6 from framework import VppTestCase, VppTestRunner
7 from vpp_ip import DpoProto
8 from vpp_ip_route import VppIpRoute, VppRoutePath
9 from util import fragment_rfc791, fragment_rfc8200
12 from scapy.layers.l2 import Ether
13 from scapy.packet import Raw
14 from scapy.layers.inet import IP, UDP, ICMP, TCP
15 from scapy.layers.inet6 import IPv6, ICMPv6TimeExceeded, IPv6ExtHdrFragment, \
16 ICMPv6EchoRequest, ICMPv6DestUnreach
19 class TestMAP(VppTestCase):
24 super(TestMAP, cls).setUpClass()
27 def tearDownClass(cls):
28 super(TestMAP, cls).tearDownClass()
31 super(TestMAP, self).setUp()
33 # create 2 pg interfaces
34 self.create_pg_interfaces(range(4))
36 # pg0 is 'inside' IPv4
39 self.pg0.resolve_arp()
40 self.pg0.generate_remote_hosts(2)
41 self.pg0.configure_ipv4_neighbors()
43 # pg1 is 'outside' IPv6
46 self.pg1.generate_remote_hosts(4)
47 self.pg1.configure_ipv6_neighbors()
50 super(TestMAP, self).tearDown()
51 for i in self.pg_interfaces:
56 def send_and_assert_encapped(self, packets, ip6_src, ip6_dst, dmac=None):
58 dmac = self.pg1.remote_mac
60 self.pg0.add_stream(packets)
62 self.pg_enable_capture(self.pg_interfaces)
65 capture = self.pg1.get_capture(len(packets))
66 for rx, tx in zip(capture, packets):
67 self.assertEqual(rx[Ether].dst, dmac)
68 self.assertEqual(rx[IP].src, tx[IP].src)
69 self.assertEqual(rx[IPv6].src, ip6_src)
70 self.assertEqual(rx[IPv6].dst, ip6_dst)
72 def send_and_assert_encapped_one(self, packet, ip6_src, ip6_dst,
74 return self.send_and_assert_encapped([packet], ip6_src, ip6_dst, dmac)
76 def test_api_map_domain_dump(self):
78 map_src = '3000::1/128'
79 client_pfx = '192.168.0.0/16'
81 index = self.vapi.map_add_domain(ip4_prefix=client_pfx,
85 rv = self.vapi.map_domain_dump()
87 # restore the state early so as to not impact subsequent tests.
88 # If an assert fails, we will not get the chance to do it at the end.
89 self.vapi.map_del_domain(index=index)
91 self.assertGreater(len(rv), 0,
92 "Expected output from 'map_domain_dump'")
94 # typedefs are returned as ipaddress objects.
95 # wrap results in str() ugh! to avoid the need to call unicode.
96 self.assertEqual(str(rv[0].ip4_prefix), client_pfx)
97 self.assertEqual(str(rv[0].ip6_prefix), map_dst)
98 self.assertEqual(str(rv[0].ip6_src), map_src)
100 self.assertEqual(rv[0].tag, tag,
101 "output produced incorrect tag value.")
103 def create_domains(self, ip4_pfx_str, ip6_pfx_str, ip6_src_str):
104 ip4_pfx = ipaddress.ip_network(ip4_pfx_str)
105 ip6_dst = ipaddress.ip_network(ip6_pfx_str)
106 mod = ip4_pfx.num_addresses / 1024
108 for i in range(ip4_pfx.num_addresses):
109 rv = self.vapi.map_add_domain(ip6_prefix=ip6_pfx_str,
110 ip4_prefix=str(ip4_pfx[i]) + "/32",
112 indicies.append(rv.index)
115 def test_api_map_domains_get(self):
116 # Create a bunch of domains
117 domains = self.create_domains('130.67.0.0/24', '2001::/32',
119 self.assertEqual(len(domains), 256)
125 rv, details = self.vapi.map_domains_get(cursor=1234)
126 self.assertEqual(rv.retval, -7)
128 # Delete a domain in the middle of walk
129 rv, details = self.vapi.map_domains_get(cursor=0)
130 self.assertEqual(rv.retval, -165)
131 self.vapi.map_del_domain(index=rv.cursor)
132 domains.remove(rv.cursor)
134 # Continue at point of deleted cursor
135 rv, details = self.vapi.map_domains_get(cursor=rv.cursor)
136 self.assertEqual(rv.retval, -165)
138 d = list(self.vapi.vpp.details_iter(self.vapi.map_domains_get))
139 self.assertEqual(len(d), 255)
143 self.vapi.map_del_domain(index=i)
145 def test_map_e_udp(self):
149 # Add a route to the MAP-BR
151 map_br_pfx = "2001::"
153 map_route = VppIpRoute(self,
156 [VppRoutePath(self.pg1.remote_ip6,
157 self.pg1.sw_if_index)])
158 map_route.add_vpp_config()
161 # Add a domain that maps from pg0 to pg1
163 map_dst = '2001::/32'
164 map_src = '3000::1/128'
165 client_pfx = '192.168.0.0/16'
166 map_translated_addr = '2001:0:101:7000:0:c0a8:101:7'
168 self.vapi.map_add_domain(ip4_prefix=client_pfx,
176 self.vapi.map_param_set_security_check(enable=1, fragments=1)
178 # Enable MAP on interface.
179 self.vapi.map_if_enable_disable(is_enable=1,
180 sw_if_index=self.pg0.sw_if_index,
183 # Ensure MAP doesn't steal all packets!
184 v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
185 IP(src=self.pg0.remote_ip4, dst=self.pg0.remote_ip4) /
186 UDP(sport=20000, dport=10000) /
188 rx = self.send_and_expect(self.pg0, v4 * 4, self.pg0)
192 self.validate(p[1], v4_reply)
195 # Fire in a v4 packet that will be encapped to the BR
197 v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
198 IP(src=self.pg0.remote_ip4, dst='192.168.1.1') /
199 UDP(sport=20000, dport=10000) /
202 self.send_and_assert_encapped(v4 * 4, "3000::1", map_translated_addr)
205 # Verify reordered fragments are able to pass as well
207 v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
208 IP(id=1, src=self.pg0.remote_ip4, dst='192.168.1.1') /
209 UDP(sport=20000, dport=10000) /
212 frags = fragment_rfc791(v4, 400)
215 self.send_and_assert_encapped(frags, "3000::1", map_translated_addr)
217 # Enable MAP on interface.
218 self.vapi.map_if_enable_disable(is_enable=1,
219 sw_if_index=self.pg1.sw_if_index,
222 # Ensure MAP doesn't steal all packets
223 v6 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
224 IPv6(src=self.pg1.remote_ip6, dst=self.pg1.remote_ip6) /
225 UDP(sport=20000, dport=10000) /
227 rx = self.send_and_expect(self.pg1, v6*1, self.pg1)
231 self.validate(p[1], v6_reply)
234 # Fire in a V6 encapped packet.
235 # expect a decapped packet on the inside ip4 link
237 p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
238 IPv6(dst='3000::1', src=map_translated_addr) /
239 IP(dst=self.pg0.remote_ip4, src='192.168.1.1') /
240 UDP(sport=10000, dport=20000) /
243 self.pg1.add_stream(p)
245 self.pg_enable_capture(self.pg_interfaces)
248 rx = self.pg0.get_capture(1)
251 self.assertFalse(rx.haslayer(IPv6))
252 self.assertEqual(rx[IP].src, p[IP].src)
253 self.assertEqual(rx[IP].dst, p[IP].dst)
256 # Verify encapped reordered fragments pass as well
258 p = (IP(id=1, dst=self.pg0.remote_ip4, src='192.168.1.1') /
259 UDP(sport=10000, dport=20000) /
261 frags = fragment_rfc791(p, 400)
264 stream = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
265 IPv6(dst='3000::1', src=map_translated_addr) /
268 self.pg1.add_stream(stream)
270 self.pg_enable_capture(self.pg_interfaces)
273 rx = self.pg0.get_capture(len(frags))
276 self.assertFalse(r.haslayer(IPv6))
277 self.assertEqual(r[IP].src, p[IP].src)
278 self.assertEqual(r[IP].dst, p[IP].dst)
280 # Verify that fragments pass even if ipv6 layer is fragmented
281 stream = (IPv6(dst='3000::1', src=map_translated_addr) / x
285 Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / x
286 for i in range(len(frags))
287 for x in fragment_rfc8200(
288 IPv6(dst='3000::1', src=map_translated_addr) / frags[i],
291 self.pg1.add_stream(v6_stream)
293 self.pg_enable_capture(self.pg_interfaces)
296 rx = self.pg0.get_capture(len(frags))
299 self.assertFalse(r.haslayer(IPv6))
300 self.assertEqual(r[IP].src, p[IP].src)
301 self.assertEqual(r[IP].dst, p[IP].dst)
304 # Pre-resolve. No API for this!!
306 self.vapi.ppcli("map params pre-resolve ip6-nh 4001::1")
308 self.send_and_assert_no_replies(self.pg0, v4,
309 "resolved via default route")
312 # Add a route to 4001::1. Expect the encapped traffic to be
313 # sent via that routes next-hop
315 pre_res_route = VppIpRoute(self, "4001::1", 128,
316 [VppRoutePath(self.pg1.remote_hosts[2].ip6,
317 self.pg1.sw_if_index)])
318 pre_res_route.add_vpp_config()
320 self.send_and_assert_encapped_one(v4, "3000::1",
322 dmac=self.pg1.remote_hosts[2].mac)
325 # change the route to the pre-solved next-hop
327 pre_res_route.modify([VppRoutePath(self.pg1.remote_hosts[3].ip6,
328 self.pg1.sw_if_index)])
329 pre_res_route.add_vpp_config()
331 self.send_and_assert_encapped_one(v4, "3000::1",
333 dmac=self.pg1.remote_hosts[3].mac)
336 # cleanup. The test infra's object registry will ensure
337 # the route is really gone and thus that the unresolve worked.
339 pre_res_route.remove_vpp_config()
340 self.vapi.ppcli("map params pre-resolve del ip6-nh 4001::1")
342 def test_map_e_inner_frag(self):
343 """ MAP-E Inner fragmentation """
346 # Add a route to the MAP-BR
348 map_br_pfx = "2001::"
350 map_route = VppIpRoute(self,
353 [VppRoutePath(self.pg1.remote_ip6,
354 self.pg1.sw_if_index)])
355 map_route.add_vpp_config()
358 # Add a domain that maps from pg0 to pg1
360 map_dst = '2001::/32'
361 map_src = '3000::1/128'
362 client_pfx = '192.168.0.0/16'
363 map_translated_addr = '2001:0:101:7000:0:c0a8:101:7'
365 self.vapi.map_add_domain(ip4_prefix=client_pfx,
374 # Enable MAP on interface.
375 self.vapi.map_if_enable_disable(is_enable=1,
376 sw_if_index=self.pg0.sw_if_index,
379 # Enable inner fragmentation
380 self.vapi.map_param_set_fragmentation(inner=1)
382 v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
383 IP(src=self.pg0.remote_ip4, dst='192.168.1.1') /
384 UDP(sport=20000, dport=10000) /
387 self.pg_send(self.pg0, v4*1)
388 rx = self.pg1.get_capture(2)
390 frags = fragment_rfc791(v4[1], 1000)
398 v6_reply1 = (IPv6(src='3000::1', dst=map_translated_addr, hlim=63) /
400 v6_reply2 = (IPv6(src='3000::1', dst=map_translated_addr, hlim=63) /
406 rx[0][1][IP].chksum = 0
407 rx[1][1][IP].chksum = 0
409 self.validate(rx[0][1], v6_reply1)
410 self.validate(rx[1][1], v6_reply2)
412 def test_map_e_tcp_mss(self):
416 # Add a route to the MAP-BR
418 map_br_pfx = "2001::"
420 map_route = VppIpRoute(self,
423 [VppRoutePath(self.pg1.remote_ip6,
424 self.pg1.sw_if_index)])
425 map_route.add_vpp_config()
428 # Add a domain that maps from pg0 to pg1
430 map_dst = '2001::/32'
431 map_src = '3000::1/128'
432 client_pfx = '192.168.0.0/16'
433 map_translated_addr = '2001:0:101:5000:0:c0a8:101:5'
434 tag = 'MAP-E TCP tag.'
435 self.vapi.map_add_domain(ip4_prefix=client_pfx,
443 # Enable MAP on pg0 interface.
444 self.vapi.map_if_enable_disable(is_enable=1,
445 sw_if_index=self.pg0.sw_if_index,
448 # Enable MAP on pg1 interface.
449 self.vapi.map_if_enable_disable(is_enable=1,
450 sw_if_index=self.pg1.sw_if_index,
455 self.vapi.map_param_set_tcp(mss_clamp)
458 # Send a v4 packet that will be encapped.
460 p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
461 p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.1.1')
462 p_tcp = TCP(sport=20000, dport=30000, flags="S",
463 options=[("MSS", 1455)])
464 p4 = p_ether / p_ip4 / p_tcp
466 self.pg1.add_stream(p4)
467 self.pg_enable_capture(self.pg_interfaces)
470 rx = self.pg1.get_capture(1)
473 self.assertTrue(rx.haslayer(IPv6))
474 self.assertEqual(rx[IP].src, p4[IP].src)
475 self.assertEqual(rx[IP].dst, p4[IP].dst)
476 self.assertEqual(rx[IPv6].src, "3000::1")
477 self.assertEqual(rx[TCP].options,
478 TCP(options=[('MSS', mss_clamp)]).options)
480 def validate(self, rx, expected):
481 self.assertEqual(rx, expected.__class__(scapy.compat.raw(expected)))
483 def validate_frag6(self, p6_frag, p_ip6_expected):
484 self.assertFalse(p6_frag.haslayer(IP))
485 self.assertTrue(p6_frag.haslayer(IPv6))
486 self.assertTrue(p6_frag.haslayer(IPv6ExtHdrFragment))
487 self.assertEqual(p6_frag[IPv6].src, p_ip6_expected.src)
488 self.assertEqual(p6_frag[IPv6].dst, p_ip6_expected.dst)
490 def validate_frag_payload_len6(self, rx, proto, payload_len_expected):
493 payload_total += p[IPv6].plen
495 # First fragment has proto
496 payload_total -= len(proto())
498 # Every fragment has IPv6 fragment header
499 payload_total -= len(IPv6ExtHdrFragment()) * len(rx)
501 self.assertEqual(payload_total, payload_len_expected)
503 def validate_frag4(self, p4_frag, p_ip4_expected):
504 self.assertFalse(p4_frag.haslayer(IPv6))
505 self.assertTrue(p4_frag.haslayer(IP))
506 self.assertTrue(p4_frag[IP].frag != 0 or p4_frag[IP].flags.MF)
507 self.assertEqual(p4_frag[IP].src, p_ip4_expected.src)
508 self.assertEqual(p4_frag[IP].dst, p_ip4_expected.dst)
510 def validate_frag_payload_len4(self, rx, proto, payload_len_expected):
513 payload_total += len(p[IP].payload)
515 # First fragment has proto
516 payload_total -= len(proto())
518 self.assertEqual(payload_total, payload_len_expected)
520 def payload(self, len):
523 def test_map_t(self):
527 # Add a domain that maps from pg0 to pg1
529 map_dst = '2001:db8::/32'
530 map_src = '1234:5678:90ab:cdef::/64'
531 ip4_pfx = '192.168.0.0/24'
534 self.vapi.map_add_domain(ip6_prefix=map_dst,
543 # Enable MAP-T on interfaces.
544 self.vapi.map_if_enable_disable(is_enable=1,
545 sw_if_index=self.pg0.sw_if_index,
547 self.vapi.map_if_enable_disable(is_enable=1,
548 sw_if_index=self.pg1.sw_if_index,
551 # Ensure MAP doesn't steal all packets!
552 v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
553 IP(src=self.pg0.remote_ip4, dst=self.pg0.remote_ip4) /
554 UDP(sport=20000, dport=10000) /
556 rx = self.send_and_expect(self.pg0, v4*1, self.pg0)
560 self.validate(p[1], v4_reply)
561 # Ensure MAP doesn't steal all packets
562 v6 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
563 IPv6(src=self.pg1.remote_ip6, dst=self.pg1.remote_ip6) /
564 UDP(sport=20000, dport=10000) /
566 rx = self.send_and_expect(self.pg1, v6*1, self.pg1)
570 self.validate(p[1], v6_reply)
572 map_route = VppIpRoute(self,
575 [VppRoutePath(self.pg1.remote_ip6,
576 self.pg1.sw_if_index,
577 proto=DpoProto.DPO_PROTO_IP6)])
578 map_route.add_vpp_config()
581 # Send a v4 packet that will be translated
583 p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
584 p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
585 payload = TCP(sport=0xabcd, dport=0xabcd)
587 p4 = (p_ether / p_ip4 / payload)
588 p6_translated = (IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0",
589 dst="2001:db8:1f0::c0a8:1:f") / payload)
590 p6_translated.hlim -= 1
591 rx = self.send_and_expect(self.pg0, p4*1, self.pg1)
593 self.validate(p[1], p6_translated)
595 # Send back an IPv6 packet that will be "untranslated"
596 p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
597 p_ip6 = IPv6(src='2001:db8:1f0::c0a8:1:f',
598 dst='1234:5678:90ab:cdef:ac:1001:200:0')
599 p6 = (p_ether6 / p_ip6 / payload)
600 p4_translated = (IP(src='192.168.0.1',
601 dst=self.pg0.remote_ip4) / payload)
603 p4_translated.ttl -= 1
604 rx = self.send_and_expect(self.pg1, p6*1, self.pg0)
606 self.validate(p[1], p4_translated)
609 ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0)
610 p4 = (p_ether / ip4_ttl_expired / payload)
612 icmp4_reply = (IP(id=0, ttl=254, src=self.pg0.local_ip4,
613 dst=self.pg0.remote_ip4) /
614 ICMP(type='time-exceeded',
615 code='ttl-zero-during-transit') /
616 IP(src=self.pg0.remote_ip4,
617 dst='192.168.0.1', ttl=0) / payload)
618 rx = self.send_and_expect(self.pg0, p4*1, self.pg0)
620 self.validate(p[1], icmp4_reply)
623 ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=1)
624 p4 = (p_ether / ip4_ttl_expired / payload)
626 icmp4_reply = (IP(id=0, ttl=254, src=self.pg0.local_ip4,
627 dst=self.pg0.remote_ip4) /
628 ICMP(type='time-exceeded',
629 code='ttl-zero-during-transit') /
630 IP(src=self.pg0.remote_ip4,
631 dst='192.168.0.1', ttl=1) / payload)
632 rx = self.send_and_expect(self.pg0, p4*1, self.pg0)
634 self.validate(p[1], icmp4_reply)
636 # IPv6 Hop limit at BR
637 ip6_hlim_expired = IPv6(hlim=1, src='2001:db8:1ab::c0a8:1:ab',
638 dst='1234:5678:90ab:cdef:ac:1001:200:0')
639 p6 = (p_ether6 / ip6_hlim_expired / payload)
641 icmp6_reply = (IPv6(hlim=255, src=self.pg1.local_ip6,
642 dst="2001:db8:1ab::c0a8:1:ab") /
643 ICMPv6TimeExceeded(code=0) /
644 IPv6(src="2001:db8:1ab::c0a8:1:ab",
645 dst='1234:5678:90ab:cdef:ac:1001:200:0',
647 rx = self.send_and_expect(self.pg1, p6*1, self.pg1)
649 self.validate(p[1], icmp6_reply)
651 # IPv6 Hop limit beyond BR
652 ip6_hlim_expired = IPv6(hlim=0, src='2001:db8:1ab::c0a8:1:ab',
653 dst='1234:5678:90ab:cdef:ac:1001:200:0')
654 p6 = (p_ether6 / ip6_hlim_expired / payload)
656 icmp6_reply = (IPv6(hlim=255, src=self.pg1.local_ip6,
657 dst="2001:db8:1ab::c0a8:1:ab") /
658 ICMPv6TimeExceeded(code=0) /
659 IPv6(src="2001:db8:1ab::c0a8:1:ab",
660 dst='1234:5678:90ab:cdef:ac:1001:200:0',
662 rx = self.send_and_expect(self.pg1, p6*1, self.pg1)
664 self.validate(p[1], icmp6_reply)
666 # IPv4 Well-known port
667 p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
668 payload = UDP(sport=200, dport=200)
669 p4 = (p_ether / p_ip4 / payload)
670 self.send_and_assert_no_replies(self.pg0, p4*1)
672 # IPv6 Well-known port
673 payload = UDP(sport=200, dport=200)
674 p6 = (p_ether6 / p_ip6 / payload)
675 self.send_and_assert_no_replies(self.pg1, p6*1)
677 # UDP packet fragmentation
679 payload = UDP(sport=40000, dport=4000) / self.payload(payload_len)
680 p4 = (p_ether / p_ip4 / payload)
681 self.pg_enable_capture()
682 self.pg0.add_stream(p4)
684 rx = self.pg1.get_capture(2)
686 p_ip6_translated = IPv6(src='1234:5678:90ab:cdef:ac:1001:200:0',
687 dst='2001:db8:1e0::c0a8:1:e')
689 self.validate_frag6(p, p_ip6_translated)
691 self.validate_frag_payload_len6(rx, UDP, payload_len)
693 # UDP packet fragmentation send fragments
695 payload = UDP(sport=40000, dport=4000) / self.payload(payload_len)
696 p4 = (p_ether / p_ip4 / payload)
697 frags = fragment_rfc791(p4, fragsize=1000)
698 self.pg_enable_capture()
699 self.pg0.add_stream(frags)
701 rx = self.pg1.get_capture(2)
704 self.validate_frag6(p, p_ip6_translated)
706 self.validate_frag_payload_len6(rx, UDP, payload_len)
708 # Send back an fragmented IPv6 UDP packet that will be "untranslated"
709 payload = UDP(sport=4000, dport=40000) / self.payload(payload_len)
710 p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
711 p_ip6 = IPv6(src='2001:db8:1e0::c0a8:1:e',
712 dst='1234:5678:90ab:cdef:ac:1001:200:0')
713 p6 = (p_ether6 / p_ip6 / payload)
714 frags6 = fragment_rfc8200(p6, identification=0xdcba, fragsize=1000)
716 p_ip4_translated = IP(src='192.168.0.1', dst=self.pg0.remote_ip4)
717 p4_translated = (p_ip4_translated / payload)
719 p4_translated.ttl -= 1
721 self.pg_enable_capture()
722 self.pg1.add_stream(frags6)
724 rx = self.pg0.get_capture(2)
727 self.validate_frag4(p, p4_translated)
729 self.validate_frag_payload_len4(rx, UDP, payload_len)
731 # ICMP packet fragmentation
732 payload = ICMP(id=6529) / self.payload(payload_len)
733 p4 = (p_ether / p_ip4 / payload)
734 self.pg_enable_capture()
735 self.pg0.add_stream(p4)
737 rx = self.pg1.get_capture(2)
739 p_ip6_translated = IPv6(src='1234:5678:90ab:cdef:ac:1001:200:0',
740 dst='2001:db8:160::c0a8:1:6')
742 self.validate_frag6(p, p_ip6_translated)
744 self.validate_frag_payload_len6(rx, ICMPv6EchoRequest, payload_len)
746 # ICMP packet fragmentation send fragments
747 payload = ICMP(id=6529) / self.payload(payload_len)
748 p4 = (p_ether / p_ip4 / payload)
749 frags = fragment_rfc791(p4, fragsize=1000)
750 self.pg_enable_capture()
751 self.pg0.add_stream(frags)
753 rx = self.pg1.get_capture(2)
756 self.validate_frag6(p, p_ip6_translated)
758 self.validate_frag_payload_len6(rx, ICMPv6EchoRequest, payload_len)
761 self.vapi.map_param_set_tcp(1300)
764 # Send a v4 TCP SYN packet that will be translated and MSS clamped
766 p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
767 p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
768 payload = TCP(sport=0xabcd, dport=0xabcd, flags="S",
769 options=[('MSS', 1460)])
771 p4 = (p_ether / p_ip4 / payload)
772 p6_translated = (IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0",
773 dst="2001:db8:1f0::c0a8:1:f") / payload)
774 p6_translated.hlim -= 1
775 p6_translated[TCP].options = [('MSS', 1300)]
776 rx = self.send_and_expect(self.pg0, p4*1, self.pg1)
778 self.validate(p[1], p6_translated)
780 # Send back an IPv6 packet that will be "untranslated"
781 p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
782 p_ip6 = IPv6(src='2001:db8:1f0::c0a8:1:f',
783 dst='1234:5678:90ab:cdef:ac:1001:200:0')
784 p6 = (p_ether6 / p_ip6 / payload)
785 p4_translated = (IP(src='192.168.0.1',
786 dst=self.pg0.remote_ip4) / payload)
788 p4_translated.ttl -= 1
789 p4_translated[TCP].options = [('MSS', 1300)]
790 rx = self.send_and_expect(self.pg1, p6*1, self.pg0)
792 self.validate(p[1], p4_translated)
794 # TCP MSS clamping cleanup
795 self.vapi.map_param_set_tcp(0)
797 # Enable icmp6 param to get back ICMPv6 unreachable messages in case
798 # of security check fails
799 self.vapi.map_param_set_icmp6(enable_unreachable=1)
801 # Send back an IPv6 packet that will be droppped due to security
803 p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
804 p_ip6_sec_check_fail = IPv6(src='2001:db8:1fe::c0a8:1:f',
805 dst='1234:5678:90ab:cdef:ac:1001:200:0')
806 payload = TCP(sport=0xabcd, dport=0xabcd)
807 p6 = (p_ether6 / p_ip6_sec_check_fail / payload)
809 self.pg_send(self.pg1, p6*1)
810 self.pg0.get_capture(0, timeout=1)
811 rx = self.pg1.get_capture(1)
813 icmp6_reply = (IPv6(hlim=255, src=self.pg1.local_ip6,
814 dst='2001:db8:1fe::c0a8:1:f') /
815 ICMPv6DestUnreach(code=5) /
816 p_ip6_sec_check_fail / payload)
819 self.validate(p[1], icmp6_reply)
821 # ICMPv6 unreachable messages cleanup
822 self.vapi.map_param_set_icmp6(enable_unreachable=0)
824 def test_map_t_ip6_psid(self):
825 """ MAP-T v6->v4 PSID validation"""
828 # Add a domain that maps from pg0 to pg1
830 map_dst = '2001:db8::/32'
831 map_src = '1234:5678:90ab:cdef::/64'
832 ip4_pfx = '192.168.0.0/24'
833 tag = 'MAP-T Test Domain'
835 self.vapi.map_add_domain(ip6_prefix=map_dst,
844 # Enable MAP-T on interfaces.
845 self.vapi.map_if_enable_disable(is_enable=1,
846 sw_if_index=self.pg0.sw_if_index,
848 self.vapi.map_if_enable_disable(is_enable=1,
849 sw_if_index=self.pg1.sw_if_index,
852 map_route = VppIpRoute(self,
855 [VppRoutePath(self.pg1.remote_ip6,
856 self.pg1.sw_if_index,
857 proto=DpoProto.DPO_PROTO_IP6)])
858 map_route.add_vpp_config()
860 p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
861 p_ip6 = IPv6(src='2001:db8:1f0::c0a8:1:f',
862 dst='1234:5678:90ab:cdef:ac:1001:200:0')
864 # Send good IPv6 source port, ensure translated IPv4 received
865 payload = TCP(sport=0xabcd, dport=80)
866 p6 = (p_ether6 / p_ip6 / payload)
867 p4_translated = (IP(src='192.168.0.1',
868 dst=self.pg0.remote_ip4) / payload)
870 p4_translated.ttl -= 1
871 rx = self.send_and_expect(self.pg1, p6*1, self.pg0)
873 self.validate(p[1], p4_translated)
875 # Send bad IPv6 source port, ensure translated IPv4 not received
876 payload = TCP(sport=0xdcba, dport=80)
877 p6 = (p_ether6 / p_ip6 / payload)
878 self.send_and_assert_no_replies(self.pg1, p6*1)
880 def test_map_t_pre_resolve(self):
881 """ MAP-T pre-resolve"""
883 # Add a domain that maps from pg0 to pg1
884 map_dst = '2001:db8::/32'
885 map_src = '1234:5678:90ab:cdef::/64'
886 ip4_pfx = '192.168.0.0/24'
887 tag = 'MAP-T Test Domain.'
889 self.vapi.map_add_domain(ip6_prefix=map_dst,
898 # Enable MAP-T on interfaces.
899 self.vapi.map_if_enable_disable(is_enable=1,
900 sw_if_index=self.pg0.sw_if_index,
902 self.vapi.map_if_enable_disable(is_enable=1,
903 sw_if_index=self.pg1.sw_if_index,
906 # Enable pre-resolve option
907 self.vapi.map_param_add_del_pre_resolve(ip4_nh_address="10.1.2.3",
908 ip6_nh_address="4001::1",
911 # Add a route to 4001::1 and expect the translated traffic to be
912 # sent via that route next-hop.
913 pre_res_route6 = VppIpRoute(self, "4001::1", 128,
914 [VppRoutePath(self.pg1.remote_hosts[2].ip6,
915 self.pg1.sw_if_index)])
916 pre_res_route6.add_vpp_config()
918 # Add a route to 10.1.2.3 and expect the "untranslated" traffic to be
919 # sent via that route next-hop.
920 pre_res_route4 = VppIpRoute(self, "10.1.2.3", 32,
921 [VppRoutePath(self.pg0.remote_hosts[1].ip4,
922 self.pg0.sw_if_index)])
923 pre_res_route4.add_vpp_config()
925 # Send an IPv4 packet that will be translated
926 p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
927 p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
928 payload = TCP(sport=0xabcd, dport=0xabcd)
929 p4 = (p_ether / p_ip4 / payload)
931 p6_translated = (IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0",
932 dst="2001:db8:1f0::c0a8:1:f") / payload)
933 p6_translated.hlim -= 1
935 rx = self.send_and_expect(self.pg0, p4*1, self.pg1)
937 self.assertEqual(p[Ether].dst, self.pg1.remote_hosts[2].mac)
938 self.validate(p[1], p6_translated)
940 # Send back an IPv6 packet that will be "untranslated"
941 p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
942 p_ip6 = IPv6(src='2001:db8:1f0::c0a8:1:f',
943 dst='1234:5678:90ab:cdef:ac:1001:200:0')
944 p6 = (p_ether6 / p_ip6 / payload)
946 p4_translated = (IP(src='192.168.0.1',
947 dst=self.pg0.remote_ip4) / payload)
949 p4_translated.ttl -= 1
951 rx = self.send_and_expect(self.pg1, p6*1, self.pg0)
953 self.assertEqual(p[Ether].dst, self.pg0.remote_hosts[1].mac)
954 self.validate(p[1], p4_translated)
956 # Cleanup pre-resolve option
957 self.vapi.map_param_add_del_pre_resolve(ip4_nh_address="10.1.2.3",
958 ip6_nh_address="4001::1",
962 if __name__ == '__main__':
963 unittest.main(testRunner=VppTestRunner)
Code Review / vpp.git / blob