4 from socket import AF_INET, AF_INET6, inet_pton
6 from framework import VppTestCase, VppTestRunner
7 from vpp_neighbor import VppNeighbor, find_nbr
8 from vpp_ip_route import VppIpRoute, VppRoutePath
10 from scapy.packet import Raw
11 from scapy.layers.l2 import Ether, ARP
12 from scapy.layers.inet import IP, UDP
13 from scapy.contrib.mpls import MPLS
15 # not exported by scapy, so redefined here
16 arp_opts = {"who-has": 1, "is-at": 2}
19 class ARPTestCase(VppTestCase):
23 super(ARPTestCase, self).setUp()
25 # create 3 pg interfaces
26 self.create_pg_interfaces(range(4))
28 # pg0 configured with ip4 and 6 addresses used for input
29 # pg1 configured with ip4 and 6 addresses used for output
30 # pg2 is unnumbered to pg0
31 for i in self.pg_interfaces:
36 self.pg0.resolve_arp()
41 # pg3 in a different VRF
42 self.pg3.set_table_ip4(1)
46 super(ARPTestCase, self).tearDown()
47 for i in self.pg_interfaces:
52 def verify_arp_req(self, rx, smac, sip, dip):
54 self.assertEqual(ether.dst, "ff:ff:ff:ff:ff:ff")
55 self.assertEqual(ether.src, smac)
58 self.assertEqual(arp.hwtype, 1)
59 self.assertEqual(arp.ptype, 0x800)
60 self.assertEqual(arp.hwlen, 6)
61 self.assertEqual(arp.plen, 4)
62 self.assertEqual(arp.op, arp_opts["who-has"])
63 self.assertEqual(arp.hwsrc, smac)
64 self.assertEqual(arp.hwdst, "00:00:00:00:00:00")
65 self.assertEqual(arp.psrc, sip)
66 self.assertEqual(arp.pdst, dip)
68 def verify_arp_resp(self, rx, smac, dmac, sip, dip):
70 self.assertEqual(ether.dst, dmac)
71 self.assertEqual(ether.src, smac)
74 self.assertEqual(arp.hwtype, 1)
75 self.assertEqual(arp.ptype, 0x800)
76 self.assertEqual(arp.hwlen, 6)
77 self.assertEqual(arp.plen, 4)
78 self.assertEqual(arp.op, arp_opts["is-at"])
79 self.assertEqual(arp.hwsrc, smac)
80 self.assertEqual(arp.hwdst, dmac)
81 self.assertEqual(arp.psrc, sip)
82 self.assertEqual(arp.pdst, dip)
84 def verify_ip(self, rx, smac, dmac, sip, dip):
86 self.assertEqual(ether.dst, dmac)
87 self.assertEqual(ether.src, smac)
90 self.assertEqual(ip.src, sip)
91 self.assertEqual(ip.dst, dip)
93 def verify_ip_o_mpls(self, rx, smac, dmac, label, sip, dip):
95 self.assertEqual(ether.dst, dmac)
96 self.assertEqual(ether.src, smac)
99 self.assertTrue(mpls.label, label)
102 self.assertEqual(ip.src, sip)
103 self.assertEqual(ip.dst, dip)
105 def send_and_assert_no_replies(self, intf, pkts, remark):
106 intf.add_stream(pkts)
107 self.pg_enable_capture(self.pg_interfaces)
109 for i in self.pg_interfaces:
110 i.assert_nothing_captured(remark=remark)
116 # Generate some hosts on the LAN
118 self.pg1.generate_remote_hosts(4)
121 # Send IP traffic to one of these unresolved hosts.
122 # expect the generation of an ARP request
124 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
125 IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[1].ip4) /
126 UDP(sport=1234, dport=1234) /
129 self.pg0.add_stream(p)
130 self.pg_enable_capture(self.pg_interfaces)
133 rx = self.pg1.get_capture(1)
135 self.verify_arp_req(rx[0],
138 self.pg1._remote_hosts[1].ip4)
141 # And a dynamic ARP entry for host 1
143 dyn_arp = VppNeighbor(self,
144 self.pg1.sw_if_index,
145 self.pg1.remote_hosts[1].mac,
146 self.pg1.remote_hosts[1].ip4)
147 dyn_arp.add_vpp_config()
150 # now we expect IP traffic forwarded
152 dyn_p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
153 IP(src=self.pg0.remote_ip4,
154 dst=self.pg1._remote_hosts[1].ip4) /
155 UDP(sport=1234, dport=1234) /
158 self.pg0.add_stream(dyn_p)
159 self.pg_enable_capture(self.pg_interfaces)
162 rx = self.pg1.get_capture(1)
164 self.verify_ip(rx[0],
166 self.pg1.remote_hosts[1].mac,
168 self.pg1._remote_hosts[1].ip4)
171 # And a Static ARP entry for host 2
173 static_arp = VppNeighbor(self,
174 self.pg1.sw_if_index,
175 self.pg1.remote_hosts[2].mac,
176 self.pg1.remote_hosts[2].ip4,
178 static_arp.add_vpp_config()
180 static_p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
181 IP(src=self.pg0.remote_ip4,
182 dst=self.pg1._remote_hosts[2].ip4) /
183 UDP(sport=1234, dport=1234) /
186 self.pg0.add_stream(static_p)
187 self.pg_enable_capture(self.pg_interfaces)
190 rx = self.pg1.get_capture(1)
192 self.verify_ip(rx[0],
194 self.pg1.remote_hosts[2].mac,
196 self.pg1._remote_hosts[2].ip4)
199 # flap the link. dynamic ARPs get flush, statics don't
201 self.pg1.admin_down()
204 self.pg0.add_stream(static_p)
205 self.pg_enable_capture(self.pg_interfaces)
207 rx = self.pg1.get_capture(1)
209 self.verify_ip(rx[0],
211 self.pg1.remote_hosts[2].mac,
213 self.pg1._remote_hosts[2].ip4)
215 self.pg0.add_stream(dyn_p)
216 self.pg_enable_capture(self.pg_interfaces)
219 rx = self.pg1.get_capture(1)
220 self.verify_arp_req(rx[0],
223 self.pg1._remote_hosts[1].ip4)
226 # Send an ARP request from one of the so-far unlearned remote hosts
228 p = (Ether(dst="ff:ff:ff:ff:ff:ff",
229 src=self.pg1._remote_hosts[3].mac) /
231 hwsrc=self.pg1._remote_hosts[3].mac,
232 pdst=self.pg1.local_ip4,
233 psrc=self.pg1._remote_hosts[3].ip4))
235 self.pg1.add_stream(p)
236 self.pg_enable_capture(self.pg_interfaces)
239 rx = self.pg1.get_capture(1)
240 self.verify_arp_resp(rx[0],
242 self.pg1._remote_hosts[3].mac,
244 self.pg1._remote_hosts[3].ip4)
247 # VPP should have learned the mapping for the remote host
249 self.assertTrue(find_nbr(self,
250 self.pg1.sw_if_index,
251 self.pg1._remote_hosts[3].ip4))
255 # 1 - don't respond to ARP request for address not within the
256 # interface's sub-net
258 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
260 hwsrc=self.pg0.remote_mac,
262 psrc=self.pg0.remote_ip4))
263 self.send_and_assert_no_replies(self.pg0, p,
264 "ARP req for non-local destination")
267 # 2 - don't respond to ARP request from an address not within the
268 # interface's sub-net
270 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
272 hwsrc=self.pg0.remote_mac,
274 pdst=self.pg0.local_ip4))
275 self.send_and_assert_no_replies(self.pg0, p,
276 "ARP req for non-local source")
279 # 3 - don't respond to ARP request from an address that belongs to
282 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
284 hwsrc=self.pg0.remote_mac,
285 psrc=self.pg0.local_ip4,
286 pdst=self.pg0.local_ip4))
287 self.send_and_assert_no_replies(self.pg0, p,
288 "ARP req for non-local source")
291 # 4 - don't respond to ARP requests that has mac source different
292 # from ARP request HW source
295 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
297 hwsrc="00:00:00:DE:AD:BE",
298 psrc=self.pg0.remote_ip4,
299 pdst=self.pg0.local_ip4))
300 self.send_and_assert_no_replies(self.pg0, p,
301 "ARP req for non-local source")
306 dyn_arp.remove_vpp_config()
307 static_arp.remove_vpp_config()
309 def test_proxy_arp(self):
313 # Proxy ARP rewquest packets for each interface
315 arp_req_pg2 = (Ether(src=self.pg2.remote_mac,
316 dst="ff:ff:ff:ff:ff:ff") /
318 hwsrc=self.pg2.remote_mac,
320 psrc=self.pg1.remote_ip4))
321 arp_req_pg0 = (Ether(src=self.pg0.remote_mac,
322 dst="ff:ff:ff:ff:ff:ff") /
324 hwsrc=self.pg0.remote_mac,
326 psrc=self.pg0.remote_ip4))
327 arp_req_pg1 = (Ether(src=self.pg1.remote_mac,
328 dst="ff:ff:ff:ff:ff:ff") /
330 hwsrc=self.pg1.remote_mac,
332 psrc=self.pg1.remote_ip4))
333 arp_req_pg3 = (Ether(src=self.pg3.remote_mac,
334 dst="ff:ff:ff:ff:ff:ff") /
336 hwsrc=self.pg3.remote_mac,
338 psrc=self.pg3.remote_ip4))
341 # Configure Proxy ARP for 10.10.10.0 -> 10.10.10.124
343 self.vapi.proxy_arp_add_del(inet_pton(AF_INET, "10.10.10.2"),
344 inet_pton(AF_INET, "10.10.10.124"))
347 # No responses are sent when the interfaces are not enabled for proxy
350 self.send_and_assert_no_replies(self.pg0, arp_req_pg0,
351 "ARP req from unconfigured interface")
352 self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
353 "ARP req from unconfigured interface")
356 # Make pg2 un-numbered to pg1
359 self.pg2.set_unnumbered(self.pg1.sw_if_index)
361 self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
362 "ARP req from unnumbered interface")
365 # Enable each interface to reply to proxy ARPs
367 for i in self.pg_interfaces:
371 # Now each of the interfaces should reply to a request to a proxied
374 self.pg0.add_stream(arp_req_pg0)
375 self.pg_enable_capture(self.pg_interfaces)
378 rx = self.pg0.get_capture(1)
379 self.verify_arp_resp(rx[0],
385 self.pg1.add_stream(arp_req_pg1)
386 self.pg_enable_capture(self.pg_interfaces)
389 rx = self.pg1.get_capture(1)
390 self.verify_arp_resp(rx[0],
396 self.pg2.add_stream(arp_req_pg2)
397 self.pg_enable_capture(self.pg_interfaces)
400 rx = self.pg2.get_capture(1)
401 self.verify_arp_resp(rx[0],
408 # A request for an address out of the configured range
410 arp_req_pg1_hi = (Ether(src=self.pg1.remote_mac,
411 dst="ff:ff:ff:ff:ff:ff") /
413 hwsrc=self.pg1.remote_mac,
415 psrc=self.pg1.remote_ip4))
416 self.send_and_assert_no_replies(self.pg1, arp_req_pg1_hi,
417 "ARP req out of range HI")
418 arp_req_pg1_low = (Ether(src=self.pg1.remote_mac,
419 dst="ff:ff:ff:ff:ff:ff") /
421 hwsrc=self.pg1.remote_mac,
423 psrc=self.pg1.remote_ip4))
424 self.send_and_assert_no_replies(self.pg1, arp_req_pg1_low,
425 "ARP req out of range Low")
428 # Request for an address in the proxy range but from an interface
431 self.send_and_assert_no_replies(self.pg3, arp_req_pg3,
432 "ARP req from different VRF")
435 # Disable Each interface for proxy ARP
436 # - expect none to respond
438 for i in self.pg_interfaces:
441 self.send_and_assert_no_replies(self.pg0, arp_req_pg0,
442 "ARP req from disable")
443 self.send_and_assert_no_replies(self.pg1, arp_req_pg1,
444 "ARP req from disable")
445 self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
446 "ARP req from disable")
449 # clean up on interface 2
451 self.pg2.set_unnumbered(self.pg1.sw_if_index)
457 # Interface 2 does not yet have ip4 config
459 self.pg2.config_ip4()
460 self.pg2.generate_remote_hosts(2)
463 # Add a reoute with out going label via an ARP unresolved next-hop
465 ip_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32,
466 [VppRoutePath(self.pg2.remote_hosts[1].ip4,
467 self.pg2.sw_if_index,
469 ip_10_0_0_1.add_vpp_config()
472 # packets should generate an ARP request
474 p = (Ether(src=self.pg0.remote_mac,
475 dst=self.pg0.local_mac) /
476 IP(src=self.pg0.remote_ip4, dst="10.0.0.1") /
477 UDP(sport=1234, dport=1234) /
480 self.pg0.add_stream(p)
481 self.pg_enable_capture(self.pg_interfaces)
484 rx = self.pg2.get_capture(1)
485 self.verify_arp_req(rx[0],
488 self.pg2._remote_hosts[1].ip4)
491 # now resolve the neighbours
493 self.pg2.configure_ipv4_neighbors()
496 # Now packet should be properly MPLS encapped.
497 # This verifies that MPLS link-type adjacencies are completed
498 # when the ARP entry resolves
500 self.pg0.add_stream(p)
501 self.pg_enable_capture(self.pg_interfaces)
504 rx = self.pg2.get_capture(1)
505 self.verify_ip_o_mpls(rx[0],
507 self.pg2.remote_hosts[1].mac,
512 if __name__ == '__main__':
513 unittest.main(testRunner=VppTestRunner)