X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_reassembly.py;h=bd622a94794d9de8e3f788535650c422c4528362;hb=7c3275e84b64ade4e20d00e4457bd4e437b1894f;hp=aee67b185ccd1df503e2e1be1d80cbae1c1e4d9a;hpb=6955595a577e1b7d316b5b69267bf1d1d951a4ab;p=vpp.git diff --git a/test/test_reassembly.py b/test/test_reassembly.py index aee67b185cc..bd622a94794 100644 --- a/test/test_reassembly.py +++ b/test/test_reassembly.py @@ -1,58 +1,131 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 -from random import shuffle -import six import unittest +from random import shuffle, choice, randrange -from parameterized import parameterized +from framework import VppTestCase, VppTestRunner + +import scapy.compat from scapy.packet import Raw from scapy.layers.l2 import Ether, GRE from scapy.layers.inet import IP, UDP, ICMP - -from scapy.layers.inet6 import IPv6, IPv6ExtHdrFragment, ICMPv6ParamProblem,\ - ICMPv6TimeExceeded - +from scapy.layers.inet6 import HBHOptUnknown, ICMPv6ParamProblem,\ + ICMPv6TimeExceeded, IPv6, IPv6ExtHdrFragment,\ + IPv6ExtHdrHopByHop, IPv6ExtHdrDestOpt, PadN, ICMPv6EchoRequest from framework import VppTestCase, VppTestRunner -from util import ppp, fragment_rfc791, fragment_rfc8200 -from vpp_gre_interface import VppGreInterface, VppGre6Interface +from util import ppp, ppc, fragment_rfc791, fragment_rfc8200 +from vpp_gre_interface import VppGreInterface from vpp_ip import DpoProto -from vpp_ip_route import VppIpRoute, VppRoutePath +from vpp_ip_route import VppIpRoute, VppRoutePath, FibPathProto +from vpp_papi import VppEnum # 35 is enough to have >257 400-byte fragments test_packet_count = 35 -# -# -_scapy_ip_family_types = (IP, IPv6) +class TestIPv4Reassembly(VppTestCase): + """ IPv4 Reassembly """ + + @classmethod + def setUpClass(cls): + super(TestIPv4Reassembly, cls).setUpClass() + + cls.create_pg_interfaces([0, 1]) + cls.src_if = cls.pg0 + cls.dst_if = cls.pg1 + + # setup all interfaces + for i in cls.pg_interfaces: + i.admin_up() + i.config_ip4() + i.resolve_arp() + + # packet sizes + cls.packet_sizes = [64, 512, 1518, 9018] + cls.padding = " abcdefghijklmn" + cls.create_stream(cls.packet_sizes) + cls.create_fragments() + + @classmethod + def tearDownClass(cls): + super(TestIPv4Reassembly, cls).tearDownClass() + + def setUp(self): + """ Test setup - force timeout on existing reassemblies """ + super(TestIPv4Reassembly, self).setUp() + self.vapi.ip_reassembly_enable_disable( + sw_if_index=self.src_if.sw_if_index, enable_ip4=True) + self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10) + self.virtual_sleep(.25) + self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10000) + + def tearDown(self): + super(TestIPv4Reassembly, self).tearDown() -def validate_scapy_ip_family(scapy_ip_family): + def show_commands_at_teardown(self): + self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) - if scapy_ip_family not in _scapy_ip_family_types: - raise ValueError("'scapy_ip_family' must be of type: %s. Got %s" % - (_scapy_ip_family_types, scapy_ip_family)) + @classmethod + def create_stream(cls, packet_sizes, packet_count=test_packet_count): + """Create input packet stream + :param list packet_sizes: Required packet sizes. + """ + for i in range(0, packet_count): + info = cls.create_packet_info(cls.src_if, cls.src_if) + payload = cls.info_to_payload(info) + p = (Ether(dst=cls.src_if.local_mac, src=cls.src_if.remote_mac) / + IP(id=info.index, src=cls.src_if.remote_ip4, + dst=cls.dst_if.remote_ip4) / + UDP(sport=1234, dport=5678) / + Raw(payload)) + size = packet_sizes[(i // 2) % len(packet_sizes)] + cls.extend_packet(p, size, cls.padding) + info.data = p -class TestIPReassemblyMixin(object): + @classmethod + def create_fragments(cls): + infos = cls._packet_infos + cls.pkt_infos = [] + for index, info in infos.items(): + p = info.data + # cls.logger.debug(ppp("Packet:", + # p.__class__(scapy.compat.raw(p)))) + fragments_400 = fragment_rfc791(p, 400) + fragments_300 = fragment_rfc791(p, 300) + fragments_200 = [ + x for f in fragments_400 for x in fragment_rfc791(f, 200)] + cls.pkt_infos.append( + (index, fragments_400, fragments_300, fragments_200)) + cls.fragments_400 = [ + x for (_, frags, _, _) in cls.pkt_infos for x in frags] + cls.fragments_300 = [ + x for (_, _, frags, _) in cls.pkt_infos for x in frags] + cls.fragments_200 = [ + x for (_, _, _, frags) in cls.pkt_infos for x in frags] + cls.logger.debug("Fragmented %s packets into %s 400-byte fragments, " + "%s 300-byte fragments and %s 200-byte fragments" % + (len(infos), len(cls.fragments_400), + len(cls.fragments_300), len(cls.fragments_200))) - def verify_capture(self, scapy_ip_family, capture, - dropped_packet_indexes=None): + def verify_capture(self, capture, dropped_packet_indexes=[]): """Verify captured packet stream. :param list capture: Captured packet stream. """ - validate_scapy_ip_family(scapy_ip_family) - - if dropped_packet_indexes is None: - dropped_packet_indexes = [] info = None seen = set() for packet in capture: try: self.logger.debug(ppp("Got packet:", packet)) - ip = packet[scapy_ip_family] + ip = packet[IP] udp = packet[UDP] - payload_info = self.payload_to_info(str(packet[Raw])) + payload_info = self.payload_to_info(packet[Raw]) packet_index = payload_info.index self.assertTrue( packet_index not in dropped_packet_indexes, @@ -65,8 +138,8 @@ class TestIPReassemblyMixin(object): self.assertTrue(info is not None) self.assertEqual(packet_index, info.index) saved_packet = info.data - self.assertEqual(ip.src, saved_packet[scapy_ip_family].src) - self.assertEqual(ip.dst, saved_packet[scapy_ip_family].dst) + self.assertEqual(ip.src, saved_packet[IP].src) + self.assertEqual(ip.dst, saved_packet[IP].dst) self.assertEqual(udp.payload, saved_packet[UDP].payload) except Exception: self.logger.error(ppp("Unexpected or invalid packet:", packet)) @@ -75,87 +148,45 @@ class TestIPReassemblyMixin(object): self.assertTrue(index in seen or index in dropped_packet_indexes, "Packet with packet_index %d not received" % index) - def test_disabled(self, scapy_ip_family, stream, - dropped_packet_indexes): - """ reassembly disabled """ - validate_scapy_ip_family(scapy_ip_family) - is_ip6 = 1 if scapy_ip_family == IPv6 else 0 - - self.vapi.ip_reassembly_set(timeout_ms=1000, max_reassemblies=0, - expire_walk_interval_ms=10000, - is_ip6=is_ip6) - - self.pg_enable_capture() - self.src_if.add_stream(stream) - self.pg_start() - - packets = self.dst_if.get_capture( - len(self.pkt_infos) - len(dropped_packet_indexes)) - self.verify_capture(scapy_ip_family, packets, dropped_packet_indexes) - self.src_if.assert_nothing_captured() - - def test_duplicates(self, scapy_ip_family, stream): - """ duplicate fragments """ - validate_scapy_ip_family(scapy_ip_family) + def test_reassembly(self): + """ basic reassembly """ self.pg_enable_capture() - self.src_if.add_stream(stream) + self.src_if.add_stream(self.fragments_200) self.pg_start() packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(scapy_ip_family, packets) - self.src_if.assert_nothing_captured() - - def test_random(self, scapy_ip_family, stream): - """ random order reassembly """ - validate_scapy_ip_family(scapy_ip_family) - - fragments = list(stream) - shuffle(fragments) - - self.pg_enable_capture() - self.src_if.add_stream(fragments) - self.pg_start() - - packets = self.dst_if.get_capture(len(self.packet_infos)) - self.verify_capture(scapy_ip_family, packets) + self.verify_capture(packets) self.src_if.assert_nothing_captured() # run it all again to verify correctness self.pg_enable_capture() - self.src_if.add_stream(fragments) + self.src_if.add_stream(self.fragments_200) self.pg_start() - packets = self.dst_if.get_capture(len(self.packet_infos)) - self.verify_capture(scapy_ip_family, packets) + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) self.src_if.assert_nothing_captured() - def test_reassembly(self, scapy_ip_family, stream): - """ basic reassembly """ - validate_scapy_ip_family(scapy_ip_family) + def test_verify_clear_trace_mid_reassembly(self): + """ verify clear trace works mid-reassembly """ self.pg_enable_capture() - self.src_if.add_stream(stream) + self.src_if.add_stream(self.fragments_200[0:-1]) self.pg_start() - packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(scapy_ip_family, packets) - self.src_if.assert_nothing_captured() + self.logger.debug(self.vapi.cli("show trace")) + self.vapi.cli("clear trace") - # run it all again to verify correctness - self.pg_enable_capture() - self.src_if.add_stream(stream) + self.src_if.add_stream(self.fragments_200[-1]) self.pg_start() - packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(scapy_ip_family, packets) - self.src_if.assert_nothing_captured() + self.verify_capture(packets) - def test_reversed(self, scapy_ip_family, stream): + def test_reversed(self): """ reverse order reassembly """ - validate_scapy_ip_family(scapy_ip_family) - fragments = list(stream) + fragments = list(self.fragments_200) fragments.reverse() self.pg_enable_capture() @@ -163,7 +194,7 @@ class TestIPReassemblyMixin(object): self.pg_start() packets = self.dst_if.get_capture(len(self.packet_infos)) - self.verify_capture(scapy_ip_family, packets) + self.verify_capture(packets) self.src_if.assert_nothing_captured() # run it all again to verify correctness @@ -172,135 +203,46 @@ class TestIPReassemblyMixin(object): self.pg_start() packets = self.dst_if.get_capture(len(self.packet_infos)) - self.verify_capture(scapy_ip_family, packets) + self.verify_capture(packets) self.src_if.assert_nothing_captured() - def test_timeout_inline(self, scapy_ip_family, stream, - dropped_packet_indexes): - """ timeout (inline) """ - validate_scapy_ip_family(scapy_ip_family) - is_ip6 = 1 if scapy_ip_family == IPv6 else 0 - - self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, - expire_walk_interval_ms=10000, - is_ip6=is_ip6) - - self.pg_enable_capture() - self.src_if.add_stream(stream) - self.pg_start() - - packets = self.dst_if.get_capture( - len(self.pkt_infos) - len(dropped_packet_indexes)) - self.verify_capture(scapy_ip_family, packets, - dropped_packet_indexes) - - -class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): - """ IPv4 Reassembly """ - - @classmethod - def setUpClass(cls): - super(TestIPv4Reassembly, cls).setUpClass() - - cls.create_pg_interfaces([0, 1]) - cls.src_if = cls.pg0 - cls.dst_if = cls.pg1 - - # setup all interfaces - for i in cls.pg_interfaces: - i.admin_up() - i.config_ip4() - i.resolve_arp() - - # packet sizes - cls.packet_sizes = [64, 512, 1518, 9018] - cls.padding = " abcdefghijklmn" - cls.create_stream(cls.packet_sizes) - cls.create_fragments() - - def setUp(self): - """ Test setup - force timeout on existing reassemblies """ - super(TestIPv4Reassembly, self).setUp() - self.vapi.ip_reassembly_enable_disable( - sw_if_index=self.src_if.sw_if_index, enable_ip4=True) - self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, - expire_walk_interval_ms=10) - self.sleep(.25) - self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000, - expire_walk_interval_ms=10000) - - def tearDown(self): - super(TestIPv4Reassembly, self).tearDown() - self.logger.debug(self.vapi.ppcli("show ip4-reassembly details")) - self.logger.debug(self.vapi.ppcli("show buffers")) + def test_long_fragment_chain(self): + """ long fragment chain """ - @classmethod - def create_stream(cls, packet_sizes, packet_count=test_packet_count): - """Create input packet stream + error_cnt_str = \ + "/err/ip4-full-reassembly-feature/fragment chain too long (drop)" - :param list packet_sizes: Required packet sizes. - """ - for i in range(0, packet_count): - info = cls.create_packet_info(cls.src_if, cls.src_if) - payload = cls.info_to_payload(info) - p = (Ether(dst=cls.src_if.local_mac, src=cls.src_if.remote_mac) / - IP(id=info.index, src=cls.src_if.remote_ip4, - dst=cls.dst_if.remote_ip4) / - UDP(sport=1234, dport=5678) / - Raw(payload)) - size = packet_sizes[(i // 2) % len(packet_sizes)] - cls.extend_packet(p, size, cls.padding) - info.data = p + error_cnt = self.statistics.get_err_counter(error_cnt_str) - @classmethod - def create_fragments(cls): - infos = cls._packet_infos - cls.pkt_infos = [] - for index, info in six.iteritems(infos): - p = info.data - # cls.logger.debug(ppp("Packet:", p.__class__(str(p)))) - fragments_400 = fragment_rfc791(p, 400) - fragments_300 = fragment_rfc791(p, 300) - fragments_200 = [ - x for f in fragments_400 for x in fragment_rfc791(f, 200)] - cls.pkt_infos.append( - (index, fragments_400, fragments_300, fragments_200)) - cls.fragments_400 = [ - x for (_, frags, _, _) in cls.pkt_infos for x in frags] - cls.fragments_300 = [ - x for (_, _, frags, _) in cls.pkt_infos for x in frags] - cls.fragments_200 = [ - x for (_, _, _, frags) in cls.pkt_infos for x in frags] - cls.logger.debug("Fragmented %s packets into %s 400-byte fragments, " - "%s 300-byte fragments and %s 200-byte fragments" % - (len(infos), len(cls.fragments_400), - len(cls.fragments_300), len(cls.fragments_200))) + self.vapi.ip_reassembly_set(timeout_ms=100, max_reassemblies=1000, + max_reassembly_length=3, + expire_walk_interval_ms=50) - @parameterized.expand([(IP, None)]) - def test_reassembly(self, family, stream): - """ basic reassembly """ - stream = self.__class__.fragments_200 - super(TestIPv4Reassembly, self).test_reassembly(family, stream) + p1 = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / + IP(id=1000, src=self.src_if.remote_ip4, + dst=self.dst_if.remote_ip4) / + UDP(sport=1234, dport=5678) / + Raw(b"X" * 1000)) + p2 = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / + IP(id=1001, src=self.src_if.remote_ip4, + dst=self.dst_if.remote_ip4) / + UDP(sport=1234, dport=5678) / + Raw(b"X" * 1000)) + frags = fragment_rfc791(p1, 200) + fragment_rfc791(p2, 500) - @parameterized.expand([(IP, None)]) - def test_reversed(self, family, stream): - """ reverse order reassembly """ - stream = self.__class__.fragments_200 - super(TestIPv4Reassembly, self).test_reversed(family, stream) + self.pg_enable_capture() + self.src_if.add_stream(frags) + self.pg_start() - @parameterized.expand([(IP, None)]) - def test_random(self, family, stream): - stream = self.__class__.fragments_200 - super(TestIPv4Reassembly, self).test_random(family, stream) + self.dst_if.get_capture(1) + self.assert_error_counter_equal(error_cnt_str, error_cnt + 1) def test_5737(self): """ fragment length + ip header size > 65535 """ self.vapi.cli("clear errors") - raw = ('E\x00\x00\x88,\xf8\x1f\xfe@\x01\x98\x00\xc0\xa8\n-\xc0\xa8\n' - '\x01\x08\x00\xf0J\xed\xcb\xf1\xf5Test-group: IPv4.IPv4.ipv4-' - 'message.Ethernet-Payload.IPv4-Packet.IPv4-Header.Fragment-Of' - 'fset; Test-case: 5737') - + raw = b'''E\x00\x00\x88,\xf8\x1f\xfe@\x01\x98\x00\xc0\xa8\n-\xc0\xa8\n\ +\x01\x08\x00\xf0J\xed\xcb\xf1\xf5Test-group: IPv4.IPv4.ipv4-message.\ +Ethernet-Payload.IPv4-Packet.IPv4-Header.Fragment-Offset; Test-case: 5737''' malformed_packet = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / IP(raw)) @@ -308,19 +250,19 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): IP(id=1000, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4) / UDP(sport=1234, dport=5678) / - Raw("X" * 1000)) + Raw(b"X" * 1000)) valid_fragments = fragment_rfc791(p, 400) + counter = "/err/ip4-full-reassembly-feature/malformed packets" + error_counter = self.statistics.get_err_counter(counter) self.pg_enable_capture() self.src_if.add_stream([malformed_packet] + valid_fragments) self.pg_start() self.dst_if.get_capture(1) - self.assert_packet_counter_equal("ip4-reassembly-feature", 1) - # TODO remove above, uncomment below once clearing of counters - # is supported - # self.assert_packet_counter_equal( - # "/err/ip4-reassembly-feature/malformed packets", 1) + self.logger.debug(self.vapi.ppcli("show error")) + self.assertEqual(self.statistics.get_err_counter(counter), + error_counter + 1) def test_44924(self): """ compress tiny fragments """ @@ -367,14 +309,14 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): IP(id=7, len=21, frag=1, ttl=64, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4) / - Raw(load='\x08')), + Raw(load=b'\x08')), ] p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / IP(id=1000, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4) / UDP(sport=1234, dport=5678) / - Raw("X" * 1000)) + Raw(b"X" * 1000)) valid_fragments = fragment_rfc791(p, 400) self.pg_enable_capture() @@ -383,22 +325,51 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): self.dst_if.get_capture(1) - self.assert_packet_counter_equal("ip4-reassembly-feature", 1) + self.assert_packet_counter_equal("ip4-full-reassembly-feature", 1) # TODO remove above, uncomment below once clearing of counters # is supported # self.assert_packet_counter_equal( - # "/err/ip4-reassembly-feature/malformed packets", 1) + # "/err/ip4-full-reassembly-feature/malformed packets", 1) + + def test_random(self): + """ random order reassembly """ + + fragments = list(self.fragments_200) + shuffle(fragments) + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.packet_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + # run it all again to verify correctness + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.packet_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() - @parameterized.expand([(IP, None)]) - def test_duplicates(self, family, stream): + def test_duplicates(self): """ duplicate fragments """ + fragments = [ - # IPv4 uses 4 fields in pkt_infos, IPv6 uses 3. x for (_, frags, _, _) in self.pkt_infos for x in frags for _ in range(0, min(2, len(frags))) ] - super(TestIPv4Reassembly, self).test_duplicates(family, fragments) + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() def test_overlap1(self): """ overlapping fragments case #1 """ @@ -417,7 +388,7 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): self.pg_start() packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(IP, packets) + self.verify_capture(packets) self.src_if.assert_nothing_captured() # run it all to verify correctness @@ -426,7 +397,7 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): self.pg_start() packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(IP, packets) + self.verify_capture(packets) self.src_if.assert_nothing_captured() def test_overlap2(self): @@ -442,17 +413,17 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): # new reassemblies will be started and packet generator will # freak out when it detects unfreed buffers zipped = zip(frags_300, frags_200) - for i, j in zipped[:-1]: + for i, j in zipped: fragments.extend(i) fragments.extend(j) - fragments.append(zipped[-1][0]) + fragments.pop() self.pg_enable_capture() self.src_if.add_stream(fragments) self.pg_start() packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(IP, packets) + self.verify_capture(packets) self.src_if.assert_nothing_captured() # run it all to verify correctness @@ -461,21 +432,28 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): self.pg_start() packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(IP, packets) + self.verify_capture(packets) self.src_if.assert_nothing_captured() - @parameterized.expand([(IP, None, None)]) - def test_timeout_inline(self, family, stream, dropped_packet_indexes): + def test_timeout_inline(self): """ timeout (inline) """ - stream = self.fragments_400 dropped_packet_indexes = set( index for (index, frags, _, _) in self.pkt_infos if len(frags) > 1 ) - super(TestIPv4Reassembly, self).test_timeout_inline( - family, stream, dropped_packet_indexes) - self.src_if.assert_nothing_captured() + self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, + max_reassembly_length=3, + expire_walk_interval_ms=10000) + + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400) + self.pg_start() + + packets = self.dst_if.get_capture( + len(self.pkt_infos) - len(dropped_packet_indexes)) + self.verify_capture(packets, dropped_packet_indexes) + self.src_if.assert_nothing_captured() def test_timeout_cleanup(self): """ timeout (cleanup) """ @@ -496,35 +474,496 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): if len(frags_400) > 1) self.vapi.ip_reassembly_set(timeout_ms=100, max_reassemblies=1000, + max_reassembly_length=1000, expire_walk_interval_ms=50) self.pg_enable_capture() self.src_if.add_stream(fragments) self.pg_start() - self.sleep(.25, "wait before sending rest of fragments") + self.virtual_sleep(.25, "wait before sending rest of fragments") self.src_if.add_stream(fragments2) self.pg_start() packets = self.dst_if.get_capture( len(self.pkt_infos) - len(dropped_packet_indexes)) - self.verify_capture(IP, packets, dropped_packet_indexes) + self.verify_capture(packets, dropped_packet_indexes) self.src_if.assert_nothing_captured() - @parameterized.expand([(IP, None, None)]) - def test_disabled(self, family, stream, dropped_packet_indexes): + def test_disabled(self): """ reassembly disabled """ - stream = self.__class__.fragments_400 dropped_packet_indexes = set( index for (index, frags_400, _, _) in self.pkt_infos if len(frags_400) > 1) - super(TestIPv4Reassembly, self).test_disabled( - family, stream, dropped_packet_indexes) + self.vapi.ip_reassembly_set(timeout_ms=1000, max_reassemblies=0, + max_reassembly_length=3, + expire_walk_interval_ms=10000) + + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400) + self.pg_start() + + packets = self.dst_if.get_capture( + len(self.pkt_infos) - len(dropped_packet_indexes)) + self.verify_capture(packets, dropped_packet_indexes) + self.src_if.assert_nothing_captured() + + +class TestIPv4SVReassembly(VppTestCase): + """ IPv4 Shallow Virtual Reassembly """ + + @classmethod + def setUpClass(cls): + super(TestIPv4SVReassembly, cls).setUpClass() + + cls.create_pg_interfaces([0, 1]) + cls.src_if = cls.pg0 + cls.dst_if = cls.pg1 + + # setup all interfaces + for i in cls.pg_interfaces: + i.admin_up() + i.config_ip4() + i.resolve_arp() + + def setUp(self): + """ Test setup - force timeout on existing reassemblies """ + super(TestIPv4SVReassembly, self).setUp() + self.vapi.ip_reassembly_enable_disable( + sw_if_index=self.src_if.sw_if_index, enable_ip4=True, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL) + self.vapi.ip_reassembly_set( + timeout_ms=0, max_reassemblies=1000, + max_reassembly_length=1000, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + expire_walk_interval_ms=10) + self.virtual_sleep(.25) + self.vapi.ip_reassembly_set( + timeout_ms=1000000, max_reassemblies=1000, + max_reassembly_length=1000, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + expire_walk_interval_ms=10000) + + def tearDown(self): + super(TestIPv4SVReassembly, self).tearDown() + self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + + def test_basic(self): + """ basic reassembly """ + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / + IP(id=1, src=self.src_if.remote_ip4, + dst=self.dst_if.remote_ip4) / + UDP(sport=1234, dport=5678) / + Raw(payload)) + fragments = fragment_rfc791(p, payload_len/4) + + # send fragment #2 - should be cached inside reassembly + self.pg_enable_capture() + self.src_if.add_stream(fragments[1]) + self.pg_start() + self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + self.dst_if.assert_nothing_captured() + + # send fragment #1 - reassembly is finished now and both fragments + # forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[0]) + self.pg_start() + self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + c = self.dst_if.get_capture(2) + for sent, recvd in zip([fragments[1], fragments[0]], c): + self.assertEqual(sent[IP].src, recvd[IP].src) + self.assertEqual(sent[IP].dst, recvd[IP].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + # send rest of fragments - should be immediately forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[2:]) + self.pg_start() + c = self.dst_if.get_capture(len(fragments[2:])) + for sent, recvd in zip(fragments[2:], c): + self.assertEqual(sent[IP].src, recvd[IP].src) + self.assertEqual(sent[IP].dst, recvd[IP].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + def test_verify_clear_trace_mid_reassembly(self): + """ verify clear trace works mid-reassembly """ + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / + IP(id=1, src=self.src_if.remote_ip4, + dst=self.dst_if.remote_ip4) / + UDP(sport=1234, dport=5678) / + Raw(payload)) + fragments = fragment_rfc791(p, payload_len/4) + + self.pg_enable_capture() + self.src_if.add_stream(fragments[1]) + self.pg_start() + + self.logger.debug(self.vapi.cli("show trace")) + self.vapi.cli("clear trace") + + self.pg_enable_capture() + self.src_if.add_stream(fragments[0]) + self.pg_start() + self.dst_if.get_capture(2) + + self.logger.debug(self.vapi.cli("show trace")) + self.vapi.cli("clear trace") -class TestIPv6Reassembly(TestIPReassemblyMixin, VppTestCase): + self.pg_enable_capture() + self.src_if.add_stream(fragments[2:]) + self.pg_start() + self.dst_if.get_capture(len(fragments[2:])) + + def test_timeout(self): + """ reassembly timeout """ + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / + IP(id=1, src=self.src_if.remote_ip4, + dst=self.dst_if.remote_ip4) / + UDP(sport=1234, dport=5678) / + Raw(payload)) + fragments = fragment_rfc791(p, payload_len/4) + + self.vapi.ip_reassembly_set( + timeout_ms=100, max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=50, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL) + + # send fragments #2 and #1 - should be forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[0:2]) + self.pg_start() + self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + c = self.dst_if.get_capture(2) + for sent, recvd in zip([fragments[1], fragments[0]], c): + self.assertEqual(sent[IP].src, recvd[IP].src) + self.assertEqual(sent[IP].dst, recvd[IP].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + # wait for cleanup + self.virtual_sleep(.25, "wait before sending rest of fragments") + + # send rest of fragments - shouldn't be forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[2:]) + self.pg_start() + self.dst_if.assert_nothing_captured() + + def test_lru(self): + """ reassembly reuses LRU element """ + + self.vapi.ip_reassembly_set( + timeout_ms=1000000, max_reassemblies=1, + max_reassembly_length=1000, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + expire_walk_interval_ms=10000) + + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + packet_count = 10 + + fragments = [f + for i in range(packet_count) + for p in (Ether(dst=self.src_if.local_mac, + src=self.src_if.remote_mac) / + IP(id=i, src=self.src_if.remote_ip4, + dst=self.dst_if.remote_ip4) / + UDP(sport=1234, dport=5678) / + Raw(payload)) + for f in fragment_rfc791(p, payload_len/4)] + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + c = self.dst_if.get_capture(len(fragments)) + for sent, recvd in zip(fragments, c): + self.assertEqual(sent[IP].src, recvd[IP].src) + self.assertEqual(sent[IP].dst, recvd[IP].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + def send_mixed_and_verify_capture(self, traffic): + stream = [] + for t in traffic: + for c in range(t['count']): + stream.append( + (Ether(dst=self.src_if.local_mac, + src=self.src_if.remote_mac) / + IP(id=self.counter, + flags=t['flags'], + src=self.src_if.remote_ip4, + dst=self.dst_if.remote_ip4) / + UDP(sport=1234, dport=5678) / + Raw("abcdef"))) + self.counter = self.counter + 1 + + self.pg_enable_capture() + self.src_if.add_stream(stream) + self.pg_start() + self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + self.dst_if.get_capture(len(stream)) + + def test_mixed(self): + """ mixed traffic correctly passes through SVR """ + self.counter = 1 + + self.send_mixed_and_verify_capture([{'count': 1, 'flags': ''}]) + self.send_mixed_and_verify_capture([{'count': 2, 'flags': ''}]) + self.send_mixed_and_verify_capture([{'count': 3, 'flags': ''}]) + self.send_mixed_and_verify_capture([{'count': 8, 'flags': ''}]) + self.send_mixed_and_verify_capture([{'count': 257, 'flags': ''}]) + + self.send_mixed_and_verify_capture([{'count': 1, 'flags': 'MF'}]) + self.send_mixed_and_verify_capture([{'count': 2, 'flags': 'MF'}]) + self.send_mixed_and_verify_capture([{'count': 3, 'flags': 'MF'}]) + self.send_mixed_and_verify_capture([{'count': 8, 'flags': 'MF'}]) + self.send_mixed_and_verify_capture([{'count': 257, 'flags': 'MF'}]) + + self.send_mixed_and_verify_capture( + [{'count': 1, 'flags': ''}, {'count': 1, 'flags': 'MF'}]) + self.send_mixed_and_verify_capture( + [{'count': 2, 'flags': ''}, {'count': 2, 'flags': 'MF'}]) + self.send_mixed_and_verify_capture( + [{'count': 3, 'flags': ''}, {'count': 3, 'flags': 'MF'}]) + self.send_mixed_and_verify_capture( + [{'count': 8, 'flags': ''}, {'count': 8, 'flags': 'MF'}]) + self.send_mixed_and_verify_capture( + [{'count': 129, 'flags': ''}, {'count': 129, 'flags': 'MF'}]) + + self.send_mixed_and_verify_capture( + [{'count': 1, 'flags': ''}, {'count': 1, 'flags': 'MF'}, + {'count': 1, 'flags': ''}, {'count': 1, 'flags': 'MF'}]) + self.send_mixed_and_verify_capture( + [{'count': 2, 'flags': ''}, {'count': 2, 'flags': 'MF'}, + {'count': 2, 'flags': ''}, {'count': 2, 'flags': 'MF'}]) + self.send_mixed_and_verify_capture( + [{'count': 3, 'flags': ''}, {'count': 3, 'flags': 'MF'}, + {'count': 3, 'flags': ''}, {'count': 3, 'flags': 'MF'}]) + self.send_mixed_and_verify_capture( + [{'count': 8, 'flags': ''}, {'count': 8, 'flags': 'MF'}, + {'count': 8, 'flags': ''}, {'count': 8, 'flags': 'MF'}]) + self.send_mixed_and_verify_capture( + [{'count': 65, 'flags': ''}, {'count': 65, 'flags': 'MF'}, + {'count': 65, 'flags': ''}, {'count': 65, 'flags': 'MF'}]) + + +class TestIPv4MWReassembly(VppTestCase): + """ IPv4 Reassembly (multiple workers) """ + vpp_worker_count = 3 + + @classmethod + def setUpClass(cls): + super(TestIPv4MWReassembly, cls).setUpClass() + + cls.create_pg_interfaces(range(cls.vpp_worker_count+1)) + cls.src_if = cls.pg0 + cls.send_ifs = cls.pg_interfaces[:-1] + cls.dst_if = cls.pg_interfaces[-1] + + # setup all interfaces + for i in cls.pg_interfaces: + i.admin_up() + i.config_ip4() + i.resolve_arp() + + # packets sizes reduced here because we are generating packets without + # Ethernet headers, which are added later (diff fragments go via + # different interfaces) + cls.packet_sizes = [64-len(Ether()), 512-len(Ether()), + 1518-len(Ether()), 9018-len(Ether())] + cls.padding = " abcdefghijklmn" + cls.create_stream(cls.packet_sizes) + cls.create_fragments() + + @classmethod + def tearDownClass(cls): + super(TestIPv4MWReassembly, cls).tearDownClass() + + def setUp(self): + """ Test setup - force timeout on existing reassemblies """ + super(TestIPv4MWReassembly, self).setUp() + for intf in self.send_ifs: + self.vapi.ip_reassembly_enable_disable( + sw_if_index=intf.sw_if_index, enable_ip4=True) + self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10) + self.virtual_sleep(.25) + self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10000) + + def tearDown(self): + super(TestIPv4MWReassembly, self).tearDown() + + def show_commands_at_teardown(self): + self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + + @classmethod + def create_stream(cls, packet_sizes, packet_count=test_packet_count): + """Create input packet stream + + :param list packet_sizes: Required packet sizes. + """ + for i in range(0, packet_count): + info = cls.create_packet_info(cls.src_if, cls.src_if) + payload = cls.info_to_payload(info) + p = (IP(id=info.index, src=cls.src_if.remote_ip4, + dst=cls.dst_if.remote_ip4) / + UDP(sport=1234, dport=5678) / + Raw(payload)) + size = packet_sizes[(i // 2) % len(packet_sizes)] + cls.extend_packet(p, size, cls.padding) + info.data = p + + @classmethod + def create_fragments(cls): + infos = cls._packet_infos + cls.pkt_infos = [] + for index, info in infos.items(): + p = info.data + # cls.logger.debug(ppp("Packet:", + # p.__class__(scapy.compat.raw(p)))) + fragments_400 = fragment_rfc791(p, 400) + cls.pkt_infos.append((index, fragments_400)) + cls.fragments_400 = [ + x for (_, frags) in cls.pkt_infos for x in frags] + cls.logger.debug("Fragmented %s packets into %s 400-byte fragments, " % + (len(infos), len(cls.fragments_400))) + + def verify_capture(self, capture, dropped_packet_indexes=[]): + """Verify captured packet stream. + + :param list capture: Captured packet stream. + """ + info = None + seen = set() + for packet in capture: + try: + self.logger.debug(ppp("Got packet:", packet)) + ip = packet[IP] + udp = packet[UDP] + payload_info = self.payload_to_info(packet[Raw]) + packet_index = payload_info.index + self.assertTrue( + packet_index not in dropped_packet_indexes, + ppp("Packet received, but should be dropped:", packet)) + if packet_index in seen: + raise Exception(ppp("Duplicate packet received", packet)) + seen.add(packet_index) + self.assertEqual(payload_info.dst, self.src_if.sw_if_index) + info = self._packet_infos[packet_index] + self.assertTrue(info is not None) + self.assertEqual(packet_index, info.index) + saved_packet = info.data + self.assertEqual(ip.src, saved_packet[IP].src) + self.assertEqual(ip.dst, saved_packet[IP].dst) + self.assertEqual(udp.payload, saved_packet[UDP].payload) + except Exception: + self.logger.error(ppp("Unexpected or invalid packet:", packet)) + raise + for index in self._packet_infos: + self.assertTrue(index in seen or index in dropped_packet_indexes, + "Packet with packet_index %d not received" % index) + + def send_packets(self, packets): + for counter in range(self.vpp_worker_count): + if 0 == len(packets[counter]): + continue + send_if = self.send_ifs[counter] + send_if.add_stream( + (Ether(dst=send_if.local_mac, src=send_if.remote_mac) / x + for x in packets[counter]), + worker=counter) + self.pg_start() + + def test_worker_conflict(self): + """ 1st and FO=0 fragments on different workers """ + + # in first wave we send fragments which don't start at offset 0 + # then we send fragments with offset 0 on a different thread + # then the rest of packets on a random thread + first_packets = [[] for n in range(self.vpp_worker_count)] + second_packets = [[] for n in range(self.vpp_worker_count)] + rest_of_packets = [[] for n in range(self.vpp_worker_count)] + for (_, p) in self.pkt_infos: + wi = randrange(self.vpp_worker_count) + second_packets[wi].append(p[0]) + if len(p) <= 1: + continue + wi2 = wi + while wi2 == wi: + wi2 = randrange(self.vpp_worker_count) + first_packets[wi2].append(p[1]) + wi3 = randrange(self.vpp_worker_count) + rest_of_packets[wi3].extend(p[2:]) + + self.pg_enable_capture() + self.send_packets(first_packets) + self.send_packets(second_packets) + self.send_packets(rest_of_packets) + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + for send_if in self.send_ifs: + send_if.assert_nothing_captured() + + self.logger.debug(self.vapi.ppcli("show trace")) + self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.vapi.cli("clear trace") + + self.pg_enable_capture() + self.send_packets(first_packets) + self.send_packets(second_packets) + self.send_packets(rest_of_packets) + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + for send_if in self.send_ifs: + send_if.assert_nothing_captured() + + +class TestIPv6Reassembly(VppTestCase): """ IPv6 Reassembly """ @classmethod @@ -547,22 +986,30 @@ class TestIPv6Reassembly(TestIPReassemblyMixin, VppTestCase): cls.create_stream(cls.packet_sizes) cls.create_fragments() + @classmethod + def tearDownClass(cls): + super(TestIPv6Reassembly, cls).tearDownClass() + def setUp(self): """ Test setup - force timeout on existing reassemblies """ super(TestIPv6Reassembly, self).setUp() self.vapi.ip_reassembly_enable_disable( sw_if_index=self.src_if.sw_if_index, enable_ip6=True) self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, + max_reassembly_length=1000, expire_walk_interval_ms=10, is_ip6=1) - self.sleep(.25) + self.virtual_sleep(.25) self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000, + max_reassembly_length=1000, expire_walk_interval_ms=10000, is_ip6=1) - self.logger.debug(self.vapi.ppcli("show ip6-reassembly details")) + self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details")) self.logger.debug(self.vapi.ppcli("show buffers")) def tearDown(self): super(TestIPv6Reassembly, self).tearDown() - self.logger.debug(self.vapi.ppcli("show ip6-reassembly details")) + + def show_commands_at_teardown(self): + self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details")) self.logger.debug(self.vapi.ppcli("show buffers")) @classmethod @@ -587,9 +1034,10 @@ class TestIPv6Reassembly(TestIPReassemblyMixin, VppTestCase): def create_fragments(cls): infos = cls._packet_infos cls.pkt_infos = [] - for index, info in six.iteritems(infos): + for index, info in infos.items(): p = info.data - # cls.logger.debug(ppp("Packet:", p.__class__(str(p)))) + # cls.logger.debug(ppp("Packet:", + # p.__class__(scapy.compat.raw(p)))) fragments_400 = fragment_rfc8200(p, info.index, 400) fragments_300 = fragment_rfc8200(p, info.index, 300) cls.pkt_infos.append((index, fragments_400, fragments_300)) @@ -602,38 +1050,184 @@ class TestIPv6Reassembly(TestIPReassemblyMixin, VppTestCase): (len(infos), len(cls.fragments_400), len(cls.fragments_300))) - @parameterized.expand([(IPv6, None)]) - def test_reassembly(self, family, stream): - """ basic reassembly """ - stream = self.__class__.fragments_400 - super(TestIPv6Reassembly, self).test_reassembly(family, stream) + def verify_capture(self, capture, dropped_packet_indexes=[]): + """Verify captured packet strea . + + :param list capture: Captured packet stream. + """ + info = None + seen = set() + for packet in capture: + try: + self.logger.debug(ppp("Got packet:", packet)) + ip = packet[IPv6] + udp = packet[UDP] + payload_info = self.payload_to_info(packet[Raw]) + packet_index = payload_info.index + self.assertTrue( + packet_index not in dropped_packet_indexes, + ppp("Packet received, but should be dropped:", packet)) + if packet_index in seen: + raise Exception(ppp("Duplicate packet received", packet)) + seen.add(packet_index) + self.assertEqual(payload_info.dst, self.src_if.sw_if_index) + info = self._packet_infos[packet_index] + self.assertTrue(info is not None) + self.assertEqual(packet_index, info.index) + saved_packet = info.data + self.assertEqual(ip.src, saved_packet[IPv6].src) + self.assertEqual(ip.dst, saved_packet[IPv6].dst) + self.assertEqual(udp.payload, saved_packet[UDP].payload) + except Exception: + self.logger.error(ppp("Unexpected or invalid packet:", packet)) + raise + for index in self._packet_infos: + self.assertTrue(index in seen or index in dropped_packet_indexes, + "Packet with packet_index %d not received" % index) + + def test_reassembly(self): + """ basic reassembly """ + + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + # run it all again to verify correctness + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + def test_buffer_boundary(self): + """ fragment header crossing buffer boundary """ + + p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / + IPv6(src=self.src_if.remote_ip6, + dst=self.src_if.local_ip6) / + IPv6ExtHdrHopByHop( + options=[HBHOptUnknown(otype=0xff, optlen=0)] * 1000) / + IPv6ExtHdrFragment(m=1) / + UDP(sport=1234, dport=5678) / + Raw()) + self.pg_enable_capture() + self.src_if.add_stream([p]) + self.pg_start() + self.src_if.assert_nothing_captured() + self.dst_if.assert_nothing_captured() + + def test_verify_clear_trace_mid_reassembly(self): + """ verify clear trace works mid-reassembly """ + + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400[0:-1]) + self.pg_start() + + self.logger.debug(self.vapi.cli("show trace")) + self.vapi.cli("clear trace") + + self.src_if.add_stream(self.fragments_400[-1]) + self.pg_start() + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + + def test_reversed(self): + """ reverse order reassembly """ + + fragments = list(self.fragments_400) + fragments.reverse() + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() - @parameterized.expand([(IPv6, None)]) - def test_reversed(self, family, stream): - """ reverse order reassembly """ - stream = self.__class__.fragments_400 - super(TestIPv6Reassembly, self).test_reversed(family, stream) + # run it all again to verify correctness + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() - @parameterized.expand([(IPv6, None)]) - def test_random(self, family, stream): + def test_random(self): """ random order reassembly """ - stream = self.__class__.fragments_400 - super(TestIPv6Reassembly, self).test_random(family, stream) - @parameterized.expand([(IPv6, None)]) - def test_duplicates(self, family, stream): + fragments = list(self.fragments_400) + shuffle(fragments) + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + # run it all again to verify correctness + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + def test_duplicates(self): """ duplicate fragments """ fragments = [ - # IPv4 uses 4 fields in pkt_infos, IPv6 uses 3. x for (_, frags, _) in self.pkt_infos for x in frags for _ in range(0, min(2, len(frags))) ] - super(TestIPv6Reassembly, self).test_duplicates(family, fragments) + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + def test_long_fragment_chain(self): + """ long fragment chain """ + + error_cnt_str = \ + "/err/ip6-full-reassembly-feature/fragment chain too long (drop)" + + error_cnt = self.statistics.get_err_counter(error_cnt_str) + + self.vapi.ip_reassembly_set(timeout_ms=100, max_reassemblies=1000, + max_reassembly_length=3, + expire_walk_interval_ms=50, is_ip6=1) + + p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / + IPv6(src=self.src_if.remote_ip6, + dst=self.dst_if.remote_ip6) / + UDP(sport=1234, dport=5678) / + Raw(b"X" * 1000)) + frags = fragment_rfc8200(p, 1, 300) + fragment_rfc8200(p, 2, 500) + + self.pg_enable_capture() + self.src_if.add_stream(frags) + self.pg_start() + + self.dst_if.get_capture(1) + self.assert_error_counter_equal(error_cnt_str, error_cnt + 1) def test_overlap1(self): - """ overlapping fragments case #1 (differs from IP test case)""" + """ overlapping fragments case #1 """ fragments = [] for _, frags_400, frags_300 in self.pkt_infos: @@ -654,11 +1248,11 @@ class TestIPv6Reassembly(TestIPReassemblyMixin, VppTestCase): packets = self.dst_if.get_capture( len(self.pkt_infos) - len(dropped_packet_indexes)) - self.verify_capture(IPv6, packets, dropped_packet_indexes) + self.verify_capture(packets, dropped_packet_indexes) self.src_if.assert_nothing_captured() def test_overlap2(self): - """ overlapping fragments case #2 (differs from IP test case)""" + """ overlapping fragments case #2 """ fragments = [] for _, frags_400, frags_300 in self.pkt_infos: @@ -670,10 +1264,10 @@ class TestIPv6Reassembly(TestIPReassemblyMixin, VppTestCase): # new reassemblies will be started and packet generator will # freak out when it detects unfreed buffers zipped = zip(frags_400, frags_300) - for i, j in zipped[:-1]: + for i, j in zipped: fragments.extend(i) fragments.extend(j) - fragments.append(zipped[-1][0]) + fragments.pop() dropped_packet_indexes = set( index for (index, _, frags) in self.pkt_infos if len(frags) > 1 @@ -685,20 +1279,27 @@ class TestIPv6Reassembly(TestIPReassemblyMixin, VppTestCase): packets = self.dst_if.get_capture( len(self.pkt_infos) - len(dropped_packet_indexes)) - self.verify_capture(IPv6, packets, dropped_packet_indexes) + self.verify_capture(packets, dropped_packet_indexes) self.src_if.assert_nothing_captured() - @parameterized.expand([(IPv6, None, None)]) - def test_timeout_inline(self, family, stream, dropped_packets_index): + def test_timeout_inline(self): """ timeout (inline) """ - stream = self.__class__.fragments_400 dropped_packet_indexes = set( index for (index, frags, _) in self.pkt_infos if len(frags) > 1 ) - super(TestIPv6Reassembly, self).test_timeout_inline( - family, stream, dropped_packet_indexes) + self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, + max_reassembly_length=3, + expire_walk_interval_ms=10000, is_ip6=1) + + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400) + self.pg_start() + + packets = self.dst_if.get_capture( + len(self.pkt_infos) - len(dropped_packet_indexes)) + self.verify_capture(packets, dropped_packet_indexes) pkts = self.src_if.get_capture( expected_count=len(dropped_packet_indexes)) for icmp in pkts: @@ -726,23 +1327,25 @@ class TestIPv6Reassembly(TestIPReassemblyMixin, VppTestCase): if len(frags_400) > 1) self.vapi.ip_reassembly_set(timeout_ms=100, max_reassemblies=1000, + max_reassembly_length=1000, expire_walk_interval_ms=50) self.vapi.ip_reassembly_set(timeout_ms=100, max_reassemblies=1000, + max_reassembly_length=1000, expire_walk_interval_ms=50, is_ip6=1) self.pg_enable_capture() self.src_if.add_stream(fragments) self.pg_start() - self.sleep(.25, "wait before sending rest of fragments") + self.virtual_sleep(.25, "wait before sending rest of fragments") self.src_if.add_stream(fragments2) self.pg_start() packets = self.dst_if.get_capture( len(self.pkt_infos) - len(dropped_packet_indexes)) - self.verify_capture(IPv6, packets, dropped_packet_indexes) + self.verify_capture(packets, dropped_packet_indexes) pkts = self.src_if.get_capture( expected_count=len(dropped_packet_indexes)) for icmp in pkts: @@ -751,32 +1354,38 @@ class TestIPv6Reassembly(TestIPReassemblyMixin, VppTestCase): self.assertIn(icmp[IPv6ExtHdrFragment].id, dropped_packet_indexes) dropped_packet_indexes.remove(icmp[IPv6ExtHdrFragment].id) - @parameterized.expand([(IPv6, None, None)]) - def test_disabled(self, family, stream, dropped_packet_indexes): + def test_disabled(self): """ reassembly disabled """ - stream = self.__class__.fragments_400 dropped_packet_indexes = set( index for (index, frags_400, _) in self.pkt_infos if len(frags_400) > 1) - super(TestIPv6Reassembly, self).test_disabled( - family, stream, dropped_packet_indexes) + + self.vapi.ip_reassembly_set(timeout_ms=1000, max_reassemblies=0, + max_reassembly_length=3, + expire_walk_interval_ms=10000, is_ip6=1) + + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400) + self.pg_start() + + packets = self.dst_if.get_capture( + len(self.pkt_infos) - len(dropped_packet_indexes)) + self.verify_capture(packets, dropped_packet_indexes) self.src_if.assert_nothing_captured() def test_missing_upper(self): """ missing upper layer """ + optdata = '\x00' * 100 p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / IPv6(src=self.src_if.remote_ip6, dst=self.src_if.local_ip6) / - UDP(sport=1234, dport=5678) / - Raw()) - self.extend_packet(p, 1000, self.padding) - fragments = fragment_rfc8200(p, 1, 500) - bad_fragment = p.__class__(str(fragments[1])) - bad_fragment[IPv6ExtHdrFragment].nh = 59 - bad_fragment[IPv6ExtHdrFragment].offset = 0 + IPv6ExtHdrFragment(m=1) / + IPv6ExtHdrDestOpt(nh=17, options=PadN(optdata='\101' * 255) / + PadN(optdata='\102'*255))) + self.pg_enable_capture() - self.src_if.add_stream([bad_fragment]) + self.src_if.add_stream([p]) self.pg_start() pkts = self.src_if.get_capture(expected_count=1) icmp = pkts[0] @@ -821,6 +1430,493 @@ class TestIPv6Reassembly(TestIPReassemblyMixin, VppTestCase): self.assertIn(ICMPv6ParamProblem, icmp) self.assert_equal(icmp[ICMPv6ParamProblem].code, 0, "ICMP code") + def test_atomic_fragment(self): + """ IPv6 atomic fragment """ + pkt = (Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) / + IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6, + nh=44, plen=65535) / + IPv6ExtHdrFragment(offset=8191, m=1, res1=0xFF, res2=0xFF, + nh=255, id=0xffff)/('X'*1452)) + + rx = self.send_and_expect(self.pg0, [pkt], self.pg0) + self.assertIn(ICMPv6ParamProblem, rx[0]) + + def test_truncated_fragment(self): + """ IPv6 truncated fragment header """ + pkt = (Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) / + IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6, + nh=44, plen=2) / + IPv6ExtHdrFragment(nh=6)) + + self.send_and_assert_no_replies(self.pg0, [pkt]) + + pkt = (Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) / + IPv6(src=self.pg0.remote_ip6, dst=self.pg0.remote_ip6) / + ICMPv6EchoRequest()) + rx = self.send_and_expect(self.pg0, [pkt], self.pg0) + + def test_one_fragment(self): + """ whole packet in one fragment processed independently """ + pkt = (Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) / + IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) / + ICMPv6EchoRequest()/Raw('X' * 1600)) + frags = fragment_rfc8200(pkt, 1, 400) + + # send a fragment with known id + self.send_and_assert_no_replies(self.pg0, [frags[0]]) + + # send an atomic fragment with same id - should be reassembled + pkt = (Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) / + IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) / + IPv6ExtHdrFragment(id=1)/ICMPv6EchoRequest()) + rx = self.send_and_expect(self.pg0, [pkt], self.pg0) + self.assertNotIn(IPv6ExtHdrFragment, rx) + + # now finish the original reassembly, this should still be possible + rx = self.send_and_expect(self.pg0, frags[1:], self.pg0, n_rx=1) + self.assertNotIn(IPv6ExtHdrFragment, rx) + + def test_bunch_of_fragments(self): + """ valid fragments followed by rogue fragments and atomic fragment""" + pkt = (Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) / + IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) / + ICMPv6EchoRequest()/Raw('X' * 1600)) + frags = fragment_rfc8200(pkt, 1, 400) + self.send_and_expect(self.pg0, frags, self.pg0, n_rx=1) + + inc_frag = (Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) / + IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) / + IPv6ExtHdrFragment(id=1, nh=58, offset=608)/Raw('X'*308)) + + self.send_and_assert_no_replies(self.pg0, inc_frag*604) + + pkt = (Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) / + IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) / + IPv6ExtHdrFragment(id=1)/ICMPv6EchoRequest()) + rx = self.send_and_expect(self.pg0, [pkt], self.pg0) + self.assertNotIn(IPv6ExtHdrFragment, rx) + + +class TestIPv6MWReassembly(VppTestCase): + """ IPv6 Reassembly (multiple workers) """ + vpp_worker_count = 3 + + @classmethod + def setUpClass(cls): + super(TestIPv6MWReassembly, cls).setUpClass() + + cls.create_pg_interfaces(range(cls.vpp_worker_count+1)) + cls.src_if = cls.pg0 + cls.send_ifs = cls.pg_interfaces[:-1] + cls.dst_if = cls.pg_interfaces[-1] + + # setup all interfaces + for i in cls.pg_interfaces: + i.admin_up() + i.config_ip6() + i.resolve_ndp() + + # packets sizes reduced here because we are generating packets without + # Ethernet headers, which are added later (diff fragments go via + # different interfaces) + cls.packet_sizes = [64-len(Ether()), 512-len(Ether()), + 1518-len(Ether()), 9018-len(Ether())] + cls.padding = " abcdefghijklmn" + cls.create_stream(cls.packet_sizes) + cls.create_fragments() + + @classmethod + def tearDownClass(cls): + super(TestIPv6MWReassembly, cls).tearDownClass() + + def setUp(self): + """ Test setup - force timeout on existing reassemblies """ + super(TestIPv6MWReassembly, self).setUp() + for intf in self.send_ifs: + self.vapi.ip_reassembly_enable_disable( + sw_if_index=intf.sw_if_index, enable_ip6=True) + self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10, is_ip6=1) + self.virtual_sleep(.25) + self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=1000, is_ip6=1) + + def tearDown(self): + super(TestIPv6MWReassembly, self).tearDown() + + def show_commands_at_teardown(self): + self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + + @classmethod + def create_stream(cls, packet_sizes, packet_count=test_packet_count): + """Create input packet stream + + :param list packet_sizes: Required packet sizes. + """ + for i in range(0, packet_count): + info = cls.create_packet_info(cls.src_if, cls.src_if) + payload = cls.info_to_payload(info) + p = (IPv6(src=cls.src_if.remote_ip6, + dst=cls.dst_if.remote_ip6) / + UDP(sport=1234, dport=5678) / + Raw(payload)) + size = packet_sizes[(i // 2) % len(packet_sizes)] + cls.extend_packet(p, size, cls.padding) + info.data = p + + @classmethod + def create_fragments(cls): + infos = cls._packet_infos + cls.pkt_infos = [] + for index, info in infos.items(): + p = info.data + # cls.logger.debug(ppp("Packet:", + # p.__class__(scapy.compat.raw(p)))) + fragments_400 = fragment_rfc8200(p, index, 400) + cls.pkt_infos.append((index, fragments_400)) + cls.fragments_400 = [ + x for (_, frags) in cls.pkt_infos for x in frags] + cls.logger.debug("Fragmented %s packets into %s 400-byte fragments, " % + (len(infos), len(cls.fragments_400))) + + def verify_capture(self, capture, dropped_packet_indexes=[]): + """Verify captured packet strea . + + :param list capture: Captured packet stream. + """ + info = None + seen = set() + for packet in capture: + try: + self.logger.debug(ppp("Got packet:", packet)) + ip = packet[IPv6] + udp = packet[UDP] + payload_info = self.payload_to_info(packet[Raw]) + packet_index = payload_info.index + self.assertTrue( + packet_index not in dropped_packet_indexes, + ppp("Packet received, but should be dropped:", packet)) + if packet_index in seen: + raise Exception(ppp("Duplicate packet received", packet)) + seen.add(packet_index) + self.assertEqual(payload_info.dst, self.src_if.sw_if_index) + info = self._packet_infos[packet_index] + self.assertTrue(info is not None) + self.assertEqual(packet_index, info.index) + saved_packet = info.data + self.assertEqual(ip.src, saved_packet[IPv6].src) + self.assertEqual(ip.dst, saved_packet[IPv6].dst) + self.assertEqual(udp.payload, saved_packet[UDP].payload) + except Exception: + self.logger.error(ppp("Unexpected or invalid packet:", packet)) + raise + for index in self._packet_infos: + self.assertTrue(index in seen or index in dropped_packet_indexes, + "Packet with packet_index %d not received" % index) + + def send_packets(self, packets): + for counter in range(self.vpp_worker_count): + if 0 == len(packets[counter]): + continue + send_if = self.send_ifs[counter] + send_if.add_stream( + (Ether(dst=send_if.local_mac, src=send_if.remote_mac) / x + for x in packets[counter]), + worker=counter) + self.pg_start() + + def test_worker_conflict(self): + """ 1st and FO=0 fragments on different workers """ + + # in first wave we send fragments which don't start at offset 0 + # then we send fragments with offset 0 on a different thread + # then the rest of packets on a random thread + first_packets = [[] for n in range(self.vpp_worker_count)] + second_packets = [[] for n in range(self.vpp_worker_count)] + rest_of_packets = [[] for n in range(self.vpp_worker_count)] + for (_, p) in self.pkt_infos: + wi = randrange(self.vpp_worker_count) + second_packets[wi].append(p[0]) + if len(p) <= 1: + continue + wi2 = wi + while wi2 == wi: + wi2 = randrange(self.vpp_worker_count) + first_packets[wi2].append(p[1]) + wi3 = randrange(self.vpp_worker_count) + rest_of_packets[wi3].extend(p[2:]) + + self.pg_enable_capture() + self.send_packets(first_packets) + self.send_packets(second_packets) + self.send_packets(rest_of_packets) + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + for send_if in self.send_ifs: + send_if.assert_nothing_captured() + + self.logger.debug(self.vapi.ppcli("show trace")) + self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.vapi.cli("clear trace") + + self.pg_enable_capture() + self.send_packets(first_packets) + self.send_packets(second_packets) + self.send_packets(rest_of_packets) + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + for send_if in self.send_ifs: + send_if.assert_nothing_captured() + + +class TestIPv6SVReassembly(VppTestCase): + """ IPv6 Shallow Virtual Reassembly """ + + @classmethod + def setUpClass(cls): + super(TestIPv6SVReassembly, cls).setUpClass() + + cls.create_pg_interfaces([0, 1]) + cls.src_if = cls.pg0 + cls.dst_if = cls.pg1 + + # setup all interfaces + for i in cls.pg_interfaces: + i.admin_up() + i.config_ip6() + i.resolve_ndp() + + def setUp(self): + """ Test setup - force timeout on existing reassemblies """ + super(TestIPv6SVReassembly, self).setUp() + self.vapi.ip_reassembly_enable_disable( + sw_if_index=self.src_if.sw_if_index, enable_ip6=True, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL) + self.vapi.ip_reassembly_set( + timeout_ms=0, max_reassemblies=1000, + max_reassembly_length=1000, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + expire_walk_interval_ms=10, is_ip6=1) + self.virtual_sleep(.25) + self.vapi.ip_reassembly_set( + timeout_ms=1000000, max_reassemblies=1000, + max_reassembly_length=1000, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + expire_walk_interval_ms=10000, is_ip6=1) + + def tearDown(self): + super(TestIPv6SVReassembly, self).tearDown() + self.logger.debug(self.vapi.ppcli("show ip6-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + + def test_basic(self): + """ basic reassembly """ + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / + IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) / + UDP(sport=1234, dport=5678) / + Raw(payload)) + fragments = fragment_rfc8200(p, 1, payload_len/4) + + # send fragment #2 - should be cached inside reassembly + self.pg_enable_capture() + self.src_if.add_stream(fragments[1]) + self.pg_start() + self.logger.debug(self.vapi.ppcli("show ip6-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + self.dst_if.assert_nothing_captured() + + # send fragment #1 - reassembly is finished now and both fragments + # forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[0]) + self.pg_start() + self.logger.debug(self.vapi.ppcli("show ip6-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + c = self.dst_if.get_capture(2) + for sent, recvd in zip([fragments[1], fragments[0]], c): + self.assertEqual(sent[IPv6].src, recvd[IPv6].src) + self.assertEqual(sent[IPv6].dst, recvd[IPv6].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + # send rest of fragments - should be immediately forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[2:]) + self.pg_start() + c = self.dst_if.get_capture(len(fragments[2:])) + for sent, recvd in zip(fragments[2:], c): + self.assertEqual(sent[IPv6].src, recvd[IPv6].src) + self.assertEqual(sent[IPv6].dst, recvd[IPv6].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + def test_verify_clear_trace_mid_reassembly(self): + """ verify clear trace works mid-reassembly """ + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / + IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) / + UDP(sport=1234, dport=5678) / + Raw(payload)) + fragments = fragment_rfc8200(p, 1, payload_len/4) + + self.pg_enable_capture() + self.src_if.add_stream(fragments[1]) + self.pg_start() + + self.logger.debug(self.vapi.cli("show trace")) + self.vapi.cli("clear trace") + + self.pg_enable_capture() + self.src_if.add_stream(fragments[0]) + self.pg_start() + self.dst_if.get_capture(2) + + self.logger.debug(self.vapi.cli("show trace")) + self.vapi.cli("clear trace") + + self.pg_enable_capture() + self.src_if.add_stream(fragments[2:]) + self.pg_start() + self.dst_if.get_capture(len(fragments[2:])) + + def test_timeout(self): + """ reassembly timeout """ + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / + IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) / + UDP(sport=1234, dport=5678) / + Raw(payload)) + fragments = fragment_rfc8200(p, 1, payload_len/4) + + self.vapi.ip_reassembly_set( + timeout_ms=100, max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=50, + is_ip6=1, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL) + + # send fragments #2 and #1 - should be forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[0:2]) + self.pg_start() + self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + c = self.dst_if.get_capture(2) + for sent, recvd in zip([fragments[1], fragments[0]], c): + self.assertEqual(sent[IPv6].src, recvd[IPv6].src) + self.assertEqual(sent[IPv6].dst, recvd[IPv6].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + # wait for cleanup + self.virtual_sleep(.25, "wait before sending rest of fragments") + + # send rest of fragments - shouldn't be forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[2:]) + self.pg_start() + self.dst_if.assert_nothing_captured() + + def test_lru(self): + """ reassembly reuses LRU element """ + + self.vapi.ip_reassembly_set( + timeout_ms=1000000, max_reassemblies=1, + max_reassembly_length=1000, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + is_ip6=1, expire_walk_interval_ms=10000) + + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + packet_count = 10 + + fragments = [f + for i in range(packet_count) + for p in (Ether(dst=self.src_if.local_mac, + src=self.src_if.remote_mac) / + IPv6(src=self.src_if.remote_ip6, + dst=self.dst_if.remote_ip6) / + UDP(sport=1234, dport=5678) / + Raw(payload)) + for f in fragment_rfc8200(p, i, payload_len/4)] + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + c = self.dst_if.get_capture(len(fragments)) + for sent, recvd in zip(fragments, c): + self.assertEqual(sent[IPv6].src, recvd[IPv6].src) + self.assertEqual(sent[IPv6].dst, recvd[IPv6].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + def test_one_fragment(self): + """ whole packet in one fragment processed independently """ + pkt = (Ether(src=self.src_if.local_mac, dst=self.src_if.remote_mac) / + IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) / + ICMPv6EchoRequest()/Raw('X' * 1600)) + frags = fragment_rfc8200(pkt, 1, 400) + + # send a fragment with known id + self.send_and_expect(self.src_if, [frags[0]], self.dst_if) + + # send an atomic fragment with same id - should be reassembled + pkt = (Ether(src=self.src_if.local_mac, dst=self.src_if.remote_mac) / + IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) / + IPv6ExtHdrFragment(id=1)/ICMPv6EchoRequest()) + rx = self.send_and_expect(self.src_if, [pkt], self.dst_if) + + # now forward packets matching original reassembly, should still work + rx = self.send_and_expect(self.src_if, frags[1:], self.dst_if) + + def test_bunch_of_fragments(self): + """ valid fragments followed by rogue fragments and atomic fragment""" + pkt = (Ether(src=self.src_if.local_mac, dst=self.src_if.remote_mac) / + IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) / + ICMPv6EchoRequest()/Raw('X' * 1600)) + frags = fragment_rfc8200(pkt, 1, 400) + rx = self.send_and_expect(self.src_if, frags, self.dst_if) + + rogue = (Ether(src=self.src_if.local_mac, dst=self.src_if.remote_mac) / + IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) / + IPv6ExtHdrFragment(id=1, nh=58, offset=608)/Raw('X'*308)) + + self.send_and_expect(self.src_if, rogue*604, self.dst_if) + + pkt = (Ether(src=self.src_if.local_mac, dst=self.src_if.remote_mac) / + IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) / + IPv6ExtHdrFragment(id=1)/ICMPv6EchoRequest()) + rx = self.send_and_expect(self.src_if, [pkt], self.dst_if) + class TestIPv4ReassemblyLocalNode(VppTestCase): """ IPv4 Reassembly for packets coming to ip4-local node """ @@ -842,18 +1938,26 @@ class TestIPv4ReassemblyLocalNode(VppTestCase): cls.create_stream() cls.create_fragments() + @classmethod + def tearDownClass(cls): + super(TestIPv4ReassemblyLocalNode, cls).tearDownClass() + def setUp(self): """ Test setup - force timeout on existing reassemblies """ super(TestIPv4ReassemblyLocalNode, self).setUp() self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, + max_reassembly_length=1000, expire_walk_interval_ms=10) - self.sleep(.25) + self.virtual_sleep(.25) self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000, + max_reassembly_length=1000, expire_walk_interval_ms=10000) def tearDown(self): super(TestIPv4ReassemblyLocalNode, self).tearDown() - self.logger.debug(self.vapi.ppcli("show ip4-reassembly details")) + + def show_commands_at_teardown(self): + self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details")) self.logger.debug(self.vapi.ppcli("show buffers")) @classmethod @@ -878,9 +1982,10 @@ class TestIPv4ReassemblyLocalNode(VppTestCase): def create_fragments(cls): infos = cls._packet_infos cls.pkt_infos = [] - for index, info in six.iteritems(infos): + for index, info in infos.items(): p = info.data - # cls.logger.debug(ppp("Packet:", p.__class__(str(p)))) + # cls.logger.debug(ppp("Packet:", + # p.__class__(scapy.compat.raw(p)))) fragments_300 = fragment_rfc791(p, 300) cls.pkt_infos.append((index, fragments_300)) cls.fragments_300 = [x for (_, frags) in cls.pkt_infos for x in frags] @@ -899,7 +2004,7 @@ class TestIPv4ReassemblyLocalNode(VppTestCase): self.logger.debug(ppp("Got packet:", packet)) ip = packet[IP] icmp = packet[ICMP] - payload_info = self.payload_to_info(str(packet[Raw])) + payload_info = self.payload_to_info(packet[Raw]) packet_index = payload_info.index if packet_index in seen: raise Exception(ppp("Duplicate packet received", packet)) @@ -960,6 +2065,10 @@ class TestFIFReassembly(VppTestCase): cls.packet_sizes = [64, 512, 1518, 9018] cls.padding = " abcdefghijklmn" + @classmethod + def tearDownClass(cls): + super(TestFIFReassembly, cls).tearDownClass() + def setUp(self): """ Test setup - force timeout on existing reassemblies """ super(TestFIFReassembly, self).setUp() @@ -970,21 +2079,27 @@ class TestFIFReassembly(VppTestCase): sw_if_index=self.dst_if.sw_if_index, enable_ip4=True, enable_ip6=True) self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, + max_reassembly_length=1000, expire_walk_interval_ms=10) self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, + max_reassembly_length=1000, expire_walk_interval_ms=10, is_ip6=1) - self.sleep(.25) + self.virtual_sleep(.25) self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000, + max_reassembly_length=1000, expire_walk_interval_ms=10000) self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000, + max_reassembly_length=1000, expire_walk_interval_ms=10000, is_ip6=1) def tearDown(self): - self.logger.debug(self.vapi.ppcli("show ip4-reassembly details")) - self.logger.debug(self.vapi.ppcli("show ip6-reassembly details")) - self.logger.debug(self.vapi.ppcli("show buffers")) super(TestFIFReassembly, self).tearDown() + def show_commands_at_teardown(self): + self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + def verify_capture(self, capture, ip_class, dropped_packet_indexes=[]): """Verify captured packet stream. @@ -997,7 +2112,7 @@ class TestFIFReassembly(VppTestCase): self.logger.debug(ppp("Got packet:", packet)) ip = packet[ip_class] udp = packet[UDP] - payload_info = self.payload_to_info(str(packet[Raw])) + payload_info = self.payload_to_info(packet[Raw]) packet_index = payload_info.index self.assertTrue( packet_index not in dropped_packet_indexes, @@ -1058,7 +2173,7 @@ class TestFIFReassembly(VppTestCase): self.extend_packet(p, size, self.padding) info.data = p[IP] # use only IP part, without ethernet header - fragments = [x for _, p in six.iteritems(self._packet_infos) + fragments = [x for _, p in self._packet_infos.items() for x in fragment_rfc791(p.data, 400)] encapped_fragments = \ @@ -1094,7 +2209,7 @@ class TestFIFReassembly(VppTestCase): # it shared for multiple test cases self.tun_ip6 = "1002::1" - self.gre6 = VppGre6Interface(self, self.src_if.local_ip6, self.tun_ip6) + self.gre6 = VppGreInterface(self, self.src_if.local_ip6, self.tun_ip6) self.gre6.add_vpp_config() self.gre6.admin_up() self.gre6.config_ip6() @@ -1103,10 +2218,9 @@ class TestFIFReassembly(VppTestCase): sw_if_index=self.gre6.sw_if_index, enable_ip6=True) self.route6 = VppIpRoute(self, self.tun_ip6, 128, - [VppRoutePath(self.src_if.remote_ip6, - self.src_if.sw_if_index, - proto=DpoProto.DPO_PROTO_IP6)], - is_ip6=1) + [VppRoutePath( + self.src_if.remote_ip6, + self.src_if.sw_if_index)]) self.route6.add_vpp_config() self.reset_packet_infos() @@ -1124,7 +2238,7 @@ class TestFIFReassembly(VppTestCase): self.extend_packet(p, size, self.padding) info.data = p[IPv6] # use only IPv6 part, without ethernet header - fragments = [x for _, i in six.iteritems(self._packet_infos) + fragments = [x for _, i in self._packet_infos.items() for x in fragment_rfc8200( i.data, i.index, 400)]