28 Commits

Author SHA1 Message Date
Dave Wallace
8800f732f8 tests: refactor asf framework code
- Make framework.py classes a subset of asfframework.py classes
- Remove all packet related code from asfframework.py
- Add test class and test case set up debug output to log
- Repatriate packet tests from asf to test directory
- Remove non-packet related code from framework.py and
  inherit them from asfframework.py classes
- Clean up unused import variables
- Re-enable BFD tests on Ubuntu 22.04 and fix
  intermittent test failures in echo_looped_back
  testcases (where # control packets verified but
  not guaranteed to be received during test)
- Re-enable Wireguard tests on Ubuntu 22.04 and fix
  intermittent test failures in handshake ratelimiting
  testcases and event testcase
- Run Wiregard testcase suites solo
- Improve debug output in log.txt
- Increase VCL/LDP post sleep timeout to allow iperf server
  to finish cleanly.
- Fix pcap history files to be sorted by suite and testcase
  and ensure order/timestamp is correct based on creation
  in the testcase.
- Decode pcap files for each suite and testcase for all
  errors or if configured via comandline option / env var
- Improve vpp corefile detection to allow complete corefile
  generation
- Disable vm vpp interfaces testcases on debian11
- Clean up failed unittest dir when retrying failed testcases
  and unify testname directory and failed linknames into
  framwork functions

Type: test

Change-Id: I0764f79ea5bb639d278bf635ed2408d4d5220e1e
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-11-03 05:06:43 +00:00
Andrew Yourtchenko
bc37878ecb build: add ability to disable some plugins from packaging and tests
When custom-packaging the VPP artifacts, it can be useful to exclude
some of the core plugins from packaging/testing, for some reasons.
A removal of a plugin(s) from the worktree needs to be tracked as
a separate change, and thus is tricky from the maintenance
point of view.

This change adds the ability to "pretend they do not exist" -
plugins which are added to the comma-separated environment
variable "VPP_EXCLUDED_PLUGINS" will not be added to the build
process and not packaged.

The tests do not have the 1:1 relationship as plugins,
so they might need to be modified separately. This change
includes some of these modifications as an example.

Type: feature
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Id31562d00a01ced1acbb4996a633517cbd6f09d8
2023-10-03 13:23:25 +00:00
Laszlo Kiraly
0f8f4351b0 l2: Add bridge_domain_add_del_v2 to l2 api
https://jira.fd.io/browse/VPP-2034

Type: fix
Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech>
Change-Id: Ieb6919f958f437fc603d5e1f48cab01de780951d
2022-10-11 23:21:03 +00:00
Klement Sekera
d9b0c6fbf7 tests: replace pycodestyle with black
Drop pycodestyle for code style checking in favor of black. Black is
much faster, stable PEP8 compliant code style checker offering also
automatic formatting. It aims to be very stable and produce smallest
diffs. It's used by many small and big projects.

Running checkstyle with black takes a few seconds with a terse output.
Thus, test-checkstyle-diff is no longer necessary.

Expand scope of checkstyle to all python files in the repo, replacing
test-checkstyle with checkstyle-python.

Also, fixstyle-python is now available for automatic style formatting.

Note: python virtualenv has been consolidated in test/Makefile,
test/requirements*.txt which will eventually be moved to a central
location.  This is required to simply the automated generation of
docker executor images in the CI.

Type: improvement
Change-Id: I022a326603485f58585e879ac0f697fceefbc9c8
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-05-10 18:52:08 +00:00
Dave Wallace
eddd8e3588 tests: move test source to vpp/test
- Generate copyright year and version
  instead of using hard-coded data

Type: refactor

Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e
2021-05-13 09:33:06 +00:00
Dave Wallace
a43c93f855 tests: move plugin tests to src/plugins/*/test
- Relocate plugin tests for 'make test' into
  src/plugins/*/test so that plugin test cases
  are co-located with the plugin source code.

Type: refactor

Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I503e6a43528e14981799b735fa65674155713f67
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-08-22 15:33:59 +00:00
Andrew Yourtchenko
f995c7122b acl: implement counters
implement per-acl-number counters in the stats segment.
They are created during the ACL creation,
the counters are incremented in the dataplane using
the new inline function with the extra parameter being
the packet size. Counting in shared segment adds
a noticeable overhead, so add also an API to
turn the counters on.

Type: feature

Change-Id: I8af7b0c31a3d986b68089eb52452aed45df66c7b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-07-24 18:16:41 +00:00
Paul Vinciguerra
90cf21b5d8 Tests: Refactor tearDown show command logging, add lifecycle markers.
This change adds a consistent interface for adding test-specific show commands to
log.txt.

It also adds log markers for the execution of setUp[Class], tearDown[Class]
in the logs.

Change-Id: I7d42e396e594a59e866a7d55dac0af25548e657a
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-04-11 07:23:11 +00:00
Paul Vinciguerra
7f9b7f9f49 Tests Cleanup: Fix missing calls to setUpClass/tearDownClass.
Continuation/Part 2 of https://gerrit.fd.io/r/#/c/17092/

Change-Id: Id0122d84eaf2c05d29e5be63a594d5e528ee7c9a
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-04-10 14:37:40 +00:00
Ole Troan
a5b2eec053 vpp_papi_provider: Remove more wrapper functions.
Split this work up into pieces.
Please don't add new wrappers to vpp_papi_provider.py.

Change-Id: I0f8f2afc4cd2bba07ea70ddecea2d7319f7b2e10
Signed-off-by: Ole Troan <ot@cisco.com>
2019-03-11 21:57:19 +00:00
Paul Vinciguerra
eaea421e1f Tests: Refactor payload_to_info()
All callers of payload_to_info were required to wrap payload with str().
Refactor to call scapy's payload.load for raw payloads or specify the
specific fieldname.

Change-Id: I1c80599d4df8dc129dbb8274733afaad406d5bcf
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-03-07 22:29:44 +00:00
Paul Vinciguerra
4a4cea02ef VPP-1508: test_acl_plugin vapi changes for Python3.
Change-Id: I0863cefa523a6d7c11e48649b03f058130e5a4ee
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-03-07 22:28:29 +00:00
Andrew Yourtchenko
c1f87942da acl-plugin: use the L2 feature arc infrastructure instead of L2 classifier for plumbing
This makes ACL plugin use the new feature arcs, which slightly increases performance.

Since for ethertype whitelisting we were using the L2 classifier, to retain
the functionality, make a simple node doing that, and plug it into non-ip
L2 feature arc whenever needed.

Change-Id: I3add377a6c790117dd3fd056e5615cb4c4438cf4
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-10-20 15:15:45 +00:00
Andrew Yourtchenko
7ff7453af3 acl-plugin: make each test in test_acl_plugin runnable separately
And improve the robustness of the ethertype whitelist test coverage

Change-Id: I64fe3a25208dbc619ae5cd6404f6122e69394a38
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-10-14 10:49:57 +00:00
Klement Sekera
beaded5e0c make test: fix broken interfaces #2
Change-Id: I9d5b5d925fd2c09a1113fc51e433a16d729a241b
Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-06-25 13:19:26 +02:00
Chris Luke
d042194b4b test: Fix issues with new version of pycodestyle (VPP-1232)
- Ignore warnings W504 (newline after binary operator) which otherwise
  occurs a significant number of times.
- Fix two instances of lines >79 chars.

Change-Id: I8cef56f8afc237187995e638e610c8c0554e2bb5
Signed-off-by: Chris Luke <chrisy@flirble.org>
2018-04-10 19:21:59 +00:00
Andrew Yourtchenko
de3682f510 acl-plugin: make test: add a test which deletes an interface with applied ACL
There was no test coverage for a scenario of an interface having an
ACL and that interface being deleted. Add a basic sanity test which
applies an ACL to an interface and then deletes that interface.

Change-Id: Ib6462e02cf69f1173125ac2481c608f68eb389ac
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-23 11:06:02 +00:00
Andrew Yourtchenko
c43b3f9864 acl-plugin: add whitelisted ethertype mode (VPP-1163)
Currently, ACL plugin largely does not care about the
ethertypes other than 0x0800 (IPv4) and 0x86dd (IPv6),
the only exception being 0x0806 (ARP), which is
dealt with by the MACIP ACLs.

The other ethertypes in L2 mode are just let through.

This adds a new API message acl_interface_set_etype_whitelist,
which allows to flip the mode of a given interface
into "ethertype whitelist mode": the caller of this message
must supply the two lists (inbound and outbound) of the ethertypes
that are to be permitted, the rest of the ethertypes are
dropped.

The whitelisting for a given interface and direction takes
effect only when a policy ACL is also applied.

This operates on the same classifier node as the one used for
dispatching the policy ACL, thus, if one wishes for most of the
reasonable IPv4 deployments to continue to operate within
the whitelist mode, they must permit ARP ethertype (0x0806)

The empty list for a given direction resets the processing
to allow the unknown ethertypes. So, if one wants to just
permit the IPv4 and IPv6 and nothing else, one can add
their ethertypes to the whitelist.

Add the "show acl-plugin interface" corresponding outputs
about the whitelists, vat command, and unittests.

Change-Id: I4659978c801f36d554b6615e56e424b77876662c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-02-08 15:51:46 +00:00
Jon Loeliger
27cadd23b6 ACLs: Use better error return codes than "-1" everywhere.
Added two new errors:
    ACL_IN_USE_INBOUND
    ACL_IN_USE_OUTBOUND

Update ACL tests to expect new, precise return values.

Change-Id: I644861a18aa5b70cce5f451dd6655641160c7697
Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-11-11 19:06:46 +00:00
Klement Sekera
6a6f4f7fe7 make test: automatically seed random generator
Change-Id: I286b61d41cc2b557de3eb8801ff95c643f680acd
Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-11-10 20:23:18 +00:00
Ole Troan
895b6e8b44 VPP-1033: Python API support arbitrary sized input parameters.
Dynamically calculate the required buffer size to pack into based on
message definition. Also add input parameter length checking.

Change-Id: I7633bec596e4833bb328fbf63a65b866c7985de5
Signed-off-by: Ole Troan <ot@cisco.com>
2017-10-25 17:16:56 +00:00
Andrew Yourtchenko
987abe9eeb acl-plugin: take 2 at VPP-991 fix, this time with a test case which verifies it.
The replacement of [] with pool_elt_at_index and subsequent fixing it
was incorrect - it was equivalent to &[], since it returns a pointer to
the element. I've added VPP-993 previously to create a testcase,
so this commit partially fulfills that one as well.

Change-Id: I5b15e3ce48316f0429232aacf885e8f7c63d9522
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-09-27 16:07:20 +00:00
Andrew Yourtchenko
51d2651e4a acl-plugin: test: move the API calls to vpp_papi_provider.py
Change-Id: I1d3818027b8a1fcb1ec12016e3476b5c22a2d5a5
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-09-26 07:49:08 +00:00
Andrew Yourtchenko
6be72cd89a acl-plugin: match index set to first portrange element if non-first portrange matches on the same hash key (VPP-937)
Multiple portranges that land on the same hash key will always report the match
on the first portrange - even when the subsequent portranges have matched.
Test escape, so make a corresponding test case and fix the code so it passes.

(the commit on stable/1707 has erroneously mentioned VPP-938 jira ticket)

Change-Id: Idbeb8a122252ead2468f5f9dbaf72cf0e8bb78f1
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit fb088f0a201270e949469c915c529d75ad13353e)
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-09-07 11:33:06 +00:00
Andrew Yourtchenko
7f4d577d6b acl-plugin: bihash-based ACL lookup
Add a bihash-based ACL lookup mechanism and make it a new default.
This changes the time required to lookup a 5-tuple match
from O(total_N_entries) to O(total_N_mask_types), where
"mask type" is an overall mask on the 5-tuple required
to represent an ACE.

For testing/comparison there is a temporary debug CLI
"set acl-plugin use-hash-acl-matching {0|1}", which,
when set to 0, makes the plugin use the "old" linear lookup,
and when set to 1, makes it use the hash-based lookup.

Based on the discussions on vpp-dev mailing list,
prevent assigning the ACL index to an interface,
when the ACL with that index is not defined,
also prevent deleting an ACL if that ACL is applied.

Also, for the easier debugging of the state, there are
new debug CLI commands to see the ACL plugin state at
several layers:

"show acl-plugin acl [index N]" - show a high-level
ACL representation, used for the linear lookup and
as a base for building the hashtable-based lookup.
Also shows if a given ACL is applied somewhere.

"show acl-plugin interface [sw_if_index N]" - show
which interfaces have which ACL(s) applied.

"show acl-plugin tables" - a lower-level debug command
used to see the state of all of the related data structures
at once. There are specifiers possible, which make
for a more focused and maybe augmented output:

"show acl-plugin tables acl [index N]"
show the "bitmask-ready" representations of the ACLs,
we well as the mask types and their associated indices.

"show acl-plutin tables mask"
show the derived mask types and their indices only.

"show acl-plugin tables applied [sw_if_index N]"
show the table of all of the ACEs applied for a given
sw_if_index or all interfaces.

"show acl-plugin tables hash [verbose N]"
show the 48x8 bihash used for the ACL lookup.

Change-Id: I89fff051424cb44bcb189e3cee04c1b8f76efc28
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-19 11:56:10 +00:00
Pavel Kotucek
e7b6734bc9 ACL-plugin does not match UDP next-header, VPP-687
Change-Id: Ide4f9bd6158fb64d069540fb43f4e593e39d6ff3
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-04-18 19:35:59 +00:00
Andrew Yourtchenko
d1b0564742 acl-plugin: make the IPv4/IPv6 non-first fragment handling in line with ACL (VPP-682)
This fixes the previously-implicit "drop all non-first fragments" behavior
to be more in line with security rules: a non-first fragment is treated
for the purposes of matching the ACL as a packet with the port
match succeeding. This allows to change the behavior to permit
the fragmented packets for the default "permit specific rules"
ruleset, but also gives the flexibility to block the non-initial
fragments by inserting into the begining a bogus rule
which would deny the L4 traffic.

Also, add a knob which allows to potentially turn this behavior off
in case of a dire need (and revert to dropping all non-initial fragments),
via a debug CLI.

Change-Id: I546b372b65ff2157d9c68b1d32f9e644f1dd71b4
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 9fc0c26c6b28fd6c8b8142ea52f52eafa7e8c7ac)
2017-04-06 15:30:21 +00:00
Pavel Kotucek
59dda065bb ACL plugin rejects ICMP messages (VPP-624)
Change-Id: I95113a277b94cce5ff332fcf9f57ec6f385acec0
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-03-13 13:17:00 +00:00