.URPF_API_MODE_OFF: 0>, af=<vl_api_address_family_t.ADDRESS_IP6: 1>, table_id=8298) ] Type: improvement Change-Id: I1ded5c445dc07dab73ea41b817b5827b72ca79d4 Signed-off-by: pim@ipng.nl
2023-12-22tests: Temporarily skip an unstable testadrianvillin1-1/+4
Type: test Change-Id: Idd608511ed350a8e13afff393e558e20d52627a0 Signed-off-by: adrianvillin <avillin@cisco.com>
2023-12-21tests: memif interface tests using libmemifNaveen Joy5-139/+305
Type: test Change-Id: I711dfe65ad542a45acd484f0b4e3e6ade9576f66 Signed-off-by: Naveen Joy <najoy@cisco.com>
2023-12-20srv6-mobile: Implement SRv6 mobile API funcsTakeru Hayasaka2-16/+206
This merge request adds the feature to manipulate localsids and policies for SRv6 mobile via API. Type: feature Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com> Change-Id: Ibb46bf71ae1d9d4591ce2c8ccf66f520887dad70
2023-12-15tests: Added bpf trace filter plugin testadrianvillin2-2/+107
Type: test Change-Id: I026d9298fe1372d03f61b6ad57c82628bab4c831 Signed-off-by: adrianvillin <avillin@cisco.com>
2023-12-12ipsec: allow receiving encrypted IP packets with TFC paddingArthur de Kerhor1-3/+73
Type: feature Change-Id: I7b29c71d3d053af9a53931aa333484bf43a424ca Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-12-07tests: tracedump test replace hardcoded valuehsandid1-8/+20
Type: fix Fetch 'pg-input' node index instead of using a hardcoded value Change-Id: I1ca27ddb54806530b546085d83e83b880acc4573 Signed-off-by: hsandid <halsandi@cisco.com>
2023-12-01tests: Added tracedump plugin testsadrianvillin1-0/+101
Type: test Change-Id: Ie054924eb5e5b2b146db8d2b63511c8b0400f045 Signed-off-by: adrianvillin <avillin@cisco.com>
2023-11-28tests: fix default node variant in testsDmitry Valter1-1/+1
Pass a correct form of node variant config in tests Type: fix Signed-off-by: d-valter@yandex-team.ru Change-Id: I8cdc240b18a1664e57a5814d6cd644891c99f515 Fixes: 8800f732f868bf54da8adba05e38bd2477895ca5
2023-11-28tests: Added NSIM plugin testsadrianvillin1-0/+267
Type: test Change-Id: Id621a806b853688ced7c6a38e1a9e5f298d2b97e Signed-off-by: adrianvillin <avillin@cisco.com>
2023-11-28tests: refactor pcap file deletion to improve robustnessDave Wallace2-16/+23
Type: test Change-Id: I504c079126bd8b33c5e217a1b9086788a8c778e5 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-11-27tests: Excluded some components from LCOVadrianvillin1-0/+3
Type: test Change-Id: I387611cfc361e664eb1e78ae669ba4e3901c4fe6 Signed-off-by: adrianvillin <avillin@cisco.com>
2023-11-14tests: retry unlinking pcap files on os errorDave Wallace1-2/+11
Type: test Change-Id: I270798ed68f04bd3974dd39c44e85dad5fa02de0 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-11-12flowprobe: fix tx flows generated for rewritten trafficAlexander Chernavin1-0/+75
Currently, when IPFIX records generation is enabled for an interface in the TX direction, some rewritten traffic is being sent from that interface, and the Ethernet header's location has changed due to rewriting, generated TX flows will contain fields with wrong and zero values. For example, that can be observed when traffic is rewritten from a subinterface to a hardware interface (i.e. when tags are removed). A TX flow generated in this case will have wrong L2 fields because of an incorrectly located Ethernet header. And zero L3/L4 fields because the Ethernet type will match neither IP4 nor IP6. The same code is executed to generate flows for both input and output features. And the same mechanism is applied to identify the Ethernet header in the buffer's data. However, such general code usually works with the buffer's data conditionally based on the direction. For most input features, the buffer's current_data will likely point to the IP header. For most output features, the buffer's current_data will likely point to the Ethernet header. With this fix: - Keep relying on ethernet_buffer_get_header() to locate the Ethernet header for input features. And start using vlib_buffer_get_current() to locate the Ethernet header for output features. The function will account for the Ethernet header's position change in the buffer's data if there is rewriting. - After fixing Ethernet header determination in the buffer's data, L3/L4 fields will contain non-zero but still incorrect data. That is because IP header determination needs to be fixed too. It currently relies on the fact that the Ethernet header is always located at the beginning of the buffer's data and that l2_hdr_sz can be used as an IP header offset. However, this may not be the case after rewriting. So start calculating the actual offset of the IP header in the buffer's data. - Add a unit test to cover the case. Type: fix Change-Id: Icf3f9e6518912d06dff0d5aa48e103b3dc94edb7 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-11-10tests: perfmon - Added a check if test is running with root privilegesadrianvillin1-0/+6
Type: test Change-Id: I1910f3ef79e9018aee032daca0f1932eccb7b9f9 Signed-off-by: adrianvillin <avillin@cisco.com>
2023-11-08tests: Fix http static test failing on retryadrianvillin2-5/+21
- test_http_static.py: If namespace creation fails, try to delete the namespace and create it again - vpp_qemu_utils.py: Added "isinstance()" to "delete_namespace()" to match "create_namespace()" Type: test Change-Id: I88ff7a36f5d52816fee16283efba6af025496491 Signed-off-by: adrianvillin <avillin@cisco.com>
2023-11-08tests: added a simple perfmon plugin testadrianvillin1-0/+42
Type: test Change-Id: Ief0c0e13a2c19a03b48219d9a0d85256fb0c9dbe Signed-off-by: adrianvillin <avillin@cisco.com>
2023-11-08tests: added simple CT6 plugin testsadrianvillin1-0/+72
Type: test Change-Id: I77f119ac982170627484d792dc456753c9847af8 Signed-off-by: adrianvillin <avillin@cisco.com>
2023-11-07flowprobe: fix clearing interface state on feature disablingAlexander Chernavin1-1/+20
As a result of recent fixes, all currently stored flows of an interface are deleted when the feature is being disabled for the interface. This includes stopping the timer and freeing the flow entries for further reuse. The problem is that meta information is not cleared in the flow entries being deleted. For example, packet delta count will keep its value. The next flow that gets one of these pool entries will already have a non-zero packet count. So the counting of packets will start from a non-zero value. And incorrect packet delta count will be exported for that flow. With this fix, clear meta information too when clearing interface state. Also, update the corresponding test to cover this case. Type: fix Change-Id: I9a73b3958adfd1676e66b0ed50f1478920671cca Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-11-03tests: allow explicit defaults for arg typesDmitry Valter1-2/+2
Allow settings default values explicitly in positive_int_or_default and positive_float_or_default. It allows setting setting default 0 test retries explicitly despite it being not positive. Type: improvement Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Change-Id: Id23a9fdae0ef174eea8992c1f9fc2530aade6194
2023-11-03tests: refactor asf framework codeDave Wallace165-2974/+1048
- Make framework.py classes a subset of asfframework.py classes - Remove all packet related code from asfframework.py - Add test class and test case set up debug output to log - Repatriate packet tests from asf to test directory - Remove non-packet related code from framework.py and inherit them from asfframework.py classes - Clean up unused import variables - Re-enable BFD tests on Ubuntu 22.04 and fix intermittent test failures in echo_looped_back testcases (where # control packets verified but not guaranteed to be received during test) - Re-enable Wireguard tests on Ubuntu 22.04 and fix intermittent test failures in handshake ratelimiting testcases and event testcase - Run Wiregard testcase suites solo - Improve debug output in log.txt - Increase VCL/LDP post sleep timeout to allow iperf server to finish cleanly. - Fix pcap history files to be sorted by suite and testcase and ensure order/timestamp is correct based on creation in the testcase. - Decode pcap files for each suite and testcase for all errors or if configured via comandline option / env var - Improve vpp corefile detection to allow complete corefile generation - Disable vm vpp interfaces testcases on debian11 - Clean up failed unittest dir when retrying failed testcases and unify testname directory and failed linknames into framwork functions Type: test Change-Id: I0764f79ea5bb639d278bf635ed2408d4d5220e1e Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-11-02tests: remove packet debug output from npt66 testcasesDave Wallace1-1/+1
Type: test Change-Id: I1883b50f67890aefb28ca0ca7447f4e73c574d26 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-10-31tests: fix UDP port range for mdata and bufmonDave Wallace2-2/+2
- Use of well known UDP port numbers causes random failure of mdata and bufmon tests Type: test Change-Id: I21a01c54e5f166aea101d3caace85b53f3f7285d Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-10-31tests: http static - skip if cannot create namespacesadrianvillin1-9/+6
Type: test Change-Id: I5fddb293f1b56853613ca2823dbb6d3d887d9929 Signed-off-by: adrianvillin <avillin@cisco.com>
2023-10-31ipsec: modify IPsec related tests to send and verify UDP-encapsulated ESP ↵vinay Tripathi3-12/+162
traffics In this patch, IPsec related test files have been modified to send UDP-encapsulated ESP packets,and validate against Inbound and Outbound policies that are configured with Bypass, Discard and Protect action. Type: test Change-Id: I4b8da18270fd177868223bfe1389dc9c50e86cc5 Signed-off-by: vinay Tripathi <vinayx.tripathi@intel.com>
2023-10-30tests: Added LLDP plugin testsadrianvillin1-0/+149
Type: test Change-Id: I5a2d1b2c92f2bb7c45a7b5e025584d9417487840 Signed-off-by: adrianvillin <avillin@cisco.com>
2023-10-30tests: Added http static server tests.adrianvillin2-3/+157
Coverage increased from 21% to 80% Type: test Change-Id: Ic8ecc620cef738d7dbe4c259f58a373ac155a588 Signed-off-by: adrianvillin <avillin@cisco.com>
2023-10-30ipsec: huge anti-replay window supportMaxime Peim4-27/+827
Type: improvement Since RFC4303 does not specify the anti-replay window size, VPP should support multiple window size. It is done through a clib_bitmap. Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I3dfe30efd20018e345418bef298ec7cec19b1cfc
2023-10-30flowprobe: fix accumulation of tcp flags in flow entriesAlexander Chernavin1-0/+74
Currently, TCP flags of a flow entry don't get reset once the flow is exported (unlike other meta information about a flow - packet delta count and octet delta count). So TCP flags are accumulated as long as the flow is active. When the flow expires, it is exported the last time, and its pool entry is freed for further reuse. The next flow that gets this pool entry will already have non-zero TCP flags. If it's a TCP flow, the flags will keep being accumulated. This might look fine when exported. If it's a non-TCP flow, that will definitely look erroneous. With this fix, reset TCP flags once the flow is exported. Also, cover the reuse case with tests. Type: fix Change-Id: I5f8560afffcfe107909117d3d063e8a69793437e Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-10-26hsa: unify echo test setupFilip Tehlar5-20/+18
Type: test Change-Id: I8665492c2f7755901a428aacdb27e98329ff557a Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2023-10-26tests: Added bufmon plugin testadrianvillin1-0/+130
Coverage increased from 35% to 94% Type: test Change-Id: I9a54a58bf53b29a771a93ce03998e95fbcd518eb Signed-off-by: adrianvillin <avillin@cisco.com>
2023-10-25tests: Added mdata plugin testadrianvillin1-0/+123
Coverage increased from 54% to 92% Type: test Change-Id: Ibb26f2b8989c5bb2826190c961bffe2c21c3f9a2 Signed-off-by: adrianvillin <avillin@cisco.com>
2023-10-25fib: only update glean for interface if necessaryMatthew Smith1-9/+12
Type: improvement If an interface address is added, the glean adjacency for it's covering prefix is updated with that address. In the case of multiple addresses within the same prefix being added, the most recently added one will end up being used as the sender protocol address for ARP requests. Similar behavior occurs when an interface address is deleted. The glean adjacency is updated to some appropriate entry under it's covering prefix. If there were multiple interface addresses configured, we may update the address on the adjacency even though the address currently in use is not the one being deleted. Add a new value PROVIDES_GLEAN to fib_entry_src_flag_t. The flag identifies whether a source interface entry is being used as the address for the glean adjacency for the covering prefix. Update logic so that the glean is only updated on adding an interface address if there is not already a sibling entry in use which has the flag set. Also, only update the glean on deleting an interface address if the address being deleted has the flag set. Also update unit test which validates expected behavior in the case where multiple addresses within a prefix are configured on an interface. Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I7d918b8dd703735b20ec76e0a60af6d7e571b766
2023-10-25tests: Added STN plugin test to improve coverage.adrianvillin1-0/+63
Type: test Change-Id: I30dfaed684e1f808089bb8eb301486434425ccd7 Signed-off-by: adrianvillin <avillin@cisco.com>
2023-10-25tests: Added a simple Snort plugin test to increase coverage.adrianvillin1-0/+53
Type: test Change-Id: I96ec8b4347210672bc587407ab2fd0f0305ea486 Signed-off-by: adrianvillin <avillin@cisco.com>
2023-10-18flowprobe: fix sending L4 fields in L2 template and flowsAlexander Chernavin1-7/+40
Currently, when L2 and L4 recording is enabled on the L2 datapath, the L2 template will contain L4 fields and L2 flows will be exported with those fields always set to zero. With this fix, when L4 recording is enabled, add L4 fields to templates other than the L2 template (i.e. to the IP4, IP6, L2_IP4, and L2_IP6 templates). And export L2 flows without L4 fields. Also, cover that case in the tests. Type: fix Change-Id: Id5ed8b99af5634fb9d5c6e695203344782fdac01 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-10-16ip-neighbor: do not use sas to determine NS source addressOle Troan3-3/+3
Using the source address selection algorithm to determine the best source of an NS for address resolution risks incompatible behavior. It may choose a source address that is off-link to the other host. Which may drop it. A safer approach is to always use the link-local address as the SA. It's recommended to pick a source that an application will later use, as VPP is mostly a router, that rarely applies. And regardlessly we have no mechanism to signal from an application that triggered address resolutiuon what source address it intends to use. Type: fix Change-Id: I3c5de66e41505f3682767706ef1195a20e4f0e54 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-16flowprobe: fix corrupted packets sent after feature disablingAlexander Chernavin1-0/+38
When IPFIX flow record generation is enabled on an interface and the active timer is set, flows will be saved and then exported according to the active and passive timers. If then disable the feature on the interface, the flow entries currently saved will remain in the state tables. They will gradually expire and be exported. The problem is that the template for them has already been removed. And they will be sent with zero template ID which will make them unreadable. A similar problem will occur if feature settings are "changed" on the interface - i.e. disable the feature and re-enable it with different settings (e.g. set a different datapath). The remaining flows that correspond to the previous feature settings will be eventually sent either with zero template ID or with template ID that corresponds to the current feature settings on the interface (and look like garbage data). With this fix, flush the current buffers before template removal and clear the remaining flows of the interface during feature disabling. Type: fix Change-Id: I1e57db06adfdd3a02fed1a6a89b5418f85a35e16 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-10-16nat: add ipfix rate-limiter for nat44-ed, nat44-ei and nat64Vladislav Grishenko3-15/+29
This prevents ipfix flood with the repeating events and allows to enable nat64 max_session and max_bibs events. Also fix wrong endian for det44 and nat64 ipfix tests, now should be fine with extended tests enabled. Max session per user event @ nat44-ei requires more precise rate limiter per user address, probably with sparse vec, not handled. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ib20cc1ee3f81e7acc88a415fe83b4e2deae2a836
2023-10-16npt66: icmp6 alg to handle icmp6 error messagesOle Troan1-19/+57
Support rewriting the inner packet for ICMP6 error messages. Type: feature Change-Id: I7e11f53626037075a23310f1cb7e673b0cb52843 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-13ethernet: run callbacks for subifs too when mac changesAlexander Chernavin1-3/+103
When MAC address changes for an interface, address change callbacks are executed for it. In turn adjacencies register a callback for MAC address changes to be able to update their rewrite strings accordingly. Subinterfaces inherit MAC address from the parent interface. When MAC address of the parent interface changes, it also implies MAC address change for its subinterfaces. The problem is that this is currently not considered when address change callbacks are executed. After MAC address change on the parent interface, packets sent from subinterfaces might have wrong source MAC address as the result of stale adjacencies. For example, ARP messages might be sent with the wrong (previous) MAC address and address resolution will fail. With this fix, when address change callbacks are executed for an interface, they will be also executed for its subinterfaces. And adjacencies will be able to update accordingly. Type: fix Change-Id: I87349698c10b9c3a31a28c0287e6dc711d9413a2 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-10-12flowprobe: fix sending L2 flows using L2_IP6 templateAlexander Chernavin1-2/+68
Currently, L2 flows are exported using L2_IP6 template if L3 or L4 recording is enabled on L2 datapath. That occurs because during feature enable, L2 template is added and its ID is not saved immediately. Then L2_IP4 and L2_IP6 templates are added overwriting "template_id" each time. And in the end, the current value of "template_id" is saved for L2 template. The problem is that "template_id" at that point contains the ID of L2_IP6 template. With this fix, save the template ID immediately after adding a template for all variants (datapaths). Also, cover the case with a test. Type: fix Change-Id: Id27288043b3b8f0e89e77f45ae9a01fa7439e20e Signed-off-by: Alexander Chernavin <achernavin@netgate.com>