X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_nat.py;h=524301f302db5d6f95cc05dd8171f285218ae4e4;hb=ffba3c377;hp=e26aa27ddbd9b66c136723312dda75db836ba6eb;hpb=da41d729b9339528b6c9bd1e859792303d15eb78;p=vpp.git diff --git a/test/test_nat.py b/test/test_nat.py index e26aa27ddbd..524301f302d 100644 --- a/test/test_nat.py +++ b/test/test_nat.py @@ -3339,6 +3339,32 @@ class TestNAT44(MethodHolder): self.frag_in_order(proto=IP_PROTOS.udp) self.frag_in_order(proto=IP_PROTOS.icmp) + def test_frag_forwarding(self): + """ NAT44 forwarding fragment test """ + self.vapi.nat44_add_interface_addr(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) + self.vapi.nat44_forwarding_enable_disable(1) + + data = "A" * 16 + "B" * 16 + "C" * 3 + pkts = self.create_stream_frag(self.pg1, + self.pg0.remote_ip4, + 4789, + 4789, + data, + proto=IP_PROTOS.udp) + self.pg1.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + frags = self.pg0.get_capture(len(pkts)) + p = self.reass_frags_and_verify(frags, + self.pg1.remote_ip4, + self.pg0.remote_ip4) + self.assertEqual(p[UDP].sport, 4789) + self.assertEqual(p[UDP].dport, 4789) + self.assertEqual(data, p[Raw].load) + def test_reass_hairpinning(self): """ NAT44 fragments hairpinning """ @@ -4838,6 +4864,88 @@ class TestNAT44EndpointDependent(MethodHolder): adresses = self.vapi.nat44_address_dump() self.assertEqual(0, len(adresses)) + def test_tcp_close(self): + """ Close TCP session from inside network - output feature """ + self.vapi.nat44_forwarding_enable_disable(1) + self.nat44_add_address(self.pg1.local_ip4) + twice_nat_addr = '10.0.1.3' + service_ip = '192.168.16.150' + self.nat44_add_address(twice_nat_addr, twice_nat=1) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, + is_inside=0) + self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index, + is_inside=0) + self.nat44_add_static_mapping(self.pg0.remote_ip4, + service_ip, + 80, + 80, + proto=IP_PROTOS.tcp, + out2in_only=1, + twice_nat=1) + sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) + start_sessnum = len(sessions) + + # SYN packet out->in + p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / + IP(src=self.pg1.remote_ip4, dst=service_ip) / + TCP(sport=33898, dport=80, flags="S")) + self.pg1.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg0.get_capture(1) + p = capture[0] + tcp_port = p[TCP].sport + + # SYN + ACK packet in->out + p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_ip4, dst=twice_nat_addr) / + TCP(sport=80, dport=tcp_port, flags="SA")) + self.pg0.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + self.pg1.get_capture(1) + + # ACK packet out->in + p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / + IP(src=self.pg1.remote_ip4, dst=service_ip) / + TCP(sport=33898, dport=80, flags="A")) + self.pg1.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + self.pg0.get_capture(1) + + # FIN packet in -> out + p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_ip4, dst=twice_nat_addr) / + TCP(sport=80, dport=tcp_port, flags="FA", seq=100, ack=300)) + self.pg0.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + self.pg1.get_capture(1) + + # FIN+ACK packet out -> in + p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / + IP(src=self.pg1.remote_ip4, dst=service_ip) / + TCP(sport=33898, dport=80, flags="FA", seq=300, ack=101)) + self.pg1.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + self.pg0.get_capture(1) + + # ACK packet in -> out + p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_ip4, dst=twice_nat_addr) / + TCP(sport=80, dport=tcp_port, flags="A", seq=101, ack=301)) + self.pg0.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + self.pg1.get_capture(1) + + sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, + 0) + self.assertEqual(len(sessions) - start_sessnum, 0) + def test_tcp_session_close_in(self): """ Close TCP session from inside network """ self.tcp_port_out = 10505 @@ -5566,6 +5674,57 @@ class TestNAT44EndpointDependent(MethodHolder): nsessions = nsessions + user.nsessions self.assertLess(nsessions, 2 * max_sessions) + @unittest.skipUnless(running_extended_tests(), "part of extended tests") + def test_session_rst_timeout(self): + """ NAT44 session RST timeouts """ + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) + self.vapi.nat_set_timeouts(tcp_transitory=5) + + nat44_config = self.vapi.nat_show_config() + + self.initiate_tcp_session(self.pg0, self.pg1) + p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / + TCP(sport=self.tcp_port_in, dport=self.tcp_external_port, + flags="R")) + self.pg0.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + self.pg1.get_capture(1) + + pkts_num = nat44_config.max_translations_per_user - 1 + pkts = [] + for i in range(0, pkts_num): + p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / + IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / + UDP(sport=1025 + i, dport=53)) + pkts.append(p) + self.pg0.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + self.pg1.get_capture(pkts_num) + + sleep(6) + + p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / + TCP(sport=self.tcp_port_in + 1, dport=self.tcp_external_port + 1, + flags="S")) + self.pg0.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + self.pg1.get_capture(1) + + nsessions = 0 + users = self.vapi.nat44_user_dump() + self.assertEqual(len(users), 1) + self.assertEqual(users[0].ip_address, self.pg0.remote_ip4n) + self.assertEqual(users[0].nsessions, + nat44_config.max_translations_per_user) + @unittest.skipUnless(running_extended_tests(), "part of extended tests") def test_session_limit_per_user(self): """ Maximum sessions per user limit """ @@ -5704,6 +5863,7 @@ class TestNAT44Out2InDPO(MethodHolder): '\x00\x00\x00\x00', 0, is_translation=1, is_rfc6052=1) + @unittest.skip('Temporary disabled') def test_464xlat_ce(self): """ Test 464XLAT CE with NAT44 """ @@ -5742,6 +5902,7 @@ class TestNAT44Out2InDPO(MethodHolder): self.vapi.nat44_add_del_address_range(self.nat_addr_n, self.nat_addr_n, is_add=0) + @unittest.skip('Temporary disabled') def test_464xlat_ce_no_nat(self): """ Test 464XLAT CE without NAT44 """