X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_reassembly.py;h=e407252d380939503bb4be3460ff1d81cccc61c8;hb=853cc9f2ad3ee52cbdd891fb09d51c25678baed0;hp=07d5737ffacba50ef4c83fc492e72bc9bc3b9ad9;hpb=5a8844bdbf4b055812cce2d7755a175b2cc90b75;p=vpp.git diff --git a/test/test_reassembly.py b/test/test_reassembly.py index 07d5737ffac..e407252d380 100644 --- a/test/test_reassembly.py +++ b/test/test_reassembly.py @@ -1,63 +1,157 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 -from random import shuffle -import six import unittest +from random import shuffle, randrange + +from framework import VppTestCase +from asfframework import VppTestRunner -from parameterized import parameterized -import scapy.compat from scapy.packet import Raw from scapy.layers.l2 import Ether, GRE -from scapy.layers.inet import IP, UDP, ICMP - -from scapy.layers.inet6 import IPv6, IPv6ExtHdrFragment, ICMPv6ParamProblem,\ - ICMPv6TimeExceeded - -from framework import VppTestCase, VppTestRunner +from scapy.layers.inet import IP, UDP, ICMP, icmptypes +from scapy.layers.inet6 import ( + HBHOptUnknown, + ICMPv6ParamProblem, + ICMPv6TimeExceeded, + IPv6, + IPv6ExtHdrFragment, + IPv6ExtHdrHopByHop, + IPv6ExtHdrDestOpt, + PadN, + ICMPv6EchoRequest, + ICMPv6EchoReply, +) from util import ppp, fragment_rfc791, fragment_rfc8200 from vpp_gre_interface import VppGreInterface -from vpp_ip import DpoProto from vpp_ip_route import VppIpRoute, VppRoutePath +from vpp_papi import VppEnum # 35 is enough to have >257 400-byte fragments test_packet_count = 35 -# -# -_scapy_ip_family_types = (IP, IPv6) +class TestIPv4Reassembly(VppTestCase): + """IPv4 Reassembly""" + + @classmethod + def setUpClass(cls): + super().setUpClass() + + cls.create_pg_interfaces([0, 1]) + cls.src_if = cls.pg0 + cls.dst_if = cls.pg1 + + # setup all interfaces + for i in cls.pg_interfaces: + i.admin_up() + i.config_ip4() + i.resolve_arp() + + # packet sizes + cls.packet_sizes = [64, 512, 1518, 9018] + cls.padding = " abcdefghijklmn" + cls.create_stream(cls.packet_sizes) + cls.create_fragments() + + @classmethod + def tearDownClass(cls): + super().tearDownClass() + + def setUp(self): + """Test setup - force timeout on existing reassemblies""" + super().setUp() + self.vapi.ip_reassembly_enable_disable( + sw_if_index=self.src_if.sw_if_index, enable_ip4=True + ) + self.vapi.ip_reassembly_set( + timeout_ms=0, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10, + ) + self.virtual_sleep(0.25) + self.vapi.ip_reassembly_set( + timeout_ms=1000000, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10000, + ) + + def tearDown(self): + self.vapi.ip_reassembly_enable_disable( + sw_if_index=self.src_if.sw_if_index, enable_ip4=False + ) + super().tearDown() -def validate_scapy_ip_family(scapy_ip_family): + def show_commands_at_teardown(self): + self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) - if scapy_ip_family not in _scapy_ip_family_types: - raise ValueError("'scapy_ip_family' must be of type: %s. Got %s" % - (_scapy_ip_family_types, scapy_ip_family)) + @classmethod + def create_stream(cls, packet_sizes, packet_count=test_packet_count): + """Create input packet stream + :param list packet_sizes: Required packet sizes. + """ + for i in range(0, packet_count): + info = cls.create_packet_info(cls.src_if, cls.src_if) + payload = cls.info_to_payload(info) + p = ( + Ether(dst=cls.src_if.local_mac, src=cls.src_if.remote_mac) + / IP( + id=info.index, src=cls.src_if.remote_ip4, dst=cls.dst_if.remote_ip4 + ) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) + size = packet_sizes[(i // 2) % len(packet_sizes)] + cls.extend_packet(p, size, cls.padding) + info.data = p -class TestIPReassemblyMixin(object): + @classmethod + def create_fragments(cls): + infos = cls._packet_infos + cls.pkt_infos = [] + for index, info in infos.items(): + p = info.data + # cls.logger.debug(ppp("Packet:", + # p.__class__(scapy.compat.raw(p)))) + fragments_400 = fragment_rfc791(p, 400) + fragments_300 = fragment_rfc791(p, 300) + fragments_200 = [x for f in fragments_400 for x in fragment_rfc791(f, 200)] + cls.pkt_infos.append((index, fragments_400, fragments_300, fragments_200)) + cls.fragments_400 = [x for (_, frags, _, _) in cls.pkt_infos for x in frags] + cls.fragments_300 = [x for (_, _, frags, _) in cls.pkt_infos for x in frags] + cls.fragments_200 = [x for (_, _, _, frags) in cls.pkt_infos for x in frags] + cls.logger.debug( + "Fragmented %s packets into %s 400-byte fragments, " + "%s 300-byte fragments and %s 200-byte fragments" + % ( + len(infos), + len(cls.fragments_400), + len(cls.fragments_300), + len(cls.fragments_200), + ) + ) - def verify_capture(self, scapy_ip_family, capture, - dropped_packet_indexes=None): + def verify_capture(self, capture, dropped_packet_indexes=[]): """Verify captured packet stream. :param list capture: Captured packet stream. """ - validate_scapy_ip_family(scapy_ip_family) - - if dropped_packet_indexes is None: - dropped_packet_indexes = [] info = None seen = set() for packet in capture: try: self.logger.debug(ppp("Got packet:", packet)) - ip = packet[scapy_ip_family] + ip = packet[IP] udp = packet[UDP] payload_info = self.payload_to_info(packet[Raw]) packet_index = payload_info.index self.assertTrue( packet_index not in dropped_packet_indexes, - ppp("Packet received, but should be dropped:", packet)) + ppp("Packet received, but should be dropped:", packet), + ) if packet_index in seen: raise Exception(ppp("Duplicate packet received", packet)) seen.add(packet_index) @@ -66,97 +160,57 @@ class TestIPReassemblyMixin(object): self.assertTrue(info is not None) self.assertEqual(packet_index, info.index) saved_packet = info.data - self.assertEqual(ip.src, saved_packet[scapy_ip_family].src) - self.assertEqual(ip.dst, saved_packet[scapy_ip_family].dst) + self.assertEqual(ip.src, saved_packet[IP].src) + self.assertEqual(ip.dst, saved_packet[IP].dst) self.assertEqual(udp.payload, saved_packet[UDP].payload) except Exception: self.logger.error(ppp("Unexpected or invalid packet:", packet)) raise for index in self._packet_infos: - self.assertTrue(index in seen or index in dropped_packet_indexes, - "Packet with packet_index %d not received" % index) - - def test_disabled(self, scapy_ip_family, stream, - dropped_packet_indexes): - """ reassembly disabled """ - validate_scapy_ip_family(scapy_ip_family) - is_ip6 = 1 if scapy_ip_family == IPv6 else 0 - - self.vapi.ip_reassembly_set(timeout_ms=1000, max_reassemblies=0, - expire_walk_interval_ms=10000, - is_ip6=is_ip6) - - self.pg_enable_capture() - self.src_if.add_stream(stream) - self.pg_start() - - packets = self.dst_if.get_capture( - len(self.pkt_infos) - len(dropped_packet_indexes)) - self.verify_capture(scapy_ip_family, packets, dropped_packet_indexes) - self.src_if.assert_nothing_captured() + self.assertTrue( + index in seen or index in dropped_packet_indexes, + "Packet with packet_index %d not received" % index, + ) - def test_duplicates(self, scapy_ip_family, stream): - """ duplicate fragments """ - validate_scapy_ip_family(scapy_ip_family) + def test_reassembly(self): + """basic reassembly""" self.pg_enable_capture() - self.src_if.add_stream(stream) + self.src_if.add_stream(self.fragments_200) self.pg_start() packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(scapy_ip_family, packets) - self.src_if.assert_nothing_captured() - - def test_random(self, scapy_ip_family, stream): - """ random order reassembly """ - validate_scapy_ip_family(scapy_ip_family) - - fragments = list(stream) - shuffle(fragments) - - self.pg_enable_capture() - self.src_if.add_stream(fragments) - self.pg_start() - - packets = self.dst_if.get_capture(len(self.packet_infos)) - self.verify_capture(scapy_ip_family, packets) + self.verify_capture(packets) self.src_if.assert_nothing_captured() # run it all again to verify correctness self.pg_enable_capture() - self.src_if.add_stream(fragments) + self.src_if.add_stream(self.fragments_200) self.pg_start() - packets = self.dst_if.get_capture(len(self.packet_infos)) - self.verify_capture(scapy_ip_family, packets) + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) self.src_if.assert_nothing_captured() - def test_reassembly(self, scapy_ip_family, stream): - """ basic reassembly """ - validate_scapy_ip_family(scapy_ip_family) + def test_verify_clear_trace_mid_reassembly(self): + """verify clear trace works mid-reassembly""" self.pg_enable_capture() - self.src_if.add_stream(stream) + self.src_if.add_stream(self.fragments_200[0:-1]) self.pg_start() - packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(scapy_ip_family, packets) - self.src_if.assert_nothing_captured() + self.logger.debug(self.vapi.cli("show trace")) + self.vapi.cli("clear trace") - # run it all again to verify correctness - self.pg_enable_capture() - self.src_if.add_stream(stream) + self.src_if.add_stream(self.fragments_200[-1]) self.pg_start() - packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(scapy_ip_family, packets) - self.src_if.assert_nothing_captured() + self.verify_capture(packets) - def test_reversed(self, scapy_ip_family, stream): - """ reverse order reassembly """ - validate_scapy_ip_family(scapy_ip_family) + def test_reversed(self): + """reverse order reassembly""" - fragments = list(stream) + fragments = list(self.fragments_200) fragments.reverse() self.pg_enable_capture() @@ -164,7 +218,7 @@ class TestIPReassemblyMixin(object): self.pg_start() packets = self.dst_if.get_capture(len(self.packet_infos)) - self.verify_capture(scapy_ip_family, packets) + self.verify_capture(packets) self.src_if.assert_nothing_captured() # run it all again to verify correctness @@ -173,187 +227,113 @@ class TestIPReassemblyMixin(object): self.pg_start() packets = self.dst_if.get_capture(len(self.packet_infos)) - self.verify_capture(scapy_ip_family, packets) + self.verify_capture(packets) self.src_if.assert_nothing_captured() - def test_timeout_inline(self, scapy_ip_family, stream, - dropped_packet_indexes): - """ timeout (inline) """ - validate_scapy_ip_family(scapy_ip_family) - is_ip6 = 1 if scapy_ip_family == IPv6 else 0 - - self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, - expire_walk_interval_ms=10000, - is_ip6=is_ip6) - - self.pg_enable_capture() - self.src_if.add_stream(stream) - self.pg_start() - - packets = self.dst_if.get_capture( - len(self.pkt_infos) - len(dropped_packet_indexes)) - self.verify_capture(scapy_ip_family, packets, - dropped_packet_indexes) - - -class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): - """ IPv4 Reassembly """ - - @classmethod - def setUpClass(cls): - super(TestIPv4Reassembly, cls).setUpClass() - - cls.create_pg_interfaces([0, 1]) - cls.src_if = cls.pg0 - cls.dst_if = cls.pg1 - - # setup all interfaces - for i in cls.pg_interfaces: - i.admin_up() - i.config_ip4() - i.resolve_arp() - - # packet sizes - cls.packet_sizes = [64, 512, 1518, 9018] - cls.padding = " abcdefghijklmn" - cls.create_stream(cls.packet_sizes) - cls.create_fragments() - - @classmethod - def tearDownClass(cls): - super(TestIPv4Reassembly, cls).tearDownClass() + def test_long_fragment_chain(self): + """long fragment chain""" - def setUp(self): - """ Test setup - force timeout on existing reassemblies """ - super(TestIPv4Reassembly, self).setUp() - self.vapi.ip_reassembly_enable_disable( - sw_if_index=self.src_if.sw_if_index, enable_ip4=True) - self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, - expire_walk_interval_ms=10) - self.sleep(.25) - self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000, - expire_walk_interval_ms=10000) + error_cnt_str = "/err/ip4-full-reassembly-feature/reass_fragment_chain_too_long" - def tearDown(self): - super(TestIPv4Reassembly, self).tearDown() + error_cnt = self.statistics.get_err_counter(error_cnt_str) - def show_commands_at_teardown(self): - self.logger.debug(self.vapi.ppcli("show ip4-reassembly details")) - self.logger.debug(self.vapi.ppcli("show buffers")) + self.vapi.ip_reassembly_set( + timeout_ms=100, + max_reassemblies=1000, + max_reassembly_length=3, + expire_walk_interval_ms=50, + ) - @classmethod - def create_stream(cls, packet_sizes, packet_count=test_packet_count): - """Create input packet stream + p1 = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP(id=1000, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4) + / UDP(sport=1234, dport=5678) + / Raw(b"X" * 1000) + ) + p2 = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP(id=1001, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4) + / UDP(sport=1234, dport=5678) + / Raw(b"X" * 1000) + ) + frags = fragment_rfc791(p1, 200) + fragment_rfc791(p2, 500) - :param list packet_sizes: Required packet sizes. - """ - for i in range(0, packet_count): - info = cls.create_packet_info(cls.src_if, cls.src_if) - payload = cls.info_to_payload(info) - p = (Ether(dst=cls.src_if.local_mac, src=cls.src_if.remote_mac) / - IP(id=info.index, src=cls.src_if.remote_ip4, - dst=cls.dst_if.remote_ip4) / - UDP(sport=1234, dport=5678) / - Raw(payload)) - size = packet_sizes[(i // 2) % len(packet_sizes)] - cls.extend_packet(p, size, cls.padding) - info.data = p + self.pg_enable_capture() + self.src_if.add_stream(frags) + self.pg_start() - @classmethod - def create_fragments(cls): - infos = cls._packet_infos - cls.pkt_infos = [] - for index, info in six.iteritems(infos): - p = info.data - # cls.logger.debug(ppp("Packet:", - # p.__class__(scapy.compat.raw(p)))) - fragments_400 = fragment_rfc791(p, 400) - fragments_300 = fragment_rfc791(p, 300) - fragments_200 = [ - x for f in fragments_400 for x in fragment_rfc791(f, 200)] - cls.pkt_infos.append( - (index, fragments_400, fragments_300, fragments_200)) - cls.fragments_400 = [ - x for (_, frags, _, _) in cls.pkt_infos for x in frags] - cls.fragments_300 = [ - x for (_, _, frags, _) in cls.pkt_infos for x in frags] - cls.fragments_200 = [ - x for (_, _, _, frags) in cls.pkt_infos for x in frags] - cls.logger.debug("Fragmented %s packets into %s 400-byte fragments, " - "%s 300-byte fragments and %s 200-byte fragments" % - (len(infos), len(cls.fragments_400), - len(cls.fragments_300), len(cls.fragments_200))) - - @parameterized.expand([(IP, None)]) - def test_reassembly(self, family, stream): - """ basic reassembly """ - stream = self.__class__.fragments_200 - super(TestIPv4Reassembly, self).test_reassembly(family, stream) - - @parameterized.expand([(IP, None)]) - def test_reversed(self, family, stream): - """ reverse order reassembly """ - stream = self.__class__.fragments_200 - super(TestIPv4Reassembly, self).test_reversed(family, stream) - - @parameterized.expand([(IP, None)]) - def test_random(self, family, stream): - stream = self.__class__.fragments_200 - super(TestIPv4Reassembly, self).test_random(family, stream) + self.dst_if.get_capture(1) + self.assert_error_counter_equal(error_cnt_str, error_cnt + 1) def test_5737(self): - """ fragment length + ip header size > 65535 """ + """fragment length + ip header size > 65535""" self.vapi.cli("clear errors") - raw = ('E\x00\x00\x88,\xf8\x1f\xfe@\x01\x98\x00\xc0\xa8\n-\xc0\xa8\n' - '\x01\x08\x00\xf0J\xed\xcb\xf1\xf5Test-group: IPv4.IPv4.ipv4-' - 'message.Ethernet-Payload.IPv4-Packet.IPv4-Header.Fragment-Of' - 'fset; Test-case: 5737') - - malformed_packet = (Ether(dst=self.src_if.local_mac, - src=self.src_if.remote_mac) / - IP(raw)) - p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / - IP(id=1000, src=self.src_if.remote_ip4, - dst=self.dst_if.remote_ip4) / - UDP(sport=1234, dport=5678) / - Raw("X" * 1000)) + raw = b"""E\x00\x00\x88,\xf8\x1f\xfe@\x01\x98\x00\xc0\xa8\n-\xc0\xa8\n\ +\x01\x08\x00\xf0J\xed\xcb\xf1\xf5Test-group: IPv4.IPv4.ipv4-message.\ +Ethernet-Payload.IPv4-Packet.IPv4-Header.Fragment-Offset; Test-case: 5737""" + malformed_packet = Ether( + dst=self.src_if.local_mac, src=self.src_if.remote_mac + ) / IP(raw) + p = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP(id=1000, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4) + / UDP(sport=1234, dport=5678) + / Raw(b"X" * 1000) + ) valid_fragments = fragment_rfc791(p, 400) + counter = "/err/ip4-full-reassembly-feature/reass_malformed_packet" + error_counter = self.statistics.get_err_counter(counter) self.pg_enable_capture() self.src_if.add_stream([malformed_packet] + valid_fragments) self.pg_start() self.dst_if.get_capture(1) - self.assert_packet_counter_equal("ip4-reassembly-feature", 1) - # TODO remove above, uncomment below once clearing of counters - # is supported - # self.assert_packet_counter_equal( - # "/err/ip4-reassembly-feature/malformed packets", 1) + self.logger.debug(self.vapi.ppcli("show error")) + self.assertEqual(self.statistics.get_err_counter(counter), error_counter + 1) def test_44924(self): - """ compress tiny fragments """ - packets = [(Ether(dst=self.src_if.local_mac, - src=self.src_if.remote_mac) / - IP(id=24339, flags="MF", frag=0, ttl=64, - src=self.src_if.remote_ip4, - dst=self.dst_if.remote_ip4) / - ICMP(type="echo-request", code=0, id=0x1fe6, seq=0x2407) / - Raw(load='Test-group: IPv4')), - (Ether(dst=self.src_if.local_mac, - src=self.src_if.remote_mac) / - IP(id=24339, flags="MF", frag=3, ttl=64, - src=self.src_if.remote_ip4, - dst=self.dst_if.remote_ip4) / - ICMP(type="echo-request", code=0, id=0x1fe6, seq=0x2407) / - Raw(load='.IPv4.Fragmentation.vali')), - (Ether(dst=self.src_if.local_mac, - src=self.src_if.remote_mac) / - IP(id=24339, frag=6, ttl=64, - src=self.src_if.remote_ip4, - dst=self.dst_if.remote_ip4) / - ICMP(type="echo-request", code=0, id=0x1fe6, seq=0x2407) / - Raw(load='d; Test-case: 44924')) - ] + """compress tiny fragments""" + packets = [ + ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP( + id=24339, + flags="MF", + frag=0, + ttl=64, + src=self.src_if.remote_ip4, + dst=self.dst_if.remote_ip4, + ) + / ICMP(type="echo-request", code=0, id=0x1FE6, seq=0x2407) + / Raw(load="Test-group: IPv4") + ), + ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP( + id=24339, + flags="MF", + frag=3, + ttl=64, + src=self.src_if.remote_ip4, + dst=self.dst_if.remote_ip4, + ) + / ICMP(type="echo-request", code=0, id=0x1FE6, seq=0x2407) + / Raw(load=".IPv4.Fragmentation.vali") + ), + ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP( + id=24339, + frag=6, + ttl=64, + src=self.src_if.remote_ip4, + dst=self.dst_if.remote_ip4, + ) + / ICMP(type="echo-request", code=0, id=0x1FE6, seq=0x2407) + / Raw(load="d; Test-case: 44924") + ), + ] self.pg_enable_capture() self.src_if.add_stream(packets) @@ -362,27 +342,42 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): self.dst_if.get_capture(1) def test_frag_1(self): - """ fragment of size 1 """ + """fragment of size 1""" self.vapi.cli("clear errors") - malformed_packets = [(Ether(dst=self.src_if.local_mac, - src=self.src_if.remote_mac) / - IP(id=7, len=21, flags="MF", frag=0, ttl=64, - src=self.src_if.remote_ip4, - dst=self.dst_if.remote_ip4) / - ICMP(type="echo-request")), - (Ether(dst=self.src_if.local_mac, - src=self.src_if.remote_mac) / - IP(id=7, len=21, frag=1, ttl=64, - src=self.src_if.remote_ip4, - dst=self.dst_if.remote_ip4) / - Raw(load='\x08')), - ] - - p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / - IP(id=1000, src=self.src_if.remote_ip4, - dst=self.dst_if.remote_ip4) / - UDP(sport=1234, dport=5678) / - Raw("X" * 1000)) + malformed_packets = [ + ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP( + id=7, + len=21, + flags="MF", + frag=0, + ttl=64, + src=self.src_if.remote_ip4, + dst=self.dst_if.remote_ip4, + ) + / ICMP(type="echo-request") + ), + ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP( + id=7, + len=21, + frag=1, + ttl=64, + src=self.src_if.remote_ip4, + dst=self.dst_if.remote_ip4, + ) + / Raw(load=b"\x08") + ), + ] + + p = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP(id=1000, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4) + / UDP(sport=1234, dport=5678) + / Raw(b"X" * 1000) + ) valid_fragments = fragment_rfc791(p, 400) self.pg_enable_capture() @@ -391,25 +386,55 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): self.dst_if.get_capture(1) - self.assert_packet_counter_equal("ip4-reassembly-feature", 1) + self.assert_packet_counter_equal("ip4-full-reassembly-feature", 1) # TODO remove above, uncomment below once clearing of counters # is supported # self.assert_packet_counter_equal( - # "/err/ip4-reassembly-feature/malformed packets", 1) + # "/err/ip4-full-reassembly-feature/reass_malformed_packet", 1) + + def test_random(self): + """random order reassembly""" + + fragments = list(self.fragments_200) + shuffle(fragments) + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.packet_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + # run it all again to verify correctness + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.packet_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + def test_duplicates(self): + """duplicate fragments""" - @parameterized.expand([(IP, None)]) - def test_duplicates(self, family, stream): - """ duplicate fragments """ fragments = [ - # IPv4 uses 4 fields in pkt_infos, IPv6 uses 3. - x for (_, frags, _, _) in self.pkt_infos + x + for (_, frags, _, _) in self.pkt_infos for x in frags for _ in range(0, min(2, len(frags))) ] - super(TestIPv4Reassembly, self).test_duplicates(family, fragments) + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() def test_overlap1(self): - """ overlapping fragments case #1 """ + """overlapping fragments case #1""" fragments = [] for _, _, frags_300, frags_200 in self.pkt_infos: @@ -425,7 +450,7 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): self.pg_start() packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(IP, packets) + self.verify_capture(packets) self.src_if.assert_nothing_captured() # run it all to verify correctness @@ -434,11 +459,11 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): self.pg_start() packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(IP, packets) + self.verify_capture(packets) self.src_if.assert_nothing_captured() def test_overlap2(self): - """ overlapping fragments case #2 """ + """overlapping fragments case #2""" fragments = [] for _, _, frags_300, frags_200 in self.pkt_infos: @@ -450,17 +475,17 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): # new reassemblies will be started and packet generator will # freak out when it detects unfreed buffers zipped = zip(frags_300, frags_200) - for i, j in zipped[:-1]: + for i, j in zipped: fragments.extend(i) fragments.extend(j) - fragments.append(zipped[-1][0]) + fragments.pop() self.pg_enable_capture() self.src_if.add_stream(fragments) self.pg_start() packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(IP, packets) + self.verify_capture(packets) self.src_if.assert_nothing_captured() # run it all to verify correctness @@ -469,79 +494,1287 @@ class TestIPv4Reassembly(TestIPReassemblyMixin, VppTestCase): self.pg_start() packets = self.dst_if.get_capture(len(self.pkt_infos)) - self.verify_capture(IP, packets) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + def test_timeout_inline(self): + """timeout (inline)""" + + dropped_packet_indexes = set( + index for (index, frags, _, _) in self.pkt_infos if len(frags) > 1 + ) + + self.vapi.ip_reassembly_set( + timeout_ms=0, + max_reassemblies=1000, + max_reassembly_length=3, + expire_walk_interval_ms=10000, + ) + + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400) + self.pg_start() + + packets = self.dst_if.get_capture( + len(self.pkt_infos) - len(dropped_packet_indexes) + ) + self.verify_capture(packets, dropped_packet_indexes) + self.src_if.assert_nothing_captured() + + def test_timeout_cleanup(self): + """timeout (cleanup)""" + + # whole packets + fragmented packets sans last fragment + fragments = [ + x + for (_, frags_400, _, _) in self.pkt_infos + for x in frags_400[: -1 if len(frags_400) > 1 else None] + ] + + # last fragments for fragmented packets + fragments2 = [ + frags_400[-1] + for (_, frags_400, _, _) in self.pkt_infos + if len(frags_400) > 1 + ] + + dropped_packet_indexes = set( + index for (index, frags_400, _, _) in self.pkt_infos if len(frags_400) > 1 + ) + + self.vapi.ip_reassembly_set( + timeout_ms=100, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=50, + ) + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + self.virtual_sleep(0.25, "wait before sending rest of fragments") + + self.src_if.add_stream(fragments2) + self.pg_start() + + packets = self.dst_if.get_capture( + len(self.pkt_infos) - len(dropped_packet_indexes) + ) + self.verify_capture(packets, dropped_packet_indexes) + self.src_if.assert_nothing_captured() + + def test_disabled(self): + """reassembly disabled""" + + dropped_packet_indexes = set( + index for (index, frags_400, _, _) in self.pkt_infos if len(frags_400) > 1 + ) + + self.vapi.ip_reassembly_set( + timeout_ms=1000, + max_reassemblies=0, + max_reassembly_length=3, + expire_walk_interval_ms=10000, + ) + + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400) + self.pg_start() + + packets = self.dst_if.get_capture( + len(self.pkt_infos) - len(dropped_packet_indexes) + ) + self.verify_capture(packets, dropped_packet_indexes) self.src_if.assert_nothing_captured() - @parameterized.expand([(IP, None, None)]) - def test_timeout_inline(self, family, stream, dropped_packet_indexes): - """ timeout (inline) """ - stream = self.fragments_400 + def test_local_enable_disable(self): + """local reassembly enabled/disable""" + self.vapi.ip_reassembly_enable_disable( + sw_if_index=self.src_if.sw_if_index, enable_ip4=False + ) + self.vapi.ip_local_reass_enable_disable(enable_ip4=True) + p = ( + Ether(src=self.src_if.remote_mac, dst=self.src_if.local_mac) + / IP(src=self.src_if.remote_ip4, dst=self.src_if.local_ip4) + / ICMP(id=1234, type="echo-request") + / Raw("x" * 1000) + ) + frags = fragment_rfc791(p, 400) + r = self.send_and_expect(self.src_if, frags, self.src_if, n_rx=1)[0] + self.assertEqual(1234, r[ICMP].id) + self.assertEqual(icmptypes[r[ICMP].type], "echo-reply") + self.vapi.ip_local_reass_enable_disable() + + self.send_and_assert_no_replies(self.src_if, frags) + self.vapi.ip_local_reass_enable_disable(enable_ip4=True) + + +class TestIPv4SVReassembly(VppTestCase): + """IPv4 Shallow Virtual Reassembly""" + + @classmethod + def setUpClass(cls): + super().setUpClass() + + cls.create_pg_interfaces([0, 1]) + cls.src_if = cls.pg0 + cls.dst_if = cls.pg1 + + # setup all interfaces + for i in cls.pg_interfaces: + i.admin_up() + i.config_ip4() + i.resolve_arp() + + def setUp(self): + """Test setup - force timeout on existing reassemblies""" + super().setUp() + self.vapi.ip_reassembly_enable_disable( + sw_if_index=self.src_if.sw_if_index, + enable_ip4=True, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + ) + self.vapi.ip_reassembly_set( + timeout_ms=0, + max_reassemblies=1000, + max_reassembly_length=1000, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + expire_walk_interval_ms=10, + ) + self.virtual_sleep(0.25) + self.vapi.ip_reassembly_set( + timeout_ms=1000000, + max_reassemblies=1000, + max_reassembly_length=1000, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + expire_walk_interval_ms=10000, + ) + + def tearDown(self): + super().tearDown() + self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + + def test_basic(self): + """basic reassembly""" + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + p = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP(id=1, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) + fragments = fragment_rfc791(p, payload_len / 4) + + # send fragment #2 - should be cached inside reassembly + self.pg_enable_capture() + self.src_if.add_stream(fragments[1]) + self.pg_start() + self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + self.dst_if.assert_nothing_captured() + + # send fragment #1 - reassembly is finished now and both fragments + # forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[0]) + self.pg_start() + self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + c = self.dst_if.get_capture(2) + for sent, recvd in zip([fragments[1], fragments[0]], c): + self.assertEqual(sent[IP].src, recvd[IP].src) + self.assertEqual(sent[IP].dst, recvd[IP].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + # send rest of fragments - should be immediately forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[2:]) + self.pg_start() + c = self.dst_if.get_capture(len(fragments[2:])) + for sent, recvd in zip(fragments[2:], c): + self.assertEqual(sent[IP].src, recvd[IP].src) + self.assertEqual(sent[IP].dst, recvd[IP].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + def test_verify_clear_trace_mid_reassembly(self): + """verify clear trace works mid-reassembly""" + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + p = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP(id=1, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) + fragments = fragment_rfc791(p, payload_len / 4) + + self.pg_enable_capture() + self.src_if.add_stream(fragments[1]) + self.pg_start() + + self.logger.debug(self.vapi.cli("show trace")) + self.vapi.cli("clear trace") + + self.pg_enable_capture() + self.src_if.add_stream(fragments[0]) + self.pg_start() + self.dst_if.get_capture(2) + + self.logger.debug(self.vapi.cli("show trace")) + self.vapi.cli("clear trace") + + self.pg_enable_capture() + self.src_if.add_stream(fragments[2:]) + self.pg_start() + self.dst_if.get_capture(len(fragments[2:])) + + def test_timeout(self): + """reassembly timeout""" + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + p = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP(id=1, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) + fragments = fragment_rfc791(p, payload_len / 4) + + self.vapi.ip_reassembly_set( + timeout_ms=100, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=50, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + ) + + # send fragments #2 and #1 - should be forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[0:2]) + self.pg_start() + self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + c = self.dst_if.get_capture(2) + for sent, recvd in zip([fragments[1], fragments[0]], c): + self.assertEqual(sent[IP].src, recvd[IP].src) + self.assertEqual(sent[IP].dst, recvd[IP].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + # wait for cleanup + self.virtual_sleep(0.25, "wait before sending rest of fragments") + + # send rest of fragments - shouldn't be forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[2:]) + self.pg_start() + self.dst_if.assert_nothing_captured() + + def test_lru(self): + """reassembly reuses LRU element""" + + self.vapi.ip_reassembly_set( + timeout_ms=1000000, + max_reassemblies=1, + max_reassembly_length=1000, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + expire_walk_interval_ms=10000, + ) + + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + packet_count = 10 + + fragments = [ + f + for i in range(packet_count) + for p in ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP(id=i, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) + for f in fragment_rfc791(p, payload_len / 4) + ] + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + c = self.dst_if.get_capture(len(fragments)) + for sent, recvd in zip(fragments, c): + self.assertEqual(sent[IP].src, recvd[IP].src) + self.assertEqual(sent[IP].dst, recvd[IP].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + def send_mixed_and_verify_capture(self, traffic): + stream = [] + for t in traffic: + for c in range(t["count"]): + stream.append( + ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP( + id=self.counter, + flags=t["flags"], + src=self.src_if.remote_ip4, + dst=self.dst_if.remote_ip4, + ) + / UDP(sport=1234, dport=5678) + / Raw("abcdef") + ) + ) + self.counter = self.counter + 1 + + self.pg_enable_capture() + self.src_if.add_stream(stream) + self.pg_start() + self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + self.dst_if.get_capture(len(stream)) + + def test_mixed(self): + """mixed traffic correctly passes through SVR""" + self.counter = 1 + + self.send_mixed_and_verify_capture([{"count": 1, "flags": ""}]) + self.send_mixed_and_verify_capture([{"count": 2, "flags": ""}]) + self.send_mixed_and_verify_capture([{"count": 3, "flags": ""}]) + self.send_mixed_and_verify_capture([{"count": 8, "flags": ""}]) + self.send_mixed_and_verify_capture([{"count": 257, "flags": ""}]) + + self.send_mixed_and_verify_capture([{"count": 1, "flags": "MF"}]) + self.send_mixed_and_verify_capture([{"count": 2, "flags": "MF"}]) + self.send_mixed_and_verify_capture([{"count": 3, "flags": "MF"}]) + self.send_mixed_and_verify_capture([{"count": 8, "flags": "MF"}]) + self.send_mixed_and_verify_capture([{"count": 257, "flags": "MF"}]) + + self.send_mixed_and_verify_capture( + [{"count": 1, "flags": ""}, {"count": 1, "flags": "MF"}] + ) + self.send_mixed_and_verify_capture( + [{"count": 2, "flags": ""}, {"count": 2, "flags": "MF"}] + ) + self.send_mixed_and_verify_capture( + [{"count": 3, "flags": ""}, {"count": 3, "flags": "MF"}] + ) + self.send_mixed_and_verify_capture( + [{"count": 8, "flags": ""}, {"count": 8, "flags": "MF"}] + ) + self.send_mixed_and_verify_capture( + [{"count": 129, "flags": ""}, {"count": 129, "flags": "MF"}] + ) + + self.send_mixed_and_verify_capture( + [ + {"count": 1, "flags": ""}, + {"count": 1, "flags": "MF"}, + {"count": 1, "flags": ""}, + {"count": 1, "flags": "MF"}, + ] + ) + self.send_mixed_and_verify_capture( + [ + {"count": 2, "flags": ""}, + {"count": 2, "flags": "MF"}, + {"count": 2, "flags": ""}, + {"count": 2, "flags": "MF"}, + ] + ) + self.send_mixed_and_verify_capture( + [ + {"count": 3, "flags": ""}, + {"count": 3, "flags": "MF"}, + {"count": 3, "flags": ""}, + {"count": 3, "flags": "MF"}, + ] + ) + self.send_mixed_and_verify_capture( + [ + {"count": 8, "flags": ""}, + {"count": 8, "flags": "MF"}, + {"count": 8, "flags": ""}, + {"count": 8, "flags": "MF"}, + ] + ) + self.send_mixed_and_verify_capture( + [ + {"count": 65, "flags": ""}, + {"count": 65, "flags": "MF"}, + {"count": 65, "flags": ""}, + {"count": 65, "flags": "MF"}, + ] + ) + + +class TestIPv4MWReassembly(VppTestCase): + """IPv4 Reassembly (multiple workers)""" + + vpp_worker_count = 3 + + @classmethod + def setUpClass(cls): + super().setUpClass() + + cls.create_pg_interfaces(range(cls.vpp_worker_count + 1)) + cls.src_if = cls.pg0 + cls.send_ifs = cls.pg_interfaces[:-1] + cls.dst_if = cls.pg_interfaces[-1] + + # setup all interfaces + for i in cls.pg_interfaces: + i.admin_up() + i.config_ip4() + i.resolve_arp() + + # packets sizes reduced here because we are generating packets without + # Ethernet headers, which are added later (diff fragments go via + # different interfaces) + cls.packet_sizes = [ + 64 - len(Ether()), + 512 - len(Ether()), + 1518 - len(Ether()), + 9018 - len(Ether()), + ] + cls.padding = " abcdefghijklmn" + cls.create_stream(cls.packet_sizes) + cls.create_fragments() + + @classmethod + def tearDownClass(cls): + super().tearDownClass() + + def setUp(self): + """Test setup - force timeout on existing reassemblies""" + super().setUp() + for intf in self.send_ifs: + self.vapi.ip_reassembly_enable_disable( + sw_if_index=intf.sw_if_index, enable_ip4=True + ) + self.vapi.ip_reassembly_set( + timeout_ms=0, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10, + ) + self.virtual_sleep(0.25) + self.vapi.ip_reassembly_set( + timeout_ms=1000000, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10000, + ) + + def tearDown(self): + for intf in self.send_ifs: + self.vapi.ip_reassembly_enable_disable( + sw_if_index=intf.sw_if_index, enable_ip4=False + ) + super().tearDown() + + def show_commands_at_teardown(self): + self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + + @classmethod + def create_stream(cls, packet_sizes, packet_count=test_packet_count): + """Create input packet stream + + :param list packet_sizes: Required packet sizes. + """ + for i in range(0, packet_count): + info = cls.create_packet_info(cls.src_if, cls.src_if) + payload = cls.info_to_payload(info) + p = ( + IP(id=info.index, src=cls.src_if.remote_ip4, dst=cls.dst_if.remote_ip4) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) + size = packet_sizes[(i // 2) % len(packet_sizes)] + cls.extend_packet(p, size, cls.padding) + info.data = p + + @classmethod + def create_fragments(cls): + infos = cls._packet_infos + cls.pkt_infos = [] + for index, info in infos.items(): + p = info.data + # cls.logger.debug(ppp("Packet:", + # p.__class__(scapy.compat.raw(p)))) + fragments_400 = fragment_rfc791(p, 400) + cls.pkt_infos.append((index, fragments_400)) + cls.fragments_400 = [x for (_, frags) in cls.pkt_infos for x in frags] + cls.logger.debug( + "Fragmented %s packets into %s 400-byte fragments, " + % (len(infos), len(cls.fragments_400)) + ) + + def verify_capture(self, capture, dropped_packet_indexes=[]): + """Verify captured packet stream. + + :param list capture: Captured packet stream. + """ + info = None + seen = set() + for packet in capture: + try: + self.logger.debug(ppp("Got packet:", packet)) + ip = packet[IP] + udp = packet[UDP] + payload_info = self.payload_to_info(packet[Raw]) + packet_index = payload_info.index + self.assertTrue( + packet_index not in dropped_packet_indexes, + ppp("Packet received, but should be dropped:", packet), + ) + if packet_index in seen: + raise Exception(ppp("Duplicate packet received", packet)) + seen.add(packet_index) + self.assertEqual(payload_info.dst, self.src_if.sw_if_index) + info = self._packet_infos[packet_index] + self.assertTrue(info is not None) + self.assertEqual(packet_index, info.index) + saved_packet = info.data + self.assertEqual(ip.src, saved_packet[IP].src) + self.assertEqual(ip.dst, saved_packet[IP].dst) + self.assertEqual(udp.payload, saved_packet[UDP].payload) + except Exception: + self.logger.error(ppp("Unexpected or invalid packet:", packet)) + raise + for index in self._packet_infos: + self.assertTrue( + index in seen or index in dropped_packet_indexes, + "Packet with packet_index %d not received" % index, + ) + + def send_packets(self, packets): + for counter in range(self.vpp_worker_count): + if 0 == len(packets[counter]): + continue + send_if = self.send_ifs[counter] + send_if.add_stream( + ( + Ether(dst=send_if.local_mac, src=send_if.remote_mac) / x + for x in packets[counter] + ), + worker=counter, + ) + self.pg_start() + + def test_worker_conflict(self): + """1st and FO=0 fragments on different workers""" + + # in first wave we send fragments which don't start at offset 0 + # then we send fragments with offset 0 on a different thread + # then the rest of packets on a random thread + first_packets = [[] for n in range(self.vpp_worker_count)] + second_packets = [[] for n in range(self.vpp_worker_count)] + rest_of_packets = [[] for n in range(self.vpp_worker_count)] + for _, p in self.pkt_infos: + wi = randrange(self.vpp_worker_count) + second_packets[wi].append(p[0]) + if len(p) <= 1: + continue + wi2 = wi + while wi2 == wi: + wi2 = randrange(self.vpp_worker_count) + first_packets[wi2].append(p[1]) + wi3 = randrange(self.vpp_worker_count) + rest_of_packets[wi3].extend(p[2:]) + + self.pg_enable_capture() + self.send_packets(first_packets) + self.send_packets(second_packets) + self.send_packets(rest_of_packets) + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + for send_if in self.send_ifs: + send_if.assert_nothing_captured() + + self.logger.debug(self.vapi.ppcli("show trace")) + self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.vapi.cli("clear trace") + + self.pg_enable_capture() + self.send_packets(first_packets) + self.send_packets(second_packets) + self.send_packets(rest_of_packets) + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + for send_if in self.send_ifs: + send_if.assert_nothing_captured() + + +class TestIPv6Reassembly(VppTestCase): + """IPv6 Reassembly""" + + @classmethod + def setUpClass(cls): + super().setUpClass() + + cls.create_pg_interfaces([0, 1]) + cls.src_if = cls.pg0 + cls.dst_if = cls.pg1 + + # setup all interfaces + for i in cls.pg_interfaces: + i.admin_up() + i.config_ip6() + i.resolve_ndp() + + # packet sizes + cls.packet_sizes = [64, 512, 1518, 9018] + cls.padding = " abcdefghijklmn" + cls.create_stream(cls.packet_sizes) + cls.create_fragments() + + @classmethod + def tearDownClass(cls): + super().tearDownClass() + + def setUp(self): + """Test setup - force timeout on existing reassemblies""" + super().setUp() + self.vapi.ip_reassembly_enable_disable( + sw_if_index=self.src_if.sw_if_index, enable_ip6=True + ) + self.vapi.ip_reassembly_set( + timeout_ms=0, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10, + is_ip6=1, + ) + self.virtual_sleep(0.25) + self.vapi.ip_reassembly_set( + timeout_ms=1000000, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10000, + is_ip6=1, + ) + self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + + def tearDown(self): + self.vapi.ip_reassembly_enable_disable( + sw_if_index=self.src_if.sw_if_index, enable_ip6=False + ) + super().tearDown() + + def show_commands_at_teardown(self): + self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + + @classmethod + def create_stream(cls, packet_sizes, packet_count=test_packet_count): + """Create input packet stream for defined interface. + + :param list packet_sizes: Required packet sizes. + """ + for i in range(0, packet_count): + info = cls.create_packet_info(cls.src_if, cls.src_if) + payload = cls.info_to_payload(info) + p = ( + Ether(dst=cls.src_if.local_mac, src=cls.src_if.remote_mac) + / IPv6(src=cls.src_if.remote_ip6, dst=cls.dst_if.remote_ip6) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) + size = packet_sizes[(i // 2) % len(packet_sizes)] + cls.extend_packet(p, size, cls.padding) + info.data = p + + @classmethod + def create_fragments(cls): + infos = cls._packet_infos + cls.pkt_infos = [] + for index, info in infos.items(): + p = info.data + # cls.logger.debug(ppp("Packet:", + # p.__class__(scapy.compat.raw(p)))) + fragments_400 = fragment_rfc8200(p, info.index, 400) + fragments_300 = fragment_rfc8200(p, info.index, 300) + cls.pkt_infos.append((index, fragments_400, fragments_300)) + cls.fragments_400 = [x for _, frags, _ in cls.pkt_infos for x in frags] + cls.fragments_300 = [x for _, _, frags in cls.pkt_infos for x in frags] + cls.logger.debug( + "Fragmented %s packets into %s 400-byte fragments, " + "and %s 300-byte fragments" + % (len(infos), len(cls.fragments_400), len(cls.fragments_300)) + ) + + def verify_capture(self, capture, dropped_packet_indexes=[]): + """Verify captured packet strea . + + :param list capture: Captured packet stream. + """ + info = None + seen = set() + for packet in capture: + try: + self.logger.debug(ppp("Got packet:", packet)) + ip = packet[IPv6] + udp = packet[UDP] + payload_info = self.payload_to_info(packet[Raw]) + packet_index = payload_info.index + self.assertTrue( + packet_index not in dropped_packet_indexes, + ppp("Packet received, but should be dropped:", packet), + ) + if packet_index in seen: + raise Exception(ppp("Duplicate packet received", packet)) + seen.add(packet_index) + self.assertEqual(payload_info.dst, self.src_if.sw_if_index) + info = self._packet_infos[packet_index] + self.assertTrue(info is not None) + self.assertEqual(packet_index, info.index) + saved_packet = info.data + self.assertEqual(ip.src, saved_packet[IPv6].src) + self.assertEqual(ip.dst, saved_packet[IPv6].dst) + self.assertEqual(udp.payload, saved_packet[UDP].payload) + except Exception: + self.logger.error(ppp("Unexpected or invalid packet:", packet)) + raise + for index in self._packet_infos: + self.assertTrue( + index in seen or index in dropped_packet_indexes, + "Packet with packet_index %d not received" % index, + ) + + def test_reassembly(self): + """basic reassembly""" + + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + # run it all again to verify correctness + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + def test_buffer_boundary(self): + """fragment header crossing buffer boundary""" + + p = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.src_if.local_ip6) + / IPv6ExtHdrHopByHop(options=[HBHOptUnknown(otype=0xFF, optlen=0)] * 1000) + / IPv6ExtHdrFragment(m=1) + / UDP(sport=1234, dport=5678) + / Raw() + ) + self.pg_enable_capture() + self.src_if.add_stream([p]) + self.pg_start() + self.src_if.assert_nothing_captured() + self.dst_if.assert_nothing_captured() + + def test_verify_clear_trace_mid_reassembly(self): + """verify clear trace works mid-reassembly""" + + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400[0:-1]) + self.pg_start() + + self.logger.debug(self.vapi.cli("show trace")) + self.vapi.cli("clear trace") + + self.src_if.add_stream(self.fragments_400[-1]) + self.pg_start() + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + + def test_reversed(self): + """reverse order reassembly""" + + fragments = list(self.fragments_400) + fragments.reverse() + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + # run it all again to verify correctness + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + def test_random(self): + """random order reassembly""" + + fragments = list(self.fragments_400) + shuffle(fragments) + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + # run it all again to verify correctness + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + def test_duplicates(self): + """duplicate fragments""" + + fragments = [ + x + for (_, frags, _) in self.pkt_infos + for x in frags + for _ in range(0, min(2, len(frags))) + ] + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + self.src_if.assert_nothing_captured() + + def test_long_fragment_chain(self): + """long fragment chain""" + + error_cnt_str = "/err/ip6-full-reassembly-feature/reass_fragment_chain_too_long" + + error_cnt = self.statistics.get_err_counter(error_cnt_str) + + self.vapi.ip_reassembly_set( + timeout_ms=100, + max_reassemblies=1000, + max_reassembly_length=3, + expire_walk_interval_ms=50, + is_ip6=1, + ) + + p = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) + / UDP(sport=1234, dport=5678) + / Raw(b"X" * 1000) + ) + frags = fragment_rfc8200(p, 1, 300) + fragment_rfc8200(p, 2, 500) + + self.pg_enable_capture() + self.src_if.add_stream(frags) + self.pg_start() + + self.dst_if.get_capture(1) + self.assert_error_counter_equal(error_cnt_str, error_cnt + 1) + + def test_overlap1(self): + """overlapping fragments case #1""" + + fragments = [] + for _, frags_400, frags_300 in self.pkt_infos: + if len(frags_300) == 1: + fragments.extend(frags_400) + else: + for i, j in zip(frags_300, frags_400): + fragments.extend(i) + fragments.extend(j) + + dropped_packet_indexes = set( + index for (index, _, frags) in self.pkt_infos if len(frags) > 1 + ) + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture( + len(self.pkt_infos) - len(dropped_packet_indexes) + ) + self.verify_capture(packets, dropped_packet_indexes) + self.src_if.assert_nothing_captured() + + def test_overlap2(self): + """overlapping fragments case #2""" + + fragments = [] + for _, frags_400, frags_300 in self.pkt_infos: + if len(frags_400) == 1: + fragments.extend(frags_400) + else: + # care must be taken here so that there are no fragments + # received by vpp after reassembly is finished, otherwise + # new reassemblies will be started and packet generator will + # freak out when it detects unfreed buffers + zipped = zip(frags_400, frags_300) + for i, j in zipped: + fragments.extend(i) + fragments.extend(j) + fragments.pop() + + dropped_packet_indexes = set( + index for (index, _, frags) in self.pkt_infos if len(frags) > 1 + ) + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + packets = self.dst_if.get_capture( + len(self.pkt_infos) - len(dropped_packet_indexes) + ) + self.verify_capture(packets, dropped_packet_indexes) + self.src_if.assert_nothing_captured() + + def test_timeout_inline(self): + """timeout (inline)""" + + dropped_packet_indexes = set( + index for (index, frags, _) in self.pkt_infos if len(frags) > 1 + ) + + self.vapi.ip_reassembly_set( + timeout_ms=0, + max_reassemblies=1000, + max_reassembly_length=3, + expire_walk_interval_ms=10000, + is_ip6=1, + ) + + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400) + self.pg_start() + + packets = self.dst_if.get_capture( + len(self.pkt_infos) - len(dropped_packet_indexes) + ) + self.verify_capture(packets, dropped_packet_indexes) + pkts = self.src_if._get_capture(1) + for icmp in pkts: + self.assertIn(ICMPv6TimeExceeded, icmp) + self.assertIn(IPv6ExtHdrFragment, icmp) + self.assertIn(icmp[IPv6ExtHdrFragment].id, dropped_packet_indexes) + dropped_packet_indexes.remove(icmp[IPv6ExtHdrFragment].id) + + def test_timeout_cleanup(self): + """timeout (cleanup)""" + + # whole packets + fragmented packets sans last fragment + fragments = [ + x + for (_, frags_400, _) in self.pkt_infos + for x in frags_400[: -1 if len(frags_400) > 1 else None] + ] + + # last fragments for fragmented packets + fragments2 = [ + frags_400[-1] for (_, frags_400, _) in self.pkt_infos if len(frags_400) > 1 + ] + + dropped_packet_indexes = set( + index for (index, frags_400, _) in self.pkt_infos if len(frags_400) > 1 + ) + + self.vapi.ip_reassembly_set( + timeout_ms=100, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=50, + ) + + self.vapi.ip_reassembly_set( + timeout_ms=100, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=50, + is_ip6=1, + ) + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + + self.virtual_sleep(0.25, "wait before sending rest of fragments") + + self.src_if.add_stream(fragments2) + self.pg_start() + + packets = self.dst_if.get_capture( + len(self.pkt_infos) - len(dropped_packet_indexes) + ) + self.verify_capture(packets, dropped_packet_indexes) + pkts = self.src_if._get_capture(1) + for icmp in pkts: + self.assertIn(ICMPv6TimeExceeded, icmp) + self.assertIn(IPv6ExtHdrFragment, icmp) + self.assertIn(icmp[IPv6ExtHdrFragment].id, dropped_packet_indexes) + dropped_packet_indexes.remove(icmp[IPv6ExtHdrFragment].id) + + def test_disabled(self): + """reassembly disabled""" + + dropped_packet_indexes = set( + index for (index, frags_400, _) in self.pkt_infos if len(frags_400) > 1 + ) + + self.vapi.ip_reassembly_set( + timeout_ms=1000, + max_reassemblies=0, + max_reassembly_length=3, + expire_walk_interval_ms=10000, + is_ip6=1, + ) + + self.pg_enable_capture() + self.src_if.add_stream(self.fragments_400) + self.pg_start() + + packets = self.dst_if.get_capture( + len(self.pkt_infos) - len(dropped_packet_indexes) + ) + self.verify_capture(packets, dropped_packet_indexes) + self.src_if.assert_nothing_captured() + + def test_missing_upper(self): + """missing upper layer""" + optdata = "\x00" * 100 + p = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.src_if.local_ip6) + / IPv6ExtHdrFragment(m=1) + / IPv6ExtHdrDestOpt( + nh=17, options=PadN(optdata="\101" * 255) / PadN(optdata="\102" * 255) + ) + ) + + self.pg_enable_capture() + self.src_if.add_stream([p]) + self.pg_start() + pkts = self.src_if.get_capture(expected_count=1) + icmp = pkts[0] + self.assertIn(ICMPv6ParamProblem, icmp) + self.assert_equal(icmp[ICMPv6ParamProblem].code, 3, "ICMP code") + + def test_truncated_fragment(self): + """truncated fragment""" + pkt = ( + Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) + / IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6, nh=44, plen=2) + / IPv6ExtHdrFragment(nh=6) + ) + + self.send_and_assert_no_replies(self.pg0, [pkt], self.pg0) + + def test_invalid_frag_size(self): + """fragment size not a multiple of 8""" + p = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.src_if.local_ip6) + / UDP(sport=1234, dport=5678) + / Raw() + ) + self.extend_packet(p, 1000, self.padding) + fragments = fragment_rfc8200(p, 1, 500) + bad_fragment = fragments[0] + self.extend_packet(bad_fragment, len(bad_fragment) + 5) + self.pg_enable_capture() + self.src_if.add_stream([bad_fragment]) + self.pg_start() + pkts = self.src_if.get_capture(expected_count=1) + icmp = pkts[0] + self.assertIn(ICMPv6ParamProblem, icmp) + self.assert_equal(icmp[ICMPv6ParamProblem].code, 0, "ICMP code") + + def test_invalid_packet_size(self): + """total packet size > 65535""" + p = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.src_if.local_ip6) + / UDP(sport=1234, dport=5678) + / Raw() + ) + self.extend_packet(p, 1000, self.padding) + fragments = fragment_rfc8200(p, 1, 500) + bad_fragment = fragments[1] + bad_fragment[IPv6ExtHdrFragment].offset = 65500 + self.pg_enable_capture() + self.src_if.add_stream([bad_fragment]) + self.pg_start() + pkts = self.src_if.get_capture(expected_count=1) + icmp = pkts[0] + self.assertIn(ICMPv6ParamProblem, icmp) + self.assert_equal(icmp[ICMPv6ParamProblem].code, 0, "ICMP code") - dropped_packet_indexes = set( - index for (index, frags, _, _) in self.pkt_infos if len(frags) > 1 + def test_atomic_fragment(self): + """IPv6 atomic fragment""" + pkt = ( + Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) + / IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6, nh=44, plen=65535) + / IPv6ExtHdrFragment( + offset=8191, m=1, res1=0xFF, res2=0xFF, nh=255, id=0xFFFF + ) + / ("X" * 1452) ) - super(TestIPv4Reassembly, self).test_timeout_inline( - family, stream, dropped_packet_indexes) - - self.src_if.assert_nothing_captured() - def test_timeout_cleanup(self): - """ timeout (cleanup) """ + rx = self.send_and_expect(self.pg0, [pkt], self.pg0) + self.assertIn(ICMPv6ParamProblem, rx[0]) - # whole packets + fragmented packets sans last fragment - fragments = [ - x for (_, frags_400, _, _) in self.pkt_infos - for x in frags_400[:-1 if len(frags_400) > 1 else None] - ] + def test_truncated_fragment(self): + """IPv6 truncated fragment header""" + pkt = ( + Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) + / IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6, nh=44, plen=2) + / IPv6ExtHdrFragment(nh=6) + ) - # last fragments for fragmented packets - fragments2 = [frags_400[-1] - for (_, frags_400, _, _) in self.pkt_infos - if len(frags_400) > 1] + self.send_and_assert_no_replies(self.pg0, [pkt]) - dropped_packet_indexes = set( - index for (index, frags_400, _, _) in self.pkt_infos - if len(frags_400) > 1) + pkt = ( + Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) + / IPv6(src=self.pg0.remote_ip6, dst=self.pg0.remote_ip6) + / ICMPv6EchoRequest() + ) + rx = self.send_and_expect(self.pg0, [pkt], self.pg0) + + def test_one_fragment(self): + """whole packet in one fragment processed independently""" + pkt = ( + Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) + / IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) + / ICMPv6EchoRequest() + / Raw("X" * 1600) + ) + frags = fragment_rfc8200(pkt, 1, 400) - self.vapi.ip_reassembly_set(timeout_ms=100, max_reassemblies=1000, - expire_walk_interval_ms=50) + # send a fragment with known id + self.send_and_assert_no_replies(self.pg0, [frags[0]]) - self.pg_enable_capture() - self.src_if.add_stream(fragments) - self.pg_start() + # send an atomic fragment with same id - should be reassembled + pkt = ( + Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) + / IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) + / IPv6ExtHdrFragment(id=1) + / ICMPv6EchoRequest() + ) + rx = self.send_and_expect(self.pg0, [pkt], self.pg0) + self.assertNotIn(IPv6ExtHdrFragment, rx) + + # now finish the original reassembly, this should still be possible + rx = self.send_and_expect(self.pg0, frags[1:], self.pg0, n_rx=1) + self.assertNotIn(IPv6ExtHdrFragment, rx) + + def test_bunch_of_fragments(self): + """valid fragments followed by rogue fragments and atomic fragment""" + pkt = ( + Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) + / IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) + / ICMPv6EchoRequest() + / Raw("X" * 1600) + ) + frags = fragment_rfc8200(pkt, 1, 400) + self.send_and_expect(self.pg0, frags, self.pg0, n_rx=1) + + inc_frag = ( + Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) + / IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) + / IPv6ExtHdrFragment(id=1, nh=58, offset=608) + / Raw("X" * 308) + ) - self.sleep(.25, "wait before sending rest of fragments") + self.send_and_assert_no_replies(self.pg0, inc_frag * 604) - self.src_if.add_stream(fragments2) - self.pg_start() + pkt = ( + Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) + / IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) + / IPv6ExtHdrFragment(id=1) + / ICMPv6EchoRequest() + ) + rx = self.send_and_expect(self.pg0, [pkt], self.pg0) + self.assertNotIn(IPv6ExtHdrFragment, rx) - packets = self.dst_if.get_capture( - len(self.pkt_infos) - len(dropped_packet_indexes)) - self.verify_capture(IP, packets, dropped_packet_indexes) - self.src_if.assert_nothing_captured() + def test_local_enable_disable(self): + """local reassembly enabled/disable""" + self.vapi.ip_reassembly_enable_disable( + sw_if_index=self.src_if.sw_if_index, enable_ip6=False + ) + self.vapi.ip_local_reass_enable_disable(enable_ip6=True) + pkt = ( + Ether(src=self.src_if.local_mac, dst=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.src_if.local_ip6) + / ICMPv6EchoRequest(id=1234) + / Raw("X" * 1600) + ) + frags = fragment_rfc8200(pkt, 1, 400) + r = self.send_and_expect(self.src_if, frags, self.src_if, n_rx=1)[0] + self.assertEqual(1234, r[ICMPv6EchoReply].id) + self.vapi.ip_local_reass_enable_disable() - @parameterized.expand([(IP, None, None)]) - def test_disabled(self, family, stream, dropped_packet_indexes): - """ reassembly disabled """ + self.send_and_assert_no_replies(self.src_if, frags) + self.vapi.ip_local_reass_enable_disable(enable_ip6=True) - stream = self.__class__.fragments_400 - dropped_packet_indexes = set( - index for (index, frags_400, _, _) in self.pkt_infos - if len(frags_400) > 1) - super(TestIPv4Reassembly, self).test_disabled( - family, stream, dropped_packet_indexes) +class TestIPv6MWReassembly(VppTestCase): + """IPv6 Reassembly (multiple workers)""" -class TestIPv6Reassembly(TestIPReassemblyMixin, VppTestCase): - """ IPv6 Reassembly """ + vpp_worker_count = 3 @classmethod def setUpClass(cls): - super(TestIPv6Reassembly, cls).setUpClass() + super().setUpClass() - cls.create_pg_interfaces([0, 1]) + cls.create_pg_interfaces(range(cls.vpp_worker_count + 1)) cls.src_if = cls.pg0 - cls.dst_if = cls.pg1 + cls.send_ifs = cls.pg_interfaces[:-1] + cls.dst_if = cls.pg_interfaces[-1] # setup all interfaces for i in cls.pg_interfaces: @@ -549,50 +1782,71 @@ class TestIPv6Reassembly(TestIPReassemblyMixin, VppTestCase): i.config_ip6() i.resolve_ndp() - # packet sizes - cls.packet_sizes = [64, 512, 1518, 9018] + # packets sizes reduced here because we are generating packets without + # Ethernet headers, which are added later (diff fragments go via + # different interfaces) + cls.packet_sizes = [ + 64 - len(Ether()), + 512 - len(Ether()), + 1518 - len(Ether()), + 9018 - len(Ether()), + ] cls.padding = " abcdefghijklmn" cls.create_stream(cls.packet_sizes) cls.create_fragments() @classmethod def tearDownClass(cls): - super(TestIPv6Reassembly, cls).tearDownClass() + super().tearDownClass() def setUp(self): - """ Test setup - force timeout on existing reassemblies """ - super(TestIPv6Reassembly, self).setUp() - self.vapi.ip_reassembly_enable_disable( - sw_if_index=self.src_if.sw_if_index, enable_ip6=True) - self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, - expire_walk_interval_ms=10, is_ip6=1) - self.sleep(.25) - self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000, - expire_walk_interval_ms=10000, is_ip6=1) - self.logger.debug(self.vapi.ppcli("show ip6-reassembly details")) - self.logger.debug(self.vapi.ppcli("show buffers")) + """Test setup - force timeout on existing reassemblies""" + super().setUp() + for intf in self.send_ifs: + self.vapi.ip_reassembly_enable_disable( + sw_if_index=intf.sw_if_index, enable_ip6=True + ) + self.vapi.ip_reassembly_set( + timeout_ms=0, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10, + is_ip6=1, + ) + self.virtual_sleep(0.25) + self.vapi.ip_reassembly_set( + timeout_ms=1000000, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=1000, + is_ip6=1, + ) def tearDown(self): - super(TestIPv6Reassembly, self).tearDown() + for intf in self.send_ifs: + self.vapi.ip_reassembly_enable_disable( + sw_if_index=intf.sw_if_index, enable_ip6=False + ) + super().tearDown() def show_commands_at_teardown(self): - self.logger.debug(self.vapi.ppcli("show ip6-reassembly details")) + self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details")) self.logger.debug(self.vapi.ppcli("show buffers")) @classmethod def create_stream(cls, packet_sizes, packet_count=test_packet_count): - """Create input packet stream for defined interface. + """Create input packet stream :param list packet_sizes: Required packet sizes. """ for i in range(0, packet_count): info = cls.create_packet_info(cls.src_if, cls.src_if) payload = cls.info_to_payload(info) - p = (Ether(dst=cls.src_if.local_mac, src=cls.src_if.remote_mac) / - IPv6(src=cls.src_if.remote_ip6, - dst=cls.dst_if.remote_ip6) / - UDP(sport=1234, dport=5678) / - Raw(payload)) + p = ( + IPv6(src=cls.src_if.remote_ip6, dst=cls.dst_if.remote_ip6) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) size = packet_sizes[(i // 2) % len(packet_sizes)] cls.extend_packet(p, size, cls.padding) info.data = p @@ -601,248 +1855,412 @@ class TestIPv6Reassembly(TestIPReassemblyMixin, VppTestCase): def create_fragments(cls): infos = cls._packet_infos cls.pkt_infos = [] - for index, info in six.iteritems(infos): + for index, info in infos.items(): p = info.data # cls.logger.debug(ppp("Packet:", # p.__class__(scapy.compat.raw(p)))) - fragments_400 = fragment_rfc8200(p, info.index, 400) - fragments_300 = fragment_rfc8200(p, info.index, 300) - cls.pkt_infos.append((index, fragments_400, fragments_300)) - cls.fragments_400 = [ - x for _, frags, _ in cls.pkt_infos for x in frags] - cls.fragments_300 = [ - x for _, _, frags in cls.pkt_infos for x in frags] - cls.logger.debug("Fragmented %s packets into %s 400-byte fragments, " - "and %s 300-byte fragments" % - (len(infos), len(cls.fragments_400), - len(cls.fragments_300))) - - @parameterized.expand([(IPv6, None)]) - def test_reassembly(self, family, stream): - """ basic reassembly """ - stream = self.__class__.fragments_400 - super(TestIPv6Reassembly, self).test_reassembly(family, stream) - - @parameterized.expand([(IPv6, None)]) - def test_reversed(self, family, stream): - """ reverse order reassembly """ - stream = self.__class__.fragments_400 - super(TestIPv6Reassembly, self).test_reversed(family, stream) - - @parameterized.expand([(IPv6, None)]) - def test_random(self, family, stream): - """ random order reassembly """ - stream = self.__class__.fragments_400 - super(TestIPv6Reassembly, self).test_random(family, stream) - - @parameterized.expand([(IPv6, None)]) - def test_duplicates(self, family, stream): - """ duplicate fragments """ - - fragments = [ - # IPv4 uses 4 fields in pkt_infos, IPv6 uses 3. - x for (_, frags, _) in self.pkt_infos - for x in frags - for _ in range(0, min(2, len(frags))) - ] - super(TestIPv6Reassembly, self).test_duplicates(family, fragments) - - def test_overlap1(self): - """ overlapping fragments case #1 (differs from IP test case)""" + fragments_400 = fragment_rfc8200(p, index, 400) + cls.pkt_infos.append((index, fragments_400)) + cls.fragments_400 = [x for (_, frags) in cls.pkt_infos for x in frags] + cls.logger.debug( + "Fragmented %s packets into %s 400-byte fragments, " + % (len(infos), len(cls.fragments_400)) + ) - fragments = [] - for _, frags_400, frags_300 in self.pkt_infos: - if len(frags_300) == 1: - fragments.extend(frags_400) - else: - for i, j in zip(frags_300, frags_400): - fragments.extend(i) - fragments.extend(j) + def verify_capture(self, capture, dropped_packet_indexes=[]): + """Verify captured packet strea . - dropped_packet_indexes = set( - index for (index, _, frags) in self.pkt_infos if len(frags) > 1 - ) + :param list capture: Captured packet stream. + """ + info = None + seen = set() + for packet in capture: + try: + self.logger.debug(ppp("Got packet:", packet)) + ip = packet[IPv6] + udp = packet[UDP] + payload_info = self.payload_to_info(packet[Raw]) + packet_index = payload_info.index + self.assertTrue( + packet_index not in dropped_packet_indexes, + ppp("Packet received, but should be dropped:", packet), + ) + if packet_index in seen: + raise Exception(ppp("Duplicate packet received", packet)) + seen.add(packet_index) + self.assertEqual(payload_info.dst, self.src_if.sw_if_index) + info = self._packet_infos[packet_index] + self.assertTrue(info is not None) + self.assertEqual(packet_index, info.index) + saved_packet = info.data + self.assertEqual(ip.src, saved_packet[IPv6].src) + self.assertEqual(ip.dst, saved_packet[IPv6].dst) + self.assertEqual(udp.payload, saved_packet[UDP].payload) + except Exception: + self.logger.error(ppp("Unexpected or invalid packet:", packet)) + raise + for index in self._packet_infos: + self.assertTrue( + index in seen or index in dropped_packet_indexes, + "Packet with packet_index %d not received" % index, + ) - self.pg_enable_capture() - self.src_if.add_stream(fragments) + def send_packets(self, packets): + for counter in range(self.vpp_worker_count): + if 0 == len(packets[counter]): + continue + send_if = self.send_ifs[counter] + send_if.add_stream( + ( + Ether(dst=send_if.local_mac, src=send_if.remote_mac) / x + for x in packets[counter] + ), + worker=counter, + ) self.pg_start() - packets = self.dst_if.get_capture( - len(self.pkt_infos) - len(dropped_packet_indexes)) - self.verify_capture(IPv6, packets, dropped_packet_indexes) - self.src_if.assert_nothing_captured() + def test_worker_conflict(self): + """1st and FO=0 fragments on different workers""" + + # in first wave we send fragments which don't start at offset 0 + # then we send fragments with offset 0 on a different thread + # then the rest of packets on a random thread + first_packets = [[] for n in range(self.vpp_worker_count)] + second_packets = [[] for n in range(self.vpp_worker_count)] + rest_of_packets = [[] for n in range(self.vpp_worker_count)] + for _, p in self.pkt_infos: + wi = randrange(self.vpp_worker_count) + second_packets[wi].append(p[0]) + if len(p) <= 1: + continue + wi2 = wi + while wi2 == wi: + wi2 = randrange(self.vpp_worker_count) + first_packets[wi2].append(p[1]) + wi3 = randrange(self.vpp_worker_count) + rest_of_packets[wi3].extend(p[2:]) - def test_overlap2(self): - """ overlapping fragments case #2 (differs from IP test case)""" + self.pg_enable_capture() + self.send_packets(first_packets) + self.send_packets(second_packets) + self.send_packets(rest_of_packets) - fragments = [] - for _, frags_400, frags_300 in self.pkt_infos: - if len(frags_400) == 1: - fragments.extend(frags_400) - else: - # care must be taken here so that there are no fragments - # received by vpp after reassembly is finished, otherwise - # new reassemblies will be started and packet generator will - # freak out when it detects unfreed buffers - zipped = zip(frags_400, frags_300) - for i, j in zipped[:-1]: - fragments.extend(i) - fragments.extend(j) - fragments.append(zipped[-1][0]) + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + for send_if in self.send_ifs: + send_if.assert_nothing_captured() - dropped_packet_indexes = set( - index for (index, _, frags) in self.pkt_infos if len(frags) > 1 - ) + self.logger.debug(self.vapi.ppcli("show trace")) + self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.vapi.cli("clear trace") self.pg_enable_capture() - self.src_if.add_stream(fragments) - self.pg_start() - - packets = self.dst_if.get_capture( - len(self.pkt_infos) - len(dropped_packet_indexes)) - self.verify_capture(IPv6, packets, dropped_packet_indexes) - self.src_if.assert_nothing_captured() + self.send_packets(first_packets) + self.send_packets(second_packets) + self.send_packets(rest_of_packets) - @parameterized.expand([(IPv6, None, None)]) - def test_timeout_inline(self, family, stream, dropped_packets_index): - """ timeout (inline) """ - stream = self.__class__.fragments_400 + packets = self.dst_if.get_capture(len(self.pkt_infos)) + self.verify_capture(packets) + for send_if in self.send_ifs: + send_if.assert_nothing_captured() - dropped_packet_indexes = set( - index for (index, frags, _) in self.pkt_infos if len(frags) > 1 - ) - super(TestIPv6Reassembly, self).test_timeout_inline( - family, stream, dropped_packet_indexes) - pkts = self.src_if.get_capture( - expected_count=len(dropped_packet_indexes)) - for icmp in pkts: - self.assertIn(ICMPv6TimeExceeded, icmp) - self.assertIn(IPv6ExtHdrFragment, icmp) - self.assertIn(icmp[IPv6ExtHdrFragment].id, dropped_packet_indexes) - dropped_packet_indexes.remove(icmp[IPv6ExtHdrFragment].id) +class TestIPv6SVReassembly(VppTestCase): + """IPv6 Shallow Virtual Reassembly""" - def test_timeout_cleanup(self): - """ timeout (cleanup) """ + @classmethod + def setUpClass(cls): + super().setUpClass() - # whole packets + fragmented packets sans last fragment - fragments = [ - x for (_, frags_400, _) in self.pkt_infos - for x in frags_400[:-1 if len(frags_400) > 1 else None] - ] + cls.create_pg_interfaces([0, 1]) + cls.src_if = cls.pg0 + cls.dst_if = cls.pg1 - # last fragments for fragmented packets - fragments2 = [frags_400[-1] - for (_, frags_400, _) in self.pkt_infos - if len(frags_400) > 1] + # setup all interfaces + for i in cls.pg_interfaces: + i.admin_up() + i.config_ip6() + i.resolve_ndp() - dropped_packet_indexes = set( - index for (index, frags_400, _) in self.pkt_infos - if len(frags_400) > 1) + def setUp(self): + """Test setup - force timeout on existing reassemblies""" + super().setUp() + self.vapi.ip_reassembly_enable_disable( + sw_if_index=self.src_if.sw_if_index, + enable_ip6=True, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + ) + self.vapi.ip_reassembly_set( + timeout_ms=0, + max_reassemblies=1000, + max_reassembly_length=1000, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + expire_walk_interval_ms=10, + is_ip6=1, + ) + self.virtual_sleep(0.25) + self.vapi.ip_reassembly_set( + timeout_ms=1000000, + max_reassemblies=1000, + max_reassembly_length=1000, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + expire_walk_interval_ms=10000, + is_ip6=1, + ) - self.vapi.ip_reassembly_set(timeout_ms=100, max_reassemblies=1000, - expire_walk_interval_ms=50) + def tearDown(self): + super().tearDown() + self.logger.debug(self.vapi.ppcli("show ip6-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) - self.vapi.ip_reassembly_set(timeout_ms=100, max_reassemblies=1000, - expire_walk_interval_ms=50, is_ip6=1) + def test_basic(self): + """basic reassembly""" + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + p = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) + fragments = fragment_rfc8200(p, 1, payload_len / 4) + # send fragment #2 - should be cached inside reassembly self.pg_enable_capture() - self.src_if.add_stream(fragments) + self.src_if.add_stream(fragments[1]) self.pg_start() + self.logger.debug(self.vapi.ppcli("show ip6-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + self.dst_if.assert_nothing_captured() - self.sleep(.25, "wait before sending rest of fragments") + # send fragment #1 - reassembly is finished now and both fragments + # forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[0]) + self.pg_start() + self.logger.debug(self.vapi.ppcli("show ip6-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + c = self.dst_if.get_capture(2) + for sent, recvd in zip([fragments[1], fragments[0]], c): + self.assertEqual(sent[IPv6].src, recvd[IPv6].src) + self.assertEqual(sent[IPv6].dst, recvd[IPv6].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + # send rest of fragments - should be immediately forwarded + self.pg_enable_capture() + self.src_if.add_stream(fragments[2:]) + self.pg_start() + c = self.dst_if.get_capture(len(fragments[2:])) + for sent, recvd in zip(fragments[2:], c): + self.assertEqual(sent[IPv6].src, recvd[IPv6].src) + self.assertEqual(sent[IPv6].dst, recvd[IPv6].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + def test_verify_clear_trace_mid_reassembly(self): + """verify clear trace works mid-reassembly""" + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + p = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) + fragments = fragment_rfc8200(p, 1, payload_len / 4) - self.src_if.add_stream(fragments2) + self.pg_enable_capture() + self.src_if.add_stream(fragments[1]) self.pg_start() - packets = self.dst_if.get_capture( - len(self.pkt_infos) - len(dropped_packet_indexes)) - self.verify_capture(IPv6, packets, dropped_packet_indexes) - pkts = self.src_if.get_capture( - expected_count=len(dropped_packet_indexes)) - for icmp in pkts: - self.assertIn(ICMPv6TimeExceeded, icmp) - self.assertIn(IPv6ExtHdrFragment, icmp) - self.assertIn(icmp[IPv6ExtHdrFragment].id, dropped_packet_indexes) - dropped_packet_indexes.remove(icmp[IPv6ExtHdrFragment].id) + self.logger.debug(self.vapi.cli("show trace")) + self.vapi.cli("clear trace") - @parameterized.expand([(IPv6, None, None)]) - def test_disabled(self, family, stream, dropped_packet_indexes): - """ reassembly disabled """ + self.pg_enable_capture() + self.src_if.add_stream(fragments[0]) + self.pg_start() + self.dst_if.get_capture(2) - stream = self.__class__.fragments_400 - dropped_packet_indexes = set( - index for (index, frags_400, _) in self.pkt_infos - if len(frags_400) > 1) - super(TestIPv6Reassembly, self).test_disabled( - family, stream, dropped_packet_indexes) - self.src_if.assert_nothing_captured() + self.logger.debug(self.vapi.cli("show trace")) + self.vapi.cli("clear trace") - def test_missing_upper(self): - """ missing upper layer """ - p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / - IPv6(src=self.src_if.remote_ip6, - dst=self.src_if.local_ip6) / - UDP(sport=1234, dport=5678) / - Raw()) - self.extend_packet(p, 1000, self.padding) - fragments = fragment_rfc8200(p, 1, 500) - bad_fragment = p.__class__(scapy.compat.raw(fragments[1])) - bad_fragment[IPv6ExtHdrFragment].nh = 59 - bad_fragment[IPv6ExtHdrFragment].offset = 0 self.pg_enable_capture() - self.src_if.add_stream([bad_fragment]) + self.src_if.add_stream(fragments[2:]) self.pg_start() - pkts = self.src_if.get_capture(expected_count=1) - icmp = pkts[0] - self.assertIn(ICMPv6ParamProblem, icmp) - self.assert_equal(icmp[ICMPv6ParamProblem].code, 3, "ICMP code") + self.dst_if.get_capture(len(fragments[2:])) + + def test_timeout(self): + """reassembly timeout""" + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + p = ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) + fragments = fragment_rfc8200(p, 1, payload_len / 4) + + self.vapi.ip_reassembly_set( + timeout_ms=100, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=50, + is_ip6=1, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + ) - def test_invalid_frag_size(self): - """ fragment size not a multiple of 8 """ - p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / - IPv6(src=self.src_if.remote_ip6, - dst=self.src_if.local_ip6) / - UDP(sport=1234, dport=5678) / - Raw()) - self.extend_packet(p, 1000, self.padding) - fragments = fragment_rfc8200(p, 1, 500) - bad_fragment = fragments[0] - self.extend_packet(bad_fragment, len(bad_fragment) + 5) + # send fragments #2 and #1 - should be forwarded self.pg_enable_capture() - self.src_if.add_stream([bad_fragment]) + self.src_if.add_stream(fragments[0:2]) self.pg_start() - pkts = self.src_if.get_capture(expected_count=1) - icmp = pkts[0] - self.assertIn(ICMPv6ParamProblem, icmp) - self.assert_equal(icmp[ICMPv6ParamProblem].code, 0, "ICMP code") + self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details")) + self.logger.debug(self.vapi.ppcli("show buffers")) + self.logger.debug(self.vapi.ppcli("show trace")) + c = self.dst_if.get_capture(2) + for sent, recvd in zip([fragments[1], fragments[0]], c): + self.assertEqual(sent[IPv6].src, recvd[IPv6].src) + self.assertEqual(sent[IPv6].dst, recvd[IPv6].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) - def test_invalid_packet_size(self): - """ total packet size > 65535 """ - p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / - IPv6(src=self.src_if.remote_ip6, - dst=self.src_if.local_ip6) / - UDP(sport=1234, dport=5678) / - Raw()) - self.extend_packet(p, 1000, self.padding) - fragments = fragment_rfc8200(p, 1, 500) - bad_fragment = fragments[1] - bad_fragment[IPv6ExtHdrFragment].offset = 65500 + # wait for cleanup + self.virtual_sleep(0.25, "wait before sending rest of fragments") + + # send rest of fragments - shouldn't be forwarded self.pg_enable_capture() - self.src_if.add_stream([bad_fragment]) + self.src_if.add_stream(fragments[2:]) self.pg_start() - pkts = self.src_if.get_capture(expected_count=1) - icmp = pkts[0] - self.assertIn(ICMPv6ParamProblem, icmp) - self.assert_equal(icmp[ICMPv6ParamProblem].code, 0, "ICMP code") + self.dst_if.assert_nothing_captured() + + def test_lru(self): + """reassembly reuses LRU element""" + + self.vapi.ip_reassembly_set( + timeout_ms=1000000, + max_reassemblies=1, + max_reassembly_length=1000, + type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL, + is_ip6=1, + expire_walk_interval_ms=10000, + ) + + payload_len = 1000 + payload = "" + counter = 0 + while len(payload) < payload_len: + payload += "%u " % counter + counter += 1 + + packet_count = 10 + + fragments = [ + f + for i in range(packet_count) + for p in ( + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) + for f in fragment_rfc8200(p, i, payload_len / 4) + ] + + self.pg_enable_capture() + self.src_if.add_stream(fragments) + self.pg_start() + c = self.dst_if.get_capture(len(fragments)) + for sent, recvd in zip(fragments, c): + self.assertEqual(sent[IPv6].src, recvd[IPv6].src) + self.assertEqual(sent[IPv6].dst, recvd[IPv6].dst) + self.assertEqual(sent[Raw].payload, recvd[Raw].payload) + + def test_one_fragment(self): + """whole packet in one fragment processed independently""" + pkt = ( + Ether(src=self.src_if.local_mac, dst=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) + / ICMPv6EchoRequest() + / Raw("X" * 1600) + ) + frags = fragment_rfc8200(pkt, 1, 400) + + # send a fragment with known id + self.send_and_expect(self.src_if, [frags[0]], self.dst_if) + + # send an atomic fragment with same id - should be reassembled + pkt = ( + Ether(src=self.src_if.local_mac, dst=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) + / IPv6ExtHdrFragment(id=1) + / ICMPv6EchoRequest() + ) + rx = self.send_and_expect(self.src_if, [pkt], self.dst_if) + + # now forward packets matching original reassembly, should still work + rx = self.send_and_expect(self.src_if, frags[1:], self.dst_if) + + def test_bunch_of_fragments(self): + """valid fragments followed by rogue fragments and atomic fragment""" + pkt = ( + Ether(src=self.src_if.local_mac, dst=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) + / ICMPv6EchoRequest() + / Raw("X" * 1600) + ) + frags = fragment_rfc8200(pkt, 1, 400) + rx = self.send_and_expect(self.src_if, frags, self.dst_if) + + rogue = ( + Ether(src=self.src_if.local_mac, dst=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) + / IPv6ExtHdrFragment(id=1, nh=58, offset=608) + / Raw("X" * 308) + ) + + self.send_and_expect(self.src_if, rogue * 604, self.dst_if) + + pkt = ( + Ether(src=self.src_if.local_mac, dst=self.src_if.remote_mac) + / IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) + / IPv6ExtHdrFragment(id=1) + / ICMPv6EchoRequest() + ) + rx = self.send_and_expect(self.src_if, [pkt], self.dst_if) + + def test_truncated_fragment(self): + """truncated fragment""" + pkt = ( + Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) + / IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6, nh=44, plen=2) + / IPv6ExtHdrFragment(nh=6) + ) + + self.send_and_assert_no_replies(self.pg0, [pkt], self.pg0) class TestIPv4ReassemblyLocalNode(VppTestCase): - """ IPv4 Reassembly for packets coming to ip4-local node """ + """IPv4 Reassembly for packets coming to ip4-local node""" @classmethod def setUpClass(cls): - super(TestIPv4ReassemblyLocalNode, cls).setUpClass() + super().setUpClass() cls.create_pg_interfaces([0]) cls.src_dst_if = cls.pg0 @@ -859,22 +2277,30 @@ class TestIPv4ReassemblyLocalNode(VppTestCase): @classmethod def tearDownClass(cls): - super(TestIPv4ReassemblyLocalNode, cls).tearDownClass() + super().tearDownClass() def setUp(self): - """ Test setup - force timeout on existing reassemblies """ - super(TestIPv4ReassemblyLocalNode, self).setUp() - self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, - expire_walk_interval_ms=10) - self.sleep(.25) - self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000, - expire_walk_interval_ms=10000) + """Test setup - force timeout on existing reassemblies""" + super().setUp() + self.vapi.ip_reassembly_set( + timeout_ms=0, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10, + ) + self.virtual_sleep(0.25) + self.vapi.ip_reassembly_set( + timeout_ms=1000000, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10000, + ) def tearDown(self): - super(TestIPv4ReassemblyLocalNode, self).tearDown() + super().tearDown() def show_commands_at_teardown(self): - self.logger.debug(self.vapi.ppcli("show ip4-reassembly details")) + self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details")) self.logger.debug(self.vapi.ppcli("show buffers")) @classmethod @@ -886,12 +2312,16 @@ class TestIPv4ReassemblyLocalNode(VppTestCase): for i in range(0, packet_count): info = cls.create_packet_info(cls.src_dst_if, cls.src_dst_if) payload = cls.info_to_payload(info) - p = (Ether(dst=cls.src_dst_if.local_mac, - src=cls.src_dst_if.remote_mac) / - IP(id=info.index, src=cls.src_dst_if.remote_ip4, - dst=cls.src_dst_if.local_ip4) / - ICMP(type='echo-request', id=1234) / - Raw(payload)) + p = ( + Ether(dst=cls.src_dst_if.local_mac, src=cls.src_dst_if.remote_mac) + / IP( + id=info.index, + src=cls.src_dst_if.remote_ip4, + dst=cls.src_dst_if.local_ip4, + ) + / ICMP(type="echo-request", id=1234) + / Raw(payload) + ) cls.extend_packet(p, 1518, cls.padding) info.data = p @@ -899,15 +2329,17 @@ class TestIPv4ReassemblyLocalNode(VppTestCase): def create_fragments(cls): infos = cls._packet_infos cls.pkt_infos = [] - for index, info in six.iteritems(infos): + for index, info in infos.items(): p = info.data # cls.logger.debug(ppp("Packet:", # p.__class__(scapy.compat.raw(p)))) fragments_300 = fragment_rfc791(p, 300) cls.pkt_infos.append((index, fragments_300)) cls.fragments_300 = [x for (_, frags) in cls.pkt_infos for x in frags] - cls.logger.debug("Fragmented %s packets into %s 300-byte fragments" % - (len(infos), len(cls.fragments_300))) + cls.logger.debug( + "Fragmented %s packets into %s 300-byte fragments" + % (len(infos), len(cls.fragments_300)) + ) def verify_capture(self, capture): """Verify captured packet stream. @@ -940,11 +2372,12 @@ class TestIPv4ReassemblyLocalNode(VppTestCase): self.logger.error(ppp("Unexpected or invalid packet:", packet)) raise for index in self._packet_infos: - self.assertIn(index, seen, - "Packet with packet_index %d not received" % index) + self.assertIn( + index, seen, "Packet with packet_index %d not received" % index + ) def test_reassembly(self): - """ basic reassembly """ + """basic reassembly""" self.pg_enable_capture() self.src_dst_if.add_stream(self.fragments_300) @@ -963,11 +2396,11 @@ class TestIPv4ReassemblyLocalNode(VppTestCase): class TestFIFReassembly(VppTestCase): - """ Fragments in fragments reassembly """ + """Fragments in fragments reassembly""" @classmethod def setUpClass(cls): - super(TestFIFReassembly, cls).setUpClass() + super().setUpClass() cls.create_pg_interfaces([0, 1]) cls.src_if = cls.pg0 @@ -984,33 +2417,51 @@ class TestFIFReassembly(VppTestCase): @classmethod def tearDownClass(cls): - super(TestFIFReassembly, cls).tearDownClass() + super().tearDownClass() def setUp(self): - """ Test setup - force timeout on existing reassemblies """ - super(TestFIFReassembly, self).setUp() + """Test setup - force timeout on existing reassemblies""" + super().setUp() self.vapi.ip_reassembly_enable_disable( - sw_if_index=self.src_if.sw_if_index, enable_ip4=True, - enable_ip6=True) + sw_if_index=self.src_if.sw_if_index, enable_ip4=True, enable_ip6=True + ) self.vapi.ip_reassembly_enable_disable( - sw_if_index=self.dst_if.sw_if_index, enable_ip4=True, - enable_ip6=True) - self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, - expire_walk_interval_ms=10) - self.vapi.ip_reassembly_set(timeout_ms=0, max_reassemblies=1000, - expire_walk_interval_ms=10, is_ip6=1) - self.sleep(.25) - self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000, - expire_walk_interval_ms=10000) - self.vapi.ip_reassembly_set(timeout_ms=1000000, max_reassemblies=1000, - expire_walk_interval_ms=10000, is_ip6=1) + sw_if_index=self.dst_if.sw_if_index, enable_ip4=True, enable_ip6=True + ) + self.vapi.ip_reassembly_set( + timeout_ms=0, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10, + ) + self.vapi.ip_reassembly_set( + timeout_ms=0, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10, + is_ip6=1, + ) + self.virtual_sleep(0.25) + self.vapi.ip_reassembly_set( + timeout_ms=1000000, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10000, + ) + self.vapi.ip_reassembly_set( + timeout_ms=1000000, + max_reassemblies=1000, + max_reassembly_length=1000, + expire_walk_interval_ms=10000, + is_ip6=1, + ) def tearDown(self): - super(TestFIFReassembly, self).tearDown() + super().tearDown() def show_commands_at_teardown(self): - self.logger.debug(self.vapi.ppcli("show ip4-reassembly details")) - self.logger.debug(self.vapi.ppcli("show ip6-reassembly details")) + self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details")) + self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details")) self.logger.debug(self.vapi.ppcli("show buffers")) def verify_capture(self, capture, ip_class, dropped_packet_indexes=[]): @@ -1029,7 +2480,8 @@ class TestFIFReassembly(VppTestCase): packet_index = payload_info.index self.assertTrue( packet_index not in dropped_packet_indexes, - ppp("Packet received, but should be dropped:", packet)) + ppp("Packet received, but should be dropped:", packet), + ) if packet_index in seen: raise Exception(ppp("Duplicate packet received", packet)) seen.add(packet_index) @@ -1045,11 +2497,13 @@ class TestFIFReassembly(VppTestCase): self.logger.error(ppp("Unexpected or invalid packet:", packet)) raise for index in self._packet_infos: - self.assertTrue(index in seen or index in dropped_packet_indexes, - "Packet with packet_index %d not received" % index) + self.assertTrue( + index in seen or index in dropped_packet_indexes, + "Packet with packet_index %d not received" % index, + ) def test_fif4(self): - """ Fragments in fragments (4o4) """ + """Fragments in fragments (4o4)""" # TODO this should be ideally in setUpClass, but then we hit a bug # with VppIpRoute incorrectly reporting it's present when it's not @@ -1063,11 +2517,15 @@ class TestFIFReassembly(VppTestCase): self.gre4.config_ip4() self.vapi.ip_reassembly_enable_disable( - sw_if_index=self.gre4.sw_if_index, enable_ip4=True) + sw_if_index=self.gre4.sw_if_index, enable_ip4=True + ) - self.route4 = VppIpRoute(self, self.tun_ip4, 32, - [VppRoutePath(self.src_if.remote_ip4, - self.src_if.sw_if_index)]) + self.route4 = VppIpRoute( + self, + self.tun_ip4, + 32, + [VppRoutePath(self.src_if.remote_ip4, self.src_if.sw_if_index)], + ) self.route4.add_vpp_config() self.reset_packet_infos() @@ -1077,28 +2535,33 @@ class TestFIFReassembly(VppTestCase): # Ethernet header here is only for size calculation, thus it # doesn't matter how it's initialized. This is to ensure that # reassembled packet is not > 9000 bytes, so that it's not dropped - p = (Ether() / - IP(id=i, src=self.src_if.remote_ip4, - dst=self.dst_if.remote_ip4) / - UDP(sport=1234, dport=5678) / - Raw(payload)) + p = ( + Ether() + / IP(id=i, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) size = self.packet_sizes[(i // 2) % len(self.packet_sizes)] self.extend_packet(p, size, self.padding) info.data = p[IP] # use only IP part, without ethernet header - fragments = [x for _, p in six.iteritems(self._packet_infos) - for x in fragment_rfc791(p.data, 400)] + fragments = [ + x + for _, p in self._packet_infos.items() + for x in fragment_rfc791(p.data, 400) + ] - encapped_fragments = \ - [Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / - IP(src=self.tun_ip4, dst=self.src_if.local_ip4) / - GRE() / - p - for p in fragments] + encapped_fragments = [ + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IP(src=self.tun_ip4, dst=self.src_if.local_ip4) + / GRE() + / p + for p in fragments + ] - fragmented_encapped_fragments = \ - [x for p in encapped_fragments - for x in fragment_rfc791(p, 200)] + fragmented_encapped_fragments = [ + x for p in encapped_fragments for x in fragment_rfc791(p, 200) + ] self.src_if.add_stream(fragmented_encapped_fragments) @@ -1115,7 +2578,7 @@ class TestFIFReassembly(VppTestCase): self.logger.debug(self.vapi.ppcli("show interface")) def test_fif6(self): - """ Fragments in fragments (6o6) """ + """Fragments in fragments (6o6)""" # TODO this should be ideally in setUpClass, but then we hit a bug # with VppIpRoute incorrectly reporting it's present when it's not # so we need to manually remove the vpp config, thus we cannot have @@ -1128,13 +2591,15 @@ class TestFIFReassembly(VppTestCase): self.gre6.config_ip6() self.vapi.ip_reassembly_enable_disable( - sw_if_index=self.gre6.sw_if_index, enable_ip6=True) + sw_if_index=self.gre6.sw_if_index, enable_ip6=True + ) - self.route6 = VppIpRoute(self, self.tun_ip6, 128, - [VppRoutePath(self.src_if.remote_ip6, - self.src_if.sw_if_index, - proto=DpoProto.DPO_PROTO_IP6)], - is_ip6=1) + self.route6 = VppIpRoute( + self, + self.tun_ip6, + 128, + [VppRoutePath(self.src_if.remote_ip6, self.src_if.sw_if_index)], + ) self.route6.add_vpp_config() self.reset_packet_infos() @@ -1144,34 +2609,41 @@ class TestFIFReassembly(VppTestCase): # Ethernet header here is only for size calculation, thus it # doesn't matter how it's initialized. This is to ensure that # reassembled packet is not > 9000 bytes, so that it's not dropped - p = (Ether() / - IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) / - UDP(sport=1234, dport=5678) / - Raw(payload)) + p = ( + Ether() + / IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) + / UDP(sport=1234, dport=5678) + / Raw(payload) + ) size = self.packet_sizes[(i // 2) % len(self.packet_sizes)] self.extend_packet(p, size, self.padding) info.data = p[IPv6] # use only IPv6 part, without ethernet header - fragments = [x for _, i in six.iteritems(self._packet_infos) - for x in fragment_rfc8200( - i.data, i.index, 400)] + fragments = [ + x + for _, i in self._packet_infos.items() + for x in fragment_rfc8200(i.data, i.index, 400) + ] - encapped_fragments = \ - [Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) / - IPv6(src=self.tun_ip6, dst=self.src_if.local_ip6) / - GRE() / - p - for p in fragments] + encapped_fragments = [ + Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) + / IPv6(src=self.tun_ip6, dst=self.src_if.local_ip6) + / GRE() + / p + for p in fragments + ] - fragmented_encapped_fragments = \ - [x for p in encapped_fragments for x in ( + fragmented_encapped_fragments = [ + x + for p in encapped_fragments + for x in ( fragment_rfc8200( - p, - 2 * len(self._packet_infos) + p[IPv6ExtHdrFragment].id, - 200) - if IPv6ExtHdrFragment in p else [p] + p, 2 * len(self._packet_infos) + p[IPv6ExtHdrFragment].id, 200 + ) + if IPv6ExtHdrFragment in p + else [p] ) - ] + ] self.src_if.add_stream(fragmented_encapped_fragments) @@ -1187,5 +2659,5 @@ class TestFIFReassembly(VppTestCase): self.gre6.remove_vpp_config() -if __name__ == '__main__': +if __name__ == "__main__": unittest.main(testRunner=VppTestRunner)