4 from socket import AF_INET, AF_INET6, inet_pton
6 from framework import VppTestCase, VppTestRunner
7 from vpp_neighbor import VppNeighbor, find_nbr
8 from vpp_ip_route import VppIpRoute, VppRoutePath, find_route
10 from scapy.packet import Raw
11 from scapy.layers.l2 import Ether, ARP
12 from scapy.layers.inet import IP, UDP
13 from scapy.contrib.mpls import MPLS
15 # not exported by scapy, so redefined here
16 arp_opts = {"who-has": 1, "is-at": 2}
19 class ARPTestCase(VppTestCase):
23 super(ARPTestCase, self).setUp()
25 # create 3 pg interfaces
26 self.create_pg_interfaces(range(4))
28 # pg0 configured with ip4 and 6 addresses used for input
29 # pg1 configured with ip4 and 6 addresses used for output
30 # pg2 is unnumbered to pg0
31 for i in self.pg_interfaces:
36 self.pg0.resolve_arp()
41 # pg3 in a different VRF
42 self.pg3.set_table_ip4(1)
46 super(ARPTestCase, self).tearDown()
47 for i in self.pg_interfaces:
52 def verify_arp_req(self, rx, smac, sip, dip):
54 self.assertEqual(ether.dst, "ff:ff:ff:ff:ff:ff")
55 self.assertEqual(ether.src, smac)
58 self.assertEqual(arp.hwtype, 1)
59 self.assertEqual(arp.ptype, 0x800)
60 self.assertEqual(arp.hwlen, 6)
61 self.assertEqual(arp.plen, 4)
62 self.assertEqual(arp.op, arp_opts["who-has"])
63 self.assertEqual(arp.hwsrc, smac)
64 self.assertEqual(arp.hwdst, "00:00:00:00:00:00")
65 self.assertEqual(arp.psrc, sip)
66 self.assertEqual(arp.pdst, dip)
68 def verify_arp_resp(self, rx, smac, dmac, sip, dip):
70 self.assertEqual(ether.dst, dmac)
71 self.assertEqual(ether.src, smac)
74 self.assertEqual(arp.hwtype, 1)
75 self.assertEqual(arp.ptype, 0x800)
76 self.assertEqual(arp.hwlen, 6)
77 self.assertEqual(arp.plen, 4)
78 self.assertEqual(arp.op, arp_opts["is-at"])
79 self.assertEqual(arp.hwsrc, smac)
80 self.assertEqual(arp.hwdst, dmac)
81 self.assertEqual(arp.psrc, sip)
82 self.assertEqual(arp.pdst, dip)
84 def verify_ip(self, rx, smac, dmac, sip, dip):
86 self.assertEqual(ether.dst, dmac)
87 self.assertEqual(ether.src, smac)
90 self.assertEqual(ip.src, sip)
91 self.assertEqual(ip.dst, dip)
93 def verify_ip_o_mpls(self, rx, smac, dmac, label, sip, dip):
95 self.assertEqual(ether.dst, dmac)
96 self.assertEqual(ether.src, smac)
99 self.assertTrue(mpls.label, label)
102 self.assertEqual(ip.src, sip)
103 self.assertEqual(ip.dst, dip)
105 def send_and_assert_no_replies(self, intf, pkts, remark):
106 intf.add_stream(pkts)
107 self.pg_enable_capture(self.pg_interfaces)
109 for i in self.pg_interfaces:
110 i.assert_nothing_captured(remark=remark)
116 # Generate some hosts on the LAN
118 self.pg1.generate_remote_hosts(5)
121 # Send IP traffic to one of these unresolved hosts.
122 # expect the generation of an ARP request
124 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
125 IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[1].ip4) /
126 UDP(sport=1234, dport=1234) /
129 self.pg0.add_stream(p)
130 self.pg_enable_capture(self.pg_interfaces)
133 rx = self.pg1.get_capture(1)
135 self.verify_arp_req(rx[0],
138 self.pg1._remote_hosts[1].ip4)
141 # And a dynamic ARP entry for host 1
143 dyn_arp = VppNeighbor(self,
144 self.pg1.sw_if_index,
145 self.pg1.remote_hosts[1].mac,
146 self.pg1.remote_hosts[1].ip4)
147 dyn_arp.add_vpp_config()
150 # now we expect IP traffic forwarded
152 dyn_p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
153 IP(src=self.pg0.remote_ip4,
154 dst=self.pg1._remote_hosts[1].ip4) /
155 UDP(sport=1234, dport=1234) /
158 self.pg0.add_stream(dyn_p)
159 self.pg_enable_capture(self.pg_interfaces)
162 rx = self.pg1.get_capture(1)
164 self.verify_ip(rx[0],
166 self.pg1.remote_hosts[1].mac,
168 self.pg1._remote_hosts[1].ip4)
171 # And a Static ARP entry for host 2
173 static_arp = VppNeighbor(self,
174 self.pg1.sw_if_index,
175 self.pg1.remote_hosts[2].mac,
176 self.pg1.remote_hosts[2].ip4,
178 static_arp.add_vpp_config()
180 static_p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
181 IP(src=self.pg0.remote_ip4,
182 dst=self.pg1._remote_hosts[2].ip4) /
183 UDP(sport=1234, dport=1234) /
186 self.pg0.add_stream(static_p)
187 self.pg_enable_capture(self.pg_interfaces)
190 rx = self.pg1.get_capture(1)
192 self.verify_ip(rx[0],
194 self.pg1.remote_hosts[2].mac,
196 self.pg1._remote_hosts[2].ip4)
199 # flap the link. dynamic ARPs get flush, statics don't
201 self.pg1.admin_down()
204 self.pg0.add_stream(static_p)
205 self.pg_enable_capture(self.pg_interfaces)
207 rx = self.pg1.get_capture(1)
209 self.verify_ip(rx[0],
211 self.pg1.remote_hosts[2].mac,
213 self.pg1._remote_hosts[2].ip4)
215 self.pg0.add_stream(dyn_p)
216 self.pg_enable_capture(self.pg_interfaces)
219 rx = self.pg1.get_capture(1)
220 self.verify_arp_req(rx[0],
223 self.pg1._remote_hosts[1].ip4)
226 # Send an ARP request from one of the so-far unlearned remote hosts
228 p = (Ether(dst="ff:ff:ff:ff:ff:ff",
229 src=self.pg1._remote_hosts[3].mac) /
231 hwsrc=self.pg1._remote_hosts[3].mac,
232 pdst=self.pg1.local_ip4,
233 psrc=self.pg1._remote_hosts[3].ip4))
235 self.pg1.add_stream(p)
236 self.pg_enable_capture(self.pg_interfaces)
239 rx = self.pg1.get_capture(1)
240 self.verify_arp_resp(rx[0],
242 self.pg1._remote_hosts[3].mac,
244 self.pg1._remote_hosts[3].ip4)
247 # VPP should have learned the mapping for the remote host
249 self.assertTrue(find_nbr(self,
250 self.pg1.sw_if_index,
251 self.pg1._remote_hosts[3].ip4))
255 # 1 - don't respond to ARP request for address not within the
256 # interface's sub-net
258 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
260 hwsrc=self.pg0.remote_mac,
262 psrc=self.pg0.remote_ip4))
263 self.send_and_assert_no_replies(self.pg0, p,
264 "ARP req for non-local destination")
267 # 2 - don't respond to ARP request from an address not within the
268 # interface's sub-net
270 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
272 hwsrc=self.pg0.remote_mac,
274 pdst=self.pg0.local_ip4))
275 self.send_and_assert_no_replies(self.pg0, p,
276 "ARP req for non-local source")
279 # 3 - don't respond to ARP request from an address that belongs to
282 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
284 hwsrc=self.pg0.remote_mac,
285 psrc=self.pg0.local_ip4,
286 pdst=self.pg0.local_ip4))
287 self.send_and_assert_no_replies(self.pg0, p,
288 "ARP req for non-local source")
291 # 4 - don't respond to ARP requests that has mac source different
292 # from ARP request HW source
295 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
297 hwsrc="00:00:00:DE:AD:BE",
298 psrc=self.pg0.remote_ip4,
299 pdst=self.pg0.local_ip4))
300 self.send_and_assert_no_replies(self.pg0, p,
301 "ARP req for non-local source")
304 # A neighbor entry that has no associated FIB-entry
306 arp_no_fib = VppNeighbor(self,
307 self.pg1.sw_if_index,
308 self.pg1.remote_hosts[4].mac,
309 self.pg1.remote_hosts[4].ip4,
311 arp_no_fib.add_vpp_config()
314 # check we have the neighbor, but no route
316 self.assertTrue(find_nbr(self,
317 self.pg1.sw_if_index,
318 self.pg1._remote_hosts[4].ip4))
319 self.assertFalse(find_route(self,
320 self.pg1._remote_hosts[4].ip4,
325 dyn_arp.remove_vpp_config()
326 static_arp.remove_vpp_config()
328 def test_proxy_arp(self):
332 # Proxy ARP rewquest packets for each interface
334 arp_req_pg2 = (Ether(src=self.pg2.remote_mac,
335 dst="ff:ff:ff:ff:ff:ff") /
337 hwsrc=self.pg2.remote_mac,
339 psrc=self.pg1.remote_ip4))
340 arp_req_pg0 = (Ether(src=self.pg0.remote_mac,
341 dst="ff:ff:ff:ff:ff:ff") /
343 hwsrc=self.pg0.remote_mac,
345 psrc=self.pg0.remote_ip4))
346 arp_req_pg1 = (Ether(src=self.pg1.remote_mac,
347 dst="ff:ff:ff:ff:ff:ff") /
349 hwsrc=self.pg1.remote_mac,
351 psrc=self.pg1.remote_ip4))
352 arp_req_pg3 = (Ether(src=self.pg3.remote_mac,
353 dst="ff:ff:ff:ff:ff:ff") /
355 hwsrc=self.pg3.remote_mac,
357 psrc=self.pg3.remote_ip4))
360 # Configure Proxy ARP for 10.10.10.0 -> 10.10.10.124
362 self.vapi.proxy_arp_add_del(inet_pton(AF_INET, "10.10.10.2"),
363 inet_pton(AF_INET, "10.10.10.124"))
366 # No responses are sent when the interfaces are not enabled for proxy
369 self.send_and_assert_no_replies(self.pg0, arp_req_pg0,
370 "ARP req from unconfigured interface")
371 self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
372 "ARP req from unconfigured interface")
375 # Make pg2 un-numbered to pg1
378 self.pg2.set_unnumbered(self.pg1.sw_if_index)
380 self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
381 "ARP req from unnumbered interface")
384 # Enable each interface to reply to proxy ARPs
386 for i in self.pg_interfaces:
390 # Now each of the interfaces should reply to a request to a proxied
393 self.pg0.add_stream(arp_req_pg0)
394 self.pg_enable_capture(self.pg_interfaces)
397 rx = self.pg0.get_capture(1)
398 self.verify_arp_resp(rx[0],
404 self.pg1.add_stream(arp_req_pg1)
405 self.pg_enable_capture(self.pg_interfaces)
408 rx = self.pg1.get_capture(1)
409 self.verify_arp_resp(rx[0],
415 self.pg2.add_stream(arp_req_pg2)
416 self.pg_enable_capture(self.pg_interfaces)
419 rx = self.pg2.get_capture(1)
420 self.verify_arp_resp(rx[0],
427 # A request for an address out of the configured range
429 arp_req_pg1_hi = (Ether(src=self.pg1.remote_mac,
430 dst="ff:ff:ff:ff:ff:ff") /
432 hwsrc=self.pg1.remote_mac,
434 psrc=self.pg1.remote_ip4))
435 self.send_and_assert_no_replies(self.pg1, arp_req_pg1_hi,
436 "ARP req out of range HI")
437 arp_req_pg1_low = (Ether(src=self.pg1.remote_mac,
438 dst="ff:ff:ff:ff:ff:ff") /
440 hwsrc=self.pg1.remote_mac,
442 psrc=self.pg1.remote_ip4))
443 self.send_and_assert_no_replies(self.pg1, arp_req_pg1_low,
444 "ARP req out of range Low")
447 # Request for an address in the proxy range but from an interface
450 self.send_and_assert_no_replies(self.pg3, arp_req_pg3,
451 "ARP req from different VRF")
454 # Disable Each interface for proxy ARP
455 # - expect none to respond
457 for i in self.pg_interfaces:
460 self.send_and_assert_no_replies(self.pg0, arp_req_pg0,
461 "ARP req from disable")
462 self.send_and_assert_no_replies(self.pg1, arp_req_pg1,
463 "ARP req from disable")
464 self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
465 "ARP req from disable")
468 # clean up on interface 2
470 self.pg2.set_unnumbered(self.pg1.sw_if_index)
476 # Interface 2 does not yet have ip4 config
478 self.pg2.config_ip4()
479 self.pg2.generate_remote_hosts(2)
482 # Add a reoute with out going label via an ARP unresolved next-hop
484 ip_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32,
485 [VppRoutePath(self.pg2.remote_hosts[1].ip4,
486 self.pg2.sw_if_index,
488 ip_10_0_0_1.add_vpp_config()
491 # packets should generate an ARP request
493 p = (Ether(src=self.pg0.remote_mac,
494 dst=self.pg0.local_mac) /
495 IP(src=self.pg0.remote_ip4, dst="10.0.0.1") /
496 UDP(sport=1234, dport=1234) /
499 self.pg0.add_stream(p)
500 self.pg_enable_capture(self.pg_interfaces)
503 rx = self.pg2.get_capture(1)
504 self.verify_arp_req(rx[0],
507 self.pg2._remote_hosts[1].ip4)
510 # now resolve the neighbours
512 self.pg2.configure_ipv4_neighbors()
515 # Now packet should be properly MPLS encapped.
516 # This verifies that MPLS link-type adjacencies are completed
517 # when the ARP entry resolves
519 self.pg0.add_stream(p)
520 self.pg_enable_capture(self.pg_interfaces)
523 rx = self.pg2.get_capture(1)
524 self.verify_ip_o_mpls(rx[0],
526 self.pg2.remote_hosts[1].mac,
531 if __name__ == '__main__':
532 unittest.main(testRunner=VppTestRunner)