after deleting a sub interface it's l2fib entries are left with a dangling
sw_if_index (while waiting for the ager to delete them).
changed "show l2fib" to reflect that state with "Deleted" as the interface name.
added sleep in test_l2_fib as a workaround for packets still passing after flush
will investigate...
Change-Id: Id998d7d3c6a073ef5005c5f3009e1cfb7febf7db
Signed-off-by: Eyal Bari <ebari@cisco.com>
Introduce faulthandler to print stack trace to stderr on python crash.
Don't disable automatic garbage collection to decrease the chances of
running out of memory.
Change-Id: I6927a5f6ea9569735d084d4ed3d258950a400d74
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I67839281623721bf42f0a918a53356143d9dc78a
Signed-off-by: Ole Troan <ot@cisco.com>
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
flush tests will now enable learning on the bridge, and send broadcast packets
to add dynamic entries to the l2_fib. it will then disable learning, flush, and
will verify packets are not forwarded to flushed "hosts".
Change-Id: Ie6f123e59f6c89af511bdc5a02dd199420c424e9
Signed-off-by: Eyal Bari <ebari@cisco.com>
These tests attempt to flush static entries from a bridge-domain that has no aging configured. for both reasons it will fail.
The fact thtat they occationally pass is due to the fact that the assert_nothing_cpatured does not actually capture packets, so it misses the fact that there are some.
Change-Id: Ie5c98a42944e29a3d482156f7e9246511380372f
Signed-off-by: Neale Ranns <nranns@cisco.com>
Check whether an ARP src hw addr starts with 00:00:5e:00:01
before rejecting due to a mismatch between ARP src hw addr
and ethernet frame src addr.
Change-Id: Ia3ecd5d6dba34876aca8d90bc622a0a1397e48fb
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
learn ARP peers if, 1) it's a reply to a local address, 2) we are sending a response to a request.
send proxy ARP responses only in the interface the request was sent.
Change-Id: I22b949c65122824233076492b7dd537daca07bc2
Signed-off-by: Neale Ranns <nranns@cisco.com>
Fix a logic error related to timing out of the connections
following the active one. To avoid this class of issue in
the future, create corresponding testcases, as well as some
trivial sanity testcases for both IPv4 and IPv6.
Since these tests are timing-dependent and take up time,
mark them as extended tests.
Change-Id: I2c72bad5efda7db8aa9cb05801fe47928dc47927
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Instead, drop the BFD session associated with it..
Change-Id: Ie09877d5c94844be2e833900d9dde7f23edaf8cd
Signed-off-by: Klement Sekera <ksekera@cisco.com>
- the flow hash config is (and was) cached on the load-balance object so the fib_table_t struct is not used a switch time. Therefore changes to the table's flow hash config need to be propagated to all load-balances and hance all FIB entries in the table.
- enable API for setting the IPv6 table flow hash config
- use only the hash config in the fib_table_t object and not on the ipX_fib_t
- add tests.
Change-Id: Ib804c11162c6d4972c764957562c372f663e05d4
Signed-off-by: Neale Ranns <nranns@cisco.com>
- only build them for popular path-lists (where popular means more than 64 children)
the reason to have a map is to improve convergence speed for recursive prefixes - if there are only a few this technique is not needed
- only build them when there is at least one path that has recursive constraints, i.e. a path that can 'fail' in a PIC scenario.
- Use the MAPS in the switch path.
- PIC test cases for functionality (not convergence performance)
Change-Id: I70705444c8469d22b07ae34be82cfb6a01358e10
Signed-off-by: Neale Ranns <nranns@cisco.com>
Allow using custom python interpreter via 'PYTHON' env variable.
E.g. env PYTHON=pypy make test.
Get latest pip automatically to properly function in environments,
where old pip is available and a proxy is required. This allows
testing pypy in a centos vagrant-provided vm.
Change-Id: I67a658fc927303468cc67f0ac192317ca2907625
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
This code improvement allows running in pypy (and other interpreters)
without exhausting file descriptors.
Change-Id: Icb692a0fe1343c12cbbb15af6c58753420e74330
Signed-off-by: Klement Sekera <ksekera@cisco.com>
add API and CLI configuration of deterministic NAT session timeout for TCP, UDP
and ICMP protocol
Change-Id: I577440452e7eaedcb5d80501a7fd4b76e31e8c9c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Add code which checks if vpp doesn't crash/exit immediately after
startup to aid debugging stuff like mistyped graph node name or so.
Refuse to run tests if the vpp is unable to start, complain loudly
and print vpp's stderr at critical log level if this happens to make
spotting these problems in jenkins easy.
Change-Id: I40d3fbd05c822c0534713bae6bef05ecfb0e0c1d
Signed-off-by: Klement Sekera <ksekera@cisco.com>
1 - interface-DPO
Used in the Data-plane to change a packet's input interface
2 - MPLS multicast FIB entry
Same as a unicast entry but it links to a replicate not a load-balance DPO
3 - Multicast MPLS tunnel
Update MPLS tunnels to use a FIB path-list to describe the endpoint[s]. Use the path-list to generate the forwarding chain (DPOs) to link to .
4 - Resolve a path via a local label (of an mLDP LSP)
For IP multicast entries to use an LSP in the replication list, we need to decribe the 'resolve-via-label' where the label is that of a multicast LSP.
5 - MPLS disposition path sets RPF-ID
For a interface-less LSP (i.e. mLDP not RSVP-TE) at the tail of the LSP we still need to perform an RPF check. An MPLS disposition DPO performs the MPLS pop validation checks and sets the RPF-ID in the packet.
6 - RPF check with per-entry RPF-ID
An RPF-ID is used instead of a real interface SW if index in the case the IP traffic arrives from an LSP that does not have an associated interface.
Change-Id: Ib92e177be919147bafeb599729abf3d1abc2f4b3
Signed-off-by: Neale Ranns <nranns@cisco.com>
This fixes the previously-implicit "drop all non-first fragments" behavior
to be more in line with security rules: a non-first fragment is treated
for the purposes of matching the ACL as a packet with the port
match succeeding. This allows to change the behavior to permit
the fragmented packets for the default "permit specific rules"
ruleset, but also gives the flexibility to block the non-initial
fragments by inserting into the begining a bogus rule
which would deny the L4 traffic.
Also, add a knob which allows to potentially turn this behavior off
in case of a dire need (and revert to dropping all non-initial fragments),
via a debug CLI.
Change-Id: I546b372b65ff2157d9c68b1d32f9e644f1dd71b4
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 9fc0c26c6b28fd6c8b8142ea52f52eafa7e8c7ac)
- single-hop BFD: attach a delegate to the appropriate adjacency
- multi-hop BFD [not supported yet]: attach a delegate to the FIB entry.
adjacency/fib_entry state tracks the BFD session state. when the state is down the object does not contribute forwarding hence and hence dependent objects will not use it.
For example, if a route is ECMP via two adjacencies and one of them is BFD down, then only the other is used to forward (i.e. we don't drop half the traffic).
Change-Id: I0ef53e20e73b067001a132cd0a3045408811a822
Signed-off-by: Neale Ranns <nranns@cisco.com>
Refactors the GRE node to work with both IPv4 and IPv6 transports.
Note that this changes the binary configuration API to support both
address families; each address uses the same memory for either
address type and a flag to indicate which is in use.
The CLI and VAT syntax remains unchanged; the code detects whether
an IPv4 or an IPv6 address was given.
Configuration examples:
IPv4 CLI: create gre tunnel src 192.168.1.1 dst 192.168.1.2
IPv6 CLI: create gre tunnel src 2620:124:9000::1 dst 2620:124:9000::2
IPv4 VAT: gre_add_del_tunnel src 192.168.1.1 dst 192.168.1.2
IPv6 VAT: gre_add_del_tunnel src 2620:124:9000::1 dst 2620:124:9000::2
Change-Id: Ica8ee775dc101047fb8cd41617ddc8fafc2741b0
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
