X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_gso.py;h=695ec5ef2a79a57c972598af3f98104a58fab393;hb=4e3af51a66384295eec5b1cf980ef4d88b949e1d;hp=06ae7dd2f48192319d5772ed41df9f71f1644916;hpb=ead1e536d66d83b546528c32e2112085a97c8e13;p=vpp.git diff --git a/test/test_gso.py b/test/test_gso.py index 06ae7dd2f48..695ec5ef2a7 100644 --- a/test/test_gso.py +++ b/test/test_gso.py @@ -12,18 +12,26 @@ import unittest from scapy.packet import Raw from scapy.layers.inet6 import IPv6, Ether, IP, UDP, ICMPv6PacketTooBig +from scapy.layers.inet6 import ipv6nh, IPerror6 from scapy.layers.inet import TCP, ICMP from scapy.layers.vxlan import VXLAN from scapy.data import ETH_P_IP, ETH_P_IPV6, ETH_P_ARP +from scapy.layers.ipsec import SecurityAssociation, ESP +from vpp_papi import VppEnum from framework import VppTestCase, VppTestRunner from vpp_object import VppObject from vpp_interface import VppInterface from vpp_ip import DpoProto from vpp_ip_route import VppIpRoute, VppRoutePath, FibPathProto +from vpp_ipip_tun_interface import VppIpIpTunInterface +from vpp_vxlan_tunnel import VppVxlanTunnel from socket import AF_INET, AF_INET6, inet_pton from util import reassemble4 +from vpp_ipsec import VppIpsecSA, VppIpsecTunProtect +from template_ipsec import IPsecIPv4Params, IPsecIPv6Params, \ + mk_scapy_crypt_key, config_tun_params """ Test_gso is a subclass of VPPTestCase classes. GSO tests. @@ -39,6 +47,13 @@ class TestGSO(VppTestCase): @classmethod def setUpClass(self): super(TestGSO, self).setUpClass() + res = self.create_pg_interfaces(range(2)) + res_gso = self.create_pg_interfaces(range(2, 4), 1, 1460) + self.create_pg_interfaces(range(4, 5), 1, 8940) + self.pg_interfaces.append(res[0]) + self.pg_interfaces.append(res[1]) + self.pg_interfaces.append(res_gso[0]) + self.pg_interfaces.append(res_gso[1]) @classmethod def tearDownClass(self): @@ -46,6 +61,27 @@ class TestGSO(VppTestCase): def setUp(self): super(TestGSO, self).setUp() + for i in self.pg_interfaces: + i.admin_up() + i.config_ip4() + i.config_ip6() + i.disable_ipv6_ra() + i.resolve_arp() + i.resolve_ndp() + + self.single_tunnel_bd = 10 + self.vxlan = VppVxlanTunnel(self, src=self.pg0.local_ip4, + dst=self.pg0.remote_ip4, + vni=self.single_tunnel_bd) + + self.vxlan2 = VppVxlanTunnel(self, src=self.pg0.local_ip6, + dst=self.pg0.remote_ip6, + vni=self.single_tunnel_bd) + + self.ipip4 = VppIpIpTunInterface(self, self.pg0, self.pg0.local_ip4, + self.pg0.remote_ip4) + self.ipip6 = VppIpIpTunInterface(self, self.pg0, self.pg0.local_ip6, + self.pg0.remote_ip6) def tearDown(self): super(TestGSO, self).tearDown() @@ -60,15 +96,6 @@ class TestGSO(VppTestCase): # # Send jumbo frame with gso disabled and DF bit is set # - self.create_pg_interfaces(range(2)) - for i in self.pg_interfaces: - i.admin_up() - i.config_ip4() - i.config_ip6() - i.disable_ipv6_ra() - i.resolve_arp() - i.resolve_ndp() - p4 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, flags='DF') / @@ -85,26 +112,56 @@ class TestGSO(VppTestCase): self.assertEqual(rx[ICMP].type, 3) # "dest-unreach" self.assertEqual(rx[ICMP].code, 4) # "fragmentation-needed" + # + # Send checksum offload frames + # + p40 = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) / + IP(src=self.pg2.remote_ip4, dst=self.pg0.remote_ip4, + flags='DF') / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 1460)) + + rxs = self.send_and_expect(self.pg2, 100*[p40], self.pg0) + + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IP].src, self.pg2.remote_ip4) + self.assertEqual(rx[IP].dst, self.pg0.remote_ip4) + payload_len = rx[IP].len - 20 - 20 + self.assert_ip_checksum_valid(rx) + self.assert_tcp_checksum_valid(rx) + self.assertEqual(payload_len, len(rx[Raw])) + + p60 = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) / + IPv6(src=self.pg2.remote_ip6, dst=self.pg0.remote_ip6) / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 1440)) + + rxs = self.send_and_expect(self.pg2, 100*[p60], self.pg0) + + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IPv6].src, self.pg2.remote_ip6) + self.assertEqual(rx[IPv6].dst, self.pg0.remote_ip6) + payload_len = rx[IPv6].plen - 20 + self.assert_tcp_checksum_valid(rx) + self.assertEqual(payload_len, len(rx[Raw])) + # # Send jumbo frame with gso enabled and DF bit is set # input and output interfaces support GSO # - self.create_pg_interfaces(range(2, 4), 1, 1460) - for i in self.pg_interfaces: - i.admin_up() - i.config_ip4() - i.config_ip6() - i.disable_ipv6_ra() - i.resolve_arp() - i.resolve_ndp() - + self.vapi.feature_gso_enable_disable(sw_if_index=self.pg3.sw_if_index, + enable_disable=1) p41 = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) / IP(src=self.pg2.remote_ip4, dst=self.pg3.remote_ip4, flags='DF') / TCP(sport=1234, dport=1234) / Raw(b'\xa5' * 65200)) - rxs = self.send_and_expect(self.pg2, [p41], self.pg3) + rxs = self.send_and_expect(self.pg2, 100*[p41], self.pg3, 100) for rx in rxs: self.assertEqual(rx[Ether].src, self.pg3.local_mac) @@ -115,94 +172,798 @@ class TestGSO(VppTestCase): self.assertEqual(rx[TCP].sport, 1234) self.assertEqual(rx[TCP].dport, 1234) + # + # ipv6 + # + p61 = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) / + IPv6(src=self.pg2.remote_ip6, dst=self.pg3.remote_ip6) / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, 100*[p61], self.pg3, 100) + + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg3.local_mac) + self.assertEqual(rx[Ether].dst, self.pg3.remote_mac) + self.assertEqual(rx[IPv6].src, self.pg2.remote_ip6) + self.assertEqual(rx[IPv6].dst, self.pg3.remote_ip6) + self.assertEqual(rx[IPv6].plen, 65220) # 65200 + 20 (TCP) + self.assertEqual(rx[TCP].sport, 1234) + self.assertEqual(rx[TCP].dport, 1234) + # # Send jumbo frame with gso enabled only on input interface # and DF bit is set. GSO packet will be chunked into gso_size # data payload # - self.create_pg_interfaces(range(4, 5)) - for i in self.pg_interfaces: - i.admin_up() - i.config_ip4() - i.config_ip6() - i.disable_ipv6_ra() - i.resolve_arp() - i.resolve_ndp() - - self.vapi.feature_gso_enable_disable(self.pg4.sw_if_index) + self.vapi.feature_gso_enable_disable(sw_if_index=self.pg0.sw_if_index, + enable_disable=1) p42 = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) / - IP(src=self.pg2.remote_ip4, dst=self.pg4.remote_ip4, + IP(src=self.pg2.remote_ip4, dst=self.pg0.remote_ip4, flags='DF') / TCP(sport=1234, dport=1234) / Raw(b'\xa5' * 65200)) - rxs = self.send_and_expect(self.pg2, [p42], self.pg4, 45) + rxs = self.send_and_expect(self.pg2, 5*[p42], self.pg0, 225) size = 0 for rx in rxs: - self.assertEqual(rx[Ether].src, self.pg4.local_mac) - self.assertEqual(rx[Ether].dst, self.pg4.remote_mac) + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) self.assertEqual(rx[IP].src, self.pg2.remote_ip4) - self.assertEqual(rx[IP].dst, self.pg4.remote_ip4) + self.assertEqual(rx[IP].dst, self.pg0.remote_ip4) + payload_len = rx[IP].len - 20 - 20 # len - 20 (IP4) - 20 (TCP) + self.assert_ip_checksum_valid(rx) + self.assert_tcp_checksum_valid(rx) self.assertEqual(rx[TCP].sport, 1234) self.assertEqual(rx[TCP].dport, 1234) + self.assertEqual(payload_len, len(rx[Raw])) + size += payload_len + self.assertEqual(size, 65200*5) - size = rxs[44][TCP].seq + rxs[44][IP].len - 20 - 20 - self.assertEqual(size, 65200) + # + # ipv6 + # + p62 = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) / + IPv6(src=self.pg2.remote_ip6, dst=self.pg0.remote_ip6) / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, 5*[p62], self.pg0, 225) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IPv6].src, self.pg2.remote_ip6) + self.assertEqual(rx[IPv6].dst, self.pg0.remote_ip6) + payload_len = rx[IPv6].plen - 20 + self.assert_tcp_checksum_valid(rx) + self.assertEqual(rx[TCP].sport, 1234) + self.assertEqual(rx[TCP].dport, 1234) + self.assertEqual(payload_len, len(rx[Raw])) + size += payload_len + self.assertEqual(size, 65200*5) # # Send jumbo frame with gso enabled only on input interface # and DF bit is unset. GSO packet will be fragmented. # self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index, [576, 0, 0, 0]) + self.vapi.feature_gso_enable_disable(sw_if_index=self.pg1.sw_if_index, + enable_disable=1) p43 = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) / IP(src=self.pg2.remote_ip4, dst=self.pg1.remote_ip4) / TCP(sport=1234, dport=1234) / Raw(b'\xa5' * 65200)) - rxs = self.send_and_expect(self.pg2, [p43], self.pg1, 119) + rxs = self.send_and_expect(self.pg2, 5*[p43], self.pg1, 5*119) size = 0 for rx in rxs: self.assertEqual(rx[Ether].src, self.pg1.local_mac) self.assertEqual(rx[Ether].dst, self.pg1.remote_mac) self.assertEqual(rx[IP].src, self.pg2.remote_ip4) self.assertEqual(rx[IP].dst, self.pg1.remote_ip4) + self.assert_ip_checksum_valid(rx) size += rx[IP].len - 20 - size -= 20 # TCP header - self.assertEqual(size, 65200) + size -= 20*5 # TCP header + self.assertEqual(size, 65200*5) + + # + # IPv6 + # Send jumbo frame with gso enabled only on input interface. + # ICMPv6 Packet Too Big will be sent back to sender. + # + self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index, [1280, 0, 0, 0]) + p63 = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) / + IPv6(src=self.pg2.remote_ip6, dst=self.pg1.remote_ip6) / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, 5*[p63], self.pg2, 5) + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg2.local_mac) + self.assertEqual(rx[Ether].dst, self.pg2.remote_mac) + self.assertEqual(rx[IPv6].src, self.pg2.local_ip6) + self.assertEqual(rx[IPv6].dst, self.pg2.remote_ip6) + self.assertEqual(rx[IPv6].plen, 1240) # MTU - IPv6 header + self.assertEqual(ipv6nh[rx[IPv6].nh], "ICMPv6") + self.assertEqual(rx[ICMPv6PacketTooBig].mtu, 1280) + self.assertEqual(rx[IPerror6].src, self.pg2.remote_ip6) + self.assertEqual(rx[IPerror6].dst, self.pg1.remote_ip6) + self.assertEqual(rx[IPerror6].plen - 20, 65200) # # Send jumbo frame with gso enabled only on input interface with 9K MTU - # and DF bit is unset. GSO packet will be fragmented. GSO size will be - # 8960. + # and DF bit is unset. GSO packet will be fragmented. MSS is 8960. GSO + # size will be min(MSS, 2048 - 14 - 20) vlib_buffer_t size # self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index, [9000, 0, 0, 0]) - self.create_pg_interfaces(range(5, 6), 1, 8960) - for i in self.pg_interfaces: - i.admin_up() - i.config_ip4() - i.config_ip6() - i.disable_ipv6_ra() - i.resolve_arp() - i.resolve_ndp() - - self.vapi.sw_interface_set_mtu(self.pg5.sw_if_index, [9000, 0, 0, 0]) - self.vapi.feature_gso_enable_disable(self.pg1.sw_if_index) - p44 = (Ether(src=self.pg5.remote_mac, dst=self.pg5.local_mac) / - IP(src=self.pg5.remote_ip4, dst=self.pg1.remote_ip4) / + self.vapi.sw_interface_set_mtu(self.pg4.sw_if_index, [9000, 0, 0, 0]) + p44 = (Ether(src=self.pg4.remote_mac, dst=self.pg4.local_mac) / + IP(src=self.pg4.remote_ip4, dst=self.pg1.remote_ip4) / TCP(sport=1234, dport=1234) / Raw(b'\xa5' * 65200)) - self.pg1.enable_capture() - rxs = self.send_and_expect(self.pg5, [p44], self.pg1, 33) + rxs = self.send_and_expect(self.pg4, 5*[p44], self.pg1, 165) size = 0 for rx in rxs: self.assertEqual(rx[Ether].src, self.pg1.local_mac) self.assertEqual(rx[Ether].dst, self.pg1.remote_mac) - self.assertEqual(rx[IP].src, self.pg5.remote_ip4) + self.assertEqual(rx[IP].src, self.pg4.remote_ip4) self.assertEqual(rx[IP].dst, self.pg1.remote_ip4) - size = rxs[32][TCP].seq + rxs[32][IP].len - 20 - 20 + payload_len = rx[IP].len - 20 - 20 # len - 20 (IP4) - 20 (TCP) + self.assert_ip_checksum_valid(rx) + self.assert_tcp_checksum_valid(rx) + self.assertEqual(payload_len, len(rx[Raw])) + size += payload_len + self.assertEqual(size, 65200*5) + + # + # IPv6 + # + p64 = (Ether(src=self.pg4.remote_mac, dst=self.pg4.local_mac) / + IPv6(src=self.pg4.remote_ip6, dst=self.pg1.remote_ip6) / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg4, 5*[p64], self.pg1, 170) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg1.local_mac) + self.assertEqual(rx[Ether].dst, self.pg1.remote_mac) + self.assertEqual(rx[IPv6].src, self.pg4.remote_ip6) + self.assertEqual(rx[IPv6].dst, self.pg1.remote_ip6) + payload_len = rx[IPv6].plen - 20 + self.assert_tcp_checksum_valid(rx) + self.assertEqual(payload_len, len(rx[Raw])) + size += payload_len + self.assertEqual(size, 65200*5) + + self.vapi.feature_gso_enable_disable(sw_if_index=self.pg0.sw_if_index, + enable_disable=0) + self.vapi.feature_gso_enable_disable(sw_if_index=self.pg1.sw_if_index, + enable_disable=0) + + def test_gso_vxlan(self): + """ GSO VXLAN test """ + self.logger.info(self.vapi.cli("sh int addr")) + # + # Send jumbo frame with gso enabled only on input interface and + # create VXLAN VTEP on VPP pg0, and put vxlan_tunnel0 and pg2 + # into BD. + # + + # + # enable ipv4/vxlan + # + self.vxlan.add_vpp_config() + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=self.vxlan.sw_if_index, bd_id=self.single_tunnel_bd) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=self.pg2.sw_if_index, bd_id=self.single_tunnel_bd) + self.vapi.feature_gso_enable_disable(sw_if_index=self.pg0.sw_if_index, + enable_disable=1) + + # + # IPv4/IPv4 - VXLAN + # + p45 = (Ether(src=self.pg2.remote_mac, dst="02:fe:60:1e:a2:79") / + IP(src=self.pg2.remote_ip4, dst="172.16.3.3", flags='DF') / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, 5*[p45], self.pg0, 225) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IP].src, self.pg0.local_ip4) + self.assertEqual(rx[IP].dst, self.pg0.remote_ip4) + self.assert_ip_checksum_valid(rx) + self.assert_udp_checksum_valid(rx, ignore_zero_checksum=False) + self.assertEqual(rx[VXLAN].vni, 10) + inner = rx[VXLAN].payload + self.assertEqual(rx[IP].len - 20 - 8 - 8, len(inner)) + self.assertEqual(inner[Ether].src, self.pg2.remote_mac) + self.assertEqual(inner[Ether].dst, "02:fe:60:1e:a2:79") + self.assertEqual(inner[IP].src, self.pg2.remote_ip4) + self.assertEqual(inner[IP].dst, "172.16.3.3") + self.assert_ip_checksum_valid(inner) + self.assert_tcp_checksum_valid(inner) + payload_len = inner[IP].len - 20 - 20 + self.assertEqual(payload_len, len(inner[Raw])) + size += payload_len + self.assertEqual(size, 65200*5) + + # + # IPv4/IPv6 - VXLAN + # + p65 = (Ether(src=self.pg2.remote_mac, dst="02:fe:60:1e:a2:79") / + IPv6(src=self.pg2.remote_ip6, dst="fd01:3::3") / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, 5*[p65], self.pg0, 225) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IP].src, self.pg0.local_ip4) + self.assertEqual(rx[IP].dst, self.pg0.remote_ip4) + self.assert_ip_checksum_valid(rx) + self.assert_udp_checksum_valid(rx, ignore_zero_checksum=False) + self.assertEqual(rx[VXLAN].vni, 10) + inner = rx[VXLAN].payload + self.assertEqual(rx[IP].len - 20 - 8 - 8, len(inner)) + self.assertEqual(inner[Ether].src, self.pg2.remote_mac) + self.assertEqual(inner[Ether].dst, "02:fe:60:1e:a2:79") + self.assertEqual(inner[IPv6].src, self.pg2.remote_ip6) + self.assertEqual(inner[IPv6].dst, "fd01:3::3") + self.assert_tcp_checksum_valid(inner) + payload_len = inner[IPv6].plen - 20 + self.assertEqual(payload_len, len(inner[Raw])) + size += payload_len + self.assertEqual(size, 65200*5) + + # + # disable ipv4/vxlan + # + self.vxlan.remove_vpp_config() + + # + # enable ipv6/vxlan + # + self.vxlan2.add_vpp_config() + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=self.vxlan2.sw_if_index, + bd_id=self.single_tunnel_bd) + + # + # IPv6/IPv4 - VXLAN + # + p46 = (Ether(src=self.pg2.remote_mac, dst="02:fe:60:1e:a2:79") / + IP(src=self.pg2.remote_ip4, dst="172.16.3.3", flags='DF') / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, 5*[p46], self.pg0, 225) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IPv6].src, self.pg0.local_ip6) + self.assertEqual(rx[IPv6].dst, self.pg0.remote_ip6) + self.assert_udp_checksum_valid(rx, ignore_zero_checksum=False) + self.assertEqual(rx[VXLAN].vni, 10) + inner = rx[VXLAN].payload + self.assertEqual(rx[IPv6].plen - 8 - 8, len(inner)) + self.assertEqual(inner[Ether].src, self.pg2.remote_mac) + self.assertEqual(inner[Ether].dst, "02:fe:60:1e:a2:79") + self.assertEqual(inner[IP].src, self.pg2.remote_ip4) + self.assertEqual(inner[IP].dst, "172.16.3.3") + self.assert_ip_checksum_valid(inner) + self.assert_tcp_checksum_valid(inner) + payload_len = inner[IP].len - 20 - 20 + self.assertEqual(payload_len, len(inner[Raw])) + size += payload_len + self.assertEqual(size, 65200*5) + + # + # IPv6/IPv6 - VXLAN + # + p66 = (Ether(src=self.pg2.remote_mac, dst="02:fe:60:1e:a2:79") / + IPv6(src=self.pg2.remote_ip6, dst="fd01:3::3") / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, 5*[p66], self.pg0, 225) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IPv6].src, self.pg0.local_ip6) + self.assertEqual(rx[IPv6].dst, self.pg0.remote_ip6) + self.assert_udp_checksum_valid(rx, ignore_zero_checksum=False) + self.assertEqual(rx[VXLAN].vni, 10) + inner = rx[VXLAN].payload + self.assertEqual(rx[IPv6].plen - 8 - 8, len(inner)) + self.assertEqual(inner[Ether].src, self.pg2.remote_mac) + self.assertEqual(inner[Ether].dst, "02:fe:60:1e:a2:79") + self.assertEqual(inner[IPv6].src, self.pg2.remote_ip6) + self.assertEqual(inner[IPv6].dst, "fd01:3::3") + self.assert_tcp_checksum_valid(inner) + payload_len = inner[IPv6].plen - 20 + self.assertEqual(payload_len, len(inner[Raw])) + size += payload_len + self.assertEqual(size, 65200*5) + + # + # disable ipv4/vxlan + # + self.vxlan2.remove_vpp_config() + + self.vapi.feature_gso_enable_disable(sw_if_index=self.pg0.sw_if_index, + enable_disable=0) + + def test_gso_ipip(self): + """ GSO IPIP test """ + self.logger.info(self.vapi.cli("sh int addr")) + # + # Send jumbo frame with gso enabled only on input interface and + # create IPIP tunnel on VPP pg0. + # + self.vapi.feature_gso_enable_disable(sw_if_index=self.pg0.sw_if_index, + enable_disable=1) + + # + # enable ipip4 + # + self.ipip4.add_vpp_config() + + # Set interface up and enable IP on it + self.ipip4.admin_up() + self.ipip4.set_unnumbered(self.pg0.sw_if_index) + + # Add IPv4 routes via tunnel interface + self.ip4_via_ip4_tunnel = VppIpRoute( + self, "172.16.10.0", 24, + [VppRoutePath("0.0.0.0", + self.ipip4.sw_if_index, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP4)]) + self.ip4_via_ip4_tunnel.add_vpp_config() + + # + # IPv4/IPv4 - IPIP + # + p47 = (Ether(src=self.pg2.remote_mac, dst="02:fe:60:1e:a2:79") / + IP(src=self.pg2.remote_ip4, dst="172.16.10.3", flags='DF') / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, 5*[p47], self.pg0, 225) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IP].src, self.pg0.local_ip4) + self.assertEqual(rx[IP].dst, self.pg0.remote_ip4) + self.assert_ip_checksum_valid(rx) + self.assertEqual(rx[IP].proto, 4) # ipencap + inner = rx[IP].payload + self.assertEqual(rx[IP].len - 20, len(inner)) + self.assertEqual(inner[IP].src, self.pg2.remote_ip4) + self.assertEqual(inner[IP].dst, "172.16.10.3") + self.assert_ip_checksum_valid(inner) + self.assert_tcp_checksum_valid(inner) + payload_len = inner[IP].len - 20 - 20 + self.assertEqual(payload_len, len(inner[Raw])) + size += payload_len + self.assertEqual(size, 65200*5) + + self.ip6_via_ip4_tunnel = VppIpRoute( + self, "fd01:10::", 64, + [VppRoutePath("::", + self.ipip4.sw_if_index, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP6)]) + self.ip6_via_ip4_tunnel.add_vpp_config() + # + # IPv4/IPv6 - IPIP + # + p67 = (Ether(src=self.pg2.remote_mac, dst="02:fe:60:1e:a2:79") / + IPv6(src=self.pg2.remote_ip6, dst="fd01:10::3") / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, 5*[p67], self.pg0, 225) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IP].src, self.pg0.local_ip4) + self.assertEqual(rx[IP].dst, self.pg0.remote_ip4) + self.assert_ip_checksum_valid(rx) + self.assertEqual(rx[IP].proto, 41) # ipv6 + inner = rx[IP].payload + self.assertEqual(rx[IP].len - 20, len(inner)) + self.assertEqual(inner[IPv6].src, self.pg2.remote_ip6) + self.assertEqual(inner[IPv6].dst, "fd01:10::3") + self.assert_tcp_checksum_valid(inner) + payload_len = inner[IPv6].plen - 20 + self.assertEqual(payload_len, len(inner[Raw])) + size += payload_len + self.assertEqual(size, 65200*5) + + # + # Send jumbo frame with gso enabled only on input interface and + # create IPIP tunnel on VPP pg0. Enable gso feature node on ipip + # tunnel - IPSec use case + # + self.vapi.feature_gso_enable_disable(sw_if_index=self.pg0.sw_if_index, + enable_disable=0) + self.vapi.feature_gso_enable_disable( + sw_if_index=self.ipip4.sw_if_index, + enable_disable=1) + + rxs = self.send_and_expect(self.pg2, 5*[p47], self.pg0, 225) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IP].src, self.pg0.local_ip4) + self.assertEqual(rx[IP].dst, self.pg0.remote_ip4) + self.assert_ip_checksum_valid(rx) + self.assertEqual(rx[IP].proto, 4) # ipencap + inner = rx[IP].payload + self.assertEqual(rx[IP].len - 20, len(inner)) + self.assertEqual(inner[IP].src, self.pg2.remote_ip4) + self.assertEqual(inner[IP].dst, "172.16.10.3") + self.assert_ip_checksum_valid(inner) + self.assert_tcp_checksum_valid(inner) + payload_len = inner[IP].len - 20 - 20 + self.assertEqual(payload_len, len(inner[Raw])) + size += payload_len + self.assertEqual(size, 65200*5) + + # + # disable ipip4 + # + self.vapi.feature_gso_enable_disable( + sw_if_index=self.ipip4.sw_if_index, + enable_disable=0) + self.ip4_via_ip4_tunnel.remove_vpp_config() + self.ip6_via_ip4_tunnel.remove_vpp_config() + self.ipip4.remove_vpp_config() + + # + # enable ipip6 + # + self.vapi.feature_gso_enable_disable(sw_if_index=self.pg0.sw_if_index, + enable_disable=1) + self.ipip6.add_vpp_config() + + # Set interface up and enable IP on it + self.ipip6.admin_up() + self.ipip6.set_unnumbered(self.pg0.sw_if_index) + + # Add IPv4 routes via tunnel interface + self.ip4_via_ip6_tunnel = VppIpRoute( + self, "172.16.10.0", 24, + [VppRoutePath("0.0.0.0", + self.ipip6.sw_if_index, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP4)]) + self.ip4_via_ip6_tunnel.add_vpp_config() + + # + # IPv6/IPv4 - IPIP + # + p48 = (Ether(src=self.pg2.remote_mac, dst="02:fe:60:1e:a2:79") / + IP(src=self.pg2.remote_ip4, dst="172.16.10.3", flags='DF') / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, 5*[p48], self.pg0, 225) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IPv6].src, self.pg0.local_ip6) + self.assertEqual(rx[IPv6].dst, self.pg0.remote_ip6) + self.assertEqual(ipv6nh[rx[IPv6].nh], "IP") + inner = rx[IPv6].payload + self.assertEqual(rx[IPv6].plen, len(inner)) + self.assertEqual(inner[IP].src, self.pg2.remote_ip4) + self.assertEqual(inner[IP].dst, "172.16.10.3") + self.assert_ip_checksum_valid(inner) + self.assert_tcp_checksum_valid(inner) + payload_len = inner[IP].len - 20 - 20 + self.assertEqual(payload_len, len(inner[Raw])) + size += payload_len + self.assertEqual(size, 65200*5) + + self.ip6_via_ip6_tunnel = VppIpRoute( + self, "fd01:10::", 64, + [VppRoutePath("::", + self.ipip6.sw_if_index, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP6)]) + self.ip6_via_ip6_tunnel.add_vpp_config() + + # + # IPv6/IPv6 - IPIP + # + p68 = (Ether(src=self.pg2.remote_mac, dst="02:fe:60:1e:a2:79") / + IPv6(src=self.pg2.remote_ip6, dst="fd01:10::3") / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, 5*[p68], self.pg0, 225) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IPv6].src, self.pg0.local_ip6) + self.assertEqual(rx[IPv6].dst, self.pg0.remote_ip6) + self.assertEqual(ipv6nh[rx[IPv6].nh], "IPv6") + inner = rx[IPv6].payload + self.assertEqual(rx[IPv6].plen, len(inner)) + self.assertEqual(inner[IPv6].src, self.pg2.remote_ip6) + self.assertEqual(inner[IPv6].dst, "fd01:10::3") + self.assert_tcp_checksum_valid(inner) + payload_len = inner[IPv6].plen - 20 + self.assertEqual(payload_len, len(inner[Raw])) + size += payload_len + self.assertEqual(size, 65200*5) + + # + # disable ipip6 + # + self.ip4_via_ip6_tunnel.remove_vpp_config() + self.ip6_via_ip6_tunnel.remove_vpp_config() + self.ipip6.remove_vpp_config() + + self.vapi.feature_gso_enable_disable(sw_if_index=self.pg0.sw_if_index, + enable_disable=0) + + def test_gso_ipsec(self): + """ GSO IPSEC test """ + # + # Send jumbo frame with gso enabled only on input interface and + # create IPIP tunnel on VPP pg0. + # + + # + # enable ipip4 + # + self.ipip4.add_vpp_config() + self.vapi.feature_gso_enable_disable( + sw_if_index=self.ipip4.sw_if_index, enable_disable=1) + + # Add IPv4 routes via tunnel interface + self.ip4_via_ip4_tunnel = VppIpRoute( + self, "172.16.10.0", 24, + [VppRoutePath("0.0.0.0", + self.ipip4.sw_if_index, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP4)]) + self.ip4_via_ip4_tunnel.add_vpp_config() + + # IPSec config + self.ipv4_params = IPsecIPv4Params() + self.encryption_type = ESP + config_tun_params(self.ipv4_params, self.encryption_type, self.ipip4) + + self.tun_sa_in_v4 = VppIpsecSA(self, self.ipv4_params.vpp_tun_sa_id, + self.ipv4_params.vpp_tun_spi, + self.ipv4_params.auth_algo_vpp_id, + self.ipv4_params.auth_key, + self.ipv4_params.crypt_algo_vpp_id, + self.ipv4_params.crypt_key, + VppEnum.vl_api_ipsec_proto_t. + IPSEC_API_PROTO_ESP) + self.tun_sa_in_v4.add_vpp_config() + + self.tun_sa_out_v4 = VppIpsecSA(self, self.ipv4_params.scapy_tun_sa_id, + self.ipv4_params.scapy_tun_spi, + self.ipv4_params.auth_algo_vpp_id, + self.ipv4_params.auth_key, + self.ipv4_params.crypt_algo_vpp_id, + self.ipv4_params.crypt_key, + VppEnum.vl_api_ipsec_proto_t. + IPSEC_API_PROTO_ESP) + self.tun_sa_out_v4.add_vpp_config() + + self.tun_protect_v4 = VppIpsecTunProtect(self, + self.ipip4, + self.tun_sa_out_v4, + [self.tun_sa_in_v4]) + + self.tun_protect_v4.add_vpp_config() + + # Set interface up and enable IP on it + self.ipip4.admin_up() + self.ipip4.set_unnumbered(self.pg0.sw_if_index) + + # + # IPv4/IPv4 - IPSEC + # + ipsec44 = (Ether(src=self.pg2.remote_mac, dst="02:fe:60:1e:a2:79") / + IP(src=self.pg2.remote_ip4, dst="172.16.10.3", flags='DF') / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, [ipsec44], self.pg0, 45) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IP].src, self.pg0.local_ip4) + self.assertEqual(rx[IP].dst, self.pg0.remote_ip4) + self.assertEqual(rx[IP].proto, 50) # ESP + self.assertEqual(rx[ESP].spi, self.ipv4_params.scapy_tun_spi) + inner = self.ipv4_params.vpp_tun_sa.decrypt(rx[IP]) + self.assertEqual(inner[IP].src, self.pg2.remote_ip4) + self.assertEqual(inner[IP].dst, "172.16.10.3") + size += inner[IP].len - 20 - 20 + self.assertEqual(size, 65200) + + self.ip6_via_ip4_tunnel = VppIpRoute( + self, "fd01:10::", 64, + [VppRoutePath("::", + self.ipip4.sw_if_index, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP6)]) + self.ip6_via_ip4_tunnel.add_vpp_config() + # + # IPv4/IPv6 - IPSEC + # + ipsec46 = (Ether(src=self.pg2.remote_mac, dst="02:fe:60:1e:a2:79") / + IPv6(src=self.pg2.remote_ip6, dst="fd01:10::3") / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, [ipsec46], self.pg0, 45) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IP].src, self.pg0.local_ip4) + self.assertEqual(rx[IP].dst, self.pg0.remote_ip4) + self.assertEqual(rx[IP].proto, 50) # ESP + self.assertEqual(rx[ESP].spi, self.ipv4_params.scapy_tun_spi) + inner = self.ipv4_params.vpp_tun_sa.decrypt(rx[IP]) + self.assertEqual(inner[IPv6].src, self.pg2.remote_ip6) + self.assertEqual(inner[IPv6].dst, "fd01:10::3") + size += inner[IPv6].plen - 20 self.assertEqual(size, 65200) + # disable IPSec + self.tun_protect_v4.remove_vpp_config() + self.tun_sa_in_v4.remove_vpp_config() + self.tun_sa_out_v4.remove_vpp_config() + + # + # disable ipip4 + # + self.vapi.feature_gso_enable_disable(self.ipip4.sw_if_index, + enable_disable=0) + self.ip4_via_ip4_tunnel.remove_vpp_config() + self.ip6_via_ip4_tunnel.remove_vpp_config() + self.ipip4.remove_vpp_config() + + # + # enable ipip6 + # + self.ipip6.add_vpp_config() + self.vapi.feature_gso_enable_disable(self.ipip6.sw_if_index, + enable_disable=1) + + # Set interface up and enable IP on it + self.ipip6.admin_up() + self.ipip6.set_unnumbered(self.pg0.sw_if_index) + + # Add IPv4 routes via tunnel interface + self.ip4_via_ip6_tunnel = VppIpRoute( + self, "172.16.10.0", 24, + [VppRoutePath("0.0.0.0", + self.ipip6.sw_if_index, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP4)]) + self.ip4_via_ip6_tunnel.add_vpp_config() + + # IPSec config + self.ipv6_params = IPsecIPv6Params() + self.encryption_type = ESP + config_tun_params(self.ipv6_params, self.encryption_type, self.ipip6) + self.tun_sa_in_v6 = VppIpsecSA(self, self.ipv6_params.vpp_tun_sa_id, + self.ipv6_params.vpp_tun_spi, + self.ipv6_params.auth_algo_vpp_id, + self.ipv6_params.auth_key, + self.ipv6_params.crypt_algo_vpp_id, + self.ipv6_params.crypt_key, + VppEnum.vl_api_ipsec_proto_t. + IPSEC_API_PROTO_ESP) + self.tun_sa_in_v6.add_vpp_config() + + self.tun_sa_out_v6 = VppIpsecSA(self, self.ipv6_params.scapy_tun_sa_id, + self.ipv6_params.scapy_tun_spi, + self.ipv6_params.auth_algo_vpp_id, + self.ipv6_params.auth_key, + self.ipv6_params.crypt_algo_vpp_id, + self.ipv6_params.crypt_key, + VppEnum.vl_api_ipsec_proto_t. + IPSEC_API_PROTO_ESP) + self.tun_sa_out_v6.add_vpp_config() + + self.tun_protect_v6 = VppIpsecTunProtect(self, + self.ipip6, + self.tun_sa_out_v6, + [self.tun_sa_in_v6]) + + self.tun_protect_v6.add_vpp_config() + + # + # IPv6/IPv4 - IPSEC + # + ipsec64 = (Ether(src=self.pg2.remote_mac, dst="02:fe:60:1e:a2:79") / + IP(src=self.pg2.remote_ip4, dst="172.16.10.3", flags='DF') / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, [ipsec64], self.pg0, 45) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IPv6].src, self.pg0.local_ip6) + self.assertEqual(rx[IPv6].dst, self.pg0.remote_ip6) + self.assertEqual(ipv6nh[rx[IPv6].nh], "ESP Header") + self.assertEqual(rx[ESP].spi, self.ipv6_params.scapy_tun_spi) + inner = self.ipv6_params.vpp_tun_sa.decrypt(rx[IPv6]) + self.assertEqual(inner[IP].src, self.pg2.remote_ip4) + self.assertEqual(inner[IP].dst, "172.16.10.3") + size += inner[IP].len - 20 - 20 + self.assertEqual(size, 65200) + + self.ip6_via_ip6_tunnel = VppIpRoute( + self, "fd01:10::", 64, + [VppRoutePath("::", + self.ipip6.sw_if_index, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP6)]) + self.ip6_via_ip6_tunnel.add_vpp_config() + + # + # IPv6/IPv6 - IPSEC + # + ipsec66 = (Ether(src=self.pg2.remote_mac, dst="02:fe:60:1e:a2:79") / + IPv6(src=self.pg2.remote_ip6, dst="fd01:10::3") / + TCP(sport=1234, dport=1234) / + Raw(b'\xa5' * 65200)) + + rxs = self.send_and_expect(self.pg2, [ipsec66], self.pg0, 45) + size = 0 + for rx in rxs: + self.assertEqual(rx[Ether].src, self.pg0.local_mac) + self.assertEqual(rx[Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[IPv6].src, self.pg0.local_ip6) + self.assertEqual(rx[IPv6].dst, self.pg0.remote_ip6) + self.assertEqual(ipv6nh[rx[IPv6].nh], "ESP Header") + self.assertEqual(rx[ESP].spi, self.ipv6_params.scapy_tun_spi) + inner = self.ipv6_params.vpp_tun_sa.decrypt(rx[IPv6]) + self.assertEqual(inner[IPv6].src, self.pg2.remote_ip6) + self.assertEqual(inner[IPv6].dst, "fd01:10::3") + size += inner[IPv6].plen - 20 + self.assertEqual(size, 65200) + + # disable IPSec + self.tun_protect_v6.remove_vpp_config() + self.tun_sa_in_v6.remove_vpp_config() + self.tun_sa_out_v6.remove_vpp_config() + + # + # disable ipip6 + # + self.ip4_via_ip6_tunnel.remove_vpp_config() + self.ip6_via_ip6_tunnel.remove_vpp_config() + self.ipip6.remove_vpp_config() + + self.vapi.feature_gso_enable_disable(self.pg0.sw_if_index, + enable_disable=0) + if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)