summaryrefslogtreecommitdiffstats
path: root/test
AgeCommit message (Collapse)AuthorFilesLines
2020-10-16misc: deprecate VOMDamjan Marion3-2378/+3
Type: make Change-Id: Ifb3e52af93d24fcc2f2e6a0c408e16902a2fe553 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-10-16ipsec: fix instance, and cli del for new ipsec interfaceEric Kinzie2-4/+23
- use user instance number in interface name Restore the behavior of previous versions where the IPsec tunnel interface name contained the value of the user-provided instance number. For example, a command similar to create ipsec tunnel local-ip . . . instance 5 would result in the creation of interface "ipsec5". - ipsec: delete tunnel protection when asked The "ipsec tunnel protect" command will parse a "del" argument but does not undo the tunnel protection, leaving the SAs hanging around with reference counts that were incremented by a previous invocation of the command. Allow the tunnel protection to be deleted and also update the help text to indicate that deletion is an option. - test: ipsec: add test for ipsec interface instance Also cleanup (unconfig) after TestIpsecItf4 NULL algo test. Type: fix Fixes: dd4ccf2623b5 ("ipsec: Dedicated IPSec interface type") Signed-off-by: Eric Kinzie <ekinzie@labn.net> Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: Idb59ceafa0633040344473c9942b6536e3d941ce
2020-10-08gre: MPLS over GRE does not select correct fixup functionNeale Ranns1-1/+55
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I9eff41407b0f172f2b567e6a4ea1c48be8df883a
2020-10-08ip-neighbor: Grat ARPs from different subnet are droppedNeale Ranns2-1/+33
Type: test Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Id07e8981a903f11f50fb494a93d01815382025e4
2020-10-08ipsec: Allow SAs with NULL auth &crypto on IPSec interfaceNeale Ranns1-4/+25
Type: improvement on the dedicated IPSec interface, the SA describes the peer, so it is not possible to forward to a peer for which there is no SA. Therefore if an SA is added with NULL auth and integ then this explicitly states that this is what the peer desires. on the contrary on the IP-IP/GRE interface, in the absence of protection and an SA, then the traffic is sent in the clear. So adding NULL auth/crypto iSA is a means to describe that the peer should not be sent traffic. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I7ad2d466cc74eb7ff8c4c84e0d7897d06e2fcf86
2020-10-08fib: Register multicast MAC with interface for accepting interfacesNeale Ranns1-2/+33
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ic6c76b65e2dcc08916373153944507a297c962c0
2020-10-07api: add heap alloc to vpp statsOle Troan1-1/+0
The Python VPP Stats module also used the VPP heap. Fix so it now explicitly allocates a heap. Fixes: f68fccfe7e188fec2c9f91da38ca9acf6f67d811 Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I0bd4ae64d6c89cdf634d8d9a91c23ab38017c5cc Signed-off-by: Ole Troan <ot@cisco.com>
2020-09-30ikev2: better packet parsing functionsFilip Tehlar1-0/+24
Ticket: VPP-1918 Type: improvement Change-Id: I2bc3e30121697404dcd54f1c2127bd85ccc1029e Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-09-22lisp: Move to pluginNeale Ranns2-208/+2
Type: refactor Change-Id: I54df533a8f863c4e49742903cf2457f18b4fc506 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-09-21geneve: Move to pluginNeale Ranns1-307/+0
Type: refactor Change-Id: I613bf4d6517591351b212bfe6c8d93abf235f5dc Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-09-21misc: Move l2tp to pluginNeale Ranns1-47/+0
Type: refactor Change-Id: Ifb36eeb146b87e9e305881429d32d6879e955e1e Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-09-21build: remove opensuse build infraDave Wallace1-1/+1
- VPP on opensuse has not been supported for several releases. Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I2b5316ad5c20a843b8936f4ceb473f932a5338d9
2020-09-17teib: Add adj-fibs for peers/adjacencies on p2mp interfaceNeale Ranns2-4/+52
Type: fix Change-Id: I6fdc4e952097e92ac3aa53e0be3ef99e0d801b28 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-09-09wireguard: initial implementation of wireguard protocolArtem Glazychev2-1/+5
Type: feature The main information about plugin you can see in README.md vpp# wireguard ? wireguard create wireguard create listen-port <port> private-key <key> src <IP> [generate-key] wireguard delete wireguard delete <interface> wireguard peer add wireguard peer add <wg_int> public-key <pub_key_other>endpoint <ip4_dst> allowed-ip <prefix>dst-port [port_dst] persistent-keepalive [keepalive_interval] wireguard peer remove wireguard peer remove <index> Change-Id: I85eb0bfc033ccfb2045696398d8a108b1c64b8d9 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Jim Thompson <jim@netgate.com> Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-07ipsec: fix padding/alignment for native IPsec encryptionChristian Hopps4-33/+101
Not all ESP crypto algorithms require padding/alignment to be the same as AES block/IV size. CCM, CTR and GCM all have no padding/alignment requirements, and the RFCs indicate that no padding (beyond ESPs 4 octet alignment requirement) should be used unless TFC (traffic flow confidentiality) has been requested. CTR: https://tools.ietf.org/html/rfc3686#section-3.2 GCM: https://tools.ietf.org/html/rfc4106#section-3.2 CCM: https://tools.ietf.org/html/rfc4309#section-3.2 - VPP is incorrectly using the IV/AES block size to pad CTR and GCM. These modes do not require padding (beyond ESPs 4 octet requirement), as a result packets will have unnecessary padding, which will waste bandwidth at least and possibly fail certain network configurations that have finely tuned MTU configurations at worst. Fix this as well as changing the field names from ".*block_size" to ".*block_align" to better represent their actual (and only) use. Rename "block_sz" in esp_encrypt to "esp_align" and set it correctly as well. test: ipsec: Add unit-test to test for RFC correct padding/alignment test: patch scapy to not incorrectly pad ccm, ctr, gcm modes as well - Scapy is also incorrectly using the AES block size of 16 to pad CCM, CTR, and GCM cipher modes. A bug report has been opened with the and acknowledged with the upstream scapy project as well: https://github.com/secdev/scapy/issues/2322 Ticket: VPP-1928 Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: Iaa4d6a325a2e99fdcb2c375a3395bcfe7947770e
2020-09-04vpp: Fix node APIsNathan Skrzypczak1-1/+1
Type: fix Change-Id: Ic6e2b7e05b50945a8e2222019c2942a6ee52e465 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-02bonding: add bond_create2 API to include gso optionSteven Luong2-16/+26
gso option is available for the debug CLI version of bond create. This patch is to create a new API to have the corresponding option in the binary API. The old binary API bond_create is marked deprecated. Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id9501b8e6d267ae09e2b411957f181343da459c0
2020-08-31vpp_config: update node variants to skx and iclRay Kinsella1-2/+2
Node variant names have changed to skx and icl. Type: fix Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I5be832aa59e4e440df53869077d801c011e3defa
2020-08-27tests: "force solo" testcase supportAndrew Yourtchenko6-8/+102
Some of the tests are time-sensitive, and at present require a non-trivial modification in order to run at high concurrency. Without these modifications, they intermittently fail, and require the test retries. Rather than setting them to the extended tests and forgetting about them, put them into a "solo" set, which gets run in a single-threaded mode after the rest of the tests are done. Mark a few of the tests that showed errors during TEST_JOBS=48 as forced-solo. Also, give a better diagnostic if the testcase misses a docstring needed to represent it in the diagnostic outputs. Type: fix Change-Id: I33fe62eb17edc1885bd2c3523892051d52da6546 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-08-14gso: packet coalesce libraryMohsin Kazmi2-0/+162
Type: feature Change-Id: Ia19d3611e596d9ec47509889b34e8fe793a0ccc3 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-08-06misc: harmonize namesDave Barach1-2/+2
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ibad744788e200ce012ad88ff59c2c34920742454
2020-08-03unittest: add clib_count_equal_u8/16/32/64 testsBenoît Ganne1-1/+1
Type: test Change-Id: I490c1b1a2fa49badda038e6be014c77b9bee6c56 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-31ip-neighbor: Allow to replace dynamic entryVladimir Isaev1-0/+110
Before this patch it was not allowed to replace a dynamic ARP entry with a static one with the same mac-address. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: I6cfc0e510ffdf141c61874288f11a60395182374
2020-07-28bonding: toggle bond admin state may cause hw link state to downSteven Luong1-2/+37
For bond interface, we set hardware link state to up initially when admin state is set to up. Thereafter, if we toggle the admin state to down and up, we require at least one active member in the bond prior to bringing up the hardware state which is inconsistent. The fix is to remove the unnecessary condition. This is a rework of the original proposed patch which is more complex and could be tricky to get it right https://gerrit.fd.io/r/c/vpp/+/27141 Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I65f4fee55299b5b4d5645f6e05e1be15b46b73cd
2020-07-28ip: svr: improve performance for non-fragmentsKlement Sekera1-0/+66
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ia77ce41a8f1a032c5e027c4bb47347752cfda0a9
2020-07-28bonding lacp: replace slave string with memberSteven Luong2-39/+42
- Replace textual string slave with member except APIs. - For APIs, mark the existing APIs as deprecated and introduce new APIs - While introducing sw_bond_interface_dump, add the optional filter by sw_if_index and enhance the testcases to make use of it. Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ib6626c514e45350308aeeda0decb70f3aba2f63e
2020-07-24geneve: support geneve interface acting as a bviOle Troan1-2/+71
create geneve tunnel local 10.10.10.10 remote 10.10.10.9 vni 48 decap-next node ethernet-input l3-mode set interface ip address geneve_tunnel0 11.11.11.12/24 Type: feature Change-Id: I579ce879553d72a2e8048e33d0c0122674996b81 Signed-off-by: Ole Troan <ot@cisco.com>
2020-07-21ipsec: Dedicated IPSec interface typeNeale Ranns3-4/+343
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ie8bd50df163aea2798e9f9d35a13dcadc4a4a4b2
2020-07-16gre: fix outer ip6 lengthAloys Augustin1-0/+9
This updates the computation of the outer ip6 header payload_length field in order to take into account the GRE header length. Change-Id: Ie9f982521aeaef7279a9e329a33272d6fae0a428 Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2020-06-24tests: fix deps pinning / patchingAloys Augustin1-5/+3
This ensures we don't recompute the requirements-{2,3}.txt on each make test run, and skips patching scapy if it is already patched instead of failing. Change-Id: I3da57182ae49f3dd04db139d96734a5d145fedff Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2020-06-20tests: improve lcov stats for memory_api.cDave Barach1-1/+19
Cover vl_mem_api_dead_client_scan(...), which is not so simple. Spin up vpp_api_test using pexpect.spawn, make it bootstrap a private memory segment, kill vpp_api_test, and wait for the dead client scanner to run a few times so that it declares the client dead. The test only runs if GCOV_TESTS=yes is set in the environment. Type: test Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I3c712fa011df2e23761a2e73c1aba0c7e50123a6
2020-06-16gso: fix the udp checksum in testMohsin Kazmi1-2/+2
Type: fix Change-Id: I7005e4763e73f3679c40f94bdab26d439cd23188 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-06-10vapi: memset allocated messages to zeroKlement Sekera2-20/+0
This avoids using dirty data from shared memory by client. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I96eecf655bf344ec29609cedbd8dc891b572e207
2020-06-08vxlan: Fixed checksum caclculation offsetVladimir Isaev5-6/+41
VXLAN uses csum_offload for IPv6 packets. But without gso node we have csum calculated only for inner packet. This patch adds support for outer header csum calculation. Checksum for inner packet should be calculated before interface-output node (for example in vxlan node). Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Ica68429ede4426293769207cd83c791ebe72fe56
2020-05-29bonding: Revert adjust link stateMatthew Smith1-58/+1
This reverts commit 9121c415a91904be50071ec55143d9c89b2f1b91. Reason for revert: causes deadlock with multiple worker threads Type: fix Change-Id: Icf3d6d343d99d887abacbaa03acbf04d4628514e Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-05-29gso: add checksum and payload size testingMohsin Kazmi1-49/+148
Type: test Change-Id: I9e4f7cf44d465712aa26e5dd6a0ff38588964a39 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-05-27bonding: adjust link state based on active slavesMatthew Smith1-1/+58
Type: improvement Bond link state is being maintained inconsistently. It is initially set to up. If the bond interface admin state is set to down, the link state is set to down. If the bond interface admin state is set to up, the link state is only set to up if there are active slave interfaces at that point. If slaves become active at some later time, it does not get updated. Its next chance to be updated is the next time the bond interface is set to admin up. To address this, do not set the link state to up after creating a bond. Adjust the link state as slave interfaces are attached or detached based on whether the bond is getting its first active slave or losing its last one. Unit test added to verify correct maintenance of link state. Change-Id: I31f17321f7f0e727e1ab1e01713423af6566dad9 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-05-25tests: update pip and pip-toolsAloys Augustin4-216/+387
This fixes an issue where the pinned requirements file can be modified when running the tests. Change-Id: Ic89d1844d1fd8d00f62211a9b051a26ac34ee316 Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2020-05-24ipsec: fixed chaining ops after add footer and icvPiotrX Kleski1-0/+1
In case there is no free space in first buffer for ICV and footer, additional buffer will be added, but esp_encrypt will stay in single buffer mode. The issue happens for the following payload sizes: - TCP packets with payload 1992 - ICMP packets with payload 2004 This fix moves the single/chained buffer ops selection to after esp_add_footer_and_icv call. Type: fix Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Change-Id: Ic5ceba418f738933f96edb3e489ca2d149033b79
2020-05-15ikev2: add support for NAT traversalFilip Tehlar1-4/+1
Type: feature * initiator behind NAT supported * tested with static NAT mappings * works only with pre-configured tunnels The pre-configured tunnel has to be defined as follows: initiator (i) side: src=ip(i) dst=ip(r) responder (r) side: src=ip(r) dst=ip(nat) Change-Id: Ia9f79ddbbcc3f7dc8fde6bbeca2a433e3b784e94 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-14nat: "users" dump for ED-NATKlement Sekera1-1/+1
Since the removal of "users" concept in ED-NAT nat44_user_dump API returns empty array. This brings back previous behaviour at a considerable runtime cost until a better API is introduced. Type: improvement Change-Id: I5a45923cfeb6b8ebe6fc906601264d6567386991 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-05-14ip: fix interface ip address del sw_if_index checkyedg2-0/+36
Type: fix Signed-off-by: Ye donggang <yedg@wangsu.com> Change-Id: Ia9f72ff2be455ecd4ff3d16e884c5a50f9df69fe
2020-05-13feature: Config end nodes are user specificNeale Ranns1-0/+12
Type: fix it is possible for a user to change the end node of a feature arc, but this change should only apply to that 'instnace' of the arc, not all arcs. for example, if a tunnel has its ipx-output end node changed to adj-midchain-tx, this shouldn't affect all ipx-output arcs. obviously... Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I41daea7ba6907963e42140307d065c8bcfdcb585
2020-05-13ipsec: Support 4o6 and 6o4 for SPD tunnel mode SAsNeale Ranns1-1/+75
Type: feature the es4-encrypt and esp6-encrypt nodes need to be siblings so they both have the same edges for the DPO on which the tunnel mode SA stacks. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I2126589135a1df6c95ee14503dfde9ff406df60a
2020-05-05tests: clean up loggingPaul Vinciguerra2-30/+25
Tests currently expect the logger to be poked from run_tests.py. The tests should run without any magic values. This change sets a default null logger and removes the hasattr checks for the logger. For reference, see: https://docs.python-guide.org/writing/logging/ Type: test Change-Id: I98f953d73d12d00e74b59c94a0fb8c7a625b9c44 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-05ipsec: User can choose the UDP source portNeale Ranns5-97/+252
Type: feature thus allowing NAT traversal, Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-05gso: fix the make test for ipipMohsin Kazmi1-2/+15
Type: test This commit fixes the make test for GSO/IPIP which are added in following commit id: 84f91fa9c54f82c54b58ea3bf6e9ba22ff735d3a Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I66a57fe195e626b432ff0acba3a5bdf242a7a46e
2020-05-05api: ip: add IP_ROUTE_LOOKUP APIChristian Hopps2-0/+148
Add an IP_ROUTE_LOOKUP function that does either an exact match or longest prefix match in a given fib table for a given prefix returning the match if present. Add API test. Type: improvement Signed-off-by: Christian Hopps <chopps@labn.net> Change-ID: I67ec5a61079f4acf1349a9c646185f91f5f11806
2020-05-05gso: add support for IP-IPMohsin Kazmi1-6/+199
Type: feature Change-Id: I37752af8496e0042a1da91124f3d94216b39ff11 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-05-04fib: midchain adjacency optimisationsNeale Ranns1-2/+3
Type: improvement - inline some common encap fixup functions into the midchain rewrite node so we don't incur the cost of the virtual function call - change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header - add adj-midchain-tx to multiarch sources - don't run adj-midchain-tx as a feature, instead put this node as the adj's next and at the end of the feature arc. - cache the feature arc config index (to save the cache miss going to fetch it) - don't check if features are enabled when taking the arc (since we know they are) the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc) for IPSec: - don't run esp_encrypt as a feature, instead when required insert this node into the adj's next and into the end of the feature arc. this implies that encrypt is always 'the last feature' run, which is symmetric with decrypt always being the first. - esp_encrpyt for tunnels has adj-midchain-tx as next node Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7 Signed-off-by: Neale Ranns <nranns@cisco.com>