summaryrefslogtreecommitdiffstats
path: root/test
AgeCommit message (Collapse)AuthorFilesLines
2023-09-04npt66: checksum applied to src address instead of dst address on rxOle Troan1-18/+27
Applied the checksum delta to the source address instead of the destination address in the RX direction. Cleaned up tests a little. Type: fix Change-Id: I871f3448365587e5319dfbca6ea356935321ff9b Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-04tracenode: filtering featureMaxime Peim1-17/+199
In order to be able to filter on encapsulated packet, a new node has been added to the ip4/6-unicast arcs. Type: feature Change-Id: I1e8ee05bc6d0fce20cadd8319c81bab260c17d21 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2023-09-01map: test fix feature disablingMaxime Peim1-0/+5
Upon test teardown, MAP features were not disabled, potentially leading packets to be treated by the wrong node. Type: test Change-Id: I0c1c614318d1308f825c5cc0bf95688e92f6d00a Signed-off-by: Maxime Peim <mpeim@cisco.com>
2023-08-25npt66: network prefix translation for ipv6Ole Troan1-0/+89
This is the initial commit of a NPTv6 (RFC6296) implementation for VPP. It's restricted to a single internal to external binding and runs as an output/input feature on the egress interface. Type: feature Change-Id: I0e3497af97f1ebd99377b84dbf599ecea935ca24 Signed-off-by: Ole Troan <otroan@employees.org>
2023-08-17tests: more descriptive error messageKlement Sekera2-2/+10
Type: improvement Change-Id: Icf8a5dc711e1e11ec919b515d7af2f487a1c04c2 Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-08-16tests docs: update python3 venv packagesDave Wallace28-450/+576
- Package update performed by 1. updating pip, pip-tools, setuptools 2. 'make test-refresh-deps' on ubuntu 22.04 3. fixing 'make test' and 'make docs' issues on ubuntu 22.04 4. 'make test-refresh-deps' on ubuntu 20.04 - Add dependency for 'make test-refresh-deps' to insure python venv is set up. - Update of python formatter, black, caused reformating of 41 python code files. Type: make Change-Id: I7cafdf4b5189065ac57cb6b254937f6e0897a924 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-08-11tests: filter coverage report outputDave Wallace1-0/+3
- Remove test code & non-vpp code from coverage report - Remove driver/hardware vpp code which cannot be tested in 'make test' from coverage report Type: fix Change-Id: I04b50c14bc3437b845f2afafae47297189e61e3f Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-08-08tests: fix setting gcov flag for test-cov targetDave Wallace1-1/+1
Type: fix Change-Id: I3c663babe4f32f5d2870265336b5d272cc029ce7 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-08-08ipsec: add support for RFC-4543 ENCR_NULL_AUTH_AES_GMACBenoît Ganne3-24/+186
Type: improvement Change-Id: I830f7a2ea3ac0aff5185698b9fa7a278c45116b0 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-07-21tests: Add checksum offload interface testsNaveen Joy2-0/+42
Type: test Change-Id: I6edc8858b802d3d32159d71c1e867a06cc1025d5 Signed-off-by: Naveen Joy <najoy@cisco.com>
2023-07-13lb: Fix src_ip_sticky evaluation bug in per-port-vip case.Nobuhiro MIKI1-0/+32
Before this fix, the src_ip_sticky flag was passed as an argument to the lb_node_get_hash function, which computes a hash value for a packet. However, in per-port-vip case, the value of src_ip_sticky flag may be different for each port number. As a result, the value is the same for all port numbers, even though it is a per-port-vip case. This commit fixes the src_ip_sticky evaluation by delaying it until the packet is received, so that the correct value is obtained. Also, the unit test case has been enhanced for this bug fix. The steps to reproduce this bug are described below: https://lists.fd.io/g/vpp-dev/message/23248 Type: fix Fixes: 613e6dc0bf92 ("lb: add source ip based sticky load balancing") Change-Id: I483492b214a1768e7a21fd86edd5151b3c46528b Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
2023-06-29ip-neighbor: add api for getting neighbor db configAlexander Chernavin1-0/+30
There is an API call to change neighbor database configuration (i.e. limit on peer number, aging, and recycling). With this change, make getting current values of these settings available via the API. Type: improvement Change-Id: Ie9394e086b68cf9b28ad98dea162f203f8043cbb Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-06-23ipsec: manually binding an SA to a workerMaxime Peim1-0/+38
An SA is normally bound to the first thread using it. However, one could want to manually bind an SA to a specific worker. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I05cbbf753e44a01d9964ee47812c964db9bbb488
2023-06-22tests docs: fix lcov code coverage report generationDave Wallace1-14/+34
- Updated/rebased version of https://gerrit.fd.io/r/c/vpp/+/34199 Type: test Change-Id: I43913ecfd11a4578bdb10c4be76253fe38d57976 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-06-21tests: do not run qemu interface tests if the environment does not allow itAndrew Yourtchenko3-2/+39
cdf73b973181ff4c67147900408216e37bae897a has added the qemu tests as part of the default test run, which results in "make test" failure in more restricted environments which do not allow the namespace creation. Add a config flag to skip those tests, and skip them if the namespace creation fails. Type: test Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Ie631f7fb2a80864f77c79619eba4a43712e950e5
2023-06-15tests: Run interface tests as a regular testDave Wallace1-1/+0
Type: test Change-Id: I5cf5a0e6437b274e565066f1012d7225c62b87a8 Signed-off-by: Naveen Joy <najoy@cisco.com>
2023-06-02wireguard: add support for chained buffersAlexander Chernavin1-0/+227
Type: feature With this change, packets that are larger than a single buffer can fit will be able to be sent and received over a Wireguard tunnel. Also, cover this with tests. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ifaf7325676d728580097bc389b51a9be39e44d88
2023-06-01crypto: make crypto-dispatch node working in adaptive modeXiaoming Jiang1-5/+0
This patch can make crypto dispatch node adaptively switching between pooling and interrupt mode, and improve vpp overall performance. Type: improvement Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I845ed1d29ba9f3c507ea95a337f6dca7f8d6e24e
2023-05-25udp: fix local port reuse checkFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I323946f7838507110c663f5a904399a74fc76691
2023-05-20tests: support for expected failuresKlement Sekera4-156/+204
- Add support for @unittest.expectedFailure decorator. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I761751cda505e962225dc680b97c1fffa96f5176 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-05-20tests: enhance counter comparison error messageKlement Sekera2-4/+8
- Make error message more human readable. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Iefc276b3a85ff82b927028a72bb91ed87ebd04ba Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-05-19tests: refactor extra_vpp_punt_configKlement Sekera6-11/+11
Rename extra_vpp_punt_config to a more generic name extra_vpp_config to better fit its purpose. It's fit for general use and already used that way by quic and vcl tests anyway. Type: refactor Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Ib0a5789b0dbb3a8c3cae654dea4e32ac5e56dd41
2023-05-16ip_session_redirect: add session redirect pluginBenoît Ganne1-0/+229
This feature enables the use of the classifier and ip-in-out-acl nodes to redirect matching sessions via arbitrary fib paths instead of relying on additional VRFs. Type: feature Change-Id: Ia59d35481c2555aec96c806b62bf29671abb295a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-04-28session: update due to clib_socket refactoringNathan Skrzypczak6-14/+14
After the clib_socket_init syntax changed, the behavior of VCL socket creation was broken. This patch introduces app_namespace_add_del_v4 to address the behavioral change. Type: refactor Change-Id: Ice016bdb372233fd3317f166d45625e086e9b4df Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-04-25tests: fix parallel runs skipping some testsKlement Sekera1-3/+5
Fix corner case when a test would be skipped if it was not possible to start it due to insufficient cpus available in the middle of the loop. Type: fix Change-Id: Ie4580685ff55688375d649d7009131d9fe1e4f33 Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2023-04-25tests: fix test-help formattingKlement Sekera1-1/+1
Type: improvement Change-Id: Ib7703359b998456bff88caee88c2734c7724bc09 Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2023-04-25tests: support multiple filter expressionsKlement Sekera3-64/+202
Support multiple comma-delimited filter expressions, e.g. to run both bfd and ip4 tests, it's now possible to do: make test TEST=bfd,ip4 Same goes for wildcards, e.g.: make test TEST=bfd,..test_longest_prefix_match,..test_icmp_error Type: improvement Change-Id: I0cceaa443cb612dca955f301c7407959f9a71a6e Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2023-04-12ip: punt socket - take the tags in Ethernet header into considerationAndrew Yourtchenko1-0/+82
The punt socket code rewinds the current_data pointer by sizeof (ethernet_header_t), which is incorrect if the header is tagged - resulting in truncated destination MAC address. Use ethernet_buffer_header_size() instead, which takes tags into account. Also add the unittest that verifies the issue and the fix. Type: fix Change-Id: I6352a174df144ca1e4230390c126f4b698724ebc Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2023-03-31ip: support flow-hash gtpv1teidTakeru Hayasaka1-1/+45
support with GTPv1 TEID added to the flow hash. This can able to ECMP to PGW and parallelization. Type: feature Change-Id: I6f758579027caf6123831ef2db7afe17e424a6eb Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
2023-03-23ipsec: add per-SA error countersArthur de Kerhor4-13/+43
Error counters are added on a per-node basis. In Ipsec, it is useful to also track the errors that occured per SA. Type: feature Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2023-03-06stats: fix tests with multiple workersBenoît Ganne1-16/+26
Type: fix Change-Id: Ic4b8478d390c7373bfb43a39ae6a70e978ae9321 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-03-06vppinfra: fix clib_bitmap_will_expand() result inversionVladislav Grishenko1-9/+6
Pool's pool_put_will_expand() calls clib_bitmap_will_expand(), so every put except ones that leads to free_bitmap reallocation will get false positive results and vice versa. Unfortunatelly there's no related test and existing bitmap tests are failing silently with false positive result as well. Fortunatelly neither clib_bitmap_will_expand() nor pool_put_will_expand() are being used by current vpp codebase. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Id5bb900cf6a1b1002d37670f5c415c74165b5421
2023-02-14tests: support tmp-dir on different filesystemDmitry Valter4-4/+6
Support running tests with `--tmp-dir` on a filesystem different from /tmp. os.rename withs only within a single FS whereas shutil.move works accross different filesystems. Type: improvement Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I5371f5d75386bd2b82a75b3e6c1f2c850bc62356
2023-02-10sr: support define src ipv6 per encap policyTakeru Hayasaka2-2/+193
Can to define src ip of outer IPv6 Hdr for each encap policy. Along with that, I decided to develop it as API version V2. This is useful in the SRv6 MUP case. For example, it will be possible to handle multiple UPF destinations. Type: feature Change-Id: I44ff7b54e8868619069621ab53e194e2c7a17435 Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
2023-02-10tests: use existing pip compiled req file for building the run.py venvNaveen Joy1-18/+1
pip compiled requirements file named requirements-3.txt exists in the test directory. No need to auto-generate it again Type: improvement Change-Id: Ib2b51c983af8d0e4b000e4544012b6cd94405519 Signed-off-by: Naveen Joy <najoy@cisco.com>
2023-02-10tests: use iperf3 for running interface tests on the hostNaveen Joy1-1/+20
Type: improvement Change-Id: I7123591932d51ce0c5b372893454945bbd3913b2 Signed-off-by: Naveen Joy <najoy@cisco.com>
2023-02-08ip6-nd: support dump/details for IPv6 RAAlexander Chernavin1-0/+79
Type: improvement With this change, add support for dumping IPv6 Router Advertisements details on a per-interface basis (or all). Also, cover that with a test. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I89fa93439d33cc36252377f27187b18b3d30a1d4
2023-02-06ipsec: fix SA names consistency in testsArthur de Kerhor5-127/+127
In some IPsec tests, the SA called scapy_sa designs the SA that encrypts Scapy packets and decrypts them in VPP, and the one called vpp_sa the SA that encrypts VPP packets and decrypts them with Scapy. However, this pattern is not consistent across all tests. Some tests use the opposite logic. Others even mix both correlating scapy_tra_spi with vpp_tra_sa_id and vice-versa. Because of that, sometimes, the SA called vpp_sa_in is used as an outbound SA and vpp_sa_out as an inbound one. This patch forces all the tests to follow the same following logic: - scapy_sa is the SA used to encrypt Scapy packets and decrypt them in VPP. It matches the VPP inbound SA. - vpp_sa is the SA used to encrypt VPP packets and decrypt them in Scapy. It matches the VPP outbound SA. Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: Iadccdccbf98e834add13b5f4ad87af57e2ea3c2a
2023-02-03nat: fix accidental o2i deletion/reuseDmitry Valter1-2/+73
Nat session is allocated before the port allocation. During port allocation candidate address+port are set to o2i 6-tuple and tested against the flow hash. If insertion fails, the port is busy and rejected. When all N attempts are unsuccessful, "out-of-ports" error is recorded and the session is to be deleted. During session deletion o2i and i2o tuples are deleted from the flow hash. In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers to **some other** session that's known to be allocated. By backing match tuple up session should be invalidated well enough not to collide with any valid one. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
2023-02-02policer: API policer selection by indexMaxime Peim2-22/+116
Policer API calls were only by policer name. It is now possible to select a policer by its index. Some functionalities are also added to allow updating a policer configuration and to refill its token buckets. Some dead codes are being removed, and small fixes made. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I4cc8fda0fc7c635a4110da3e757356b150f9b606
2023-02-01wireguard: update ESTABLISHED flagArtem Glazychev1-1/+29
We cannot confidently say that if we have received and processed the handshake_initiation message, then the connection has been established. Because we also send a response. The fact that the connection is established can only be considered if a keepalive packet was received. Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I61731916071990f28cdebcd1d0e4d302fa1dee15
2023-01-31tests: refactor quic tests to use app-socket-apiDave Wallace1-25/+40
- clean up nomenclature & use f-strings where applicable Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I561b7808cfc3fbfa463f7698732d19759d9ddcd4
2023-01-26wireguard: sending the first handshakeArtem Glazychev1-0/+33
After creating a peer, we send a handshake request. But it's not quite right to call wg_send_keepalive() directly. According to documentation, handshake initiation is sent after (REKEY_TIMEOUT + jitter) ms. Since it's the first one - we don't need to take REKEY_TIMEOUT into account, but we still have jitter. It also makes no sense to immediately send keepalives, because the connection is not created yet. Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I61707e4be79be65abc3396b5f1dbd48ecbf7ba60
2023-01-25api: pcap capture api updateMaxime Peim1-1/+73
Allow enabling and disabling pcap capture via the API. A little bug is fixed along the way in vl_api_classify_pcap_set_table_t_handler. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I096129c82aecdc82bee5dbfb5e19c76a51d80aab
2023-01-18lb: add source ip based sticky load balancingNobuhiro MIKI1-2/+42
This patch adds source ip based sticky session, which is already implemented in many hardware LBs and software LBs. Note that sticky sessions may be reset if the hash is recalculated as ASs are added or deleted. Since this feature is unrelated to the other existing options, the lb_add_del_vip API version has been upgraded to v2 and a new option "src_ip_sticky" has been added. Type: feature Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp> Change-Id: I3eb3680a28defbc701f28c873933ec2fb54544ab
2023-01-18tests: improve packet checksum functionsKlement Sekera1-6/+21
Fool-proof assert_checksum_valid so that one does not verify checksum on wrong layer (because of how scapy internally works). Make assert_packet_checksums_valid start checksum checking at inner layers and outwards to make it more obvious where the error is. With old behaviour, if one received an ICMP packet carrying a truncated TCP packet, an error would be raised for ICMP checksum, as that one would be the first to be wrong after recalculating all packet checksums, while the real issue is TCP header being truncated and thus unsuitable for use with this function. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I39a2b50ec5610f969cfde9796416ee3a50ae0ba3
2023-01-16ipsec: fix transpose local ip range position with remote ip range in fast ↵Piotr Bronowski1-32/+35
path implementation In fast path implementation of spd policy lookup opposite convention to the original implementation has been applied and local ip range has been interchanged with the remote ip range. This fix addresses this issue. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I0b6cccc80bf52b34524e98cfd1f1d542008bb7d0
2023-01-12abf: exclude networks with deny rulesJosh Dorsey1-0/+126
Type: improvement Signed-off-by: Josh Dorsey <jdorsey@netgate.com> Change-Id: Iee43ca9278922fc7396764b88cff1a87bcb28349
2022-12-21quic: fix quic plugin with openssl 3.xDave Wallace1-2/+1
- load openssl legacy providers during quic init when building with openssl 3.0 or greater - re-enable quic 'make test' testcases on ubuntu-22.04 Type: fix Change-Id: Icfd429b6bc1bddf9f9937baa44cc47cd535ac5f2 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-12-16ipsec: new api for sa ips and ports updatesArthur de Kerhor3-6/+61
Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA without having to rekey. Could be done by deleting and re-adding the SA but it would not preserve the anti-replay window if there is one. Use case: a nat update/reboot between the 2 endpoints of the tunnel. Type: feature Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>