+ self.assertEqual(ipv6.src, self.pg0.local_ip6)
+ self.assertEqual(ipv6.dst, self.pg0.remote_ip6)
+
+ self.assertEqual(
+ icmp6types[icmpv6.type], "Echo Reply")
+ self.assertEqual(icmpv6.id, icmpv6_id)
+ self.assertEqual(icmpv6.seq, icmpv6_seq)
+ self.assertEqual(icmpv6.data, icmpv6_data)
+
+
+class TestIPv6RD(TestIPv6ND):
+ """ IPv6 Router Discovery Test Case """
+
+ @classmethod
+ def setUpClass(cls):
+ super(TestIPv6RD, cls).setUpClass()
+
+ @classmethod
+ def tearDownClass(cls):
+ super(TestIPv6RD, cls).tearDownClass()
+
+ def setUp(self):
+ super(TestIPv6RD, self).setUp()
+
+ # create 2 pg interfaces
+ self.create_pg_interfaces(range(2))
+
+ self.interfaces = list(self.pg_interfaces)
+
+ # setup all interfaces
+ for i in self.interfaces:
+ i.admin_up()
+ i.config_ip6()
+
+ def tearDown(self):
+ for i in self.interfaces:
+ i.unconfig_ip6()
+ i.admin_down()
+ super(TestIPv6RD, self).tearDown()
+
+ def test_rd_send_router_solicitation(self):
+ """ Verify router solicitation packets """
+
+ count = 2
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ self.vapi.ip6nd_send_router_solicitation(self.pg1.sw_if_index,
+ mrc=count)
+ rx_list = self.pg1.get_capture(count, timeout=3)
+ self.assertEqual(len(rx_list), count)
+ for packet in rx_list:
+ self.assertEqual(packet.haslayer(IPv6), 1)
+ self.assertEqual(packet[IPv6].haslayer(
+ ICMPv6ND_RS), 1)
+ dst = ip6_normalize(packet[IPv6].dst)
+ dst2 = ip6_normalize("ff02::2")
+ self.assert_equal(dst, dst2)
+ src = ip6_normalize(packet[IPv6].src)
+ src2 = ip6_normalize(self.pg1.local_ip6_ll)
+ self.assert_equal(src, src2)
+ self.assertTrue(
+ bool(packet[ICMPv6ND_RS].haslayer(
+ ICMPv6NDOptSrcLLAddr)))
+ self.assert_equal(
+ packet[ICMPv6NDOptSrcLLAddr].lladdr,
+ self.pg1.local_mac)
+
+ def verify_prefix_info(self, reported_prefix, prefix_option):
+ prefix = IPv6Network(
+ text_type(prefix_option.getfieldval("prefix") +
+ "/" +
+ text_type(prefix_option.getfieldval("prefixlen"))),
+ strict=False)
+ self.assert_equal(reported_prefix.prefix.network_address,
+ prefix.network_address)
+ L = prefix_option.getfieldval("L")
+ A = prefix_option.getfieldval("A")
+ option_flags = (L << 7) | (A << 6)
+ self.assert_equal(reported_prefix.flags, option_flags)
+ self.assert_equal(reported_prefix.valid_time,
+ prefix_option.getfieldval("validlifetime"))
+ self.assert_equal(reported_prefix.preferred_time,
+ prefix_option.getfieldval("preferredlifetime"))
+
+ def test_rd_receive_router_advertisement(self):
+ """ Verify events triggered by received RA packets """
+
+ self.vapi.want_ip6_ra_events(enable=1)
+
+ prefix_info_1 = ICMPv6NDOptPrefixInfo(
+ prefix="1::2",
+ prefixlen=50,
+ validlifetime=200,
+ preferredlifetime=500,
+ L=1,
+ A=1,
+ )
+
+ prefix_info_2 = ICMPv6NDOptPrefixInfo(
+ prefix="7::4",
+ prefixlen=20,
+ validlifetime=70,
+ preferredlifetime=1000,
+ L=1,
+ A=0,
+ )
+
+ p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
+ IPv6(dst=self.pg1.local_ip6_ll,
+ src=mk_ll_addr(self.pg1.remote_mac)) /
+ ICMPv6ND_RA() /
+ prefix_info_1 /
+ prefix_info_2)
+ self.pg1.add_stream([p])
+ self.pg_start()
+
+ ev = self.vapi.wait_for_event(10, "ip6_ra_event")
+
+ self.assert_equal(ev.current_hop_limit, 0)
+ self.assert_equal(ev.flags, 8)
+ self.assert_equal(ev.router_lifetime_in_sec, 1800)
+ self.assert_equal(ev.neighbor_reachable_time_in_msec, 0)
+ self.assert_equal(
+ ev.time_in_msec_between_retransmitted_neighbor_solicitations, 0)
+
+ self.assert_equal(ev.n_prefixes, 2)
+
+ self.verify_prefix_info(ev.prefixes[0], prefix_info_1)
+ self.verify_prefix_info(ev.prefixes[1], prefix_info_2)
+
+
+class TestIPv6RDControlPlane(TestIPv6ND):
+ """ IPv6 Router Discovery Control Plane Test Case """
+
+ @classmethod
+ def setUpClass(cls):
+ super(TestIPv6RDControlPlane, cls).setUpClass()
+
+ @classmethod
+ def tearDownClass(cls):
+ super(TestIPv6RDControlPlane, cls).tearDownClass()
+
+ def setUp(self):
+ super(TestIPv6RDControlPlane, self).setUp()
+
+ # create 1 pg interface
+ self.create_pg_interfaces(range(1))
+
+ self.interfaces = list(self.pg_interfaces)
+
+ # setup all interfaces
+ for i in self.interfaces:
+ i.admin_up()
+ i.config_ip6()
+
+ def tearDown(self):
+ super(TestIPv6RDControlPlane, self).tearDown()
+
+ @staticmethod
+ def create_ra_packet(pg, routerlifetime=None):
+ src_ip = pg.remote_ip6_ll
+ dst_ip = pg.local_ip6
+ if routerlifetime is not None:
+ ra = ICMPv6ND_RA(routerlifetime=routerlifetime)
+ else:
+ ra = ICMPv6ND_RA()
+ p = (Ether(dst=pg.local_mac, src=pg.remote_mac) /
+ IPv6(dst=dst_ip, src=src_ip) / ra)
+ return p
+
+ @staticmethod
+ def get_default_routes(fib):
+ list = []
+ for entry in fib:
+ if entry.route.prefix.prefixlen == 0:
+ for path in entry.route.paths:
+ if path.sw_if_index != 0xFFFFFFFF:
+ defaut_route = {}
+ defaut_route['sw_if_index'] = path.sw_if_index
+ defaut_route['next_hop'] = path.nh.address.ip6
+ list.append(defaut_route)
+ return list
+
+ @staticmethod
+ def get_interface_addresses(fib, pg):
+ list = []
+ for entry in fib:
+ if entry.route.prefix.prefixlen == 128:
+ path = entry.route.paths[0]
+ if path.sw_if_index == pg.sw_if_index:
+ list.append(str(entry.route.prefix.network_address))
+ return list
+
+ def wait_for_no_default_route(self, n_tries=50, s_time=1):
+ while (n_tries):
+ fib = self.vapi.ip_route_dump(0, True)
+ default_routes = self.get_default_routes(fib)
+ if 0 == len(default_routes):
+ return True
+ n_tries = n_tries - 1
+ self.sleep(s_time)
+
+ return False
+
+ def test_all(self):
+ """ Test handling of SLAAC addresses and default routes """
+
+ fib = self.vapi.ip_route_dump(0, True)
+ default_routes = self.get_default_routes(fib)
+ initial_addresses = set(self.get_interface_addresses(fib, self.pg0))
+ self.assertEqual(default_routes, [])
+ router_address = IPv6Address(text_type(self.pg0.remote_ip6_ll))
+
+ self.vapi.ip6_nd_address_autoconfig(self.pg0.sw_if_index, 1, 1)
+
+ self.sleep(0.1)
+
+ # send RA
+ packet = (self.create_ra_packet(
+ self.pg0) / ICMPv6NDOptPrefixInfo(
+ prefix="1::",
+ prefixlen=64,
+ validlifetime=2,
+ preferredlifetime=2,
+ L=1,
+ A=1,
+ ) / ICMPv6NDOptPrefixInfo(
+ prefix="7::",
+ prefixlen=20,
+ validlifetime=1500,
+ preferredlifetime=1000,
+ L=1,
+ A=0,
+ ))
+ self.pg0.add_stream([packet])
+ self.pg_start()
+
+ self.sleep_on_vpp_time(0.1)
+
+ fib = self.vapi.ip_route_dump(0, True)
+
+ # check FIB for new address
+ addresses = set(self.get_interface_addresses(fib, self.pg0))
+ new_addresses = addresses.difference(initial_addresses)
+ self.assertEqual(len(new_addresses), 1)
+ prefix = IPv6Network(text_type("%s/%d" % (list(new_addresses)[0], 20)),
+ strict=False)
+ self.assertEqual(prefix, IPv6Network(text_type('1::/20')))
+
+ # check FIB for new default route
+ default_routes = self.get_default_routes(fib)
+ self.assertEqual(len(default_routes), 1)
+ dr = default_routes[0]
+ self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
+ self.assertEqual(dr['next_hop'], router_address)
+
+ # send RA to delete default route
+ packet = self.create_ra_packet(self.pg0, routerlifetime=0)
+ self.pg0.add_stream([packet])
+ self.pg_start()
+
+ self.sleep_on_vpp_time(0.1)
+
+ # check that default route is deleted
+ fib = self.vapi.ip_route_dump(0, True)
+ default_routes = self.get_default_routes(fib)
+ self.assertEqual(len(default_routes), 0)
+
+ self.sleep_on_vpp_time(0.1)
+
+ # send RA
+ packet = self.create_ra_packet(self.pg0)
+ self.pg0.add_stream([packet])
+ self.pg_start()
+
+ self.sleep_on_vpp_time(0.1)
+
+ # check FIB for new default route
+ fib = self.vapi.ip_route_dump(0, True)
+ default_routes = self.get_default_routes(fib)
+ self.assertEqual(len(default_routes), 1)
+ dr = default_routes[0]
+ self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
+ self.assertEqual(dr['next_hop'], router_address)
+
+ # send RA, updating router lifetime to 1s
+ packet = self.create_ra_packet(self.pg0, 1)
+ self.pg0.add_stream([packet])
+ self.pg_start()
+
+ self.sleep_on_vpp_time(0.1)
+
+ # check that default route still exists
+ fib = self.vapi.ip_route_dump(0, True)
+ default_routes = self.get_default_routes(fib)
+ self.assertEqual(len(default_routes), 1)
+ dr = default_routes[0]
+ self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
+ self.assertEqual(dr['next_hop'], router_address)
+
+ self.sleep_on_vpp_time(1)
+
+ # check that default route is deleted
+ self.assertTrue(self.wait_for_no_default_route())
+
+ # check FIB still contains the SLAAC address
+ addresses = set(self.get_interface_addresses(fib, self.pg0))
+ new_addresses = addresses.difference(initial_addresses)
+
+ self.assertEqual(len(new_addresses), 1)
+ prefix = IPv6Network(text_type("%s/%d" % (list(new_addresses)[0], 20)),
+ strict=False)
+ self.assertEqual(prefix, IPv6Network(text_type('1::/20')))
+
+ self.sleep_on_vpp_time(1)
+
+ # check that SLAAC address is deleted
+ fib = self.vapi.ip_route_dump(0, True)
+ addresses = set(self.get_interface_addresses(fib, self.pg0))
+ new_addresses = addresses.difference(initial_addresses)
+ self.assertEqual(len(new_addresses), 0)
+
+
+class IPv6NDProxyTest(TestIPv6ND):
+ """ IPv6 ND ProxyTest Case """
+
+ @classmethod
+ def setUpClass(cls):
+ super(IPv6NDProxyTest, cls).setUpClass()
+
+ @classmethod
+ def tearDownClass(cls):
+ super(IPv6NDProxyTest, cls).tearDownClass()
+
+ def setUp(self):
+ super(IPv6NDProxyTest, self).setUp()
+
+ # create 3 pg interfaces
+ self.create_pg_interfaces(range(3))
+
+ # pg0 is the master interface, with the configured subnet
+ self.pg0.admin_up()
+ self.pg0.config_ip6()
+ self.pg0.resolve_ndp()
+
+ self.pg1.ip6_enable()
+ self.pg2.ip6_enable()
+
+ def tearDown(self):
+ super(IPv6NDProxyTest, self).tearDown()
+
+ def test_nd_proxy(self):
+ """ IPv6 Proxy ND """
+
+ #
+ # Generate some hosts in the subnet that we are proxying
+ #
+ self.pg0.generate_remote_hosts(8)
+
+ nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
+ d = inet_ntop(AF_INET6, nsma)
+
+ #
+ # Send an NS for one of those remote hosts on one of the proxy links
+ # expect no response since it's from an address that is not
+ # on the link that has the prefix configured
+ #
+ ns_pg1 = (Ether(dst=in6_getnsmac(nsma), src=self.pg1.remote_mac) /
+ IPv6(dst=d,
+ src=self.pg0._remote_hosts[2].ip6) /
+ ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
+ ICMPv6NDOptSrcLLAddr(
+ lladdr=self.pg0._remote_hosts[2].mac))
+
+ self.send_and_assert_no_replies(self.pg1, ns_pg1, "Off link NS")
+
+ #
+ # Add proxy support for the host
+ #
+ self.vapi.ip6nd_proxy_add_del(
+ is_add=1, ip=inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
+ sw_if_index=self.pg1.sw_if_index)
+
+ #
+ # try that NS again. this time we expect an NA back
+ #
+ self.send_and_expect_na(self.pg1, ns_pg1,
+ "NS to proxy entry",
+ dst_ip=self.pg0._remote_hosts[2].ip6,
+ tgt_ip=self.pg0.local_ip6)
+
+ #
+ # ... and that we have an entry in the ND cache
+ #
+ self.assertTrue(find_nbr(self,
+ self.pg1.sw_if_index,
+ self.pg0._remote_hosts[2].ip6))
+
+ #
+ # ... and we can route traffic to it
+ #
+ t = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
+ IPv6(dst=self.pg0._remote_hosts[2].ip6,
+ src=self.pg0.remote_ip6) /
+ inet6.UDP(sport=10000, dport=20000) /
+ Raw(b'\xa5' * 100))
+
+ self.pg0.add_stream(t)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ rx = self.pg1.get_capture(1)
+ rx = rx[0]
+
+ self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
+ self.assertEqual(rx[Ether].src, self.pg1.local_mac)
+
+ self.assertEqual(rx[IPv6].src,
+ t[IPv6].src)
+ self.assertEqual(rx[IPv6].dst,
+ t[IPv6].dst)
+
+ #
+ # Test we proxy for the host on the main interface
+ #
+ ns_pg0 = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
+ IPv6(dst=d, src=self.pg0.remote_ip6) /
+ ICMPv6ND_NS(
+ tgt=self.pg0._remote_hosts[2].ip6) /
+ ICMPv6NDOptSrcLLAddr(
+ lladdr=self.pg0.remote_mac))
+
+ self.send_and_expect_na(self.pg0, ns_pg0,
+ "NS to proxy entry on main",
+ tgt_ip=self.pg0._remote_hosts[2].ip6,
+ dst_ip=self.pg0.remote_ip6)
+
+ #
+ # Setup and resolve proxy for another host on another interface
+ #
+ ns_pg2 = (Ether(dst=in6_getnsmac(nsma), src=self.pg2.remote_mac) /
+ IPv6(dst=d,
+ src=self.pg0._remote_hosts[3].ip6) /
+ ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
+ ICMPv6NDOptSrcLLAddr(
+ lladdr=self.pg0._remote_hosts[2].mac))
+
+ self.vapi.ip6nd_proxy_add_del(
+ is_add=1, ip=inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
+ sw_if_index=self.pg2.sw_if_index)
+
+ self.send_and_expect_na(self.pg2, ns_pg2,
+ "NS to proxy entry other interface",
+ dst_ip=self.pg0._remote_hosts[3].ip6,
+ tgt_ip=self.pg0.local_ip6)
+
+ self.assertTrue(find_nbr(self,
+ self.pg2.sw_if_index,
+ self.pg0._remote_hosts[3].ip6))
+
+ #
+ # hosts can communicate. pg2->pg1
+ #
+ t2 = (Ether(dst=self.pg2.local_mac,
+ src=self.pg0.remote_hosts[3].mac) /
+ IPv6(dst=self.pg0._remote_hosts[2].ip6,
+ src=self.pg0._remote_hosts[3].ip6) /
+ inet6.UDP(sport=10000, dport=20000) /
+ Raw(b'\xa5' * 100))
+
+ self.pg2.add_stream(t2)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ rx = self.pg1.get_capture(1)
+ rx = rx[0]
+
+ self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
+ self.assertEqual(rx[Ether].src, self.pg1.local_mac)
+
+ self.assertEqual(rx[IPv6].src,
+ t2[IPv6].src)
+ self.assertEqual(rx[IPv6].dst,
+ t2[IPv6].dst)
+
+ #
+ # remove the proxy configs
+ #
+ self.vapi.ip6nd_proxy_add_del(
+ ip=inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
+ sw_if_index=self.pg1.sw_if_index, is_add=0)
+ self.vapi.ip6nd_proxy_add_del(
+ ip=inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
+ sw_if_index=self.pg2.sw_if_index, is_add=0)
+
+ self.assertFalse(find_nbr(self,
+ self.pg2.sw_if_index,
+ self.pg0._remote_hosts[3].ip6))
+ self.assertFalse(find_nbr(self,
+ self.pg1.sw_if_index,
+ self.pg0._remote_hosts[2].ip6))
+
+ #
+ # no longer proxy-ing...
+ #
+ self.send_and_assert_no_replies(self.pg0, ns_pg0, "Proxy unconfigured")
+ self.send_and_assert_no_replies(self.pg1, ns_pg1, "Proxy unconfigured")
+ self.send_and_assert_no_replies(self.pg2, ns_pg2, "Proxy unconfigured")
+
+ #
+ # no longer forwarding. traffic generates NS out of the glean/main
+ # interface
+ #
+ self.pg2.add_stream(t2)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+
+ rx = self.pg0.get_capture(1)
+
+ self.assertTrue(rx[0].haslayer(ICMPv6ND_NS))
+
+
+class TestIPNull(VppTestCase):
+ """ IPv6 routes via NULL """
+
+ @classmethod
+ def setUpClass(cls):
+ super(TestIPNull, cls).setUpClass()
+
+ @classmethod
+ def tearDownClass(cls):
+ super(TestIPNull, cls).tearDownClass()
+
+ def setUp(self):
+ super(TestIPNull, self).setUp()
+
+ # create 2 pg interfaces
+ self.create_pg_interfaces(range(1))
+
+ for i in self.pg_interfaces:
+ i.admin_up()
+ i.config_ip6()
+ i.resolve_ndp()
+
+ def tearDown(self):
+ super(TestIPNull, self).tearDown()
+ for i in self.pg_interfaces:
+ i.unconfig_ip6()
+ i.admin_down()
+
+ def test_ip_null(self):
+ """ IP NULL route """
+
+ p = (Ether(src=self.pg0.remote_mac,
+ dst=self.pg0.local_mac) /
+ IPv6(src=self.pg0.remote_ip6, dst="2001::1") /
+ inet6.UDP(sport=1234, dport=1234) /
+ Raw(b'\xa5' * 100))
+
+ #
+ # A route via IP NULL that will reply with ICMP unreachables
+ #
+ ip_unreach = VppIpRoute(
+ self, "2001::", 64,
+ [VppRoutePath("::", 0xffffffff,
+ type=FibPathType.FIB_PATH_TYPE_ICMP_UNREACH)])
+ ip_unreach.add_vpp_config()
+
+ self.pg0.add_stream(p)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+
+ rx = self.pg0.get_capture(1)
+ rx = rx[0]
+ icmp = rx[ICMPv6DestUnreach]
+
+ # 0 = "No route to destination"
+ self.assertEqual(icmp.code, 0)
+
+ # ICMP is rate limited. pause a bit
+ self.sleep(1)
+
+ #
+ # A route via IP NULL that will reply with ICMP prohibited
+ #
+ ip_prohibit = VppIpRoute(
+ self, "2001::1", 128,
+ [VppRoutePath("::", 0xffffffff,
+ type=FibPathType.FIB_PATH_TYPE_ICMP_PROHIBIT)])
+ ip_prohibit.add_vpp_config()
+
+ self.pg0.add_stream(p)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+
+ rx = self.pg0.get_capture(1)
+ rx = rx[0]
+ icmp = rx[ICMPv6DestUnreach]
+
+ # 1 = "Communication with destination administratively prohibited"
+ self.assertEqual(icmp.code, 1)
+
+
+class TestIPDisabled(VppTestCase):
+ """ IPv6 disabled """
+
+ @classmethod
+ def setUpClass(cls):
+ super(TestIPDisabled, cls).setUpClass()
+
+ @classmethod
+ def tearDownClass(cls):
+ super(TestIPDisabled, cls).tearDownClass()
+
+ def setUp(self):
+ super(TestIPDisabled, self).setUp()
+
+ # create 2 pg interfaces
+ self.create_pg_interfaces(range(2))
+
+ # PG0 is IP enabled
+ self.pg0.admin_up()
+ self.pg0.config_ip6()
+ self.pg0.resolve_ndp()
+
+ # PG 1 is not IP enabled
+ self.pg1.admin_up()
+
+ def tearDown(self):
+ super(TestIPDisabled, self).tearDown()
+ for i in self.pg_interfaces:
+ i.unconfig_ip4()
+ i.admin_down()
+
+ def test_ip_disabled(self):
+ """ IP Disabled """