4 from socket import AF_INET, AF_INET6, inet_pton
6 from framework import VppTestCase, VppTestRunner
7 from vpp_neighbor import VppNeighbor, find_nbr
8 from vpp_ip_route import VppIpRoute, VppRoutePath, find_route
10 from scapy.packet import Raw
11 from scapy.layers.l2 import Ether, ARP
12 from scapy.layers.inet import IP, UDP
13 from scapy.contrib.mpls import MPLS
15 # not exported by scapy, so redefined here
16 arp_opts = {"who-has": 1, "is-at": 2}
19 class ARPTestCase(VppTestCase):
23 super(ARPTestCase, self).setUp()
25 # create 3 pg interfaces
26 self.create_pg_interfaces(range(4))
28 # pg0 configured with ip4 and 6 addresses used for input
29 # pg1 configured with ip4 and 6 addresses used for output
30 # pg2 is unnumbered to pg0
31 for i in self.pg_interfaces:
36 self.pg0.resolve_arp()
41 # pg3 in a different VRF
42 self.pg3.set_table_ip4(1)
46 super(ARPTestCase, self).tearDown()
47 self.pg0.unconfig_ip4()
48 self.pg0.unconfig_ip6()
50 self.pg1.unconfig_ip4()
51 self.pg1.unconfig_ip6()
53 self.pg3.unconfig_ip4()
55 for i in self.pg_interfaces:
58 def verify_arp_req(self, rx, smac, sip, dip):
60 self.assertEqual(ether.dst, "ff:ff:ff:ff:ff:ff")
61 self.assertEqual(ether.src, smac)
64 self.assertEqual(arp.hwtype, 1)
65 self.assertEqual(arp.ptype, 0x800)
66 self.assertEqual(arp.hwlen, 6)
67 self.assertEqual(arp.plen, 4)
68 self.assertEqual(arp.op, arp_opts["who-has"])
69 self.assertEqual(arp.hwsrc, smac)
70 self.assertEqual(arp.hwdst, "00:00:00:00:00:00")
71 self.assertEqual(arp.psrc, sip)
72 self.assertEqual(arp.pdst, dip)
74 def verify_arp_resp(self, rx, smac, dmac, sip, dip):
76 self.assertEqual(ether.dst, dmac)
77 self.assertEqual(ether.src, smac)
80 self.assertEqual(arp.hwtype, 1)
81 self.assertEqual(arp.ptype, 0x800)
82 self.assertEqual(arp.hwlen, 6)
83 self.assertEqual(arp.plen, 4)
84 self.assertEqual(arp.op, arp_opts["is-at"])
85 self.assertEqual(arp.hwsrc, smac)
86 self.assertEqual(arp.hwdst, dmac)
87 self.assertEqual(arp.psrc, sip)
88 self.assertEqual(arp.pdst, dip)
90 def verify_arp_vrrp_resp(self, rx, smac, dmac, sip, dip):
92 self.assertEqual(ether.dst, dmac)
93 self.assertEqual(ether.src, smac)
96 self.assertEqual(arp.hwtype, 1)
97 self.assertEqual(arp.ptype, 0x800)
98 self.assertEqual(arp.hwlen, 6)
99 self.assertEqual(arp.plen, 4)
100 self.assertEqual(arp.op, arp_opts["is-at"])
101 self.assertNotEqual(arp.hwsrc, smac)
102 self.assertTrue("00:00:5e:00:01" in arp.hwsrc or
103 "00:00:5E:00:01" in arp.hwsrc)
104 self.assertEqual(arp.hwdst, dmac)
105 self.assertEqual(arp.psrc, sip)
106 self.assertEqual(arp.pdst, dip)
108 def verify_ip(self, rx, smac, dmac, sip, dip):
110 self.assertEqual(ether.dst, dmac)
111 self.assertEqual(ether.src, smac)
114 self.assertEqual(ip.src, sip)
115 self.assertEqual(ip.dst, dip)
117 def verify_ip_o_mpls(self, rx, smac, dmac, label, sip, dip):
119 self.assertEqual(ether.dst, dmac)
120 self.assertEqual(ether.src, smac)
123 self.assertTrue(mpls.label, label)
126 self.assertEqual(ip.src, sip)
127 self.assertEqual(ip.dst, dip)
129 def send_and_assert_no_replies(self, intf, pkts, remark):
130 intf.add_stream(pkts)
131 self.pg_enable_capture(self.pg_interfaces)
134 for i in self.pg_interfaces:
135 i.get_capture(0, timeout=timeout)
136 i.assert_nothing_captured(remark=remark)
143 # Generate some hosts on the LAN
145 self.pg1.generate_remote_hosts(9)
148 # Send IP traffic to one of these unresolved hosts.
149 # expect the generation of an ARP request
151 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
152 IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[1].ip4) /
153 UDP(sport=1234, dport=1234) /
156 self.pg0.add_stream(p)
157 self.pg_enable_capture(self.pg_interfaces)
160 rx = self.pg1.get_capture(1)
162 self.verify_arp_req(rx[0],
165 self.pg1._remote_hosts[1].ip4)
168 # And a dynamic ARP entry for host 1
170 dyn_arp = VppNeighbor(self,
171 self.pg1.sw_if_index,
172 self.pg1.remote_hosts[1].mac,
173 self.pg1.remote_hosts[1].ip4)
174 dyn_arp.add_vpp_config()
177 # now we expect IP traffic forwarded
179 dyn_p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
180 IP(src=self.pg0.remote_ip4,
181 dst=self.pg1._remote_hosts[1].ip4) /
182 UDP(sport=1234, dport=1234) /
185 self.pg0.add_stream(dyn_p)
186 self.pg_enable_capture(self.pg_interfaces)
189 rx = self.pg1.get_capture(1)
191 self.verify_ip(rx[0],
193 self.pg1.remote_hosts[1].mac,
195 self.pg1._remote_hosts[1].ip4)
198 # And a Static ARP entry for host 2
200 static_arp = VppNeighbor(self,
201 self.pg1.sw_if_index,
202 self.pg1.remote_hosts[2].mac,
203 self.pg1.remote_hosts[2].ip4,
205 static_arp.add_vpp_config()
207 static_p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
208 IP(src=self.pg0.remote_ip4,
209 dst=self.pg1._remote_hosts[2].ip4) /
210 UDP(sport=1234, dport=1234) /
213 self.pg0.add_stream(static_p)
214 self.pg_enable_capture(self.pg_interfaces)
217 rx = self.pg1.get_capture(1)
219 self.verify_ip(rx[0],
221 self.pg1.remote_hosts[2].mac,
223 self.pg1._remote_hosts[2].ip4)
226 # flap the link. dynamic ARPs get flush, statics don't
228 self.pg1.admin_down()
231 self.pg0.add_stream(static_p)
232 self.pg_enable_capture(self.pg_interfaces)
234 rx = self.pg1.get_capture(1)
236 self.verify_ip(rx[0],
238 self.pg1.remote_hosts[2].mac,
240 self.pg1._remote_hosts[2].ip4)
242 self.pg0.add_stream(dyn_p)
243 self.pg_enable_capture(self.pg_interfaces)
246 rx = self.pg1.get_capture(1)
247 self.verify_arp_req(rx[0],
250 self.pg1._remote_hosts[1].ip4)
253 # Send an ARP request from one of the so-far unlearned remote hosts
255 p = (Ether(dst="ff:ff:ff:ff:ff:ff",
256 src=self.pg1._remote_hosts[3].mac) /
258 hwsrc=self.pg1._remote_hosts[3].mac,
259 pdst=self.pg1.local_ip4,
260 psrc=self.pg1._remote_hosts[3].ip4))
262 self.pg1.add_stream(p)
263 self.pg_enable_capture(self.pg_interfaces)
266 rx = self.pg1.get_capture(1)
267 self.verify_arp_resp(rx[0],
269 self.pg1._remote_hosts[3].mac,
271 self.pg1._remote_hosts[3].ip4)
274 # VPP should have learned the mapping for the remote host
276 self.assertTrue(find_nbr(self,
277 self.pg1.sw_if_index,
278 self.pg1._remote_hosts[3].ip4))
280 # Fire in an ARP request before the interface becomes IP enabled
282 self.pg2.generate_remote_hosts(4)
284 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
286 hwsrc=self.pg2.remote_mac,
287 pdst=self.pg1.local_ip4,
288 psrc=self.pg2.remote_hosts[3].ip4))
289 self.send_and_assert_no_replies(self.pg2, p,
290 "interface not IP enabled")
293 # Make pg2 un-numbered to pg1
295 self.pg2.set_unnumbered(self.pg1.sw_if_index)
298 # We should respond to ARP requests for the unnumbered to address
299 # once an attached route to the source is known
301 self.send_and_assert_no_replies(
303 "ARP req for unnumbered address - no source")
305 attached_host = VppIpRoute(self, self.pg2.remote_hosts[3].ip4, 32,
306 [VppRoutePath("0.0.0.0",
307 self.pg2.sw_if_index)])
308 attached_host.add_vpp_config()
310 self.pg2.add_stream(p)
311 self.pg_enable_capture(self.pg_interfaces)
314 rx = self.pg2.get_capture(1)
315 self.verify_arp_resp(rx[0],
319 self.pg2.remote_hosts[3].ip4)
322 # A neighbor entry that has no associated FIB-entry
324 arp_no_fib = VppNeighbor(self,
325 self.pg1.sw_if_index,
326 self.pg1.remote_hosts[4].mac,
327 self.pg1.remote_hosts[4].ip4,
329 arp_no_fib.add_vpp_config()
332 # check we have the neighbor, but no route
334 self.assertTrue(find_nbr(self,
335 self.pg1.sw_if_index,
336 self.pg1._remote_hosts[4].ip4))
337 self.assertFalse(find_route(self,
338 self.pg1._remote_hosts[4].ip4,
341 # pg2 is unnumbered to pg1, so we can form adjacencies out of pg2
342 # from within pg1's subnet
344 arp_unnum = VppNeighbor(self,
345 self.pg2.sw_if_index,
346 self.pg1.remote_hosts[5].mac,
347 self.pg1.remote_hosts[5].ip4)
348 arp_unnum.add_vpp_config()
350 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
351 IP(src=self.pg0.remote_ip4,
352 dst=self.pg1._remote_hosts[5].ip4) /
353 UDP(sport=1234, dport=1234) /
356 self.pg0.add_stream(p)
357 self.pg_enable_capture(self.pg_interfaces)
360 rx = self.pg2.get_capture(1)
362 self.verify_ip(rx[0],
364 self.pg1.remote_hosts[5].mac,
366 self.pg1._remote_hosts[5].ip4)
369 # ARP requests from hosts in pg1's subnet sent on pg2 are replied to
370 # with the unnumbered interface's address as the source
372 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
374 hwsrc=self.pg2.remote_mac,
375 pdst=self.pg1.local_ip4,
376 psrc=self.pg1.remote_hosts[6].ip4))
378 self.pg2.add_stream(p)
379 self.pg_enable_capture(self.pg_interfaces)
382 rx = self.pg2.get_capture(1)
383 self.verify_arp_resp(rx[0],
387 self.pg1.remote_hosts[6].ip4)
390 # An attached host route out of pg2 for an undiscovered hosts generates
391 # an ARP request with the unnumbered address as the source
393 att_unnum = VppIpRoute(self, self.pg1.remote_hosts[7].ip4, 32,
394 [VppRoutePath("0.0.0.0",
395 self.pg2.sw_if_index)])
396 att_unnum.add_vpp_config()
398 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
399 IP(src=self.pg0.remote_ip4,
400 dst=self.pg1._remote_hosts[7].ip4) /
401 UDP(sport=1234, dport=1234) /
404 self.pg0.add_stream(p)
405 self.pg_enable_capture(self.pg_interfaces)
408 rx = self.pg2.get_capture(1)
410 self.verify_arp_req(rx[0],
413 self.pg1._remote_hosts[7].ip4)
415 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
417 hwsrc=self.pg2.remote_mac,
418 pdst=self.pg1.local_ip4,
419 psrc=self.pg1.remote_hosts[7].ip4))
421 self.pg2.add_stream(p)
422 self.pg_enable_capture(self.pg_interfaces)
425 rx = self.pg2.get_capture(1)
426 self.verify_arp_resp(rx[0],
430 self.pg1.remote_hosts[7].ip4)
433 # An attached host route as yet unresolved out of pg2 for an
434 # undiscovered host, an ARP requests begets a response.
436 att_unnum1 = VppIpRoute(self, self.pg1.remote_hosts[8].ip4, 32,
437 [VppRoutePath("0.0.0.0",
438 self.pg2.sw_if_index)])
439 att_unnum1.add_vpp_config()
441 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
443 hwsrc=self.pg2.remote_mac,
444 pdst=self.pg1.local_ip4,
445 psrc=self.pg1.remote_hosts[8].ip4))
447 self.pg2.add_stream(p)
448 self.pg_enable_capture(self.pg_interfaces)
451 rx = self.pg2.get_capture(1)
452 self.verify_arp_resp(rx[0],
456 self.pg1.remote_hosts[8].ip4)
460 # 1 - don't respond to ARP request for address not within the
461 # interface's sub-net
462 # 1b - nor within the unnumbered subnet
463 # 1c - nor within the subnet of a different interface
465 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
467 hwsrc=self.pg0.remote_mac,
469 psrc=self.pg0.remote_ip4))
470 self.send_and_assert_no_replies(self.pg0, p,
471 "ARP req for non-local destination")
472 self.assertFalse(find_nbr(self,
473 self.pg0.sw_if_index,
476 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
478 hwsrc=self.pg2.remote_mac,
480 psrc=self.pg1.remote_hosts[7].ip4))
481 self.send_and_assert_no_replies(
483 "ARP req for non-local destination - unnum")
485 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
487 hwsrc=self.pg0.remote_mac,
488 pdst=self.pg1.local_ip4,
489 psrc=self.pg1.remote_ip4))
490 self.send_and_assert_no_replies(self.pg0, p,
491 "ARP req diff sub-net")
492 self.assertFalse(find_nbr(self,
493 self.pg0.sw_if_index,
494 self.pg1.remote_ip4))
497 # 2 - don't respond to ARP request from an address not within the
498 # interface's sub-net
500 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
502 hwsrc=self.pg0.remote_mac,
504 pdst=self.pg0.local_ip4))
505 self.send_and_assert_no_replies(self.pg0, p,
506 "ARP req for non-local source")
507 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
509 hwsrc=self.pg2.remote_mac,
511 pdst=self.pg0.local_ip4))
512 self.send_and_assert_no_replies(
514 "ARP req for non-local source - unnum")
517 # 3 - don't respond to ARP request from an address that belongs to
520 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
522 hwsrc=self.pg0.remote_mac,
523 psrc=self.pg0.local_ip4,
524 pdst=self.pg0.local_ip4))
525 self.send_and_assert_no_replies(self.pg0, p,
526 "ARP req for non-local source")
529 # 4 - don't respond to ARP requests that has mac source different
530 # from ARP request HW source
533 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
535 hwsrc="00:00:00:DE:AD:BE",
536 psrc=self.pg0.remote_ip4,
537 pdst=self.pg0.local_ip4))
538 self.send_and_assert_no_replies(self.pg0, p,
539 "ARP req for non-local source")
544 dyn_arp.remove_vpp_config()
545 static_arp.remove_vpp_config()
546 self.pg2.unset_unnumbered(self.pg1.sw_if_index)
548 # need this to flush the adj-fibs
549 self.pg2.unset_unnumbered(self.pg1.sw_if_index)
550 self.pg2.admin_down()
552 def test_proxy_arp(self):
555 self.pg1.generate_remote_hosts(2)
558 # Proxy ARP rewquest packets for each interface
560 arp_req_pg0 = (Ether(src=self.pg0.remote_mac,
561 dst="ff:ff:ff:ff:ff:ff") /
563 hwsrc=self.pg0.remote_mac,
565 psrc=self.pg0.remote_ip4))
566 arp_req_pg1 = (Ether(src=self.pg1.remote_mac,
567 dst="ff:ff:ff:ff:ff:ff") /
569 hwsrc=self.pg1.remote_mac,
571 psrc=self.pg1.remote_ip4))
572 arp_req_pg2 = (Ether(src=self.pg2.remote_mac,
573 dst="ff:ff:ff:ff:ff:ff") /
575 hwsrc=self.pg2.remote_mac,
577 psrc=self.pg1.remote_hosts[1].ip4))
578 arp_req_pg3 = (Ether(src=self.pg3.remote_mac,
579 dst="ff:ff:ff:ff:ff:ff") /
581 hwsrc=self.pg3.remote_mac,
583 psrc=self.pg3.remote_ip4))
586 # Configure Proxy ARP for 10.10.10.0 -> 10.10.10.124
588 self.vapi.proxy_arp_add_del(inet_pton(AF_INET, "10.10.10.2"),
589 inet_pton(AF_INET, "10.10.10.124"))
592 # No responses are sent when the interfaces are not enabled for proxy
595 self.send_and_assert_no_replies(self.pg0, arp_req_pg0,
596 "ARP req from unconfigured interface")
597 self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
598 "ARP req from unconfigured interface")
601 # Make pg2 un-numbered to pg1
604 self.pg2.set_unnumbered(self.pg1.sw_if_index)
606 self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
607 "ARP req from unnumbered interface")
610 # Enable each interface to reply to proxy ARPs
612 for i in self.pg_interfaces:
616 # Now each of the interfaces should reply to a request to a proxied
619 self.pg0.add_stream(arp_req_pg0)
620 self.pg_enable_capture(self.pg_interfaces)
623 rx = self.pg0.get_capture(1)
624 self.verify_arp_resp(rx[0],
630 self.pg1.add_stream(arp_req_pg1)
631 self.pg_enable_capture(self.pg_interfaces)
634 rx = self.pg1.get_capture(1)
635 self.verify_arp_resp(rx[0],
641 self.pg2.add_stream(arp_req_pg2)
642 self.pg_enable_capture(self.pg_interfaces)
645 rx = self.pg2.get_capture(1)
646 self.verify_arp_resp(rx[0],
650 self.pg1.remote_hosts[1].ip4)
653 # A request for an address out of the configured range
655 arp_req_pg1_hi = (Ether(src=self.pg1.remote_mac,
656 dst="ff:ff:ff:ff:ff:ff") /
658 hwsrc=self.pg1.remote_mac,
660 psrc=self.pg1.remote_ip4))
661 self.send_and_assert_no_replies(self.pg1, arp_req_pg1_hi,
662 "ARP req out of range HI")
663 arp_req_pg1_low = (Ether(src=self.pg1.remote_mac,
664 dst="ff:ff:ff:ff:ff:ff") /
666 hwsrc=self.pg1.remote_mac,
668 psrc=self.pg1.remote_ip4))
669 self.send_and_assert_no_replies(self.pg1, arp_req_pg1_low,
670 "ARP req out of range Low")
673 # Request for an address in the proxy range but from an interface
676 self.send_and_assert_no_replies(self.pg3, arp_req_pg3,
677 "ARP req from different VRF")
680 # Disable Each interface for proxy ARP
681 # - expect none to respond
683 for i in self.pg_interfaces:
686 self.send_and_assert_no_replies(self.pg0, arp_req_pg0,
687 "ARP req from disable")
688 self.send_and_assert_no_replies(self.pg1, arp_req_pg1,
689 "ARP req from disable")
690 self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
691 "ARP req from disable")
694 # clean up on interface 2
696 self.pg2.unset_unnumbered(self.pg1.sw_if_index)
702 # Interface 2 does not yet have ip4 config
704 self.pg2.config_ip4()
705 self.pg2.generate_remote_hosts(2)
708 # Add a reoute with out going label via an ARP unresolved next-hop
710 ip_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32,
711 [VppRoutePath(self.pg2.remote_hosts[1].ip4,
712 self.pg2.sw_if_index,
714 ip_10_0_0_1.add_vpp_config()
717 # packets should generate an ARP request
719 p = (Ether(src=self.pg0.remote_mac,
720 dst=self.pg0.local_mac) /
721 IP(src=self.pg0.remote_ip4, dst="10.0.0.1") /
722 UDP(sport=1234, dport=1234) /
725 self.pg0.add_stream(p)
726 self.pg_enable_capture(self.pg_interfaces)
729 rx = self.pg2.get_capture(1)
730 self.verify_arp_req(rx[0],
733 self.pg2._remote_hosts[1].ip4)
736 # now resolve the neighbours
738 self.pg2.configure_ipv4_neighbors()
741 # Now packet should be properly MPLS encapped.
742 # This verifies that MPLS link-type adjacencies are completed
743 # when the ARP entry resolves
745 self.pg0.add_stream(p)
746 self.pg_enable_capture(self.pg_interfaces)
749 rx = self.pg2.get_capture(1)
750 self.verify_ip_o_mpls(rx[0],
752 self.pg2.remote_hosts[1].mac,
756 self.pg2.unconfig_ip4()
758 def test_arp_vrrp(self):
759 """ ARP reply with VRRP virtual src hw addr """
762 # IP packet destined for pg1 remote host arrives on pg0 resulting
763 # in an ARP request for the address of the remote host on pg1
765 p0 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
766 IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) /
767 UDP(sport=1234, dport=1234) /
770 self.pg0.add_stream(p0)
771 self.pg_enable_capture(self.pg_interfaces)
774 rx1 = self.pg1.get_capture(1)
776 self.verify_arp_req(rx1[0],
782 # ARP reply for address of pg1 remote host arrives on pg1 with
783 # the hw src addr set to a value in the VRRP IPv4 range of
786 p1 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
787 ARP(op="is-at", hwdst=self.pg1.local_mac,
788 hwsrc="00:00:5e:00:01:09", pdst=self.pg1.local_ip4,
789 psrc=self.pg1.remote_ip4))
791 self.pg1.add_stream(p1)
792 self.pg_enable_capture(self.pg_interfaces)
796 # IP packet destined for pg1 remote host arrives on pg0 again.
797 # VPP should have an ARP entry for that address now and the packet
798 # should be sent out pg1.
800 self.pg0.add_stream(p0)
801 self.pg_enable_capture(self.pg_interfaces)
804 rx1 = self.pg1.get_capture(1)
806 self.verify_ip(rx1[0],
812 self.pg1.admin_down()
815 if __name__ == '__main__':
816 unittest.main(testRunner=VppTestRunner)