X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_bfd.py;h=9a37eb8fed7ae917439a616595e5e357ca641272;hb=097fa66b9;hp=7b474228eb6b15b6fa7778dd755179c82fac9bc8;hpb=0f6602cb246894ea98253e16aae198094bf78694;p=vpp.git diff --git a/test/test_bfd.py b/test/test_bfd.py index 7b474228eb6..9a37eb8fed7 100644 --- a/test/test_bfd.py +++ b/test/test_bfd.py @@ -12,9 +12,10 @@ from socket import AF_INET, AF_INET6, inet_ntop from struct import pack, unpack from six import moves +import scapy.compat from scapy.layers.inet import UDP, IP from scapy.layers.inet6 import IPv6 -from scapy.layers.l2 import Ether +from scapy.layers.l2 import Ether, GRE from scapy.packet import Raw from bfd import VppBFDAuthKey, BFD, BFDAuthType, VppBFDUDPSession, \ @@ -26,6 +27,7 @@ from vpp_ip_route import VppIpRoute, VppRoutePath from vpp_lo_interface import VppLoInterface from vpp_papi_provider import UnexpectedApiReturnValueError from vpp_pg_interface import CaptureTimeoutError, is_ipv6_misc +from vpp_gre_interface import VppGreInterface USEC_IN_SEC = 1000000 @@ -42,7 +44,8 @@ class AuthKeyFactory(object): while conf_key_id in self._conf_key_ids: conf_key_id = randint(0, 0xFFFFFFFF) self._conf_key_ids[conf_key_id] = 1 - key = str(bytearray([randint(0, 255) for _ in range(randint(1, 20))])) + key = scapy.compat.raw( + bytearray([randint(0, 255) for _ in range(randint(1, 20))])) return VppBFDAuthKey(test=test, auth_type=auth_type, conf_key_id=conf_key_id, key=key) @@ -310,12 +313,17 @@ class BFDTestSession(object): """ BFD session as seen from test framework side """ def __init__(self, test, interface, af, detect_mult=3, sha1_key=None, - bfd_key_id=None, our_seq_number=None): + bfd_key_id=None, our_seq_number=None, + tunnel_header=None, phy_interface=None): self.test = test self.af = af self.sha1_key = sha1_key self.bfd_key_id = bfd_key_id self.interface = interface + if phy_interface: + self.phy_interface = phy_interface + else: + self.phy_interface = self.interface self.udp_sport = randint(49152, 65535) if our_seq_number is None: self.our_seq_number = randint(0, 40000000) @@ -331,6 +339,7 @@ class BFDTestSession(object): self.your_discriminator = None self.state = BFDState.down self.auth_type = BFDAuthType.no_auth + self.tunnel_header = tunnel_header def inc_seq_num(self): """ increment sequence number, wrapping if needed """ @@ -416,17 +425,19 @@ class BFDTestSession(object): bfd.length = BFD.sha1_auth_len + BFD.bfd_pkt_len else: bfd = BFD() + packet = Ether(src=self.phy_interface.remote_mac, + dst=self.phy_interface.local_mac) + if self.tunnel_header: + packet = packet / self.tunnel_header if self.af == AF_INET6: - packet = (Ether(src=self.interface.remote_mac, - dst=self.interface.local_mac) / + packet = (packet / IPv6(src=self.interface.remote_ip6, dst=self.interface.local_ip6, hlim=255) / UDP(sport=self.udp_sport, dport=BFD.udp_dport) / bfd) else: - packet = (Ether(src=self.interface.remote_mac, - dst=self.interface.local_mac) / + packet = (packet / IP(src=self.interface.remote_ip4, dst=self.interface.local_ip4, ttl=255) / @@ -435,7 +446,8 @@ class BFDTestSession(object): self.test.logger.debug("BFD: Creating packet") self.fill_packet_fields(packet) if self.sha1_key: - hash_material = str(packet[BFD])[:32] + self.sha1_key.key + \ + hash_material = scapy.compat.raw( + packet[BFD])[:32] + self.sha1_key.key + \ "\0" * (20 - len(self.sha1_key.key)) self.test.logger.debug("BFD: Calculated SHA1 hash: %s" % hashlib.sha1(hash_material).hexdigest()) @@ -447,7 +459,7 @@ class BFDTestSession(object): if packet is None: packet = self.create_packet() if interface is None: - interface = self.test.pg0 + interface = self.phy_interface self.test.logger.debug(ppp("Sending packet:", packet)) interface.add_stream(packet) self.test.pg_start() @@ -492,7 +504,7 @@ class BFDTestSession(object): # last 20 bytes represent the hash - so replace them with the key, # pad the result with zeros and hash the result hash_material = bfd.original[:-20] + self.sha1_key.key + \ - "\0" * (20 - len(self.sha1_key.key)) + b"\0" * (20 - len(self.sha1_key.key)) expected_hash = hashlib.sha1(hash_material).hexdigest() self.test.assert_equal(binascii.hexlify(bfd.auth_key_hash), expected_hash, "Auth key hash") @@ -511,7 +523,7 @@ class BFDTestSession(object): def bfd_session_up(test): """ Bring BFD session up """ test.logger.info("BFD: Waiting for slow hello") - p = wait_for_bfd_packet(test, 2) + p = wait_for_bfd_packet(test, 2, is_tunnel=test.vpp_session.is_tunnel) old_offset = None if hasattr(test, 'vpp_clock_offset'): old_offset = test.vpp_clock_offset @@ -586,13 +598,13 @@ def verify_ip(test, packet): """ Verify correctness of IP layer. """ if test.vpp_session.af == AF_INET6: ip = packet[IPv6] - local_ip = test.pg0.local_ip6 - remote_ip = test.pg0.remote_ip6 + local_ip = test.vpp_session.interface.local_ip6 + remote_ip = test.vpp_session.interface.remote_ip6 test.assert_equal(ip.hlim, 255, "IPv6 hop limit") else: ip = packet[IP] - local_ip = test.pg0.local_ip4 - remote_ip = test.pg0.remote_ip4 + local_ip = test.vpp_session.interface.local_ip4 + remote_ip = test.vpp_session.interface.remote_ip4 test.assert_equal(ip.ttl, 255, "IPv4 TTL") test.assert_equal(ip.src, local_ip, "IP source address") test.assert_equal(ip.dst, remote_ip, "IP destination address") @@ -630,7 +642,7 @@ def verify_event(test, event, expected_state): test.assert_equal(e.state, expected_state, BFDState) -def wait_for_bfd_packet(test, timeout=1, pcap_time_min=None): +def wait_for_bfd_packet(test, timeout=1, pcap_time_min=None, is_tunnel=False): """ wait for BFD packet and verify its correctness :param timeout: how long to wait @@ -656,6 +668,10 @@ def wait_for_bfd_packet(test, timeout=1, pcap_time_min=None): (p.time, pcap_time_min), p)) else: break + if is_tunnel: + # strip an IP layer and move to the next + p = p[IP].payload + bfd = p[BFD] if bfd is None: raise Exception(ppp("Unexpected or invalid BFD packet:", p)) @@ -923,7 +939,7 @@ class BFD4TestCase(VppTestCase): # halve required min rx old_required_min_rx = self.vpp_session.required_min_rx self.vpp_session.modify_parameters( - required_min_rx=0.5 * self.vpp_session.required_min_rx) + required_min_rx=self.vpp_session.required_min_rx // 2) # now we wait 0.8*3*old-req-min-rx and the session should still be up self.sleep(0.8 * self.vpp_session.detect_mult * old_required_min_rx / USEC_IN_SEC, @@ -1118,8 +1134,8 @@ class BFD4TestCase(VppTestCase): udp_sport_rx += 1 # need to compare the hex payload here, otherwise BFD_vpp_echo # gets in way - self.assertEqual(str(p[UDP].payload), - str(echo_packet[UDP].payload), + self.assertEqual(scapy.compat.raw(p[UDP].payload), + scapy.compat.raw(echo_packet[UDP].payload), "Received packet is not the echo packet sent") self.assert_equal(udp_sport_tx, udp_sport_rx, "UDP source port (== " "ECHO packet identifier for test purposes)") @@ -1612,8 +1628,8 @@ class BFD6TestCase(VppTestCase): udp_sport_rx += 1 # need to compare the hex payload here, otherwise BFD_vpp_echo # gets in way - self.assertEqual(str(p[UDP].payload), - str(echo_packet[UDP].payload), + self.assertEqual(scapy.compat.raw(p[UDP].payload), + scapy.compat.raw(echo_packet[UDP].payload), "Received packet is not the echo packet sent") self.assert_equal(udp_sport_tx, udp_sport_rx, "UDP source port (== " "ECHO packet identifier for test purposes)") @@ -1748,14 +1764,10 @@ class BFDFIBTestCase(VppTestCase): # will have a BFD session ip_2001_s_64 = VppIpRoute(self, "2001::", 64, [VppRoutePath(self.pg0.remote_ip6, - self.pg0.sw_if_index, - proto=DpoProto.DPO_PROTO_IP6)], - is_ip6=1) + self.pg0.sw_if_index)]) ip_2002_s_64 = VppIpRoute(self, "2002::", 64, [VppRoutePath(self.pg0.remote_ip6, - 0xffffffff, - proto=DpoProto.DPO_PROTO_IP6)], - is_ip6=1) + 0xffffffff)]) ip_2001_s_64.add_vpp_config() ip_2002_s_64.add_vpp_config() @@ -1801,6 +1813,87 @@ class BFDFIBTestCase(VppTestCase): packet[IPv6].dst) +@unittest.skipUnless(running_extended_tests, "part of extended tests") +class BFDTunTestCase(VppTestCase): + """ BFD over GRE tunnel """ + + vpp_session = None + test_session = None + + @classmethod + def setUpClass(cls): + super(BFDTunTestCase, cls).setUpClass() + + @classmethod + def tearDownClass(cls): + super(BFDTunTestCase, cls).tearDownClass() + + def setUp(self): + super(BFDTunTestCase, self).setUp() + self.create_pg_interfaces(range(1)) + + self.vapi.want_bfd_events() + self.pg0.enable_capture() + + for i in self.pg_interfaces: + i.admin_up() + i.config_ip4() + i.resolve_arp() + + def tearDown(self): + if not self.vpp_dead: + self.vapi.want_bfd_events(enable_disable=0) + + super(BFDTunTestCase, self).tearDown() + + @staticmethod + def pkt_is_not_data_traffic(p): + """ not data traffic implies BFD or the usual IPv6 ND/RA""" + if p.haslayer(BFD) or is_ipv6_misc(p): + return True + return False + + def test_bfd_o_gre(self): + """ BFD-o-GRE """ + + # A GRE interface over which to run a BFD session + gre_if = VppGreInterface(self, + self.pg0.local_ip4, + self.pg0.remote_ip4) + gre_if.add_vpp_config() + gre_if.admin_up() + gre_if.config_ip4() + + # bring the session up now the routes are present + self.vpp_session = VppBFDUDPSession(self, + gre_if, + gre_if.remote_ip4, + is_tunnel=True) + self.vpp_session.add_vpp_config() + self.vpp_session.admin_up() + + self.test_session = BFDTestSession( + self, gre_if, AF_INET, + tunnel_header=(IP(src=self.pg0.remote_ip4, + dst=self.pg0.local_ip4) / + GRE()), + phy_interface=self.pg0) + + # packets to match against both of the routes + p = [(Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / + IP(src=self.pg0.remote_ip4, dst=gre_if.remote_ip4) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100))] + + # session is up - traffic passes + bfd_session_up(self) + + self.send_and_expect(self.pg0, p, self.pg0) + + # bring session down + bfd_session_down(self) + + @unittest.skipUnless(running_extended_tests, "part of extended tests") class BFDSHA1TestCase(VppTestCase): """Bidirectional Forwarding Detection (BFD) (SHA1 auth) """ @@ -2293,7 +2386,7 @@ class BFDCLITestCase(VppTestCase): def cli_verify_no_response(self, cli): """ execute a CLI, asserting that the response is empty """ self.assert_equal(self.vapi.cli(cli), - "", + b"", "CLI command response") def cli_verify_response(self, cli, expected): @@ -2325,7 +2418,7 @@ class BFDCLITestCase(VppTestCase): self.cli_verify_no_response( "bfd key set conf-key-id %s type keyed-sha1 secret %s" % (k.conf_key_id, - "".join("{:02x}".format(ord(c)) for c in k.key))) + "".join("{:02x}".format(scapy.compat.orb(c)) for c in k.key))) self.assertTrue(k.query_vpp_config()) self.vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=k) @@ -2342,7 +2435,7 @@ class BFDCLITestCase(VppTestCase): self.cli_verify_response( "bfd key set conf-key-id %s type keyed-sha1 secret %s" % (k.conf_key_id, - "".join("{:02x}".format(ord(c)) for c in k2.key)), + "".join("{:02x}".format(scapy.compat.orb(c)) for c in k2.key)), "bfd key set: `bfd_auth_set_key' API call failed, " "rv=-103:BFD object in use") # manipulating the session using old secret should still work @@ -2361,7 +2454,7 @@ class BFDCLITestCase(VppTestCase): self.cli_verify_no_response( "bfd key set conf-key-id %s type meticulous-keyed-sha1 secret %s" % (k.conf_key_id, - "".join("{:02x}".format(ord(c)) for c in k.key))) + "".join("{:02x}".format(scapy.compat.orb(c)) for c in k.key))) self.assertTrue(k.query_vpp_config()) self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip6, af=AF_INET6, @@ -2380,7 +2473,7 @@ class BFDCLITestCase(VppTestCase): self.cli_verify_response( "bfd key set conf-key-id %s type keyed-sha1 secret %s" % (k.conf_key_id, - "".join("{:02x}".format(ord(c)) for c in k2.key)), + "".join("{:02x}".format(scapy.compat.orb(c)) for c in k2.key)), "bfd key set: `bfd_auth_set_key' API call failed, " "rv=-103:BFD object in use") # manipulating the session using old secret should still work