from scapy.layers.l2 import Ether
from scapy.packet import Raw
from scapy.layers.inet import IP, UDP, ICMP, TCP
-from scapy.layers.inet6 import IPv6, ICMPv6TimeExceeded, IPv6ExtHdrFragment
+from scapy.layers.inet6 import IPv6, ICMPv6TimeExceeded, IPv6ExtHdrFragment, \
+ ICMPv6EchoRequest, ICMPv6DestUnreach
class TestMAP(VppTestCase):
p6 = (p_ether6 / p_ip6 / payload)
self.send_and_assert_no_replies(self.pg1, p6*1)
- # Packet fragmentation
+ # UDP packet fragmentation
payload_len = 1453
payload = UDP(sport=40000, dport=4000) / self.payload(payload_len)
p4 = (p_ether / p_ip4 / payload)
self.validate_frag_payload_len(rx, UDP, payload_len)
- # Packet fragmentation send fragments
+ # UDP packet fragmentation send fragments
payload = UDP(sport=40000, dport=4000) / self.payload(payload_len)
p4 = (p_ether / p_ip4 / payload)
frags = fragment_rfc791(p4, fragsize=1000)
self.validate_frag_payload_len(rx, UDP, payload_len)
- # reass_pkt = reassemble(rx)
- # p4_reply.ttl -= 1
- # p4_reply.id = 256
- # self.validate(reass_pkt, p4_reply)
+ # ICMP packet fragmentation
+ payload = ICMP(id=6529) / self.payload(payload_len)
+ p4 = (p_ether / p_ip4 / payload)
+ self.pg_enable_capture()
+ self.pg0.add_stream(p4)
+ self.pg_start()
+ rx = self.pg1.get_capture(2)
+
+ p_ip6_translated = IPv6(src='1234:5678:90ab:cdef:ac:1001:200:0',
+ dst='2001:db8:160::c0a8:1:6')
+ for p in rx:
+ self.validate_frag(p, p_ip6_translated)
+
+ self.validate_frag_payload_len(rx, ICMPv6EchoRequest, payload_len)
+
+ # ICMP packet fragmentation send fragments
+ payload = ICMP(id=6529) / self.payload(payload_len)
+ p4 = (p_ether / p_ip4 / payload)
+ frags = fragment_rfc791(p4, fragsize=1000)
+ self.pg_enable_capture()
+ self.pg0.add_stream(frags)
+ self.pg_start()
+ rx = self.pg1.get_capture(2)
+
+ for p in rx:
+ self.validate_frag(p, p_ip6_translated)
+
+ self.validate_frag_payload_len(rx, ICMPv6EchoRequest, payload_len)
# TCP MSS clamping
self.vapi.map_param_set_tcp(1300)
for p in rx:
self.validate(p[1], p4_translated)
+ # TCP MSS clamping cleanup
+ self.vapi.map_param_set_tcp(0)
+
+ # Enable icmp6 param to get back ICMPv6 unreachable messages in case
+ # of security check fails
+ self.vapi.map_param_set_icmp6(enable_unreachable=1)
+
+ # Send back an IPv6 packet that will be droppped due to security
+ # check fail
+ p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
+ p_ip6_sec_check_fail = IPv6(src='2001:db8:1fe::c0a8:1:f',
+ dst='1234:5678:90ab:cdef:ac:1001:200:0')
+ payload = TCP(sport=0xabcd, dport=0xabcd)
+ p6 = (p_ether6 / p_ip6_sec_check_fail / payload)
+
+ self.pg_send(self.pg1, p6*1)
+ self.pg0.get_capture(0, timeout=1)
+ rx = self.pg1.get_capture(1)
+
+ icmp6_reply = (IPv6(hlim=255, src=self.pg1.local_ip6,
+ dst='2001:db8:1fe::c0a8:1:f') /
+ ICMPv6DestUnreach(code=5) /
+ p_ip6_sec_check_fail / payload)
+
+ for p in rx:
+ self.validate(p[1], icmp6_reply)
+
+ # ICMPv6 unreachable messages cleanup
+ self.vapi.map_param_set_icmp6(enable_unreachable=0)
+
def test_map_t_ip6_psid(self):
""" MAP-T v6->v4 PSID validation"""