api: add new stream message convention

[vpp.git] / src / plugins / map / test / test_map.py
diff --git a/src/plugins/map/test/test_map.py b/src/plugins/map/test/test_map.py

index 03913ce..93ea3f0 100644 (file)
--- a/src/plugins/map/test/test_map.py
+++ b/src/plugins/map/test/test_map.py
@@ -12,7 +12,8 @@ import scapy.compat
  from scapy.layers.l2 import Ether
  from scapy.packet import Raw
  from scapy.layers.inet import IP, UDP, ICMP, TCP
  from scapy.layers.l2 import Ether
  from scapy.packet import Raw
  from scapy.layers.inet import IP, UDP, ICMP, TCP
-from scapy.layers.inet6 import IPv6, ICMPv6TimeExceeded, IPv6ExtHdrFragment
+from scapy.layers.inet6 import IPv6, ICMPv6TimeExceeded, IPv6ExtHdrFragment, \
+    ICMPv6EchoRequest, ICMPv6DestUnreach
  
  
  class TestMAP(VppTestCase):
  
  
  class TestMAP(VppTestCase):
@@ -36,6 +37,8 @@ class TestMAP(VppTestCase):
          self.pg0.admin_up()
          self.pg0.config_ip4()
          self.pg0.resolve_arp()
          self.pg0.admin_up()
          self.pg0.config_ip4()
          self.pg0.resolve_arp()
+        self.pg0.generate_remote_hosts(2)
+        self.pg0.configure_ipv4_neighbors()
  
          # pg1 is 'outside' IPv6
          self.pg1.admin_up()
  
          # pg1 is 'outside' IPv6
          self.pg1.admin_up()
@@ -97,6 +100,48 @@ class TestMAP(VppTestCase):
          self.assertEqual(rv[0].tag, tag,
                           "output produced incorrect tag value.")
  
          self.assertEqual(rv[0].tag, tag,
                           "output produced incorrect tag value.")
  
+    def create_domains(self, ip4_pfx_str, ip6_pfx_str, ip6_src_str):
+        ip4_pfx = ipaddress.ip_network(ip4_pfx_str)
+        ip6_dst = ipaddress.ip_network(ip6_pfx_str)
+        mod = ip4_pfx.num_addresses / 1024
+        indicies = []
+        for i in range(ip4_pfx.num_addresses):
+            rv = self.vapi.map_add_domain(ip6_prefix=ip6_pfx_str,
+                                          ip4_prefix=str(ip4_pfx[i]) + "/32",
+                                          ip6_src=ip6_src_str)
+            indicies.append(rv.index)
+        return indicies
+
+    def test_api_map_domains_get(self):
+        # Create a bunch of domains
+        domains = self.create_domains('130.67.0.0/24', '2001::/32',
+                                      '2001::1/128')
+        self.assertEqual(len(domains), 256)
+
+        d = []
+        cursor = 0
+
+        # Invalid cursor
+        rv, details = self.vapi.map_domains_get(cursor=1234)
+        self.assertEqual(rv.retval, -7)
+
+        # Delete a domain in the middle of walk
+        rv, details = self.vapi.map_domains_get(cursor=0)
+        self.assertEqual(rv.retval, -165)
+        self.vapi.map_del_domain(index=rv.cursor)
+        domains.remove(rv.cursor)
+
+        # Continue at point of deleted cursor
+        rv, details = self.vapi.map_domains_get(cursor=rv.cursor)
+        self.assertEqual(rv.retval, -165)
+
+        d = list(self.vapi.vpp.details_iter(self.vapi.map_domains_get))
+        self.assertEqual(len(d), 255)
+
+        # Clean up
+        for i in domains:
+            self.vapi.map_del_domain(index=i)
+
      def test_map_e_udp(self):
          """ MAP-E UDP"""
  
      def test_map_e_udp(self):
          """ MAP-E UDP"""
  
@@ -435,14 +480,14 @@ class TestMAP(VppTestCase):
      def validate(self, rx, expected):
          self.assertEqual(rx, expected.__class__(scapy.compat.raw(expected)))
  
      def validate(self, rx, expected):
          self.assertEqual(rx, expected.__class__(scapy.compat.raw(expected)))
  
-    def validate_frag(self, p6_frag, p_ip6_expected):
+    def validate_frag6(self, p6_frag, p_ip6_expected):
          self.assertFalse(p6_frag.haslayer(IP))
          self.assertTrue(p6_frag.haslayer(IPv6))
          self.assertTrue(p6_frag.haslayer(IPv6ExtHdrFragment))
          self.assertEqual(p6_frag[IPv6].src, p_ip6_expected.src)
          self.assertEqual(p6_frag[IPv6].dst, p_ip6_expected.dst)
  
          self.assertFalse(p6_frag.haslayer(IP))
          self.assertTrue(p6_frag.haslayer(IPv6))
          self.assertTrue(p6_frag.haslayer(IPv6ExtHdrFragment))
          self.assertEqual(p6_frag[IPv6].src, p_ip6_expected.src)
          self.assertEqual(p6_frag[IPv6].dst, p_ip6_expected.dst)
  
-    def validate_frag_payload_len(self, rx, proto, payload_len_expected):
+    def validate_frag_payload_len6(self, rx, proto, payload_len_expected):
          payload_total = 0
          for p in rx:
              payload_total += p[IPv6].plen
          payload_total = 0
          for p in rx:
              payload_total += p[IPv6].plen
@@ -455,6 +500,23 @@ class TestMAP(VppTestCase):
  
          self.assertEqual(payload_total, payload_len_expected)
  
  
          self.assertEqual(payload_total, payload_len_expected)
  
+    def validate_frag4(self, p4_frag, p_ip4_expected):
+        self.assertFalse(p4_frag.haslayer(IPv6))
+        self.assertTrue(p4_frag.haslayer(IP))
+        self.assertTrue(p4_frag[IP].frag != 0 or p4_frag[IP].flags.MF)
+        self.assertEqual(p4_frag[IP].src, p_ip4_expected.src)
+        self.assertEqual(p4_frag[IP].dst, p_ip4_expected.dst)
+
+    def validate_frag_payload_len4(self, rx, proto, payload_len_expected):
+        payload_total = 0
+        for p in rx:
+            payload_total += len(p[IP].payload)
+
+        # First fragment has proto
+        payload_total -= len(proto())
+
+        self.assertEqual(payload_total, payload_len_expected)
+
      def payload(self, len):
          return 'x' * len
  
      def payload(self, len):
          return 'x' * len
  
@@ -543,7 +605,7 @@ class TestMAP(VppTestCase):
          for p in rx:
              self.validate(p[1], p4_translated)
  
          for p in rx:
              self.validate(p[1], p4_translated)
  
-        # IPv4 TTL
+        # IPv4 TTL=0
          ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0)
          p4 = (p_ether / ip4_ttl_expired / payload)
  
          ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0)
          p4 = (p_ether / ip4_ttl_expired / payload)
  
@@ -557,22 +619,36 @@ class TestMAP(VppTestCase):
          for p in rx:
              self.validate(p[1], icmp4_reply)
  
          for p in rx:
              self.validate(p[1], icmp4_reply)
  
-        '''
-        This one is broken, cause it would require hairpinning...
-        # IPv4 TTL TTL1
+        # IPv4 TTL=1
          ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=1)
          p4 = (p_ether / ip4_ttl_expired / payload)
  
          ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=1)
          p4 = (p_ether / ip4_ttl_expired / payload)
  
-        icmp4_reply = IP(id=0, ttl=254, src=self.pg0.local_ip4,
-        dst=self.pg0.remote_ip4) / \
-        ICMP(type='time-exceeded', code='ttl-zero-during-transit' ) / \
-        IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0) / payload
+        icmp4_reply = (IP(id=0, ttl=254, src=self.pg0.local_ip4,
+                          dst=self.pg0.remote_ip4) /
+                       ICMP(type='time-exceeded',
+                            code='ttl-zero-during-transit') /
+                       IP(src=self.pg0.remote_ip4,
+                          dst='192.168.0.1', ttl=1) / payload)
          rx = self.send_and_expect(self.pg0, p4*1, self.pg0)
          for p in rx:
              self.validate(p[1], icmp4_reply)
          rx = self.send_and_expect(self.pg0, p4*1, self.pg0)
          for p in rx:
              self.validate(p[1], icmp4_reply)
-        '''
  
  
-        # IPv6 Hop limit
+        # IPv6 Hop limit at BR
+        ip6_hlim_expired = IPv6(hlim=1, src='2001:db8:1ab::c0a8:1:ab',
+                                dst='1234:5678:90ab:cdef:ac:1001:200:0')
+        p6 = (p_ether6 / ip6_hlim_expired / payload)
+
+        icmp6_reply = (IPv6(hlim=255, src=self.pg1.local_ip6,
+                            dst="2001:db8:1ab::c0a8:1:ab") /
+                       ICMPv6TimeExceeded(code=0) /
+                       IPv6(src="2001:db8:1ab::c0a8:1:ab",
+                            dst='1234:5678:90ab:cdef:ac:1001:200:0',
+                            hlim=1) / payload)
+        rx = self.send_and_expect(self.pg1, p6*1, self.pg1)
+        for p in rx:
+            self.validate(p[1], icmp6_reply)
+
+        # IPv6 Hop limit beyond BR
          ip6_hlim_expired = IPv6(hlim=0, src='2001:db8:1ab::c0a8:1:ab',
                                  dst='1234:5678:90ab:cdef:ac:1001:200:0')
          p6 = (p_ether6 / ip6_hlim_expired / payload)
          ip6_hlim_expired = IPv6(hlim=0, src='2001:db8:1ab::c0a8:1:ab',
                                  dst='1234:5678:90ab:cdef:ac:1001:200:0')
          p6 = (p_ether6 / ip6_hlim_expired / payload)
@@ -598,7 +674,7 @@ class TestMAP(VppTestCase):
          p6 = (p_ether6 / p_ip6 / payload)
          self.send_and_assert_no_replies(self.pg1, p6*1)
  
          p6 = (p_ether6 / p_ip6 / payload)
          self.send_and_assert_no_replies(self.pg1, p6*1)
  
-        # Packet fragmentation
+        # UDP packet fragmentation
          payload_len = 1453
          payload = UDP(sport=40000, dport=4000) / self.payload(payload_len)
          p4 = (p_ether / p_ip4 / payload)
          payload_len = 1453
          payload = UDP(sport=40000, dport=4000) / self.payload(payload_len)
          p4 = (p_ether / p_ip4 / payload)
@@ -610,11 +686,12 @@ class TestMAP(VppTestCase):
          p_ip6_translated = IPv6(src='1234:5678:90ab:cdef:ac:1001:200:0',
                                  dst='2001:db8:1e0::c0a8:1:e')
          for p in rx:
          p_ip6_translated = IPv6(src='1234:5678:90ab:cdef:ac:1001:200:0',
                                  dst='2001:db8:1e0::c0a8:1:e')
          for p in rx:
-            self.validate_frag(p, p_ip6_translated)
+            self.validate_frag6(p, p_ip6_translated)
  
  
-        self.validate_frag_payload_len(rx, UDP, payload_len)
+        self.validate_frag_payload_len6(rx, UDP, payload_len)
  
  
-        # Packet fragmentation send fragments
+        # UDP packet fragmentation send fragments
+        payload_len = 1453
          payload = UDP(sport=40000, dport=4000) / self.payload(payload_len)
          p4 = (p_ether / p_ip4 / payload)
          frags = fragment_rfc791(p4, fragsize=1000)
          payload = UDP(sport=40000, dport=4000) / self.payload(payload_len)
          p4 = (p_ether / p_ip4 / payload)
          frags = fragment_rfc791(p4, fragsize=1000)
@@ -624,14 +701,61 @@ class TestMAP(VppTestCase):
          rx = self.pg1.get_capture(2)
  
          for p in rx:
          rx = self.pg1.get_capture(2)
  
          for p in rx:
-            self.validate_frag(p, p_ip6_translated)
+            self.validate_frag6(p, p_ip6_translated)
  
  
-        self.validate_frag_payload_len(rx, UDP, payload_len)
+        self.validate_frag_payload_len6(rx, UDP, payload_len)
  
  
-        # reass_pkt = reassemble(rx)
-        # p4_reply.ttl -= 1
-        # p4_reply.id = 256
-        # self.validate(reass_pkt, p4_reply)
+        # Send back an fragmented IPv6 UDP packet that will be "untranslated"
+        payload = UDP(sport=4000, dport=40000) / self.payload(payload_len)
+        p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
+        p_ip6 = IPv6(src='2001:db8:1e0::c0a8:1:e',
+                     dst='1234:5678:90ab:cdef:ac:1001:200:0')
+        p6 = (p_ether6 / p_ip6 / payload)
+        frags6 = fragment_rfc8200(p6, identification=0xdcba, fragsize=1000)
+
+        p_ip4_translated = IP(src='192.168.0.1', dst=self.pg0.remote_ip4)
+        p4_translated = (p_ip4_translated / payload)
+        p4_translated.id = 0
+        p4_translated.ttl -= 1
+
+        self.pg_enable_capture()
+        self.pg1.add_stream(frags6)
+        self.pg_start()
+        rx = self.pg0.get_capture(2)
+
+        for p in rx:
+            self.validate_frag4(p, p4_translated)
+
+        self.validate_frag_payload_len4(rx, UDP, payload_len)
+
+        # ICMP packet fragmentation
+        payload = ICMP(id=6529) / self.payload(payload_len)
+        p4 = (p_ether / p_ip4 / payload)
+        self.pg_enable_capture()
+        self.pg0.add_stream(p4)
+        self.pg_start()
+        rx = self.pg1.get_capture(2)
+
+        p_ip6_translated = IPv6(src='1234:5678:90ab:cdef:ac:1001:200:0',
+                                dst='2001:db8:160::c0a8:1:6')
+        for p in rx:
+            self.validate_frag6(p, p_ip6_translated)
+
+        self.validate_frag_payload_len6(rx, ICMPv6EchoRequest, payload_len)
+
+        # ICMP packet fragmentation send fragments
+        payload = ICMP(id=6529) / self.payload(payload_len)
+        p4 = (p_ether / p_ip4 / payload)
+        frags = fragment_rfc791(p4, fragsize=1000)
+        self.pg_enable_capture()
+        self.pg0.add_stream(frags)
+        self.pg_start()
+        rx = self.pg1.get_capture(2)
+
+        for p in rx:
+            self.validate_frag6(p, p_ip6_translated)
+
+        self.validate_frag_payload_len6(rx, ICMPv6EchoRequest, payload_len)
  
          # TCP MSS clamping
          self.vapi.map_param_set_tcp(1300)
  
          # TCP MSS clamping
          self.vapi.map_param_set_tcp(1300)
@@ -667,6 +791,36 @@ class TestMAP(VppTestCase):
          for p in rx:
              self.validate(p[1], p4_translated)
  
          for p in rx:
              self.validate(p[1], p4_translated)
  
+        # TCP MSS clamping cleanup
+        self.vapi.map_param_set_tcp(0)
+
+        # Enable icmp6 param to get back ICMPv6 unreachable messages in case
+        # of security check fails
+        self.vapi.map_param_set_icmp6(enable_unreachable=1)
+
+        # Send back an IPv6 packet that will be droppped due to security
+        # check fail
+        p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
+        p_ip6_sec_check_fail = IPv6(src='2001:db8:1fe::c0a8:1:f',
+                                    dst='1234:5678:90ab:cdef:ac:1001:200:0')
+        payload = TCP(sport=0xabcd, dport=0xabcd)
+        p6 = (p_ether6 / p_ip6_sec_check_fail / payload)
+
+        self.pg_send(self.pg1, p6*1)
+        self.pg0.get_capture(0, timeout=1)
+        rx = self.pg1.get_capture(1)
+
+        icmp6_reply = (IPv6(hlim=255, src=self.pg1.local_ip6,
+                            dst='2001:db8:1fe::c0a8:1:f') /
+                       ICMPv6DestUnreach(code=5) /
+                       p_ip6_sec_check_fail / payload)
+
+        for p in rx:
+            self.validate(p[1], icmp6_reply)
+
+        # ICMPv6 unreachable messages cleanup
+        self.vapi.map_param_set_icmp6(enable_unreachable=0)
+
      def test_map_t_ip6_psid(self):
          """ MAP-T v6->v4 PSID validation"""
  
      def test_map_t_ip6_psid(self):
          """ MAP-T v6->v4 PSID validation"""
  
@@ -723,5 +877,87 @@ class TestMAP(VppTestCase):
          p6 = (p_ether6 / p_ip6 / payload)
          self.send_and_assert_no_replies(self.pg1, p6*1)
  
          p6 = (p_ether6 / p_ip6 / payload)
          self.send_and_assert_no_replies(self.pg1, p6*1)
  
+    def test_map_t_pre_resolve(self):
+        """ MAP-T pre-resolve"""
+
+        # Add a domain that maps from pg0 to pg1
+        map_dst = '2001:db8::/32'
+        map_src = '1234:5678:90ab:cdef::/64'
+        ip4_pfx = '192.168.0.0/24'
+        tag = 'MAP-T Test Domain.'
+
+        self.vapi.map_add_domain(ip6_prefix=map_dst,
+                                 ip4_prefix=ip4_pfx,
+                                 ip6_src=map_src,
+                                 ea_bits_len=16,
+                                 psid_offset=6,
+                                 psid_length=4,
+                                 mtu=1500,
+                                 tag=tag)
+
+        # Enable MAP-T on interfaces.
+        self.vapi.map_if_enable_disable(is_enable=1,
+                                        sw_if_index=self.pg0.sw_if_index,
+                                        is_translation=1)
+        self.vapi.map_if_enable_disable(is_enable=1,
+                                        sw_if_index=self.pg1.sw_if_index,
+                                        is_translation=1)
+
+        # Enable pre-resolve option
+        self.vapi.map_param_add_del_pre_resolve(ip4_nh_address="10.1.2.3",
+                                                ip6_nh_address="4001::1",
+                                                is_add=1)
+
+        # Add a route to 4001::1 and expect the translated traffic to be
+        # sent via that route next-hop.
+        pre_res_route6 = VppIpRoute(self, "4001::1", 128,
+                                    [VppRoutePath(self.pg1.remote_hosts[2].ip6,
+                                                  self.pg1.sw_if_index)])
+        pre_res_route6.add_vpp_config()
+
+        # Add a route to 10.1.2.3 and expect the "untranslated" traffic to be
+        # sent via that route next-hop.
+        pre_res_route4 = VppIpRoute(self, "10.1.2.3", 32,
+                                    [VppRoutePath(self.pg0.remote_hosts[1].ip4,
+                                                  self.pg0.sw_if_index)])
+        pre_res_route4.add_vpp_config()
+
+        # Send an IPv4 packet that will be translated
+        p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
+        p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
+        payload = TCP(sport=0xabcd, dport=0xabcd)
+        p4 = (p_ether / p_ip4 / payload)
+
+        p6_translated = (IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0",
+                              dst="2001:db8:1f0::c0a8:1:f") / payload)
+        p6_translated.hlim -= 1
+
+        rx = self.send_and_expect(self.pg0, p4*1, self.pg1)
+        for p in rx:
+            self.assertEqual(p[Ether].dst, self.pg1.remote_hosts[2].mac)
+            self.validate(p[1], p6_translated)
+
+        # Send back an IPv6 packet that will be "untranslated"
+        p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
+        p_ip6 = IPv6(src='2001:db8:1f0::c0a8:1:f',
+                     dst='1234:5678:90ab:cdef:ac:1001:200:0')
+        p6 = (p_ether6 / p_ip6 / payload)
+
+        p4_translated = (IP(src='192.168.0.1',
+                            dst=self.pg0.remote_ip4) / payload)
+        p4_translated.id = 0
+        p4_translated.ttl -= 1
+
+        rx = self.send_and_expect(self.pg1, p6*1, self.pg0)
+        for p in rx:
+            self.assertEqual(p[Ether].dst, self.pg0.remote_hosts[1].mac)
+            self.validate(p[1], p4_translated)
+
+        # Cleanup pre-resolve option
+        self.vapi.map_param_add_del_pre_resolve(ip4_nh_address="10.1.2.3",
+                                                ip6_nh_address="4001::1",
+                                                is_add=0)
+
+
  if __name__ == '__main__':
      unittest.main(testRunner=VppTestRunner)
  if __name__ == '__main__':
      unittest.main(testRunner=VppTestRunner)