Age | Commit message (Collapse) | Author | Files | Lines |
|
Currently, when IPFIX records generation is enabled for an interface in
the TX direction, some rewritten traffic is being sent from that
interface, and the Ethernet header's location has changed due to
rewriting, generated TX flows will contain fields with wrong and zero
values. For example, that can be observed when traffic is rewritten from
a subinterface to a hardware interface (i.e. when tags are removed). A
TX flow generated in this case will have wrong L2 fields because of an
incorrectly located Ethernet header. And zero L3/L4 fields because the
Ethernet type will match neither IP4 nor IP6.
The same code is executed to generate flows for both input and output
features. And the same mechanism is applied to identify the Ethernet
header in the buffer's data. However, such general code usually works
with the buffer's data conditionally based on the direction. For most
input features, the buffer's current_data will likely point to the IP
header. For most output features, the buffer's current_data will likely
point to the Ethernet header.
With this fix:
- Keep relying on ethernet_buffer_get_header() to locate the Ethernet
header for input features. And start using vlib_buffer_get_current()
to locate the Ethernet header for output features. The function will
account for the Ethernet header's position change in the buffer's
data if there is rewriting.
- After fixing Ethernet header determination in the buffer's data,
L3/L4 fields will contain non-zero but still incorrect data. That is
because IP header determination needs to be fixed too. It currently
relies on the fact that the Ethernet header is always located at the
beginning of the buffer's data and that l2_hdr_sz can be used as an
IP header offset. However, this may not be the case after rewriting.
So start calculating the actual offset of the IP header in the
buffer's data.
- Add a unit test to cover the case.
Type: fix
Change-Id: Icf3f9e6518912d06dff0d5aa48e103b3dc94edb7
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: test
Change-Id: I1910f3ef79e9018aee032daca0f1932eccb7b9f9
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
- test_http_static.py: If namespace creation fails, try to delete the namespace and create it again
- vpp_qemu_utils.py: Added "isinstance()" to "delete_namespace()" to match "create_namespace()"
Type: test
Change-Id: I88ff7a36f5d52816fee16283efba6af025496491
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Type: test
Change-Id: Ief0c0e13a2c19a03b48219d9a0d85256fb0c9dbe
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Type: test
Change-Id: I77f119ac982170627484d792dc456753c9847af8
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
As a result of recent fixes, all currently stored flows of an interface
are deleted when the feature is being disabled for the interface. This
includes stopping the timer and freeing the flow entries for further
reuse. The problem is that meta information is not cleared in the flow
entries being deleted. For example, packet delta count will keep its
value. The next flow that gets one of these pool entries will already
have a non-zero packet count. So the counting of packets will start from
a non-zero value. And incorrect packet delta count will be exported for
that flow.
With this fix, clear meta information too when clearing interface state.
Also, update the corresponding test to cover this case.
Type: fix
Change-Id: I9a73b3958adfd1676e66b0ed50f1478920671cca
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Allow settings default values explicitly in positive_int_or_default and
positive_float_or_default.
It allows setting setting default 0 test retries explicitly despite it
being not positive.
Type: improvement
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: Id23a9fdae0ef174eea8992c1f9fc2530aade6194
|
|
- Make framework.py classes a subset of asfframework.py classes
- Remove all packet related code from asfframework.py
- Add test class and test case set up debug output to log
- Repatriate packet tests from asf to test directory
- Remove non-packet related code from framework.py and
inherit them from asfframework.py classes
- Clean up unused import variables
- Re-enable BFD tests on Ubuntu 22.04 and fix
intermittent test failures in echo_looped_back
testcases (where # control packets verified but
not guaranteed to be received during test)
- Re-enable Wireguard tests on Ubuntu 22.04 and fix
intermittent test failures in handshake ratelimiting
testcases and event testcase
- Run Wiregard testcase suites solo
- Improve debug output in log.txt
- Increase VCL/LDP post sleep timeout to allow iperf server
to finish cleanly.
- Fix pcap history files to be sorted by suite and testcase
and ensure order/timestamp is correct based on creation
in the testcase.
- Decode pcap files for each suite and testcase for all
errors or if configured via comandline option / env var
- Improve vpp corefile detection to allow complete corefile
generation
- Disable vm vpp interfaces testcases on debian11
- Clean up failed unittest dir when retrying failed testcases
and unify testname directory and failed linknames into
framwork functions
Type: test
Change-Id: I0764f79ea5bb639d278bf635ed2408d4d5220e1e
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: test
Change-Id: I1883b50f67890aefb28ca0ca7447f4e73c574d26
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
- Use of well known UDP port numbers causes random
failure of mdata and bufmon tests
Type: test
Change-Id: I21a01c54e5f166aea101d3caace85b53f3f7285d
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: test
Change-Id: I5fddb293f1b56853613ca2823dbb6d3d887d9929
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
traffics
In this patch, IPsec related test files have been modified to send UDP-encapsulated
ESP packets,and validate against Inbound and Outbound policies that are configured
with Bypass, Discard and Protect action.
Type: test
Change-Id: I4b8da18270fd177868223bfe1389dc9c50e86cc5
Signed-off-by: vinay Tripathi <vinayx.tripathi@intel.com>
|
|
Type: test
Change-Id: I5a2d1b2c92f2bb7c45a7b5e025584d9417487840
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Coverage increased from 21% to 80%
Type: test
Change-Id: Ic8ecc620cef738d7dbe4c259f58a373ac155a588
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Type: improvement
Since RFC4303 does not specify the anti-replay window size, VPP should
support multiple window size. It is done through a clib_bitmap.
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I3dfe30efd20018e345418bef298ec7cec19b1cfc
|
|
Currently, TCP flags of a flow entry don't get reset once the flow is
exported (unlike other meta information about a flow - packet delta
count and octet delta count). So TCP flags are accumulated as long as
the flow is active. When the flow expires, it is exported the last time,
and its pool entry is freed for further reuse. The next flow that gets
this pool entry will already have non-zero TCP flags. If it's a TCP
flow, the flags will keep being accumulated. This might look fine when
exported. If it's a non-TCP flow, that will definitely look erroneous.
With this fix, reset TCP flags once the flow is exported. Also, cover
the reuse case with tests.
Type: fix
Change-Id: I5f8560afffcfe107909117d3d063e8a69793437e
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: test
Change-Id: I8665492c2f7755901a428aacdb27e98329ff557a
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Coverage increased from 35% to 94%
Type: test
Change-Id: I9a54a58bf53b29a771a93ce03998e95fbcd518eb
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Coverage increased from 54% to 92%
Type: test
Change-Id: Ibb26f2b8989c5bb2826190c961bffe2c21c3f9a2
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Type: improvement
If an interface address is added, the glean adjacency for it's covering
prefix is updated with that address. In the case of multiple addresses
within the same prefix being added, the most recently added one will end
up being used as the sender protocol address for ARP requests.
Similar behavior occurs when an interface address is deleted. The glean
adjacency is updated to some appropriate entry under it's covering
prefix. If there were multiple interface addresses configured, we may
update the address on the adjacency even though the address currently in
use is not the one being deleted.
Add a new value PROVIDES_GLEAN to fib_entry_src_flag_t. The flag
identifies whether a source interface entry is being used as the address
for the glean adjacency for the covering prefix.
Update logic so that the glean is only updated on adding an interface
address if there is not already a sibling entry in use which has the
flag set. Also, only update the glean on deleting an interface address
if the address being deleted has the flag set.
Also update unit test which validates expected behavior in the case
where multiple addresses within a prefix are configured on an interface.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I7d918b8dd703735b20ec76e0a60af6d7e571b766
|
|
Type: test
Change-Id: I30dfaed684e1f808089bb8eb301486434425ccd7
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Type: test
Change-Id: I96ec8b4347210672bc587407ab2fd0f0305ea486
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Currently, when L2 and L4 recording is enabled on the L2 datapath, the
L2 template will contain L4 fields and L2 flows will be exported with
those fields always set to zero.
With this fix, when L4 recording is enabled, add L4 fields to templates
other than the L2 template (i.e. to the IP4, IP6, L2_IP4, and L2_IP6
templates). And export L2 flows without L4 fields. Also, cover that case
in the tests.
Type: fix
Change-Id: Id5ed8b99af5634fb9d5c6e695203344782fdac01
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Using the source address selection algorithm to determine the best source
of an NS for address resolution risks incompatible behavior.
It may choose a source address that is off-link to the other host.
Which may drop it.
A safer approach is to always use the link-local address as the SA.
It's recommended to pick a source that an application will later use,
as VPP is mostly a router, that rarely applies. And regardlessly we have
no mechanism to signal from an application that triggered address resolutiuon
what source address it intends to use.
Type: fix
Change-Id: I3c5de66e41505f3682767706ef1195a20e4f0e54
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
When IPFIX flow record generation is enabled on an interface and the
active timer is set, flows will be saved and then exported according to
the active and passive timers. If then disable the feature on the
interface, the flow entries currently saved will remain in the state
tables. They will gradually expire and be exported. The problem is that
the template for them has already been removed. And they will be sent
with zero template ID which will make them unreadable.
A similar problem will occur if feature settings are "changed" on the
interface - i.e. disable the feature and re-enable it with different
settings (e.g. set a different datapath). The remaining flows that
correspond to the previous feature settings will be eventually sent
either with zero template ID or with template ID that corresponds to the
current feature settings on the interface (and look like garbage data).
With this fix, flush the current buffers before template removal and
clear the remaining flows of the interface during feature disabling.
Type: fix
Change-Id: I1e57db06adfdd3a02fed1a6a89b5418f85a35e16
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
This prevents ipfix flood with the repeating events and allows
to enable nat64 max_session and max_bibs events. Also fix wrong
endian for det44 and nat64 ipfix tests, now should be fine with
extended tests enabled.
Max session per user event @ nat44-ei requires more precise rate
limiter per user address, probably with sparse vec, not handled.
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ib20cc1ee3f81e7acc88a415fe83b4e2deae2a836
|
|
Support rewriting the inner packet for ICMP6 error messages.
Type: feature
Change-Id: I7e11f53626037075a23310f1cb7e673b0cb52843
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
When MAC address changes for an interface, address change callbacks are
executed for it. In turn adjacencies register a callback for MAC address
changes to be able to update their rewrite strings accordingly.
Subinterfaces inherit MAC address from the parent interface. When MAC
address of the parent interface changes, it also implies MAC address
change for its subinterfaces. The problem is that this is currently not
considered when address change callbacks are executed. After MAC address
change on the parent interface, packets sent from subinterfaces might
have wrong source MAC address as the result of stale adjacencies. For
example, ARP messages might be sent with the wrong (previous) MAC
address and address resolution will fail.
With this fix, when address change callbacks are executed for an
interface, they will be also executed for its subinterfaces. And
adjacencies will be able to update accordingly.
Type: fix
Change-Id: I87349698c10b9c3a31a28c0287e6dc711d9413a2
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Currently, L2 flows are exported using L2_IP6 template if L3 or L4
recording is enabled on L2 datapath. That occurs because during feature
enable, L2 template is added and its ID is not saved immediately. Then
L2_IP4 and L2_IP6 templates are added overwriting "template_id" each
time. And in the end, the current value of "template_id" is saved for L2
template. The problem is that "template_id" at that point contains the
ID of L2_IP6 template.
With this fix, save the template ID immediately after adding a template
for all variants (datapaths). Also, cover the case with a test.
Type: fix
Change-Id: Id27288043b3b8f0e89e77f45ae9a01fa7439e20e
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: feature
this patch adds a hash config field to cnat translation
to use it in load balancing instead of always using default one
Change-Id: I5b79642ca8b365b5dcc06664f6c100a9d3830a29
Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
|
|
When custom-packaging the VPP artifacts, it can be useful to exclude
some of the core plugins from packaging/testing, for some reasons.
A removal of a plugin(s) from the worktree needs to be tracked as
a separate change, and thus is tricky from the maintenance
point of view.
This change adds the ability to "pretend they do not exist" -
plugins which are added to the comma-separated environment
variable "VPP_EXCLUDED_PLUGINS" will not be added to the build
process and not packaged.
The tests do not have the 1:1 relationship as plugins,
so they might need to be modified separately. This change
includes some of these modifications as an example.
Type: feature
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Id31562d00a01ced1acbb4996a633517cbd6f09d8
|
|
Type: improvement
Change-Id: I02846a2420637470cb0f9472c86471b6a3421a75
Signed-off-by: NikitaSkrynnik <nikita.skrynnik@xored.com>
|
|
Change-Id: I4c3144794dd0bd7de6150929e53f6d305c496b17
Type: fix
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I7b0c2c2dec5e867970599b8f2f2da17f2ff0b17c
|
|
pretty=on|off has been removed from qemu and its presence
causes VM boot up issues.
Type: fix
Change-Id: I4a9f15dba5015e81fbd32278b1c74b2606c32c8f
Signed-off-by: Naveen Joy <najoy@cisco.com>
|
|
Setting session limit should return error for unknown fib.
Optimize max_translations_per_fib expanding and drop unnecessary
trailing fib entry.
Type: fix
Change-Id: Ie7d2b363ade48f53598faa617a49cce7b2db6400
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
|
|
Session state cannot be updated after async notification event is
generated for app. Instead, make sure quic sessions that accept new
streams are switched to listening state only on accept.
Type: fix
Fixes: 0242d30
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9663ccadbea99d555ad49e871f7dff897239dc84
|
|
Use client address hash to pick the first outside address
instead of just address high octet, becasue it may denegerate
into stable 10/172/192, depending on nat address count.
Fix outside address distribution test to acually test the
distribution, not the algo, so previous distribution will
fail with 65 nat addresses and 100 clients:
FAIL: Outside address distribution based on source address
Traceback (most recent call last):
File ".../test/test_nat44_ed.py", line 2048, in test_outside_address_distribution
msg="Bad outside address distribution")
AssertionError: 156.25 not less than 0.33 : Bad outside address distribution
Type: improvement
Change-Id: I604b1294422f20d211db5614c47559557a78a193
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
|
|
Plugin is still in experimental state. No reason why it needs
to be default enabled.
Type: fix
Change-Id: Ibf1810215d4c8079a068bfc60aa7dd49306ee4e4
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
Applied the checksum delta to the source address instead of the destination address
in the RX direction.
Cleaned up tests a little.
Type: fix
Change-Id: I871f3448365587e5319dfbca6ea356935321ff9b
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
In order to be able to filter on encapsulated packet, a new node
has been added to the ip4/6-unicast arcs.
Type: feature
Change-Id: I1e8ee05bc6d0fce20cadd8319c81bab260c17d21
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
Upon test teardown, MAP features were not disabled, potentially
leading packets to be treated by the wrong node.
Type: test
Change-Id: I0c1c614318d1308f825c5cc0bf95688e92f6d00a
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
This is the initial commit of a NPTv6 (RFC6296) implementation for VPP.
It's restricted to a single internal to external binding and runs
as an output/input feature on the egress interface.
Type: feature
Change-Id: I0e3497af97f1ebd99377b84dbf599ecea935ca24
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
Type: improvement
Change-Id: Icf8a5dc711e1e11ec919b515d7af2f487a1c04c2
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
- Package update performed by
1. updating pip, pip-tools, setuptools
2. 'make test-refresh-deps' on ubuntu 22.04
3. fixing 'make test' and 'make docs' issues
on ubuntu 22.04
4. 'make test-refresh-deps' on ubuntu 20.04
- Add dependency for 'make test-refresh-deps'
to insure python venv is set up.
- Update of python formatter, black,
caused reformating of 41 python code
files.
Type: make
Change-Id: I7cafdf4b5189065ac57cb6b254937f6e0897a924
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
- Remove test code & non-vpp code from coverage report
- Remove driver/hardware vpp code which cannot be tested
in 'make test' from coverage report
Type: fix
Change-Id: I04b50c14bc3437b845f2afafae47297189e61e3f
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: fix
Change-Id: I3c663babe4f32f5d2870265336b5d272cc029ce7
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: improvement
Change-Id: I830f7a2ea3ac0aff5185698b9fa7a278c45116b0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: test
Change-Id: I6edc8858b802d3d32159d71c1e867a06cc1025d5
Signed-off-by: Naveen Joy <najoy@cisco.com>
|
|
Before this fix, the src_ip_sticky flag was passed as an argument to
the lb_node_get_hash function, which computes a hash value for a packet.
However, in per-port-vip case, the value of src_ip_sticky flag may be
different for each port number. As a result, the value is the same for
all port numbers, even though it is a per-port-vip case.
This commit fixes the src_ip_sticky evaluation by delaying it until the
packet is received, so that the correct value is obtained. Also, the
unit test case has been enhanced for this bug fix.
The steps to reproduce this bug are described below:
https://lists.fd.io/g/vpp-dev/message/23248
Type: fix
Fixes: 613e6dc0bf92 ("lb: add source ip based sticky load balancing")
Change-Id: I483492b214a1768e7a21fd86edd5151b3c46528b
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
|
|
There is an API call to change neighbor database configuration (i.e.
limit on peer number, aging, and recycling). With this change, make
getting current values of these settings available via the API.
Type: improvement
Change-Id: Ie9394e086b68cf9b28ad98dea162f203f8043cbb
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|