2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vnet/session/application_namespace.h>
17 #include <vnet/session/application_interface.h>
18 #include <vnet/session/application.h>
19 #include <vnet/session/session.h>
20 #include <vnet/session/session_rules_table.h>
22 #define SESSION_TEST_I(_cond, _comment, _args...) \
24 int _evald = (_cond); \
26 fformat(stderr, "FAIL:%d: " _comment "\n", \
29 fformat(stderr, "PASS:%d: " _comment "\n", \
35 #define SESSION_TEST(_cond, _comment, _args...) \
37 if (!SESSION_TEST_I(_cond, _comment, ##_args)) { \
43 dummy_session_reset_callback (stream_session_t * s)
45 clib_warning ("called...");
49 dummy_session_connected_callback (u32 app_index, u32 api_context,
50 stream_session_t * s, u8 is_fail)
52 clib_warning ("called...");
57 dummy_add_segment_callback (u32 client_index, const u8 * seg_name,
60 clib_warning ("called...");
65 dummy_redirect_connect_callback (u32 client_index, void *mp)
67 return VNET_API_ERROR_SESSION_REDIRECT;
71 dummy_session_disconnect_callback (stream_session_t * s)
73 clib_warning ("called...");
77 dummy_session_accept_callback (stream_session_t * s)
79 clib_warning ("called...");
84 dummy_server_rx_callback (stream_session_t * s)
86 clib_warning ("called...");
91 static session_cb_vft_t dummy_session_cbs = {
92 .session_reset_callback = dummy_session_reset_callback,
93 .session_connected_callback = dummy_session_connected_callback,
94 .session_accept_callback = dummy_session_accept_callback,
95 .session_disconnect_callback = dummy_session_disconnect_callback,
96 .builtin_server_rx_callback = dummy_server_rx_callback,
97 .redirect_connect_callback = dummy_redirect_connect_callback,
102 session_test_basic (vlib_main_t * vm, unformat_input_t * input)
104 session_endpoint_t server_sep = SESSION_ENDPOINT_NULL;
105 u64 options[SESSION_OPTIONS_N_OPTIONS], bind4_handle, bind6_handle;
106 u8 segment_name[128];
107 clib_error_t *error = 0;
110 memset (options, 0, sizeof (options));
111 options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN;
112 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_ACCEPT_REDIRECT;
113 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
114 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
115 vnet_app_attach_args_t attach_args = {
116 .api_client_index = ~0,
119 .session_cb_vft = &dummy_session_cbs,
120 .segment_name = segment_name,
123 error = vnet_application_attach (&attach_args);
124 SESSION_TEST ((error == 0), "app attached");
125 server_index = attach_args.app_index;
127 server_sep.is_ip4 = 1;
128 vnet_bind_args_t bind_args = {
133 bind_args.app_index = server_index;
134 error = vnet_bind (&bind_args);
135 SESSION_TEST ((error == 0), "server bind4 should work");
136 bind4_handle = bind_args.handle;
138 error = vnet_bind (&bind_args);
139 SESSION_TEST ((error != 0), "double server bind4 should not work");
141 bind_args.sep.is_ip4 = 0;
142 error = vnet_bind (&bind_args);
143 SESSION_TEST ((error == 0), "server bind6 should work");
144 bind6_handle = bind_args.handle;
146 error = vnet_bind (&bind_args);
147 SESSION_TEST ((error != 0), "double server bind6 should not work");
149 vnet_unbind_args_t unbind_args = {
150 .handle = bind4_handle,
151 .app_index = server_index,
153 error = vnet_unbind (&unbind_args);
154 SESSION_TEST ((error == 0), "unbind4 should work");
156 unbind_args.handle = bind6_handle;
157 error = vnet_unbind (&unbind_args);
158 SESSION_TEST ((error == 0), "unbind6 should work");
160 vnet_app_detach_args_t detach_args = {
161 .app_index = server_index,
163 vnet_application_detach (&detach_args);
168 session_test_namespace (vlib_main_t * vm, unformat_input_t * input)
170 u64 options[SESSION_OPTIONS_N_OPTIONS], dummy_secret = 1234;
171 u32 server_index, server_st_index, server_local_st_index;
172 u32 dummy_port = 1234, local_listener, client_index;
173 u32 dummy_api_context = 4321, dummy_client_api_index = 1234;
174 u32 dummy_server_api_index = ~0, sw_if_index = 0;
175 session_endpoint_t server_sep = SESSION_ENDPOINT_NULL;
176 session_endpoint_t client_sep = SESSION_ENDPOINT_NULL;
177 session_endpoint_t intf_sep = SESSION_ENDPOINT_NULL;
178 clib_error_t *error = 0;
179 u8 *ns_id = format (0, "appns1"), intf_mac[6];
180 app_namespace_t *app_ns;
181 u8 segment_name[128];
182 application_t *server;
186 server_sep.is_ip4 = 1;
187 server_sep.port = dummy_port;
188 client_sep.is_ip4 = 1;
189 client_sep.port = dummy_port;
190 memset (options, 0, sizeof (options));
191 memset (intf_mac, 0, sizeof (intf_mac));
193 options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN;
194 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_ACCEPT_REDIRECT;
195 vnet_app_attach_args_t attach_args = {
196 .api_client_index = ~0,
199 .session_cb_vft = &dummy_session_cbs,
200 .segment_name = segment_name,
203 vnet_bind_args_t bind_args = {
208 vnet_connect_args_t connect_args = {
214 vnet_unbind_args_t unbind_args = {
215 .handle = bind_args.handle,
219 vnet_app_detach_args_t detach_args = {
223 ip4_address_t intf_addr = {
224 .as_u32 = clib_host_to_net_u32 (0x06000105),
227 intf_sep.ip.ip4 = intf_addr;
229 intf_sep.port = dummy_port;
232 * Insert namespace and lookup
235 vnet_app_namespace_add_del_args_t ns_args = {
237 .secret = dummy_secret,
238 .sw_if_index = APP_NAMESPACE_INVALID_INDEX,
241 error = vnet_app_namespace_add_del (&ns_args);
242 SESSION_TEST ((error == 0), "app ns insertion should succeed: %d",
243 clib_error_get_code (error));
245 app_ns = app_namespace_get_from_id (ns_id);
246 SESSION_TEST ((app_ns != 0), "should find ns %v status", ns_id);
247 SESSION_TEST ((app_ns->ns_secret == dummy_secret), "secret should be %d",
249 SESSION_TEST ((app_ns->sw_if_index == APP_NAMESPACE_INVALID_INDEX),
250 "sw_if_index should be invalid");
253 * Try application attach with wrong secret
256 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
257 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
258 options[APP_OPTIONS_NAMESPACE_SECRET] = dummy_secret - 1;
259 attach_args.namespace_id = ns_id;
260 attach_args.api_client_index = dummy_server_api_index;
262 error = vnet_application_attach (&attach_args);
263 SESSION_TEST ((error != 0), "app attachment should fail");
264 code = clib_error_get_code (error);
265 SESSION_TEST ((code == VNET_API_ERROR_APP_WRONG_NS_SECRET),
266 "code should be wrong ns secret: %d", code);
269 * Attach server with global default scope
271 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
272 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
273 options[APP_OPTIONS_NAMESPACE_SECRET] = 0;
274 attach_args.namespace_id = 0;
275 attach_args.api_client_index = dummy_server_api_index;
276 error = vnet_application_attach (&attach_args);
277 SESSION_TEST ((error == 0), "server attachment should work");
278 server_index = attach_args.app_index;
279 server = application_get (server_index);
280 SESSION_TEST ((server->ns_index == 0),
281 "server should be in the default ns");
283 bind_args.app_index = server_index;
284 error = vnet_bind (&bind_args);
285 SESSION_TEST ((error == 0), "server bind should work");
287 server_st_index = application_session_table (server, FIB_PROTOCOL_IP4);
288 s = session_lookup_listener (server_st_index, &server_sep);
289 SESSION_TEST ((s != 0), "listener should exist in global table");
290 SESSION_TEST ((s->app_index == server_index), "app_index should be that of "
292 server_local_st_index = application_local_session_table (server);
293 SESSION_TEST ((server_local_st_index == APP_INVALID_INDEX),
294 "server shouldn't have access to local table");
296 unbind_args.app_index = server_index;
297 unbind_args.handle = bind_args.handle;
298 error = vnet_unbind (&unbind_args);
299 SESSION_TEST ((error == 0), "unbind should work");
301 s = session_lookup_listener (server_st_index, &server_sep);
302 SESSION_TEST ((s == 0), "listener should not exist in global table");
304 detach_args.app_index = server_index;
305 vnet_application_detach (&detach_args);
308 * Attach server with local and global scope
310 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
311 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
312 options[APP_OPTIONS_NAMESPACE_SECRET] = dummy_secret;
313 attach_args.namespace_id = ns_id;
314 attach_args.api_client_index = dummy_server_api_index;
315 error = vnet_application_attach (&attach_args);
316 SESSION_TEST ((error == 0), "server attachment should work");
317 server_index = attach_args.app_index;
318 server = application_get (server_index);
319 SESSION_TEST ((server->ns_index == app_namespace_index (app_ns)),
320 "server should be in the right ns");
322 bind_args.app_index = server_index;
323 error = vnet_bind (&bind_args);
324 SESSION_TEST ((error == 0), "bind should work");
325 server_st_index = application_session_table (server, FIB_PROTOCOL_IP4);
326 s = session_lookup_listener (server_st_index, &server_sep);
327 SESSION_TEST ((s != 0), "listener should exist in global table");
328 SESSION_TEST ((s->app_index == server_index), "app_index should be that of "
330 server_local_st_index = application_local_session_table (server);
332 session_lookup_local_session_endpoint (server_local_st_index,
334 SESSION_TEST ((local_listener != SESSION_INVALID_INDEX),
335 "listener should exist in local table");
338 * Try client connect with 1) local scope 2) global scope
340 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
341 attach_args.api_client_index = dummy_client_api_index;
342 error = vnet_application_attach (&attach_args);
343 SESSION_TEST ((error == 0), "client attachment should work");
344 client_index = attach_args.app_index;
345 connect_args.api_context = dummy_api_context;
346 connect_args.app_index = client_index;
347 error = vnet_connect (&connect_args);
348 SESSION_TEST ((error != 0), "client connect should return error code");
349 code = clib_error_get_code (error);
350 SESSION_TEST ((code == VNET_API_ERROR_INVALID_VALUE),
351 "error code should be invalid value (zero ip)");
352 connect_args.sep.ip.ip4.as_u8[0] = 127;
353 error = vnet_connect (&connect_args);
354 SESSION_TEST ((error != 0), "client connect should return error code");
355 code = clib_error_get_code (error);
356 SESSION_TEST ((code == VNET_API_ERROR_SESSION_REDIRECT),
357 "error code should be redirect");
358 detach_args.app_index = client_index;
359 vnet_application_detach (&detach_args);
361 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
362 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
363 attach_args.api_client_index = dummy_client_api_index;
364 error = vnet_application_attach (&attach_args);
365 SESSION_TEST ((error == 0), "client attachment should work");
366 error = vnet_connect (&connect_args);
367 SESSION_TEST ((error != 0), "client connect should return error code");
368 code = clib_error_get_code (error);
369 SESSION_TEST ((code == VNET_API_ERROR_SESSION_CONNECT),
370 "error code should be connect (nothing in local scope)");
371 detach_args.app_index = client_index;
372 vnet_application_detach (&detach_args);
375 * Unbind and detach server and then re-attach with local scope only
377 unbind_args.handle = bind_args.handle;
378 unbind_args.app_index = server_index;
379 error = vnet_unbind (&unbind_args);
380 SESSION_TEST ((error == 0), "unbind should work");
382 s = session_lookup_listener (server_st_index, &server_sep);
383 SESSION_TEST ((s == 0), "listener should not exist in global table");
385 session_lookup_local_session_endpoint (server_local_st_index,
387 SESSION_TEST ((s == 0), "listener should not exist in local table");
389 detach_args.app_index = server_index;
390 vnet_application_detach (&detach_args);
392 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
393 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
394 attach_args.api_client_index = dummy_server_api_index;
395 error = vnet_application_attach (&attach_args);
396 SESSION_TEST ((error == 0), "app attachment should work");
397 server_index = attach_args.app_index;
398 server = application_get (server_index);
399 SESSION_TEST ((server->ns_index == app_namespace_index (app_ns)),
400 "app should be in the right ns");
402 bind_args.app_index = server_index;
403 error = vnet_bind (&bind_args);
404 SESSION_TEST ((error == 0), "bind should work");
406 server_st_index = application_session_table (server, FIB_PROTOCOL_IP4);
407 s = session_lookup_listener (server_st_index, &server_sep);
408 SESSION_TEST ((s == 0), "listener should not exist in global table");
409 server_local_st_index = application_local_session_table (server);
411 session_lookup_local_session_endpoint (server_local_st_index,
413 SESSION_TEST ((local_listener != SESSION_INVALID_INDEX),
414 "listener should exist in local table");
416 unbind_args.handle = bind_args.handle;
417 error = vnet_unbind (&unbind_args);
418 SESSION_TEST ((error == 0), "unbind should work");
421 session_lookup_local_session_endpoint (server_local_st_index,
423 SESSION_TEST ((local_listener == SESSION_INVALID_INDEX),
424 "listener should not exist in local table");
427 * Client attach + connect in default ns with local scope
429 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
430 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
431 attach_args.namespace_id = 0;
432 attach_args.api_client_index = dummy_client_api_index;
433 vnet_application_attach (&attach_args);
434 error = vnet_connect (&connect_args);
435 SESSION_TEST ((error != 0), "client connect should return error code");
436 code = clib_error_get_code (error);
437 SESSION_TEST ((code == VNET_API_ERROR_SESSION_CONNECT),
438 "error code should be connect (not in same ns)");
439 detach_args.app_index = client_index;
440 vnet_application_detach (&detach_args);
445 detach_args.app_index = server_index;
446 vnet_application_detach (&detach_args);
449 * Create loopback interface
451 if (vnet_create_loopback_interface (&sw_if_index, intf_mac, 0, 0))
453 clib_warning ("couldn't create loopback. stopping the test!");
456 vnet_sw_interface_set_flags (vnet_get_main (), sw_if_index,
457 VNET_SW_INTERFACE_FLAG_ADMIN_UP);
458 ip4_add_del_interface_address (vlib_get_main (), sw_if_index, &intf_addr,
464 ns_args.sw_if_index = sw_if_index;
465 error = vnet_app_namespace_add_del (&ns_args);
466 SESSION_TEST ((error == 0), "app ns insertion should succeed: %d",
467 clib_error_get_code (error));
470 * Attach server with local and global scope
472 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
473 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
474 options[APP_OPTIONS_NAMESPACE_SECRET] = dummy_secret;
475 attach_args.namespace_id = ns_id;
476 attach_args.api_client_index = dummy_server_api_index;
477 error = vnet_application_attach (&attach_args);
478 SESSION_TEST ((error == 0), "server attachment should work");
479 server_index = attach_args.app_index;
481 bind_args.app_index = server_index;
482 error = vnet_bind (&bind_args);
483 server_st_index = application_session_table (server, FIB_PROTOCOL_IP4);
484 s = session_lookup_listener (server_st_index, &server_sep);
485 SESSION_TEST ((s == 0), "zero listener should not exist in global table");
487 s = session_lookup_listener (server_st_index, &intf_sep);
488 SESSION_TEST ((s != 0), "intf listener should exist in global table");
489 SESSION_TEST ((s->app_index == server_index), "app_index should be that of "
491 server_local_st_index = application_local_session_table (server);
493 session_lookup_local_session_endpoint (server_local_st_index,
495 SESSION_TEST ((local_listener != SESSION_INVALID_INDEX),
496 "zero listener should exist in local table");
497 detach_args.app_index = server_index;
498 vnet_application_detach (&detach_args);
504 vnet_delete_loopback_interface (sw_if_index);
509 session_test_rule_table (vlib_main_t * vm, unformat_input_t * input)
511 session_rules_table_t _srt, *srt = &_srt;
512 u16 lcl_port = 1234, rmt_port = 4321;
513 u32 action_index = 1, res;
514 ip4_address_t lcl_lkup, rmt_lkup;
518 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
520 if (unformat (input, "verbose"))
524 vlib_cli_output (vm, "parse error: '%U'", format_unformat_error,
530 memset (srt, 0, sizeof (*srt));
531 session_rules_table_init (srt);
533 ip4_address_t lcl_ip = {
534 .as_u32 = clib_host_to_net_u32 (0x01020304),
536 ip4_address_t rmt_ip = {
537 .as_u32 = clib_host_to_net_u32 (0x05060708),
539 ip4_address_t lcl_ip2 = {
540 .as_u32 = clib_host_to_net_u32 (0x02020202),
542 ip4_address_t rmt_ip2 = {
543 .as_u32 = clib_host_to_net_u32 (0x06060606),
545 ip4_address_t lcl_ip3 = {
546 .as_u32 = clib_host_to_net_u32 (0x03030303),
548 ip4_address_t rmt_ip3 = {
549 .as_u32 = clib_host_to_net_u32 (0x07070707),
551 fib_prefix_t lcl_pref = {
552 .fp_addr.ip4.as_u32 = lcl_ip.as_u32,
554 .fp_proto = FIB_PROTOCOL_IP4,
556 fib_prefix_t rmt_pref = {
557 .fp_addr.ip4.as_u32 = rmt_ip.as_u32,
559 .fp_proto = FIB_PROTOCOL_IP4,
562 session_rule_table_add_del_args_t args = {
565 .lcl_port = lcl_port,
566 .rmt_port = rmt_port,
567 .action_index = action_index++,
570 error = session_rules_table_add_del (srt, &args);
571 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 1234 5.6.7.8/16 4321 action %d",
575 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
576 SESSION_TEST ((res == 1),
577 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 1: %d",
581 * Add 1.2.3.4/24 1234 5.6.7.8/16 4321 and 1.2.3.4/24 1234 5.6.7.8/24 4321
583 args.lcl.fp_addr.ip4 = lcl_ip;
584 args.lcl.fp_len = 24;
585 args.action_index = action_index++;
586 error = session_rules_table_add_del (srt, &args);
587 SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1234 5.6.7.8/16 4321 action %d",
589 args.rmt.fp_addr.ip4 = rmt_ip;
590 args.rmt.fp_len = 24;
591 args.action_index = action_index++;
592 error = session_rules_table_add_del (srt, &args);
593 SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1234 5.6.7.8/24 4321 action %d",
597 * Add 2.2.2.2/24 1234 6.6.6.6/16 4321 and 3.3.3.3/24 1234 7.7.7.7/16 4321
599 args.lcl.fp_addr.ip4 = lcl_ip2;
600 args.lcl.fp_len = 24;
601 args.rmt.fp_addr.ip4 = rmt_ip2;
602 args.rmt.fp_len = 16;
603 args.action_index = action_index++;
604 error = session_rules_table_add_del (srt, &args);
605 SESSION_TEST ((error == 0), "Add 2.2.2.2/24 1234 6.6.6.6/16 4321 action %d",
607 args.lcl.fp_addr.ip4 = lcl_ip3;
608 args.rmt.fp_addr.ip4 = rmt_ip3;
609 args.action_index = action_index++;
610 error = session_rules_table_add_del (srt, &args);
611 SESSION_TEST ((error == 0), "Add 3.3.3.3/24 1234 7.7.7.7/16 4321 action %d",
615 * Add again 3.3.3.3/24 1234 7.7.7.7/16 4321
617 args.lcl.fp_addr.ip4 = lcl_ip3;
618 args.rmt.fp_addr.ip4 = rmt_ip3;
619 args.action_index = action_index++;
620 error = session_rules_table_add_del (srt, &args);
621 SESSION_TEST ((error == 0), "overwrite 3.3.3.3/24 1234 7.7.7.7/16 4321 "
622 "action %d", action_index - 1);
625 * Lookup 1.2.3.4/32 1234 5.6.7.8/32 4321, 1.2.2.4/32 1234 5.6.7.9/32 4321
626 * and 3.3.3.3 1234 7.7.7.7 4321
629 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
630 SESSION_TEST ((res == 3),
631 "Lookup 1.2.3.4 1234 5.6.7.8 4321 action " "should be 3: %d",
634 lcl_lkup.as_u32 = clib_host_to_net_u32 (0x01020204);
635 rmt_lkup.as_u32 = clib_host_to_net_u32 (0x05060709);
637 session_rules_table_lookup4 (srt, &lcl_lkup,
638 &rmt_lkup, lcl_port, rmt_port);
639 SESSION_TEST ((res == 1),
640 "Lookup 1.2.2.4 1234 5.6.7.9 4321, action " "should be 1: %d",
644 session_rules_table_lookup4 (srt, &lcl_ip3, &rmt_ip3, lcl_port, rmt_port);
645 SESSION_TEST ((res == 6),
646 "Lookup 3.3.3.3 1234 7.7.7.7 4321, action "
647 "should be 6 (updated): %d", res);
650 * Add 1.2.3.4/24 * 5.6.7.8/24 *
651 * Lookup 1.2.3.4 1234 5.6.7.8 4321 and 1.2.3.4 1235 5.6.7.8 4321
653 args.lcl.fp_addr.ip4 = lcl_ip;
654 args.rmt.fp_addr.ip4 = rmt_ip;
655 args.lcl.fp_len = 24;
656 args.rmt.fp_len = 24;
659 args.action_index = action_index++;
660 error = session_rules_table_add_del (srt, &args);
661 SESSION_TEST ((error == 0), "Add 1.2.3.4/24 * 5.6.7.8/24 * action %d",
664 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
665 SESSION_TEST ((res == 7),
666 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should"
667 " be 7 (lpm dst): %d", res);
669 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip,
670 lcl_port + 1, rmt_port);
671 SESSION_TEST ((res == 7),
672 "Lookup 1.2.3.4 1235 5.6.7.8 4321, action should " "be 7: %d",
676 * Del 1.2.3.4/24 * 5.6.7.8/24 *
677 * Add 1.2.3.4/16 * 5.6.7.8/16 * and 1.2.3.4/24 1235 5.6.7.8/24 4321
678 * Lookup 1.2.3.4 1234 5.6.7.8 4321, 1.2.3.4 1235 5.6.7.8 4321 and
679 * 1.2.3.4 1235 5.6.7.8 4322
682 error = session_rules_table_add_del (srt, &args);
683 SESSION_TEST ((error == 0), "Del 1.2.3.4/24 * 5.6.7.8/24 *");
685 args.lcl.fp_addr.ip4 = lcl_ip;
686 args.rmt.fp_addr.ip4 = rmt_ip;
687 args.lcl.fp_len = 16;
688 args.rmt.fp_len = 16;
691 args.action_index = action_index++;
693 error = session_rules_table_add_del (srt, &args);
694 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 * 5.6.7.8/16 * action %d",
697 args.lcl.fp_addr.ip4 = lcl_ip;
698 args.rmt.fp_addr.ip4 = rmt_ip;
699 args.lcl.fp_len = 24;
700 args.rmt.fp_len = 24;
701 args.lcl_port = lcl_port + 1;
702 args.rmt_port = rmt_port;
703 args.action_index = action_index++;
705 error = session_rules_table_add_del (srt, &args);
706 SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1235 5.6.7.8/24 4321 action %d",
710 session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP4);
713 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
714 SESSION_TEST ((res == 3),
715 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d",
718 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip,
719 lcl_port + 1, rmt_port);
720 SESSION_TEST ((res == 9),
721 "Lookup 1.2.3.4 1235 5.6.7.8 4321, action should " "be 9: %d",
724 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip,
725 lcl_port + 1, rmt_port + 1);
726 SESSION_TEST ((res == 8),
727 "Lookup 1.2.3.4 1235 5.6.7.8 4322, action should " "be 8: %d",
731 * Delete 1.2.0.0/16 1234 5.6.0.0/16 4321 and 1.2.0.0/16 * 5.6.0.0/16 *
732 * Lookup 1.2.3.4 1234 5.6.7.8 4321
734 args.lcl_port = 1234;
735 args.rmt_port = 4321;
736 args.lcl.fp_len = 16;
737 args.rmt.fp_len = 16;
739 error = session_rules_table_add_del (srt, &args);
740 SESSION_TEST ((error == 0), "Del 1.2.0.0/16 1234 5.6.0.0/16 4321");
742 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
743 SESSION_TEST ((res == 3),
744 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d",
750 error = session_rules_table_add_del (srt, &args);
751 SESSION_TEST ((error == 0), "Del 1.2.0.0/16 * 5.6.0.0/16 *");
753 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
754 SESSION_TEST ((res == 3),
755 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d",
759 * Delete 1.2.3.4/24 1234 5.6.7.5/24
761 args.lcl.fp_addr.ip4 = lcl_ip;
762 args.rmt.fp_addr.ip4 = rmt_ip;
763 args.lcl.fp_len = 24;
764 args.rmt.fp_len = 24;
765 args.lcl_port = 1234;
766 args.rmt_port = 4321;
768 error = session_rules_table_add_del (srt, &args);
769 SESSION_TEST ((error == 0), "Del 1.2.3.4/24 1234 5.6.7.5/24");
771 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
772 SESSION_TEST ((res == 2), "Action should be 2: %d", res);
778 session_test_rules (vlib_main_t * vm, unformat_input_t * input)
780 session_endpoint_t server_sep = SESSION_ENDPOINT_NULL;
781 u64 options[SESSION_OPTIONS_N_OPTIONS];
782 u16 lcl_port = 1234, rmt_port = 4321;
783 u32 server_index, app_index;
784 u32 dummy_server_api_index = ~0;
785 transport_connection_t *tc;
786 u32 dummy_port = 1111;
787 clib_error_t *error = 0;
788 u8 segment_name[128];
789 stream_session_t *listener, *s;
790 app_namespace_t *default_ns = app_namespace_get_default ();
791 u32 local_ns_index = default_ns->local_table_index;
794 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
796 if (unformat (input, "verbose"))
800 vlib_cli_output (vm, "parse error: '%U'", format_unformat_error,
806 server_sep.is_ip4 = 1;
807 server_sep.port = dummy_port;
808 memset (options, 0, sizeof (options));
810 vnet_app_attach_args_t attach_args = {
811 .api_client_index = ~0,
814 .session_cb_vft = &dummy_session_cbs,
815 .segment_name = segment_name,
818 vnet_bind_args_t bind_args = {
824 * Attach server with global and local default scope
826 options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN;
827 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_ACCEPT_REDIRECT;
828 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
829 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
830 attach_args.namespace_id = 0;
831 attach_args.api_client_index = dummy_server_api_index;
832 error = vnet_application_attach (&attach_args);
833 SESSION_TEST ((error == 0), "server attached");
834 server_index = attach_args.app_index;
836 bind_args.app_index = server_index;
837 error = vnet_bind (&bind_args);
838 SESSION_TEST ((error == 0), "server bound to %U/%d", format_ip46_address,
839 &server_sep.ip, 1, server_sep.port);
840 listener = listen_session_get_from_handle (bind_args.handle);
841 ip4_address_t lcl_ip = {
842 .as_u32 = clib_host_to_net_u32 (0x01020304),
844 ip4_address_t rmt_ip = {
845 .as_u32 = clib_host_to_net_u32 (0x05060708),
847 fib_prefix_t lcl_pref = {
848 .fp_addr.ip4.as_u32 = lcl_ip.as_u32,
850 .fp_proto = FIB_PROTOCOL_IP4,
852 fib_prefix_t rmt_pref = {
853 .fp_addr.ip4.as_u32 = rmt_ip.as_u32,
855 .fp_proto = FIB_PROTOCOL_IP4,
858 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
859 &rmt_pref.fp_addr.ip4, lcl_port,
860 rmt_port, TRANSPORT_PROTO_TCP, 0);
861 SESSION_TEST ((tc == 0), "optimized lookup should not work (port)");
864 * Add 1.2.3.4/16 1234 5.6.7.8/16 4321 action server_index
866 session_rule_add_del_args_t args = {
867 .table_args.lcl = lcl_pref,
868 .table_args.rmt = rmt_pref,
869 .table_args.lcl_port = lcl_port,
870 .table_args.rmt_port = rmt_port,
871 .table_args.action_index = server_index,
872 .table_args.is_add = 1,
875 error = vnet_session_rule_add_del (&args);
876 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 1234 5.6.7.8/16 4321 action %d",
877 args.table_args.action_index);
879 tc = session_lookup_connection4 (0, &lcl_pref.fp_addr.ip4,
880 &rmt_pref.fp_addr.ip4, lcl_port, rmt_port,
881 TRANSPORT_PROTO_TCP);
882 SESSION_TEST ((tc->c_index == listener->connection_index),
883 "optimized lookup should return the listener");
884 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
885 &rmt_pref.fp_addr.ip4, lcl_port,
886 rmt_port, TRANSPORT_PROTO_TCP, 0);
887 SESSION_TEST ((tc->c_index == listener->connection_index),
888 "lookup should return the listener");
889 s = session_lookup_safe4 (0, &lcl_pref.fp_addr.ip4, &rmt_pref.fp_addr.ip4,
890 lcl_port, rmt_port, TRANSPORT_PROTO_TCP);
891 SESSION_TEST ((s->connection_index == listener->connection_index),
892 "safe lookup should return the listener");
893 session_endpoint_t sep = {
894 .ip = rmt_pref.fp_addr,
897 .transport_proto = TRANSPORT_PROTO_TCP,
899 app_index = session_lookup_local_session_endpoint (local_ns_index, &sep);
900 SESSION_TEST ((app_index != server_index), "local session endpoint lookup "
901 "should not work (global scope)");
903 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
904 &rmt_pref.fp_addr.ip4, lcl_port + 1,
905 rmt_port, TRANSPORT_PROTO_TCP, 0);
906 SESSION_TEST ((tc == 0),
907 "optimized lookup for wrong lcl port + 1 should not work");
910 * Add 1.2.3.4/16 * 5.6.7.8/16 4321
912 args.table_args.lcl_port = 0;
913 args.scope = SESSION_RULE_SCOPE_LOCAL | SESSION_RULE_SCOPE_GLOBAL;
914 error = vnet_session_rule_add_del (&args);
915 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 * 5.6.7.8/16 4321 action %d",
916 args.table_args.action_index);
917 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
918 &rmt_pref.fp_addr.ip4, lcl_port + 1,
919 rmt_port, TRANSPORT_PROTO_TCP, 0);
920 SESSION_TEST ((tc->c_index == listener->connection_index),
921 "optimized lookup for lcl port + 1 should work");
922 app_index = session_lookup_local_session_endpoint (local_ns_index, &sep);
923 SESSION_TEST ((app_index != server_index), "local session endpoint lookup "
924 "should not work (constrained lcl ip)");
927 * Add drop rule 1.2.3.4/32 1234 5.6.7.8/32 4321 action -2 (drop)
929 args.table_args.lcl_port = 1234;
930 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
931 args.table_args.lcl.fp_len = 32;
932 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
933 args.table_args.rmt.fp_len = 32;
934 args.table_args.action_index = SESSION_RULES_TABLE_ACTION_DROP;
935 error = vnet_session_rule_add_del (&args);
936 SESSION_TEST ((error == 0), "Add 1.2.3.4/32 1234 5.6.7.8/32 4321 action %d",
937 args.table_args.action_index);
941 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
942 TRANSPORT_PROTO_TCP);
943 session_lookup_dump_local_rules_table (0, FIB_PROTOCOL_IP4,
944 TRANSPORT_PROTO_TCP);
947 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
948 &rmt_pref.fp_addr.ip4, lcl_port,
949 rmt_port, TRANSPORT_PROTO_TCP, 0);
950 SESSION_TEST ((tc == 0), "lookup for 1.2.3.4/32 1234 5.6.7.8/16 4321 "
951 "should fail (drop rule)");
954 * Add local scope rule for 0/0 * 5.6.7.8/16 4321 action server_index
956 args.table_args.lcl_port = 0;
957 args.table_args.lcl.fp_len = 0;
958 args.table_args.rmt.fp_len = 16;
959 args.table_args.action_index = server_index;
960 error = vnet_session_rule_add_del (&args);
961 SESSION_TEST ((error == 0), "Add * * 5.6.7.8/16 4321 action %d",
962 args.table_args.action_index);
966 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
967 TRANSPORT_PROTO_TCP);
968 session_lookup_dump_local_rules_table (0, FIB_PROTOCOL_IP4,
969 TRANSPORT_PROTO_TCP);
972 app_index = session_lookup_local_session_endpoint (local_ns_index, &sep);
973 SESSION_TEST ((app_index == server_index), "local session endpoint lookup "
977 * Delete 0/0 * 5.6.7.8/16 4321, 1.2.3.4/16 * 5.6.7.8/16 4321 and
978 * 1.2.3.4/16 1234 5.6.7.8/16 4321
980 args.table_args.is_add = 0;
981 error = vnet_session_rule_add_del (&args);
982 SESSION_TEST ((error == 0), "Del 0/0 * 5.6.7.8/16 4321");
983 app_index = session_lookup_local_session_endpoint (local_ns_index, &sep);
984 SESSION_TEST ((app_index != server_index), "local session endpoint lookup "
985 "should not work (removed)");
987 args.table_args.is_add = 0;
988 args.table_args.lcl = lcl_pref;
989 error = vnet_session_rule_add_del (&args);
990 SESSION_TEST ((error == 0), "Del 1.2.3.4/16 * 5.6.7.8/16 4321");
991 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
992 &rmt_pref.fp_addr.ip4, lcl_port + 1,
993 rmt_port, TRANSPORT_PROTO_TCP, 0);
994 SESSION_TEST ((tc == 0), "optimized lookup for lcl port + 1 should not "
997 args.table_args.is_add = 0;
998 args.table_args.lcl_port = 1234;
999 error = vnet_session_rule_add_del (&args);
1000 SESSION_TEST ((error == 0), "Del 1.2.3.4/16 1234 5.6.7.8/16 4321");
1001 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
1002 &rmt_pref.fp_addr.ip4, lcl_port,
1003 rmt_port, TRANSPORT_PROTO_TCP, 0);
1004 SESSION_TEST ((tc == 0),
1005 "optimized lookup should not work (del + negative)");
1007 args.table_args.is_add = 0;
1008 args.table_args.lcl_port = 1234;
1009 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1010 args.table_args.lcl.fp_len = 32;
1011 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1012 args.table_args.rmt.fp_len = 32;
1013 error = vnet_session_rule_add_del (&args);
1014 SESSION_TEST ((error == 0), "Del 1.2.3.4/32 1234 5.6.7.8/32 4321 drop");
1015 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
1016 &rmt_pref.fp_addr.ip4, lcl_port,
1017 rmt_port, TRANSPORT_PROTO_TCP, 0);
1018 SESSION_TEST ((tc == 0), "optimized lookup should not work (no-rule)");
1021 * Test tags. Add/del rule with tag
1023 args.table_args.is_add = 1;
1024 args.table_args.lcl_port = 1234;
1025 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1026 args.table_args.lcl.fp_len = 16;
1027 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1028 args.table_args.rmt.fp_len = 16;
1029 args.table_args.tag = format (0, "test_rule");
1030 error = vnet_session_rule_add_del (&args);
1031 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 1234 5.6.7.8/16 4321 drop "
1035 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
1036 TRANSPORT_PROTO_TCP);
1037 session_lookup_dump_local_rules_table (0, FIB_PROTOCOL_IP4,
1038 TRANSPORT_PROTO_TCP);
1040 args.table_args.is_add = 0;
1041 args.table_args.lcl_port += 1;
1042 SESSION_TEST ((error == 0), "Del 1.2.3.4/32 1234 5.6.7.8/32 4321 drop "
1045 vnet_app_detach_args_t detach_args = {
1046 .app_index = server_index,
1048 vnet_application_detach (&detach_args);
1053 session_test_proxy (vlib_main_t * vm, unformat_input_t * input)
1055 u64 options[SESSION_OPTIONS_N_OPTIONS];
1056 u32 server_index, app_index;
1057 u32 dummy_server_api_index = ~0, sw_if_index = 0;
1058 clib_error_t *error = 0;
1059 u8 segment_name[128], intf_mac[6], sst;
1060 stream_session_t *s;
1061 transport_connection_t *tc;
1062 u16 lcl_port = 1234, rmt_port = 4321;
1063 app_namespace_t *app_ns;
1066 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1068 if (unformat (input, "verbose"))
1072 vlib_cli_output (vm, "parse error: '%U'", format_unformat_error,
1078 ip4_address_t lcl_ip = {
1079 .as_u32 = clib_host_to_net_u32 (0x01020304),
1081 ip4_address_t rmt_ip = {
1082 .as_u32 = clib_host_to_net_u32 (0x05060708),
1084 fib_prefix_t rmt_pref = {
1085 .fp_addr.ip4.as_u32 = rmt_ip.as_u32,
1087 .fp_proto = FIB_PROTOCOL_IP4,
1089 session_endpoint_t sep = {
1090 .ip = rmt_pref.fp_addr,
1093 .transport_proto = TRANSPORT_PROTO_TCP,
1097 * Create loopback interface
1099 memset (intf_mac, 0, sizeof (intf_mac));
1100 if (vnet_create_loopback_interface (&sw_if_index, intf_mac, 0, 0))
1102 clib_warning ("couldn't create loopback. stopping the test!");
1105 vnet_sw_interface_set_flags (vnet_get_main (), sw_if_index,
1106 VNET_SW_INTERFACE_FLAG_ADMIN_UP);
1107 ip4_add_del_interface_address (vlib_get_main (), sw_if_index, &lcl_ip,
1110 app_ns = app_namespace_get_default ();
1111 app_ns->sw_if_index = sw_if_index;
1113 memset (options, 0, sizeof (options));
1114 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_ACCEPT_REDIRECT;
1115 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_IS_PROXY;
1116 options[APP_OPTIONS_PROXY_TRANSPORT] = 1 << TRANSPORT_PROTO_TCP;
1117 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
1118 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
1119 vnet_app_attach_args_t attach_args = {
1120 .api_client_index = ~0,
1123 .session_cb_vft = &dummy_session_cbs,
1124 .segment_name = segment_name,
1127 attach_args.api_client_index = dummy_server_api_index;
1128 error = vnet_application_attach (&attach_args);
1129 SESSION_TEST ((error == 0), "server attachment should work");
1130 server_index = attach_args.app_index;
1133 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
1134 TRANSPORT_PROTO_TCP);
1136 tc = session_lookup_connection_wt4 (0, &lcl_ip, &rmt_ip, lcl_port, rmt_port,
1137 TRANSPORT_PROTO_TCP, 0);
1138 SESSION_TEST ((tc != 0), "lookup 1.2.3.4 1234 5.6.7.8 4321 should be "
1140 sst = session_type_from_proto_and_ip (TRANSPORT_PROTO_TCP, 1);
1141 s = listen_session_get (sst, tc->s_index);
1142 SESSION_TEST ((s->app_index == server_index), "lookup should return the"
1145 tc = session_lookup_connection_wt4 (0, &rmt_ip, &rmt_ip, lcl_port, rmt_port,
1146 TRANSPORT_PROTO_TCP, 0);
1147 SESSION_TEST ((tc == 0), "lookup 5.6.7.8 1234 5.6.7.8 4321 should"
1151 session_lookup_dump_local_rules_table (app_ns->local_table_index,
1153 TRANSPORT_PROTO_TCP);
1155 session_lookup_local_session_endpoint (app_ns->local_table_index, &sep);
1156 SESSION_TEST ((app_index == server_index), "local session endpoint lookup"
1159 vnet_app_detach_args_t detach_args = {
1160 .app_index = server_index,
1162 vnet_application_detach (&detach_args);
1165 session_lookup_dump_local_rules_table (app_ns->local_table_index,
1167 TRANSPORT_PROTO_TCP);
1170 session_lookup_local_session_endpoint (app_ns->local_table_index, &sep);
1171 SESSION_TEST ((app_index == SESSION_RULES_TABLE_INVALID_INDEX),
1172 "local session endpoint lookup should not work after detach");
1177 static clib_error_t *
1178 session_test (vlib_main_t * vm,
1179 unformat_input_t * input, vlib_cli_command_t * cmd_arg)
1183 vnet_session_enable_disable (vm, 1);
1185 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1187 if (unformat (input, "basic"))
1188 res = session_test_basic (vm, input);
1189 else if (unformat (input, "namespace"))
1190 res = session_test_namespace (vm, input);
1191 else if (unformat (input, "rules-table"))
1192 res = session_test_rule_table (vm, input);
1193 else if (unformat (input, "rules"))
1194 res = session_test_rules (vm, input);
1195 else if (unformat (input, "proxy"))
1196 res = session_test_proxy (vm, input);
1197 else if (unformat (input, "all"))
1199 if ((res = session_test_basic (vm, input)))
1201 if ((res = session_test_namespace (vm, input)))
1203 if ((res = session_test_rule_table (vm, input)))
1205 if ((res = session_test_rules (vm, input)))
1207 if ((res = session_test_proxy (vm, input)))
1216 return clib_error_return (0, "Session unit test failed");
1221 VLIB_CLI_COMMAND (tcp_test_command, static) =
1223 .path = "test session",
1224 .short_help = "internal session unit tests",
1225 .function = session_test,
1230 * fd.io coding-style-patch-verification: ON
1233 * eval: (c-set-style "gnu")