7 from framework import VppTestCase, VppTestRunner, running_extended_tests
8 from vpp_neighbor import VppNeighbor
9 from vpp_ip_route import find_route, VppIpTable
10 from util import mk_ll_addr
12 from scapy.layers.l2 import Ether, getmacbyip, ARP
13 from scapy.layers.inet import IP, UDP, ICMP
14 from scapy.layers.inet6 import IPv6, in6_getnsmac, in6_mactoifaceid
15 from scapy.layers.dhcp import DHCP, BOOTP, DHCPTypes
16 from scapy.layers.dhcp6 import DHCP6, DHCP6_Solicit, DHCP6_RelayForward, \
17 DHCP6_RelayReply, DHCP6_Advertise, DHCP6OptRelayMsg, DHCP6OptIfaceId, \
18 DHCP6OptStatusCode, DHCP6OptVSS, DHCP6OptClientLinkLayerAddr, DHCP6_Request
19 from socket import AF_INET, AF_INET6
20 from scapy.utils import inet_pton, inet_ntop
21 from scapy.utils6 import in6_ptop
22 from util import mactobinary
24 DHCP4_CLIENT_PORT = 68
25 DHCP4_SERVER_PORT = 67
26 DHCP6_CLIENT_PORT = 547
27 DHCP6_SERVER_PORT = 546
30 class TestDHCP(VppTestCase):
31 """ DHCP Test Case """
34 super(TestDHCP, self).setUp()
36 # create 6 pg interfaces for pg0 to pg5
37 self.create_pg_interfaces(range(6))
40 # pg0 to 2 are IP configured in VRF 0, 1 and 2.
41 # pg3 to 5 are non IP-configured in VRF 0, 1 and 2.
43 for table_id in range(1, 4):
44 tbl4 = VppIpTable(self, table_id)
46 self.tables.append(tbl4)
47 tbl6 = VppIpTable(self, table_id, is_ip6=1)
49 self.tables.append(tbl6)
52 for i in self.pg_interfaces[:3]:
54 i.set_table_ip4(table_id)
55 i.set_table_ip6(table_id)
63 for i in self.pg_interfaces[3:]:
65 i.set_table_ip4(table_id)
66 i.set_table_ip6(table_id)
70 for i in self.pg_interfaces[:3]:
74 for i in self.pg_interfaces:
78 super(TestDHCP, self).tearDown()
80 def verify_dhcp_has_option(self, pkt, option, value):
84 for i in dhcp.options:
87 self.assertEqual(i[1], value)
90 self.assertTrue(found)
92 def validate_relay_options(self, pkt, intf, ip_addr, vpn_id, fib_id, oui):
98 for i in dhcp.options:
100 if i[0] == "relay_agent_Information":
102 # There are two sb-options present - each of length 6.
106 self.assertEqual(len(data), 24)
107 elif len(vpn_id) > 0:
108 self.assertEqual(len(data), len(vpn_id)+17)
110 self.assertEqual(len(data), 12)
113 # First sub-option is ID 1, len 4, then encoded
114 # sw_if_index. This test uses low valued indicies
116 # The ID space is VPP internal - so no matching value
119 self.assertEqual(ord(data[0]), 1)
120 self.assertEqual(ord(data[1]), 4)
121 self.assertEqual(ord(data[2]), 0)
122 self.assertEqual(ord(data[3]), 0)
123 self.assertEqual(ord(data[4]), 0)
124 self.assertEqual(ord(data[5]), intf._sw_if_index)
127 # next sub-option is the IP address of the client side
129 # sub-option ID=5, length (of a v4 address)=4
131 claddr = socket.inet_pton(AF_INET, ip_addr)
133 self.assertEqual(ord(data[6]), 5)
134 self.assertEqual(ord(data[7]), 4)
135 self.assertEqual(data[8], claddr[0])
136 self.assertEqual(data[9], claddr[1])
137 self.assertEqual(data[10], claddr[2])
138 self.assertEqual(data[11], claddr[3])
141 # sub-option 151 encodes vss_type 1,
142 # the 3 byte oui and the 4 byte fib_id
143 self.assertEqual(id_len, 0)
144 self.assertEqual(ord(data[12]), 151)
145 self.assertEqual(ord(data[13]), 8)
146 self.assertEqual(ord(data[14]), 1)
147 self.assertEqual(ord(data[15]), 0)
148 self.assertEqual(ord(data[16]), 0)
149 self.assertEqual(ord(data[17]), oui)
150 self.assertEqual(ord(data[18]), 0)
151 self.assertEqual(ord(data[19]), 0)
152 self.assertEqual(ord(data[20]), 0)
153 self.assertEqual(ord(data[21]), fib_id)
155 # VSS control sub-option
156 self.assertEqual(ord(data[22]), 152)
157 self.assertEqual(ord(data[23]), 0)
160 # sub-option 151 encode vss_type of 0
161 # followerd by vpn_id in ascii
162 self.assertEqual(oui, 0)
163 self.assertEqual(ord(data[12]), 151)
164 self.assertEqual(ord(data[13]), id_len+1)
165 self.assertEqual(ord(data[14]), 0)
166 self.assertEqual(data[15:15+id_len], vpn_id)
168 # VSS control sub-option
169 self.assertEqual(ord(data[15+len(vpn_id)]), 152)
170 self.assertEqual(ord(data[16+len(vpn_id)]), 0)
173 self.assertTrue(found)
177 def verify_dhcp_msg_type(self, pkt, name):
180 for o in dhcp.options:
182 if o[0] == "message-type" \
183 and DHCPTypes[o[1]] == name:
185 self.assertTrue(found)
187 def verify_dhcp_offer(self, pkt, intf, vpn_id="", fib_id=0, oui=0):
189 self.assertEqual(ether.dst, "ff:ff:ff:ff:ff:ff")
190 self.assertEqual(ether.src, intf.local_mac)
193 self.assertEqual(ip.dst, "255.255.255.255")
194 self.assertEqual(ip.src, intf.local_ip4)
197 self.assertEqual(udp.dport, DHCP4_CLIENT_PORT)
198 self.assertEqual(udp.sport, DHCP4_SERVER_PORT)
200 self.verify_dhcp_msg_type(pkt, "offer")
201 data = self.validate_relay_options(pkt, intf, intf.local_ip4,
204 def verify_orig_dhcp_pkt(self, pkt, intf):
206 self.assertEqual(ether.dst, "ff:ff:ff:ff:ff:ff")
207 self.assertEqual(ether.src, intf.local_mac)
210 self.assertEqual(ip.dst, "255.255.255.255")
211 self.assertEqual(ip.src, "0.0.0.0")
214 self.assertEqual(udp.dport, DHCP4_SERVER_PORT)
215 self.assertEqual(udp.sport, DHCP4_CLIENT_PORT)
217 def verify_orig_dhcp_discover(self, pkt, intf, hostname, client_id=None):
218 self.verify_orig_dhcp_pkt(pkt, intf)
220 self.verify_dhcp_msg_type(pkt, "discover")
221 self.verify_dhcp_has_option(pkt, "hostname", hostname)
223 self.verify_dhcp_has_option(pkt, "client_id", client_id)
225 self.assertEqual(bootp.ciaddr, "0.0.0.0")
226 self.assertEqual(bootp.giaddr, "0.0.0.0")
227 self.assertEqual(bootp.flags, 0x8000)
229 def verify_orig_dhcp_request(self, pkt, intf, hostname, ip):
230 self.verify_orig_dhcp_pkt(pkt, intf)
232 self.verify_dhcp_msg_type(pkt, "request")
233 self.verify_dhcp_has_option(pkt, "hostname", hostname)
234 self.verify_dhcp_has_option(pkt, "requested_addr", ip)
236 self.assertEqual(bootp.ciaddr, "0.0.0.0")
237 self.assertEqual(bootp.giaddr, "0.0.0.0")
238 self.assertEqual(bootp.flags, 0x8000)
240 def verify_relayed_dhcp_discover(self, pkt, intf, src_intf=None,
243 dst_mac=None, dst_ip=None):
245 dst_mac = intf.remote_mac
247 dst_ip = intf.remote_ip4
250 self.assertEqual(ether.dst, dst_mac)
251 self.assertEqual(ether.src, intf.local_mac)
254 self.assertEqual(ip.dst, dst_ip)
255 self.assertEqual(ip.src, intf.local_ip4)
258 self.assertEqual(udp.dport, DHCP4_SERVER_PORT)
259 self.assertEqual(udp.sport, DHCP4_CLIENT_PORT)
264 for o in dhcp.options:
266 if o[0] == "message-type" \
267 and DHCPTypes[o[1]] == "discover":
269 self.assertTrue(is_discover)
271 data = self.validate_relay_options(pkt, src_intf,
277 def verify_dhcp6_solicit(self, pkt, intf,
285 dst_mac = intf.remote_mac
287 dst_ip = in6_ptop(intf.remote_ip6)
290 self.assertEqual(ether.dst, dst_mac)
291 self.assertEqual(ether.src, intf.local_mac)
294 self.assertEqual(in6_ptop(ip.dst), dst_ip)
295 self.assertEqual(in6_ptop(ip.src), in6_ptop(intf.local_ip6))
298 self.assertEqual(udp.dport, DHCP6_CLIENT_PORT)
299 self.assertEqual(udp.sport, DHCP6_SERVER_PORT)
301 relay = pkt[DHCP6_RelayForward]
302 self.assertEqual(in6_ptop(relay.peeraddr), in6_ptop(peer_ip))
303 oid = pkt[DHCP6OptIfaceId]
304 cll = pkt[DHCP6OptClientLinkLayerAddr]
305 self.assertEqual(cll.optlen, 8)
306 self.assertEqual(cll.lltype, 1)
307 self.assertEqual(cll.clladdr, peer_mac)
312 self.assertEqual(id_len, 0)
313 vss = pkt[DHCP6OptVSS]
314 self.assertEqual(vss.optlen, 8)
315 self.assertEqual(vss.type, 1)
316 # the OUI and FIB-id are really 3 and 4 bytes resp.
317 # but the tested range is small
318 self.assertEqual(ord(vss.data[0]), 0)
319 self.assertEqual(ord(vss.data[1]), 0)
320 self.assertEqual(ord(vss.data[2]), oui)
321 self.assertEqual(ord(vss.data[3]), 0)
322 self.assertEqual(ord(vss.data[4]), 0)
323 self.assertEqual(ord(vss.data[5]), 0)
324 self.assertEqual(ord(vss.data[6]), fib_id)
327 self.assertEqual(oui, 0)
328 vss = pkt[DHCP6OptVSS]
329 self.assertEqual(vss.optlen, id_len+1)
330 self.assertEqual(vss.type, 0)
331 self.assertEqual(vss.data[0:id_len], vpn_id)
333 # the relay message should be an encoded Solicit
334 msg = pkt[DHCP6OptRelayMsg]
335 sol = DHCP6_Solicit()
336 self.assertEqual(msg.optlen, len(str(sol)))
337 self.assertEqual(str(sol), (str(msg[1]))[:msg.optlen])
339 def verify_dhcp6_advert(self, pkt, intf, peer):
341 self.assertEqual(ether.dst, "ff:ff:ff:ff:ff:ff")
342 self.assertEqual(ether.src, intf.local_mac)
345 self.assertEqual(in6_ptop(ip.dst), in6_ptop(peer))
346 self.assertEqual(in6_ptop(ip.src), in6_ptop(intf.local_ip6))
349 self.assertEqual(udp.dport, DHCP6_SERVER_PORT)
350 self.assertEqual(udp.sport, DHCP6_CLIENT_PORT)
352 # not sure why this is not decoding
353 # adv = pkt[DHCP6_Advertise]
355 def test_dhcp_proxy(self):
359 # Verify no response to DHCP request without DHCP config
361 p_disc_vrf0 = (Ether(dst="ff:ff:ff:ff:ff:ff",
362 src=self.pg3.remote_mac) /
363 IP(src="0.0.0.0", dst="255.255.255.255") /
364 UDP(sport=DHCP4_CLIENT_PORT,
365 dport=DHCP4_SERVER_PORT) /
367 DHCP(options=[('message-type', 'discover'), ('end')]))
368 pkts_disc_vrf0 = [p_disc_vrf0]
369 p_disc_vrf1 = (Ether(dst="ff:ff:ff:ff:ff:ff",
370 src=self.pg4.remote_mac) /
371 IP(src="0.0.0.0", dst="255.255.255.255") /
372 UDP(sport=DHCP4_CLIENT_PORT,
373 dport=DHCP4_SERVER_PORT) /
375 DHCP(options=[('message-type', 'discover'), ('end')]))
376 pkts_disc_vrf1 = [p_disc_vrf1]
377 p_disc_vrf2 = (Ether(dst="ff:ff:ff:ff:ff:ff",
378 src=self.pg5.remote_mac) /
379 IP(src="0.0.0.0", dst="255.255.255.255") /
380 UDP(sport=DHCP4_CLIENT_PORT,
381 dport=DHCP4_SERVER_PORT) /
383 DHCP(options=[('message-type', 'discover'), ('end')]))
384 pkts_disc_vrf2 = [p_disc_vrf2]
386 self.send_and_assert_no_replies(self.pg3, pkts_disc_vrf0,
387 "DHCP with no configuration")
388 self.send_and_assert_no_replies(self.pg4, pkts_disc_vrf1,
389 "DHCP with no configuration")
390 self.send_and_assert_no_replies(self.pg5, pkts_disc_vrf2,
391 "DHCP with no configuration")
394 # Enable DHCP proxy in VRF 0
396 server_addr = self.pg0.remote_ip4n
397 src_addr = self.pg0.local_ip4n
399 self.vapi.dhcp_proxy_config(server_addr,
404 # Discover packets from the client are dropped because there is no
405 # IP address configured on the client facing interface
407 self.send_and_assert_no_replies(self.pg3, pkts_disc_vrf0,
408 "Discover DHCP no relay address")
411 # Inject a response from the server
412 # dropped, because there is no IP addrees on the
413 # client interfce to fill in the option.
415 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
416 IP(src=self.pg0.remote_ip4, dst=self.pg0.local_ip4) /
417 UDP(sport=DHCP4_SERVER_PORT, dport=DHCP4_SERVER_PORT) /
419 DHCP(options=[('message-type', 'offer'), ('end')]))
422 self.send_and_assert_no_replies(self.pg3, pkts,
423 "Offer DHCP no relay address")
426 # configure an IP address on the client facing interface
428 self.pg3.config_ip4()
431 # Try again with a discover packet
432 # Rx'd packet should be to the server address and from the configured
434 # UDP source ports are unchanged
435 # we've no option 82 config so that should be absent
437 self.pg3.add_stream(pkts_disc_vrf0)
438 self.pg_enable_capture(self.pg_interfaces)
441 rx = self.pg0.get_capture(1)
444 option_82 = self.verify_relayed_dhcp_discover(rx, self.pg0,
448 # Create an DHCP offer reply from the server with a correctly formatted
449 # option 82. i.e. send back what we just captured
450 # The offer, sent mcast to the client, still has option 82.
452 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
453 IP(src=self.pg0.remote_ip4, dst=self.pg0.local_ip4) /
454 UDP(sport=DHCP4_SERVER_PORT, dport=DHCP4_SERVER_PORT) /
456 DHCP(options=[('message-type', 'offer'),
457 ('relay_agent_Information', option_82),
461 self.pg0.add_stream(pkts)
462 self.pg_enable_capture(self.pg_interfaces)
465 rx = self.pg3.get_capture(1)
468 self.verify_dhcp_offer(rx, self.pg3)
473 # 1. not our IP address = not checked by VPP? so offer is replayed
475 bad_ip = option_82[0:8] + chr(33) + option_82[9:]
477 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
478 IP(src=self.pg0.remote_ip4, dst=self.pg0.local_ip4) /
479 UDP(sport=DHCP4_SERVER_PORT, dport=DHCP4_SERVER_PORT) /
481 DHCP(options=[('message-type', 'offer'),
482 ('relay_agent_Information', bad_ip),
485 self.send_and_assert_no_replies(self.pg0, pkts,
486 "DHCP offer option 82 bad address")
488 # 2. Not a sw_if_index VPP knows
489 bad_if_index = option_82[0:2] + chr(33) + option_82[3:]
491 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
492 IP(src=self.pg0.remote_ip4, dst=self.pg0.local_ip4) /
493 UDP(sport=DHCP4_SERVER_PORT, dport=DHCP4_SERVER_PORT) /
495 DHCP(options=[('message-type', 'offer'),
496 ('relay_agent_Information', bad_if_index),
499 self.send_and_assert_no_replies(self.pg0, pkts,
500 "DHCP offer option 82 bad if index")
503 # Send a DHCP request in VRF 1. should be dropped.
505 self.send_and_assert_no_replies(self.pg4, pkts_disc_vrf1,
506 "DHCP with no configuration VRF 1")
509 # Delete the DHCP config in VRF 0
510 # Should now drop requests.
512 self.vapi.dhcp_proxy_config(server_addr,
517 self.send_and_assert_no_replies(self.pg3, pkts_disc_vrf0,
518 "DHCP config removed VRF 0")
519 self.send_and_assert_no_replies(self.pg4, pkts_disc_vrf1,
520 "DHCP config removed VRF 1")
523 # Add DHCP config for VRF 1 & 2
525 server_addr1 = self.pg1.remote_ip4n
526 src_addr1 = self.pg1.local_ip4n
527 self.vapi.dhcp_proxy_config(server_addr1,
531 server_addr2 = self.pg2.remote_ip4n
532 src_addr2 = self.pg2.local_ip4n
533 self.vapi.dhcp_proxy_config(server_addr2,
539 # Confim DHCP requests ok in VRF 1 & 2.
540 # - dropped on IP config on client interface
542 self.send_and_assert_no_replies(self.pg4, pkts_disc_vrf1,
543 "DHCP config removed VRF 1")
544 self.send_and_assert_no_replies(self.pg5, pkts_disc_vrf2,
545 "DHCP config removed VRF 2")
548 # configure an IP address on the client facing interface
550 self.pg4.config_ip4()
551 self.pg4.add_stream(pkts_disc_vrf1)
552 self.pg_enable_capture(self.pg_interfaces)
554 rx = self.pg1.get_capture(1)
556 self.verify_relayed_dhcp_discover(rx, self.pg1, src_intf=self.pg4)
558 self.pg5.config_ip4()
559 self.pg5.add_stream(pkts_disc_vrf2)
560 self.pg_enable_capture(self.pg_interfaces)
562 rx = self.pg2.get_capture(1)
564 self.verify_relayed_dhcp_discover(rx, self.pg2, src_intf=self.pg5)
568 # table=1, vss_type=1, vpn_index=1, oui=4
569 # table=2, vss_type=0, vpn_id = "ip4-table-2"
570 self.vapi.dhcp_proxy_set_vss(1, 1, vpn_index=1, oui=4, is_add=1)
571 self.vapi.dhcp_proxy_set_vss(2, 0, "ip4-table-2", is_add=1)
573 self.pg4.add_stream(pkts_disc_vrf1)
574 self.pg_enable_capture(self.pg_interfaces)
577 rx = self.pg1.get_capture(1)
579 self.verify_relayed_dhcp_discover(rx, self.pg1,
583 self.pg5.add_stream(pkts_disc_vrf2)
584 self.pg_enable_capture(self.pg_interfaces)
587 rx = self.pg2.get_capture(1)
589 self.verify_relayed_dhcp_discover(rx, self.pg2,
591 vpn_id="ip4-table-2")
594 # Add a second DHCP server in VRF 1
595 # expect clients messages to be relay to both configured servers
597 self.pg1.generate_remote_hosts(2)
598 server_addr12 = socket.inet_pton(AF_INET, self.pg1.remote_hosts[1].ip4)
600 self.vapi.dhcp_proxy_config(server_addr12,
607 # We'll need an ARP entry for the server to send it packets
609 arp_entry = VppNeighbor(self,
610 self.pg1.sw_if_index,
611 self.pg1.remote_hosts[1].mac,
612 self.pg1.remote_hosts[1].ip4)
613 arp_entry.add_vpp_config()
616 # Send a discover from the client. expect two relayed messages
617 # The frist packet is sent to the second server
618 # We're not enforcing that here, it's just the way it is.
620 self.pg4.add_stream(pkts_disc_vrf1)
621 self.pg_enable_capture(self.pg_interfaces)
624 rx = self.pg1.get_capture(2)
626 option_82 = self.verify_relayed_dhcp_discover(
629 dst_mac=self.pg1.remote_hosts[1].mac,
630 dst_ip=self.pg1.remote_hosts[1].ip4,
632 self.verify_relayed_dhcp_discover(rx[1], self.pg1,
637 # Send both packets back. Client gets both.
639 p1 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
640 IP(src=self.pg1.remote_ip4, dst=self.pg1.local_ip4) /
641 UDP(sport=DHCP4_SERVER_PORT, dport=DHCP4_SERVER_PORT) /
643 DHCP(options=[('message-type', 'offer'),
644 ('relay_agent_Information', option_82),
646 p2 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
647 IP(src=self.pg1.remote_hosts[1].ip4, dst=self.pg1.local_ip4) /
648 UDP(sport=DHCP4_SERVER_PORT, dport=DHCP4_SERVER_PORT) /
650 DHCP(options=[('message-type', 'offer'),
651 ('relay_agent_Information', option_82),
655 self.pg1.add_stream(pkts)
656 self.pg_enable_capture(self.pg_interfaces)
659 rx = self.pg4.get_capture(2)
661 self.verify_dhcp_offer(rx[0], self.pg4, fib_id=1, oui=4)
662 self.verify_dhcp_offer(rx[1], self.pg4, fib_id=1, oui=4)
665 # Ensure offers from non-servers are dropeed
667 p2 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
668 IP(src="8.8.8.8", dst=self.pg1.local_ip4) /
669 UDP(sport=DHCP4_SERVER_PORT, dport=DHCP4_SERVER_PORT) /
671 DHCP(options=[('message-type', 'offer'),
672 ('relay_agent_Information', option_82),
674 self.send_and_assert_no_replies(self.pg1, p2,
675 "DHCP offer from non-server")
678 # Ensure only the discover is sent to multiple servers
680 p_req_vrf1 = (Ether(dst="ff:ff:ff:ff:ff:ff",
681 src=self.pg4.remote_mac) /
682 IP(src="0.0.0.0", dst="255.255.255.255") /
683 UDP(sport=DHCP4_CLIENT_PORT,
684 dport=DHCP4_SERVER_PORT) /
686 DHCP(options=[('message-type', 'request'),
689 self.pg4.add_stream(p_req_vrf1)
690 self.pg_enable_capture(self.pg_interfaces)
693 rx = self.pg1.get_capture(1)
696 # Remove the second DHCP server
698 self.vapi.dhcp_proxy_config(server_addr12,
705 # Test we can still relay with the first
707 self.pg4.add_stream(pkts_disc_vrf1)
708 self.pg_enable_capture(self.pg_interfaces)
711 rx = self.pg1.get_capture(1)
713 self.verify_relayed_dhcp_discover(rx, self.pg1,
718 # Remove the VSS config
719 # relayed DHCP has default vlaues in the option.
721 self.vapi.dhcp_proxy_set_vss(1, is_add=0)
722 self.vapi.dhcp_proxy_set_vss(2, is_add=0)
724 self.pg4.add_stream(pkts_disc_vrf1)
725 self.pg_enable_capture(self.pg_interfaces)
728 rx = self.pg1.get_capture(1)
730 self.verify_relayed_dhcp_discover(rx, self.pg1, src_intf=self.pg4)
733 # remove DHCP config to cleanup
735 self.vapi.dhcp_proxy_config(server_addr1,
740 self.vapi.dhcp_proxy_config(server_addr2,
746 self.send_and_assert_no_replies(self.pg3, pkts_disc_vrf0,
747 "DHCP cleanup VRF 0")
748 self.send_and_assert_no_replies(self.pg4, pkts_disc_vrf1,
749 "DHCP cleanup VRF 1")
750 self.send_and_assert_no_replies(self.pg5, pkts_disc_vrf2,
751 "DHCP cleanup VRF 2")
753 self.pg3.unconfig_ip4()
754 self.pg4.unconfig_ip4()
755 self.pg5.unconfig_ip4()
757 def test_dhcp6_proxy(self):
760 # Verify no response to DHCP request without DHCP config
762 dhcp_solicit_dst = "ff02::1:2"
763 dhcp_solicit_src_vrf0 = mk_ll_addr(self.pg3.remote_mac)
764 dhcp_solicit_src_vrf1 = mk_ll_addr(self.pg4.remote_mac)
765 dhcp_solicit_src_vrf2 = mk_ll_addr(self.pg5.remote_mac)
766 server_addr_vrf0 = self.pg0.remote_ip6n
767 src_addr_vrf0 = self.pg0.local_ip6n
768 server_addr_vrf1 = self.pg1.remote_ip6n
769 src_addr_vrf1 = self.pg1.local_ip6n
770 server_addr_vrf2 = self.pg2.remote_ip6n
771 src_addr_vrf2 = self.pg2.local_ip6n
773 dmac = in6_getnsmac(inet_pton(socket.AF_INET6, dhcp_solicit_dst))
774 p_solicit_vrf0 = (Ether(dst=dmac, src=self.pg3.remote_mac) /
775 IPv6(src=dhcp_solicit_src_vrf0,
776 dst=dhcp_solicit_dst) /
777 UDP(sport=DHCP6_SERVER_PORT,
778 dport=DHCP6_CLIENT_PORT) /
780 p_solicit_vrf1 = (Ether(dst=dmac, src=self.pg4.remote_mac) /
781 IPv6(src=dhcp_solicit_src_vrf1,
782 dst=dhcp_solicit_dst) /
783 UDP(sport=DHCP6_SERVER_PORT,
784 dport=DHCP6_CLIENT_PORT) /
786 p_solicit_vrf2 = (Ether(dst=dmac, src=self.pg5.remote_mac) /
787 IPv6(src=dhcp_solicit_src_vrf2,
788 dst=dhcp_solicit_dst) /
789 UDP(sport=DHCP6_SERVER_PORT,
790 dport=DHCP6_CLIENT_PORT) /
793 self.send_and_assert_no_replies(self.pg3, p_solicit_vrf0,
794 "DHCP with no configuration")
795 self.send_and_assert_no_replies(self.pg4, p_solicit_vrf1,
796 "DHCP with no configuration")
797 self.send_and_assert_no_replies(self.pg5, p_solicit_vrf2,
798 "DHCP with no configuration")
801 # DHCPv6 config in VRF 0.
802 # Packets still dropped because the client facing interface has no
805 self.vapi.dhcp_proxy_config(server_addr_vrf0,
811 self.send_and_assert_no_replies(self.pg3, p_solicit_vrf0,
812 "DHCP with no configuration")
813 self.send_and_assert_no_replies(self.pg4, p_solicit_vrf1,
814 "DHCP with no configuration")
817 # configure an IP address on the client facing interface
819 self.pg3.config_ip6()
822 # Now the DHCP requests are relayed to the server
824 self.pg3.add_stream(p_solicit_vrf0)
825 self.pg_enable_capture(self.pg_interfaces)
828 rx = self.pg0.get_capture(1)
830 self.verify_dhcp6_solicit(rx[0], self.pg0,
831 dhcp_solicit_src_vrf0,
835 # Exception cases for rejected relay responses
838 # 1 - not a relay reply
839 p_adv_vrf0 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
840 IPv6(dst=self.pg0.local_ip6, src=self.pg0.remote_ip6) /
841 UDP(sport=DHCP6_SERVER_PORT, dport=DHCP6_SERVER_PORT) /
843 self.send_and_assert_no_replies(self.pg3, p_adv_vrf0,
844 "DHCP6 not a relay reply")
846 # 2 - no relay message option
847 p_adv_vrf0 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
848 IPv6(dst=self.pg0.local_ip6, src=self.pg0.remote_ip6) /
849 UDP(sport=DHCP6_SERVER_PORT, dport=DHCP6_SERVER_PORT) /
852 self.send_and_assert_no_replies(self.pg3, p_adv_vrf0,
853 "DHCP not a relay message")
856 p_adv_vrf0 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
857 IPv6(dst=self.pg0.local_ip6, src=self.pg0.remote_ip6) /
858 UDP(sport=DHCP6_SERVER_PORT, dport=DHCP6_SERVER_PORT) /
860 DHCP6OptRelayMsg(optlen=0) /
862 self.send_and_assert_no_replies(self.pg3, p_adv_vrf0,
863 "DHCP6 no circuit ID")
864 # 4 - wrong circuit ID
865 p_adv_vrf0 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
866 IPv6(dst=self.pg0.local_ip6, src=self.pg0.remote_ip6) /
867 UDP(sport=DHCP6_SERVER_PORT, dport=DHCP6_SERVER_PORT) /
869 DHCP6OptIfaceId(optlen=4, ifaceid='\x00\x00\x00\x05') /
870 DHCP6OptRelayMsg(optlen=0) /
872 self.send_and_assert_no_replies(self.pg3, p_adv_vrf0,
873 "DHCP6 wrong circuit ID")
876 # Send the relay response (the advertisement)
878 p_adv_vrf0 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
879 IPv6(dst=self.pg0.local_ip6, src=self.pg0.remote_ip6) /
880 UDP(sport=DHCP6_SERVER_PORT, dport=DHCP6_SERVER_PORT) /
882 DHCP6OptIfaceId(optlen=4, ifaceid='\x00\x00\x00\x04') /
883 DHCP6OptRelayMsg(optlen=0) /
884 DHCP6_Advertise(trid=1) /
885 DHCP6OptStatusCode(statuscode=0))
886 pkts_adv_vrf0 = [p_adv_vrf0]
888 self.pg0.add_stream(pkts_adv_vrf0)
889 self.pg_enable_capture(self.pg_interfaces)
892 rx = self.pg3.get_capture(1)
894 self.verify_dhcp6_advert(rx[0], self.pg3, "::")
897 # Send the relay response (the advertisement)
898 # - with peer address
899 p_adv_vrf0 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
900 IPv6(dst=self.pg0.local_ip6, src=self.pg0.remote_ip6) /
901 UDP(sport=DHCP6_SERVER_PORT, dport=DHCP6_SERVER_PORT) /
902 DHCP6_RelayReply(peeraddr=dhcp_solicit_src_vrf0) /
903 DHCP6OptIfaceId(optlen=4, ifaceid='\x00\x00\x00\x04') /
904 DHCP6OptRelayMsg(optlen=0) /
905 DHCP6_Advertise(trid=1) /
906 DHCP6OptStatusCode(statuscode=0))
907 pkts_adv_vrf0 = [p_adv_vrf0]
909 self.pg0.add_stream(pkts_adv_vrf0)
910 self.pg_enable_capture(self.pg_interfaces)
913 rx = self.pg3.get_capture(1)
915 self.verify_dhcp6_advert(rx[0], self.pg3, dhcp_solicit_src_vrf0)
918 # Add all the config for VRF 1 & 2
920 self.vapi.dhcp_proxy_config(server_addr_vrf1,
925 self.pg4.config_ip6()
927 self.vapi.dhcp_proxy_config(server_addr_vrf2,
932 self.pg5.config_ip6()
937 self.pg4.add_stream(p_solicit_vrf1)
938 self.pg_enable_capture(self.pg_interfaces)
941 rx = self.pg1.get_capture(1)
943 self.verify_dhcp6_solicit(rx[0], self.pg1,
944 dhcp_solicit_src_vrf1,
950 self.pg5.add_stream(p_solicit_vrf2)
951 self.pg_enable_capture(self.pg_interfaces)
954 rx = self.pg2.get_capture(1)
956 self.verify_dhcp6_solicit(rx[0], self.pg2,
957 dhcp_solicit_src_vrf2,
963 p_adv_vrf1 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
964 IPv6(dst=self.pg1.local_ip6, src=self.pg1.remote_ip6) /
965 UDP(sport=DHCP6_SERVER_PORT, dport=DHCP6_SERVER_PORT) /
966 DHCP6_RelayReply(peeraddr=dhcp_solicit_src_vrf1) /
967 DHCP6OptIfaceId(optlen=4, ifaceid='\x00\x00\x00\x05') /
968 DHCP6OptRelayMsg(optlen=0) /
969 DHCP6_Advertise(trid=1) /
970 DHCP6OptStatusCode(statuscode=0))
971 pkts_adv_vrf1 = [p_adv_vrf1]
973 self.pg1.add_stream(pkts_adv_vrf1)
974 self.pg_enable_capture(self.pg_interfaces)
977 rx = self.pg4.get_capture(1)
979 self.verify_dhcp6_advert(rx[0], self.pg4, dhcp_solicit_src_vrf1)
983 # table=1, vss_type=1, vpn_index=1, oui=4
984 # table=2, vss_type=0, vpn_id = "ip6-table-2"
985 self.vapi.dhcp_proxy_set_vss(1, 1, oui=4, vpn_index=1, is_ip6=1)
986 self.vapi.dhcp_proxy_set_vss(2, 0, "IPv6-table-2", is_ip6=1)
988 self.pg4.add_stream(p_solicit_vrf1)
989 self.pg_enable_capture(self.pg_interfaces)
992 rx = self.pg1.get_capture(1)
994 self.verify_dhcp6_solicit(rx[0], self.pg1,
995 dhcp_solicit_src_vrf1,
1000 self.pg5.add_stream(p_solicit_vrf2)
1001 self.pg_enable_capture(self.pg_interfaces)
1004 rx = self.pg2.get_capture(1)
1006 self.verify_dhcp6_solicit(rx[0], self.pg2,
1007 dhcp_solicit_src_vrf2,
1008 self.pg5.remote_mac,
1009 vpn_id="IPv6-table-2")
1012 # Remove the VSS config
1013 # relayed DHCP has default vlaues in the option.
1015 self.vapi.dhcp_proxy_set_vss(1, is_ip6=1, is_add=0)
1017 self.pg4.add_stream(p_solicit_vrf1)
1018 self.pg_enable_capture(self.pg_interfaces)
1021 rx = self.pg1.get_capture(1)
1023 self.verify_dhcp6_solicit(rx[0], self.pg1,
1024 dhcp_solicit_src_vrf1,
1025 self.pg4.remote_mac)
1028 # Add a second DHCP server in VRF 1
1029 # expect clients messages to be relay to both configured servers
1031 self.pg1.generate_remote_hosts(2)
1032 server_addr12 = socket.inet_pton(AF_INET6,
1033 self.pg1.remote_hosts[1].ip6)
1035 self.vapi.dhcp_proxy_config(server_addr12,
1042 # We'll need an ND entry for the server to send it packets
1044 nd_entry = VppNeighbor(self,
1045 self.pg1.sw_if_index,
1046 self.pg1.remote_hosts[1].mac,
1047 self.pg1.remote_hosts[1].ip6,
1049 nd_entry.add_vpp_config()
1052 # Send a discover from the client. expect two relayed messages
1053 # The frist packet is sent to the second server
1054 # We're not enforcing that here, it's just the way it is.
1056 self.pg4.add_stream(p_solicit_vrf1)
1057 self.pg_enable_capture(self.pg_interfaces)
1060 rx = self.pg1.get_capture(2)
1062 self.verify_dhcp6_solicit(rx[0], self.pg1,
1063 dhcp_solicit_src_vrf1,
1064 self.pg4.remote_mac)
1065 self.verify_dhcp6_solicit(rx[1], self.pg1,
1066 dhcp_solicit_src_vrf1,
1067 self.pg4.remote_mac,
1068 dst_mac=self.pg1.remote_hosts[1].mac,
1069 dst_ip=self.pg1.remote_hosts[1].ip6)
1072 # Send both packets back. Client gets both.
1074 p1 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
1075 IPv6(dst=self.pg1.local_ip6, src=self.pg1.remote_ip6) /
1076 UDP(sport=DHCP6_SERVER_PORT, dport=DHCP6_SERVER_PORT) /
1077 DHCP6_RelayReply(peeraddr=dhcp_solicit_src_vrf1) /
1078 DHCP6OptIfaceId(optlen=4, ifaceid='\x00\x00\x00\x05') /
1079 DHCP6OptRelayMsg(optlen=0) /
1080 DHCP6_Advertise(trid=1) /
1081 DHCP6OptStatusCode(statuscode=0))
1082 p2 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_hosts[1].mac) /
1083 IPv6(dst=self.pg1.local_ip6, src=self.pg1._remote_hosts[1].ip6) /
1084 UDP(sport=DHCP6_SERVER_PORT, dport=DHCP6_SERVER_PORT) /
1085 DHCP6_RelayReply(peeraddr=dhcp_solicit_src_vrf1) /
1086 DHCP6OptIfaceId(optlen=4, ifaceid='\x00\x00\x00\x05') /
1087 DHCP6OptRelayMsg(optlen=0) /
1088 DHCP6_Advertise(trid=1) /
1089 DHCP6OptStatusCode(statuscode=0))
1093 self.pg1.add_stream(pkts)
1094 self.pg_enable_capture(self.pg_interfaces)
1097 rx = self.pg4.get_capture(2)
1099 self.verify_dhcp6_advert(rx[0], self.pg4, dhcp_solicit_src_vrf1)
1100 self.verify_dhcp6_advert(rx[1], self.pg4, dhcp_solicit_src_vrf1)
1103 # Ensure only solicit messages are duplicated
1105 p_request_vrf1 = (Ether(dst=dmac, src=self.pg4.remote_mac) /
1106 IPv6(src=dhcp_solicit_src_vrf1,
1107 dst=dhcp_solicit_dst) /
1108 UDP(sport=DHCP6_SERVER_PORT,
1109 dport=DHCP6_CLIENT_PORT) /
1112 self.pg4.add_stream(p_request_vrf1)
1113 self.pg_enable_capture(self.pg_interfaces)
1116 rx = self.pg1.get_capture(1)
1119 # Test we drop DHCP packets from addresses that are not configured as
1122 p2 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_hosts[1].mac) /
1123 IPv6(dst=self.pg1.local_ip6, src="3001::1") /
1124 UDP(sport=DHCP6_SERVER_PORT, dport=DHCP6_SERVER_PORT) /
1125 DHCP6_RelayReply(peeraddr=dhcp_solicit_src_vrf1) /
1126 DHCP6OptIfaceId(optlen=4, ifaceid='\x00\x00\x00\x05') /
1127 DHCP6OptRelayMsg(optlen=0) /
1128 DHCP6_Advertise(trid=1) /
1129 DHCP6OptStatusCode(statuscode=0))
1130 self.send_and_assert_no_replies(self.pg1, p2,
1131 "DHCP6 not from server")
1134 # Remove the second DHCP server
1136 self.vapi.dhcp_proxy_config(server_addr12,
1144 # Test we can still relay with the first
1146 self.pg4.add_stream(p_solicit_vrf1)
1147 self.pg_enable_capture(self.pg_interfaces)
1150 rx = self.pg1.get_capture(1)
1152 self.verify_dhcp6_solicit(rx[0], self.pg1,
1153 dhcp_solicit_src_vrf1,
1154 self.pg4.remote_mac)
1159 self.vapi.dhcp_proxy_config(server_addr_vrf2,
1165 self.vapi.dhcp_proxy_config(server_addr_vrf1,
1171 self.vapi.dhcp_proxy_config(server_addr_vrf0,
1179 self.vapi.dhcp_proxy_config(server_addr_vrf0,
1185 self.pg3.unconfig_ip6()
1186 self.pg4.unconfig_ip6()
1187 self.pg5.unconfig_ip6()
1189 def test_dhcp_client(self):
1192 hostname = 'universal-dp'
1194 self.pg_enable_capture(self.pg_interfaces)
1197 # Configure DHCP client on PG3 and capture the discover sent
1199 self.vapi.dhcp_client(self.pg3.sw_if_index, hostname)
1201 rx = self.pg3.get_capture(1)
1203 self.verify_orig_dhcp_discover(rx[0], self.pg3, hostname)
1206 # Send back on offer, expect the request
1208 p_offer = (Ether(dst=self.pg3.local_mac, src=self.pg3.remote_mac) /
1209 IP(src=self.pg3.remote_ip4, dst="255.255.255.255") /
1210 UDP(sport=DHCP4_SERVER_PORT, dport=DHCP4_CLIENT_PORT) /
1211 BOOTP(op=1, yiaddr=self.pg3.local_ip4) /
1212 DHCP(options=[('message-type', 'offer'),
1213 ('server_id', self.pg3.remote_ip4),
1216 self.pg3.add_stream(p_offer)
1217 self.pg_enable_capture(self.pg_interfaces)
1220 rx = self.pg3.get_capture(1)
1221 self.verify_orig_dhcp_request(rx[0], self.pg3, hostname,
1225 # Send an acknowloedgement
1227 p_ack = (Ether(dst=self.pg3.local_mac, src=self.pg3.remote_mac) /
1228 IP(src=self.pg3.remote_ip4, dst="255.255.255.255") /
1229 UDP(sport=DHCP4_SERVER_PORT, dport=DHCP4_CLIENT_PORT) /
1230 BOOTP(op=1, yiaddr=self.pg3.local_ip4) /
1231 DHCP(options=[('message-type', 'ack'),
1232 ('subnet_mask', "255.255.255.0"),
1233 ('router', self.pg3.remote_ip4),
1234 ('server_id', self.pg3.remote_ip4),
1235 ('lease_time', 43200),
1238 self.pg3.add_stream(p_ack)
1239 self.pg_enable_capture(self.pg_interfaces)
1243 # We'll get an ARP request for the router address
1245 rx = self.pg3.get_capture(1)
1247 self.assertEqual(rx[0][ARP].pdst, self.pg3.remote_ip4)
1248 self.pg_enable_capture(self.pg_interfaces)
1251 # At the end of this procedure there should be a connected route
1254 self.assertTrue(find_route(self, self.pg3.local_ip4, 24))
1255 self.assertTrue(find_route(self, self.pg3.local_ip4, 32))
1257 # remove the left over ARP entry
1258 self.vapi.ip_neighbor_add_del(self.pg3.sw_if_index,
1259 mactobinary(self.pg3.remote_mac),
1260 self.pg3.remote_ip4,
1263 # remove the DHCP config
1265 self.vapi.dhcp_client(self.pg3.sw_if_index, hostname, is_add=0)
1268 # and now the route should be gone
1270 self.assertFalse(find_route(self, self.pg3.local_ip4, 32))
1271 self.assertFalse(find_route(self, self.pg3.local_ip4, 24))
1274 # Start the procedure again. this time have VPP send the client-ID
1276 self.pg3.admin_down()
1279 self.vapi.dhcp_client(self.pg3.sw_if_index, hostname,
1280 client_id=self.pg3.local_mac)
1282 rx = self.pg3.get_capture(1)
1284 self.verify_orig_dhcp_discover(rx[0], self.pg3, hostname,
1287 self.pg3.add_stream(p_offer)
1288 self.pg_enable_capture(self.pg_interfaces)
1291 rx = self.pg3.get_capture(1)
1292 self.verify_orig_dhcp_request(rx[0], self.pg3, hostname,
1296 # unicast the ack to the offered address
1298 p_ack = (Ether(dst=self.pg3.local_mac, src=self.pg3.remote_mac) /
1299 IP(src=self.pg3.remote_ip4, dst=self.pg3.local_ip4) /
1300 UDP(sport=DHCP4_SERVER_PORT, dport=DHCP4_CLIENT_PORT) /
1301 BOOTP(op=1, yiaddr=self.pg3.local_ip4) /
1302 DHCP(options=[('message-type', 'ack'),
1303 ('subnet_mask', "255.255.255.0"),
1304 ('router', self.pg3.remote_ip4),
1305 ('server_id', self.pg3.remote_ip4),
1306 ('lease_time', 43200),
1309 self.pg3.add_stream(p_ack)
1310 self.pg_enable_capture(self.pg_interfaces)
1314 # At the end of this procedure there should be a connected route
1317 self.assertTrue(find_route(self, self.pg3.local_ip4, 32))
1318 self.assertTrue(find_route(self, self.pg3.local_ip4, 24))
1321 # remove the DHCP config
1323 self.vapi.dhcp_client(self.pg3.sw_if_index, hostname, is_add=0)
1325 self.assertFalse(find_route(self, self.pg3.local_ip4, 32))
1326 self.assertFalse(find_route(self, self.pg3.local_ip4, 24))
1329 if __name__ == '__main__':
1330 unittest.main(testRunner=VppTestRunner)
Code Review / vpp.git / blob