5 from random import shuffle
7 from framework import VppTestCase, VppTestRunner, is_skip_aarch64_set,\
10 from scapy.packet import Raw
11 from scapy.layers.l2 import Ether, GRE
12 from scapy.layers.inet import IP, UDP, ICMP
13 from util import ppp, fragment_rfc791, fragment_rfc8200
14 from scapy.layers.inet6 import IPv6, IPv6ExtHdrFragment, ICMPv6ParamProblem,\
16 from vpp_gre_interface import VppGreInterface, VppGre6Interface
17 from vpp_ip import DpoProto
18 from vpp_ip_route import VppIpRoute, VppRoutePath
20 # 35 is enough to have >257 400-byte fragments
21 test_packet_count = 35
24 class TestIPv4Reassembly(VppTestCase):
25 """ IPv4 Reassembly """
29 super(TestIPv4Reassembly, cls).setUpClass()
31 cls.create_pg_interfaces([0, 1])
35 # setup all interfaces
36 for i in cls.pg_interfaces:
42 cls.packet_sizes = [64, 512, 1518, 9018]
43 cls.padding = " abcdefghijklmn"
44 cls.create_stream(cls.packet_sizes)
45 cls.create_fragments()
48 """ Test setup - force timeout on existing reassemblies """
49 super(TestIPv4Reassembly, self).setUp()
50 self.vapi.ip_reassembly_enable_disable(
51 sw_if_index=self.src_if.sw_if_index, enable_ip4=True)
52 self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000,
53 expire_walk_interval_ms=10)
55 self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000,
56 expire_walk_interval_ms=10000)
59 super(TestIPv4Reassembly, self).tearDown()
60 self.logger.debug(self.vapi.ppcli("show ip4-reassembly details"))
63 def create_stream(cls, packet_sizes, packet_count=test_packet_count):
64 """Create input packet stream
66 :param list packet_sizes: Required packet sizes.
68 for i in range(0, packet_count):
69 info = cls.create_packet_info(cls.src_if, cls.src_if)
70 payload = cls.info_to_payload(info)
71 p = (Ether(dst=cls.src_if.local_mac, src=cls.src_if.remote_mac) /
72 IP(id=info.index, src=cls.src_if.remote_ip4,
73 dst=cls.dst_if.remote_ip4) /
74 UDP(sport=1234, dport=5678) /
76 size = packet_sizes[(i // 2) % len(packet_sizes)]
77 cls.extend_packet(p, size, cls.padding)
81 def create_fragments(cls):
82 infos = cls._packet_infos
84 for index, info in six.iteritems(infos):
86 # cls.logger.debug(ppp("Packet:", p.__class__(str(p))))
87 fragments_400 = fragment_rfc791(p, 400)
88 fragments_300 = fragment_rfc791(p, 300)
90 x for f in fragments_400 for x in fragment_rfc791(f, 200)]
92 (index, fragments_400, fragments_300, fragments_200))
94 x for (_, frags, _, _) in cls.pkt_infos for x in frags]
96 x for (_, _, frags, _) in cls.pkt_infos for x in frags]
98 x for (_, _, _, frags) in cls.pkt_infos for x in frags]
99 cls.logger.debug("Fragmented %s packets into %s 400-byte fragments, "
100 "%s 300-byte fragments and %s 200-byte fragments" %
101 (len(infos), len(cls.fragments_400),
102 len(cls.fragments_300), len(cls.fragments_200)))
104 def verify_capture(self, capture, dropped_packet_indexes=[]):
105 """Verify captured packet stream.
107 :param list capture: Captured packet stream.
111 for packet in capture:
113 self.logger.debug(ppp("Got packet:", packet))
116 payload_info = self.payload_to_info(str(packet[Raw]))
117 packet_index = payload_info.index
119 packet_index not in dropped_packet_indexes,
120 ppp("Packet received, but should be dropped:", packet))
121 if packet_index in seen:
122 raise Exception(ppp("Duplicate packet received", packet))
123 seen.add(packet_index)
124 self.assertEqual(payload_info.dst, self.src_if.sw_if_index)
125 info = self._packet_infos[packet_index]
126 self.assertTrue(info is not None)
127 self.assertEqual(packet_index, info.index)
128 saved_packet = info.data
129 self.assertEqual(ip.src, saved_packet[IP].src)
130 self.assertEqual(ip.dst, saved_packet[IP].dst)
131 self.assertEqual(udp.payload, saved_packet[UDP].payload)
133 self.logger.error(ppp("Unexpected or invalid packet:", packet))
135 for index in self._packet_infos:
136 self.assertTrue(index in seen or index in dropped_packet_indexes,
137 "Packet with packet_index %d not received" % index)
139 def test_reassembly(self):
140 """ basic reassembly """
142 self.pg_enable_capture()
143 self.src_if.add_stream(self.fragments_200)
146 packets = self.dst_if.get_capture(len(self.pkt_infos))
147 self.verify_capture(packets)
148 self.src_if.assert_nothing_captured()
150 # run it all again to verify correctness
151 self.pg_enable_capture()
152 self.src_if.add_stream(self.fragments_200)
155 packets = self.dst_if.get_capture(len(self.pkt_infos))
156 self.verify_capture(packets)
157 self.src_if.assert_nothing_captured()
159 def test_reversed(self):
160 """ reverse order reassembly """
162 fragments = list(self.fragments_200)
165 self.pg_enable_capture()
166 self.src_if.add_stream(fragments)
169 packets = self.dst_if.get_capture(len(self.packet_infos))
170 self.verify_capture(packets)
171 self.src_if.assert_nothing_captured()
173 # run it all again to verify correctness
174 self.pg_enable_capture()
175 self.src_if.add_stream(fragments)
178 packets = self.dst_if.get_capture(len(self.packet_infos))
179 self.verify_capture(packets)
180 self.src_if.assert_nothing_captured()
183 """ fragment length + ip header size > 65535 """
184 self.vapi.cli("clear errors")
185 raw = ('E\x00\x00\x88,\xf8\x1f\xfe@\x01\x98\x00\xc0\xa8\n-\xc0\xa8\n'
186 '\x01\x08\x00\xf0J\xed\xcb\xf1\xf5Test-group: IPv4.IPv4.ipv4-'
187 'message.Ethernet-Payload.IPv4-Packet.IPv4-Header.Fragment-Of'
188 'fset; Test-case: 5737')
190 malformed_packet = (Ether(dst=self.src_if.local_mac,
191 src=self.src_if.remote_mac) /
193 p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) /
194 IP(id=1000, src=self.src_if.remote_ip4,
195 dst=self.dst_if.remote_ip4) /
196 UDP(sport=1234, dport=5678) /
198 valid_fragments = fragment_rfc791(p, 400)
200 self.pg_enable_capture()
201 self.src_if.add_stream([malformed_packet] + valid_fragments)
204 self.dst_if.get_capture(1)
205 self.assert_packet_counter_equal("ip4-reassembly-feature", 1)
206 # TODO remove above, uncomment below once clearing of counters
208 # self.assert_packet_counter_equal(
209 # "/err/ip4-reassembly-feature/malformed packets", 1)
211 def test_44924(self):
212 """ compress tiny fragments """
213 packets = [(Ether(dst=self.src_if.local_mac,
214 src=self.src_if.remote_mac) /
215 IP(id=24339, flags="MF", frag=0, ttl=64,
216 src=self.src_if.remote_ip4,
217 dst=self.dst_if.remote_ip4) /
218 ICMP(type="echo-request", code=0, id=0x1fe6, seq=0x2407) /
219 Raw(load='Test-group: IPv4')),
220 (Ether(dst=self.src_if.local_mac,
221 src=self.src_if.remote_mac) /
222 IP(id=24339, flags="MF", frag=3, ttl=64,
223 src=self.src_if.remote_ip4,
224 dst=self.dst_if.remote_ip4) /
225 ICMP(type="echo-request", code=0, id=0x1fe6, seq=0x2407) /
226 Raw(load='.IPv4.Fragmentation.vali')),
227 (Ether(dst=self.src_if.local_mac,
228 src=self.src_if.remote_mac) /
229 IP(id=24339, frag=6, ttl=64,
230 src=self.src_if.remote_ip4,
231 dst=self.dst_if.remote_ip4) /
232 ICMP(type="echo-request", code=0, id=0x1fe6, seq=0x2407) /
233 Raw(load='d; Test-case: 44924'))
236 self.pg_enable_capture()
237 self.src_if.add_stream(packets)
240 self.dst_if.get_capture(1)
242 def test_frag_1(self):
243 """ fragment of size 1 """
244 self.vapi.cli("clear errors")
245 malformed_packets = [(Ether(dst=self.src_if.local_mac,
246 src=self.src_if.remote_mac) /
247 IP(id=7, len=21, flags="MF", frag=0, ttl=64,
248 src=self.src_if.remote_ip4,
249 dst=self.dst_if.remote_ip4) /
250 ICMP(type="echo-request")),
251 (Ether(dst=self.src_if.local_mac,
252 src=self.src_if.remote_mac) /
253 IP(id=7, len=21, frag=1, ttl=64,
254 src=self.src_if.remote_ip4,
255 dst=self.dst_if.remote_ip4) /
259 p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) /
260 IP(id=1000, src=self.src_if.remote_ip4,
261 dst=self.dst_if.remote_ip4) /
262 UDP(sport=1234, dport=5678) /
264 valid_fragments = fragment_rfc791(p, 400)
266 self.pg_enable_capture()
267 self.src_if.add_stream(malformed_packets + valid_fragments)
270 self.dst_if.get_capture(1)
272 self.assert_packet_counter_equal("ip4-reassembly-feature", 1)
273 # TODO remove above, uncomment below once clearing of counters
275 # self.assert_packet_counter_equal(
276 # "/err/ip4-reassembly-feature/malformed packets", 1)
278 @unittest.skipIf(is_skip_aarch64_set and is_platform_aarch64,
279 "test doesn't work on aarch64")
280 def test_random(self):
281 """ random order reassembly """
283 fragments = list(self.fragments_200)
286 self.pg_enable_capture()
287 self.src_if.add_stream(fragments)
290 packets = self.dst_if.get_capture(len(self.packet_infos))
291 self.verify_capture(packets)
292 self.src_if.assert_nothing_captured()
294 # run it all again to verify correctness
295 self.pg_enable_capture()
296 self.src_if.add_stream(fragments)
299 packets = self.dst_if.get_capture(len(self.packet_infos))
300 self.verify_capture(packets)
301 self.src_if.assert_nothing_captured()
303 def test_duplicates(self):
304 """ duplicate fragments """
307 x for (_, frags, _, _) in self.pkt_infos
309 for _ in range(0, min(2, len(frags)))
312 self.pg_enable_capture()
313 self.src_if.add_stream(fragments)
316 packets = self.dst_if.get_capture(len(self.pkt_infos))
317 self.verify_capture(packets)
318 self.src_if.assert_nothing_captured()
320 def test_overlap1(self):
321 """ overlapping fragments case #1 """
324 for _, _, frags_300, frags_200 in self.pkt_infos:
325 if len(frags_300) == 1:
326 fragments.extend(frags_300)
328 for i, j in zip(frags_200, frags_300):
332 self.pg_enable_capture()
333 self.src_if.add_stream(fragments)
336 packets = self.dst_if.get_capture(len(self.pkt_infos))
337 self.verify_capture(packets)
338 self.src_if.assert_nothing_captured()
340 # run it all to verify correctness
341 self.pg_enable_capture()
342 self.src_if.add_stream(fragments)
345 packets = self.dst_if.get_capture(len(self.pkt_infos))
346 self.verify_capture(packets)
347 self.src_if.assert_nothing_captured()
349 def test_overlap2(self):
350 """ overlapping fragments case #2 """
353 for _, _, frags_300, frags_200 in self.pkt_infos:
354 if len(frags_300) == 1:
355 fragments.extend(frags_300)
357 # care must be taken here so that there are no fragments
358 # received by vpp after reassembly is finished, otherwise
359 # new reassemblies will be started and packet generator will
360 # freak out when it detects unfreed buffers
361 zipped = zip(frags_300, frags_200)
362 for i, j in zipped[:-1]:
365 fragments.append(zipped[-1][0])
367 self.pg_enable_capture()
368 self.src_if.add_stream(fragments)
371 packets = self.dst_if.get_capture(len(self.pkt_infos))
372 self.verify_capture(packets)
373 self.src_if.assert_nothing_captured()
375 # run it all to verify correctness
376 self.pg_enable_capture()
377 self.src_if.add_stream(fragments)
380 packets = self.dst_if.get_capture(len(self.pkt_infos))
381 self.verify_capture(packets)
382 self.src_if.assert_nothing_captured()
384 def test_timeout_inline(self):
385 """ timeout (inline) """
387 dropped_packet_indexes = set(
388 index for (index, frags, _, _) in self.pkt_infos if len(frags) > 1
391 self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000,
392 expire_walk_interval_ms=10000)
394 self.pg_enable_capture()
395 self.src_if.add_stream(self.fragments_400)
398 packets = self.dst_if.get_capture(
399 len(self.pkt_infos) - len(dropped_packet_indexes))
400 self.verify_capture(packets, dropped_packet_indexes)
401 self.src_if.assert_nothing_captured()
403 def test_timeout_cleanup(self):
404 """ timeout (cleanup) """
406 # whole packets + fragmented packets sans last fragment
408 x for (_, frags_400, _, _) in self.pkt_infos
409 for x in frags_400[:-1 if len(frags_400) > 1 else None]
412 # last fragments for fragmented packets
413 fragments2 = [frags_400[-1]
414 for (_, frags_400, _, _) in self.pkt_infos
415 if len(frags_400) > 1]
417 dropped_packet_indexes = set(
418 index for (index, frags_400, _, _) in self.pkt_infos
419 if len(frags_400) > 1)
421 self.vapi.ip_reassembly_set(timeout_ms=100, max_reassemblies=1000,
422 expire_walk_interval_ms=50)
424 self.pg_enable_capture()
425 self.src_if.add_stream(fragments)
428 self.sleep(.25, "wait before sending rest of fragments")
430 self.src_if.add_stream(fragments2)
433 packets = self.dst_if.get_capture(
434 len(self.pkt_infos) - len(dropped_packet_indexes))
435 self.verify_capture(packets, dropped_packet_indexes)
436 self.src_if.assert_nothing_captured()
438 def test_disabled(self):
439 """ reassembly disabled """
441 dropped_packet_indexes = set(
442 index for (index, frags_400, _, _) in self.pkt_infos
443 if len(frags_400) > 1)
445 self.vapi.ip_reassembly_set(timeout_ms=1000, max_reassemblies=0,
446 expire_walk_interval_ms=10000)
448 self.pg_enable_capture()
449 self.src_if.add_stream(self.fragments_400)
452 packets = self.dst_if.get_capture(
453 len(self.pkt_infos) - len(dropped_packet_indexes))
454 self.verify_capture(packets, dropped_packet_indexes)
455 self.src_if.assert_nothing_captured()
458 class TestIPv6Reassembly(VppTestCase):
459 """ IPv6 Reassembly """
463 super(TestIPv6Reassembly, cls).setUpClass()
465 cls.create_pg_interfaces([0, 1])
469 # setup all interfaces
470 for i in cls.pg_interfaces:
476 cls.packet_sizes = [64, 512, 1518, 9018]
477 cls.padding = " abcdefghijklmn"
478 cls.create_stream(cls.packet_sizes)
479 cls.create_fragments()
482 """ Test setup - force timeout on existing reassemblies """
483 super(TestIPv6Reassembly, self).setUp()
484 self.vapi.ip_reassembly_enable_disable(
485 sw_if_index=self.src_if.sw_if_index, enable_ip6=True)
486 self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000,
487 expire_walk_interval_ms=10, is_ip6=1)
489 self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000,
490 expire_walk_interval_ms=10000, is_ip6=1)
491 self.logger.debug(self.vapi.ppcli("show ip6-reassembly details"))
494 super(TestIPv6Reassembly, self).tearDown()
495 self.logger.debug(self.vapi.ppcli("show ip6-reassembly details"))
498 def create_stream(cls, packet_sizes, packet_count=test_packet_count):
499 """Create input packet stream for defined interface.
501 :param list packet_sizes: Required packet sizes.
503 for i in range(0, packet_count):
504 info = cls.create_packet_info(cls.src_if, cls.src_if)
505 payload = cls.info_to_payload(info)
506 p = (Ether(dst=cls.src_if.local_mac, src=cls.src_if.remote_mac) /
507 IPv6(src=cls.src_if.remote_ip6,
508 dst=cls.dst_if.remote_ip6) /
509 UDP(sport=1234, dport=5678) /
511 size = packet_sizes[(i // 2) % len(packet_sizes)]
512 cls.extend_packet(p, size, cls.padding)
516 def create_fragments(cls):
517 infos = cls._packet_infos
519 for index, info in six.iteritems(infos):
521 # cls.logger.debug(ppp("Packet:", p.__class__(str(p))))
522 fragments_400 = fragment_rfc8200(p, info.index, 400)
523 fragments_300 = fragment_rfc8200(p, info.index, 300)
524 cls.pkt_infos.append((index, fragments_400, fragments_300))
525 cls.fragments_400 = [
526 x for _, frags, _ in cls.pkt_infos for x in frags]
527 cls.fragments_300 = [
528 x for _, _, frags in cls.pkt_infos for x in frags]
529 cls.logger.debug("Fragmented %s packets into %s 400-byte fragments, "
530 "and %s 300-byte fragments" %
531 (len(infos), len(cls.fragments_400),
532 len(cls.fragments_300)))
534 def verify_capture(self, capture, dropped_packet_indexes=[]):
535 """Verify captured packet strea .
537 :param list capture: Captured packet stream.
541 for packet in capture:
543 self.logger.debug(ppp("Got packet:", packet))
546 payload_info = self.payload_to_info(str(packet[Raw]))
547 packet_index = payload_info.index
549 packet_index not in dropped_packet_indexes,
550 ppp("Packet received, but should be dropped:", packet))
551 if packet_index in seen:
552 raise Exception(ppp("Duplicate packet received", packet))
553 seen.add(packet_index)
554 self.assertEqual(payload_info.dst, self.src_if.sw_if_index)
555 info = self._packet_infos[packet_index]
556 self.assertTrue(info is not None)
557 self.assertEqual(packet_index, info.index)
558 saved_packet = info.data
559 self.assertEqual(ip.src, saved_packet[IPv6].src)
560 self.assertEqual(ip.dst, saved_packet[IPv6].dst)
561 self.assertEqual(udp.payload, saved_packet[UDP].payload)
563 self.logger.error(ppp("Unexpected or invalid packet:", packet))
565 for index in self._packet_infos:
566 self.assertTrue(index in seen or index in dropped_packet_indexes,
567 "Packet with packet_index %d not received" % index)
569 def test_reassembly(self):
570 """ basic reassembly """
572 self.pg_enable_capture()
573 self.src_if.add_stream(self.fragments_400)
576 packets = self.dst_if.get_capture(len(self.pkt_infos))
577 self.verify_capture(packets)
578 self.src_if.assert_nothing_captured()
580 # run it all again to verify correctness
581 self.pg_enable_capture()
582 self.src_if.add_stream(self.fragments_400)
585 packets = self.dst_if.get_capture(len(self.pkt_infos))
586 self.verify_capture(packets)
587 self.src_if.assert_nothing_captured()
589 def test_reversed(self):
590 """ reverse order reassembly """
592 fragments = list(self.fragments_400)
595 self.pg_enable_capture()
596 self.src_if.add_stream(fragments)
599 packets = self.dst_if.get_capture(len(self.pkt_infos))
600 self.verify_capture(packets)
601 self.src_if.assert_nothing_captured()
603 # run it all again to verify correctness
604 self.pg_enable_capture()
605 self.src_if.add_stream(fragments)
608 packets = self.dst_if.get_capture(len(self.pkt_infos))
609 self.verify_capture(packets)
610 self.src_if.assert_nothing_captured()
612 def test_random(self):
613 """ random order reassembly """
615 fragments = list(self.fragments_400)
618 self.pg_enable_capture()
619 self.src_if.add_stream(fragments)
622 packets = self.dst_if.get_capture(len(self.pkt_infos))
623 self.verify_capture(packets)
624 self.src_if.assert_nothing_captured()
626 # run it all again to verify correctness
627 self.pg_enable_capture()
628 self.src_if.add_stream(fragments)
631 packets = self.dst_if.get_capture(len(self.pkt_infos))
632 self.verify_capture(packets)
633 self.src_if.assert_nothing_captured()
635 def test_duplicates(self):
636 """ duplicate fragments """
639 x for (_, frags, _) in self.pkt_infos
641 for _ in range(0, min(2, len(frags)))
644 self.pg_enable_capture()
645 self.src_if.add_stream(fragments)
648 packets = self.dst_if.get_capture(len(self.pkt_infos))
649 self.verify_capture(packets)
650 self.src_if.assert_nothing_captured()
652 def test_overlap1(self):
653 """ overlapping fragments case #1 """
656 for _, frags_400, frags_300 in self.pkt_infos:
657 if len(frags_300) == 1:
658 fragments.extend(frags_400)
660 for i, j in zip(frags_300, frags_400):
664 dropped_packet_indexes = set(
665 index for (index, _, frags) in self.pkt_infos if len(frags) > 1
668 self.pg_enable_capture()
669 self.src_if.add_stream(fragments)
672 packets = self.dst_if.get_capture(
673 len(self.pkt_infos) - len(dropped_packet_indexes))
674 self.verify_capture(packets, dropped_packet_indexes)
675 self.src_if.assert_nothing_captured()
677 def test_overlap2(self):
678 """ overlapping fragments case #2 """
681 for _, frags_400, frags_300 in self.pkt_infos:
682 if len(frags_400) == 1:
683 fragments.extend(frags_400)
685 # care must be taken here so that there are no fragments
686 # received by vpp after reassembly is finished, otherwise
687 # new reassemblies will be started and packet generator will
688 # freak out when it detects unfreed buffers
689 zipped = zip(frags_400, frags_300)
690 for i, j in zipped[:-1]:
693 fragments.append(zipped[-1][0])
695 dropped_packet_indexes = set(
696 index for (index, _, frags) in self.pkt_infos if len(frags) > 1
699 self.pg_enable_capture()
700 self.src_if.add_stream(fragments)
703 packets = self.dst_if.get_capture(
704 len(self.pkt_infos) - len(dropped_packet_indexes))
705 self.verify_capture(packets, dropped_packet_indexes)
706 self.src_if.assert_nothing_captured()
708 def test_timeout_inline(self):
709 """ timeout (inline) """
711 dropped_packet_indexes = set(
712 index for (index, frags, _) in self.pkt_infos if len(frags) > 1
715 self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000,
716 expire_walk_interval_ms=10000, is_ip6=1)
718 self.pg_enable_capture()
719 self.src_if.add_stream(self.fragments_400)
722 packets = self.dst_if.get_capture(
723 len(self.pkt_infos) - len(dropped_packet_indexes))
724 self.verify_capture(packets, dropped_packet_indexes)
725 pkts = self.src_if.get_capture(
726 expected_count=len(dropped_packet_indexes))
728 self.assertIn(ICMPv6TimeExceeded, icmp)
729 self.assertIn(IPv6ExtHdrFragment, icmp)
730 self.assertIn(icmp[IPv6ExtHdrFragment].id, dropped_packet_indexes)
731 dropped_packet_indexes.remove(icmp[IPv6ExtHdrFragment].id)
733 def test_timeout_cleanup(self):
734 """ timeout (cleanup) """
736 # whole packets + fragmented packets sans last fragment
738 x for (_, frags_400, _) in self.pkt_infos
739 for x in frags_400[:-1 if len(frags_400) > 1 else None]
742 # last fragments for fragmented packets
743 fragments2 = [frags_400[-1]
744 for (_, frags_400, _) in self.pkt_infos
745 if len(frags_400) > 1]
747 dropped_packet_indexes = set(
748 index for (index, frags_400, _) in self.pkt_infos
749 if len(frags_400) > 1)
751 self.vapi.ip_reassembly_set(timeout_ms=100, max_reassemblies=1000,
752 expire_walk_interval_ms=50)
754 self.vapi.ip_reassembly_set(timeout_ms=100, max_reassemblies=1000,
755 expire_walk_interval_ms=50, is_ip6=1)
757 self.pg_enable_capture()
758 self.src_if.add_stream(fragments)
761 self.sleep(.25, "wait before sending rest of fragments")
763 self.src_if.add_stream(fragments2)
766 packets = self.dst_if.get_capture(
767 len(self.pkt_infos) - len(dropped_packet_indexes))
768 self.verify_capture(packets, dropped_packet_indexes)
769 pkts = self.src_if.get_capture(
770 expected_count=len(dropped_packet_indexes))
772 self.assertIn(ICMPv6TimeExceeded, icmp)
773 self.assertIn(IPv6ExtHdrFragment, icmp)
774 self.assertIn(icmp[IPv6ExtHdrFragment].id, dropped_packet_indexes)
775 dropped_packet_indexes.remove(icmp[IPv6ExtHdrFragment].id)
777 def test_disabled(self):
778 """ reassembly disabled """
780 dropped_packet_indexes = set(
781 index for (index, frags_400, _) in self.pkt_infos
782 if len(frags_400) > 1)
784 self.vapi.ip_reassembly_set(timeout_ms=1000, max_reassemblies=0,
785 expire_walk_interval_ms=10000, is_ip6=1)
787 self.pg_enable_capture()
788 self.src_if.add_stream(self.fragments_400)
791 packets = self.dst_if.get_capture(
792 len(self.pkt_infos) - len(dropped_packet_indexes))
793 self.verify_capture(packets, dropped_packet_indexes)
794 self.src_if.assert_nothing_captured()
796 def test_missing_upper(self):
797 """ missing upper layer """
798 p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) /
799 IPv6(src=self.src_if.remote_ip6,
800 dst=self.src_if.local_ip6) /
801 UDP(sport=1234, dport=5678) /
803 self.extend_packet(p, 1000, self.padding)
804 fragments = fragment_rfc8200(p, 1, 500)
805 bad_fragment = p.__class__(str(fragments[1]))
806 bad_fragment[IPv6ExtHdrFragment].nh = 59
807 bad_fragment[IPv6ExtHdrFragment].offset = 0
808 self.pg_enable_capture()
809 self.src_if.add_stream([bad_fragment])
811 pkts = self.src_if.get_capture(expected_count=1)
813 self.assertIn(ICMPv6ParamProblem, icmp)
814 self.assert_equal(icmp[ICMPv6ParamProblem].code, 3, "ICMP code")
816 def test_invalid_frag_size(self):
817 """ fragment size not a multiple of 8 """
818 p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) /
819 IPv6(src=self.src_if.remote_ip6,
820 dst=self.src_if.local_ip6) /
821 UDP(sport=1234, dport=5678) /
823 self.extend_packet(p, 1000, self.padding)
824 fragments = fragment_rfc8200(p, 1, 500)
825 bad_fragment = fragments[0]
826 self.extend_packet(bad_fragment, len(bad_fragment) + 5)
827 self.pg_enable_capture()
828 self.src_if.add_stream([bad_fragment])
830 pkts = self.src_if.get_capture(expected_count=1)
832 self.assertIn(ICMPv6ParamProblem, icmp)
833 self.assert_equal(icmp[ICMPv6ParamProblem].code, 0, "ICMP code")
835 def test_invalid_packet_size(self):
836 """ total packet size > 65535 """
837 p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) /
838 IPv6(src=self.src_if.remote_ip6,
839 dst=self.src_if.local_ip6) /
840 UDP(sport=1234, dport=5678) /
842 self.extend_packet(p, 1000, self.padding)
843 fragments = fragment_rfc8200(p, 1, 500)
844 bad_fragment = fragments[1]
845 bad_fragment[IPv6ExtHdrFragment].offset = 65500
846 self.pg_enable_capture()
847 self.src_if.add_stream([bad_fragment])
849 pkts = self.src_if.get_capture(expected_count=1)
851 self.assertIn(ICMPv6ParamProblem, icmp)
852 self.assert_equal(icmp[ICMPv6ParamProblem].code, 0, "ICMP code")
855 class TestIPv4ReassemblyLocalNode(VppTestCase):
856 """ IPv4 Reassembly for packets coming to ip4-local node """
860 super(TestIPv4ReassemblyLocalNode, cls).setUpClass()
862 cls.create_pg_interfaces([0])
863 cls.src_dst_if = cls.pg0
865 # setup all interfaces
866 for i in cls.pg_interfaces:
871 cls.padding = " abcdefghijklmn"
873 cls.create_fragments()
876 """ Test setup - force timeout on existing reassemblies """
877 super(TestIPv4ReassemblyLocalNode, self).setUp()
878 self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000,
879 expire_walk_interval_ms=10)
881 self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000,
882 expire_walk_interval_ms=10000)
885 super(TestIPv4ReassemblyLocalNode, self).tearDown()
886 self.logger.debug(self.vapi.ppcli("show ip4-reassembly details"))
889 def create_stream(cls, packet_count=test_packet_count):
890 """Create input packet stream for defined interface.
892 :param list packet_sizes: Required packet sizes.
894 for i in range(0, packet_count):
895 info = cls.create_packet_info(cls.src_dst_if, cls.src_dst_if)
896 payload = cls.info_to_payload(info)
897 p = (Ether(dst=cls.src_dst_if.local_mac,
898 src=cls.src_dst_if.remote_mac) /
899 IP(id=info.index, src=cls.src_dst_if.remote_ip4,
900 dst=cls.src_dst_if.local_ip4) /
901 ICMP(type='echo-request', id=1234) /
903 cls.extend_packet(p, 1518, cls.padding)
907 def create_fragments(cls):
908 infos = cls._packet_infos
910 for index, info in six.iteritems(infos):
912 # cls.logger.debug(ppp("Packet:", p.__class__(str(p))))
913 fragments_300 = fragment_rfc791(p, 300)
914 cls.pkt_infos.append((index, fragments_300))
915 cls.fragments_300 = [x for (_, frags) in cls.pkt_infos for x in frags]
916 cls.logger.debug("Fragmented %s packets into %s 300-byte fragments" %
917 (len(infos), len(cls.fragments_300)))
919 def verify_capture(self, capture):
920 """Verify captured packet stream.
922 :param list capture: Captured packet stream.
926 for packet in capture:
928 self.logger.debug(ppp("Got packet:", packet))
931 payload_info = self.payload_to_info(str(packet[Raw]))
932 packet_index = payload_info.index
933 if packet_index in seen:
934 raise Exception(ppp("Duplicate packet received", packet))
935 seen.add(packet_index)
936 self.assertEqual(payload_info.dst, self.src_dst_if.sw_if_index)
937 info = self._packet_infos[packet_index]
938 self.assertIsNotNone(info)
939 self.assertEqual(packet_index, info.index)
940 saved_packet = info.data
941 self.assertEqual(ip.src, saved_packet[IP].dst)
942 self.assertEqual(ip.dst, saved_packet[IP].src)
943 self.assertEqual(icmp.type, 0) # echo reply
944 self.assertEqual(icmp.id, saved_packet[ICMP].id)
945 self.assertEqual(icmp.payload, saved_packet[ICMP].payload)
947 self.logger.error(ppp("Unexpected or invalid packet:", packet))
949 for index in self._packet_infos:
950 self.assertIn(index, seen,
951 "Packet with packet_index %d not received" % index)
953 def test_reassembly(self):
954 """ basic reassembly """
956 self.pg_enable_capture()
957 self.src_dst_if.add_stream(self.fragments_300)
960 packets = self.src_dst_if.get_capture(len(self.pkt_infos))
961 self.verify_capture(packets)
963 # run it all again to verify correctness
964 self.pg_enable_capture()
965 self.src_dst_if.add_stream(self.fragments_300)
968 packets = self.src_dst_if.get_capture(len(self.pkt_infos))
969 self.verify_capture(packets)
972 class TestFIFReassembly(VppTestCase):
973 """ Fragments in fragments reassembly """
977 super(TestFIFReassembly, cls).setUpClass()
979 cls.create_pg_interfaces([0, 1])
982 for i in cls.pg_interfaces:
989 cls.packet_sizes = [64, 512, 1518, 9018]
990 cls.padding = " abcdefghijklmn"
993 """ Test setup - force timeout on existing reassemblies """
994 super(TestFIFReassembly, self).setUp()
995 self.vapi.ip_reassembly_enable_disable(
996 sw_if_index=self.src_if.sw_if_index, enable_ip4=True,
998 self.vapi.ip_reassembly_enable_disable(
999 sw_if_index=self.dst_if.sw_if_index, enable_ip4=True,
1001 self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000,
1002 expire_walk_interval_ms=10)
1003 self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000,
1004 expire_walk_interval_ms=10, is_ip6=1)
1006 self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000,
1007 expire_walk_interval_ms=10000)
1008 self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000,
1009 expire_walk_interval_ms=10000, is_ip6=1)
1012 self.logger.debug(self.vapi.ppcli("show ip4-reassembly details"))
1013 self.logger.debug(self.vapi.ppcli("show ip6-reassembly details"))
1014 super(TestFIFReassembly, self).tearDown()
1016 def verify_capture(self, capture, ip_class, dropped_packet_indexes=[]):
1017 """Verify captured packet stream.
1019 :param list capture: Captured packet stream.
1023 for packet in capture:
1025 self.logger.debug(ppp("Got packet:", packet))
1026 ip = packet[ip_class]
1028 payload_info = self.payload_to_info(str(packet[Raw]))
1029 packet_index = payload_info.index
1031 packet_index not in dropped_packet_indexes,
1032 ppp("Packet received, but should be dropped:", packet))
1033 if packet_index in seen:
1034 raise Exception(ppp("Duplicate packet received", packet))
1035 seen.add(packet_index)
1036 self.assertEqual(payload_info.dst, self.dst_if.sw_if_index)
1037 info = self._packet_infos[packet_index]
1038 self.assertTrue(info is not None)
1039 self.assertEqual(packet_index, info.index)
1040 saved_packet = info.data
1041 self.assertEqual(ip.src, saved_packet[ip_class].src)
1042 self.assertEqual(ip.dst, saved_packet[ip_class].dst)
1043 self.assertEqual(udp.payload, saved_packet[UDP].payload)
1045 self.logger.error(ppp("Unexpected or invalid packet:", packet))
1047 for index in self._packet_infos:
1048 self.assertTrue(index in seen or index in dropped_packet_indexes,
1049 "Packet with packet_index %d not received" % index)
1051 def test_fif4(self):
1052 """ Fragments in fragments (4o4) """
1054 # TODO this should be ideally in setUpClass, but then we hit a bug
1055 # with VppIpRoute incorrectly reporting it's present when it's not
1056 # so we need to manually remove the vpp config, thus we cannot have
1057 # it shared for multiple test cases
1058 self.tun_ip4 = "1.1.1.2"
1060 self.gre4 = VppGreInterface(self, self.src_if.local_ip4, self.tun_ip4)
1061 self.gre4.add_vpp_config()
1062 self.gre4.admin_up()
1063 self.gre4.config_ip4()
1065 self.vapi.ip_reassembly_enable_disable(
1066 sw_if_index=self.gre4.sw_if_index, enable_ip4=True)
1068 self.route4 = VppIpRoute(self, self.tun_ip4, 32,
1069 [VppRoutePath(self.src_if.remote_ip4,
1070 self.src_if.sw_if_index)])
1071 self.route4.add_vpp_config()
1073 self.reset_packet_infos()
1074 for i in range(test_packet_count):
1075 info = self.create_packet_info(self.src_if, self.dst_if)
1076 payload = self.info_to_payload(info)
1077 # Ethernet header here is only for size calculation, thus it
1078 # doesn't matter how it's initialized. This is to ensure that
1079 # reassembled packet is not > 9000 bytes, so that it's not dropped
1081 IP(id=i, src=self.src_if.remote_ip4,
1082 dst=self.dst_if.remote_ip4) /
1083 UDP(sport=1234, dport=5678) /
1085 size = self.packet_sizes[(i // 2) % len(self.packet_sizes)]
1086 self.extend_packet(p, size, self.padding)
1087 info.data = p[IP] # use only IP part, without ethernet header
1089 fragments = [x for _, p in six.iteritems(self._packet_infos)
1090 for x in fragment_rfc791(p.data, 400)]
1092 encapped_fragments = \
1093 [Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) /
1094 IP(src=self.tun_ip4, dst=self.src_if.local_ip4) /
1099 fragmented_encapped_fragments = \
1100 [x for p in encapped_fragments
1101 for x in fragment_rfc791(p, 200)]
1103 self.src_if.add_stream(fragmented_encapped_fragments)
1105 self.pg_enable_capture(self.pg_interfaces)
1108 self.src_if.assert_nothing_captured()
1109 packets = self.dst_if.get_capture(len(self._packet_infos))
1110 self.verify_capture(packets, IP)
1112 # TODO remove gre vpp config by hand until VppIpRoute gets fixed
1113 # so that it's query_vpp_config() works as it should
1114 self.gre4.remove_vpp_config()
1115 self.logger.debug(self.vapi.ppcli("show interface"))
1117 def test_fif6(self):
1118 """ Fragments in fragments (6o6) """
1119 # TODO this should be ideally in setUpClass, but then we hit a bug
1120 # with VppIpRoute incorrectly reporting it's present when it's not
1121 # so we need to manually remove the vpp config, thus we cannot have
1122 # it shared for multiple test cases
1123 self.tun_ip6 = "1002::1"
1125 self.gre6 = VppGre6Interface(self, self.src_if.local_ip6, self.tun_ip6)
1126 self.gre6.add_vpp_config()
1127 self.gre6.admin_up()
1128 self.gre6.config_ip6()
1130 self.vapi.ip_reassembly_enable_disable(
1131 sw_if_index=self.gre6.sw_if_index, enable_ip6=True)
1133 self.route6 = VppIpRoute(self, self.tun_ip6, 128,
1134 [VppRoutePath(self.src_if.remote_ip6,
1135 self.src_if.sw_if_index,
1136 proto=DpoProto.DPO_PROTO_IP6)],
1138 self.route6.add_vpp_config()
1140 self.reset_packet_infos()
1141 for i in range(test_packet_count):
1142 info = self.create_packet_info(self.src_if, self.dst_if)
1143 payload = self.info_to_payload(info)
1144 # Ethernet header here is only for size calculation, thus it
1145 # doesn't matter how it's initialized. This is to ensure that
1146 # reassembled packet is not > 9000 bytes, so that it's not dropped
1148 IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) /
1149 UDP(sport=1234, dport=5678) /
1151 size = self.packet_sizes[(i // 2) % len(self.packet_sizes)]
1152 self.extend_packet(p, size, self.padding)
1153 info.data = p[IPv6] # use only IPv6 part, without ethernet header
1155 fragments = [x for _, i in six.iteritems(self._packet_infos)
1156 for x in fragment_rfc8200(
1157 i.data, i.index, 400)]
1159 encapped_fragments = \
1160 [Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) /
1161 IPv6(src=self.tun_ip6, dst=self.src_if.local_ip6) /
1166 fragmented_encapped_fragments = \
1167 [x for p in encapped_fragments for x in (
1170 2 * len(self._packet_infos) + p[IPv6ExtHdrFragment].id,
1172 if IPv6ExtHdrFragment in p else [p]
1176 self.src_if.add_stream(fragmented_encapped_fragments)
1178 self.pg_enable_capture(self.pg_interfaces)
1181 self.src_if.assert_nothing_captured()
1182 packets = self.dst_if.get_capture(len(self._packet_infos))
1183 self.verify_capture(packets, IPv6)
1185 # TODO remove gre vpp config by hand until VppIpRoute gets fixed
1186 # so that it's query_vpp_config() works as it should
1187 self.gre6.remove_vpp_config()
1190 if __name__ == '__main__':
1191 unittest.main(testRunner=VppTestRunner)