X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_nat.py;h=286c74a8037a4d88c0a532abf5e68816273d8bc9;hb=69ce30d6ab7c6afba475b25bb32542b1e955b91d;hp=4ae2850678d20b432a097b0cf97fa6c77d83c739;hpb=c746a15272f1430926cdd3d00745e19a8fe596dc;p=vpp.git diff --git a/test/test_nat.py b/test/test_nat.py index 4ae2850678d..286c74a8037 100644 --- a/test/test_nat.py +++ b/test/test_nat.py @@ -108,7 +108,6 @@ class MethodHolder(VppTestCase): lb_sm.external_addr, lb_sm.external_port, lb_sm.protocol, - vrf_id=lb_sm.vrf_id, twice_nat=lb_sm.twice_nat, self_twice_nat=lb_sm.self_twice_nat, out2in_only=lb_sm.out2in_only, @@ -137,6 +136,7 @@ class MethodHolder(VppTestCase): self.vapi.nat_set_reass() self.vapi.nat_set_reass(is_ip6=1) + self.verify_no_nat44_user() def nat44_add_static_mapping(self, local_ip, external_ip='0.0.0.0', local_port=0, external_port=0, vrf_id=0, @@ -988,6 +988,11 @@ class MethodHolder(VppTestCase): # postNAPTDestinationTransportPort self.assertEqual(struct.pack("!H", dst_port), record[228]) + def verify_no_nat44_user(self): + """ Verify that there is no NAT44 user """ + users = self.vapi.nat44_user_dump() + self.assertEqual(len(users), 0) + class TestNAT44(MethodHolder): """ NAT44 Test Cases """ @@ -1253,7 +1258,7 @@ class TestNAT44(MethodHolder): self.verify_capture_out(capture, same_port=True, packet_num=1) self.assert_equal(capture[0][IP].proto, IP_PROTOS.icmp) - def _test_forwarding(self): + def test_forwarding(self): """ NAT44 forwarding test """ self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) @@ -1267,7 +1272,7 @@ class TestNAT44(MethodHolder): external_ip=alias_ip) try: - # in2out - static mapping match + # static mapping match pkts = self.create_stream_out(self.pg1) self.pg1.add_stream(pkts) @@ -1283,7 +1288,7 @@ class TestNAT44(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.verify_capture_out(capture, same_port=True) - # in2out - no static mapping match + # no static mapping match host0 = self.pg0.remote_hosts[0] self.pg0.remote_hosts[0] = self.pg0.remote_hosts[1] @@ -1307,19 +1312,6 @@ class TestNAT44(MethodHolder): finally: self.pg0.remote_hosts[0] = host0 - user = self.pg0.remote_hosts[1] - sessions = self.vapi.nat44_user_session_dump(user.ip4n, 0) - self.assertEqual(len(sessions), 3) - self.assertTrue(sessions[0].ext_host_valid) - self.vapi.nat44_del_session( - sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, - ext_host_address=sessions[0].ext_host_address, - ext_host_port=sessions[0].ext_host_port) - sessions = self.vapi.nat44_user_session_dump(user.ip4n, 0) - self.assertEqual(len(sessions), 2) - finally: self.vapi.nat44_forwarding_enable_disable(0) self.vapi.nat44_add_del_static_mapping(local_ip=real_ip, @@ -2383,6 +2375,8 @@ class TestNAT44(MethodHolder): self.pg1.set_table_ip4(vrf_id2) self.pg0.config_ip4() self.pg1.config_ip4() + self.pg0.resolve_arp() + self.pg1.resolve_arp() self.nat44_add_address(nat_ip1, vrf_id=vrf_id1) self.nat44_add_address(nat_ip2, vrf_id=vrf_id2) @@ -2391,28 +2385,34 @@ class TestNAT44(MethodHolder): self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index, is_inside=0) - # first VRF - pkts = self.create_stream_in(self.pg0, self.pg2) - self.pg0.add_stream(pkts) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - capture = self.pg2.get_capture(len(pkts)) - self.verify_capture_out(capture, nat_ip1) + try: + # first VRF + pkts = self.create_stream_in(self.pg0, self.pg2) + self.pg0.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg2.get_capture(len(pkts)) + self.verify_capture_out(capture, nat_ip1) - # second VRF - pkts = self.create_stream_in(self.pg1, self.pg2) - self.pg1.add_stream(pkts) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - capture = self.pg2.get_capture(len(pkts)) - self.verify_capture_out(capture, nat_ip2) + # second VRF + pkts = self.create_stream_in(self.pg1, self.pg2) + self.pg1.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg2.get_capture(len(pkts)) + self.verify_capture_out(capture, nat_ip2) - self.pg0.unconfig_ip4() - self.pg1.unconfig_ip4() - self.pg0.set_table_ip4(0) - self.pg1.set_table_ip4(0) - self.vapi.ip_table_add_del(vrf_id1, is_add=0) - self.vapi.ip_table_add_del(vrf_id2, is_add=0) + finally: + self.pg0.unconfig_ip4() + self.pg1.unconfig_ip4() + self.pg0.set_table_ip4(0) + self.pg1.set_table_ip4(0) + self.pg0.config_ip4() + self.pg1.config_ip4() + self.pg0.resolve_arp() + self.pg1.resolve_arp() + self.vapi.ip_table_add_del(vrf_id1, is_add=0) + self.vapi.ip_table_add_del(vrf_id2, is_add=0) def test_vrf_feature_independent(self): """ NAT44 tenant VRF independent address pool mode """ @@ -2915,6 +2915,12 @@ class TestNAT44(MethodHolder): sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) self.assertEqual(nsessions - len(sessions), 2) + self.vapi.nat44_del_session(sessions[0].inside_ip_address, + sessions[0].inside_port, + sessions[0].protocol) + + self.verify_no_nat44_user() + def test_set_get_reass(self): """ NAT44 set/get virtual fragmentation reassembly """ reas_cfg1 = self.vapi.nat_get_reass() @@ -3143,6 +3149,74 @@ class TestNAT44(MethodHolder): self.verify_ipfix_max_fragments_ip4(data, 0, self.pg0.remote_ip4n) + def test_multiple_outside_vrf(self): + """ Multiple outside VRF """ + vrf_id1 = 1 + vrf_id2 = 2 + + self.pg1.unconfig_ip4() + self.pg2.unconfig_ip4() + self.vapi.ip_table_add_del(vrf_id1, is_add=1) + self.vapi.ip_table_add_del(vrf_id2, is_add=1) + self.pg1.set_table_ip4(vrf_id1) + self.pg2.set_table_ip4(vrf_id2) + self.pg1.config_ip4() + self.pg2.config_ip4() + self.pg1.resolve_arp() + self.pg2.resolve_arp() + + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) + self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index, + is_inside=0) + + try: + # first VRF + pkts = self.create_stream_in(self.pg0, self.pg1) + self.pg0.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg1.get_capture(len(pkts)) + self.verify_capture_out(capture, self.nat_addr) + + pkts = self.create_stream_out(self.pg1, self.nat_addr) + self.pg1.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg0.get_capture(len(pkts)) + self.verify_capture_in(capture, self.pg0) + + self.tcp_port_in = 60303 + self.udp_port_in = 60304 + self.icmp_id_in = 60305 + + # second VRF + pkts = self.create_stream_in(self.pg0, self.pg2) + self.pg0.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg2.get_capture(len(pkts)) + self.verify_capture_out(capture, self.nat_addr) + + pkts = self.create_stream_out(self.pg2, self.nat_addr) + self.pg2.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg0.get_capture(len(pkts)) + self.verify_capture_in(capture, self.pg0) + + finally: + self.pg1.unconfig_ip4() + self.pg2.unconfig_ip4() + self.pg1.set_table_ip4(0) + self.pg2.set_table_ip4(0) + self.pg1.config_ip4() + self.pg2.config_ip4() + self.pg1.resolve_arp() + self.pg2.resolve_arp() + def tearDown(self): super(TestNAT44, self).tearDown() if not self.vpp_dead: @@ -3183,7 +3257,7 @@ class TestNAT44EndpointDependent(MethodHolder): cls.ipfix_domain_id = 1 cls.tcp_external_port = 80 - cls.create_pg_interfaces(range(5)) + cls.create_pg_interfaces(range(7)) cls.interfaces = list(cls.pg_interfaces[0:3]) for i in cls.interfaces: @@ -3207,6 +3281,58 @@ class TestNAT44EndpointDependent(MethodHolder): cls.pg4._remote_hosts[1]._ip4 = cls.pg4._remote_hosts[0]._ip4 cls.pg4.resolve_arp() + zero_ip4n = socket.inet_pton(socket.AF_INET, "0.0.0.0") + cls.vapi.ip_table_add_del(1, is_add=1) + + cls.pg5._local_ip4 = "10.1.1.1" + cls.pg5._local_ip4n = socket.inet_pton(socket.AF_INET, + cls.pg5.local_ip4) + cls.pg5._remote_hosts[0]._ip4 = "10.1.1.2" + cls.pg5._remote_hosts[0]._ip4n = socket.inet_pton( + socket.AF_INET, cls.pg5.remote_ip4) + cls.pg5.set_table_ip4(1) + cls.pg5.config_ip4() + cls.pg5.admin_up() + cls.vapi.ip_add_del_route(dst_address=cls.pg5.remote_ip4n, + dst_address_length=32, + table_id=1, + next_hop_sw_if_index=cls.pg5.sw_if_index, + next_hop_address=zero_ip4n) + + cls.pg6._local_ip4 = "10.1.2.1" + cls.pg6._local_ip4n = socket.inet_pton(socket.AF_INET, + cls.pg6.local_ip4) + cls.pg6._remote_hosts[0]._ip4 = "10.1.2.2" + cls.pg6._remote_hosts[0]._ip4n = socket.inet_pton( + socket.AF_INET, cls.pg6.remote_ip4) + cls.pg6.set_table_ip4(1) + cls.pg6.config_ip4() + cls.pg6.admin_up() + cls.vapi.ip_add_del_route(dst_address=cls.pg6.remote_ip4n, + dst_address_length=32, + table_id=1, + next_hop_sw_if_index=cls.pg6.sw_if_index, + next_hop_address=zero_ip4n) + + cls.vapi.ip_add_del_route(dst_address=cls.pg6.remote_ip4n, + dst_address_length=16, + next_hop_address=zero_ip4n, + table_id=0, + next_hop_table_id=1) + cls.vapi.ip_add_del_route(dst_address=zero_ip4n, + dst_address_length=0, + next_hop_address=zero_ip4n, + table_id=1, + next_hop_table_id=0) + cls.vapi.ip_add_del_route(dst_address=zero_ip4n, + dst_address_length=0, + table_id=0, + next_hop_sw_if_index=cls.pg1.sw_if_index, + next_hop_address=cls.pg1.local_ip4n) + + cls.pg5.resolve_arp() + cls.pg6.resolve_arp() + except Exception: super(TestNAT44EndpointDependent, cls).tearDownClass() raise @@ -3219,6 +3345,9 @@ class TestNAT44EndpointDependent(MethodHolder): self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, is_inside=0) + nat_config = self.vapi.nat_show_config() + self.assertEqual(1, nat_config.endpoint_dependent) + # in2out pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -3318,10 +3447,12 @@ class TestNAT44EndpointDependent(MethodHolder): locals = [{'addr': server1.ip4n, 'port': local_port, - 'probability': 70}, + 'probability': 70, + 'vrf_id': 0}, {'addr': server2.ip4n, 'port': local_port, - 'probability': 30}] + 'probability': 30, + 'vrf_id': 0}] self.nat44_add_address(self.nat_addr) self.vapi.nat44_add_del_lb_static_mapping(external_addr_n, @@ -3400,10 +3531,12 @@ class TestNAT44EndpointDependent(MethodHolder): locals = [{'addr': server1.ip4n, 'port': local_port, - 'probability': 90}, + 'probability': 90, + 'vrf_id': 0}, {'addr': server2.ip4n, 'port': local_port, - 'probability': 10}] + 'probability': 10, + 'vrf_id': 0}] self.nat44_add_address(self.nat_addr) self.vapi.nat44_add_del_lb_static_mapping(external_addr_n, @@ -3445,10 +3578,12 @@ class TestNAT44EndpointDependent(MethodHolder): locals = [{'addr': server1.ip4n, 'port': local_port, - 'probability': 70}, + 'probability': 70, + 'vrf_id': 0}, {'addr': server2.ip4n, 'port': local_port, - 'probability': 30}] + 'probability': 30, + 'vrf_id': 0}] self.vapi.nat44_forwarding_enable_disable(1) self.vapi.nat44_add_del_lb_static_mapping(external_addr_n, @@ -3840,6 +3975,63 @@ class TestNAT44EndpointDependent(MethodHolder): self.logger.error(ppp("Unexpected or invalid packet:", p)) raise + def test_next_src_nat(self): + """ On way back forward packet to nat44-in2out node. """ + twice_nat_addr = '10.0.1.3' + external_port = 80 + local_port = 8080 + post_twice_nat_port = 0 + + self.vapi.nat44_forwarding_enable_disable(1) + self.nat44_add_address(twice_nat_addr, twice_nat=1) + self.nat44_add_static_mapping(self.pg6.remote_ip4, self.pg1.remote_ip4, + local_port, external_port, + proto=IP_PROTOS.tcp, out2in_only=1, + self_twice_nat=1, vrf_id=1) + self.vapi.nat44_interface_add_del_feature(self.pg6.sw_if_index, + is_inside=0) + + p = (Ether(src=self.pg6.remote_mac, dst=self.pg6.local_mac) / + IP(src=self.pg6.remote_ip4, dst=self.pg1.remote_ip4) / + TCP(sport=12345, dport=external_port)) + self.pg6.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg6.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.src, twice_nat_addr) + self.assertNotEqual(tcp.sport, 12345) + post_twice_nat_port = tcp.sport + self.assertEqual(ip.dst, self.pg6.remote_ip4) + self.assertEqual(tcp.dport, local_port) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + p = (Ether(src=self.pg6.remote_mac, dst=self.pg6.local_mac) / + IP(src=self.pg6.remote_ip4, dst=twice_nat_addr) / + TCP(sport=local_port, dport=post_twice_nat_port)) + self.pg6.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg6.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.src, self.pg1.remote_ip4) + self.assertEqual(tcp.sport, external_port) + self.assertEqual(ip.dst, self.pg6.remote_ip4) + self.assertEqual(tcp.dport, 12345) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + def twice_nat_common(self, self_twice_nat=False, same_pg=False, lb=False, client_id=None): twice_nat_addr = '10.0.1.3' @@ -3883,10 +4075,12 @@ class TestNAT44EndpointDependent(MethodHolder): else: locals = [{'addr': server1.ip4n, 'port': port_in1, - 'probability': 50}, + 'probability': 50, + 'vrf_id': 0}, {'addr': server2.ip4n, 'port': port_in2, - 'probability': 50}] + 'probability': 50, + 'vrf_id': 0}] out_addr_n = socket.inet_pton(socket.AF_INET, self.nat_addr) self.vapi.nat44_add_del_lb_static_mapping(out_addr_n, port_out, @@ -4422,6 +4616,299 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg0.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg0) + def test_multiple_vrf(self): + """ Multiple VRF setup """ + external_addr = '1.2.3.4' + external_port = 80 + local_port = 8080 + port = 0 + + self.vapi.nat44_forwarding_enable_disable(1) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, + is_inside=0) + self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index, + is_inside=0) + self.vapi.nat44_interface_add_del_feature(self.pg5.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg5.sw_if_index, + is_inside=0) + self.vapi.nat44_interface_add_del_feature(self.pg6.sw_if_index, + is_inside=0) + self.nat44_add_static_mapping(self.pg5.remote_ip4, external_addr, + local_port, external_port, vrf_id=1, + proto=IP_PROTOS.tcp, out2in_only=1) + self.nat44_add_static_mapping( + self.pg0.remote_ip4, external_sw_if_index=self.pg0.sw_if_index, + local_port=local_port, vrf_id=0, external_port=external_port, + proto=IP_PROTOS.tcp, out2in_only=1) + + # from client to service (both VRF1) + p = (Ether(src=self.pg6.remote_mac, dst=self.pg6.local_mac) / + IP(src=self.pg6.remote_ip4, dst=external_addr) / + TCP(sport=12345, dport=external_port)) + self.pg6.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg5.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.dst, self.pg5.remote_ip4) + self.assertEqual(tcp.dport, local_port) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + # from service back to client (both VRF1) + p = (Ether(src=self.pg5.remote_mac, dst=self.pg5.local_mac) / + IP(src=self.pg5.remote_ip4, dst=self.pg6.remote_ip4) / + TCP(sport=local_port, dport=12345)) + self.pg5.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg6.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.src, external_addr) + self.assertEqual(tcp.sport, external_port) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + # dynamic NAT from VRF1 to VRF0 (output-feature) + p = (Ether(src=self.pg5.remote_mac, dst=self.pg5.local_mac) / + IP(src=self.pg5.remote_ip4, dst=self.pg1.remote_ip4) / + TCP(sport=2345, dport=22)) + self.pg5.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg1.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.src, self.nat_addr) + self.assertNotEqual(tcp.sport, 2345) + self.assert_packet_checksums_valid(p) + port = tcp.sport + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / + TCP(sport=22, dport=port)) + self.pg1.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg5.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.dst, self.pg5.remote_ip4) + self.assertEqual(tcp.dport, 2345) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + # from client VRF1 to service VRF0 + p = (Ether(src=self.pg6.remote_mac, dst=self.pg6.local_mac) / + IP(src=self.pg6.remote_ip4, dst=self.pg0.local_ip4) / + TCP(sport=12346, dport=external_port)) + self.pg6.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg0.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.dst, self.pg0.remote_ip4) + self.assertEqual(tcp.dport, local_port) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + # from service VRF0 back to client VRF1 + p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_ip4, dst=self.pg6.remote_ip4) / + TCP(sport=local_port, dport=12346)) + self.pg0.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg6.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.src, self.pg0.local_ip4) + self.assertEqual(tcp.sport, external_port) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + # from client VRF0 to service VRF1 + p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_ip4, dst=external_addr) / + TCP(sport=12347, dport=external_port)) + self.pg0.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg5.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.dst, self.pg5.remote_ip4) + self.assertEqual(tcp.dport, local_port) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + # from service VRF1 back to client VRF0 + p = (Ether(src=self.pg5.remote_mac, dst=self.pg5.local_mac) / + IP(src=self.pg5.remote_ip4, dst=self.pg0.remote_ip4) / + TCP(sport=local_port, dport=12347)) + self.pg5.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg0.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.src, external_addr) + self.assertEqual(tcp.sport, external_port) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + # from client to server (both VRF1, no translation) + p = (Ether(src=self.pg6.remote_mac, dst=self.pg6.local_mac) / + IP(src=self.pg6.remote_ip4, dst=self.pg5.remote_ip4) / + TCP(sport=12348, dport=local_port)) + self.pg6.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg5.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.dst, self.pg5.remote_ip4) + self.assertEqual(tcp.dport, local_port) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + # from server back to client (both VRF1, no translation) + p = (Ether(src=self.pg5.remote_mac, dst=self.pg5.local_mac) / + IP(src=self.pg5.remote_ip4, dst=self.pg6.remote_ip4) / + TCP(sport=local_port, dport=12348)) + self.pg5.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg6.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.src, self.pg5.remote_ip4) + self.assertEqual(tcp.sport, local_port) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + # from client VRF1 to server VRF0 (no translation) + p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_ip4, dst=self.pg6.remote_ip4) / + TCP(sport=local_port, dport=12349)) + self.pg0.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg6.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.src, self.pg0.remote_ip4) + self.assertEqual(tcp.sport, local_port) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + # from server VRF0 back to client VRF1 (no translation) + p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_ip4, dst=self.pg6.remote_ip4) / + TCP(sport=local_port, dport=12349)) + self.pg0.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg6.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.src, self.pg0.remote_ip4) + self.assertEqual(tcp.sport, local_port) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + # from client VRF0 to server VRF1 (no translation) + p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_ip4, dst=self.pg5.remote_ip4) / + TCP(sport=12344, dport=local_port)) + self.pg0.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg5.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.dst, self.pg5.remote_ip4) + self.assertEqual(tcp.dport, local_port) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + + # from server VRF1 back to client VRF0 (no translation) + p = (Ether(src=self.pg5.remote_mac, dst=self.pg5.local_mac) / + IP(src=self.pg5.remote_ip4, dst=self.pg0.remote_ip4) / + TCP(sport=local_port, dport=12344)) + self.pg5.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg0.get_capture(1) + p = capture[0] + try: + ip = p[IP] + tcp = p[TCP] + self.assertEqual(ip.src, self.pg5.remote_ip4) + self.assertEqual(tcp.sport, local_port) + self.assert_packet_checksums_valid(p) + except: + self.logger.error(ppp("Unexpected or invalid packet:", p)) + raise + def tearDown(self): super(TestNAT44EndpointDependent, self).tearDown() if not self.vpp_dead: @@ -4495,6 +4982,9 @@ class TestNAT44Out2InDPO(MethodHolder): def test_464xlat_ce(self): """ Test 464XLAT CE with NAT44 """ + nat_config = self.vapi.nat_show_config() + self.assertEqual(1, nat_config.out2in_dpo) + self.configure_xlat() self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) @@ -5516,7 +6006,7 @@ class TestNAT64(MethodHolder): self.nat_addr_n) self.vapi.nat64_add_del_interface(self.pg0.sw_if_index) self.vapi.nat64_add_del_interface(self.pg1.sw_if_index, is_inside=0) - self.vapi.nat64_set_timeouts(icmp=5) + self.vapi.nat64_set_timeouts(icmp=5, tcp_trans=5, tcp_est=5) pkts = self.create_stream_in_ip6(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -5528,9 +6018,9 @@ class TestNAT64(MethodHolder): sleep(15) - # ICMP session after timeout + # ICMP and TCP session after timeout ses_num_after_timeout = self.nat64_get_ses_num() - self.assertNotEqual(ses_num_before_timeout, ses_num_after_timeout) + self.assertEqual(ses_num_before_timeout - ses_num_after_timeout, 2) def test_icmp_error(self): """ NAT64 ICMP Error message translation """ @@ -6477,6 +6967,9 @@ class TestDSlite(MethodHolder): def test_dslite(self): """ Test DS-Lite """ + nat_config = self.vapi.nat_show_config() + self.assertEqual(0, nat_config.dslite_ce) + self.vapi.dslite_add_del_pool_addr_range(self.nat_addr_n, self.nat_addr_n) aftr_ip4 = '192.0.0.1' @@ -6637,6 +7130,9 @@ class TestDSliteCE(MethodHolder): def test_dslite_ce(self): """ Test DS-Lite CE """ + nat_config = self.vapi.nat_show_config() + self.assertEqual(1, nat_config.dslite_ce) + b4_ip4 = '192.0.0.2' b4_ip4_n = socket.inet_pton(socket.AF_INET, b4_ip4) b4_ip6 = '2001:db8:62aa::375e:f4c1:1'