2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vnet/session/application_namespace.h>
17 #include <vnet/session/application_interface.h>
18 #include <vnet/session/application.h>
19 #include <vnet/session/session.h>
20 #include <vnet/session/session_rules_table.h>
22 #define SESSION_TEST_I(_cond, _comment, _args...) \
24 int _evald = (_cond); \
26 fformat(stderr, "FAIL:%d: " _comment "\n", \
29 fformat(stderr, "PASS:%d: " _comment "\n", \
35 #define SESSION_TEST(_cond, _comment, _args...) \
37 if (!SESSION_TEST_I(_cond, _comment, ##_args)) { \
43 dummy_session_reset_callback (stream_session_t * s)
45 clib_warning ("called...");
49 dummy_session_connected_callback (u32 app_index, u32 api_context,
50 stream_session_t * s, u8 is_fail)
52 clib_warning ("called...");
56 static u32 dummy_segment_count;
59 dummy_add_segment_callback (u32 client_index, const ssvm_private_t * fs)
61 dummy_segment_count = 1;
66 dummy_del_segment_callback (u32 client_index, const ssvm_private_t * fs)
68 dummy_segment_count = 0;
73 dummy_session_disconnect_callback (stream_session_t * s)
75 clib_warning ("called...");
78 static u32 dummy_accept;
81 dummy_session_accept_callback (stream_session_t * s)
84 s->session_state = SESSION_STATE_READY;
89 dummy_server_rx_callback (stream_session_t * s)
91 clib_warning ("called...");
96 static session_cb_vft_t dummy_session_cbs = {
97 .session_reset_callback = dummy_session_reset_callback,
98 .session_connected_callback = dummy_session_connected_callback,
99 .session_accept_callback = dummy_session_accept_callback,
100 .session_disconnect_callback = dummy_session_disconnect_callback,
101 .builtin_app_rx_callback = dummy_server_rx_callback,
102 .add_segment_callback = dummy_add_segment_callback,
103 .del_segment_callback = dummy_del_segment_callback,
108 session_create_lookpback (u32 table_id, u32 * sw_if_index,
109 ip4_address_t * intf_addr)
113 memset (intf_mac, 0, sizeof (intf_mac));
115 if (vnet_create_loopback_interface (sw_if_index, intf_mac, 0, 0))
117 clib_warning ("couldn't create loopback. stopping the test!");
122 ip_table_bind (FIB_PROTOCOL_IP4, *sw_if_index, table_id, 0);
124 vnet_sw_interface_set_flags (vnet_get_main (), *sw_if_index,
125 VNET_SW_INTERFACE_FLAG_ADMIN_UP);
127 if (ip4_add_del_interface_address (vlib_get_main (), *sw_if_index,
130 clib_warning ("couldn't assign loopback ip %U", format_ip4_address,
139 session_delete_loopback (u32 sw_if_index)
141 /* fails spectacularly */
142 /* vnet_delete_loopback_interface (sw_if_index); */
146 session_test_basic (vlib_main_t * vm, unformat_input_t * input)
148 session_endpoint_t server_sep = SESSION_ENDPOINT_NULL;
149 u64 options[APP_OPTIONS_N_OPTIONS], bind4_handle, bind6_handle;
150 clib_error_t *error = 0;
153 memset (options, 0, sizeof (options));
154 options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN;
155 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
156 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
157 vnet_app_attach_args_t attach_args = {
158 .api_client_index = ~0,
161 .session_cb_vft = &dummy_session_cbs,
162 .name = format (0, "session_test"),
165 error = vnet_application_attach (&attach_args);
166 SESSION_TEST ((error == 0), "app attached");
167 server_index = attach_args.app_index;
168 vec_free (attach_args.name);
170 server_sep.is_ip4 = 1;
171 vnet_bind_args_t bind_args = {
176 bind_args.app_index = server_index;
177 error = vnet_bind (&bind_args);
178 SESSION_TEST ((error == 0), "server bind4 should work");
179 bind4_handle = bind_args.handle;
181 error = vnet_bind (&bind_args);
182 SESSION_TEST ((error != 0), "double server bind4 should not work");
184 bind_args.sep.is_ip4 = 0;
185 error = vnet_bind (&bind_args);
186 SESSION_TEST ((error == 0), "server bind6 should work");
187 bind6_handle = bind_args.handle;
189 error = vnet_bind (&bind_args);
190 SESSION_TEST ((error != 0), "double server bind6 should not work");
192 vnet_unbind_args_t unbind_args = {
193 .handle = bind4_handle,
194 .app_index = server_index,
196 error = vnet_unbind (&unbind_args);
197 SESSION_TEST ((error == 0), "unbind4 should work");
199 unbind_args.handle = bind6_handle;
200 error = vnet_unbind (&unbind_args);
201 SESSION_TEST ((error == 0), "unbind6 should work");
203 vnet_app_detach_args_t detach_args = {
204 .app_index = server_index,
206 vnet_application_detach (&detach_args);
211 session_test_namespace (vlib_main_t * vm, unformat_input_t * input)
213 u64 options[APP_OPTIONS_N_OPTIONS], dummy_secret = 1234;
214 u32 server_index, server_st_index, server_local_st_index;
215 u32 dummy_port = 1234, client_index;
216 u32 dummy_api_context = 4321, dummy_client_api_index = 1234;
217 u32 dummy_server_api_index = ~0, sw_if_index = 0;
218 session_endpoint_t server_sep = SESSION_ENDPOINT_NULL;
219 session_endpoint_t client_sep = SESSION_ENDPOINT_NULL;
220 session_endpoint_t intf_sep = SESSION_ENDPOINT_NULL;
221 clib_error_t *error = 0;
222 u8 *ns_id = format (0, "appns1");
223 app_namespace_t *app_ns;
224 application_t *server;
229 server_sep.is_ip4 = 1;
230 server_sep.port = dummy_port;
231 client_sep.is_ip4 = 1;
232 client_sep.port = dummy_port;
233 memset (options, 0, sizeof (options));
235 options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN;
236 vnet_app_attach_args_t attach_args = {
237 .api_client_index = ~0,
240 .session_cb_vft = &dummy_session_cbs,
241 .name = format (0, "session_test"),
244 vnet_bind_args_t bind_args = {
249 vnet_connect_args_t connect_args = {
253 clib_memcpy (&connect_args.sep, &client_sep, sizeof (client_sep));
255 vnet_unbind_args_t unbind_args = {
256 .handle = bind_args.handle,
260 vnet_app_detach_args_t detach_args = {
264 ip4_address_t intf_addr = {
265 .as_u32 = clib_host_to_net_u32 (0x06000105),
268 intf_sep.ip.ip4 = intf_addr;
270 intf_sep.port = dummy_port;
273 * Insert namespace and lookup
276 vnet_app_namespace_add_del_args_t ns_args = {
278 .secret = dummy_secret,
279 .sw_if_index = APP_NAMESPACE_INVALID_INDEX,
282 error = vnet_app_namespace_add_del (&ns_args);
283 SESSION_TEST ((error == 0), "app ns insertion should succeed: %d",
284 clib_error_get_code (error));
286 app_ns = app_namespace_get_from_id (ns_id);
287 SESSION_TEST ((app_ns != 0), "should find ns %v status", ns_id);
288 SESSION_TEST ((app_ns->ns_secret == dummy_secret), "secret should be %d",
290 SESSION_TEST ((app_ns->sw_if_index == APP_NAMESPACE_INVALID_INDEX),
291 "sw_if_index should be invalid");
294 * Try application attach with wrong secret
297 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
298 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
299 options[APP_OPTIONS_NAMESPACE_SECRET] = dummy_secret - 1;
300 attach_args.namespace_id = ns_id;
301 attach_args.api_client_index = dummy_server_api_index;
303 error = vnet_application_attach (&attach_args);
304 SESSION_TEST ((error != 0), "app attachment should fail");
305 code = clib_error_get_code (error);
306 SESSION_TEST ((code == VNET_API_ERROR_APP_WRONG_NS_SECRET),
307 "code should be wrong ns secret: %d", code);
310 * Attach server with global default scope
312 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
313 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
314 options[APP_OPTIONS_NAMESPACE_SECRET] = 0;
315 attach_args.namespace_id = 0;
316 attach_args.api_client_index = dummy_server_api_index;
317 error = vnet_application_attach (&attach_args);
318 SESSION_TEST ((error == 0), "server attachment should work");
319 server_index = attach_args.app_index;
320 server = application_get (server_index);
321 SESSION_TEST ((server->ns_index == 0),
322 "server should be in the default ns");
324 bind_args.app_index = server_index;
325 error = vnet_bind (&bind_args);
326 SESSION_TEST ((error == 0), "server bind should work");
328 server_st_index = application_session_table (server, FIB_PROTOCOL_IP4);
329 s = session_lookup_listener (server_st_index, &server_sep);
330 SESSION_TEST ((s != 0), "listener should exist in global table");
331 SESSION_TEST ((s->app_index == server_index), "app_index should be that of "
333 server_local_st_index = application_local_session_table (server);
334 SESSION_TEST ((server_local_st_index == APP_INVALID_INDEX),
335 "server shouldn't have access to local table");
337 unbind_args.app_index = server_index;
338 unbind_args.handle = bind_args.handle;
339 error = vnet_unbind (&unbind_args);
340 SESSION_TEST ((error == 0), "unbind should work");
342 s = session_lookup_listener (server_st_index, &server_sep);
343 SESSION_TEST ((s == 0), "listener should not exist in global table");
345 detach_args.app_index = server_index;
346 vnet_application_detach (&detach_args);
349 * Attach server with local and global scope
351 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
352 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
353 options[APP_OPTIONS_NAMESPACE_SECRET] = dummy_secret;
354 attach_args.namespace_id = ns_id;
355 attach_args.api_client_index = dummy_server_api_index;
356 error = vnet_application_attach (&attach_args);
357 SESSION_TEST ((error == 0), "server attachment should work");
358 server_index = attach_args.app_index;
359 server = application_get (server_index);
360 SESSION_TEST ((server->ns_index == app_namespace_index (app_ns)),
361 "server should be in the right ns");
363 bind_args.app_index = server_index;
364 error = vnet_bind (&bind_args);
365 SESSION_TEST ((error == 0), "bind should work");
366 server_st_index = application_session_table (server, FIB_PROTOCOL_IP4);
367 s = session_lookup_listener (server_st_index, &server_sep);
368 SESSION_TEST ((s != 0), "listener should exist in global table");
369 SESSION_TEST ((s->app_index == server_index), "app_index should be that of "
371 server_local_st_index = application_local_session_table (server);
372 handle = session_lookup_local_endpoint (server_local_st_index, &server_sep);
373 SESSION_TEST ((handle != SESSION_INVALID_HANDLE),
374 "listener should exist in local table");
377 * Try client connect with 1) local scope 2) global scope
379 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
380 attach_args.api_client_index = dummy_client_api_index;
381 error = vnet_application_attach (&attach_args);
382 SESSION_TEST ((error == 0), "client attachment should work");
383 client_index = attach_args.app_index;
384 connect_args.api_context = dummy_api_context;
385 connect_args.app_index = client_index;
386 error = vnet_connect (&connect_args);
387 SESSION_TEST ((error != 0), "client connect should return error code");
388 code = clib_error_get_code (error);
389 SESSION_TEST ((code == VNET_API_ERROR_INVALID_VALUE),
390 "error code should be invalid value (zero ip)");
391 SESSION_TEST ((dummy_segment_count == 0),
392 "shouldn't have received request to map new segment");
393 connect_args.sep.ip.ip4.as_u8[0] = 127;
394 error = vnet_connect (&connect_args);
395 SESSION_TEST ((error == 0), "client connect should not return error code");
396 code = clib_error_get_code (error);
397 SESSION_TEST ((dummy_segment_count == 1),
398 "should've received request to map new segment");
399 SESSION_TEST ((dummy_accept == 1), "should've received accept request");
400 detach_args.app_index = client_index;
401 vnet_application_detach (&detach_args);
403 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
404 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
405 attach_args.api_client_index = dummy_client_api_index;
406 error = vnet_application_attach (&attach_args);
407 SESSION_TEST ((error == 0), "client attachment should work");
408 error = vnet_connect (&connect_args);
409 SESSION_TEST ((error != 0), "client connect should return error code");
410 code = clib_error_get_code (error);
411 SESSION_TEST ((code == VNET_API_ERROR_SESSION_CONNECT),
412 "error code should be connect (nothing in local scope)");
413 detach_args.app_index = client_index;
414 vnet_application_detach (&detach_args);
417 * Unbind and detach server and then re-attach with local scope only
419 unbind_args.handle = bind_args.handle;
420 unbind_args.app_index = server_index;
421 error = vnet_unbind (&unbind_args);
422 SESSION_TEST ((error == 0), "unbind should work");
424 s = session_lookup_listener (server_st_index, &server_sep);
425 SESSION_TEST ((s == 0), "listener should not exist in global table");
426 handle = session_lookup_local_endpoint (server_local_st_index, &server_sep);
427 SESSION_TEST ((handle == SESSION_INVALID_HANDLE),
428 "listener should not exist in local table");
430 detach_args.app_index = server_index;
431 vnet_application_detach (&detach_args);
433 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
434 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
435 attach_args.api_client_index = dummy_server_api_index;
436 error = vnet_application_attach (&attach_args);
437 SESSION_TEST ((error == 0), "app attachment should work");
438 server_index = attach_args.app_index;
439 server = application_get (server_index);
440 SESSION_TEST ((server->ns_index == app_namespace_index (app_ns)),
441 "app should be in the right ns");
443 bind_args.app_index = server_index;
444 error = vnet_bind (&bind_args);
445 SESSION_TEST ((error == 0), "bind should work");
447 server_st_index = application_session_table (server, FIB_PROTOCOL_IP4);
448 s = session_lookup_listener (server_st_index, &server_sep);
449 SESSION_TEST ((s == 0), "listener should not exist in global table");
450 server_local_st_index = application_local_session_table (server);
451 handle = session_lookup_local_endpoint (server_local_st_index, &server_sep);
452 SESSION_TEST ((handle != SESSION_INVALID_HANDLE),
453 "listener should exist in local table");
455 unbind_args.handle = bind_args.handle;
456 error = vnet_unbind (&unbind_args);
457 SESSION_TEST ((error == 0), "unbind should work");
459 handle = session_lookup_local_endpoint (server_local_st_index, &server_sep);
460 SESSION_TEST ((handle == SESSION_INVALID_HANDLE),
461 "listener should not exist in local table");
464 * Client attach + connect in default ns with local scope
466 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
467 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
468 attach_args.namespace_id = 0;
469 attach_args.api_client_index = dummy_client_api_index;
470 vnet_application_attach (&attach_args);
471 error = vnet_connect (&connect_args);
472 SESSION_TEST ((error != 0), "client connect should return error code");
473 code = clib_error_get_code (error);
474 SESSION_TEST ((code == VNET_API_ERROR_SESSION_CONNECT),
475 "error code should be connect (not in same ns)");
476 detach_args.app_index = client_index;
477 vnet_application_detach (&detach_args);
482 detach_args.app_index = server_index;
483 vnet_application_detach (&detach_args);
486 * Create loopback interface
488 session_create_lookpback (0, &sw_if_index, &intf_addr);
493 ns_args.sw_if_index = sw_if_index;
494 error = vnet_app_namespace_add_del (&ns_args);
495 SESSION_TEST ((error == 0), "app ns insertion should succeed: %d",
496 clib_error_get_code (error));
499 * Attach server with local and global scope
501 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
502 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
503 options[APP_OPTIONS_NAMESPACE_SECRET] = dummy_secret;
504 attach_args.namespace_id = ns_id;
505 attach_args.api_client_index = dummy_server_api_index;
506 error = vnet_application_attach (&attach_args);
507 SESSION_TEST ((error == 0), "server attachment should work");
508 server_index = attach_args.app_index;
510 bind_args.app_index = server_index;
511 error = vnet_bind (&bind_args);
512 server_st_index = application_session_table (server, FIB_PROTOCOL_IP4);
513 s = session_lookup_listener (server_st_index, &server_sep);
514 SESSION_TEST ((s == 0), "zero listener should not exist in global table");
516 s = session_lookup_listener (server_st_index, &intf_sep);
517 SESSION_TEST ((s != 0), "intf listener should exist in global table");
518 SESSION_TEST ((s->app_index == server_index), "app_index should be that of "
520 server_local_st_index = application_local_session_table (server);
521 handle = session_lookup_local_endpoint (server_local_st_index, &server_sep);
522 SESSION_TEST ((handle != SESSION_INVALID_HANDLE),
523 "zero listener should exist in local table");
524 detach_args.app_index = server_index;
525 vnet_application_detach (&detach_args);
530 vec_free (attach_args.name);
532 session_delete_loopback (sw_if_index);
537 session_test_rule_table (vlib_main_t * vm, unformat_input_t * input)
539 session_rules_table_t _srt, *srt = &_srt;
540 u16 lcl_port = 1234, rmt_port = 4321;
541 u32 action_index = 1, res;
542 ip4_address_t lcl_lkup, rmt_lkup;
546 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
548 if (unformat (input, "verbose"))
552 vlib_cli_output (vm, "parse error: '%U'", format_unformat_error,
558 memset (srt, 0, sizeof (*srt));
559 session_rules_table_init (srt);
561 ip4_address_t lcl_ip = {
562 .as_u32 = clib_host_to_net_u32 (0x01020304),
564 ip4_address_t rmt_ip = {
565 .as_u32 = clib_host_to_net_u32 (0x05060708),
567 ip4_address_t lcl_ip2 = {
568 .as_u32 = clib_host_to_net_u32 (0x02020202),
570 ip4_address_t rmt_ip2 = {
571 .as_u32 = clib_host_to_net_u32 (0x06060606),
573 ip4_address_t lcl_ip3 = {
574 .as_u32 = clib_host_to_net_u32 (0x03030303),
576 ip4_address_t rmt_ip3 = {
577 .as_u32 = clib_host_to_net_u32 (0x07070707),
579 fib_prefix_t lcl_pref = {
580 .fp_addr.ip4.as_u32 = lcl_ip.as_u32,
582 .fp_proto = FIB_PROTOCOL_IP4,
584 fib_prefix_t rmt_pref = {
585 .fp_addr.ip4.as_u32 = rmt_ip.as_u32,
587 .fp_proto = FIB_PROTOCOL_IP4,
590 session_rule_table_add_del_args_t args = {
593 .lcl_port = lcl_port,
594 .rmt_port = rmt_port,
595 .action_index = action_index++,
598 error = session_rules_table_add_del (srt, &args);
599 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 1234 5.6.7.8/16 4321 action %d",
603 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
604 SESSION_TEST ((res == 1),
605 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 1: %d",
609 * Add 1.2.3.4/24 1234 5.6.7.8/16 4321 and 1.2.3.4/24 1234 5.6.7.8/24 4321
611 args.lcl.fp_addr.ip4 = lcl_ip;
612 args.lcl.fp_len = 24;
613 args.action_index = action_index++;
614 error = session_rules_table_add_del (srt, &args);
615 SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1234 5.6.7.8/16 4321 action %d",
617 args.rmt.fp_addr.ip4 = rmt_ip;
618 args.rmt.fp_len = 24;
619 args.action_index = action_index++;
620 error = session_rules_table_add_del (srt, &args);
621 SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1234 5.6.7.8/24 4321 action %d",
625 * Add 2.2.2.2/24 1234 6.6.6.6/16 4321 and 3.3.3.3/24 1234 7.7.7.7/16 4321
627 args.lcl.fp_addr.ip4 = lcl_ip2;
628 args.lcl.fp_len = 24;
629 args.rmt.fp_addr.ip4 = rmt_ip2;
630 args.rmt.fp_len = 16;
631 args.action_index = action_index++;
632 error = session_rules_table_add_del (srt, &args);
633 SESSION_TEST ((error == 0), "Add 2.2.2.2/24 1234 6.6.6.6/16 4321 action %d",
635 args.lcl.fp_addr.ip4 = lcl_ip3;
636 args.rmt.fp_addr.ip4 = rmt_ip3;
637 args.action_index = action_index++;
638 error = session_rules_table_add_del (srt, &args);
639 SESSION_TEST ((error == 0), "Add 3.3.3.3/24 1234 7.7.7.7/16 4321 action %d",
643 * Add again 3.3.3.3/24 1234 7.7.7.7/16 4321
645 args.lcl.fp_addr.ip4 = lcl_ip3;
646 args.rmt.fp_addr.ip4 = rmt_ip3;
647 args.action_index = action_index++;
648 error = session_rules_table_add_del (srt, &args);
649 SESSION_TEST ((error == 0), "overwrite 3.3.3.3/24 1234 7.7.7.7/16 4321 "
650 "action %d", action_index - 1);
653 * Lookup 1.2.3.4/32 1234 5.6.7.8/32 4321, 1.2.2.4/32 1234 5.6.7.9/32 4321
654 * and 3.3.3.3 1234 7.7.7.7 4321
657 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
658 SESSION_TEST ((res == 3),
659 "Lookup 1.2.3.4 1234 5.6.7.8 4321 action " "should be 3: %d",
662 lcl_lkup.as_u32 = clib_host_to_net_u32 (0x01020204);
663 rmt_lkup.as_u32 = clib_host_to_net_u32 (0x05060709);
665 session_rules_table_lookup4 (srt, &lcl_lkup,
666 &rmt_lkup, lcl_port, rmt_port);
667 SESSION_TEST ((res == 1),
668 "Lookup 1.2.2.4 1234 5.6.7.9 4321, action " "should be 1: %d",
672 session_rules_table_lookup4 (srt, &lcl_ip3, &rmt_ip3, lcl_port, rmt_port);
673 SESSION_TEST ((res == 6),
674 "Lookup 3.3.3.3 1234 7.7.7.7 4321, action "
675 "should be 6 (updated): %d", res);
678 * Add 1.2.3.4/24 * 5.6.7.8/24 *
679 * Lookup 1.2.3.4 1234 5.6.7.8 4321 and 1.2.3.4 1235 5.6.7.8 4321
681 args.lcl.fp_addr.ip4 = lcl_ip;
682 args.rmt.fp_addr.ip4 = rmt_ip;
683 args.lcl.fp_len = 24;
684 args.rmt.fp_len = 24;
687 args.action_index = action_index++;
688 error = session_rules_table_add_del (srt, &args);
689 SESSION_TEST ((error == 0), "Add 1.2.3.4/24 * 5.6.7.8/24 * action %d",
692 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
693 SESSION_TEST ((res == 7),
694 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should"
695 " be 7 (lpm dst): %d", res);
697 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip,
698 lcl_port + 1, rmt_port);
699 SESSION_TEST ((res == 7),
700 "Lookup 1.2.3.4 1235 5.6.7.8 4321, action should " "be 7: %d",
704 * Del 1.2.3.4/24 * 5.6.7.8/24 *
705 * Add 1.2.3.4/16 * 5.6.7.8/16 * and 1.2.3.4/24 1235 5.6.7.8/24 4321
706 * Lookup 1.2.3.4 1234 5.6.7.8 4321, 1.2.3.4 1235 5.6.7.8 4321 and
707 * 1.2.3.4 1235 5.6.7.8 4322
710 error = session_rules_table_add_del (srt, &args);
711 SESSION_TEST ((error == 0), "Del 1.2.3.4/24 * 5.6.7.8/24 *");
713 args.lcl.fp_addr.ip4 = lcl_ip;
714 args.rmt.fp_addr.ip4 = rmt_ip;
715 args.lcl.fp_len = 16;
716 args.rmt.fp_len = 16;
719 args.action_index = action_index++;
721 error = session_rules_table_add_del (srt, &args);
722 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 * 5.6.7.8/16 * action %d",
725 args.lcl.fp_addr.ip4 = lcl_ip;
726 args.rmt.fp_addr.ip4 = rmt_ip;
727 args.lcl.fp_len = 24;
728 args.rmt.fp_len = 24;
729 args.lcl_port = lcl_port + 1;
730 args.rmt_port = rmt_port;
731 args.action_index = action_index++;
733 error = session_rules_table_add_del (srt, &args);
734 SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1235 5.6.7.8/24 4321 action %d",
738 session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP4);
741 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
742 SESSION_TEST ((res == 3),
743 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d",
746 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip,
747 lcl_port + 1, rmt_port);
748 SESSION_TEST ((res == 9),
749 "Lookup 1.2.3.4 1235 5.6.7.8 4321, action should " "be 9: %d",
752 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip,
753 lcl_port + 1, rmt_port + 1);
754 SESSION_TEST ((res == 8),
755 "Lookup 1.2.3.4 1235 5.6.7.8 4322, action should " "be 8: %d",
759 * Delete 1.2.0.0/16 1234 5.6.0.0/16 4321 and 1.2.0.0/16 * 5.6.0.0/16 *
760 * Lookup 1.2.3.4 1234 5.6.7.8 4321
762 args.lcl_port = 1234;
763 args.rmt_port = 4321;
764 args.lcl.fp_len = 16;
765 args.rmt.fp_len = 16;
767 error = session_rules_table_add_del (srt, &args);
768 SESSION_TEST ((error == 0), "Del 1.2.0.0/16 1234 5.6.0.0/16 4321");
770 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
771 SESSION_TEST ((res == 3),
772 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d",
778 error = session_rules_table_add_del (srt, &args);
779 SESSION_TEST ((error == 0), "Del 1.2.0.0/16 * 5.6.0.0/16 *");
781 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
782 SESSION_TEST ((res == 3),
783 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d",
787 * Delete 1.2.3.4/24 1234 5.6.7.5/24
789 args.lcl.fp_addr.ip4 = lcl_ip;
790 args.rmt.fp_addr.ip4 = rmt_ip;
791 args.lcl.fp_len = 24;
792 args.rmt.fp_len = 24;
793 args.lcl_port = 1234;
794 args.rmt_port = 4321;
796 error = session_rules_table_add_del (srt, &args);
797 SESSION_TEST ((error == 0), "Del 1.2.3.4/24 1234 5.6.7.5/24");
799 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
800 SESSION_TEST ((res == 2), "Action should be 2: %d", res);
806 session_test_rules (vlib_main_t * vm, unformat_input_t * input)
808 session_endpoint_t server_sep = SESSION_ENDPOINT_NULL;
809 u64 options[APP_OPTIONS_N_OPTIONS];
810 u16 lcl_port = 1234, rmt_port = 4321;
811 u32 server_index, server_index2;
812 u32 dummy_server_api_index = ~0;
813 transport_connection_t *tc;
814 u32 dummy_port = 1111;
815 clib_error_t *error = 0;
816 u8 is_filtered = 0, *ns_id = format (0, "appns1");
817 stream_session_t *listener, *s;
818 app_namespace_t *default_ns = app_namespace_get_default ();
819 u32 local_ns_index = default_ns->local_table_index;
821 app_namespace_t *app_ns;
824 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
826 if (unformat (input, "verbose"))
830 vlib_cli_output (vm, "parse error: '%U'", format_unformat_error,
836 server_sep.is_ip4 = 1;
837 server_sep.port = dummy_port;
838 memset (options, 0, sizeof (options));
840 vnet_app_attach_args_t attach_args = {
841 .api_client_index = ~0,
844 .session_cb_vft = &dummy_session_cbs,
845 .name = format (0, "session_test"),
848 vnet_bind_args_t bind_args = {
854 * Attach server with global and local default scope
856 options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN;
857 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
858 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
859 attach_args.namespace_id = 0;
860 attach_args.api_client_index = dummy_server_api_index;
861 error = vnet_application_attach (&attach_args);
862 SESSION_TEST ((error == 0), "server attached");
863 server_index = attach_args.app_index;
865 bind_args.app_index = server_index;
866 error = vnet_bind (&bind_args);
867 SESSION_TEST ((error == 0), "server bound to %U/%d", format_ip46_address,
868 &server_sep.ip, 1, server_sep.port);
869 listener = listen_session_get_from_handle (bind_args.handle);
870 ip4_address_t lcl_ip = {
871 .as_u32 = clib_host_to_net_u32 (0x01020304),
873 ip4_address_t rmt_ip = {
874 .as_u32 = clib_host_to_net_u32 (0x05060708),
876 fib_prefix_t lcl_pref = {
877 .fp_addr.ip4.as_u32 = lcl_ip.as_u32,
879 .fp_proto = FIB_PROTOCOL_IP4,
881 fib_prefix_t rmt_pref = {
882 .fp_addr.ip4.as_u32 = rmt_ip.as_u32,
884 .fp_proto = FIB_PROTOCOL_IP4,
887 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
888 &rmt_pref.fp_addr.ip4, lcl_port,
889 rmt_port, TRANSPORT_PROTO_TCP, 0,
891 SESSION_TEST ((tc == 0), "optimized lookup should not work (port)");
894 * Add 1.2.3.4/16 1234 5.6.7.8/16 4321 action server_index
896 session_rule_add_del_args_t args = {
897 .table_args.lcl = lcl_pref,
898 .table_args.rmt = rmt_pref,
899 .table_args.lcl_port = lcl_port,
900 .table_args.rmt_port = rmt_port,
901 .table_args.action_index = server_index,
902 .table_args.is_add = 1,
905 error = vnet_session_rule_add_del (&args);
906 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 1234 5.6.7.8/16 4321 action %d",
907 args.table_args.action_index);
909 tc = session_lookup_connection4 (0, &lcl_pref.fp_addr.ip4,
910 &rmt_pref.fp_addr.ip4, lcl_port, rmt_port,
911 TRANSPORT_PROTO_TCP);
912 SESSION_TEST ((tc->c_index == listener->connection_index),
913 "optimized lookup should return the listener");
914 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
915 &rmt_pref.fp_addr.ip4, lcl_port,
916 rmt_port, TRANSPORT_PROTO_TCP, 0,
918 SESSION_TEST ((tc->c_index == listener->connection_index),
919 "lookup should return the listener");
920 s = session_lookup_safe4 (0, &lcl_pref.fp_addr.ip4, &rmt_pref.fp_addr.ip4,
921 lcl_port, rmt_port, TRANSPORT_PROTO_TCP);
922 SESSION_TEST ((s->connection_index == listener->connection_index),
923 "safe lookup should return the listener");
924 session_endpoint_t sep = {
925 .ip = rmt_pref.fp_addr,
928 .transport_proto = TRANSPORT_PROTO_TCP,
930 handle = session_lookup_local_endpoint (local_ns_index, &sep);
931 SESSION_TEST ((handle != server_index), "local session endpoint lookup "
932 "should not work (global scope)");
934 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
935 &rmt_pref.fp_addr.ip4, lcl_port + 1,
936 rmt_port, TRANSPORT_PROTO_TCP, 0,
938 SESSION_TEST ((tc == 0),
939 "optimized lookup for wrong lcl port + 1 should not work");
942 * Add 1.2.3.4/16 * 5.6.7.8/16 4321
944 args.table_args.lcl_port = 0;
945 args.scope = SESSION_RULE_SCOPE_LOCAL | SESSION_RULE_SCOPE_GLOBAL;
946 error = vnet_session_rule_add_del (&args);
947 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 * 5.6.7.8/16 4321 action %d",
948 args.table_args.action_index);
949 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
950 &rmt_pref.fp_addr.ip4, lcl_port + 1,
951 rmt_port, TRANSPORT_PROTO_TCP, 0,
953 SESSION_TEST ((tc->c_index == listener->connection_index),
954 "optimized lookup for lcl port + 1 should work");
955 handle = session_lookup_local_endpoint (local_ns_index, &sep);
956 SESSION_TEST ((handle == server_index), "local session endpoint lookup "
957 "should work (lcl ip was zeroed)");
960 * Add deny rule 1.2.3.4/32 1234 5.6.7.8/32 4321 action -2 (drop)
962 args.table_args.lcl_port = 1234;
963 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
964 args.table_args.lcl.fp_len = 30;
965 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
966 args.table_args.rmt.fp_len = 30;
967 args.table_args.action_index = SESSION_RULES_TABLE_ACTION_DROP;
968 error = vnet_session_rule_add_del (&args);
969 SESSION_TEST ((error == 0), "Add 1.2.3.4/30 1234 5.6.7.8/30 4321 action %d",
970 args.table_args.action_index);
974 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
975 TRANSPORT_PROTO_TCP);
976 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
977 TRANSPORT_PROTO_TCP);
980 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
981 &rmt_pref.fp_addr.ip4, lcl_port,
982 rmt_port, TRANSPORT_PROTO_TCP, 0,
984 SESSION_TEST ((tc == 0), "lookup for 1.2.3.4/32 1234 5.6.7.8/16 4321 "
985 "should fail (deny rule)");
986 SESSION_TEST ((is_filtered == 1), "lookup should be filtered (deny)");
988 handle = session_lookup_local_endpoint (local_ns_index, &sep);
989 SESSION_TEST ((handle == SESSION_DROP_HANDLE), "lookup for 1.2.3.4/32 1234 "
990 "5.6.7.8/16 4321 in local table should return deny");
992 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
993 &rmt_pref.fp_addr.ip4, lcl_port + 1,
994 rmt_port, TRANSPORT_PROTO_TCP, 0,
996 SESSION_TEST ((tc->c_index == listener->connection_index),
997 "lookup 1.2.3.4/32 123*5* 5.6.7.8/16 4321 should work");
1000 * "Mask" deny rule with more specific allow:
1001 * Add allow rule 1.2.3.4/32 1234 5.6.7.8/32 4321 action -3 (allow)
1003 args.table_args.is_add = 1;
1004 args.table_args.lcl_port = 1234;
1005 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1006 args.table_args.lcl.fp_len = 32;
1007 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1008 args.table_args.rmt.fp_len = 32;
1009 args.table_args.action_index = SESSION_RULES_TABLE_ACTION_ALLOW;
1010 error = vnet_session_rule_add_del (&args);
1011 SESSION_TEST ((error == 0), "Add masking rule 1.2.3.4/30 1234 5.6.7.8/32 "
1012 "4321 action %d", args.table_args.action_index);
1015 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
1016 &rmt_pref.fp_addr.ip4, lcl_port,
1017 rmt_port, TRANSPORT_PROTO_TCP, 0,
1019 SESSION_TEST ((tc == 0), "lookup for 1.2.3.4/32 1234 5.6.7.8/16 4321 "
1020 "should fail (allow without app)");
1021 SESSION_TEST ((is_filtered == 0), "lookup should NOT be filtered");
1023 handle = session_lookup_local_endpoint (local_ns_index, &sep);
1024 SESSION_TEST ((handle == SESSION_INVALID_HANDLE), "lookup for 1.2.3.4/32 "
1025 "1234 5.6.7.8/32 4321 in local table should return invalid");
1029 vlib_cli_output (vm, "Local rules");
1030 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
1031 TRANSPORT_PROTO_TCP);
1034 sep.ip.ip4.as_u32 += 1 << 24;
1035 handle = session_lookup_local_endpoint (local_ns_index, &sep);
1036 SESSION_TEST ((handle == SESSION_DROP_HANDLE), "lookup for 1.2.3.4/32 1234"
1037 " 5.6.7.9/32 4321 in local table should return deny");
1039 vnet_connect_args_t connect_args = {
1040 .app_index = attach_args.app_index,
1043 clib_memcpy (&connect_args.sep, &sep, sizeof (sep));
1045 /* Try connecting */
1046 error = vnet_connect (&connect_args);
1047 SESSION_TEST ((error != 0), "connect should fail");
1048 rv = clib_error_get_code (error);
1049 SESSION_TEST ((rv == VNET_API_ERROR_APP_CONNECT_FILTERED),
1050 "connect should be filtered");
1052 sep.ip.ip4.as_u32 -= 1 << 24;
1055 * Delete masking rule: 1.2.3.4/32 1234 5.6.7.8/32 4321 allow
1057 args.table_args.is_add = 0;
1058 args.table_args.lcl_port = 1234;
1059 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1060 args.table_args.lcl.fp_len = 32;
1061 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1062 args.table_args.rmt.fp_len = 32;
1063 error = vnet_session_rule_add_del (&args);
1064 SESSION_TEST ((error == 0), "Del 1.2.3.4/32 1234 5.6.7.8/32 4321 allow");
1068 * Add local scope rule for 0/0 * 5.6.7.8/16 4321 action server_index
1070 args.table_args.is_add = 1;
1071 args.table_args.lcl_port = 0;
1072 args.table_args.lcl.fp_len = 0;
1073 args.table_args.rmt.fp_len = 16;
1074 args.table_args.action_index = -1;
1075 error = vnet_session_rule_add_del (&args);
1076 SESSION_TEST ((error == 0), "Add * * 5.6.7.8/16 4321 action %d",
1077 args.table_args.action_index);
1081 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
1082 TRANSPORT_PROTO_TCP);
1083 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
1084 TRANSPORT_PROTO_TCP);
1087 handle = session_lookup_local_endpoint (local_ns_index, &sep);
1088 SESSION_TEST ((handle == SESSION_DROP_HANDLE),
1089 "local session endpoint lookup should return deny");
1092 * Delete 1.2.3.4/32 1234 5.6.7.8/32 4321 deny
1094 args.table_args.is_add = 0;
1095 args.table_args.lcl_port = 1234;
1096 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1097 args.table_args.lcl.fp_len = 30;
1098 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1099 args.table_args.rmt.fp_len = 30;
1100 error = vnet_session_rule_add_del (&args);
1101 SESSION_TEST ((error == 0), "Del 1.2.3.4/32 1234 5.6.7.8/32 4321 deny");
1103 handle = session_lookup_local_endpoint (local_ns_index, &sep);
1104 SESSION_TEST ((handle == SESSION_INVALID_HANDLE),
1105 "local session endpoint lookup should return invalid");
1108 * Delete 0/0 * 5.6.7.8/16 4321, 1.2.3.4/16 * 5.6.7.8/16 4321 and
1109 * 1.2.3.4/16 1234 5.6.7.8/16 4321
1111 args.table_args.is_add = 0;
1112 args.table_args.lcl_port = 0;
1113 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1114 args.table_args.lcl.fp_len = 0;
1115 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1116 args.table_args.rmt.fp_len = 16;
1117 args.table_args.rmt_port = 4321;
1118 error = vnet_session_rule_add_del (&args);
1119 SESSION_TEST ((error == 0), "Del 0/0 * 5.6.7.8/16 4321");
1120 handle = session_lookup_local_endpoint (local_ns_index, &sep);
1121 SESSION_TEST ((handle != server_index), "local session endpoint lookup "
1122 "should not work (removed)");
1124 args.table_args.is_add = 0;
1125 args.table_args.lcl = lcl_pref;
1127 args.table_args.is_add = 0;
1128 args.table_args.lcl_port = 0;
1129 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1130 args.table_args.lcl.fp_len = 16;
1131 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1132 args.table_args.rmt.fp_len = 16;
1133 args.table_args.rmt_port = 4321;
1134 error = vnet_session_rule_add_del (&args);
1135 SESSION_TEST ((error == 0), "Del 1.2.3.4/16 * 5.6.7.8/16 4321");
1136 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
1137 &rmt_pref.fp_addr.ip4, lcl_port + 1,
1138 rmt_port, TRANSPORT_PROTO_TCP, 0,
1140 SESSION_TEST ((tc == 0),
1141 "lookup 1.2.3.4/32 123*5* 5.6.7.8/16 4321 should not "
1144 args.table_args.is_add = 0;
1145 args.table_args.lcl_port = 1234;
1146 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1147 args.table_args.lcl.fp_len = 16;
1148 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1149 args.table_args.rmt.fp_len = 16;
1150 args.table_args.rmt_port = 4321;
1151 error = vnet_session_rule_add_del (&args);
1152 SESSION_TEST ((error == 0), "Del 1.2.3.4/16 1234 5.6.7.8/16 4321");
1153 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
1154 &rmt_pref.fp_addr.ip4, lcl_port,
1155 rmt_port, TRANSPORT_PROTO_TCP, 0,
1157 SESSION_TEST ((tc == 0), "lookup 1.2.3.4/32 1234 5.6.7.8/16 4321 should "
1158 "not work (del + deny)");
1160 SESSION_TEST ((error == 0), "Del 1.2.3.4/32 1234 5.6.7.8/32 4321 deny");
1161 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
1162 &rmt_pref.fp_addr.ip4, lcl_port,
1163 rmt_port, TRANSPORT_PROTO_TCP, 0,
1165 SESSION_TEST ((tc == 0), "lookup 1.2.3.4/32 1234 5.6.7.8/16 4321 should"
1166 " not work (no-rule)");
1169 * Test tags. Add/overwrite/del rule with tag
1171 args.table_args.is_add = 1;
1172 args.table_args.lcl_port = 1234;
1173 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1174 args.table_args.lcl.fp_len = 16;
1175 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1176 args.table_args.rmt.fp_len = 16;
1177 args.table_args.rmt_port = 4321;
1178 args.table_args.tag = format (0, "test_rule");
1179 args.table_args.action_index = server_index;
1180 error = vnet_session_rule_add_del (&args);
1181 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 1234 5.6.7.8/16 4321 deny "
1185 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
1186 TRANSPORT_PROTO_TCP);
1187 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
1188 TRANSPORT_PROTO_TCP);
1190 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
1191 &rmt_pref.fp_addr.ip4, lcl_port,
1192 rmt_port, TRANSPORT_PROTO_TCP, 0,
1194 SESSION_TEST ((tc->c_index == listener->connection_index),
1195 "lookup 1.2.3.4/32 1234 5.6.7.8/16 4321 should work");
1197 vec_free (args.table_args.tag);
1198 args.table_args.lcl_port = 1234;
1199 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1200 args.table_args.lcl.fp_len = 16;
1201 args.table_args.tag = format (0, "test_rule_overwrite");
1202 error = vnet_session_rule_add_del (&args);
1203 SESSION_TEST ((error == 0),
1204 "Overwrite 1.2.3.4/16 1234 5.6.7.8/16 4321 deny tag test_rule"
1208 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
1209 TRANSPORT_PROTO_TCP);
1210 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
1211 TRANSPORT_PROTO_TCP);
1214 args.table_args.is_add = 0;
1215 args.table_args.lcl_port += 1;
1216 error = vnet_session_rule_add_del (&args);
1217 SESSION_TEST ((error == 0), "Del 1.2.3.4/32 1234 5.6.7.8/32 4321 deny "
1218 "tag %v", args.table_args.tag);
1221 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
1222 TRANSPORT_PROTO_TCP);
1223 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
1224 TRANSPORT_PROTO_TCP);
1226 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
1227 &rmt_pref.fp_addr.ip4, lcl_port,
1228 rmt_port, TRANSPORT_PROTO_TCP, 0,
1230 SESSION_TEST ((tc == 0), "lookup 1.2.3.4/32 1234 5.6.7.8/32 4321 should not"
1235 * Test local rules with multiple namespaces
1239 * Add deny rule 1.2.3.4/32 1234 5.6.7.8/32 0 action -2 (drop)
1241 args.table_args.is_add = 1;
1242 args.table_args.lcl_port = 1234;
1243 args.table_args.rmt_port = 0;
1244 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1245 args.table_args.lcl.fp_len = 32;
1246 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1247 args.table_args.rmt.fp_len = 32;
1248 args.table_args.action_index = SESSION_RULES_TABLE_ACTION_DROP;
1249 args.table_args.tag = 0;
1250 args.scope = SESSION_RULE_SCOPE_LOCAL;
1251 error = vnet_session_rule_add_del (&args);
1252 SESSION_TEST ((error == 0), "Add 1.2.3.4/32 1234 5.6.7.8/32 4321 action %d",
1253 args.table_args.action_index);
1255 * Add 'white' rule 1.2.3.4/32 1234 5.6.7.8/32 4321 action -2 (drop)
1257 args.table_args.is_add = 1;
1258 args.table_args.lcl_port = 1234;
1259 args.table_args.rmt_port = 4321;
1260 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1261 args.table_args.lcl.fp_len = 32;
1262 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1263 args.table_args.rmt.fp_len = 32;
1264 args.table_args.action_index = SESSION_RULES_TABLE_ACTION_ALLOW;
1265 error = vnet_session_rule_add_del (&args);
1269 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
1270 TRANSPORT_PROTO_TCP);
1273 vnet_app_namespace_add_del_args_t ns_args = {
1276 .sw_if_index = APP_NAMESPACE_INVALID_INDEX,
1279 error = vnet_app_namespace_add_del (&ns_args);
1280 SESSION_TEST ((error == 0), "app ns insertion should succeed: %d",
1281 clib_error_get_code (error));
1282 app_ns = app_namespace_get_from_id (ns_id);
1284 attach_args.namespace_id = ns_id;
1285 attach_args.api_client_index = dummy_server_api_index - 1;
1286 error = vnet_application_attach (&attach_args);
1287 SESSION_TEST ((error == 0), "server2 attached");
1288 server_index2 = attach_args.app_index;
1291 * Add deny rule 1.2.3.4/32 1234 5.6.7.8/32 0 action -2 (drop)
1293 args.table_args.lcl_port = 1234;
1294 args.table_args.rmt_port = 0;
1295 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1296 args.table_args.lcl.fp_len = 32;
1297 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1298 args.table_args.rmt.fp_len = 32;
1299 args.table_args.action_index = SESSION_RULES_TABLE_ACTION_DROP;
1300 args.appns_index = app_namespace_index (app_ns);
1302 error = vnet_session_rule_add_del (&args);
1303 SESSION_TEST ((error == 0), "Add 1.2.3.4/32 1234 5.6.7.8/32 4321 action %d "
1304 "in test namespace", args.table_args.action_index);
1306 * Lookup default namespace
1308 handle = session_lookup_local_endpoint (local_ns_index, &sep);
1309 SESSION_TEST ((handle == SESSION_INVALID_HANDLE),
1310 "lookup for 1.2.3.4/32 1234 5.6.7.8/32 4321 in local table "
1311 "should return allow (invalid)");
1314 handle = session_lookup_local_endpoint (local_ns_index, &sep);
1315 SESSION_TEST ((handle == SESSION_DROP_HANDLE), "lookup for 1.2.3.4/32 1234 "
1316 "5.6.7.8/16 432*2* in local table should return deny");
1319 connect_args.app_index = server_index;
1320 clib_memcpy (&connect_args.sep, &sep, sizeof (sep));
1322 error = vnet_connect (&connect_args);
1323 SESSION_TEST ((error != 0), "connect should fail");
1324 rv = clib_error_get_code (error);
1325 SESSION_TEST ((rv == VNET_API_ERROR_APP_CONNECT_FILTERED),
1326 "connect should be filtered");
1329 * Lookup test namespace
1331 handle = session_lookup_local_endpoint (app_ns->local_table_index, &sep);
1332 SESSION_TEST ((handle == SESSION_DROP_HANDLE), "lookup for 1.2.3.4/32 1234 "
1333 "5.6.7.8/16 4321 in local table should return deny");
1335 connect_args.app_index = server_index;
1336 error = vnet_connect (&connect_args);
1337 SESSION_TEST ((error != 0), "connect should fail");
1338 rv = clib_error_get_code (error);
1339 SESSION_TEST ((rv == VNET_API_ERROR_APP_CONNECT_FILTERED),
1340 "connect should be filtered");
1342 args.table_args.is_add = 0;
1343 vnet_session_rule_add_del (&args);
1345 args.appns_index = 0;
1346 args.table_args.is_add = 0;
1347 vnet_session_rule_add_del (&args);
1349 args.table_args.rmt_port = 4321;
1350 vnet_session_rule_add_del (&args);
1354 vec_free (args.table_args.tag);
1355 vnet_app_detach_args_t detach_args = {
1356 .app_index = server_index,
1358 vnet_application_detach (&detach_args);
1360 detach_args.app_index = server_index2;
1361 vnet_application_detach (&detach_args);
1364 vec_free (attach_args.name);
1369 session_test_proxy (vlib_main_t * vm, unformat_input_t * input)
1371 u64 options[APP_OPTIONS_N_OPTIONS];
1372 char *show_listeners = "sh session listeners tcp verbose";
1373 char *show_local_listeners = "sh app ns table default";
1374 unformat_input_t tmp_input;
1375 u32 server_index, app_index;
1376 u32 dummy_server_api_index = ~0, sw_if_index = 0;
1377 clib_error_t *error = 0;
1378 u8 sst, is_filtered = 0;
1379 stream_session_t *s;
1380 transport_connection_t *tc;
1381 u16 lcl_port = 1234, rmt_port = 4321;
1382 app_namespace_t *app_ns;
1385 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1387 if (unformat (input, "verbose"))
1391 vlib_cli_output (vm, "parse error: '%U'", format_unformat_error,
1397 ip4_address_t lcl_ip = {
1398 .as_u32 = clib_host_to_net_u32 (0x01020304),
1400 ip4_address_t rmt_ip = {
1401 .as_u32 = clib_host_to_net_u32 (0x05060708),
1403 fib_prefix_t rmt_pref = {
1404 .fp_addr.ip4.as_u32 = rmt_ip.as_u32,
1406 .fp_proto = FIB_PROTOCOL_IP4,
1408 session_endpoint_t sep = {
1409 .ip = rmt_pref.fp_addr,
1412 .transport_proto = TRANSPORT_PROTO_TCP,
1416 * Create loopback interface
1418 session_create_lookpback (0, &sw_if_index, &lcl_ip);
1420 app_ns = app_namespace_get_default ();
1421 app_ns->sw_if_index = sw_if_index;
1423 memset (options, 0, sizeof (options));
1424 options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN;
1425 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_ACCEPT_REDIRECT;
1426 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_IS_PROXY;
1427 options[APP_OPTIONS_PROXY_TRANSPORT] = 1 << TRANSPORT_PROTO_TCP;
1428 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
1429 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
1430 vnet_app_attach_args_t attach_args = {
1431 .api_client_index = ~0,
1434 .session_cb_vft = &dummy_session_cbs,
1435 .name = format (0, "session_test"),
1438 attach_args.api_client_index = dummy_server_api_index;
1439 error = vnet_application_attach (&attach_args);
1440 SESSION_TEST ((error == 0), "server attachment should work");
1441 server_index = attach_args.app_index;
1445 unformat_init_string (&tmp_input, show_listeners,
1446 strlen (show_listeners));
1447 vlib_cli_input (vm, &tmp_input, 0, 0);
1448 unformat_init_string (&tmp_input, show_local_listeners,
1449 strlen (show_local_listeners));
1450 vlib_cli_input (vm, &tmp_input, 0, 0);
1453 tc = session_lookup_connection_wt4 (0, &lcl_ip, &rmt_ip, lcl_port, rmt_port,
1454 TRANSPORT_PROTO_TCP, 0, &is_filtered);
1455 SESSION_TEST ((tc != 0), "lookup 1.2.3.4 1234 5.6.7.8 4321 should be "
1457 sst = session_type_from_proto_and_ip (TRANSPORT_PROTO_TCP, 1);
1458 s = listen_session_get (sst, tc->s_index);
1459 SESSION_TEST ((s->app_index == server_index), "lookup should return the"
1462 tc = session_lookup_connection_wt4 (0, &rmt_ip, &rmt_ip, lcl_port, rmt_port,
1463 TRANSPORT_PROTO_TCP, 0, &is_filtered);
1464 SESSION_TEST ((tc == 0), "lookup 5.6.7.8 1234 5.6.7.8 4321 should"
1467 app_index = session_lookup_local_endpoint (app_ns->local_table_index, &sep);
1468 SESSION_TEST ((app_index == server_index), "local session endpoint lookup"
1471 vnet_app_detach_args_t detach_args = {
1472 .app_index = server_index,
1474 vnet_application_detach (&detach_args);
1478 unformat_init_string (&tmp_input, show_listeners,
1479 strlen (show_listeners));
1480 vlib_cli_input (vm, &tmp_input, 0, 0);
1481 unformat_init_string (&tmp_input, show_local_listeners,
1482 strlen (show_local_listeners));
1483 vlib_cli_input (vm, &tmp_input, 0, 0);
1486 app_index = session_lookup_local_endpoint (app_ns->local_table_index, &sep);
1487 SESSION_TEST ((app_index == SESSION_RULES_TABLE_INVALID_INDEX),
1488 "local session endpoint lookup should not work after detach");
1490 unformat_free (&tmp_input);
1491 vec_free (attach_args.name);
1495 static clib_error_t *
1496 session_test (vlib_main_t * vm,
1497 unformat_input_t * input, vlib_cli_command_t * cmd_arg)
1501 vnet_session_enable_disable (vm, 1);
1503 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1505 if (unformat (input, "basic"))
1506 res = session_test_basic (vm, input);
1507 else if (unformat (input, "namespace"))
1508 res = session_test_namespace (vm, input);
1509 else if (unformat (input, "rules-table"))
1510 res = session_test_rule_table (vm, input);
1511 else if (unformat (input, "rules"))
1512 res = session_test_rules (vm, input);
1513 else if (unformat (input, "proxy"))
1514 res = session_test_proxy (vm, input);
1515 else if (unformat (input, "all"))
1517 if ((res = session_test_basic (vm, input)))
1519 if ((res = session_test_namespace (vm, input)))
1521 if ((res = session_test_rule_table (vm, input)))
1523 if ((res = session_test_rules (vm, input)))
1525 if ((res = session_test_proxy (vm, input)))
1534 return clib_error_return (0, "Session unit test failed");
1539 VLIB_CLI_COMMAND (tcp_test_command, static) =
1541 .path = "test session",
1542 .short_help = "internal session unit tests",
1543 .function = session_test,
1548 * fd.io coding-style-patch-verification: ON
1551 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob