X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_trace_filter.py;h=fa0d74812f5ad790add69a4b3d126f254794933b;hb=e63a2d44d16774a88763c5f6368a3f7210c64ddc;hp=bde732d289f2b3dfe8e66975619c0acb927a9f2f;hpb=87d24db65facb89ca524c951b8379ca2ec4dbc7a;p=vpp.git diff --git a/test/test_trace_filter.py b/test/test_trace_filter.py index bde732d289f..fa0d74812f5 100644 --- a/test/test_trace_filter.py +++ b/test/test_trace_filter.py @@ -2,9 +2,17 @@ import unittest -from framework import VppTestCase, VppTestRunner, running_extended_tests +from framework import VppTestCase, VppTestRunner from vpp_ip_route import VppIpTable, VppIpRoute, VppRoutePath +from scapy.contrib.geneve import GENEVE +from scapy.packet import Raw +from scapy.layers.l2 import Ether +from scapy.layers.inet import IP, UDP +from scapy.layers.vxlan import VXLAN +from scapy.compat import raw +from scapy.utils import rdpcap + class TestTracefilter(VppTestCase): """ Packet Tracer Filter Test """ @@ -19,46 +27,218 @@ class TestTracefilter(VppTestCase): def setUp(self): super(TestTracefilter, self).setUp() + self.create_pg_interfaces(range(2)) + self.pg0.generate_remote_hosts(11) + for i in self.pg_interfaces: + i.admin_up() + i.config_ip4() + i.resolve_arp() def tearDown(self): super(TestTracefilter, self).tearDown() + for i in self.pg_interfaces: + i.unconfig() + i.admin_down() + + def cli(self, cmd): + r = self.vapi.cli_return_response(cmd) + if r.retval != 0: + s = "reply '%s'" % r.reply if hasattr( + r, "reply") else "retval '%s'" % r.retval + raise RuntimeError("cli command '%s' FAIL with %s" % (cmd, s)) + return r + + # check number of hits for classifier + def assert_hits(self, n): + r = self.cli("show classify table verbose") + self.assertTrue(r.reply.find("hits %i" % n) != -1) + + def add_trace_filter(self, mask, match): + self.cli("classify filter trace mask %s match %s" % (mask, match)) + self.cli("clear trace") + self.cli("trace add pg-input 1000 filter") - def test_mactime_unitTest(self): + def del_trace_filters(self): + self.cli("classify filter trace del") + r = self.cli("show classify filter") + s = "packet tracer: first table none" + self.assertTrue(r.reply.find(s) != -1) + + def del_pcap_filters(self): + self.cli("classify filter pcap del") + r = self.cli("show classify filter") + s = "pcap rx/tx/drop: first table none" + self.assertTrue(r.reply.find(s) != -1) + + def test_basic(self): """ Packet Tracer Filter Test """ - cmds = ["loopback create", - "set int ip address loop0 192.168.1.1/24", - "set int state loop0 up", - "packet-generator new {\n" - " name classifyme\n" - " limit 100\n" - " size 300-300\n" - " interface loop0\n" - " node ethernet-input\n" - " data { \n" - " IP4: 1.2.3 -> 4.5.6\n" - " UDP: 192.168.1.10 - 192.168.1.20 -> 192.168.2.10\n" - " UDP: 1234 -> 2345\n" - " incrementing 286\n" - " }\n" - "}\n", - "classify filter trace mask l3 ip4 src\n" - " match l3 ip4 src 192.168.1.15", - "trace add pg-input 100 filter", - "pa en"] - - for cmd in cmds: - r = self.vapi.cli_return_response(cmd) - if r.retval != 0: - if hasattr(r, 'reply'): - self.logger.info(cmd + " FAIL reply " + r.reply) - else: - self.logger.info(cmd + " FAIL retval " + str(r.retval)) - - # Check for 9 classifier hits, which is the right answer - r = self.vapi.cli_return_response("show classify table verbose 2") - self.assertTrue(r.retval == 0) - self.assertTrue(hasattr(r, 'reply')) - self.assertTrue(r.reply.find("hits 9") != -1) + self.add_trace_filter( + "l3 ip4 src", + "l3 ip4 src %s" % + self.pg0.remote_hosts[5].ip4) + self.add_trace_filter( + "l3 ip4 proto l4 src_port", + "l3 ip4 proto 17 l4 src_port 2345") + # the packet we are trying to match + p = list() + for i in range(100): + src = self.pg0.remote_hosts[i % len(self.pg0.remote_hosts)].ip4 + p.append((Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=src, dst=self.pg1.remote_ip4) / + UDP(sport=1234, dport=2345) / Raw('\xa5' * 100))) + for i in range(17): + p.append((Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_hosts[0].ip4, + dst=self.pg1.remote_ip4) / + UDP(sport=2345, dport=1234) / Raw('\xa5' * 100))) + + self.send_and_expect(self.pg0, p, self.pg1, trace=False) + + # Check for 9 and 17 classifier hits, which is the right answer + self.assert_hits(9) + self.assert_hits(17) + + self.del_trace_filters() + + # install a classify rule, inject traffic and check for hits + def assert_classify(self, mask, match, packets, n=None): + self.add_trace_filter("hex %s" % mask, "hex %s" % match) + self.send_and_expect(self.pg0, packets, self.pg1, trace=False) + self.assert_hits(n if n is not None else len(packets)) + self.del_trace_filters() + + def test_encap(self): + """ Packet Tracer Filter Test with encap """ + + # the packet we are trying to match + p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / + UDP() / + VXLAN() / + Ether() / + IP() / + UDP() / + GENEVE(vni=1234) / + Ether() / + IP(src='192.168.4.167') / + UDP() / + Raw('\xa5' * 100)) + + # + # compute filter mask & value + # we compute it by XOR'ing a template packet with a modified packet + # we need to set checksums to 0 to make sure scapy will not recompute + # them + # + tmpl = (Ether() / + IP(chksum=0) / + UDP(chksum=0) / + VXLAN() / + Ether() / + IP(chksum=0) / + UDP(chksum=0) / + GENEVE(vni=0) / + Ether() / + IP(src='0.0.0.0', chksum=0)) + ori = raw(tmpl) + + # the mask + tmpl[GENEVE].vni = 0xffffff + user = tmpl[GENEVE].payload + user[IP].src = '255.255.255.255' + new = raw(tmpl) + mask = "".join(("{:02x}".format(o ^ n) for o, n in zip(ori, new))) + + # this does not match (wrong vni) + tmpl[GENEVE].vni = 1 + user = tmpl[GENEVE].payload + user[IP].src = '192.168.4.167' + new = raw(tmpl) + match = "".join(("{:02x}".format(o ^ n) for o, n in zip(ori, new))) + self.assert_classify(mask, match, [p] * 11, 0) + + # this must match + tmpl[GENEVE].vni = 1234 + new = raw(tmpl) + match = "".join(("{:02x}".format(o ^ n) for o, n in zip(ori, new))) + self.assert_classify(mask, match, [p] * 17) + + def test_pcap(self): + """ Packet Capture Filter Test """ + self.cli( + "classify filter pcap mask l3 ip4 src match l3 ip4 src %s" % + self.pg0.remote_hosts[5].ip4) + self.cli( + "classify filter pcap " + "mask l3 ip4 proto l4 src_port " + "match l3 ip4 proto 17 l4 src_port 2345") + self.cli( + "pcap trace rx tx max 1000 intfc pg0 " + "file vpp_test_trace_filter_test_pcap.pcap filter") + # the packet we are trying to match + p = list() + for i in range(100): + src = self.pg0.remote_hosts[i % len(self.pg0.remote_hosts)].ip4 + p.append((Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=src, dst=self.pg1.remote_ip4) / + UDP(sport=1234, dport=2345) / Raw('\xa5' * 100))) + for i in range(17): + p.append((Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_hosts[0].ip4, + dst=self.pg1.remote_ip4) / + UDP(sport=2345, dport=1234) / Raw('\xa5' * 100))) + + self.send_and_expect(self.pg0, p, self.pg1, trace=False) + + # Check for 9 and 17 classifier hits, which is the right answer + self.assert_hits(9) + self.assert_hits(17) + + self.cli("pcap trace rx tx off") + self.del_pcap_filters() + + # check captured pcap + pcap = rdpcap("/tmp/vpp_test_trace_filter_test_pcap.pcap") + self.assertEqual(len(pcap), 9 + 17) + p_ = str(p[5]) + for i in range(9): + self.assertEqual(str(pcap[i]), p_) + p_ = str(p[100]) + for i in range(9, 9 + 17): + self.assertEqual(str(pcap[i]), p_) + + def test_pcap_drop(self): + """ Drop Packet Capture Filter Test """ + self.cli( + "pcap trace drop max 1000 " + "error {ip4-udp-lookup}.{no_listener} " + "file vpp_test_trace_filter_test_pcap_drop.pcap") + # the packet we are trying to match + p = list() + for i in range(17): + # this packet should be forwarded + p.append((Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_hosts[0].ip4, + dst=self.pg1.remote_ip4) / + UDP(sport=2345, dport=1234) / Raw('\xa5' * 100))) + # this packet should be captured (no listener) + p.append((Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_hosts[0].ip4, + dst=self.pg0.local_ip4) / + UDP(sport=2345, dport=1234) / Raw('\xa5' * 100))) + # this packet will be blackholed but not captured + p.append((Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_hosts[0].ip4, dst="0.0.0.0") / + UDP(sport=2345, dport=1234) / Raw('\xa5' * 100))) + + self.send_and_expect(self.pg0, p, self.pg1, n_rx=17, trace=False) + + self.cli("pcap trace drop off") + + # check captured pcap + pcap = rdpcap("/tmp/vpp_test_trace_filter_test_pcap_drop.pcap") + self.assertEqual(len(pcap), 17) + if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)