ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
vpp/test
History
Neale Ranns 49378f206b ipsec: IPSec interface correct drop w/ no protection 
Type: improvement

When an IPSec interface is first constructed, the end node of the feature arc is not changed, which means it is interface-output.
This means that traffic directed into adjacencies on the link, that do not have protection (w/ an SA), drop like this:

...
00:00:01:111710: ip4-midchain
  tx_sw_if_index 4 dpo-idx 24 : ipv4 via 0.0.0.0 ipsec0: mtu:9000 next:6 flags:[]
  stacked-on:
    [@1]: dpo-drop ip4 flow hash: 0x00000000
  00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858
  00000020: 58585858585858585858585858585858585858585858585858585858
00:00:01:111829: local0-output
  ipsec0
  00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858
  00000020: 5858585858585858585858585858585858585858585858585858585858585858
  00000040: 58585858585858585858585858585858585858585858585858585858c2cf08c0
  00000060: 2a2c103cd0126bd8b03c4ec20ce2bd02dd77b3e3a4f49664
00:00:01:112017: error-drop
  rx:pg1
00:00:01:112034: drop
  local0-output: interface is down

although that's a drop, no packets should go to local0, and we want all IPvX packets to go through ipX-drop.

This change sets the interface's end-arc node to the appropriate drop node when the interface is created, and when the last protection is removed.
The resulting drop is:

...
00:00:01:111504: ip4-midchain
  tx_sw_if_index 4 dpo-idx 24 : ipv4 via 0.0.0.0 ipsec0: mtu:9000 next:0 flags:[]
  stacked-on:
    [@1]: dpo-drop ip4 flow hash: 0x00000000
  00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858
  00000020: 58585858585858585858585858585858585858585858585858585858
00:00:01:111533: ip4-drop
    ICMP: 172.16.2.2 -> 1.1.1.1
      tos 0x00, ttl 63, length 92, checksum 0xcb8c dscp CS0 ecn NON_ECN
      fragment id 0x0001
    ICMP echo_request checksum 0xecf4 id 0
00:00:01:111620: error-drop
  rx:pg1
00:00:01:111640: drop
  null-node: blackholed packets

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I7e7de23c541d9f1210a05e6984a688f1f821a155
2022-01-17 19:55:13 +00:00
..
patches
ipsec: allow registering random ports in tests
2022-01-05 08:18:03 +00:00
scapy_handlers
scripts
tests: improve the robustness of process cleanup on INT/TERM signals
2021-03-05 10:57:26 +00:00
bfd.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
cpu_config.py
tests: cpus awareness
2021-04-16 09:26:33 +00:00
debug_internal.py
debug.py
tests: fix DEBUG=attach multiple worker config
2021-09-08 11:22:45 +00:00
discover_tests.py
misc: Fix python scripts shebang line
2019-11-05 21:08:59 +00:00
framework.py
ip: reassembly: handle atomic fragments correctly
2021-12-10 08:41:00 +00:00
hook.py
tests: py2 cleanup - remove subclassing of object
2020-12-07 08:17:10 +00:00
ipfix.py
tests: py2 cleanup - remove subclassing of object
2020-12-07 08:17:10 +00:00
lisp.py
tests: py2 cleanup - remove subclassing of object
2020-12-07 08:17:10 +00:00
log.py
tests: cpus awareness
2021-04-16 09:26:33 +00:00
Makefile
tests: update python packages
2021-11-02 22:32:18 +00:00
remote_test.py
build: remove unnecessary executable bits
2021-11-02 22:26:34 +00:00
requirements-3.txt
tests docs: fix jsonschema dependency
2021-11-06 17:33:14 +00:00
requirements.txt
tests: fix missing dataclasses module in python 3.6
2021-11-09 11:17:36 +00:00
run_tests.py
tests: cpus awareness
2021-04-16 09:26:33 +00:00
sanity_import_vpp_papi.py
misc: Fix python scripts shebang line
2019-11-05 21:08:59 +00:00
sanity_run_vpp.py
tests: cpus awareness
2021-04-16 09:26:33 +00:00
template_bd.py
tests: remove py2/py3 six compatability library
2020-12-03 19:43:23 +00:00
template_classifier.py
ip: add classifier-based ACLs support on ip punt
2021-10-06 11:58:43 +00:00
template_ipsec.py
ipsec: IPSec interface correct drop w/ no protection
2022-01-17 19:55:13 +00:00
test_abf.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_acl_plugin_conns.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_acl_plugin_l2l3.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_acl_plugin_macip.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_acl_plugin.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_adl.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_api_trace.py
api: API trace improvements
2021-09-28 16:06:19 +00:00
test_arping.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_bfd.py
bfd: use vnet crypto
2021-05-21 21:06:34 +00:00
test_bier.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_bihash.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_bond.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_buffers.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_cdp.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_classifier_ip6.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_classifier.py
ip: add classifier-based ACLs support on ip punt
2021-10-06 11:58:43 +00:00
test_classify_l2_acl.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_cli.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_cnat.py
vlib: add virtual time support
2021-11-22 16:44:26 +00:00
test_container.py
ip: Protocol Independent IP Neighbors
2019-12-17 10:56:20 +00:00
test_counters.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_crypto.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_det44.py
vlib: add virtual time support
2021-11-22 16:44:26 +00:00
test_dhcp6.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_dhcp.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_dns.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_dslite.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_dvr.py
misc: deprecate gbp and its dependents
2021-11-23 13:03:36 +00:00
test_endian.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_fib.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_flowprobe.py
flowprobe: simplify test logic
2021-09-09 14:07:52 +00:00
test_geneve.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_gre.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_gro.py
gso: do not gro on small packets
2021-09-27 09:54:56 +00:00
test_gso.py
gso: add ipsec tunnel tests
2021-07-09 13:50:20 +00:00
test_gtpu.py
udp: fix severity error info
2021-10-07 15:34:31 +00:00
test_igmp.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_ikev2.py
ikev2: do not require optional IDr on IKE AUTH
2021-10-07 15:22:17 +00:00
test_interface_crud.py
tests: add interface function chaining
2019-12-04 23:16:44 +00:00
test_ip4_irb.py
ip: Protocol Independent IP Neighbors
2019-12-17 10:56:20 +00:00
test_ip4_vrf_multi_instance.py
build: remove unnecessary executable bits
2021-11-02 22:26:34 +00:00
test_ip4.py
ip: add tests for message size verification
2021-12-16 15:08:20 +00:00
test_ip6_nd_mirror_proxy.py
ip6-nd: add ip6-nd proxy
2021-09-16 07:12:13 +00:00
test_ip6_vrf_multi_instance.py
ip: unlock_fib on if delete
2021-11-23 09:03:30 +00:00
test_ip6.py
ip: fix punt for ipv6
2021-10-04 12:16:20 +02:00
test_ip_ecmp.py
ip: Protocol Independent IP Neighbors
2019-12-17 10:56:20 +00:00
test_ip_mcast.py
fib: fix the drop counter for ipv6 RPF failures
2021-10-12 16:55:08 +00:00
test_ipfix_export.py
ipfix-export: add mutliple ipfix_exporters tests
2021-11-22 09:30:09 +00:00
test_ipip.py
ipip: Support MPLS over IP
2021-01-07 15:48:43 +00:00
test_ipsec_ah.py
tests docs: upgrade python packages
2021-08-13 15:57:21 +00:00
test_ipsec_api.py
ipsec: User can choose the UDP source port
2020-05-05 18:36:33 +00:00
test_ipsec_esp.py
docs: vnet comment nitfixes
2021-10-06 12:32:20 +00:00
test_ipsec_nat.py
build: remove unnecessary executable bits
2021-11-02 22:26:34 +00:00
test_ipsec_spd_flow_cache.py
ipsec: Performance improvement of ipsec4_output_node using flow cache
2021-10-12 16:43:18 +00:00
test_ipsec_tun_if_esp.py
ipsec: IPSec interface correct drop w/ no protection
2022-01-17 19:55:13 +00:00
test_l2_fib.py
vlib: add virtual time support
2021-11-22 16:44:26 +00:00
test_l2_flood.py
tests: python3 use byte strings in raw()
2019-11-08 13:25:56 +00:00
test_l2bd_arp_term.py
ip: Protocol Independent IP Neighbors
2019-12-17 10:56:20 +00:00
test_l2bd_learnlimit_bdenabled.py
build: remove unnecessary executable bits
2021-11-02 22:26:34 +00:00
test_l2bd_learnlimit_enabled.py
build: remove unnecessary executable bits
2021-11-02 22:26:34 +00:00
test_l2bd_learnlimit.py
build: remove unnecessary executable bits
2021-11-02 22:26:34 +00:00
test_l2bd_multi_instance.py
tests: TestL2bdMultiInst - break serial dependency on tests
2019-12-23 07:33:12 +00:00
test_l2bd.py
misc: Fix python scripts shebang line
2019-11-05 21:08:59 +00:00
test_l2tp.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_l2xc_multi_instance.py
misc: Fix python scripts shebang line
2019-11-05 21:08:59 +00:00
test_l2xc.py
misc: Fix python scripts shebang line
2019-11-05 21:08:59 +00:00
test_l3xc.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_lacp.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_lb_api.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_lb.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_linux_cp.py
tests: Remove the error output from the linux-cp tests
2021-11-09 17:29:32 +00:00
test_lisp.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_mactime.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_map_br.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_map.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_memif.py
memif: memif linkstate can't become up
2021-11-09 09:54:34 +00:00
test_mpcap.py
misc: Fix python scripts shebang line
2019-11-05 21:08:59 +00:00
test_mpls.py
fib: MPLS EOS chains built for attached prefixes should link to a lookup DPO
2021-12-21 11:13:41 +00:00
test_mss_clamp.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_mtu.py
misc: Fix python scripts shebang line
2019-11-05 21:08:59 +00:00
test_nat44_ed_output.py
nat: static mappings in flow hash
2021-10-14 14:12:26 +02:00
test_nat44_ed.py
nat: change nat44-ed test pool address
2021-11-22 20:23:14 +00:00
test_nat44_ei.py
vlib: add virtual time support
2021-11-22 16:44:26 +00:00
test_nat64.py
vlib: add virtual time support
2021-11-22 16:44:26 +00:00
test_nat66.py
vlib: add virtual time support
2021-11-22 16:44:26 +00:00
test_neighbor.py
vlib: add virtual time support
2021-11-22 16:44:26 +00:00
test_node_variants.py
build: rework x86 CPU variants
2020-04-30 13:25:29 +02:00
test_offload.py
vlib: refactor checksum offload support
2021-02-15 20:32:56 +00:00
test_p2p_ethernet.py
ip-neighbor: Use ip_address_t rather than ip46_address_t
2020-11-20 10:27:01 +00:00
test_pcap.py
vlib: refactor checksum offload support
2021-02-15 20:32:56 +00:00
test_pg.py
pg: A Tunnel mode variant of a pg interface
2021-06-14 13:12:34 +00:00
test_ping.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_pipe.py
gre: set proper fib index for unnumbered interfaces, unset fib index before forwarding gre payload
2021-07-28 08:25:38 +00:00
test_pnat.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_policer_input.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_policer.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_pppoe.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_punt.py
build: remove unnecessary executable bits
2021-11-02 22:26:34 +00:00
test_qos.py
misc: Fix python scripts shebang line
2019-11-05 21:08:59 +00:00
test_quic.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_reassembly.py
ip: reassembly: drop zero length fragments
2021-12-14 09:10:30 +00:00
test_session.py
tests: add segment manager tests
2021-12-02 17:53:11 +00:00
test_sixrd.py
ip: Protocol Independent IP Neighbors
2019-12-17 10:56:20 +00:00
test_span.py
vxlan: vxlan/vxlan.api API cleanup
2020-03-16 09:18:46 +00:00
test_sparse_vec.py
misc: Fix python scripts shebang line
2019-11-05 21:08:59 +00:00
test_srmpls.py
ip: Protocol Independent IP Neighbors
2019-12-17 10:56:20 +00:00
test_srv6_ad_flow.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_srv6_ad.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_srv6_as.py
build: remove unnecessary executable bits
2021-11-02 22:26:34 +00:00
test_srv6_mobile.py
srv6-mobile: Update GTP4/6.D function
2022-01-05 10:52:22 +00:00
test_srv6_un.py
tests: Fix unversioned python shebang lines
2020-11-30 16:56:43 -05:00
test_srv6.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_stats_client.py
stats: revert "add a retry mechanism in a symlink test"
2021-06-25 17:59:18 +02:00
test_string.py
unittest: remove clib_count_equal_* tests
2021-11-06 16:44:56 +00:00
test_svs.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_syslog.py
tests: vpp_interface remove deprecated packed properties
2020-05-03 15:21:42 -04:00
test_tap.py
tap: implement sw_interface_tap_v2_dump filtering by sw_if_index
2020-05-01 18:08:45 +00:00
test_tcp.py
hsa: fix builtin echo apps with multiple workers
2021-03-04 10:59:11 +00:00
test_tls.py
tests: remove bond, pipe, session and api_namespace from vpp_papi_provider
2020-11-24 11:24:53 +01:00
test_trace_filter.py
udp: fix severity error info
2021-10-07 15:34:31 +00:00
test_udp.py
fib: fix flags updates when adding routes with a udp encap path
2021-06-03 14:12:54 +00:00
test_urpf.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_util.py
build: remove unnecessary executable bits
2021-11-02 22:26:34 +00:00
test_vapi.py
tests: move vapi C/C++ test files into src/
2021-05-26 06:32:43 +00:00
test_vcl.py
build: remove unnecessary executable bits
2021-11-02 22:26:34 +00:00
test_vhost.py
devices: vhost API cleanup
2019-12-11 15:23:55 +00:00
test_vlib.py
vppinfra: pool_free_elts() now supports fixed-size pools
2021-06-08 15:23:15 +00:00
test_vpe_api.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_vppinfra.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_vrrp.py
vrrp: Fix for test-all testcases failure.
2021-07-06 13:02:35 +00:00
test_vtr.py
interface: Allow VLAN tag-rewrite on non-sub-interfaces too.
2019-11-12 20:37:55 +00:00
test_vxlan6.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_vxlan_gpe.py
vxlan-gpe: add udp-port configuration support
2021-10-08 11:38:56 +00:00
test_vxlan.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
test_wireguard.py
build: remove unnecessary executable bits
2021-11-02 22:26:34 +00:00
util.py
tests: py2 cleanup - remove subclassing of object
2020-12-07 08:17:10 +00:00
vpp_acl.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
vpp_bier.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
vpp_bond_interface.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
vpp_bvi_interface.py
BVI Interface
2019-03-21 20:33:30 +00:00
vpp_devices.py
tap: implement sw_interface_tap_v2_dump filtering by sw_if_index
2020-05-01 18:08:45 +00:00
vpp_dhcp.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
vpp_gre_interface.py
gre: Tunnel encap/decap flags
2020-01-30 20:12:19 +00:00
vpp_igmp.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
vpp_ikev2.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
vpp_interface.py
stats: python vpp_stats rewrite to access stat segment directly
2021-03-25 08:37:46 +00:00
vpp_ip_route.py
fib: Allow the creation of new source on the API
2021-03-16 12:12:23 +00:00
vpp_ip.py
ip: Path MTU
2021-02-15 17:27:48 +00:00
vpp_ipip_tun_interface.py
linux-cp: Add tests for tun devices
2021-06-14 13:13:13 +00:00
vpp_ipsec.py
ipsec: Record the number of packets lost from an SA
2021-09-29 14:27:48 +00:00
vpp_l2.py
tests: Apply the 'return self' pattern for the L2 objects
2021-11-03 10:54:43 +00:00
vpp_lb.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
vpp_lo_interface.py
vpp_memif.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
vpp_mpls_tunnel_interface.py
fib: fib api updates
2019-06-18 13:31:39 +00:00
vpp_neighbor.py
stats: python vpp_stats rewrite to access stat segment directly
2021-03-25 08:37:46 +00:00
vpp_object.py
tests: py2 cleanup - remove subclassing of object
2020-12-07 08:17:10 +00:00
vpp_papi_provider.py
misc: deprecate gbp and its dependents
2021-11-23 13:03:36 +00:00
vpp_pg_interface.py
build: remove unnecessary executable bits
2021-11-02 22:26:34 +00:00
vpp_policer.py
tests: test input policer
2021-02-19 10:48:20 +00:00
vpp_pppoe_interface.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
vpp_qos.py
qos: Store function
2019-07-31 16:17:36 +00:00
vpp_srv6.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
vpp_sub_interface.py
ip: add IPv6 ping test for link-layer address
2021-01-20 13:53:33 +00:00
vpp_teib.py
tests: Fix unversioned python shebang lines
2020-11-30 16:56:43 -05:00
vpp_tunnel_interface.py
tests: remove py2/py3 six compatability library
2020-12-03 19:43:23 +00:00
vpp_udp_decap.py
udp: add udp decapsulation
2021-05-29 18:13:01 +00:00
vpp_udp_encap.py
misc: Fix python scripts shebang line
2019-11-05 21:08:59 +00:00
vpp_vhost_interface.py
vhost: Add event index for interrupt notification to driver
2021-01-08 13:10:58 +00:00
vpp_vxlan_gpe_tunnel.py
vxlan-gpe: add udp-port configuration support
2021-10-08 11:38:56 +00:00
vpp_vxlan_tunnel.py
tests: move test source to vpp/test
2021-05-13 09:33:06 +00:00
vrf.py