Blame - test/test_cnat.py - fdio/vpp

2020-05-19 07:17:19 +0000

[diff] [blame]

1

#!/usr/bin/env python3

import unittest

from framework import VppTestCase, VppTestRunner

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

6

from vpp_ip import DpoProto, INVALID_INDEX

7

from itertools import product

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

8

9

from scapy.packet import Raw

10

from scapy.layers.l2 import Ether

Nathan Skrzypczak

2020-09-08 15:16:08 +0200

[diff] [blame]

11

from scapy.layers.inet import IP, UDP, TCP, ICMP

12

from scapy.layers.inet import IPerror, TCPerror, UDPerror, ICMPerror

13

from scapy.layers.inet6 import IPv6, IPerror6, ICMPv6DestUnreach

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

14

from scapy.layers.inet6 import ICMPv6EchoRequest, ICMPv6EchoReply

Nathan Skrzypczak

2020-09-08 15:16:08 +0200

[diff] [blame]

15

16

import struct

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

17

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

18

from ipaddress import (

ip_address,

ip_network,

IPv4Address,

IPv6Address,

IPv4Network,

IPv6Network,

)

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

26

27

from vpp_object import VppObject

28

from vpp_papi import VppEnum

29

30

N_PKTS = 15

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

N_REMOTE_HOSTS = 3

SRC = 0

DST = 1

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

35

36

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

37

class CnatCommonTestCase(VppTestCase):

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

38

"""CNat common test class"""

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

39

40

#

41

# turn the scanner off whilst testing otherwise sessions

42

# will time out

43

#

Klement Sekera

d3e0d10

2023-01-26 12:35:35 +0100

[diff] [blame]

44

extra_vpp_config = [

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

45

"cnat",

46

"{",

47

"session-db-buckets",

48

"64",

49

"session-cleanup-timeout",

"0.1",

"session-max-age",

"1",

"tcp-max-age",

"1",

"scanner",

"off",

"}",

]

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

@classmethod

def setUpClass(cls):

super(CnatCommonTestCase, cls).setUpClass()

63

64

@classmethod

65

def tearDownClass(cls):

66

super(CnatCommonTestCase, cls).tearDownClass()

67

68

69

class Endpoint(object):

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

70

"""CNat endpoint"""

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

71

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

72

def __init__(self, pg=None, pgi=None, port=0, is_v6=False, ip=None):

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

73

self.port = port

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

74

self.is_v6 = is_v6

75

self.sw_if_index = INVALID_INDEX

76

if pg is not None and pgi is not None:

77

# pg interface specified and remote index

78

self.ip = self.get_ip46(pg.remote_hosts[pgi])

79

elif pg is not None:

80

self.ip = None

81

self.sw_if_index = pg.sw_if_index

82

elif ip is not None:

83

self.ip = ip

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

84

else:

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

85

self.ip = "::" if self.is_v6 else "0.0.0.0"

86

87

def get_ip46(self, obj):

if self.is_v6:

return obj.ip6

return obj.ip4

def udpate(self, **kwargs):

93

self.__init__(**kwargs)

94

95

def _vpp_if_af(self):

96

if self.is_v6:

97

return VppEnum.vl_api_address_family_t.ADDRESS_IP6

98

return VppEnum.vl_api_address_family_t.ADDRESS_IP4

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

99

100

def encode(self):

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

return {

"addr": self.ip,

"port": self.port,

"sw_if_index": self.sw_if_index,

105

"if_af": self._vpp_if_af(),

106

}

Nathan Skrzypczak

2020-09-08 15:16:08 +0200

[diff] [blame]

107

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

108

def __str__(self):

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

109

return "%s:%d" % (self.ip, self.port)

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

110

111

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

112

class Translation(VppObject):

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

113

def __init__(self, test, iproto, vip, paths):

self._test = test

self.vip = vip

self.iproto = iproto

self.paths = paths

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

118

self.id = None

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

119

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

120

def __str__(self):

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

121

return "%s %s %s" % (self.vip, self.iproto, self.paths)

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

122

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

123

def _vl4_proto(self):

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

124

ip_proto = VppEnum.vl_api_ip_proto_t

125

return {

126

UDP: ip_proto.IP_API_PROTO_UDP,

127

TCP: ip_proto.IP_API_PROTO_TCP,

128

}[self.iproto]

129

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

130

def _encoded_paths(self):

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

131

return [

132

{"src_ep": src.encode(), "dst_ep": dst.encode()}

133

for (src, dst) in self.paths

134

]

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

135

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

136

def add_vpp_config(self):

137

r = self._test.vapi.cnat_translation_update(

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

138

{

139

"vip": self.vip.encode(),

140

"ip_proto": self._vl4_proto(),

141

"n_paths": len(self.paths),

142

"paths": self._encoded_paths(),

143

}

144

)

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

145

self._test.registry.register(self, self._test.logger)

146

self.id = r.id

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

147

return self

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

148

149

def remove_vpp_config(self):

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

150

assert self.id is not None

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

151

self._test.vapi.cnat_translation_del(id=self.id)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

152

return self

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

153

154

def query_vpp_config(self):

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

155

for t in self._test.vapi.cnat_translation_dump():

156

if self.id == t.translation.id:

157

return t.translation

158

return None

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

159

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

160

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

161

class CnatTestContext(object):

"""

Usage :

ctx = CnatTestContext(self, TCP, is_v6=True)

166

167

# send pg0.remote[0]:1234 -> pg1.remote[0]:6661

168

ctx.cnat_send(self.pg0, 0, 1234, self.pg1, 0, 6661)

169

170

# We expect this to be NATed as

171

# pg2.remote[0]:<anyport> -> pg1.remote[0]:6661

172

ctx.cnat_expect(self.pg2, 0, None, self.pg1, 0, 6661)

173

174

# After running cnat_expect, we can send back the received packet

175

# and expect it be 'unnated' so that we get the original packet

176

ctx.cnat_send_return().cnat_expect_return()

177

178

# same thing for ICMP errors

179

ctx.cnat_send_icmp_return_error().cnat_expect_icmp_error_return()

180

"""

181

182

def __init__(self, test, L4PROTO, is_v6):

183

self.L4PROTO = L4PROTO

self.is_v6 = is_v6

self._test = test

def get_ip46(self, obj):

if self.is_v6:

return obj.ip6

return obj.ip4

@property

def IP46(self):

return IPv6 if self.is_v6 else IP

195

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

196

def cnat_send(

197

self, src_pg, src_id, src_port, dst_pg, dst_id, dst_port, no_replies=False

198

):

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

199

if isinstance(src_id, int):

200

self.src_addr = self.get_ip46(src_pg.remote_hosts[src_id])

201

else:

202

self.dst_addr = src_id

203

if isinstance(dst_id, int):

204

self.dst_addr = self.get_ip46(dst_pg.remote_hosts[dst_id])

205

else:

206

self.dst_addr = dst_id

207

self.src_port = src_port # also ICMP id

208

self.dst_port = dst_port # also ICMP type

209

210

if self.L4PROTO in [TCP, UDP]:

211

l4 = self.L4PROTO(sport=self.src_port, dport=self.dst_port)

212

elif self.L4PROTO in [ICMP] and not self.is_v6:

213

l4 = self.L4PROTO(id=self.src_port, type=self.dst_port)

214

elif self.L4PROTO in [ICMP] and self.is_v6:

215

l4 = ICMPv6EchoRequest(id=self.src_port)

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

216

p1 = (

217

Ether(src=src_pg.remote_mac, dst=src_pg.local_mac)

218

/ self.IP46(src=self.src_addr, dst=self.dst_addr)

219

/ l4

220

/ Raw()

221

)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

222

223

if no_replies:

224

self._test.send_and_assert_no_replies(src_pg, p1 * N_PKTS, dst_pg)

225

else:

226

self.rxs = self._test.send_and_expect(src_pg, p1 * N_PKTS, dst_pg)

227

self.expected_src_pg = src_pg

228

self.expected_dst_pg = dst_pg

229

return self

230

231

def cnat_expect(self, src_pg, src_id, src_port, dst_pg, dst_id, dst_port):

232

if isinstance(src_id, int):

233

self.expect_src_addr = self.get_ip46(src_pg.remote_hosts[src_id])

234

else:

235

self.expect_src_addr = src_id

236

if isinstance(dst_id, int):

237

self.expect_dst_addr = self.get_ip46(dst_pg.remote_hosts[dst_id])

238

else:

239

self.expect_dst_addr = dst_id

240

self.expect_src_port = src_port

241

self.expect_dst_port = dst_port

242

243

if self.expect_src_port is None:

244

if self.L4PROTO in [TCP, UDP]:

245

self.expect_src_port = self.rxs[0][self.L4PROTO].sport

246

elif self.L4PROTO in [ICMP] and not self.is_v6:

247

self.expect_src_port = self.rxs[0][self.L4PROTO].id

248

elif self.L4PROTO in [ICMP] and self.is_v6:

249

self.expect_src_port = self.rxs[0][ICMPv6EchoRequest].id

250

251

for rx in self.rxs:

252

self._test.assert_packet_checksums_valid(rx)

253

self._test.assertEqual(rx[self.IP46].dst, self.expect_dst_addr)

254

self._test.assertEqual(rx[self.IP46].src, self.expect_src_addr)

255

if self.L4PROTO in [TCP, UDP]:

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

256

self._test.assertEqual(rx[self.L4PROTO].dport, self.expect_dst_port)

257

self._test.assertEqual(rx[self.L4PROTO].sport, self.expect_src_port)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

258

elif self.L4PROTO in [ICMP] and not self.is_v6:

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

259

self._test.assertEqual(rx[self.L4PROTO].type, self.expect_dst_port)

260

self._test.assertEqual(rx[self.L4PROTO].id, self.expect_src_port)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

261

elif self.L4PROTO in [ICMP] and self.is_v6:

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

262

self._test.assertEqual(rx[ICMPv6EchoRequest].id, self.expect_src_port)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

263

return self

264

265

def cnat_send_return(self):

266

"""This sends the return traffic"""

267

if self.L4PROTO in [TCP, UDP]:

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

268

l4 = self.L4PROTO(sport=self.expect_dst_port, dport=self.expect_src_port)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

269

elif self.L4PROTO in [ICMP] and not self.is_v6:

270

# icmp type 0 if echo reply

271

l4 = self.L4PROTO(id=self.expect_src_port, type=0)

272

elif self.L4PROTO in [ICMP] and self.is_v6:

273

l4 = ICMPv6EchoReply(id=self.expect_src_port)

274

src_mac = self.expected_dst_pg.remote_mac

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

275

p1 = (

276

Ether(src=src_mac, dst=self.expected_dst_pg.local_mac)

277

/ self.IP46(src=self.expect_dst_addr, dst=self.expect_src_addr)

278

/ l4

279

/ Raw()

280

)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

281

282

self.return_rxs = self._test.send_and_expect(

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

283

self.expected_dst_pg, p1 * N_PKTS, self.expected_src_pg

284

)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

285

return self

286

287

def cnat_expect_return(self):

288

for rx in self.return_rxs:

289

self._test.assert_packet_checksums_valid(rx)

290

self._test.assertEqual(rx[self.IP46].dst, self.src_addr)

291

self._test.assertEqual(rx[self.IP46].src, self.dst_addr)

292

if self.L4PROTO in [TCP, UDP]:

293

self._test.assertEqual(rx[self.L4PROTO].dport, self.src_port)

294

self._test.assertEqual(rx[self.L4PROTO].sport, self.dst_port)

295

elif self.L4PROTO in [ICMP] and not self.is_v6:

296

# icmp type 0 if echo reply

297

self._test.assertEqual(rx[self.L4PROTO].type, 0)

298

self._test.assertEqual(rx[self.L4PROTO].id, self.src_port)

299

elif self.L4PROTO in [ICMP] and self.is_v6:

300

self._test.assertEqual(rx[ICMPv6EchoReply].id, self.src_port)

301

return self

302

303

def cnat_send_icmp_return_error(self):

304

"""

305

This called after cnat_expect will send an icmp error

306

on the reverse path

307

"""

308

ICMPelem = ICMPv6DestUnreach(code=1) if self.is_v6 else ICMP(type=11)

309

InnerIP = self.rxs[0][self.IP46]

310

p1 = (

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

311

Ether(

312

src=self.expected_dst_pg.remote_mac, dst=self.expected_dst_pg.local_mac

313

)

314

/ self.IP46(src=self.expect_dst_addr, dst=self.expect_src_addr)

315

/ ICMPelem

316

/ InnerIP

317

)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

318

self.return_rxs = self._test.send_and_expect(

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

319

self.expected_dst_pg, p1 * N_PKTS, self.expected_src_pg

320

)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

321

return self

322

323

def cnat_expect_icmp_error_return(self):

324

ICMP46 = ICMPv6DestUnreach if self.is_v6 else ICMP

325

IP46err = IPerror6 if self.is_v6 else IPerror

326

L4err = TCPerror if self.L4PROTO is TCP else UDPerror

327

for rx in self.return_rxs:

328

self._test.assert_packet_checksums_valid(rx)

329

self._test.assertEqual(rx[self.IP46].dst, self.src_addr)

330

self._test.assertEqual(rx[self.IP46].src, self.dst_addr)

331

self._test.assertEqual(rx[ICMP46][IP46err].src, self.src_addr)

332

self._test.assertEqual(rx[ICMP46][IP46err].dst, self.dst_addr)

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

333

self._test.assertEqual(rx[ICMP46][IP46err][L4err].sport, self.src_port)

334

self._test.assertEqual(rx[ICMP46][IP46err][L4err].dport, self.dst_port)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

335

return self

336

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

337

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

338

# -------------------------------------------------------------------

339

# -------------------------------------------------------------------

340

# -------------------------------------------------------------------

341

# -------------------------------------------------------------------

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

342

343

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

344

class TestCNatTranslation(CnatCommonTestCase):

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

345

"""CNat Translation"""

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

@classmethod

def setUpClass(cls):

super(TestCNatTranslation, cls).setUpClass()

350

351

@classmethod

352

def tearDownClass(cls):

353

super(TestCNatTranslation, cls).tearDownClass()

354

355

def setUp(self):

356

super(TestCNatTranslation, self).setUp()

357

358

self.create_pg_interfaces(range(3))

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

359

self.pg0.generate_remote_hosts(N_REMOTE_HOSTS)

360

self.pg1.generate_remote_hosts(N_REMOTE_HOSTS)

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

361

362

for i in self.pg_interfaces:

i.admin_up()

i.config_ip4()

i.resolve_arp()

i.config_ip6()

i.resolve_ndp()

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

368

i.configure_ipv4_neighbors()

369

i.configure_ipv6_neighbors()

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

370

371

def tearDown(self):

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

372

for translation in self.translations:

373

translation.remove_vpp_config()

374

375

self.vapi.cnat_session_purge()

376

self.assertFalse(self.vapi.cnat_session_dump())

377

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

378

for i in self.pg_interfaces:

i.unconfig_ip4()

i.unconfig_ip6()

i.admin_down()

super(TestCNatTranslation, self).tearDown()

383

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

384

def cnat_translation(self):

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

385

"""CNat Translation"""

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

386

self.logger.info(self.vapi.cli("sh cnat client"))

387

self.logger.info(self.vapi.cli("sh cnat translation"))

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

388

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

389

for nbr, translation in enumerate(self.translations):

390

vip = translation.vip

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

391

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

392

#

393

# Test Flows to the VIP

394

#

395

ctx = CnatTestContext(self, translation.iproto, vip.is_v6)

396

for src_pgi, sport in product(range(N_REMOTE_HOSTS), [1234, 1233]):

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

397

# from client to vip

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

398

ctx.cnat_send(self.pg0, src_pgi, sport, self.pg1, vip.ip, vip.port)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

399

dst_port = translation.paths[0][DST].port

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

400

ctx.cnat_expect(self.pg0, src_pgi, sport, self.pg1, nbr, dst_port)

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

401

# from vip to client

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

402

ctx.cnat_send_return().cnat_expect_return()

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

403

404

#

405

# packets to the VIP that do not match a

406

# translation are dropped

407

#

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

408

ctx.cnat_send(

409

self.pg0, src_pgi, sport, self.pg1, vip.ip, 6666, no_replies=True

410

)

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

411

412

#

413

# packets from the VIP that do not match a

414

# session are forwarded

415

#

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

416

ctx.cnat_send(self.pg1, nbr, 6666, self.pg0, src_pgi, sport)

417

ctx.cnat_expect(self.pg1, nbr, 6666, self.pg0, src_pgi, sport)

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

418

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

419

#

420

# modify the translation to use a different backend

421

#

422

old_dst_port = translation.paths[0][DST].port

423

translation.paths[0][DST].udpate(

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

424

pg=self.pg2, pgi=0, port=5000, is_v6=vip.is_v6

425

)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

426

translation.add_vpp_config()

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

427

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

428

#

429

# existing flows follow the old path

430

#

431

for src_pgi in range(N_REMOTE_HOSTS):

432

for sport in [1234, 1233]:

433

# from client to vip

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

434

ctx.cnat_send(self.pg0, src_pgi, sport, self.pg1, vip.ip, vip.port)

435

ctx.cnat_expect(

436

self.pg0, src_pgi, sport, self.pg1, nbr, old_dst_port

437

)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

438

# from vip to client

439

ctx.cnat_send_return().cnat_expect_return()

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

440

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

441

#

442

# new flows go to the new backend

443

#

444

for src_pgi in range(N_REMOTE_HOSTS):

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

445

ctx.cnat_send(self.pg0, src_pgi, 9999, self.pg2, vip.ip, vip.port)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

446

ctx.cnat_expect(self.pg0, src_pgi, 9999, self.pg2, 0, 5000)

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

447

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

448

self.logger.info(self.vapi.cli("sh cnat session verbose"))

449

450

#

Nathan Skrzypczak

d63f73b

2020-09-23 10:43:16 +0200

[diff] [blame]

451

# turn the scanner back on and wait until the sessions

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

452

# all disapper

453

#

454

self.vapi.cli("test cnat scanner on")

Benoît Ganne

56eccdb

2021-08-20 09:18:31 +0200

[diff] [blame]

455

self.virtual_sleep(2)

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

456

sessions = self.vapi.cnat_session_dump()

Benoît Ganne

56eccdb

2021-08-20 09:18:31 +0200

[diff] [blame]

457

self.assertEqual(len(sessions), 0)

Nathan Skrzypczak

2020-09-08 15:16:08 +0200

[diff] [blame]

458

self.vapi.cli("test cnat scanner off")

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

459

460

#

461

# load some flows again and purge

462

#

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

463

for translation in self.translations:

464

vip = translation.vip

465

ctx = CnatTestContext(self, translation.iproto, vip.is_v6)

466

for src_pgi in range(N_REMOTE_HOSTS):

467

for sport in [1234, 1233]:

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

468

# from client to vip

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

469

ctx.cnat_send(self.pg0, src_pgi, sport, self.pg2, vip.ip, vip.port)

470

ctx.cnat_expect(self.pg0, src_pgi, sport, self.pg2, 0, 5000)

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

471

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

472

def _test_icmp(self):

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

#

# Testing ICMP

#

for nbr, translation in enumerate(self.translations):

477

vip = translation.vip

478

ctx = CnatTestContext(self, translation.iproto, vip.is_v6)

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

479

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

#

# NATing ICMP errors

#

ctx.cnat_send(self.pg0, 0, 1234, self.pg1, vip.ip, vip.port)

484

dst_port = translation.paths[0][DST].port

485

ctx.cnat_expect(self.pg0, 0, 1234, self.pg1, nbr, dst_port)

486

ctx.cnat_send_icmp_return_error().cnat_expect_icmp_error_return()

Nathan Skrzypczak

2020-09-08 15:16:08 +0200

[diff] [blame]

487

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

488

#

489

# ICMP errors with no VIP associated should not be

490

# modified

491

#

492

ctx.cnat_send(self.pg0, 0, 1234, self.pg2, 0, vip.port)

493

dst_port = translation.paths[0][DST].port

494

ctx.cnat_expect(self.pg0, 0, 1234, self.pg2, 0, vip.port)

495

ctx.cnat_send_icmp_return_error().cnat_expect_icmp_error_return()

Nathan Skrzypczak

2020-09-08 15:16:08 +0200

[diff] [blame]

496

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

497

def _make_translations_v4(self):

498

self.translations = []

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

499

self.translations.append(

Translation(

self,

TCP,

Endpoint(ip="30.0.0.1", port=5555, is_v6=False),

504

[

505

(

506

Endpoint(is_v6=False),

507

Endpoint(pg=self.pg1, pgi=0, port=4001, is_v6=False),

)

],

).add_vpp_config()

)

self.translations.append(

Translation(

self,

TCP,

Endpoint(ip="30.0.0.2", port=5554, is_v6=False),

517

[

518

(

519

Endpoint(is_v6=False),

520

Endpoint(pg=self.pg1, pgi=1, port=4002, is_v6=False),

)

],

).add_vpp_config()

)

self.translations.append(

Translation(

self,

UDP,

Endpoint(ip="30.0.0.2", port=5553, is_v6=False),

530

[

531

(

532

Endpoint(is_v6=False),

533

Endpoint(pg=self.pg1, pgi=2, port=4003, is_v6=False),

)

],

).add_vpp_config()

)

Nathan Skrzypczak

2020-09-08 15:16:08 +0200

[diff] [blame]

538

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

539

def _make_translations_v6(self):

540

self.translations = []

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

541

self.translations.append(

Translation(

self,

TCP,

Endpoint(ip="30::1", port=5555, is_v6=True),

546

[

547

(

548

Endpoint(is_v6=True),

549

Endpoint(pg=self.pg1, pgi=0, port=4001, is_v6=True),

)

],

).add_vpp_config()

)

self.translations.append(

Translation(

self,

TCP,

Endpoint(ip="30::2", port=5554, is_v6=True),

559

[

560

(

561

Endpoint(is_v6=True),

562

Endpoint(pg=self.pg1, pgi=1, port=4002, is_v6=True),

)

],

).add_vpp_config()

)

self.translations.append(

Translation(

self,

UDP,

Endpoint(ip="30::2", port=5553, is_v6=True),

572

[

573

(

574

Endpoint(is_v6=True),

575

Endpoint(pg=self.pg1, pgi=2, port=4003, is_v6=True),

)

],

).add_vpp_config()

)

Nathan Skrzypczak

2020-09-08 15:16:08 +0200

[diff] [blame]

580

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

581

def test_icmp4(self):

582

# """ CNat Translation icmp v4 """

583

self._make_translations_v4()

584

self._test_icmp()

Nathan Skrzypczak

2020-09-08 15:16:08 +0200

[diff] [blame]

585

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

586

def test_icmp6(self):

587

# """ CNat Translation icmp v6 """

588

self._make_translations_v6()

589

self._test_icmp()

Nathan Skrzypczak

2020-09-08 15:16:08 +0200

[diff] [blame]

590

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

591

def test_cnat6(self):

592

# """ CNat Translation ipv6 """

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

593

self._make_translations_v6()

594

self.cnat_translation()

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

595

596

def test_cnat4(self):

597

# """ CNat Translation ipv4 """

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

598

self._make_translations_v4()

599

self.cnat_translation()

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

600

601

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

602

class TestCNatSourceNAT(CnatCommonTestCase):

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

603

"""CNat Source NAT"""

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

@classmethod

def setUpClass(cls):

super(TestCNatSourceNAT, cls).setUpClass()

608

609

@classmethod

610

def tearDownClass(cls):

611

super(TestCNatSourceNAT, cls).tearDownClass()

612

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

613

def _enable_disable_snat(self, is_enable=True):

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

614

self.vapi.cnat_set_snat_addresses(

615

snat_ip4=self.pg2.remote_hosts[0].ip4,

Nathan Skrzypczak

8786a4c

2021-02-26 18:12:20 +0100

[diff] [blame]

616

snat_ip6=self.pg2.remote_hosts[0].ip6,

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

617

sw_if_index=INVALID_INDEX,

618

)

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

619

self.vapi.feature_enable_disable(

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

620

enable=1 if is_enable else 0,

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

621

arc_name="ip6-unicast",

Nathan Skrzypczak

27647a2

2021-02-25 11:01:41 +0100

[diff] [blame]

622

feature_name="cnat-snat-ip6",

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

623

sw_if_index=self.pg0.sw_if_index,

624

)

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

625

self.vapi.feature_enable_disable(

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

626

enable=1 if is_enable else 0,

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

627

arc_name="ip4-unicast",

Nathan Skrzypczak

27647a2

2021-02-25 11:01:41 +0100

[diff] [blame]

628

feature_name="cnat-snat-ip4",

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

629

sw_if_index=self.pg0.sw_if_index,

630

)

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

631

Nathan Skrzypczak

2021-02-25 17:39:03 +0100

[diff] [blame]

632

policie_tbls = VppEnum.vl_api_cnat_snat_policy_table_t

633

self.vapi.cnat_set_snat_policy(

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

634

policy=VppEnum.vl_api_cnat_snat_policies_t.CNAT_POLICY_IF_PFX

635

)

Nathan Skrzypczak

2021-02-25 17:39:03 +0100

[diff] [blame]

636

for i in self.pg_interfaces:

637

self.vapi.cnat_snat_policy_add_del_if(

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

638

sw_if_index=i.sw_if_index,

639

is_add=1 if is_enable else 0,

640

table=policie_tbls.CNAT_POLICY_INCLUDE_V6,

641

)

Nathan Skrzypczak

2021-02-25 17:39:03 +0100

[diff] [blame]

642

self.vapi.cnat_snat_policy_add_del_if(

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

643

sw_if_index=i.sw_if_index,

644

is_add=1 if is_enable else 0,

645

table=policie_tbls.CNAT_POLICY_INCLUDE_V4,

646

)

Nathan Skrzypczak

2021-02-25 17:39:03 +0100

[diff] [blame]

647

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

648

def setUp(self):

649

super(TestCNatSourceNAT, self).setUp()

650

651

self.create_pg_interfaces(range(3))

652

self.pg1.generate_remote_hosts(2)

653

654

for i in self.pg_interfaces:

i.admin_up()

i.config_ip4()

i.resolve_arp()

i.config_ip6()

i.resolve_ndp()

i.configure_ipv6_neighbors()

661

i.configure_ipv4_neighbors()

662

663

self._enable_disable_snat(is_enable=True)

664

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

665

def tearDown(self):

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

666

self._enable_disable_snat(is_enable=True)

667

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

668

self.vapi.cnat_session_purge()

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

669

for i in self.pg_interfaces:

i.unconfig_ip4()

i.unconfig_ip6()

i.admin_down()

super(TestCNatSourceNAT, self).tearDown()

674

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

675

def test_snat_v6(self):

676

# """ CNat Source Nat v6 """

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

677

self.sourcenat_test_tcp_udp_conf(TCP, is_v6=True)

678

self.sourcenat_test_tcp_udp_conf(UDP, is_v6=True)

679

self.sourcenat_test_icmp_echo_conf(is_v6=True)

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

680

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

681

def test_snat_v4(self):

682

# """ CNat Source Nat v4 """

683

self.sourcenat_test_tcp_udp_conf(TCP)

684

self.sourcenat_test_tcp_udp_conf(UDP)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

685

self.sourcenat_test_icmp_echo_conf()

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

686

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

687

def sourcenat_test_icmp_echo_conf(self, is_v6=False):

688

ctx = CnatTestContext(self, ICMP, is_v6=is_v6)

689

# 8 is ICMP type echo (v4 only)

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

690

ctx.cnat_send(self.pg0, 0, 0xFEED, self.pg1, 0, 8)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

691

ctx.cnat_expect(self.pg2, 0, None, self.pg1, 0, 8)

692

ctx.cnat_send_return().cnat_expect_return()

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

693

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

694

def sourcenat_test_tcp_udp_conf(self, L4PROTO, is_v6=False):

695

ctx = CnatTestContext(self, L4PROTO, is_v6)

696

# we should source NAT

697

ctx.cnat_send(self.pg0, 0, 1234, self.pg1, 0, 6661)

698

ctx.cnat_expect(self.pg2, 0, None, self.pg1, 0, 6661)

699

ctx.cnat_send_return().cnat_expect_return()

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

700

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

701

# exclude dst address of pg1.1 from snat

702

if is_v6:

703

exclude_prefix = ip_network(

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

704

"%s/100" % self.pg1.remote_hosts[1].ip6, strict=False

705

)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

706

else:

707

exclude_prefix = ip_network(

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

708

"%s/16" % self.pg1.remote_hosts[1].ip4, strict=False

709

)

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

710

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

711

# add remote host to exclude list

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

712

self.vapi.cnat_snat_policy_add_del_exclude_pfx(prefix=exclude_prefix, is_add=1)

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

713

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

714

# We should not source NAT the id=1

715

ctx.cnat_send(self.pg0, 0, 1234, self.pg1, 1, 6661)

716

ctx.cnat_expect(self.pg0, 0, 1234, self.pg1, 1, 6661)

717

ctx.cnat_send_return().cnat_expect_return()

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

718

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

719

# But we should source NAT the id=0

720

ctx.cnat_send(self.pg0, 0, 1234, self.pg1, 0, 6661)

721

ctx.cnat_expect(self.pg2, 0, None, self.pg1, 0, 6661)

722

ctx.cnat_send_return().cnat_expect_return()

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

723

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

724

# remove remote host from exclude list

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

725

self.vapi.cnat_snat_policy_add_del_exclude_pfx(prefix=exclude_prefix, is_add=0)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

726

self.vapi.cnat_session_purge()

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

727

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

728

# We should source NAT again

729

ctx.cnat_send(self.pg0, 0, 1234, self.pg1, 1, 6661)

730

ctx.cnat_expect(self.pg2, 0, None, self.pg1, 1, 6661)

731

ctx.cnat_send_return().cnat_expect_return()

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

732

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

733

# test return ICMP error nating

734

ctx.cnat_send(self.pg0, 0, 1234, self.pg1, 1, 6661)

735

ctx.cnat_expect(self.pg2, 0, None, self.pg1, 1, 6661)

736

ctx.cnat_send_icmp_return_error().cnat_expect_icmp_error_return()

Nathan Skrzypczak

2020-09-10 17:44:41 +0200

[diff] [blame]

737

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

738

self.vapi.cnat_session_purge()

Neale Ranns

2020-05-19 07:17:19 +0000

[diff] [blame]

739

Nathan Skrzypczak

d63f73b

2020-09-23 10:43:16 +0200

[diff] [blame]

740

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

741

class TestCNatDHCP(CnatCommonTestCase):

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

742

"""CNat Translation"""

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

@classmethod

def setUpClass(cls):

super(TestCNatDHCP, cls).setUpClass()

747

748

@classmethod

749

def tearDownClass(cls):

750

super(TestCNatDHCP, cls).tearDownClass()

751

752

def tearDown(self):

753

for i in self.pg_interfaces:

754

i.admin_down()

755

super(TestCNatDHCP, self).tearDown()

756

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

757

def make_addr(self, sw_if_index, addr_id, is_v6):

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

758

if is_v6:

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

759

return "fd01:%x::%u" % (sw_if_index, addr_id + 1)

760

return "172.16.%u.%u" % (sw_if_index, addr_id)

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

761

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

762

def make_prefix(self, sw_if_index, addr_id, is_v6):

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

763

if is_v6:

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

764

return "%s/128" % self.make_addr(sw_if_index, addr_id, is_v6)

765

return "%s/32" % self.make_addr(sw_if_index, addr_id, is_v6)

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

766

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

767

def check_resolved(self, tr, addr_id, is_v6=False):

768

qt = tr.query_vpp_config()

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

769

self.assertEqual(

770

str(qt.vip.addr), self.make_addr(tr.vip.sw_if_index, addr_id, is_v6)

771

)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

772

self.assertEqual(len(qt.paths), len(tr.paths))

773

for path_tr, path_qt in zip(tr.paths, qt.paths):

774

src_qt = path_qt.src_ep

775

dst_qt = path_qt.dst_ep

776

src_tr, dst_tr = path_tr

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

777

self.assertEqual(

778

str(src_qt.addr), self.make_addr(src_tr.sw_if_index, addr_id, is_v6)

779

)

780

self.assertEqual(

781

str(dst_qt.addr), self.make_addr(dst_tr.sw_if_index, addr_id, is_v6)

782

)

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

783

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

784

def add_del_address(self, pg, addr_id, is_add=True, is_v6=False):

785

self.vapi.sw_interface_add_del_address(

786

sw_if_index=pg.sw_if_index,

787

prefix=self.make_prefix(pg.sw_if_index, addr_id, is_v6),

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

788

is_add=1 if is_add else 0,

789

)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

790

791

def _test_dhcp_v46(self, is_v6):

792

self.create_pg_interfaces(range(4))

793

for i in self.pg_interfaces:

794

i.admin_up()

795

paths = [

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

796

(Endpoint(pg=self.pg1, is_v6=is_v6), Endpoint(pg=self.pg2, is_v6=is_v6)),

797

(Endpoint(pg=self.pg1, is_v6=is_v6), Endpoint(pg=self.pg3, is_v6=is_v6)),

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

798

]

799

ep = Endpoint(pg=self.pg0, is_v6=is_v6)

800

t = Translation(self, TCP, ep, paths).add_vpp_config()

801

# Add an address on every interface

802

# and check it is reflected in the cnat config

803

for pg in self.pg_interfaces:

804

self.add_del_address(pg, addr_id=0, is_add=True, is_v6=is_v6)

805

self.check_resolved(t, addr_id=0, is_v6=is_v6)

806

# Add a new address on every interface, remove the old one

807

# and check it is reflected in the cnat config

808

for pg in self.pg_interfaces:

809

self.add_del_address(pg, addr_id=1, is_add=True, is_v6=is_v6)

810

self.add_del_address(pg, addr_id=0, is_add=False, is_v6=is_v6)

811

self.check_resolved(t, addr_id=1, is_v6=is_v6)

812

# remove the configuration

813

for pg in self.pg_interfaces:

814

self.add_del_address(pg, addr_id=1, is_add=False, is_v6=is_v6)

815

t.remove_vpp_config()

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

816

817

def test_dhcp_v4(self):

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

818

self._test_dhcp_v46(False)

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

819

820

def test_dhcp_v6(self):

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

821

self._test_dhcp_v46(True)

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

822

823

def test_dhcp_snat(self):

824

self.create_pg_interfaces(range(1))

825

for i in self.pg_interfaces:

826

i.admin_up()

827

self.vapi.cnat_set_snat_addresses(sw_if_index=self.pg0.sw_if_index)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

828

# Add an address on every interface

829

# and check it is reflected in the cnat config

830

for pg in self.pg_interfaces:

831

self.add_del_address(pg, addr_id=0, is_add=True, is_v6=False)

832

self.add_del_address(pg, addr_id=0, is_add=True, is_v6=True)

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

833

r = self.vapi.cnat_get_snat_addresses()

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

834

self.assertEqual(

835

str(r.snat_ip4),

836

self.make_addr(self.pg0.sw_if_index, addr_id=0, is_v6=False),

837

)

838

self.assertEqual(

839

str(r.snat_ip6), self.make_addr(self.pg0.sw_if_index, addr_id=0, is_v6=True)

840

)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

841

# Add a new address on every interface, remove the old one

842

# and check it is reflected in the cnat config

843

for pg in self.pg_interfaces:

844

self.add_del_address(pg, addr_id=1, is_add=True, is_v6=False)

845

self.add_del_address(pg, addr_id=1, is_add=True, is_v6=True)

846

self.add_del_address(pg, addr_id=0, is_add=False, is_v6=False)

847

self.add_del_address(pg, addr_id=0, is_add=False, is_v6=True)

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

848

r = self.vapi.cnat_get_snat_addresses()

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

849

self.assertEqual(

850

str(r.snat_ip4),

851

self.make_addr(self.pg0.sw_if_index, addr_id=1, is_v6=False),

852

)

853

self.assertEqual(

854

str(r.snat_ip6), self.make_addr(self.pg0.sw_if_index, addr_id=1, is_v6=True)

855

)

Nathan Skrzypczak

2021-10-20 17:41:07 +0200

[diff] [blame]

856

# remove the configuration

857

for pg in self.pg_interfaces:

858

self.add_del_address(pg, addr_id=1, is_add=False, is_v6=False)

859

self.add_del_address(pg, addr_id=1, is_add=False, is_v6=True)

Nathan Skrzypczak

8786a4c

2021-02-26 18:12:20 +0100

[diff] [blame]

860

self.vapi.cnat_set_snat_addresses(sw_if_index=INVALID_INDEX)

Nathan Skrzypczak

2020-09-21 19:14:08 +0200

[diff] [blame]

861

862

Klement Sekera

2022-04-26 19:02:15 +0200

[diff] [blame]

863

if __name__ == "__main__":

Neale Ranns