X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_nat.py;h=bf22602059e8d079b9871446bc89c40852a267f4;hb=097fa66b986f06281f603767d321ab13ab6c88c3;hp=c88981b48b458c6f6a566d1611dbdfeea54e91fe;hpb=dd1e3e780cd480e3f29fc34df48e605ded1acb2c;p=vpp.git diff --git a/test/test_nat.py b/test/test_nat.py index c88981b48b4..bf22602059e 100644 --- a/test/test_nat.py +++ b/test/test_nat.py @@ -23,9 +23,10 @@ from util import ip4_range from vpp_papi import mac_pton from syslog_rfc5424_parser import SyslogMessage, ParseError from syslog_rfc5424_parser.constants import SyslogFacility, SyslogSeverity -from vpp_papi_provider import SYSLOG_SEVERITY from io import BytesIO from vpp_papi import VppEnum +from vpp_ip_route import VppIpRoute, VppRoutePath, FibPathType +from vpp_neighbor import VppNeighbor from scapy.all import bind_layers, Packet, ByteEnumField, ShortField, \ IPField, IntField, LongField, XByteField, FlagsField, FieldLenField, \ PacketListField @@ -75,121 +76,107 @@ class MethodHolder(VppTestCase): def config_flags(self): return VppEnum.vl_api_nat_config_flags_t + @property + def SYSLOG_SEVERITY(self): + return VppEnum.vl_api_syslog_severity_t + def clear_nat44(self): """ Clear NAT44 configuration. """ if hasattr(self, 'pg7') and hasattr(self, 'pg8'): - # I found no elegant way to do this - self.vapi.ip_add_del_route( - dst_address=self.pg7.remote_ip4n, - dst_address_length=32, - next_hop_address=self.pg7.remote_ip4n, - next_hop_sw_if_index=self.pg7.sw_if_index, - is_add=0) - self.vapi.ip_add_del_route( - dst_address=self.pg8.remote_ip4n, - dst_address_length=32, - next_hop_address=self.pg8.remote_ip4n, - next_hop_sw_if_index=self.pg8.sw_if_index, - is_add=0) - - for intf in [self.pg7, self.pg8]: - self.vapi.ip_neighbor_add_del( - intf.sw_if_index, - intf.remote_mac, - intf.remote_ip4, - flags=(VppEnum.vl_api_ip_neighbor_flags_t. - IP_API_NEIGHBOR_FLAG_STATIC), - is_add=0) - if self.pg7.has_ip4_config: self.pg7.unconfig_ip4() - self.vapi.nat44_forwarding_enable_disable(0) + self.vapi.nat44_forwarding_enable_disable(enable=0) interfaces = self.vapi.nat44_interface_addr_dump() for intf in interfaces: - self.vapi.nat44_add_del_interface_addr(intf.sw_if_index, - flags=intf.flags, - is_add=0) + self.vapi.nat44_add_del_interface_addr( + is_add=0, + sw_if_index=intf.sw_if_index, + flags=intf.flags) - self.vapi.nat_ipfix_enable_disable(enable=0, + self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, src_port=self.ipfix_src_port, - domain_id=self.ipfix_domain_id) + enable=0) self.ipfix_src_port = 4739 self.ipfix_domain_id = 1 - self.vapi.syslog_set_filter(SYSLOG_SEVERITY.EMERG) + self.vapi.syslog_set_filter( + self.SYSLOG_SEVERITY.SYSLOG_API_SEVERITY_EMERG) - self.vapi.nat_ha_set_listener('0.0.0.0', 0) - self.vapi.nat_ha_set_failover('0.0.0.0', 0) + self.vapi.nat_ha_set_listener(ip_address='0.0.0.0', port=0, + path_mtu=512) + self.vapi.nat_ha_set_failover(ip_address='0.0.0.0', port=0, + session_refresh_interval=10) interfaces = self.vapi.nat44_interface_dump() for intf in interfaces: if intf.flags & self.config_flags.NAT_IS_INSIDE and \ - intf.flags & self.config_flags.NAT_IS_OUTSIDE: - self.vapi.nat44_interface_add_del_feature(intf.sw_if_index, - is_add=0) - self.vapi.nat44_interface_add_del_feature(intf.sw_if_index, - is_add=0, - flags=intf.flags) + intf.flags & self.config_flags.NAT_IS_OUTSIDE: + self.vapi.nat44_interface_add_del_feature( + sw_if_index=intf.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=intf.sw_if_index, + flags=intf.flags) interfaces = self.vapi.nat44_interface_output_feature_dump() for intf in interfaces: - self.vapi.nat44_interface_add_del_output_feature(intf.sw_if_index, - is_add=0, - flags=intf.flags) + self.vapi.nat44_interface_add_del_output_feature( + is_add=0, + flags=intf.flags, + sw_if_index=intf.sw_if_index) static_mappings = self.vapi.nat44_static_mapping_dump() for sm in static_mappings: self.vapi.nat44_add_del_static_mapping( - sm.local_ip_address, - sm.external_ip_address, - sm.external_sw_if_index, - sm.local_port, - sm.external_port, - sm.vrf_id, - sm.protocol, is_add=0, - flags=sm.flags, - tag=sm.tag) + local_ip_address=sm.local_ip_address, + external_ip_address=sm.external_ip_address, + external_sw_if_index=sm.external_sw_if_index, + local_port=sm.local_port, + external_port=sm.external_port, + vrf_id=sm.vrf_id, + protocol=sm.protocol, + flags=sm.flags, tag=sm.tag) lb_static_mappings = self.vapi.nat44_lb_static_mapping_dump() for lb_sm in lb_static_mappings: self.vapi.nat44_add_del_lb_static_mapping( - lb_sm.external_addr, - lb_sm.external_port, - lb_sm.protocol, - tag=lb_sm.tag, is_add=0, - local_num=0, - locals=[], - flags=lb_sm.flags) + flags=lb_sm.flags, + external_addr=lb_sm.external_addr, + external_port=lb_sm.external_port, + protocol=lb_sm.protocol, + local_num=0, locals=[], + tag=lb_sm.tag) identity_mappings = self.vapi.nat44_identity_mapping_dump() for id_m in identity_mappings: self.vapi.nat44_add_del_identity_mapping( - flags=id_m.flags, - ip=id_m.ip_address, - port=id_m.port, + ip_address=id_m.ip_address, sw_if_index=id_m.sw_if_index, + port=id_m.port, + flags=id_m.flags, vrf_id=id_m.vrf_id, - protocol=id_m.protocol, - is_add=0) + protocol=id_m.protocol) addresses = self.vapi.nat44_address_dump() for addr in addresses: - self.vapi.nat44_add_del_address_range(addr.ip_address, - addr.ip_address, - is_add=0, - flags=addr.flags) - - self.vapi.nat_set_reass() - self.vapi.nat_set_reass(is_ip6=1) + self.vapi.nat44_add_del_address_range( + first_ip_address=addr.ip_address, + last_ip_address=addr.ip_address, + vrf_id=0xFFFFFFFF, flags=addr.flags) + + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=5, + drop_frag=0) + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=5, + drop_frag=0, is_ip6=1) self.verify_no_nat44_user() - self.vapi.nat_set_timeouts() + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=240, icmp=60) self.vapi.nat_set_addr_and_port_alloc_alg() - self.vapi.nat_set_mss_clamping() + self.vapi.nat_set_mss_clamping(enable=0, mss_value=1500) def nat44_add_static_mapping(self, local_ip, external_ip='0.0.0.0', local_port=0, external_port=0, vrf_id=0, @@ -214,16 +201,15 @@ class MethodHolder(VppTestCase): flags |= self.config_flags.NAT_IS_ADDR_ONLY self.vapi.nat44_add_del_static_mapping( - local_ip, - external_ip, - external_sw_if_index, - local_port, - external_port, - vrf_id, - proto, - is_add, - flags, - tag) + is_add=is_add, + local_ip_address=local_ip, + external_ip_address=external_ip, + external_sw_if_index=external_sw_if_index, + local_port=local_port, + external_port=external_port, + vrf_id=vrf_id, protocol=proto, + flags=flags, + tag=tag) def nat44_add_address(self, ip, is_add=1, vrf_id=0xFFFFFFFF, twice_nat=0): """ @@ -234,8 +220,10 @@ class MethodHolder(VppTestCase): :param twice_nat: twice NAT address for external hosts """ flags = self.config_flags.NAT_IS_TWICE_NAT if twice_nat else 0 - self.vapi.nat44_add_del_address_range(ip, ip, is_add, + self.vapi.nat44_add_del_address_range(first_ip_address=ip, + last_ip_address=ip, vrf_id=vrf_id, + is_add=is_add, flags=flags) def create_stream_in(self, in_if, out_if, dst_ip=None, ttl=64): @@ -874,7 +862,8 @@ class MethodHolder(VppTestCase): record[225]) # ingressVRFID self.assertEqual(struct.pack("!I", 0), record[234]) - # protocolIdentifier/sourceTransportPort/postNAPTSourceTransportPort + # protocolIdentifier/sourceTransportPort + # /postNAPTSourceTransportPort if IP_PROTOS.icmp == scapy.compat.orb(record[4]): self.assertEqual(struct.pack("!H", self.icmp_id_in), record[7]) self.assertEqual(struct.pack("!H", self.icmp_id_out), @@ -1559,18 +1548,21 @@ class TestNAT44(MethodHolder): """ NAT44 dynamic translation test """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out - tcpn = self.statistics.get_counter( + tcpn = self.statistics.get_err_counter( '/err/nat44-in2out-slowpath/TCP packets') - udpn = self.statistics.get_counter( + udpn = self.statistics.get_err_counter( '/err/nat44-in2out-slowpath/UDP packets') - icmpn = self.statistics.get_counter( + icmpn = self.statistics.get_err_counter( '/err/nat44-in2out-slowpath/ICMP packets') - totaln = self.statistics.get_counter( + totaln = self.statistics.get_err_counter( '/err/nat44-in2out-slowpath/good in2out packets processed') pkts = self.create_stream_in(self.pg0, self.pg1) @@ -1580,24 +1572,25 @@ class TestNAT44(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.verify_capture_out(capture) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/nat44-in2out-slowpath/TCP packets') self.assertEqual(err - tcpn, 1) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/nat44-in2out-slowpath/UDP packets') self.assertEqual(err - udpn, 1) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/nat44-in2out-slowpath/ICMP packets') self.assertEqual(err - icmpn, 1) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/nat44-in2out-slowpath/good in2out packets processed') self.assertEqual(err - totaln, 3) # out2in - tcpn = self.statistics.get_counter('/err/nat44-out2in/TCP packets') - udpn = self.statistics.get_counter('/err/nat44-out2in/UDP packets') - icmpn = self.statistics.get_counter('/err/nat44-out2in/ICMP packets') - totaln = self.statistics.get_counter( + tcpn = self.statistics.get_err_counter('/err/nat44-out2in/TCP packets') + udpn = self.statistics.get_err_counter('/err/nat44-out2in/UDP packets') + icmpn = self.statistics.get_err_counter( + '/err/nat44-out2in/ICMP packets') + totaln = self.statistics.get_err_counter( '/err/nat44-out2in/good out2in packets processed') pkts = self.create_stream_out(self.pg1) @@ -1607,13 +1600,13 @@ class TestNAT44(MethodHolder): capture = self.pg0.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg0) - err = self.statistics.get_counter('/err/nat44-out2in/TCP packets') + err = self.statistics.get_err_counter('/err/nat44-out2in/TCP packets') self.assertEqual(err - tcpn, 1) - err = self.statistics.get_counter('/err/nat44-out2in/UDP packets') + err = self.statistics.get_err_counter('/err/nat44-out2in/UDP packets') self.assertEqual(err - udpn, 1) - err = self.statistics.get_counter('/err/nat44-out2in/ICMP packets') + err = self.statistics.get_err_counter('/err/nat44-out2in/ICMP packets') self.assertEqual(err - icmpn, 1) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/nat44-out2in/good out2in packets processed') self.assertEqual(err - totaln, 3) @@ -1627,9 +1620,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # Client side - generate traffic pkts = self.create_stream_in(self.pg0, self.pg1, ttl=1) @@ -1646,9 +1642,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # Client side - create sessions pkts = self.create_stream_in(self.pg0, self.pg1) @@ -1674,9 +1673,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # Client side - generate traffic pkts = self.create_stream_in(self.pg0, self.pg1, ttl=2) @@ -1702,9 +1704,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # Client side - create sessions pkts = self.create_stream_in(self.pg0, self.pg1) @@ -1738,9 +1743,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / IP(src=self.pg1.remote_ip4, dst=self.pg1.local_ip4) / @@ -1766,9 +1774,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # out2in pkt = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / @@ -1796,16 +1807,21 @@ class TestNAT44(MethodHolder): """ NAT44 forwarding test """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_forwarding_enable_disable(enable=1) real_ip = self.pg0.remote_ip4n alias_ip = self.nat_addr flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(local_ip=real_ip, - external_ip=alias_ip, + self.vapi.nat44_add_del_static_mapping(is_add=1, + local_ip_address=real_ip, + external_ip_address=alias_ip, + external_sw_if_index=0xFFFFFFFF, flags=flags) try: @@ -1850,11 +1866,14 @@ class TestNAT44(MethodHolder): self.pg0.remote_hosts[0] = host0 finally: - self.vapi.nat44_forwarding_enable_disable(0) + self.vapi.nat44_forwarding_enable_disable(enable=0) flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(local_ip=real_ip, - external_ip=alias_ip, - is_add=0, flags=flags) + self.vapi.nat44_add_del_static_mapping( + is_add=0, + local_ip_address=real_ip, + external_ip_address=alias_ip, + external_sw_if_index=0xFFFFFFFF, + flags=flags) def test_static_in(self): """ 1:1 NAT initialized from inside network """ @@ -1866,9 +1885,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sm = self.vapi.nat44_static_mapping_dump() self.assertEqual(len(sm), 1) self.assertEqual((sm[0].tag).split(b'\0', 1)[0], b'') @@ -1903,9 +1925,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip, tag=tag) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sm = self.vapi.nat44_static_mapping_dump() self.assertEqual(len(sm), 1) self.assertEqual((sm[0].tag).split(b'\0', 1)[0], tag) @@ -1944,9 +1969,12 @@ class TestNAT44(MethodHolder): self.icmp_id_in, self.icmp_id_out, proto=IP_PROTOS.icmp) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -1982,9 +2010,12 @@ class TestNAT44(MethodHolder): self.icmp_id_in, self.icmp_id_out, proto=IP_PROTOS.icmp) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # out2in pkts = self.create_stream_out(self.pg1) @@ -2016,11 +2047,15 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip2, vrf_id=10) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg3.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg4.sw_if_index, + flags=flags, is_add=1) # inside interface VRF match NAT44 static mapping VRF pkts = self.create_stream_in(self.pg4, self.pg3) @@ -2047,9 +2082,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # dynamic pkts = self.create_stream_in(self.pg0, self.pg1) @@ -2073,12 +2111,16 @@ class TestNAT44(MethodHolder): def test_identity_nat(self): """ Identity NAT """ flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_identity_mapping(ip=self.pg0.remote_ip4n, - flags=flags) + self.vapi.nat44_add_del_identity_mapping( + ip_address=self.pg0.remote_ip4n, sw_if_index=0xFFFFFFFF, + flags=flags, is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / IP(src=self.pg1.remote_ip4, dst=self.pg0.remote_ip4) / @@ -2103,8 +2145,9 @@ class TestNAT44(MethodHolder): sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) self.assertEqual(len(sessions), 0) flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_identity_mapping(ip=self.pg0.remote_ip4n, - flags=flags, vrf_id=1) + self.vapi.nat44_add_del_identity_mapping( + ip_address=self.pg0.remote_ip4n, sw_if_index=0xFFFFFFFF, + flags=flags, vrf_id=1, is_add=1) identity_mappings = self.vapi.nat44_identity_mapping_dump() self.assertEqual(len(identity_mappings), 2) @@ -2113,11 +2156,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg3.sw_if_index, + is_add=1) # between two NAT44 inside interfaces (no translation) pkts = self.create_stream_in(self.pg0, self.pg1) @@ -2173,13 +2220,18 @@ class TestNAT44(MethodHolder): static_nat_ip = "10.0.0.10" self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg5.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg6.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg3.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg4.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg5.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg6.sw_if_index, + flags=flags, is_add=1) self.nat44_add_static_mapping(self.pg6.remote_ip4, static_nat_ip, vrf_id=20) @@ -2332,9 +2384,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for server self.nat44_add_static_mapping(server.ip4, self.nat_addr, @@ -2397,9 +2452,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for servers self.nat44_add_static_mapping(server1.ip4, server1_nat_ip) @@ -2556,9 +2614,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # get maximum number of translations per user nat44_config = self.vapi.nat_show_config() @@ -2605,7 +2666,9 @@ class TestNAT44(MethodHolder): def test_interface_addr(self): """ Acquire NAT44 addresses from interface """ - self.vapi.nat44_add_del_interface_addr(self.pg7.sw_if_index) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg7.sw_if_index) # no address in NAT pool addresses = self.vapi.nat44_address_dump() @@ -2626,7 +2689,9 @@ class TestNAT44(MethodHolder): """ Static mapping with addresses from interface """ tag = b"testTAG" - self.vapi.nat44_add_del_interface_addr(self.pg7.sw_if_index) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg7.sw_if_index) self.nat44_add_static_mapping( '1.2.3.4', external_sw_if_index=self.pg7.sw_if_index, @@ -2686,11 +2751,15 @@ class TestNAT44(MethodHolder): """ Identity NAT with addresses from interface """ port = 53053 - self.vapi.nat44_add_del_interface_addr(self.pg7.sw_if_index) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg7.sw_if_index) self.vapi.nat44_add_del_identity_mapping( + ip_address=b'0', sw_if_index=self.pg7.sw_if_index, port=port, - protocol=IP_PROTOS.tcp) + protocol=IP_PROTOS.tcp, + is_add=1) # identity mappings with external interface identity_mappings = self.vapi.nat44_identity_mapping_dump() @@ -2727,16 +2796,20 @@ class TestNAT44(MethodHolder): bind_layers(UDP, IPFIX, dport=30303) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10, collector_port=collector_port) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -2768,15 +2841,19 @@ class TestNAT44(MethodHolder): def test_ipfix_addr_exhausted(self): """ IPFIX logging NAT addresses exhausted """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -2811,9 +2888,12 @@ class TestNAT44(MethodHolder): """ IPFIX logging maximum session entries exceeded """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) nat44_config = self.vapi.nat_show_config() max_sessions = 10 * nat44_config.translation_buckets @@ -2835,7 +2915,8 @@ class TestNAT44(MethodHolder): path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -2867,13 +2948,17 @@ class TestNAT44(MethodHolder): def test_syslog_apmap(self): """ Test syslog address and port mapping creation and deletion """ - self.vapi.syslog_set_filter(SYSLOG_SEVERITY.INFO) + self.vapi.syslog_set_filter( + self.SYSLOG_SEVERITY.SYSLOG_API_SEVERITY_INFO) self.vapi.syslog_set_sender(self.pg3.local_ip4n, self.pg3.remote_ip4n) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -2897,9 +2982,12 @@ class TestNAT44(MethodHolder): static_addr = '10.0.0.10' self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.nat44_add_static_mapping(self.pg0.remote_ip4, static_addr) # NAT44 address @@ -2976,11 +3064,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(nat_ip1, vrf_id=vrf_id1) self.nat44_add_address(nat_ip2, vrf_id=vrf_id2) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg2.sw_if_index, + is_add=1) try: # first VRF @@ -3020,11 +3112,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(nat_ip1) self.nat44_add_address(nat_ip2, vrf_id=99) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg2.sw_if_index, + is_add=1) # first VRF pkts = self.create_stream_in(self.pg0, self.pg2) @@ -3042,36 +3138,40 @@ class TestNAT44(MethodHolder): capture = self.pg2.get_capture(len(pkts)) self.verify_capture_out(capture, nat_ip1) + def create_routes_and_neigbors(self): + r1 = VppIpRoute(self, self.pg7.remote_ip4, 32, + [VppRoutePath(self.pg7.remote_ip4, + self.pg7.sw_if_index)]) + r2 = VppIpRoute(self, self.pg8.remote_ip4, 32, + [VppRoutePath(self.pg8.remote_ip4, + self.pg8.sw_if_index)]) + r1.add_vpp_config() + r2.add_vpp_config() + + n1 = VppNeighbor(self, + self.pg7.sw_if_index, + self.pg7.remote_mac, + self.pg7.remote_ip4, + is_static=1) + n2 = VppNeighbor(self, + self.pg8.sw_if_index, + self.pg8.remote_mac, + self.pg8.remote_ip4, + is_static=1) + n1.add_vpp_config() + n2.add_vpp_config() + def test_dynamic_ipless_interfaces(self): """ NAT44 interfaces without configured IP address """ - - self.vapi.ip_neighbor_add_del( - self.pg7.sw_if_index, - self.pg7.remote_mac, - self.pg7.remote_ip4, - flags=(VppEnum.vl_api_ip_neighbor_flags_t. - IP_API_NEIGHBOR_FLAG_STATIC)) - self.vapi.ip_neighbor_add_del( - self.pg8.sw_if_index, - self.pg8.remote_mac, - self.pg8.remote_ip4, - flags=(VppEnum.vl_api_ip_neighbor_flags_t. - IP_API_NEIGHBOR_FLAG_STATIC)) - - self.vapi.ip_add_del_route(dst_address=self.pg7.remote_ip4n, - dst_address_length=32, - next_hop_address=self.pg7.remote_ip4n, - next_hop_sw_if_index=self.pg7.sw_if_index) - self.vapi.ip_add_del_route(dst_address=self.pg8.remote_ip4n, - dst_address_length=32, - next_hop_address=self.pg8.remote_ip4n, - next_hop_sw_if_index=self.pg8.sw_if_index) - + self.create_routes_and_neigbors() self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg7.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg8.sw_if_index, + is_add=1) # in2out pkts = self.create_stream_in(self.pg7, self.pg8) @@ -3092,33 +3192,15 @@ class TestNAT44(MethodHolder): def test_static_ipless_interfaces(self): """ NAT44 interfaces without configured IP address - 1:1 NAT """ - self.vapi.ip_neighbor_add_del( - self.pg7.sw_if_index, - self.pg7.remote_mac, - self.pg7.remote_ip4, - flags=(VppEnum.vl_api_ip_neighbor_flags_t. - IP_API_NEIGHBOR_FLAG_STATIC)) - self.vapi.ip_neighbor_add_del( - self.pg8.sw_if_index, - self.pg8.remote_mac, - self.pg8.remote_ip4, - flags=(VppEnum.vl_api_ip_neighbor_flags_t. - IP_API_NEIGHBOR_FLAG_STATIC)) - - self.vapi.ip_add_del_route(dst_address=self.pg7.remote_ip4n, - dst_address_length=32, - next_hop_address=self.pg7.remote_ip4n, - next_hop_sw_if_index=self.pg7.sw_if_index) - self.vapi.ip_add_del_route(dst_address=self.pg8.remote_ip4n, - dst_address_length=32, - next_hop_address=self.pg8.remote_ip4n, - next_hop_sw_if_index=self.pg8.sw_if_index) - + self.create_routes_and_neigbors() self.nat44_add_static_mapping(self.pg7.remote_ip4, self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg7.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg8.sw_if_index, + is_add=1) # out2in pkts = self.create_stream_out(self.pg8) @@ -3143,28 +3225,7 @@ class TestNAT44(MethodHolder): self.udp_port_out = 30607 self.icmp_id_out = 30608 - self.vapi.ip_neighbor_add_del( - self.pg7.sw_if_index, - self.pg7.remote_mac, - self.pg7.remote_ip4, - flags=(VppEnum.vl_api_ip_neighbor_flags_t. - IP_API_NEIGHBOR_FLAG_STATIC)) - self.vapi.ip_neighbor_add_del( - self.pg8.sw_if_index, - self.pg8.remote_mac, - self.pg8.remote_ip4, - flags=(VppEnum.vl_api_ip_neighbor_flags_t. - IP_API_NEIGHBOR_FLAG_STATIC)) - - self.vapi.ip_add_del_route(dst_address=self.pg7.remote_ip4n, - dst_address_length=32, - next_hop_address=self.pg7.remote_ip4n, - next_hop_sw_if_index=self.pg7.sw_if_index) - self.vapi.ip_add_del_route(dst_address=self.pg8.remote_ip4n, - dst_address_length=32, - next_hop_address=self.pg8.remote_ip4n, - next_hop_sw_if_index=self.pg8.sw_if_index) - + self.create_routes_and_neigbors() self.nat44_add_address(self.nat_addr) self.nat44_add_static_mapping(self.pg7.remote_ip4, self.nat_addr, self.tcp_port_in, self.tcp_port_out, @@ -3176,9 +3237,12 @@ class TestNAT44(MethodHolder): self.icmp_id_in, self.icmp_id_out, proto=IP_PROTOS.icmp) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg7.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg8.sw_if_index, + is_add=1) # out2in pkts = self.create_stream_out(self.pg8) @@ -3201,9 +3265,12 @@ class TestNAT44(MethodHolder): nat_ip = "10.0.0.10" self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -3257,9 +3324,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(host.ip4, host_nat_ip) self.nat44_add_static_mapping(server.ip4, server_nat_ip) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # host to server p = (Ether(dst=self.pg0.local_mac, src=host.mac) / @@ -3305,11 +3375,15 @@ class TestNAT44(MethodHolder): """ NAT44 interface output feature (in2out postrouting) """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_output_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg3.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg3.sw_if_index) # in2out pkts = self.create_stream_in(self.pg0, self.pg3) @@ -3340,25 +3414,29 @@ class TestNAT44(MethodHolder): nat_ip_vrf10 = "10.0.0.10" nat_ip_vrf20 = "10.0.0.20" - self.vapi.ip_add_del_route(dst_address=self.pg3.remote_ip4n, - dst_address_length=32, - next_hop_address=self.pg3.remote_ip4n, - next_hop_sw_if_index=self.pg3.sw_if_index, - table_id=10) - self.vapi.ip_add_del_route(dst_address=self.pg3.remote_ip4n, - dst_address_length=32, - next_hop_address=self.pg3.remote_ip4n, - next_hop_sw_if_index=self.pg3.sw_if_index, - table_id=20) + r1 = VppIpRoute(self, self.pg3.remote_ip4, 32, + [VppRoutePath(self.pg3.remote_ip4, + self.pg3.sw_if_index)], + table_id=10) + r2 = VppIpRoute(self, self.pg3.remote_ip4, 32, + [VppRoutePath(self.pg3.remote_ip4, + self.pg3.sw_if_index)], + table_id=20) + r1.add_vpp_config() + r2.add_vpp_config() self.nat44_add_address(nat_ip_vrf10, vrf_id=10) self.nat44_add_address(nat_ip_vrf20, vrf_id=20) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_output_feature(self.pg4.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg6.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg3.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg4.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg6.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg3.sw_if_index) # in2out VRF 10 pkts = self.create_stream_in(self.pg4, self.pg3) @@ -3403,9 +3481,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_output_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) # add static mapping for server self.nat44_add_static_mapping(server.ip4, self.nat_addr, @@ -3463,9 +3544,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg9.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg9.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg9.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg9.sw_if_index, + flags=flags, is_add=1) # in2out p = (Ether(src=self.pg9.remote_mac, dst=self.pg9.local_mac) / @@ -3510,18 +3594,23 @@ class TestNAT44(MethodHolder): self.logger.error(ppp("Unexpected or invalid packet:", p)) raise - err = self.statistics.get_counter('/err/nat44-classify/next in2out') + err = self.statistics.get_err_counter( + '/err/nat44-classify/next in2out') self.assertEqual(err, 1) - err = self.statistics.get_counter('/err/nat44-classify/next out2in') + err = self.statistics.get_err_counter( + '/err/nat44-classify/next out2in') self.assertEqual(err, 1) def test_del_session(self): """ Delete NAT44 session """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -3532,20 +3621,20 @@ class TestNAT44(MethodHolder): sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) nsessions = len(sessions) - self.vapi.nat44_del_session(sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + self.vapi.nat44_del_session(address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=self.config_flags.NAT_IS_INSIDE) - self.vapi.nat44_del_session(sessions[1].outside_ip_address, - sessions[1].outside_port, - sessions[1].protocol) + self.vapi.nat44_del_session(address=sessions[1].outside_ip_address, + port=sessions[1].outside_port, + protocol=sessions[1].protocol) sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) self.assertEqual(nsessions - len(sessions), 2) - self.vapi.nat44_del_session(sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + self.vapi.nat44_del_session(address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=self.config_flags.NAT_IS_INSIDE) self.verify_no_nat44_user() @@ -3556,7 +3645,8 @@ class TestNAT44(MethodHolder): self.vapi.nat_set_reass(timeout=reas_cfg1.ip4_timeout + 5, max_reass=reas_cfg1.ip4_max_reass * 2, - max_frag=reas_cfg1.ip4_max_frag * 2) + max_frag=reas_cfg1.ip4_max_frag * 2, + drop_frag=0) reas_cfg2 = self.vapi.nat_get_reass() @@ -3564,7 +3654,8 @@ class TestNAT44(MethodHolder): self.assertEqual(reas_cfg1.ip4_max_reass * 2, reas_cfg2.ip4_max_reass) self.assertEqual(reas_cfg1.ip4_max_frag * 2, reas_cfg2.ip4_max_frag) - self.vapi.nat_set_reass(drop_frag=1) + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=5, + drop_frag=1) self.assertTrue(self.vapi.nat_get_reass().ip4_drop_frag) def test_frag_in_order(self): @@ -3572,9 +3663,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.frag_in_order(proto=IP_PROTOS.tcp) self.frag_in_order(proto=IP_PROTOS.udp) @@ -3582,12 +3676,17 @@ class TestNAT44(MethodHolder): def test_frag_forwarding(self): """ NAT44 forwarding fragment test """ - self.vapi.nat44_add_del_interface_addr(self.pg1.sw_if_index) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg1.sw_if_index) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_forwarding_enable_disable(enable=1) data = b"A" * 16 + b"B" * 16 + b"C" * 3 pkts = self.create_stream_frag(self.pg1, @@ -3617,9 +3716,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for server self.nat44_add_static_mapping(self.server.ip4, self.nat_addr, self.server_in_port, @@ -3640,9 +3742,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.frag_out_of_order(proto=IP_PROTOS.tcp) self.frag_out_of_order(proto=IP_PROTOS.udp) @@ -3652,9 +3757,12 @@ class TestNAT44(MethodHolder): """ Port restricted NAT44 (MAP-E CE) """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.nat_set_addr_and_port_alloc_alg(alg=1, psid_offset=6, psid_length=6, @@ -3685,9 +3793,12 @@ class TestNAT44(MethodHolder): """ External address port range """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.nat_set_addr_and_port_alloc_alg(alg=2, start_port=1025, end_port=1027) @@ -3711,16 +3822,21 @@ class TestNAT44(MethodHolder): """ IPFIX logging maximum fragments pending reassembly exceeded """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_set_reass(max_frag=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=1, + drop_frag=0) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) data = b"A" * 4 + b"B" * 16 + b"C" * 3 self.tcp_port_in = random.randint(1025, 65535) @@ -3774,10 +3890,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg2.sw_if_index, + is_add=1) try: # first VRF @@ -3815,6 +3936,7 @@ class TestNAT44(MethodHolder): self.verify_capture_in(capture, self.pg0) finally: + self.nat44_add_address(self.nat_addr, is_add=0) self.pg1.unconfig_ip4() self.pg2.unconfig_ip4() self.pg1.set_table_ip4(0) @@ -3829,10 +3951,14 @@ class TestNAT44(MethodHolder): """ NAT44 session timeouts """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_set_timeouts(udp=5) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_set_timeouts(udp=5, tcp_established=7440, + tcp_transitory=240, icmp=60) max_sessions = 1000 pkts = [] @@ -3871,9 +3997,12 @@ class TestNAT44(MethodHolder): """ TCP MSS clamping """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -3888,7 +4017,7 @@ class TestNAT44(MethodHolder): # Negotiated MSS value greater than configured - changed self.verify_mss_value(capture[0], 1000) - self.vapi.nat_set_mss_clamping(enable=0) + self.vapi.nat_set_mss_clamping(enable=0, mss_value=1500) self.pg0.add_stream(p) self.pg_enable_capture(self.pg_interfaces) self.pg_start() @@ -3909,11 +4038,17 @@ class TestNAT44(MethodHolder): """ Send HA session synchronization events (active) """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_ha_set_listener(self.pg3.local_ip4, port=12345) - self.vapi.nat_ha_set_failover(self.pg3.remote_ip4, port=12346) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_ha_set_listener(ip_address=self.pg3.local_ip4, + port=12345, + path_mtu=512) + self.vapi.nat_ha_set_failover(ip_address=self.pg3.remote_ip4, + port=12346, session_refresh_interval=10) bind_layers(UDP, HANATStateSync, sport=12345) # create sessions @@ -3964,9 +4099,9 @@ class TestNAT44(MethodHolder): # delete one session self.pg_enable_capture(self.pg_interfaces) - self.vapi.nat44_del_session(self.pg0.remote_ip4n, - self.tcp_port_in, - IP_PROTOS.tcp, + self.vapi.nat44_del_session(address=self.pg0.remote_ip4n, + port=self.tcp_port_in, + protocol=IP_PROTOS.tcp, flags=self.config_flags.NAT_IS_INSIDE) self.vapi.nat_ha_flush() stats = self.statistics.get_counter('/nat44/ha/del-event-send') @@ -4039,10 +4174,15 @@ class TestNAT44(MethodHolder): """ Receive HA session synchronization events (passive) """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_ha_set_listener(self.pg3.local_ip4, port=12345) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_ha_set_listener(ip_address=self.pg3.local_ip4, + port=12345, + path_mtu=512) bind_layers(UDP, HANATStateSync, sport=12345) self.tcp_port_out = random.randint(1025, 65535) @@ -4150,7 +4290,7 @@ class TestNAT44(MethodHolder): stats = self.statistics.get_counter('/nat44/ha/del-event-recv') self.assertEqual(stats[0][0], 1) - stats = self.statistics.get_counter('/err/nat-ha/pkts-processed') + stats = self.statistics.get_err_counter('/err/nat-ha/pkts-processed') self.assertEqual(stats, 2) # send HA session refresh event to failover/passive @@ -4194,7 +4334,7 @@ class TestNAT44(MethodHolder): stats = self.statistics.get_counter('/nat44/ha/refresh-event-recv') self.assertEqual(stats[0][0], 1) - stats = self.statistics.get_counter('/err/nat-ha/pkts-processed') + stats = self.statistics.get_err_counter('/err/nat-ha/pkts-processed') self.assertEqual(stats, 3) # send packet to test session created by HA @@ -4297,11 +4437,12 @@ class TestNAT44EndpointDependent(MethodHolder): cls.pg5.set_table_ip4(1) cls.pg5.config_ip4() cls.pg5.admin_up() - cls.vapi.ip_add_del_route(dst_address=cls.pg5.remote_ip4n, - dst_address_length=32, - next_hop_address=zero_ip4n, - next_hop_sw_if_index=cls.pg5.sw_if_index, - table_id=1) + r1 = VppIpRoute(cls, cls.pg5.remote_ip4, 32, + [VppRoutePath("0.0.0.0", + cls.pg5.sw_if_index)], + table_id=1, + register=False) + r1.add_vpp_config() cls.pg6._local_ip4 = "10.1.2.1" cls.pg6._local_ip4n = socket.inet_pton(socket.AF_INET, @@ -4312,25 +4453,31 @@ class TestNAT44EndpointDependent(MethodHolder): cls.pg6.set_table_ip4(1) cls.pg6.config_ip4() cls.pg6.admin_up() - cls.vapi.ip_add_del_route(dst_address=cls.pg6.remote_ip4n, - dst_address_length=32, - next_hop_address=zero_ip4n, - next_hop_sw_if_index=cls.pg6.sw_if_index, - table_id=1) - - cls.vapi.ip_add_del_route(dst_address=cls.pg6.remote_ip4n, - dst_address_length=16, - next_hop_address=zero_ip4n, table_id=0, - next_hop_table_id=1) - cls.vapi.ip_add_del_route(dst_address=zero_ip4n, - dst_address_length=0, - next_hop_address=zero_ip4n, table_id=1, - next_hop_table_id=0) - cls.vapi.ip_add_del_route(dst_address=zero_ip4n, - dst_address_length=0, - next_hop_address=cls.pg1.local_ip4n, - next_hop_sw_if_index=cls.pg1.sw_if_index, - table_id=0) + + r2 = VppIpRoute(cls, cls.pg6.remote_ip4, 32, + [VppRoutePath("0.0.0.0", + cls.pg6.sw_if_index)], + table_id=1, + register=False) + r3 = VppIpRoute(cls, cls.pg6.remote_ip4, 16, + [VppRoutePath("0.0.0.0", + 0xffffffff, + nh_table_id=1)], + table_id=0, + register=False) + r4 = VppIpRoute(cls, "0.0.0.0", 0, + [VppRoutePath("0.0.0.0", 0xffffffff, + nh_table_id=0)], + table_id=1, + register=False) + r5 = VppIpRoute(cls, "0.0.0.0", 0, + [VppRoutePath(cls.pg1.local_ip4, + cls.pg1.sw_if_index)], + register=False) + r2.add_vpp_config() + r3.add_vpp_config() + r4.add_vpp_config() + r5.add_vpp_config() cls.pg5.resolve_arp() cls.pg6.resolve_arp() @@ -4347,9 +4494,12 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 translate fragments arriving in order """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.frag_in_order(proto=IP_PROTOS.tcp) self.frag_in_order(proto=IP_PROTOS.udp) self.frag_in_order(proto=IP_PROTOS.icmp) @@ -4357,9 +4507,12 @@ class TestNAT44EndpointDependent(MethodHolder): def test_frag_in_order_dont_translate(self): """ NAT44 don't translate fragments arriving in order """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.nat44_forwarding_enable_disable(enable=True) self.frag_in_order(proto=IP_PROTOS.tcp, dont_translate=True) @@ -4367,9 +4520,12 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 translate fragments arriving out of order """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.frag_out_of_order(proto=IP_PROTOS.tcp) self.frag_out_of_order(proto=IP_PROTOS.udp) self.frag_out_of_order(proto=IP_PROTOS.icmp) @@ -4377,21 +4533,30 @@ class TestNAT44EndpointDependent(MethodHolder): def test_frag_out_of_order_dont_translate(self): """ NAT44 don't translate fragments arriving out of order """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.nat44_forwarding_enable_disable(enable=True) self.frag_out_of_order(proto=IP_PROTOS.tcp, dont_translate=True) def test_frag_in_order_in_plus_out(self): """ in+out interface fragments in order """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) self.server = self.pg1.remote_hosts[0] @@ -4417,7 +4582,8 @@ class TestNAT44EndpointDependent(MethodHolder): self.server_out_addr, proto=IP_PROTOS.icmp) - self.vapi.nat_set_reass(timeout=10) + self.vapi.nat_set_reass(timeout=10, max_reass=1024, max_frag=5, + drop_frag=0) self.frag_in_order_in_plus_out(proto=IP_PROTOS.tcp) self.frag_in_order_in_plus_out(proto=IP_PROTOS.udp) @@ -4426,12 +4592,18 @@ class TestNAT44EndpointDependent(MethodHolder): def test_frag_out_of_order_in_plus_out(self): """ in+out interface fragments out of order """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) self.server = self.pg1.remote_hosts[0] @@ -4457,7 +4629,8 @@ class TestNAT44EndpointDependent(MethodHolder): self.server_out_addr, proto=IP_PROTOS.icmp) - self.vapi.nat_set_reass(timeout=10) + self.vapi.nat_set_reass(timeout=10, max_reass=1024, max_frag=5, + drop_frag=0) self.frag_out_of_order_in_plus_out(proto=IP_PROTOS.tcp) self.frag_out_of_order_in_plus_out(proto=IP_PROTOS.udp) @@ -4472,9 +4645,12 @@ class TestNAT44EndpointDependent(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for server self.nat44_add_static_mapping(self.server.ip4, self.nat_addr, self.server_in_port, @@ -4495,21 +4671,24 @@ class TestNAT44EndpointDependent(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) nat_config = self.vapi.nat_show_config() self.assertEqual(1, nat_config.endpoint_dependent) # in2out - tcpn = self.statistics.get_counter( + tcpn = self.statistics.get_err_counter( '/err/nat44-ed-in2out-slowpath/TCP packets') - udpn = self.statistics.get_counter( + udpn = self.statistics.get_err_counter( '/err/nat44-ed-in2out-slowpath/UDP packets') - icmpn = self.statistics.get_counter( + icmpn = self.statistics.get_err_counter( '/err/nat44-ed-in2out-slowpath/ICMP packets') - totaln = self.statistics.get_counter( + totaln = self.statistics.get_err_counter( '/err/nat44-ed-in2out-slowpath/good in2out packets processed') pkts = self.create_stream_in(self.pg0, self.pg1) @@ -4519,25 +4698,27 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.verify_capture_out(capture) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/nat44-ed-in2out-slowpath/TCP packets') self.assertEqual(err - tcpn, 1) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/nat44-ed-in2out-slowpath/UDP packets') self.assertEqual(err - udpn, 1) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/nat44-ed-in2out-slowpath/ICMP packets') self.assertEqual(err - icmpn, 1) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/nat44-ed-in2out-slowpath/good in2out packets processed') self.assertEqual(err - totaln, 3) # out2in - tcpn = self.statistics.get_counter('/err/nat44-ed-out2in/TCP packets') - udpn = self.statistics.get_counter('/err/nat44-ed-out2in/UDP packets') - icmpn = self.statistics.get_counter( + tcpn = self.statistics.get_err_counter( + '/err/nat44-ed-out2in/TCP packets') + udpn = self.statistics.get_err_counter( + '/err/nat44-ed-out2in/UDP packets') + icmpn = self.statistics.get_err_counter( '/err/nat44-ed-out2in-slowpath/ICMP packets') - totaln = self.statistics.get_counter( + totaln = self.statistics.get_err_counter( '/err/nat44-ed-out2in/good out2in packets processed') pkts = self.create_stream_out(self.pg1) @@ -4547,14 +4728,16 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg0.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg0) - err = self.statistics.get_counter('/err/nat44-ed-out2in/TCP packets') + err = self.statistics.get_err_counter( + '/err/nat44-ed-out2in/TCP packets') self.assertEqual(err - tcpn, 1) - err = self.statistics.get_counter('/err/nat44-ed-out2in/UDP packets') + err = self.statistics.get_err_counter( + '/err/nat44-ed-out2in/UDP packets') self.assertEqual(err - udpn, 1) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/nat44-ed-out2in-slowpath/ICMP packets') self.assertEqual(err - icmpn, 1) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/nat44-ed-out2in/good out2in packets processed') self.assertEqual(err - totaln, 2) @@ -4567,16 +4750,21 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 forwarding test """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_forwarding_enable_disable(enable=1) real_ip = self.pg0.remote_ip4 alias_ip = self.nat_addr flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(local_ip=real_ip, - external_ip=alias_ip, + self.vapi.nat44_add_del_static_mapping(is_add=1, + local_ip_address=real_ip, + external_ip_address=alias_ip, + external_sw_if_index=0xFFFFFFFF, flags=flags) try: @@ -4626,9 +4814,9 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertTrue(sessions[0].flags & self.config_flags.NAT_IS_EXT_HOST_VALID) self.vapi.nat44_del_session( - sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=(self.config_flags.NAT_IS_INSIDE | self.config_flags.NAT_IS_EXT_HOST_VALID), ext_host_address=sessions[0].ext_host_address, @@ -4637,11 +4825,14 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertEqual(len(sessions), 2) finally: - self.vapi.nat44_forwarding_enable_disable(0) + self.vapi.nat44_forwarding_enable_disable(enable=0) flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(local_ip=real_ip, - external_ip=alias_ip, - is_add=0, flags=flags) + self.vapi.nat44_add_del_static_mapping( + is_add=0, + local_ip_address=real_ip, + external_ip_address=alias_ip, + external_sw_if_index=0xFFFFFFFF, + flags=flags) def test_static_lb(self): """ NAT44 local service load balancing """ @@ -4661,15 +4852,20 @@ class TestNAT44EndpointDependent(MethodHolder): 'vrf_id': 0}] self.nat44_add_address(self.nat_addr) - self.vapi.nat44_add_del_lb_static_mapping(external_addr_n, - external_port, - IP_PROTOS.tcp, - local_num=len(locals), - locals=locals) + self.vapi.nat44_add_del_lb_static_mapping( + is_add=1, + external_addr=external_addr_n, + external_port=external_port, + protocol=IP_PROTOS.tcp, + local_num=len(locals), + locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # from client to service p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / @@ -4719,9 +4915,9 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertTrue(sessions[0].flags & self.config_flags.NAT_IS_EXT_HOST_VALID) self.vapi.nat44_del_session( - sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=(self.config_flags.NAT_IS_INSIDE | self.config_flags.NAT_IS_EXT_HOST_VALID), ext_host_address=sessions[0].ext_host_address, @@ -4750,15 +4946,19 @@ class TestNAT44EndpointDependent(MethodHolder): 'vrf_id': 0}] self.nat44_add_address(self.nat_addr) - self.vapi.nat44_add_del_lb_static_mapping(external_addr, - external_port, - IP_PROTOS.tcp, + self.vapi.nat44_add_del_lb_static_mapping(is_add=1, + external_addr=external_addr, + external_port=external_port, + protocol=IP_PROTOS.tcp, local_num=len(locals), locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) server1_n = 0 server2_n = 0 @@ -4780,13 +4980,20 @@ class TestNAT44EndpointDependent(MethodHolder): server2_n += 1 self.assertGreater(server1_n, server2_n) + local = { + 'addr': server3.ip4n, + 'port': local_port, + 'probability': 20, + 'vrf_id': 0 + } + # add new back-end - self.vapi.nat44_lb_static_mapping_add_del_local(external_addr, - external_port, - server3.ip4n, - local_port, - IP_PROTOS.tcp, - 20) + self.vapi.nat44_lb_static_mapping_add_del_local( + is_add=1, + external_addr=external_addr, + external_port=external_port, + local=local, + protocol=IP_PROTOS.tcp) server1_n = 0 server2_n = 0 server3_n = 0 @@ -4813,14 +5020,20 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertGreater(server2_n, 0) self.assertGreater(server3_n, 0) + local = { + 'addr': server2.ip4n, + 'port': local_port, + 'probability': 10, + 'vrf_id': 0 + } + # remove one back-end - self.vapi.nat44_lb_static_mapping_add_del_local(external_addr, - external_port, - server2.ip4n, - local_port, - IP_PROTOS.tcp, - 10, - is_add=0) + self.vapi.nat44_lb_static_mapping_add_del_local( + is_add=0, + external_addr=external_addr, + external_port=external_port, + local=local, + protocol=IP_PROTOS.tcp) server1_n = 0 server2_n = 0 server3_n = 0 @@ -4856,18 +5069,21 @@ class TestNAT44EndpointDependent(MethodHolder): 'probability': 30, 'vrf_id': 0}] - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) flags = self.config_flags.NAT_IS_OUT2IN_ONLY - self.vapi.nat44_add_del_lb_static_mapping(external_addr, - external_port, - IP_PROTOS.tcp, + self.vapi.nat44_add_del_lb_static_mapping(is_add=1, flags=flags, + external_addr=external_addr, + external_port=external_port, + protocol=IP_PROTOS.tcp, local_num=len(locals), - locals=locals, - flags=flags) + locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # from client to service p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / @@ -4969,16 +5185,20 @@ class TestNAT44EndpointDependent(MethodHolder): 'vrf_id': 0}] self.nat44_add_address(self.nat_addr) - self.vapi.nat44_add_del_lb_static_mapping(external_addr, - external_port, - IP_PROTOS.tcp, + self.vapi.nat44_add_del_lb_static_mapping(is_add=1, + external_addr=external_addr, + external_port=external_port, + protocol=IP_PROTOS.tcp, affinity=10800, local_num=len(locals), locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / @@ -4994,9 +5214,9 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertTrue(sessions[0].flags & self.config_flags.NAT_IS_EXT_HOST_VALID) self.vapi.nat44_del_session( - sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=(self.config_flags.NAT_IS_INSIDE | self.config_flags.NAT_IS_EXT_HOST_VALID), ext_host_address=sessions[0].ext_host_address, @@ -5019,9 +5239,12 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 translate packet with unknown protocol """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -5081,9 +5304,12 @@ class TestNAT44EndpointDependent(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for server self.nat44_add_static_mapping(server.ip4, server_nat_ip) @@ -5142,20 +5368,26 @@ class TestNAT44EndpointDependent(MethodHolder): external_port = 80 local_port = 8080 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_identity_mapping(ip=self.pg1.remote_ip4n, - flags=flags) + self.vapi.nat44_add_del_identity_mapping( + ip_address=self.pg1.remote_ip4n, sw_if_index=0xFFFFFFFF, + flags=flags, is_add=1) flags = self.config_flags.NAT_IS_OUT2IN_ONLY self.nat44_add_static_mapping(self.pg0.remote_ip4, external_addr, local_port, external_port, proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) # from client to service p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / @@ -5219,9 +5451,11 @@ class TestNAT44EndpointDependent(MethodHolder): def test_output_feature_and_service2(self): """ NAT44 interface output feature and service host direct access """ - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) # session initiated from service host - translate pkts = self.create_stream_in(self.pg0, self.pg1) @@ -5265,17 +5499,22 @@ class TestNAT44EndpointDependent(MethodHolder): external_port = 80 local_port = 8080 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_OUT2IN_ONLY self.nat44_add_static_mapping(self.pg1.remote_ip4, external_addr, local_port, external_port, proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=external_addr) / @@ -5324,7 +5563,7 @@ class TestNAT44EndpointDependent(MethodHolder): local_port = 8080 post_twice_nat_port = 0 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(twice_nat_addr, twice_nat=1) flags = (self.config_flags.NAT_IS_OUT2IN_ONLY | self.config_flags.NAT_IS_SELF_TWICE_NAT) @@ -5332,7 +5571,9 @@ class TestNAT44EndpointDependent(MethodHolder): local_port, external_port, proto=IP_PROTOS.tcp, vrf_id=1, flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg6.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg6.sw_if_index, + is_add=1) p = (Ether(src=self.pg6.remote_mac, dst=self.pg6.local_mac) / IP(src=self.pg6.remote_ip4, dst=self.pg1.remote_ip4) / @@ -5432,16 +5673,19 @@ class TestNAT44EndpointDependent(MethodHolder): 'vrf_id': 0}] out_addr = self.nat_addr - self.vapi.nat44_add_del_lb_static_mapping(out_addr, - port_out, - IP_PROTOS.tcp, + self.vapi.nat44_add_del_lb_static_mapping(is_add=1, flags=flags, + external_addr=out_addr, + external_port=port_out, + protocol=IP_PROTOS.tcp, local_num=len(locals), - locals=locals, - flags=flags) + locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=pg1.sw_if_index, + is_add=1) if same_pg: if not lb: @@ -5520,9 +5764,9 @@ class TestNAT44EndpointDependent(MethodHolder): self.config_flags.NAT_IS_TWICE_NAT) self.logger.error(self.vapi.cli("show nat44 sessions detail")) self.vapi.nat44_del_session( - sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=(self.config_flags.NAT_IS_INSIDE | self.config_flags.NAT_IS_EXT_HOST_VALID), ext_host_address=sessions[0].ext_host_nat_address, @@ -5559,8 +5803,10 @@ class TestNAT44EndpointDependent(MethodHolder): def test_twice_nat_interface_addr(self): """ Acquire twice NAT44 addresses from interface """ flags = self.config_flags.NAT_IS_TWICE_NAT - self.vapi.nat44_add_del_interface_addr(self.pg3.sw_if_index, - flags=flags) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg3.sw_if_index, + flags=flags) # no address in NAT pool adresses = self.vapi.nat44_address_dump() @@ -5581,16 +5827,21 @@ class TestNAT44EndpointDependent(MethodHolder): def test_tcp_close(self): """ Close TCP session from inside network - output feature """ - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.pg1.local_ip4) twice_nat_addr = '10.0.1.3' service_ip = '192.168.16.150' self.nat44_add_address(twice_nat_addr, twice_nat=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) flags = (self.config_flags.NAT_IS_OUT2IN_ONLY | self.config_flags.NAT_IS_TWICE_NAT) self.nat44_add_static_mapping(self.pg0.remote_ip4, @@ -5674,9 +5925,12 @@ class TestNAT44EndpointDependent(MethodHolder): proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) start_sessnum = len(sessions) @@ -5740,9 +5994,12 @@ class TestNAT44EndpointDependent(MethodHolder): proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) start_sessnum = len(sessions) @@ -5796,9 +6053,12 @@ class TestNAT44EndpointDependent(MethodHolder): proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) start_sessnum = len(sessions) @@ -5857,7 +6117,7 @@ class TestNAT44EndpointDependent(MethodHolder): local_port = 8080 eh_port_in = 0 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr, twice_nat=1) flags = (self.config_flags.NAT_IS_OUT2IN_ONLY | self.config_flags.NAT_IS_TWICE_NAT) @@ -5865,9 +6125,12 @@ class TestNAT44EndpointDependent(MethodHolder): local_port, external_port, proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg4.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg4.sw_if_index, + flags=flags, is_add=1) # from client to service p = (Ether(src=self.pg4.remote_mac, dst=self.pg4.local_mac) / @@ -5918,15 +6181,18 @@ class TestNAT44EndpointDependent(MethodHolder): external_port = 80 local_port = 8080 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) flags = self.config_flags.NAT_IS_OUT2IN_ONLY self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, local_port, external_port, proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # from client to service p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / @@ -6042,10 +6308,14 @@ class TestNAT44EndpointDependent(MethodHolder): def test_output_feature(self): """ NAT44 interface output feature (in2out postrouting) """ - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -6070,29 +6340,39 @@ class TestNAT44EndpointDependent(MethodHolder): local_port = 8080 port = 0 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg5.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg5.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg6.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg5.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg5.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg6.sw_if_index, + is_add=1) flags = self.config_flags.NAT_IS_OUT2IN_ONLY self.nat44_add_static_mapping(self.pg5.remote_ip4, external_addr, local_port, external_port, vrf_id=1, proto=IP_PROTOS.tcp, flags=flags) self.nat44_add_static_mapping( - self.pg0.remote_ip4, - external_sw_if_index=self.pg0.sw_if_index, - local_port=local_port, - vrf_id=0, - external_port=external_port, - proto=IP_PROTOS.tcp, - flags=flags + self.pg0.remote_ip4, + external_sw_if_index=self.pg0.sw_if_index, + local_port=local_port, + vrf_id=0, + external_port=external_port, + proto=IP_PROTOS.tcp, + flags=flags ) # from client to service (both VRF1) @@ -6366,10 +6646,14 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 session timeouts """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_set_timeouts(icmp=5) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=240, icmp=5) max_sessions = 1000 pkts = [] @@ -6409,10 +6693,14 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 session RST timeouts """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_set_timeouts(tcp_transitory=5) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=5, icmp=60) self.initiate_tcp_session(self.pg0, self.pg1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / @@ -6447,14 +6735,18 @@ class TestNAT44EndpointDependent(MethodHolder): """ Maximum sessions per user limit """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.set_ipfix_exporter(collector_address=self.pg2.remote_ip4n, src_address=self.pg2.local_ip4n, path_mtu=512, template_interval=10) - self.vapi.nat_set_timeouts(udp=5) + self.vapi.nat_set_timeouts(udp=5, tcp_established=7440, + tcp_transitory=240, icmp=60) # get maximum number of translations per user nat44_config = self.vapi.nat_show_config() @@ -6472,7 +6764,8 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -6512,13 +6805,17 @@ class TestNAT44EndpointDependent(MethodHolder): def test_syslog_sess(self): """ Test syslog session creation and deletion """ - self.vapi.syslog_set_filter(SYSLOG_SEVERITY.INFO) + self.vapi.syslog_set_filter( + self.SYSLOG_SEVERITY.SYSLOG_API_SEVERITY_INFO) self.vapi.syslog_set_sender(self.pg2.local_ip4n, self.pg2.remote_ip4n) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -6586,11 +6883,11 @@ class TestNAT44Out2InDPO(MethodHolder): cls.pg1.config_ip6() cls.pg1.resolve_ndp() - cls.vapi.ip_add_del_route(dst_address=b'\x00' * 16, - dst_address_length=0, - next_hop_address=cls.pg1.remote_ip6n, - next_hop_sw_if_index=cls.pg1.sw_if_index, - is_ipv6=True) + r1 = VppIpRoute(cls, "::", 0, + [VppRoutePath(cls.pg1.remote_ip6, + cls.pg1.sw_if_index)], + register=False) + r1.add_vpp_config() except Exception: super(TestNAT44Out2InDPO, cls).tearDownClass() @@ -6623,9 +6920,12 @@ class TestNAT44Out2InDPO(MethodHolder): self.configure_xlat() flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_add_del_address_range(self.nat_addr_n, self.nat_addr_n) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_add_del_address_range(first_ip_address=self.nat_addr_n, + last_ip_address=self.nat_addr_n, + vrf_id=0xFFFFFFFF, is_add=1) out_src_ip6 = self.compose_ip6(self.dst_ip4, self.dst_ip6_pfx, self.dst_ip6_pfx_len) @@ -6649,10 +6949,13 @@ class TestNAT44Out2InDPO(MethodHolder): capture = self.pg0.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg0) finally: - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - is_add=0, flags=flags) - self.vapi.nat44_add_del_address_range(self.nat_addr_n, - self.nat_addr_n, is_add=0) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags) + self.vapi.nat44_add_del_address_range( + first_ip_address=self.nat_addr_n, + last_ip_address=self.nat_addr_n, + vrf_id=0xFFFFFFFF) @unittest.skip('Temporary disabled') def test_464xlat_ce_no_nat(self): @@ -6816,7 +7119,9 @@ class TestDeterministicNAT(MethodHolder): nat_config = self.vapi.nat_show_config() self.assertEqual(1, nat_config.deterministic) - self.vapi.nat_det_add_del_map(1, in_addr, in_plen, out_addr, out_plen) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=in_addr, + in_plen=in_plen, out_addr=out_addr, + out_plen=out_plen) rep1 = self.vapi.nat_det_forward(in_addr_t) self.assertEqual(str(rep1.out_addr), out_addr) @@ -6840,10 +7145,11 @@ class TestDeterministicNAT(MethodHolder): """ Set deterministic NAT timeouts """ timeouts_before = self.vapi.nat_get_timeouts() - self.vapi.nat_set_timeouts(timeouts_before.udp + 10, - timeouts_before.tcp_established + 10, - timeouts_before.tcp_transitory + 10, - timeouts_before.icmp + 10) + self.vapi.nat_set_timeouts( + udp=timeouts_before.udp + 10, + tcp_established=timeouts_before.tcp_established + 10, + tcp_transitory=timeouts_before.tcp_transitory + 10, + icmp=timeouts_before.icmp + 10) timeouts_after = self.vapi.nat_get_timeouts() @@ -6859,16 +7165,18 @@ class TestDeterministicNAT(MethodHolder): nat_ip = "10.0.0.10" - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(nat_ip), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(nat_ip), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -6920,15 +7228,16 @@ class TestDeterministicNAT(MethodHolder): host0 = self.pg0.remote_hosts[0] host1 = self.pg0.remote_hosts[1] - self.vapi.nat_det_add_del_map(1, - host0.ip4n, - 24, - socket.inet_aton(nat_ip), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=host0.ip4n, in_plen=24, + out_addr=socket.inet_aton(nat_ip), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # host0 to out p = (Ether(src=host0.mac, dst=self.pg0.local_mac) / @@ -7031,15 +7340,17 @@ class TestDeterministicNAT(MethodHolder): def test_tcp_session_close_detection_in(self): """ Deterministic NAT TCP session close from inside network """ - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.nat_addr), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(self.nat_addr), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.initiate_tcp_session(self.pg0, self.pg1) @@ -7095,15 +7406,17 @@ class TestDeterministicNAT(MethodHolder): def test_tcp_session_close_detection_out(self): """ Deterministic NAT TCP session close from outside network """ - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.nat_addr), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(self.nat_addr), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.initiate_tcp_session(self.pg0, self.pg1) @@ -7160,18 +7473,21 @@ class TestDeterministicNAT(MethodHolder): @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_timeout(self): """ Deterministic NAT session timeouts """ - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.nat_addr), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(self.nat_addr), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.initiate_tcp_session(self.pg0, self.pg1) - self.vapi.nat_set_timeouts(5, 5, 5, 5) + self.vapi.nat_set_timeouts(udp=5, tcp_established=5, tcp_transitory=5, + icmp=5) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -7185,20 +7501,23 @@ class TestDeterministicNAT(MethodHolder): @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_limit_per_user(self): """ Deterministic NAT maximum sessions per user limit """ - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.nat_addr), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(self.nat_addr), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.set_ipfix_exporter(collector_address=self.pg2.remote_ip4n, src_address=self.pg2.local_ip4n, path_mtu=512, template_interval=10) - self.vapi.nat_ipfix_enable_disable() + self.vapi.nat_ipfix_enable_disable(domain_id=1, src_port=4739, + enable=1) pkts = [] for port in range(1025, 2025): @@ -7258,21 +7577,22 @@ class TestDeterministicNAT(MethodHolder): """ Clear deterministic NAT configuration. """ - self.vapi.nat_ipfix_enable_disable(enable=0) - self.vapi.nat_set_timeouts() + self.vapi.nat_ipfix_enable_disable(domain_id=1, src_port=4739, + enable=0) + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=240, icmp=60) deterministic_mappings = self.vapi.nat_det_map_dump() for dsm in deterministic_mappings: - self.vapi.nat_det_add_del_map(0, - dsm.in_addr, - dsm.in_plen, - dsm.out_addr, - dsm.out_plen) + self.vapi.nat_det_add_del_map(is_add=0, in_addr=dsm.in_addr, + in_plen=dsm.in_plen, + out_addr=dsm.out_addr, + out_plen=dsm.out_plen) interfaces = self.vapi.nat44_interface_dump() for intf in interfaces: - self.vapi.nat44_interface_add_del_feature(intf.sw_if_index, - is_add=0, - flags=intf.flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=intf.sw_if_index, + flags=intf.flags) def tearDown(self): super(TestDeterministicNAT, self).tearDown() @@ -7359,7 +7679,8 @@ class TestNAT64(MethodHolder): """ NAT64 inside interface handles Neighbor Advertisement """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg5.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg5.sw_if_index) # Try to send ping ping = (Ether(dst=self.pg5.local_mac, src=self.pg5.remote_mac) / @@ -7412,13 +7733,17 @@ class TestNAT64(MethodHolder): """ Add/delete address to NAT64 pool """ nat_addr = '1.2.3.4' - self.vapi.nat64_add_del_pool_addr_range(nat_addr, nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=nat_addr, + end_addr=nat_addr, + vrf_id=0xFFFFFFFF, is_add=1) addresses = self.vapi.nat64_pool_addr_dump() self.assertEqual(len(addresses), 1) self.assertEqual(str(addresses[0].address), nat_addr) - self.vapi.nat64_add_del_pool_addr_range(nat_addr, nat_addr, is_add=0) + self.vapi.nat64_add_del_pool_addr_range(start_addr=nat_addr, + end_addr=nat_addr, + vrf_id=0xFFFFFFFF, is_add=0) addresses = self.vapi.nat64_pool_addr_dump() self.assertEqual(len(addresses), 0) @@ -7426,8 +7751,10 @@ class TestNAT64(MethodHolder): def test_interface(self): """ Enable/disable NAT64 feature on the interface """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) interfaces = self.vapi.nat64_interface_dump() self.assertEqual(len(interfaces), 2) @@ -7448,8 +7775,10 @@ class TestNAT64(MethodHolder): features = self.vapi.cli("show interface features pg1") self.assertIn('nat64-out2in', features) - self.vapi.nat64_add_del_interface(0, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(0, flags, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=0, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=0, flags=flags, + sw_if_index=self.pg1.sw_if_index) interfaces = self.vapi.nat64_interface_dump() self.assertEqual(len(interfaces), 0) @@ -7462,12 +7791,10 @@ class TestNAT64(MethodHolder): out_port = 5678 proto = IP_PROTOS.tcp - self.vapi.nat64_add_del_static_bib(in_addr, - out_addr, - in_port, - out_port, - proto) - bib = self.vapi.nat64_bib_dump(IP_PROTOS.tcp) + self.vapi.nat64_add_del_static_bib(i_addr=in_addr, o_addr=out_addr, + i_port=in_port, o_port=out_port, + proto=proto, vrf_id=0, is_add=1) + bib = self.vapi.nat64_bib_dump(proto=IP_PROTOS.tcp) static_bib_num = 0 for bibe in bib: if bibe.flags & self.config_flags.NAT_IS_STATIC: @@ -7480,13 +7807,10 @@ class TestNAT64(MethodHolder): bibs = self.statistics.get_counter('/nat64/total-bibs') self.assertEqual(bibs[0][0], 1) - self.vapi.nat64_add_del_static_bib(in_addr, - out_addr, - in_port, - out_port, - proto, - is_add=0) - bib = self.vapi.nat64_bib_dump(IP_PROTOS.tcp) + self.vapi.nat64_add_del_static_bib(i_addr=in_addr, o_addr=out_addr, + i_port=in_port, o_port=out_port, + proto=proto, vrf_id=0, is_add=0) + bib = self.vapi.nat64_bib_dump(proto=IP_PROTOS.tcp) static_bib_num = 0 for bibe in bib: if bibe.flags & self.config_flags.NAT_IS_STATIC: @@ -7505,8 +7829,8 @@ class TestNAT64(MethodHolder): self.assertEqual(timeouts.tcp_established, 7440) # set and verify custom values - self.vapi.nat_set_timeouts(udp=200, icmp=30, tcp_transitory=250, - tcp_established=7450) + self.vapi.nat_set_timeouts(udp=200, tcp_established=7450, + tcp_transitory=250, icmp=30) timeouts = self.vapi.nat_get_timeouts() self.assertEqual(timeouts.udp, 200) self.assertEqual(timeouts.icmp, 30) @@ -7521,17 +7845,22 @@ class TestNAT64(MethodHolder): ses_num_start = self.nat64_get_ses_num() - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) # in2out - tcpn = self.statistics.get_counter('/err/nat64-in2out/TCP packets') - udpn = self.statistics.get_counter('/err/nat64-in2out/UDP packets') - icmpn = self.statistics.get_counter('/err/nat64-in2out/ICMP packets') - totaln = self.statistics.get_counter( + tcpn = self.statistics.get_err_counter('/err/nat64-in2out/TCP packets') + udpn = self.statistics.get_err_counter('/err/nat64-in2out/UDP packets') + icmpn = self.statistics.get_err_counter( + '/err/nat64-in2out/ICMP packets') + totaln = self.statistics.get_err_counter( '/err/nat64-in2out/good in2out packets processed') pkts = self.create_stream_in_ip6(self.pg0, self.pg1) @@ -7542,21 +7871,22 @@ class TestNAT64(MethodHolder): self.verify_capture_out(capture, nat_ip=self.nat_addr, dst_ip=self.pg1.remote_ip4) - err = self.statistics.get_counter('/err/nat64-in2out/TCP packets') + err = self.statistics.get_err_counter('/err/nat64-in2out/TCP packets') self.assertEqual(err - tcpn, 1) - err = self.statistics.get_counter('/err/nat64-in2out/UDP packets') + err = self.statistics.get_err_counter('/err/nat64-in2out/UDP packets') self.assertEqual(err - udpn, 1) - err = self.statistics.get_counter('/err/nat64-in2out/ICMP packets') + err = self.statistics.get_err_counter('/err/nat64-in2out/ICMP packets') self.assertEqual(err - icmpn, 1) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/nat64-in2out/good in2out packets processed') self.assertEqual(err - totaln, 3) # out2in - tcpn = self.statistics.get_counter('/err/nat64-out2in/TCP packets') - udpn = self.statistics.get_counter('/err/nat64-out2in/UDP packets') - icmpn = self.statistics.get_counter('/err/nat64-out2in/ICMP packets') - totaln = self.statistics.get_counter( + tcpn = self.statistics.get_err_counter('/err/nat64-out2in/TCP packets') + udpn = self.statistics.get_err_counter('/err/nat64-out2in/UDP packets') + icmpn = self.statistics.get_err_counter( + '/err/nat64-out2in/ICMP packets') + totaln = self.statistics.get_err_counter( '/err/nat64-out2in/good out2in packets processed') pkts = self.create_stream_out(self.pg1, dst_ip=self.nat_addr) @@ -7567,13 +7897,13 @@ class TestNAT64(MethodHolder): ip = IPv6(src=''.join(['64:ff9b::', self.pg1.remote_ip4])) self.verify_capture_in_ip6(capture, ip[IPv6].src, self.pg0.remote_ip6) - err = self.statistics.get_counter('/err/nat64-out2in/TCP packets') + err = self.statistics.get_err_counter('/err/nat64-out2in/TCP packets') self.assertEqual(err - tcpn, 1) - err = self.statistics.get_counter('/err/nat64-out2in/UDP packets') + err = self.statistics.get_err_counter('/err/nat64-out2in/UDP packets') self.assertEqual(err - udpn, 1) - err = self.statistics.get_counter('/err/nat64-out2in/ICMP packets') + err = self.statistics.get_err_counter('/err/nat64-out2in/ICMP packets') self.assertEqual(err - icmpn, 1) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/nat64-out2in/good out2in packets processed') self.assertEqual(err - totaln, 3) @@ -7604,11 +7934,12 @@ class TestNAT64(MethodHolder): self.assertEqual(ses_num_end - ses_num_start, 3) # tenant with specific VRF - self.vapi.nat64_add_del_pool_addr_range(self.vrf1_nat_addr, - self.vrf1_nat_addr, - vrf_id=self.vrf1_id) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.vrf1_nat_addr, + end_addr=self.vrf1_nat_addr, + vrf_id=self.vrf1_id, is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg2.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg2.sw_if_index) pkts = self.create_stream_in_ip6(self.pg2, self.pg1) self.pg2.add_stream(pkts) @@ -7636,27 +7967,34 @@ class TestNAT64(MethodHolder): ses_num_start = self.nat64_get_ses_num() - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - - self.vapi.nat64_add_del_static_bib(self.pg0.remote_ip6n, - self.nat_addr, - self.tcp_port_in, - self.tcp_port_out, - IP_PROTOS.tcp) - self.vapi.nat64_add_del_static_bib(self.pg0.remote_ip6n, - self.nat_addr, - self.udp_port_in, - self.udp_port_out, - IP_PROTOS.udp) - self.vapi.nat64_add_del_static_bib(self.pg0.remote_ip6n, - self.nat_addr, - self.icmp_id_in, - self.icmp_id_out, - IP_PROTOS.icmp) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + + self.vapi.nat64_add_del_static_bib(i_addr=self.pg0.remote_ip6n, + o_addr=self.nat_addr, + i_port=self.tcp_port_in, + o_port=self.tcp_port_out, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) + self.vapi.nat64_add_del_static_bib(i_addr=self.pg0.remote_ip6n, + o_addr=self.nat_addr, + i_port=self.udp_port_in, + o_port=self.udp_port_out, + proto=IP_PROTOS.udp, vrf_id=0, + is_add=1) + self.vapi.nat64_add_del_static_bib(i_addr=self.pg0.remote_ip6n, + o_addr=self.nat_addr, + i_port=self.icmp_id_in, + o_port=self.icmp_id_out, + proto=IP_PROTOS.icmp, vrf_id=0, + is_add=1) # in2out pkts = self.create_stream_in_ip6(self.pg0, self.pg1) @@ -7684,12 +8022,18 @@ class TestNAT64(MethodHolder): def test_session_timeout(self): """ NAT64 session timeout """ self.icmp_id_in = 1234 - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - self.vapi.nat_set_timeouts(icmp=5, tcp_transitory=5, tcp_established=5) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat_set_timeouts(udp=300, tcp_established=5, + tcp_transitory=5, + icmp=5) pkts = self.create_stream_in_ip6(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -7711,11 +8055,15 @@ class TestNAT64(MethodHolder): self.udp_port_in = 6304 self.icmp_id_in = 6305 - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) # send some packets to create sessions pkts = self.create_stream_in_ip6(self.pg0, self.pg1) @@ -7811,22 +8159,28 @@ class TestNAT64(MethodHolder): ip = IPv6(src=''.join(['64:ff9b::', self.nat_addr])) nat_addr_ip6 = ip.src - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - - self.vapi.nat64_add_del_static_bib(server.ip6n, - self.nat_addr, - server_tcp_in_port, - server_tcp_out_port, - IP_PROTOS.tcp) - self.vapi.nat64_add_del_static_bib(server.ip6n, - self.nat_addr, - server_udp_in_port, - server_udp_out_port, - IP_PROTOS.udp) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=self.nat_addr, + i_port=server_tcp_in_port, + o_port=server_tcp_out_port, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=self.nat_addr, + i_port=server_udp_in_port, + o_port=server_udp_out_port, + proto=IP_PROTOS.udp, vrf_id=0, + is_add=1) # client to server pkts = [] @@ -7923,21 +8277,27 @@ class TestNAT64(MethodHolder): def test_prefix(self): """ NAT64 Network-Specific Prefix """ - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - self.vapi.nat64_add_del_pool_addr_range(self.vrf1_nat_addr, - self.vrf1_nat_addr, - vrf_id=self.vrf1_id) - self.vapi.nat64_add_del_interface(1, flags, self.pg2.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.vrf1_nat_addr, + end_addr=self.vrf1_nat_addr, + vrf_id=self.vrf1_id, is_add=1) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg2.sw_if_index) # Add global prefix global_pref64 = "2001:db8::" global_pref64_len = 32 global_pref64_str = "{}/{}".format(global_pref64, global_pref64_len) - self.vapi.nat64_add_del_prefix(global_pref64_str) + self.vapi.nat64_add_del_prefix(prefix=global_pref64_str, vrf_id=0, + is_add=1) prefix = self.vapi.nat64_prefix_dump() self.assertEqual(len(prefix), 1) @@ -7949,7 +8309,8 @@ class TestNAT64(MethodHolder): vrf1_pref64 = "2001:db8:122:300::" vrf1_pref64_len = 56 vrf1_pref64_str = "{}/{}".format(vrf1_pref64, vrf1_pref64_len) - self.vapi.nat64_add_del_prefix(vrf1_pref64_str, vrf_id=self.vrf1_id) + self.vapi.nat64_add_del_prefix(prefix=vrf1_pref64_str, + vrf_id=self.vrf1_id, is_add=1) prefix = self.vapi.nat64_prefix_dump() self.assertEqual(len(prefix), 2) @@ -8001,11 +8362,15 @@ class TestNAT64(MethodHolder): def test_unknown_proto(self): """ NAT64 translate packet with unknown protocol """ - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) remote_ip6 = self.compose_ip6(self.pg1.remote_ip4, '64:ff9b::', 96) # in2out @@ -8069,29 +8434,35 @@ class TestNAT64(MethodHolder): server_nat_ip6 = self.compose_ip6(server_nat_ip, '64:ff9b::', 96) client_nat_ip6 = self.compose_ip6(client_nat_ip, '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(server_nat_ip, - client_nat_ip) + self.vapi.nat64_add_del_pool_addr_range(start_addr=server_nat_ip, + end_addr=client_nat_ip, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - - self.vapi.nat64_add_del_static_bib(server.ip6n, - server_nat_ip, - server_tcp_in_port, - server_tcp_out_port, - IP_PROTOS.tcp) - - self.vapi.nat64_add_del_static_bib(server.ip6n, - server_nat_ip, - 0, - 0, - IP_PROTOS.gre) - - self.vapi.nat64_add_del_static_bib(client.ip6n, - client_nat_ip, - client_tcp_in_port, - client_tcp_out_port, - IP_PROTOS.tcp) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=server_nat_ip, + i_port=server_tcp_in_port, + o_port=server_tcp_out_port, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) + + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=server_nat_ip, i_port=0, + o_port=0, + proto=IP_PROTOS.gre, vrf_id=0, + is_add=1) + + self.vapi.nat64_add_del_static_bib(i_addr=client.ip6n, + o_addr=client_nat_ip, + i_port=client_tcp_in_port, + o_port=client_tcp_out_port, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) # client to server p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -8146,11 +8517,15 @@ class TestNAT64(MethodHolder): '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg3.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg3.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg3.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg3.sw_if_index) # in2out p = (Ether(src=self.pg3.remote_mac, dst=self.pg3.local_mac) / @@ -8199,11 +8574,15 @@ class TestNAT64(MethodHolder): """ NAT64 translate fragments arriving in order """ self.tcp_port_in = random.randint(1025, 65535) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) reass = self.vapi.nat_reass_dump() reass_n_start = len(reass) @@ -8256,18 +8635,23 @@ class TestNAT64(MethodHolder): ip = IPv6(src=''.join(['64:ff9b::', self.nat_addr])) nat_addr_ip6 = ip.src - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) # add static BIB entry for server - self.vapi.nat64_add_del_static_bib(server.ip6n, - self.nat_addr, - server_in_port, - server_out_port, - IP_PROTOS.tcp) + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=self.nat_addr, + i_port=server_in_port, + o_port=server_out_port, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) # send packet from host to server pkts = self.create_stream_frag_ip6(self.pg0, @@ -8288,11 +8672,15 @@ class TestNAT64(MethodHolder): """ NAT64 translate fragments arriving out of order """ self.tcp_port_in = random.randint(1025, 65535) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) # in2out data = b'a' * 200 @@ -8331,7 +8719,9 @@ class TestNAT64(MethodHolder): def test_interface_addr(self): """ Acquire NAT64 pool addresses from interface """ - self.vapi.nat64_add_del_interface_addr(self.pg4.sw_if_index) + self.vapi.nat64_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg4.sw_if_index) # no address in NAT64 pool addresses = self.vapi.nat44_address_dump() @@ -8359,11 +8749,15 @@ class TestNAT64(MethodHolder): '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) pkts = [] src = "" @@ -8387,7 +8781,8 @@ class TestNAT64(MethodHolder): path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IPv6(src=src, dst=remote_host_ip6) / @@ -8442,18 +8837,24 @@ class TestNAT64(MethodHolder): def test_ipfix_max_frags(self): """ IPFIX logging maximum fragments pending reassembly exceeded """ - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - self.vapi.nat_set_reass(max_frag=1, is_ip6=1) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=1, + drop_frag=0, is_ip6=1) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) data = b'a' * 200 pkts = self.create_stream_frag_ip6(self.pg0, self.pg1.remote_ip4, @@ -8492,17 +8893,22 @@ class TestNAT64(MethodHolder): '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) # Create p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / @@ -8544,8 +8950,9 @@ class TestNAT64(MethodHolder): # Delete self.pg_enable_capture(self.pg_interfaces) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr, + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, is_add=0) self.vapi.cli("ipfix flush") # FIXME this should be an API call capture = self.pg3.get_capture(2) @@ -8578,12 +8985,17 @@ class TestNAT64(MethodHolder): '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - self.vapi.syslog_set_filter(SYSLOG_SEVERITY.INFO) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + self.vapi.syslog_set_filter( + self.SYSLOG_SEVERITY.SYSLOG_API_SEVERITY_INFO) self.vapi.syslog_set_sender(self.pg3.local_ip4n, self.pg3.remote_ip4n) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / @@ -8599,8 +9011,9 @@ class TestNAT64(MethodHolder): self.pg_enable_capture(self.pg_interfaces) self.pg_start() - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr, + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, is_add=0) capture = self.pg3.get_capture(1) self.verify_syslog_sess(capture[0][Raw].load, False, True) @@ -8609,52 +9022,52 @@ class TestNAT64(MethodHolder): """ Return number of active NAT64 sessions. """ - st = self.vapi.nat64_st_dump() + st = self.vapi.nat64_st_dump(proto=255) return len(st) def clear_nat64(self): """ Clear NAT64 configuration. """ - self.vapi.nat_ipfix_enable_disable(enable=0, + self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, src_port=self.ipfix_src_port, - domain_id=self.ipfix_domain_id) + enable=0) self.ipfix_src_port = 4739 self.ipfix_domain_id = 1 - self.vapi.syslog_set_filter(SYSLOG_SEVERITY.EMERG) + self.vapi.syslog_set_filter( + self.SYSLOG_SEVERITY.SYSLOG_API_SEVERITY_EMERG) - self.vapi.nat_set_timeouts() + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=240, icmp=60) interfaces = self.vapi.nat64_interface_dump() for intf in interfaces: - self.vapi.nat64_add_del_interface(0, - intf.flags, - intf.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=0, flags=intf.flags, + sw_if_index=intf.sw_if_index) - bib = self.vapi.nat64_bib_dump(255) + bib = self.vapi.nat64_bib_dump(proto=255) for bibe in bib: if bibe.flags & self.config_flags.NAT_IS_STATIC: - self.vapi.nat64_add_del_static_bib(bibe.i_addr, - bibe.o_addr, - bibe.i_port, - bibe.o_port, - bibe.proto, - bibe.vrf_id, + self.vapi.nat64_add_del_static_bib(i_addr=bibe.i_addr, + o_addr=bibe.o_addr, + i_port=bibe.i_port, + o_port=bibe.o_port, + proto=bibe.proto, + vrf_id=bibe.vrf_id, is_add=0) adresses = self.vapi.nat64_pool_addr_dump() for addr in adresses: - self.vapi.nat64_add_del_pool_addr_range(addr.address, - addr.address, + self.vapi.nat64_add_del_pool_addr_range(start_addr=addr.address, + end_addr=addr.address, vrf_id=addr.vrf_id, is_add=0) prefixes = self.vapi.nat64_prefix_dump() for prefix in prefixes: - self.vapi.nat64_add_del_prefix(str(prefix.prefix), - vrf_id=prefix.vrf_id, - is_add=0) + self.vapi.nat64_add_del_prefix(prefix=str(prefix.prefix), + vrf_id=prefix.vrf_id, is_add=0) bibs = self.statistics.get_counter('/nat64/total-bibs') self.assertEqual(bibs[0][0], 0) @@ -8733,11 +9146,12 @@ class TestDSlite(MethodHolder): nat_config = self.vapi.nat_show_config() self.assertEqual(0, nat_config.dslite_ce) - self.vapi.dslite_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.dslite_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + is_add=1) aftr_ip4 = '192.0.0.1' aftr_ip6 = '2001:db8:85a3::8a2e:370:1' - self.vapi.dslite_set_aftr_addr(aftr_ip6, aftr_ip4) + self.vapi.dslite_set_aftr_addr(ip4_addr=aftr_ip4, ip6_addr=aftr_ip6) self.vapi.syslog_set_sender(self.pg2.local_ip4n, self.pg2.remote_ip4n) # UDP @@ -8910,18 +9324,17 @@ class TestDSliteCE(MethodHolder): b4_ip4 = '192.0.0.2' b4_ip6 = '2001:db8:62aa::375e:f4c1:1' - self.vapi.dslite_set_b4_addr(b4_ip6, b4_ip4) + self.vapi.dslite_set_b4_addr(ip4_addr=b4_ip4, ip6_addr=b4_ip6) aftr_ip4 = '192.0.0.1' aftr_ip6 = '2001:db8:85a3::8a2e:370:1' aftr_ip6_n = socket.inet_pton(socket.AF_INET6, aftr_ip6) - self.vapi.dslite_set_aftr_addr(aftr_ip6, aftr_ip4) + self.vapi.dslite_set_aftr_addr(ip4_addr=aftr_ip4, ip6_addr=aftr_ip6) - self.vapi.ip_add_del_route(dst_address=aftr_ip6_n, - dst_address_length=128, - next_hop_address=self.pg1.remote_ip6n, - next_hop_sw_if_index=self.pg1.sw_if_index, - is_ipv6=1) + r1 = VppIpRoute(self, aftr_ip6, 128, + [VppRoutePath(self.pg1.remote_ip6, + self.pg1.sw_if_index)]) + r1.add_vpp_config() # UDP encapsulation p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -9009,10 +9422,14 @@ class TestNAT66(MethodHolder): def test_static(self): """ 1:1 NAT66 test """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat66_add_del_interface(self.pg0.sw_if_index, flags=flags) - self.vapi.nat66_add_del_interface(self.pg1.sw_if_index) - self.vapi.nat66_add_del_static_mapping(self.pg0.remote_ip6n, - self.nat_addr) + self.vapi.nat66_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat66_add_del_interface(is_add=1, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=self.pg0.remote_ip6n, + external_ip_address=self.nat_addr, + is_add=1) # in2out pkts = [] @@ -9083,10 +9500,14 @@ class TestNAT66(MethodHolder): def test_check_no_translate(self): """ NAT66 translate only when egress interface is outside interface """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat66_add_del_interface(self.pg0.sw_if_index, flags=flags) - self.vapi.nat66_add_del_interface(self.pg1.sw_if_index, flags=flags) - self.vapi.nat66_add_del_static_mapping(self.pg0.remote_ip6n, - self.nat_addr) + self.vapi.nat66_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat66_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=self.pg0.remote_ip6n, + external_ip_address=self.nat_addr, + is_add=1) # in2out p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -9110,16 +9531,15 @@ class TestNAT66(MethodHolder): """ interfaces = self.vapi.nat66_interface_dump() for intf in interfaces: - self.vapi.nat66_add_del_interface(intf.sw_if_index, - is_add=0, - flags=intf.flags) + self.vapi.nat66_add_del_interface(is_add=0, flags=intf.flags, + sw_if_index=intf.sw_if_index) static_mappings = self.vapi.nat66_static_mapping_dump() for sm in static_mappings: - self.vapi.nat66_add_del_static_mapping(sm.local_ip_address, - sm.external_ip_address, - sm.vrf_id, - is_add=0) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=sm.local_ip_address, + external_ip_address=sm.external_ip_address, vrf_id=sm.vrf_id, + is_add=0) def tearDown(self): super(TestNAT66, self).tearDown() @@ -9129,5 +9549,6 @@ class TestNAT66(MethodHolder): self.logger.info(self.vapi.cli("show nat66 interfaces")) self.logger.info(self.vapi.cli("show nat66 static mappings")) + if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)