Age | Commit message (Collapse) | Author | Files | Lines |
|
Now UDP enacapsulation doesn't work in transport mode with crypto
algorithms that have iv_sz=8 like AES GCM or 3DES CBC. That happens
because the inserted UDP header overlaps with the old IP header and
gets filled before the information from the old IP header can be
copied to a new IP header. The result is a broken packet:
00:03:39:620863: esp4-encrypt-tun
esp: sa-index 3 spi 3464048590 (0xce792fce) seq 31 sa-seq-hi 0
crypto aes-gcm-128 integrity none udp-encap-enabled
00:03:39:620867: adj-midchain-tx
...
00:03:39:620868: ip4-rewrite
...
00:03:39:620869: GigabitEthernet0/8/0-output
GigabitEthernet0/8/0
IP4: 08:00:27:a9:6b:d6 -> 08:00:27:5a:dd:0c
UDP: 10.255.0.10 -> 10.255.0.20
version 0, header length 0
tos 0x80, ttl 63, length 0, checksum 0x653e (should be 0xffff)
dscp CS4 ecn NON_ECN
fragment id 0x0000
UDP: 128 -> 0
length 0, checksum 0x0000
00:03:39:620870: GigabitEthernet0/8/0-tx
GigabitEthernet0/8/0 tx queue 0
...
IP4: 08:00:27:a9:6b:d6 -> 08:00:27:5a:dd:0c
UDP: 10.255.0.10 -> 10.255.0.20
version 0, header length 0
tos 0x80, ttl 63, length 0, checksum 0x653e (should be 0xffff)
dscp CS4 ecn NON_ECN
fragment id 0x0000
UDP: 128 -> 0
length 0, checksum 0x0000
With this commit, fill UDP header after copying the IP headers in
transport mode.
Type: fix
Change-Id: Ie9a6e562aa05a8378114329d6a9ff395189fa6a8
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I09fa6c1b6917936351bd376b56c414ce24488095
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
This reverts commit aad1ee149403994194cf37cef4530b042ba7df3a.
Reason for revert: Verify failure. Doesn't build.
Type: fix
Change-Id: I91b1b26ac43edde4853e4561a0083d0b3a06efee
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: If90d753f129312400c4c3669bb86289d0c3e0d99
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
... by removing duplicit test cacses.
There is little value in testing ESN flag when no integ algo
is used. This patch removes such test cases.
Type: improvement
Change-Id: Iae5baa1d39ac32a65d1d28ad57771a87962d8bb3
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This reverts commit c2c1bfd9b72aec88526c06479b128725eb525866.
Reason for revert: Seems it's breaking ipsec esp tests
Type: fix
Change-Id: Iac590eee23cbf92a10c62dafa789aa9c3b2284dd
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I3c348ad2fca8bb3d9a246af7a2aa9dc9c33f57c3
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
This fixes a special case when buffer chain enters decrypt node
and becomes a single buffer after decryption.
Type: fix
Change-Id: I1d4da029b952baa97400adb7173aa63fd97d916b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ia8dff15855a81cf29729bdaa3ff28fbe3254fa97
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I7f6f37ec6eed780322e2488d6eb0f5681945ba09
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Improve dependency tracking on vapi_test directory so that vapi_c_test
rebuild doesn't force vapi_cpp_test rebuild and vice versa.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I00094c6374981333858ddbe6ae934cfda3b33a36
|
|
Add a clib_time_t * argument to clib_timebase_init(...), to encourage
client code to share the vlib_main_t's clib_time_t object.
Display the current day / date in GMT via the "show time" debug CLI.
Fix the test framework so it processes the new "show time" output format.
Type: refactor
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I5e52d57eb164b7cdb6355362d520df6928491711
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: Ia14f33992353b419b70b55beed63ab8ed6a2e837
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Mark a few code coverage tests appropriately:
@unittest.skipUnless(running_gcov_tests, "part of code coverage tests")
def test_my_coverage_unittest(self):
<etc>
Almost exactly like "make EXTENDED_TESTS=yes test".
Type: feature
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ic6d0a097a608ba93442b3d88252f66f8e6805b97
|
|
Use consistent API types.
Type: fix
Change-Id: I7ac7cd00606101864fa3422e7b9ea2f1143665dd
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: Ib752a3425c076eb53bc5255a48039cbb74b1fcce
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I6238ec79b916c23c07c3f7e2ac8e635f5a0d6112
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
- Remove vl_api_from_api_string
to prevent use of not nul-terminated strings.
- Rename vl_api_from_api_to_vec -> vl_api_from_api_to_new_vec
to imply a new vector is created. NOT nul terminated.
- Add vl_api_from_api_to_new_c_string. Returns
nul terminated string in a new vector.
- Add vl_api_c_string_to_api_string. Convert nul terminated
string to vl_api_string_t
- Add vl_api_vec_to_api_string. Convert NON nul terminated
vector to vl_api_string_t
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: Iadd59b612c0d960a34ad0dd07a9d17f56435c6ea
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Type: improvement
allow clients that allocate punt reasons to pass a callback function
that is invoked when the first/last client registers to use/listen on
that punt reason. This allows the client to perform some necessary
configs that might not otherwise be enabled.
IPSec uses this callback to register the ESP proto and UDP handling
nodes, that would not otherwise be enabled unless a tunnel was present.
Change-Id: I9759349903f21ffeeb253d4271e619e6bf46054b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Iaba2ab11bfaa1c8db4023434e3043ac39500f938
|
|
Before this patch VPP checked age for ARP/NDP records every 1e5 seconds
for any configured aging time. This is 27 hours and it looks like
misprint because 1e5 is the number of 10us ticks in a second.
Also time to wait is now difference between aging time and time alive
for nodes in alive state.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: Ib5baa85032a44402d5f48c1145245260a42c7bae
|
|
Type: refactor
Change-Id: I04e71a64e676910dc4c6cbc1ab54ffb0c29aa5b9
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: feature
Add a new plugin to support HA using VRRPv3 (RFC 5798).
Change-Id: Iaa2c37e6172f8f41e9165f178f44d481f6e247b9
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: feature
Change-Id: Ie072a7c2bbb1e4a77f7001754f01897efd30fc53
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Upon encapsulation of L2 frames, IETF has replaced the NextHeader value from 59 (IPv6 No Next Header) to 143 (Ethernet).
https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
Type: fix
Signed-off-by: pcamaril <pcamaril@cisco.com>
Change-Id: I88aa5590c81d16700ff7a0bbe6337e113179496e
Signed-off-by: pcamaril <pcamaril@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie8bc5c9a03e858487cf565b4e9b520e6b496337a
|
|
Type: fix
Change-Id: I8f81cd6c29ff8cb4f0b4850b8b1f6611d89ddb38
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Make test framework python3 version independence.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I1ef1eb77b6c1f422ebc4dad0818f87c8e587b34b
|
|
Avoid using vec_del1() for directory vector to keep indexes valid all
the time.
There are state counters for each slave in LACP bond mode which can be
dynamically created and removed. Vector index is used to access these
counters. But also vec_del1() is used to remove counter from vector.
This function changes the index of the last element, so after this we
are unable to access ex-last element using old index.
As a result it is not possible to add-del-add two interfaces to the LACP
bond:
DBGvpp# create bond mode lacp
BondEthernet0
DBGvpp# create packet-generator interface pg1
DBGvpp# create packet-generator interface pg2
DBGvpp# bond add BondEthernet0 pg1
DBGvpp# bond add BondEthernet0 pg2
DBGvpp# bond del pg1
DBGvpp# bond del pg2
DBGvpp# bond add BondEthernet0 pg1
DBGvpp# bond add BondEthernet0 pg2
bond add: /if/lacp/1/3/partner-state is already register
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I2c86e13905eefdef6233369cd4ab5c1b53d123bd
|
|
Type: fix
Ticket: VPP-1831
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I655964b22021ac38cbced577091a1156286d4fd6
|
|
Type: refactor
The Tunnel Endpoint Informatiob Base (TEIB) is a better
description of what it is (a mapping between tunnel endpoint
address, in the overlay, and next-hop address, in the underlay)
whereas NHRP is one instanc eof a control protocol that might add
such endpoints.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Idcb2ad0b6543d3e5d9f6e96f9d14dafb5ce2aa85
|
|
Apply exponential smoothing to the clock rate update calculation in
clib_time_verify_frequency(), with a half-life of 1 minute and a
sampling frequency of 16 seconds. Within 5 minutes or so, the
calculation converges
With each rate recalculation: reset total_cpu_time based on the kernel
timebase delta since vpp started, and the new clock rate
Improve the "show clock [verbose]" debug CLI command.
BFD echo + echo fail tests marked off until the BFD code can be
reworked a bit.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I24e88a78819b12867736c875067b386ef6115c5c
|
|
Type: feature
common funcitons across IP-in-IP and GRE tunnels for encap/decap
functions
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I325b66824878d843af167adfe5a7a96b0ab90566
|
|
Type: feature
plus fixes for gre
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I0eca5f94b8b8ea0fcfb058162cafea4491708db6
|
|
Type: refactor
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I18dcdb7af3e327f6cacdbcb1e52b89f13d6ba6e2
|
|
More RFC compliance.
Ticket: VPP-1816 BFD: peer discriminator not reset on timeout
Type: fix
Change-Id: I68063c18097d282b3527e3fb485c1d0d1fd1b0c8
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: test
Change-Id: I97e02ebc5989eee794511c1ed6049e300be7d64e
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Traceback (most recent call last):
File "run_tests.py", line 886, in <module>
exit_code, suites = parse_results(results)
File "run_tests.py", line 732, in parse_results
results_per_suite.print_results()
File "run_tests.py", line 683, in print_results
result.get_testcase_names(failed_test_id)
TypeError: 'NoneType' object is not iterable
Type: test
Change-Id: I2c5ae0b9e11be6bfb4490d9ce057db0b0a84c9bf
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
from threading.thread __init__:
This constructor should always be called with keyword arguments.
If a subclass overrides the constructor, it must make sure to invoke
the base class constructor (Thread.__init__()) before doing anything
else to the thread.
Type: test
Change-Id: Ifa89202e97053a4baf19e9a0ca0913430d5087a3
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
TAP tests require root access, which breaks
the testing in unprivileged scenario.
Disable the test until we find consensus on how
to deal with it.
Type: test
Change-Id: I66ee2b130723233682d858cad0b6e424ab0b2383
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
Change-Id: I63d4df68eed6589763b5ce62bcd7f3fd867c60e1
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
1 - big packets; chained buffers and those without enoguh space to add
ESP header
2 - IPv6 extension headers in packets that are encrypted/decrypted
3 - Interface protection with SAs that have null algorithms
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ie330861fb06a9b248d9dcd5c730e21326ac8e973
|
|
Absolutely nothing good happens when we force the kernel to briefly
map and then unmap 16gb as vpp starts. Effect exacerbated when
TEST_JOBS = 20...40, and so forth.
Type: test
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Id8e3ce1763cad3a0891d5d6c8d2c1e3e610682d7
|
|
test_bfd.BFD4TestCase.test_poll_response providing
inconsistent results is the per-patch tests.
Type: test
Change-Id: I8f1864511526fd330a7da1abfa19be3f565c683a
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
Change-Id: I05d74da311d6a86ec4eb3df50d53ecaa9c622f50
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: test
Change-Id: I2cccc68b1b4b6c576580ae0eb5d4511ca2f4663d
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: test
Change-Id: Id1bffbfe698113d85c4c6bf432ddf4908ed2b788
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
The pcap trace filter initial table index lives in
cm->filter_set_by_sw_if_index [0], which corresponds to the "local0"
interface. Debug cli makes sure that folks don't accidentally specify
the "local0" interface. At least it does now...
Fix the "vlib format.c code coverage" test in test/test_vlib.py.
Type: fix
Change-Id: I35320bc2c8f0c6f1f8c12e3529d1938548185151
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
log.txt message:
17:52:59,969 API call failed, expected 0 return value instead of -13 in tap_create_v2_reply(_0=58, context=77019, retval=-13, sw_if_index=4294967295)
Test was failing with log message:
tap: tap0: tap_create_if: ioctl(TUNSETIFF): Operation not permitted
Type: test
Change-Id: I5bcd9d2b0c870ea5eef92b79314b97821399722f
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
Change-Id: I5cb9a3845ddbc5f4de4eb4e9c481f606fe5cec9a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|