X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_nat.py;h=81aae4bd59ef7095e365ca4e71bc20faf05843da;hb=defde0f87067eb473660794cbd4a2da69fdd191d;hp=b873074eccce6f1f5d8772339a3a967347233e85;hpb=7f99183a20d60cd5c648cc23d7a2f30a594a215b;p=vpp.git diff --git a/test/test_nat.py b/test/test_nat.py index b873074eccc..81aae4bd59e 100644 --- a/test/test_nat.py +++ b/test/test_nat.py @@ -18,7 +18,7 @@ from util import ppp from ipfix import IPFIX, Set, Template, Data, IPFIXDecoder from time import sleep from util import ip4_range -from vpp_mac import mactobinary +from vpp_papi import mac_pton from syslog_rfc5424_parser import SyslogMessage, ParseError from syslog_rfc5424_parser.constants import SyslogFacility, SyslogSeverity from vpp_papi_provider import SYSLOG_SEVERITY @@ -1507,13 +1507,21 @@ class TestNAT44(MethodHolder): def test_dynamic(self): """ NAT44 dynamic translation test """ - self.nat44_add_address(self.nat_addr) self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, is_inside=0) # in2out + tcpn = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/TCP packets') + udpn = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/UDP packets') + icmpn = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/ICMP packets') + totaln = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/good in2out packets processed') + pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -1521,7 +1529,26 @@ class TestNAT44(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.verify_capture_out(capture) + err = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/TCP packets') + self.assertEqual(err - tcpn, 1) + err = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/UDP packets') + self.assertEqual(err - udpn, 1) + err = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/ICMP packets') + self.assertEqual(err - icmpn, 1) + err = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/good in2out packets processed') + self.assertEqual(err - totaln, 3) + # out2in + tcpn = self.statistics.get_counter('/err/nat44-out2in/TCP packets') + udpn = self.statistics.get_counter('/err/nat44-out2in/UDP packets') + icmpn = self.statistics.get_counter('/err/nat44-out2in/ICMP packets') + totaln = self.statistics.get_counter( + '/err/nat44-out2in/good out2in packets processed') + pkts = self.create_stream_out(self.pg1) self.pg1.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -1529,6 +1556,16 @@ class TestNAT44(MethodHolder): capture = self.pg0.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg0) + err = self.statistics.get_counter('/err/nat44-out2in/TCP packets') + self.assertEqual(err - tcpn, 1) + err = self.statistics.get_counter('/err/nat44-out2in/UDP packets') + self.assertEqual(err - udpn, 1) + err = self.statistics.get_counter('/err/nat44-out2in/ICMP packets') + self.assertEqual(err - icmpn, 1) + err = self.statistics.get_counter( + '/err/nat44-out2in/good out2in packets processed') + self.assertEqual(err - totaln, 3) + def test_dynamic_icmp_errors_in2out_ttl_1(self): """ NAT44 handling of client packets with TTL=1 """ @@ -2682,7 +2719,7 @@ class TestNAT44(MethodHolder): data = ipfix.decode_data_set(p.getlayer(Set)) self.verify_ipfix_addr_exhausted(data) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_ipfix_max_sessions(self): """ IPFIX logging maximum session entries exceeded """ self.nat44_add_address(self.nat_addr) @@ -2915,11 +2952,11 @@ class TestNAT44(MethodHolder): """ NAT44 interfaces without configured IP address """ self.vapi.ip_neighbor_add_del(self.pg7.sw_if_index, - mactobinary(self.pg7.remote_mac), + mac_pton(self.pg7.remote_mac), self.pg7.remote_ip4n, is_static=1) self.vapi.ip_neighbor_add_del(self.pg8.sw_if_index, - mactobinary(self.pg8.remote_mac), + mac_pton(self.pg8.remote_mac), self.pg8.remote_ip4n, is_static=1) @@ -2957,11 +2994,11 @@ class TestNAT44(MethodHolder): """ NAT44 interfaces without configured IP address - 1:1 NAT """ self.vapi.ip_neighbor_add_del(self.pg7.sw_if_index, - mactobinary(self.pg7.remote_mac), + mac_pton(self.pg7.remote_mac), self.pg7.remote_ip4n, is_static=1) self.vapi.ip_neighbor_add_del(self.pg8.sw_if_index, - mactobinary(self.pg8.remote_mac), + mac_pton(self.pg8.remote_mac), self.pg8.remote_ip4n, is_static=1) @@ -3003,11 +3040,11 @@ class TestNAT44(MethodHolder): self.icmp_id_out = 30608 self.vapi.ip_neighbor_add_del(self.pg7.sw_if_index, - mactobinary(self.pg7.remote_mac), + mac_pton(self.pg7.remote_mac), self.pg7.remote_ip4n, is_static=1) self.vapi.ip_neighbor_add_del(self.pg8.sw_if_index, - mactobinary(self.pg8.remote_mac), + mac_pton(self.pg8.remote_mac), self.pg8.remote_ip4n, is_static=1) @@ -3356,6 +3393,11 @@ class TestNAT44(MethodHolder): self.logger.error(ppp("Unexpected or invalid packet:", p)) raise + err = self.statistics.get_counter('/err/nat44-classify/next in2out') + self.assertEqual(err, 1) + err = self.statistics.get_counter('/err/nat44-classify/next out2in') + self.assertEqual(err, 1) + def test_del_session(self): """ Delete NAT44 session """ self.nat44_add_address(self.nat_addr) @@ -3656,7 +3698,7 @@ class TestNAT44(MethodHolder): self.pg1.resolve_arp() self.pg2.resolve_arp() - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_timeout(self): """ NAT44 session timeouts """ self.nat44_add_address(self.nat_addr) @@ -4008,6 +4050,15 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertEqual(1, nat_config.endpoint_dependent) # in2out + tcpn = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/TCP packets') + udpn = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/UDP packets') + icmpn = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/ICMP packets') + totaln = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/good in2out packets processed') + pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -4015,7 +4066,27 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.verify_capture_out(capture) + err = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/TCP packets') + self.assertEqual(err - tcpn, 1) + err = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/UDP packets') + self.assertEqual(err - udpn, 1) + err = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/ICMP packets') + self.assertEqual(err - icmpn, 1) + err = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/good in2out packets processed') + self.assertEqual(err - totaln, 3) + # out2in + tcpn = self.statistics.get_counter('/err/nat44-ed-out2in/TCP packets') + udpn = self.statistics.get_counter('/err/nat44-ed-out2in/UDP packets') + icmpn = self.statistics.get_counter( + '/err/nat44-ed-out2in-slowpath/ICMP packets') + totaln = self.statistics.get_counter( + '/err/nat44-ed-out2in/good out2in packets processed') + pkts = self.create_stream_out(self.pg1) self.pg1.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -4023,6 +4094,17 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg0.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg0) + err = self.statistics.get_counter('/err/nat44-ed-out2in/TCP packets') + self.assertEqual(err - tcpn, 1) + err = self.statistics.get_counter('/err/nat44-ed-out2in/UDP packets') + self.assertEqual(err - udpn, 1) + err = self.statistics.get_counter( + '/err/nat44-ed-out2in-slowpath/ICMP packets') + self.assertEqual(err - icmpn, 1) + err = self.statistics.get_counter( + '/err/nat44-ed-out2in/good out2in packets processed') + self.assertEqual(err - totaln, 2) + def test_forwarding(self): """ NAT44 forwarding test """ @@ -4178,7 +4260,7 @@ class TestNAT44EndpointDependent(MethodHolder): sessions = self.vapi.nat44_user_session_dump(server.ip4n, 0) self.assertEqual(len(sessions), 0) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_static_lb_multi_clients(self): """ NAT44 local service load balancing - multiple clients""" @@ -4187,6 +4269,7 @@ class TestNAT44EndpointDependent(MethodHolder): local_port = 8080 server1 = self.pg0.remote_hosts[0] server2 = self.pg0.remote_hosts[1] + server3 = self.pg0.remote_hosts[2] locals = [{'addr': server1.ip4n, 'port': local_port, @@ -4227,6 +4310,65 @@ class TestNAT44EndpointDependent(MethodHolder): server2_n += 1 self.assertGreater(server1_n, server2_n) + # add new back-end + self.vapi.nat44_lb_static_mapping_add_del_local(external_addr_n, + external_port, + server3.ip4n, + local_port, + IP_PROTOS.tcp, + 20) + server1_n = 0 + server2_n = 0 + server3_n = 0 + clients = ip4_range(self.pg1.remote_ip4, 60, 110) + pkts = [] + for client in clients: + p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / + IP(src=client, dst=self.nat_addr) / + TCP(sport=12346, dport=external_port)) + pkts.append(p) + self.assertGreater(len(pkts), 0) + self.pg1.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg0.get_capture(len(pkts)) + for p in capture: + if p[IP].dst == server1.ip4: + server1_n += 1 + elif p[IP].dst == server2.ip4: + server2_n += 1 + else: + server3_n += 1 + self.assertGreater(server1_n, 0) + self.assertGreater(server2_n, 0) + self.assertGreater(server3_n, 0) + + # remove one back-end + self.vapi.nat44_lb_static_mapping_add_del_local(external_addr_n, + external_port, + server2.ip4n, + local_port, + IP_PROTOS.tcp, + 10, + is_add=0) + server1_n = 0 + server2_n = 0 + server3_n = 0 + self.pg1.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg0.get_capture(len(pkts)) + for p in capture: + if p[IP].dst == server1.ip4: + server1_n += 1 + elif p[IP].dst == server2.ip4: + server2_n += 1 + else: + server3_n += 1 + self.assertGreater(server1_n, 0) + self.assertEqual(server2_n, 0) + self.assertGreater(server3_n, 0) + def test_static_lb_2(self): """ NAT44 local service load balancing (asymmetrical rule) """ external_addr_n = socket.inet_pton(socket.AF_INET, self.nat_addr) @@ -5711,7 +5853,7 @@ class TestNAT44EndpointDependent(MethodHolder): self.logger.error(ppp("Unexpected or invalid packet:", p)) raise - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_timeout(self): """ NAT44 session timeouts """ self.nat44_add_address(self.nat_addr) @@ -5753,7 +5895,7 @@ class TestNAT44EndpointDependent(MethodHolder): nsessions = nsessions + user.nsessions self.assertLess(nsessions, 2 * max_sessions) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_rst_timeout(self): """ NAT44 session RST timeouts """ self.nat44_add_address(self.nat_addr) @@ -5789,7 +5931,7 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertEqual(users[0].ip_address, self.pg0.remote_ip4n) self.assertEqual(users[0].nsessions, 1) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_limit_per_user(self): """ Maximum sessions per user limit """ self.nat44_add_address(self.nat_addr) @@ -6484,7 +6626,7 @@ class TestDeterministicNAT(MethodHolder): self.logger.error("TCP session termination failed") raise - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_timeout(self): """ Deterministic NAT session timeouts """ self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, @@ -6507,7 +6649,7 @@ class TestDeterministicNAT(MethodHolder): dms = self.vapi.nat_det_map_dump() self.assertEqual(0, dms[0].ses_num) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_limit_per_user(self): """ Deterministic NAT maximum sessions per user limit """ self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, @@ -6840,6 +6982,12 @@ class TestNAT64(MethodHolder): self.vapi.nat64_add_del_interface(self.pg1.sw_if_index, is_inside=0) # in2out + tcpn = self.statistics.get_counter('/err/nat64-in2out/TCP packets') + udpn = self.statistics.get_counter('/err/nat64-in2out/UDP packets') + icmpn = self.statistics.get_counter('/err/nat64-in2out/ICMP packets') + totaln = self.statistics.get_counter( + '/err/nat64-in2out/good in2out packets processed') + pkts = self.create_stream_in_ip6(self.pg0, self.pg1) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -6848,7 +6996,23 @@ class TestNAT64(MethodHolder): self.verify_capture_out(capture, nat_ip=self.nat_addr, dst_ip=self.pg1.remote_ip4) + err = self.statistics.get_counter('/err/nat64-in2out/TCP packets') + self.assertEqual(err - tcpn, 1) + err = self.statistics.get_counter('/err/nat64-in2out/UDP packets') + self.assertEqual(err - udpn, 1) + err = self.statistics.get_counter('/err/nat64-in2out/ICMP packets') + self.assertEqual(err - icmpn, 1) + err = self.statistics.get_counter( + '/err/nat64-in2out/good in2out packets processed') + self.assertEqual(err - totaln, 3) + # out2in + tcpn = self.statistics.get_counter('/err/nat64-out2in/TCP packets') + udpn = self.statistics.get_counter('/err/nat64-out2in/UDP packets') + icmpn = self.statistics.get_counter('/err/nat64-out2in/ICMP packets') + totaln = self.statistics.get_counter( + '/err/nat64-out2in/good out2in packets processed') + pkts = self.create_stream_out(self.pg1, dst_ip=self.nat_addr) self.pg1.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -6857,6 +7021,16 @@ class TestNAT64(MethodHolder): ip = IPv6(src=''.join(['64:ff9b::', self.pg1.remote_ip4])) self.verify_capture_in_ip6(capture, ip[IPv6].src, self.pg0.remote_ip6) + err = self.statistics.get_counter('/err/nat64-out2in/TCP packets') + self.assertEqual(err - tcpn, 1) + err = self.statistics.get_counter('/err/nat64-out2in/UDP packets') + self.assertEqual(err - udpn, 1) + err = self.statistics.get_counter('/err/nat64-out2in/ICMP packets') + self.assertEqual(err - icmpn, 1) + err = self.statistics.get_counter( + '/err/nat64-out2in/good out2in packets processed') + self.assertEqual(err - totaln, 3) + # in2out pkts = self.create_stream_in_ip6(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -6953,7 +7127,7 @@ class TestNAT64(MethodHolder): self.assertEqual(ses_num_end - ses_num_start, 3) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_timeout(self): """ NAT64 session timeout """ self.icmp_id_in = 1234 @@ -7614,7 +7788,7 @@ class TestNAT64(MethodHolder): addresses = self.vapi.nat64_pool_addr_dump() self.assertEqual(0, len(adresses)) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_ipfix_max_bibs_sessions(self): """ IPFIX logging maximum session and BIB entries exceeded """ max_bibs = 1280