import random
from framework import VppTestCase, VppTestRunner, running_extended_tests
-from vpp_ip_route import VppIpRoute, VppRoutePath, DpoProto
from scapy.layers.inet import IP, TCP, UDP, ICMP
from scapy.layers.inet import IPerror, TCPerror, UDPerror, ICMPerror
from scapy.layers.inet6 import IPv6, ICMPv6EchoRequest, ICMPv6EchoReply
class MethodHolder(VppTestCase):
""" NAT create capture and verify method holder """
- @classmethod
- def setUpClass(cls):
- super(MethodHolder, cls).setUpClass()
-
- def tearDown(self):
- super(MethodHolder, self).tearDown()
-
- def check_ip_checksum(self, pkt):
- """
- Check IP checksum of the packet
-
- :param pkt: Packet to check IP checksum
- """
- new = pkt.__class__(str(pkt))
- del new['IP'].chksum
- new = new.__class__(str(new))
- self.assertEqual(new['IP'].chksum, pkt['IP'].chksum)
-
- def check_tcp_checksum(self, pkt):
- """
- Check TCP checksum in IP packet
-
- :param pkt: Packet to check TCP checksum
- """
- new = pkt.__class__(str(pkt))
- del new['TCP'].chksum
- new = new.__class__(str(new))
- self.assertEqual(new['TCP'].chksum, pkt['TCP'].chksum)
-
- def check_udp_checksum(self, pkt):
- """
- Check UDP checksum in IP packet
-
- :param pkt: Packet to check UDP checksum
- """
- new = pkt.__class__(str(pkt))
- del new['UDP'].chksum
- new = new.__class__(str(new))
- self.assertEqual(new['UDP'].chksum, pkt['UDP'].chksum)
-
- def check_icmp_errror_embedded(self, pkt):
- """
- Check ICMP error embeded packet checksum
-
- :param pkt: Packet to check ICMP error embeded packet checksum
- """
- if pkt.haslayer(IPerror):
- new = pkt.__class__(str(pkt))
- del new['IPerror'].chksum
- new = new.__class__(str(new))
- self.assertEqual(new['IPerror'].chksum, pkt['IPerror'].chksum)
-
- if pkt.haslayer(TCPerror):
- new = pkt.__class__(str(pkt))
- del new['TCPerror'].chksum
- new = new.__class__(str(new))
- self.assertEqual(new['TCPerror'].chksum, pkt['TCPerror'].chksum)
-
- if pkt.haslayer(UDPerror):
- if pkt['UDPerror'].chksum != 0:
- new = pkt.__class__(str(pkt))
- del new['UDPerror'].chksum
- new = new.__class__(str(new))
- self.assertEqual(new['UDPerror'].chksum,
- pkt['UDPerror'].chksum)
-
- if pkt.haslayer(ICMPerror):
- del new['ICMPerror'].chksum
- new = new.__class__(str(new))
- self.assertEqual(new['ICMPerror'].chksum, pkt['ICMPerror'].chksum)
-
- def check_icmp_checksum(self, pkt):
- """
- Check ICMP checksum in IPv4 packet
-
- :param pkt: Packet to check ICMP checksum
- """
- new = pkt.__class__(str(pkt))
- del new['ICMP'].chksum
- new = new.__class__(str(new))
- self.assertEqual(new['ICMP'].chksum, pkt['ICMP'].chksum)
- if pkt.haslayer(IPerror):
- self.check_icmp_errror_embedded(pkt)
-
- def check_icmpv6_checksum(self, pkt):
- """
- Check ICMPv6 checksum in IPv4 packet
-
- :param pkt: Packet to check ICMPv6 checksum
- """
- new = pkt.__class__(str(pkt))
- if pkt.haslayer(ICMPv6DestUnreach):
- del new['ICMPv6DestUnreach'].cksum
- new = new.__class__(str(new))
- self.assertEqual(new['ICMPv6DestUnreach'].cksum,
- pkt['ICMPv6DestUnreach'].cksum)
- self.check_icmp_errror_embedded(pkt)
- if pkt.haslayer(ICMPv6EchoRequest):
- del new['ICMPv6EchoRequest'].cksum
- new = new.__class__(str(new))
- self.assertEqual(new['ICMPv6EchoRequest'].cksum,
- pkt['ICMPv6EchoRequest'].cksum)
- if pkt.haslayer(ICMPv6EchoReply):
- del new['ICMPv6EchoReply'].cksum
- new = new.__class__(str(new))
- self.assertEqual(new['ICMPv6EchoReply'].cksum,
- pkt['ICMPv6EchoReply'].cksum)
-
def create_stream_in(self, in_if, out_if, dst_ip=None, ttl=64):
"""
Create packet stream for inside network
for packet in capture:
try:
if not is_ip6:
- self.check_ip_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
self.assertEqual(packet[IP46].src, nat_ip)
if dst_ip is not None:
self.assertEqual(packet[IP46].dst, dst_ip)
self.assertNotEqual(
packet[TCP].sport, self.tcp_port_in)
self.tcp_port_out = packet[TCP].sport
- self.check_tcp_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
elif packet.haslayer(UDP):
if same_port:
self.assertEqual(packet[UDP].sport, self.udp_port_in)
else:
self.assertNotEqual(packet[ICMP46].id, self.icmp_id_in)
self.icmp_id_out = packet[ICMP46].id
- if is_ip6:
- self.check_icmpv6_checksum(packet)
- else:
- self.check_icmp_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet "
"(outside network):", packet))
self.assertEqual(packet_num, len(capture))
for packet in capture:
try:
- self.check_ip_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
self.assertEqual(packet[IP].dst, in_if.remote_ip4)
if packet.haslayer(TCP):
self.assertEqual(packet[TCP].dport, self.tcp_port_in)
- self.check_tcp_checksum(packet)
elif packet.haslayer(UDP):
self.assertEqual(packet[UDP].dport, self.udp_port_in)
else:
self.assertEqual(packet[ICMP].id, self.icmp_id_in)
- self.check_icmp_checksum(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet "
"(inside network):", packet))
try:
self.assertEqual(packet[IPv6].src, src_ip)
self.assertEqual(packet[IPv6].dst, dst_ip)
+ self.assert_packet_checksums_valid(packet)
if packet.haslayer(TCP):
self.assertEqual(packet[TCP].dport, self.tcp_port_in)
- self.check_tcp_checksum(packet)
elif packet.haslayer(UDP):
self.assertEqual(packet[UDP].dport, self.udp_port_in)
- self.check_udp_checksum(packet)
else:
self.assertEqual(packet[ICMPv6EchoReply].id,
self.icmp_id_in)
- self.check_icmpv6_checksum(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet "
"(inside network):", packet))
for p in frags:
self.assertEqual(p[IP].src, src)
self.assertEqual(p[IP].dst, dst)
- self.check_ip_checksum(p)
+ self.assert_ip_checksum_valid(p)
buffer.seek(p[IP].frag * 8)
buffer.write(p[IP].payload)
ip = frags[0].getlayer(IP)
proto=frags[0][IP].proto)
if ip.proto == IP_PROTOS.tcp:
p = (ip / TCP(buffer.getvalue()))
- self.check_tcp_checksum(p)
+ self.assert_tcp_checksum_valid(p)
elif ip.proto == IP_PROTOS.udp:
p = (ip / UDP(buffer.getvalue()))
return p
nh=frags[0][IPv6ExtHdrFragment].nh)
if ip.nh == IP_PROTOS.tcp:
p = (ip / TCP(buffer.getvalue()))
- self.check_tcp_checksum(p)
elif ip.nh == IP_PROTOS.udp:
p = (ip / UDP(buffer.getvalue()))
+ self.assert_packet_checksums_valid(p)
return p
def initiate_tcp_session(self, in_if, out_if):
finally:
self.pg0.remote_hosts[0] = host0
+ user = self.pg0.remote_hosts[1]
+ sessions = self.vapi.nat44_user_session_dump(user.ip4n, 0)
+ self.assertEqual(len(sessions), 3)
+ self.assertTrue(sessions[0].ext_host_valid)
+ self.vapi.nat44_del_session(
+ sessions[0].inside_ip_address,
+ sessions[0].inside_port,
+ sessions[0].protocol,
+ ext_host_address=sessions[0].ext_host_address,
+ ext_host_port=sessions[0].ext_host_port)
+ sessions = self.vapi.nat44_user_session_dump(user.ip4n, 0)
+ self.assertEqual(len(sessions), 2)
+
finally:
self.vapi.nat44_forwarding_enable_disable(0)
self.vapi.nat44_add_del_static_mapping(local_ip=real_ip,
self.pg_start()
capture = self.pg0.get_capture(1)
p = capture[0]
- server = None
try:
ip = p[IP]
tcp = p[TCP]
self.assertEqual(ip.dst, self.pg0.remote_ip4)
self.assertEqual(tcp.dport, local_port)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
tcp = p[TCP]
self.assertEqual(ip.src, self.nat_addr)
self.assertEqual(tcp.sport, external_port)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
self.pg_start()
capture = self.pg0.get_capture(1)
p = capture[0]
- server = None
try:
ip = p[IP]
tcp = p[TCP]
self.assertEqual(ip.dst, self.pg0.remote_ip4)
self.assertEqual(tcp.dport, local_port)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
tcp = p[TCP]
self.assertEqual(ip.src, self.pg0.remote_ip4)
self.assertEqual(tcp.sport, local_port)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
self.assertEqual(ip.src, self.pg1.remote_ip4)
self.assertEqual(tcp.dport, 56789)
self.assertEqual(tcp.sport, 12345)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
else:
server = server2
self.assertEqual(tcp.dport, local_port)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
tcp = p[TCP]
self.assertEqual(ip.src, self.nat_addr)
self.assertEqual(tcp.sport, external_port)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
+ sessions = self.vapi.nat44_user_session_dump(server.ip4n, 0)
+ self.assertEqual(len(sessions), 1)
+ self.assertTrue(sessions[0].ext_host_valid)
+ self.vapi.nat44_del_session(
+ sessions[0].inside_ip_address,
+ sessions[0].inside_port,
+ sessions[0].protocol,
+ ext_host_address=sessions[0].ext_host_address,
+ ext_host_port=sessions[0].ext_host_port)
+ sessions = self.vapi.nat44_user_session_dump(server.ip4n, 0)
+ self.assertEqual(len(sessions), 0)
+
@unittest.skipUnless(running_extended_tests(), "part of extended tests")
def test_static_lb_multi_clients(self):
""" NAT44 local service load balancing - multiple clients"""
else:
server = server2
self.assertEqual(tcp.dport, local_port)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
tcp = p[TCP]
self.assertEqual(ip.src, self.nat_addr)
self.assertEqual(tcp.sport, external_port)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
tcp = p[TCP]
self.assertEqual(ip.dst, server1.ip4)
self.assertEqual(tcp.dport, local_port)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
tcp = p[TCP]
self.assertEqual(ip.src, server1.ip4)
self.assertEqual(tcp.sport, local_port)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
self.assertTrue(session.protocol in
[IP_PROTOS.tcp, IP_PROTOS.udp,
IP_PROTOS.icmp])
+ self.assertFalse(session.ext_host_valid)
# pg4 session dump
sessions = self.vapi.nat44_user_session_dump(self.pg4.remote_ip4n, 10)
self.assertEqual(ip.dst, server.ip4)
self.assertNotEqual(tcp.sport, host_in_port)
self.assertEqual(tcp.dport, server_in_port)
- self.check_tcp_checksum(p)
+ self.assert_packet_checksums_valid(p)
host_out_port = tcp.sport
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
self.assertEqual(ip.dst, host.ip4)
self.assertEqual(tcp.sport, server_out_port)
self.assertEqual(tcp.dport, host_in_port)
- self.check_tcp_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
self.assertNotEqual(packet[TCP].sport, self.tcp_port_in)
self.assertEqual(packet[TCP].dport, server_tcp_port)
self.tcp_port_out = packet[TCP].sport
- self.check_tcp_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
elif packet.haslayer(UDP):
self.assertNotEqual(packet[UDP].sport, self.udp_port_in)
self.assertEqual(packet[UDP].dport, server_udp_port)
if packet.haslayer(TCP):
self.assertEqual(packet[TCP].dport, self.tcp_port_in)
self.assertEqual(packet[TCP].sport, server_tcp_port)
- self.check_tcp_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
elif packet.haslayer(UDP):
self.assertEqual(packet[UDP].dport, self.udp_port_in)
self.assertEqual(packet[UDP].sport, server_udp_port)
self.assertEqual(packet[TCP].sport, self.tcp_port_in)
self.assertEqual(packet[TCP].dport, server_tcp_port)
self.tcp_port_out = packet[TCP].sport
- self.check_tcp_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
elif packet.haslayer(UDP):
self.assertEqual(packet[UDP].sport, self.udp_port_in)
self.assertEqual(packet[UDP].dport, server_udp_port)
if packet.haslayer(TCP):
self.assertEqual(packet[TCP].dport, self.tcp_port_in)
self.assertEqual(packet[TCP].sport, server_tcp_port)
- self.check_tcp_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
elif packet.haslayer(UDP):
self.assertEqual(packet[UDP].dport, self.udp_port_in)
self.assertEqual(packet[UDP].sport, server_udp_port)
self.assertEqual(packet[IP].src, nat_ip)
self.assertEqual(packet[IP].dst, self.pg1.remote_ip4)
self.assertTrue(packet.haslayer(GRE))
- self.check_ip_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
self.assertEqual(packet[IP].src, self.pg1.remote_ip4)
self.assertEqual(packet[IP].dst, self.pg0.remote_ip4)
self.assertTrue(packet.haslayer(GRE))
- self.check_ip_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
self.assertEqual(packet[IP].src, host_nat_ip)
self.assertEqual(packet[IP].dst, server.ip4)
self.assertTrue(packet.haslayer(GRE))
- self.check_ip_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
self.assertEqual(packet[IP].src, server_nat_ip)
self.assertEqual(packet[IP].dst, host.ip4)
self.assertTrue(packet.haslayer(GRE))
- self.check_ip_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
self.assertEqual(packet[IP].src, self.nat_addr)
self.assertEqual(packet[IP].dst, self.pg1.remote_ip4)
self.assertTrue(packet.haslayer(GRE))
- self.check_ip_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
self.assertEqual(packet[IP].src, self.pg1.remote_ip4)
self.assertEqual(packet[IP].dst, self.pg0.remote_ip4)
self.assertTrue(packet.haslayer(GRE))
- self.check_ip_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
host = self.pg0.remote_hosts[0]
server = self.pg0.remote_hosts[1]
host_in_port = 1234
- host_out_port = 0
- server_in_port = 5678
server_out_port = 8765
server_nat_ip = "10.0.0.11"
self.assertEqual(packet[IP].src, self.nat_addr)
self.assertEqual(packet[IP].dst, server.ip4)
self.assertTrue(packet.haslayer(GRE))
- self.check_ip_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
self.assertEqual(packet[IP].src, server_nat_ip)
self.assertEqual(packet[IP].dst, host.ip4)
self.assertTrue(packet.haslayer(GRE))
- self.check_ip_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
self.assertEqual(ip.dst, server.ip4)
self.assertNotEqual(tcp.sport, host_in_port)
self.assertEqual(tcp.dport, server_in_port)
- self.check_tcp_checksum(p)
+ self.assert_packet_checksums_valid(p)
host_out_port = tcp.sport
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
self.assertEqual(ip.dst, host.ip4)
self.assertEqual(tcp.sport, server_out_port)
self.assertEqual(tcp.dport, host_in_port)
- self.check_tcp_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
self.pg_start()
capture = self.pg0.get_capture(1)
p = capture[0]
- server = None
try:
ip = p[IP]
tcp = p[TCP]
self.assertEqual(ip.dst, self.pg0.remote_ip4)
self.assertEqual(tcp.dport, local_port)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
tcp = p[TCP]
self.assertEqual(ip.src, external_addr)
self.assertEqual(tcp.sport, external_port)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
capture = self.pg0.get_capture(len(pkts))
self.verify_capture_in(capture, self.pg0)
- tcp_port_out = self.tcp_port_out
- udp_port_out = self.udp_port_out
- icmp_id_out = self.icmp_id_out
-
# session initiaded from remote host - do not translate
pkts = self.create_stream_out(self.pg1,
self.pg0.remote_ip4,
self.assertEqual(tcp.sport, 12345)
self.assertEqual(ip.dst, self.pg1.remote_ip4)
self.assertEqual(tcp.dport, local_port)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
self.assertEqual(tcp.sport, external_port)
self.assertEqual(ip.dst, self.pg0.remote_ip4)
self.assertEqual(tcp.dport, 12345)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
self.assertNotEqual(tcp.sport, 12345)
external_port = tcp.sport
self.assertEqual(tcp.dport, 80)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
self.assertEqual(ip.dst, local_host.ip4)
self.assertEqual(tcp.sport, 80)
self.assertEqual(tcp.dport, 12345)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
self.pg_start()
capture = self.pg9.get_capture(1)
p = capture[0]
- server = None
try:
ip = p[IP]
tcp = p[TCP]
self.assertEqual(tcp.dport, local_port)
self.assertNotEqual(tcp.sport, 12345)
eh_port_in = tcp.sport
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
self.assertEqual(ip.dst, remote_host.ip4)
self.assertEqual(tcp.sport, external_port)
self.assertEqual(tcp.dport, 12345)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
def test_reass_hairpinning(self):
""" NAT44 fragments hairpinning """
- host = self.pg0.remote_hosts[0]
server = self.pg0.remote_hosts[1]
host_in_port = random.randint(1025, 65535)
- host_out_port = 0
server_in_port = random.randint(1025, 65535)
server_out_port = random.randint(1025, 65535)
data = "A" * 4 + "B" * 16 + "C" * 3
self.assertEqual(tcp.dport, 22)
self.assertNotEqual(tcp.sport, 4567)
self.assertEqual((tcp.sport >> 6) & 63, 10)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
eh_addr_in = ip.src
eh_port_in = tcp.sport
saved_port_in = tcp.dport
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
self.assertEqual(ip.src, self.nat_addr)
self.assertEqual(tcp.dport, eh_port_out)
self.assertEqual(tcp.sport, port_out)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
+ if eh_translate:
+ sessions = self.vapi.nat44_user_session_dump(server.ip4n, 0)
+ self.assertEqual(len(sessions), 1)
+ self.assertTrue(sessions[0].ext_host_valid)
+ self.assertTrue(sessions[0].is_twicenat)
+ self.vapi.nat44_del_session(
+ sessions[0].inside_ip_address,
+ sessions[0].inside_port,
+ sessions[0].protocol,
+ ext_host_address=sessions[0].ext_host_nat_address,
+ ext_host_port=sessions[0].ext_host_nat_port)
+ sessions = self.vapi.nat44_user_session_dump(server.ip4n, 0)
+ self.assertEqual(len(sessions), 0)
+
def test_twice_nat(self):
""" Twice NAT44 """
self.twice_nat_common()
p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) /
TCP(sport=self.tcp_port_in, dport=self.tcp_external_port,
- flags="FA"))
+ flags="FA", seq=100, ack=300))
self.pg0.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(src=self.pg1.remote_ip4, dst=self.nat_addr) /
TCP(sport=self.tcp_external_port, dport=self.tcp_port_out,
- flags="A"))
+ flags="A", seq=300, ack=101))
pkts.append(p)
# FIN packet out -> in
p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(src=self.pg1.remote_ip4, dst=self.nat_addr) /
TCP(sport=self.tcp_external_port, dport=self.tcp_port_out,
- flags="FA"))
+ flags="FA", seq=300, ack=101))
pkts.append(p)
self.pg1.add_stream(pkts)
p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) /
TCP(sport=self.tcp_port_in, dport=self.tcp_external_port,
- flags="A"))
+ flags="A", seq=101, ack=301))
self.pg0.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.initiate_tcp_session(self.pg0, self.pg1)
sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n,
0)
- self.assertEqual(len(sessions) - start_sessnum, 2)
+ self.assertEqual(len(sessions) - start_sessnum, 1)
except:
self.logger.error("TCP session termination failed")
raise
p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(src=self.pg1.remote_ip4, dst=self.nat_addr) /
TCP(sport=self.tcp_external_port, dport=self.tcp_port_out,
- flags="FA"))
+ flags="FA", seq=100, ack=300))
self.pg1.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.pg0.get_capture(1)
- pkts = []
-
- # ACK packet in -> out
- p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
- IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) /
- TCP(sport=self.tcp_port_in, dport=self.tcp_external_port,
- flags="A"))
- pkts.append(p)
-
- # ACK packet in -> out
+ # FIN+ACK packet in -> out
p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) /
TCP(sport=self.tcp_port_in, dport=self.tcp_external_port,
- flags="FA"))
- pkts.append(p)
+ flags="FA", seq=300, ack=101))
- self.pg0.add_stream(pkts)
+ self.pg0.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
- self.pg1.get_capture(2)
+ self.pg1.get_capture(1)
# ACK packet out -> in
p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(src=self.pg1.remote_ip4, dst=self.nat_addr) /
TCP(sport=self.tcp_external_port, dport=self.tcp_port_out,
- flags="A"))
+ flags="A", seq=101, ack=301))
self.pg1.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.initiate_tcp_session(self.pg0, self.pg1)
sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n,
0)
- self.assertEqual(len(sessions) - start_sessnum, 2)
+ self.assertEqual(len(sessions) - start_sessnum, 1)
except:
self.logger.error("TCP session termination failed")
raise
p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) /
TCP(sport=self.tcp_port_in, dport=self.tcp_external_port,
- flags="FA"))
+ flags="FA", seq=100, ack=300))
self.pg0.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(src=self.pg1.remote_ip4, dst=self.nat_addr) /
TCP(sport=self.tcp_external_port, dport=self.tcp_port_out,
- flags="FA"))
+ flags="FA", seq=300, ack=100))
self.pg1.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) /
TCP(sport=self.tcp_port_in, dport=self.tcp_external_port,
- flags="A"))
+ flags="A", seq=101, ack=301))
self.pg0.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(src=self.pg1.remote_ip4, dst=self.nat_addr) /
TCP(sport=self.tcp_external_port, dport=self.tcp_port_out,
- flags="A"))
+ flags="A", seq=301, ack=101))
self.pg1.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.initiate_tcp_session(self.pg0, self.pg1)
sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n,
0)
- self.assertEqual(len(sessions) - start_sessnum, 2)
+ self.assertEqual(len(sessions) - start_sessnum, 1)
except:
self.logger.error("TCP session termination failed")
raise
self.udp_port_in = 6304
self.icmp_id_in = 6305
- ses_num_start = self.nat64_get_ses_num()
-
self.vapi.nat64_add_del_pool_addr_range(self.nat_addr_n,
self.nat_addr_n)
self.vapi.nat64_add_del_interface(self.pg0.sw_if_index)
inner = packet[IPerror]
self.assertEqual(inner.src, self.pg1.remote_ip4)
self.assertEqual(inner.dst, self.nat_addr)
- self.check_icmp_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
if inner.haslayer(TCPerror):
self.assertEqual(inner[TCPerror].dport, self.tcp_port_out)
elif inner.haslayer(UDPerror):
inner = icmp[IPerror6]
self.assertEqual(inner.src, self.pg0.remote_ip6)
self.assertEqual(inner.dst, ip.src)
- self.check_icmpv6_checksum(packet)
+ self.assert_icmpv6_checksum_valid(packet)
if inner.haslayer(TCPerror):
self.assertEqual(inner[TCPerror].sport, self.tcp_port_in)
elif inner.haslayer(UDPerror):
try:
self.assertEqual(packet[IPv6].src, nat_addr_ip6)
self.assertEqual(packet[IPv6].dst, server.ip6)
+ self.assert_packet_checksums_valid(packet)
if packet.haslayer(TCP):
self.assertNotEqual(packet[TCP].sport, client_tcp_in_port)
self.assertEqual(packet[TCP].dport, server_tcp_in_port)
- self.check_tcp_checksum(packet)
client_tcp_out_port = packet[TCP].sport
else:
self.assertNotEqual(packet[UDP].sport, client_udp_in_port)
self.assertEqual(packet[UDP].dport, server_udp_in_port)
- self.check_udp_checksum(packet)
client_udp_out_port = packet[UDP].sport
except:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
try:
self.assertEqual(packet[IPv6].src, nat_addr_ip6)
self.assertEqual(packet[IPv6].dst, client.ip6)
+ self.assert_packet_checksums_valid(packet)
if packet.haslayer(TCP):
self.assertEqual(packet[TCP].sport, server_tcp_out_port)
self.assertEqual(packet[TCP].dport, client_tcp_in_port)
- self.check_tcp_checksum(packet)
else:
self.assertEqual(packet[UDP].sport, server_udp_out_port)
self.assertEqual(packet[UDP].dport, client_udp_in_port)
- self.check_udp_checksum(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
inner = icmp[IPerror6]
self.assertEqual(inner.src, server.ip6)
self.assertEqual(inner.dst, nat_addr_ip6)
- self.check_icmpv6_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
if inner.haslayer(TCPerror):
self.assertEqual(inner[TCPerror].sport, server_tcp_in_port)
self.assertEqual(inner[TCPerror].dport,
self.assertEqual(packet[IP].src, self.nat_addr)
self.assertEqual(packet[IP].dst, self.pg1.remote_ip4)
self.assertTrue(packet.haslayer(GRE))
- self.check_ip_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
self.assertNotEqual(tcp.sport, 12345)
external_port = tcp.sport
self.assertEqual(tcp.dport, 80)
- self.check_tcp_checksum(p)
- self.check_ip_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
self.assertEqual(ip.dst, self.pg3.remote_ip6)
self.assertEqual(tcp.sport, 80)
self.assertEqual(tcp.dport, 12345)
- self.check_tcp_checksum(p)
+ self.assert_packet_checksums_valid(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
def test_reass_hairpinning(self):
""" NAT64 fragments hairpinning """
data = 'a' * 200
- client = self.pg0.remote_hosts[0]
server = self.pg0.remote_hosts[1]
server_in_port = random.randint(1025, 65535)
server_out_port = random.randint(1025, 65535)
self.assertEqual(capture[IP].dst, self.pg0.remote_ip4)
self.assertNotEqual(capture[UDP].sport, 20000)
self.assertEqual(capture[UDP].dport, 10000)
- self.check_ip_checksum(capture)
+ self.assert_packet_checksums_valid(capture)
out_port = capture[UDP].sport
p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
self.assertEqual(capture[IP].dst, '192.168.1.1')
self.assertEqual(capture[UDP].sport, 10000)
self.assertEqual(capture[UDP].dport, 20000)
- self.check_ip_checksum(capture)
+ self.assert_packet_checksums_valid(capture)
# TCP
p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
self.assertEqual(capture[IP].dst, self.pg0.remote_ip4)
self.assertNotEqual(capture[TCP].sport, 20001)
self.assertEqual(capture[TCP].dport, 10001)
- self.check_ip_checksum(capture)
- self.check_tcp_checksum(capture)
+ self.assert_packet_checksums_valid(capture)
out_port = capture[TCP].sport
p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
self.assertEqual(capture[IP].dst, '192.168.1.1')
self.assertEqual(capture[TCP].sport, 10001)
self.assertEqual(capture[TCP].dport, 20001)
- self.check_ip_checksum(capture)
- self.check_tcp_checksum(capture)
+ self.assert_packet_checksums_valid(capture)
# ICMP
p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
self.assertEqual(capture[IP].src, self.nat_addr)
self.assertEqual(capture[IP].dst, self.pg0.remote_ip4)
self.assertNotEqual(capture[ICMP].id, 4000)
- self.check_ip_checksum(capture)
- self.check_icmp_checksum(capture)
+ self.assert_packet_checksums_valid(capture)
out_id = capture[ICMP].id
p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
self.assertEqual(capture[IP].src, self.pg0.remote_ip4)
self.assertEqual(capture[IP].dst, '192.168.1.1')
self.assertEqual(capture[ICMP].id, 4000)
- self.check_ip_checksum(capture)
- self.check_icmp_checksum(capture)
+ self.assert_packet_checksums_valid(capture)
# ping DS-Lite AFTR tunnel endpoint address
p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
self.assertEqual(capture[IP].dst, self.pg1.remote_ip4)
self.assertEqual(capture[UDP].sport, 10000)
self.assertEqual(capture[UDP].dport, 20000)
- self.check_ip_checksum(capture)
+ self.assert_packet_checksums_valid(capture)
# UDP decapsulation
p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
self.assertEqual(capture[IP].dst, self.pg0.remote_ip4)
self.assertEqual(capture[UDP].sport, 20000)
self.assertEqual(capture[UDP].dport, 10000)
- self.check_ip_checksum(capture)
+ self.assert_packet_checksums_valid(capture)
# ping DS-Lite B4 tunnel endpoint address
p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
try:
self.assertEqual(packet[IPv6].src, self.nat_addr)
self.assertEqual(packet[IPv6].dst, self.pg1.remote_ip6)
- if packet.haslayer(TCP):
- self.check_tcp_checksum(packet)
- elif packet.haslayer(UDP):
- self.check_udp_checksum(packet)
- elif packet.haslayer(ICMPv6EchoRequest):
- self.check_icmpv6_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
try:
self.assertEqual(packet[IPv6].src, self.pg1.remote_ip6)
self.assertEqual(packet[IPv6].dst, self.pg0.remote_ip6)
- if packet.haslayer(TCP):
- self.check_tcp_checksum(packet)
- elif packet.haslayer(UDP):
- self.check_udp_checksum(packet)
- elif packet.haslayer(ICMPv6EchoReply):
- self.check_icmpv6_checksum(packet)
+ self.assert_packet_checksums_valid(packet)
except:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
self.logger.info(self.vapi.cli("show nat66 static mappings"))
self.clear_nat66()
+
if __name__ == '__main__':
unittest.main(testRunner=VppTestRunner)