4 from socket import AF_INET6
6 from framework import VppTestCase, VppTestRunner
7 from vpp_sub_interface import VppSubInterface, VppDot1QSubint
8 from vpp_pg_interface import is_ipv6_misc
9 from vpp_ip_route import VppIpRoute, VppRoutePath, find_route, VppIpMRoute, \
10 VppMRoutePath, MRouteItfFlags, MRouteEntryFlags, VppMplsIpBind, \
11 VppMplsRoute, DpoProto, VppMplsTable
12 from vpp_neighbor import find_nbr, VppNeighbor
14 from scapy.packet import Raw
15 from scapy.layers.l2 import Ether, Dot1Q
16 from scapy.layers.inet6 import IPv6, UDP, TCP, ICMPv6ND_NS, ICMPv6ND_RS, \
17 ICMPv6ND_RA, ICMPv6NDOptSrcLLAddr, getmacbyip6, ICMPv6MRD_Solicitation, \
18 ICMPv6NDOptMTU, ICMPv6NDOptSrcLLAddr, ICMPv6NDOptPrefixInfo, \
19 ICMPv6ND_NA, ICMPv6NDOptDstLLAddr, ICMPv6DestUnreach, icmp6types, \
23 from scapy.utils6 import in6_getnsma, in6_getnsmac, in6_ptop, in6_islladdr, \
24 in6_mactoifaceid, in6_ismaddr
25 from scapy.utils import inet_pton, inet_ntop
26 from scapy.contrib.mpls import MPLS
30 euid = in6_mactoifaceid(mac)
31 addr = "fe80::" + euid
35 class TestIPv6ND(VppTestCase):
36 def validate_ra(self, intf, rx, dst_ip=None):
38 dst_ip = intf.remote_ip6
40 # unicasted packets must come to the unicast mac
41 self.assertEqual(rx[Ether].dst, intf.remote_mac)
43 # and from the router's MAC
44 self.assertEqual(rx[Ether].src, intf.local_mac)
46 # the rx'd RA should be addressed to the sender's source
47 self.assertTrue(rx.haslayer(ICMPv6ND_RA))
48 self.assertEqual(in6_ptop(rx[IPv6].dst),
51 # and come from the router's link local
52 self.assertTrue(in6_islladdr(rx[IPv6].src))
53 self.assertEqual(in6_ptop(rx[IPv6].src),
54 in6_ptop(mk_ll_addr(intf.local_mac)))
56 def validate_na(self, intf, rx, dst_ip=None, tgt_ip=None):
58 dst_ip = intf.remote_ip6
60 dst_ip = intf.local_ip6
62 # unicasted packets must come to the unicast mac
63 self.assertEqual(rx[Ether].dst, intf.remote_mac)
65 # and from the router's MAC
66 self.assertEqual(rx[Ether].src, intf.local_mac)
68 # the rx'd NA should be addressed to the sender's source
69 self.assertTrue(rx.haslayer(ICMPv6ND_NA))
70 self.assertEqual(in6_ptop(rx[IPv6].dst),
73 # and come from the target address
74 self.assertEqual(in6_ptop(rx[IPv6].src), in6_ptop(tgt_ip))
76 # Dest link-layer options should have the router's MAC
77 dll = rx[ICMPv6NDOptDstLLAddr]
78 self.assertEqual(dll.lladdr, intf.local_mac)
80 def validate_ns(self, intf, rx, tgt_ip):
81 nsma = in6_getnsma(inet_pton(AF_INET6, tgt_ip))
82 dst_ip = inet_ntop(AF_INET6, nsma)
85 self.assertEqual(rx[Ether].dst, "ff:ff:ff:ff:ff:ff")
87 # and from the router's MAC
88 self.assertEqual(rx[Ether].src, intf.local_mac)
90 # the rx'd NS should be addressed to an mcast address
91 # derived from the target address
92 self.assertEqual(in6_ptop(rx[IPv6].dst), in6_ptop(dst_ip))
94 # expect the tgt IP in the NS header
96 self.assertEqual(in6_ptop(ns.tgt), in6_ptop(tgt_ip))
98 # packet is from the router's local address
99 self.assertEqual(in6_ptop(rx[IPv6].src), intf.local_ip6)
101 # Src link-layer options should have the router's MAC
102 sll = rx[ICMPv6NDOptSrcLLAddr]
103 self.assertEqual(sll.lladdr, intf.local_mac)
105 def send_and_expect_ra(self, intf, pkts, remark, dst_ip=None,
106 filter_out_fn=is_ipv6_misc):
107 intf.add_stream(pkts)
108 self.pg_enable_capture(self.pg_interfaces)
110 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
112 self.assertEqual(len(rx), 1)
114 self.validate_ra(intf, rx, dst_ip)
116 def send_and_expect_na(self, intf, pkts, remark, dst_ip=None,
118 filter_out_fn=is_ipv6_misc):
119 intf.add_stream(pkts)
120 self.pg_enable_capture(self.pg_interfaces)
122 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
124 self.assertEqual(len(rx), 1)
126 self.validate_na(intf, rx, dst_ip, tgt_ip)
128 def send_and_expect_ns(self, tx_intf, rx_intf, pkts, tgt_ip,
129 filter_out_fn=is_ipv6_misc):
130 tx_intf.add_stream(pkts)
131 self.pg_enable_capture(self.pg_interfaces)
133 rx = rx_intf.get_capture(1, filter_out_fn=filter_out_fn)
135 self.assertEqual(len(rx), 1)
137 self.validate_ns(rx_intf, rx, tgt_ip)
139 def send_and_assert_no_replies(self, intf, pkts, remark):
140 intf.add_stream(pkts)
141 self.pg_enable_capture(self.pg_interfaces)
143 for i in self.pg_interfaces:
145 i.assert_nothing_captured(remark=remark)
147 def verify_ip(self, rx, smac, dmac, sip, dip):
149 self.assertEqual(ether.dst, dmac)
150 self.assertEqual(ether.src, smac)
153 self.assertEqual(ip.src, sip)
154 self.assertEqual(ip.dst, dip)
157 class TestIPv6(TestIPv6ND):
158 """ IPv6 Test Case """
162 super(TestIPv6, cls).setUpClass()
166 Perform test setup before test case.
169 - create 3 pg interfaces
170 - untagged pg0 interface
171 - Dot1Q subinterface on pg1
172 - Dot1AD subinterface on pg2
174 - put it into UP state
176 - resolve neighbor address using NDP
177 - configure 200 fib entries
179 :ivar list interfaces: pg interfaces and subinterfaces.
180 :ivar dict flows: IPv4 packet flows in test.
181 :ivar list pg_if_packet_sizes: packet sizes in test.
183 *TODO:* Create AD sub interface
185 super(TestIPv6, self).setUp()
187 # create 3 pg interfaces
188 self.create_pg_interfaces(range(3))
190 # create 2 subinterfaces for p1 and pg2
191 self.sub_interfaces = [
192 VppDot1QSubint(self, self.pg1, 100),
193 VppDot1QSubint(self, self.pg2, 200)
194 # TODO: VppDot1ADSubint(self, self.pg2, 200, 300, 400)
197 # packet flows mapping pg0 -> pg1.sub, pg2.sub, etc.
199 self.flows[self.pg0] = [self.pg1.sub_if, self.pg2.sub_if]
200 self.flows[self.pg1.sub_if] = [self.pg0, self.pg2.sub_if]
201 self.flows[self.pg2.sub_if] = [self.pg0, self.pg1.sub_if]
204 self.pg_if_packet_sizes = [64, 512, 1518, 9018]
205 self.sub_if_packet_sizes = [64, 512, 1518 + 4, 9018 + 4]
207 self.interfaces = list(self.pg_interfaces)
208 self.interfaces.extend(self.sub_interfaces)
210 # setup all interfaces
211 for i in self.interfaces:
216 # config 2M FIB entries
217 self.config_fib_entries(200)
220 """Run standard test teardown and log ``show ip6 neighbors``."""
221 for i in self.sub_interfaces:
225 i.remove_vpp_config()
227 super(TestIPv6, self).tearDown()
228 if not self.vpp_dead:
229 self.logger.info(self.vapi.cli("show ip6 neighbors"))
230 # info(self.vapi.cli("show ip6 fib")) # many entries
232 def config_fib_entries(self, count):
233 """For each interface add to the FIB table *count* routes to
234 "fd02::1/128" destination with interface's local address as next-hop
237 :param int count: Number of FIB entries.
239 - *TODO:* check if the next-hop address shouldn't be remote address
240 instead of local address.
242 n_int = len(self.interfaces)
245 dest_addr = inet_pton(AF_INET6, "fd02::1")
247 for i in self.interfaces:
248 next_hop_address = i.local_ip6n
249 for j in range(count / n_int):
250 self.vapi.ip_add_del_route(
251 dest_addr, dest_addr_len, next_hop_address, is_ipv6=1)
253 if counter / count * 100 > percent:
254 self.logger.info("Configure %d FIB entries .. %d%% done" %
258 def create_stream(self, src_if, packet_sizes):
259 """Create input packet stream for defined interface.
261 :param VppInterface src_if: Interface to create packet stream for.
262 :param list packet_sizes: Required packet sizes.
265 for i in range(0, 257):
266 dst_if = self.flows[src_if][i % 2]
267 info = self.create_packet_info(src_if, dst_if)
268 payload = self.info_to_payload(info)
269 p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
270 IPv6(src=src_if.remote_ip6, dst=dst_if.remote_ip6) /
271 UDP(sport=1234, dport=1234) /
274 if isinstance(src_if, VppSubInterface):
275 p = src_if.add_dot1_layer(p)
276 size = packet_sizes[(i // 2) % len(packet_sizes)]
277 self.extend_packet(p, size)
281 def verify_capture(self, dst_if, capture):
282 """Verify captured input packet stream for defined interface.
284 :param VppInterface dst_if: Interface to verify captured packet stream
286 :param list capture: Captured packet stream.
288 self.logger.info("Verifying capture on interface %s" % dst_if.name)
290 for i in self.interfaces:
291 last_info[i.sw_if_index] = None
293 dst_sw_if_index = dst_if.sw_if_index
294 if hasattr(dst_if, 'parent'):
296 for packet in capture:
298 # Check VLAN tags and Ethernet header
299 packet = dst_if.remove_dot1_layer(packet)
300 self.assertTrue(Dot1Q not in packet)
304 payload_info = self.payload_to_info(str(packet[Raw]))
305 packet_index = payload_info.index
306 self.assertEqual(payload_info.dst, dst_sw_if_index)
308 "Got packet on port %s: src=%u (id=%u)" %
309 (dst_if.name, payload_info.src, packet_index))
310 next_info = self.get_next_packet_info_for_interface2(
311 payload_info.src, dst_sw_if_index,
312 last_info[payload_info.src])
313 last_info[payload_info.src] = next_info
314 self.assertTrue(next_info is not None)
315 self.assertEqual(packet_index, next_info.index)
316 saved_packet = next_info.data
317 # Check standard fields
318 self.assertEqual(ip.src, saved_packet[IPv6].src)
319 self.assertEqual(ip.dst, saved_packet[IPv6].dst)
320 self.assertEqual(udp.sport, saved_packet[UDP].sport)
321 self.assertEqual(udp.dport, saved_packet[UDP].dport)
323 self.logger.error(ppp("Unexpected or invalid packet:", packet))
325 for i in self.interfaces:
326 remaining_packet = self.get_next_packet_info_for_interface2(
327 i.sw_if_index, dst_sw_if_index, last_info[i.sw_if_index])
328 self.assertTrue(remaining_packet is None,
329 "Interface %s: Packet expected from interface %s "
330 "didn't arrive" % (dst_if.name, i.name))
336 - Create IPv6 stream for pg0 interface
337 - Create IPv6 tagged streams for pg1's and pg2's subinterface.
338 - Send and verify received packets on each interface.
341 pkts = self.create_stream(self.pg0, self.pg_if_packet_sizes)
342 self.pg0.add_stream(pkts)
344 for i in self.sub_interfaces:
345 pkts = self.create_stream(i, self.sub_if_packet_sizes)
346 i.parent.add_stream(pkts)
348 self.pg_enable_capture(self.pg_interfaces)
351 pkts = self.pg0.get_capture()
352 self.verify_capture(self.pg0, pkts)
354 for i in self.sub_interfaces:
355 pkts = i.parent.get_capture()
356 self.verify_capture(i, pkts)
359 """ IPv6 Neighbour Solicitation Exceptions
362 - Send an NS Sourced from an address not covered by the link sub-net
363 - Send an NS to an mcast address the router has not joined
364 - Send NS for a target address the router does not onn.
368 # An NS from a non link source address
370 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
371 d = inet_ntop(AF_INET6, nsma)
373 p = (Ether(dst=in6_getnsmac(nsma)) /
374 IPv6(dst=d, src="2002::2") /
375 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
376 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
379 self.send_and_assert_no_replies(
381 "No response to NS source by address not on sub-net")
384 # An NS for sent to a solicited mcast group the router is
385 # not a member of FAILS
388 nsma = in6_getnsma(inet_pton(AF_INET6, "fd::ffff"))
389 d = inet_ntop(AF_INET6, nsma)
391 p = (Ether(dst=in6_getnsmac(nsma)) /
392 IPv6(dst=d, src=self.pg0.remote_ip6) /
393 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
394 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
397 self.send_and_assert_no_replies(
399 "No response to NS sent to unjoined mcast address")
402 # An NS whose target address is one the router does not own
404 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
405 d = inet_ntop(AF_INET6, nsma)
407 p = (Ether(dst=in6_getnsmac(nsma)) /
408 IPv6(dst=d, src=self.pg0.remote_ip6) /
409 ICMPv6ND_NS(tgt="fd::ffff") /
410 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
413 self.send_and_assert_no_replies(self.pg0, pkts,
414 "No response to NS for unknown target")
417 # A neighbor entry that has no associated FIB-entry
419 self.pg0.generate_remote_hosts(4)
420 nd_entry = VppNeighbor(self,
421 self.pg0.sw_if_index,
422 self.pg0.remote_hosts[2].mac,
423 self.pg0.remote_hosts[2].ip6,
426 nd_entry.add_vpp_config()
429 # check we have the neighbor, but no route
431 self.assertTrue(find_nbr(self,
432 self.pg0.sw_if_index,
433 self.pg0._remote_hosts[2].ip6,
435 self.assertFalse(find_route(self,
436 self.pg0._remote_hosts[2].ip6,
441 # send an NS from a link local address to the interface's global
444 p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
445 IPv6(dst=d, src=self.pg0._remote_hosts[2].ip6_ll) /
446 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
447 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
449 self.send_and_expect_na(self.pg0, p,
450 "NS from link-local",
451 dst_ip=self.pg0._remote_hosts[2].ip6_ll,
452 tgt_ip=self.pg0.local_ip6)
455 # we should have learned an ND entry for the peer's link-local
456 # but not inserted a route to it in the FIB
458 self.assertTrue(find_nbr(self,
459 self.pg0.sw_if_index,
460 self.pg0._remote_hosts[2].ip6_ll,
462 self.assertFalse(find_route(self,
463 self.pg0._remote_hosts[2].ip6_ll,
468 # An NS to the router's own Link-local
470 p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
471 IPv6(dst=d, src=self.pg0._remote_hosts[3].ip6_ll) /
472 ICMPv6ND_NS(tgt=self.pg0.local_ip6_ll) /
473 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
475 self.send_and_expect_na(self.pg0, p,
476 "NS to/from link-local",
477 dst_ip=self.pg0._remote_hosts[3].ip6_ll,
478 tgt_ip=self.pg0.local_ip6_ll)
481 # we should have learned an ND entry for the peer's link-local
482 # but not inserted a route to it in the FIB
484 self.assertTrue(find_nbr(self,
485 self.pg0.sw_if_index,
486 self.pg0._remote_hosts[3].ip6_ll,
488 self.assertFalse(find_route(self,
489 self.pg0._remote_hosts[3].ip6_ll,
493 def test_ns_duplicates(self):
497 # Generate some hosts on the LAN
499 self.pg1.generate_remote_hosts(3)
502 # Add host 1 on pg1 and pg2
504 ns_pg1 = VppNeighbor(self,
505 self.pg1.sw_if_index,
506 self.pg1.remote_hosts[1].mac,
507 self.pg1.remote_hosts[1].ip6,
509 ns_pg1.add_vpp_config()
510 ns_pg2 = VppNeighbor(self,
511 self.pg2.sw_if_index,
513 self.pg1.remote_hosts[1].ip6,
515 ns_pg2.add_vpp_config()
518 # IP packet destined for pg1 remote host arrives on pg1 again.
520 p = (Ether(dst=self.pg0.local_mac,
521 src=self.pg0.remote_mac) /
522 IPv6(src=self.pg0.remote_ip6,
523 dst=self.pg1.remote_hosts[1].ip6) /
524 UDP(sport=1234, dport=1234) /
527 self.pg0.add_stream(p)
528 self.pg_enable_capture(self.pg_interfaces)
531 rx1 = self.pg1.get_capture(1)
533 self.verify_ip(rx1[0],
535 self.pg1.remote_hosts[1].mac,
537 self.pg1.remote_hosts[1].ip6)
540 # remove the duplicate on pg1
541 # packet stream shoud generate NSs out of pg1
543 ns_pg1.remove_vpp_config()
545 self.send_and_expect_ns(self.pg0, self.pg1,
546 p, self.pg1.remote_hosts[1].ip6)
551 ns_pg1.add_vpp_config()
553 self.pg0.add_stream(p)
554 self.pg_enable_capture(self.pg_interfaces)
557 rx1 = self.pg1.get_capture(1)
559 self.verify_ip(rx1[0],
561 self.pg1.remote_hosts[1].mac,
563 self.pg1.remote_hosts[1].ip6)
565 def validate_ra(self, intf, rx, dst_ip=None, mtu=9000, pi_opt=None):
567 dst_ip = intf.remote_ip6
569 # unicasted packets must come to the unicast mac
570 self.assertEqual(rx[Ether].dst, intf.remote_mac)
572 # and from the router's MAC
573 self.assertEqual(rx[Ether].src, intf.local_mac)
575 # the rx'd RA should be addressed to the sender's source
576 self.assertTrue(rx.haslayer(ICMPv6ND_RA))
577 self.assertEqual(in6_ptop(rx[IPv6].dst),
580 # and come from the router's link local
581 self.assertTrue(in6_islladdr(rx[IPv6].src))
582 self.assertEqual(in6_ptop(rx[IPv6].src),
583 in6_ptop(mk_ll_addr(intf.local_mac)))
585 # it should contain the links MTU
587 self.assertEqual(ra[ICMPv6NDOptMTU].mtu, mtu)
589 # it should contain the source's link layer address option
590 sll = ra[ICMPv6NDOptSrcLLAddr]
591 self.assertEqual(sll.lladdr, intf.local_mac)
594 # the RA should not contain prefix information
595 self.assertFalse(ra.haslayer(ICMPv6NDOptPrefixInfo))
597 raos = rx.getlayer(ICMPv6NDOptPrefixInfo, 1)
599 # the options are nested in the scapy packet in way that i cannot
600 # decipher how to decode. this 1st layer of option always returns
601 # nested classes, so a direct obj1=obj2 comparison always fails.
602 # however, the getlayer(.., 2) does give one instnace.
603 # so we cheat here and construct a new opt instnace for comparison
604 rd = ICMPv6NDOptPrefixInfo(prefixlen=raos.prefixlen,
608 if type(pi_opt) is list:
609 for ii in range(len(pi_opt)):
610 self.assertEqual(pi_opt[ii], rd)
611 rd = rx.getlayer(ICMPv6NDOptPrefixInfo, ii+2)
613 self.assertEqual(pi_opt, raos)
615 def send_and_expect_ra(self, intf, pkts, remark, dst_ip=None,
616 filter_out_fn=is_ipv6_misc,
618 intf.add_stream(pkts)
619 self.pg_enable_capture(self.pg_interfaces)
621 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
623 self.assertEqual(len(rx), 1)
625 self.validate_ra(intf, rx, dst_ip, pi_opt=opt)
628 """ IPv6 Router Solicitation Exceptions
634 # Before we begin change the IPv6 RA responses to use the unicast
635 # address - that way we will not confuse them with the periodic
636 # RAs which go to the mcast address
637 # Sit and wait for the first periodic RA.
641 self.pg0.ip6_ra_config(send_unicast=1)
644 # An RS from a link source address
645 # - expect an RA in return
647 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
648 IPv6(dst=self.pg0.local_ip6, src=self.pg0.remote_ip6) /
651 self.send_and_expect_ra(self.pg0, pkts, "Genuine RS")
654 # For the next RS sent the RA should be rate limited
656 self.send_and_assert_no_replies(self.pg0, pkts, "RA rate limited")
659 # When we reconfiure the IPv6 RA config, we reset the RA rate limiting,
660 # so we need to do this before each test below so as not to drop
661 # packets for rate limiting reasons. Test this works here.
663 self.pg0.ip6_ra_config(send_unicast=1)
664 self.send_and_expect_ra(self.pg0, pkts, "Rate limit reset RS")
667 # An RS sent from a non-link local source
669 self.pg0.ip6_ra_config(send_unicast=1)
670 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
671 IPv6(dst=self.pg0.local_ip6, src="2002::ffff") /
674 self.send_and_assert_no_replies(self.pg0, pkts,
675 "RS from non-link source")
678 # Source an RS from a link local address
680 self.pg0.ip6_ra_config(send_unicast=1)
681 ll = mk_ll_addr(self.pg0.remote_mac)
682 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
683 IPv6(dst=self.pg0.local_ip6, src=ll) /
686 self.send_and_expect_ra(self.pg0, pkts,
687 "RS sourced from link-local",
691 # Send the RS multicast
693 self.pg0.ip6_ra_config(send_unicast=1)
694 dmac = in6_getnsmac(inet_pton(AF_INET6, "ff02::2"))
695 ll = mk_ll_addr(self.pg0.remote_mac)
696 p = (Ether(dst=dmac, src=self.pg0.remote_mac) /
697 IPv6(dst="ff02::2", src=ll) /
700 self.send_and_expect_ra(self.pg0, pkts,
701 "RS sourced from link-local",
705 # Source from the unspecified address ::. This happens when the RS
706 # is sent before the host has a configured address/sub-net,
707 # i.e. auto-config. Since the sender has no IP address, the reply
708 # comes back mcast - so the capture needs to not filter this.
709 # If we happen to pick up the periodic RA at this point then so be it,
712 self.pg0.ip6_ra_config(send_unicast=1, suppress=1)
713 p = (Ether(dst=dmac, src=self.pg0.remote_mac) /
714 IPv6(dst="ff02::2", src="::") /
717 self.send_and_expect_ra(self.pg0, pkts,
718 "RS sourced from unspecified",
723 # Configure The RA to announce the links prefix
725 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
726 self.pg0.local_ip6_prefix_len)
729 # RAs should now contain the prefix information option
731 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
732 prefix=self.pg0.local_ip6,
736 self.pg0.ip6_ra_config(send_unicast=1)
737 ll = mk_ll_addr(self.pg0.remote_mac)
738 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
739 IPv6(dst=self.pg0.local_ip6, src=ll) /
741 self.send_and_expect_ra(self.pg0, p,
742 "RA with prefix-info",
747 # Change the prefix info to not off-link
750 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
751 self.pg0.local_ip6_prefix_len,
754 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
755 prefix=self.pg0.local_ip6,
759 self.pg0.ip6_ra_config(send_unicast=1)
760 self.send_and_expect_ra(self.pg0, p,
761 "RA with Prefix info with L-flag=0",
766 # Change the prefix info to not off-link, no-autoconfig
767 # L and A flag are clear in the advert
769 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
770 self.pg0.local_ip6_prefix_len,
774 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
775 prefix=self.pg0.local_ip6,
779 self.pg0.ip6_ra_config(send_unicast=1)
780 self.send_and_expect_ra(self.pg0, p,
781 "RA with Prefix info with A & L-flag=0",
786 # Change the flag settings back to the defaults
787 # L and A flag are set in the advert
789 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
790 self.pg0.local_ip6_prefix_len)
792 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
793 prefix=self.pg0.local_ip6,
797 self.pg0.ip6_ra_config(send_unicast=1)
798 self.send_and_expect_ra(self.pg0, p,
799 "RA with Prefix info",
804 # Change the prefix info to not off-link, no-autoconfig
805 # L and A flag are clear in the advert
807 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
808 self.pg0.local_ip6_prefix_len,
812 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
813 prefix=self.pg0.local_ip6,
817 self.pg0.ip6_ra_config(send_unicast=1)
818 self.send_and_expect_ra(self.pg0, p,
819 "RA with Prefix info with A & L-flag=0",
824 # Use the reset to defults option to revert to defaults
825 # L and A flag are clear in the advert
827 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
828 self.pg0.local_ip6_prefix_len,
831 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
832 prefix=self.pg0.local_ip6,
836 self.pg0.ip6_ra_config(send_unicast=1)
837 self.send_and_expect_ra(self.pg0, p,
838 "RA with Prefix reverted to defaults",
843 # Advertise Another prefix. With no L-flag/A-flag
845 self.pg0.ip6_ra_prefix(self.pg1.local_ip6n,
846 self.pg1.local_ip6_prefix_len,
850 opt = [ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
851 prefix=self.pg0.local_ip6,
854 ICMPv6NDOptPrefixInfo(prefixlen=self.pg1.local_ip6_prefix_len,
855 prefix=self.pg1.local_ip6,
859 self.pg0.ip6_ra_config(send_unicast=1)
860 ll = mk_ll_addr(self.pg0.remote_mac)
861 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
862 IPv6(dst=self.pg0.local_ip6, src=ll) /
864 self.send_and_expect_ra(self.pg0, p,
865 "RA with multiple Prefix infos",
870 # Remove the first refix-info - expect the second is still in the
873 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
874 self.pg0.local_ip6_prefix_len,
877 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg1.local_ip6_prefix_len,
878 prefix=self.pg1.local_ip6,
882 self.pg0.ip6_ra_config(send_unicast=1)
883 self.send_and_expect_ra(self.pg0, p,
884 "RA with Prefix reverted to defaults",
889 # Remove the second prefix-info - expect no prefix-info i nthe adverts
891 self.pg0.ip6_ra_prefix(self.pg1.local_ip6n,
892 self.pg1.local_ip6_prefix_len,
895 self.pg0.ip6_ra_config(send_unicast=1)
896 self.send_and_expect_ra(self.pg0, p,
897 "RA with Prefix reverted to defaults",
901 # Reset the periodic advertisements back to default values
903 self.pg0.ip6_ra_config(no=1, suppress=1, send_unicast=0)
906 class IPv6NDProxyTest(TestIPv6ND):
907 """ IPv6 ND ProxyTest Case """
910 super(IPv6NDProxyTest, self).setUp()
912 # create 3 pg interfaces
913 self.create_pg_interfaces(range(3))
915 # pg0 is the master interface, with the configured subnet
917 self.pg0.config_ip6()
918 self.pg0.resolve_ndp()
920 self.pg1.ip6_enable()
921 self.pg2.ip6_enable()
924 super(IPv6NDProxyTest, self).tearDown()
926 def test_nd_proxy(self):
927 """ IPv6 Proxy ND """
930 # Generate some hosts in the subnet that we are proxying
932 self.pg0.generate_remote_hosts(8)
934 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
935 d = inet_ntop(AF_INET6, nsma)
938 # Send an NS for one of those remote hosts on one of the proxy links
939 # expect no response since it's from an address that is not
940 # on the link that has the prefix configured
942 ns_pg1 = (Ether(dst=in6_getnsmac(nsma), src=self.pg1.remote_mac) /
943 IPv6(dst=d, src=self.pg0._remote_hosts[2].ip6) /
944 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
945 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0._remote_hosts[2].mac))
947 self.send_and_assert_no_replies(self.pg1, ns_pg1, "Off link NS")
950 # Add proxy support for the host
952 self.vapi.ip6_nd_proxy(
953 inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
954 self.pg1.sw_if_index)
957 # try that NS again. this time we expect an NA back
959 self.send_and_expect_na(self.pg1, ns_pg1,
961 dst_ip=self.pg0._remote_hosts[2].ip6,
962 tgt_ip=self.pg0.local_ip6)
965 # ... and that we have an entry in the ND cache
967 self.assertTrue(find_nbr(self,
968 self.pg1.sw_if_index,
969 self.pg0._remote_hosts[2].ip6,
973 # ... and we can route traffic to it
975 t = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
976 IPv6(dst=self.pg0._remote_hosts[2].ip6,
977 src=self.pg0.remote_ip6) /
978 UDP(sport=10000, dport=20000) /
981 self.pg0.add_stream(t)
982 self.pg_enable_capture(self.pg_interfaces)
984 rx = self.pg1.get_capture(1)
987 self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
988 self.assertEqual(rx[Ether].src, self.pg1.local_mac)
990 self.assertEqual(rx[IPv6].src, t[IPv6].src)
991 self.assertEqual(rx[IPv6].dst, t[IPv6].dst)
994 # Test we proxy for the host on the main interface
996 ns_pg0 = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
997 IPv6(dst=d, src=self.pg0.remote_ip6) /
998 ICMPv6ND_NS(tgt=self.pg0._remote_hosts[2].ip6) /
999 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
1001 self.send_and_expect_na(self.pg0, ns_pg0,
1002 "NS to proxy entry on main",
1003 tgt_ip=self.pg0._remote_hosts[2].ip6,
1004 dst_ip=self.pg0.remote_ip6)
1007 # Setup and resolve proxy for another host on another interface
1009 ns_pg2 = (Ether(dst=in6_getnsmac(nsma), src=self.pg2.remote_mac) /
1010 IPv6(dst=d, src=self.pg0._remote_hosts[3].ip6) /
1011 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
1012 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0._remote_hosts[2].mac))
1014 self.vapi.ip6_nd_proxy(
1015 inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
1016 self.pg2.sw_if_index)
1018 self.send_and_expect_na(self.pg2, ns_pg2,
1019 "NS to proxy entry other interface",
1020 dst_ip=self.pg0._remote_hosts[3].ip6,
1021 tgt_ip=self.pg0.local_ip6)
1023 self.assertTrue(find_nbr(self,
1024 self.pg2.sw_if_index,
1025 self.pg0._remote_hosts[3].ip6,
1029 # hosts can communicate. pg2->pg1
1031 t2 = (Ether(dst=self.pg2.local_mac,
1032 src=self.pg0.remote_hosts[3].mac) /
1033 IPv6(dst=self.pg0._remote_hosts[2].ip6,
1034 src=self.pg0._remote_hosts[3].ip6) /
1035 UDP(sport=10000, dport=20000) /
1038 self.pg2.add_stream(t2)
1039 self.pg_enable_capture(self.pg_interfaces)
1041 rx = self.pg1.get_capture(1)
1044 self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
1045 self.assertEqual(rx[Ether].src, self.pg1.local_mac)
1047 self.assertEqual(rx[IPv6].src, t2[IPv6].src)
1048 self.assertEqual(rx[IPv6].dst, t2[IPv6].dst)
1051 # remove the proxy configs
1053 self.vapi.ip6_nd_proxy(
1054 inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
1055 self.pg1.sw_if_index,
1057 self.vapi.ip6_nd_proxy(
1058 inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
1059 self.pg2.sw_if_index,
1062 self.assertFalse(find_nbr(self,
1063 self.pg2.sw_if_index,
1064 self.pg0._remote_hosts[3].ip6,
1066 self.assertFalse(find_nbr(self,
1067 self.pg1.sw_if_index,
1068 self.pg0._remote_hosts[2].ip6,
1072 # no longer proxy-ing...
1074 self.send_and_assert_no_replies(self.pg0, ns_pg0, "Proxy unconfigured")
1075 self.send_and_assert_no_replies(self.pg1, ns_pg1, "Proxy unconfigured")
1076 self.send_and_assert_no_replies(self.pg2, ns_pg2, "Proxy unconfigured")
1079 # no longer forwarding. traffic generates NS out of the glean/main
1082 self.pg2.add_stream(t2)
1083 self.pg_enable_capture(self.pg_interfaces)
1086 rx = self.pg0.get_capture(1)
1088 self.assertTrue(rx[0].haslayer(ICMPv6ND_NS))
1091 class TestIPNull(VppTestCase):
1092 """ IPv6 routes via NULL """
1095 super(TestIPNull, self).setUp()
1097 # create 2 pg interfaces
1098 self.create_pg_interfaces(range(1))
1100 for i in self.pg_interfaces:
1106 super(TestIPNull, self).tearDown()
1107 for i in self.pg_interfaces:
1111 def test_ip_null(self):
1112 """ IP NULL route """
1114 p = (Ether(src=self.pg0.remote_mac,
1115 dst=self.pg0.local_mac) /
1116 IPv6(src=self.pg0.remote_ip6, dst="2001::1") /
1117 UDP(sport=1234, dport=1234) /
1121 # A route via IP NULL that will reply with ICMP unreachables
1123 ip_unreach = VppIpRoute(self, "2001::", 64, [], is_unreach=1, is_ip6=1)
1124 ip_unreach.add_vpp_config()
1126 self.pg0.add_stream(p)
1127 self.pg_enable_capture(self.pg_interfaces)
1130 rx = self.pg0.get_capture(1)
1132 icmp = rx[ICMPv6DestUnreach]
1134 # 0 = "No route to destination"
1135 self.assertEqual(icmp.code, 0)
1137 # ICMP is rate limited. pause a bit
1141 # A route via IP NULL that will reply with ICMP prohibited
1143 ip_prohibit = VppIpRoute(self, "2001::1", 128, [],
1144 is_prohibit=1, is_ip6=1)
1145 ip_prohibit.add_vpp_config()
1147 self.pg0.add_stream(p)
1148 self.pg_enable_capture(self.pg_interfaces)
1151 rx = self.pg0.get_capture(1)
1153 icmp = rx[ICMPv6DestUnreach]
1155 # 1 = "Communication with destination administratively prohibited"
1156 self.assertEqual(icmp.code, 1)
1159 class TestIPDisabled(VppTestCase):
1160 """ IPv6 disabled """
1163 super(TestIPDisabled, self).setUp()
1165 # create 2 pg interfaces
1166 self.create_pg_interfaces(range(2))
1170 self.pg0.config_ip6()
1171 self.pg0.resolve_ndp()
1173 # PG 1 is not IP enabled
1177 super(TestIPDisabled, self).tearDown()
1178 for i in self.pg_interfaces:
1182 def send_and_assert_no_replies(self, intf, pkts, remark):
1183 intf.add_stream(pkts)
1184 self.pg_enable_capture(self.pg_interfaces)
1186 for i in self.pg_interfaces:
1188 i.assert_nothing_captured(remark=remark)
1190 def test_ip_disabled(self):
1195 # one accepting interface, pg0, 2 forwarding interfaces
1197 route_ff_01 = VppIpMRoute(
1201 MRouteEntryFlags.MFIB_ENTRY_FLAG_NONE,
1202 [VppMRoutePath(self.pg1.sw_if_index,
1203 MRouteItfFlags.MFIB_ITF_FLAG_ACCEPT),
1204 VppMRoutePath(self.pg0.sw_if_index,
1205 MRouteItfFlags.MFIB_ITF_FLAG_FORWARD)],
1207 route_ff_01.add_vpp_config()
1209 pu = (Ether(src=self.pg1.remote_mac,
1210 dst=self.pg1.local_mac) /
1211 IPv6(src="2001::1", dst=self.pg0.remote_ip6) /
1212 UDP(sport=1234, dport=1234) /
1214 pm = (Ether(src=self.pg1.remote_mac,
1215 dst=self.pg1.local_mac) /
1216 IPv6(src="2001::1", dst="ffef::1") /
1217 UDP(sport=1234, dport=1234) /
1221 # PG1 does not forward IP traffic
1223 self.send_and_assert_no_replies(self.pg1, pu, "IPv6 disabled")
1224 self.send_and_assert_no_replies(self.pg1, pm, "IPv6 disabled")
1229 self.pg1.config_ip6()
1232 # Now we get packets through
1234 self.pg1.add_stream(pu)
1235 self.pg_enable_capture(self.pg_interfaces)
1237 rx = self.pg0.get_capture(1)
1239 self.pg1.add_stream(pm)
1240 self.pg_enable_capture(self.pg_interfaces)
1242 rx = self.pg0.get_capture(1)
1247 self.pg1.unconfig_ip6()
1250 # PG1 does not forward IP traffic
1252 self.send_and_assert_no_replies(self.pg1, pu, "IPv6 disabled")
1253 self.send_and_assert_no_replies(self.pg1, pm, "IPv6 disabled")
1256 class TestIP6LoadBalance(VppTestCase):
1257 """ IPv6 Load-Balancing """
1260 super(TestIP6LoadBalance, self).setUp()
1262 self.create_pg_interfaces(range(5))
1264 mpls_tbl = VppMplsTable(self, 0)
1265 mpls_tbl.add_vpp_config()
1267 for i in self.pg_interfaces:
1274 for i in self.pg_interfaces:
1278 super(TestIP6LoadBalance, self).tearDown()
1280 def send_and_expect_load_balancing(self, input, pkts, outputs):
1281 self.vapi.cli("clear trace")
1282 input.add_stream(pkts)
1283 self.pg_enable_capture(self.pg_interfaces)
1286 rx = oo._get_capture(1)
1287 self.assertNotEqual(0, len(rx))
1289 def send_and_expect_one_itf(self, input, pkts, itf):
1290 self.vapi.cli("clear trace")
1291 input.add_stream(pkts)
1292 self.pg_enable_capture(self.pg_interfaces)
1294 rx = itf.get_capture(len(pkts))
1296 def test_ip6_load_balance(self):
1297 """ IPv6 Load-Balancing """
1300 # An array of packets that differ only in the destination port
1304 # - MPLS non-EOS with an entropy label
1308 port_mpls_neos_pkts = []
1312 # An array of packets that differ only in the source address
1317 for ii in range(65):
1318 port_ip_hdr = (IPv6(dst="3000::1", src="3000:1::1") /
1319 UDP(sport=1234, dport=1234 + ii) /
1321 port_ip_pkts.append((Ether(src=self.pg0.remote_mac,
1322 dst=self.pg0.local_mac) /
1324 port_mpls_pkts.append((Ether(src=self.pg0.remote_mac,
1325 dst=self.pg0.local_mac) /
1326 MPLS(label=66, ttl=2) /
1328 port_mpls_neos_pkts.append((Ether(src=self.pg0.remote_mac,
1329 dst=self.pg0.local_mac) /
1330 MPLS(label=67, ttl=2) /
1331 MPLS(label=77, ttl=2) /
1333 port_ent_pkts.append((Ether(src=self.pg0.remote_mac,
1334 dst=self.pg0.local_mac) /
1335 MPLS(label=67, ttl=2) /
1336 MPLS(label=14, ttl=2) /
1337 MPLS(label=999, ttl=2) /
1339 src_ip_hdr = (IPv6(dst="3000::1", src="3000:1::%d" % ii) /
1340 UDP(sport=1234, dport=1234) /
1342 src_ip_pkts.append((Ether(src=self.pg0.remote_mac,
1343 dst=self.pg0.local_mac) /
1345 src_mpls_pkts.append((Ether(src=self.pg0.remote_mac,
1346 dst=self.pg0.local_mac) /
1347 MPLS(label=66, ttl=2) /
1351 # A route for the IP pacekts
1353 route_3000_1 = VppIpRoute(self, "3000::1", 128,
1354 [VppRoutePath(self.pg1.remote_ip6,
1355 self.pg1.sw_if_index,
1356 proto=DpoProto.DPO_PROTO_IP6),
1357 VppRoutePath(self.pg2.remote_ip6,
1358 self.pg2.sw_if_index,
1359 proto=DpoProto.DPO_PROTO_IP6)],
1361 route_3000_1.add_vpp_config()
1364 # a local-label for the EOS packets
1366 binding = VppMplsIpBind(self, 66, "3000::1", 128, is_ip6=1)
1367 binding.add_vpp_config()
1370 # An MPLS route for the non-EOS packets
1372 route_67 = VppMplsRoute(self, 67, 0,
1373 [VppRoutePath(self.pg1.remote_ip6,
1374 self.pg1.sw_if_index,
1376 proto=DpoProto.DPO_PROTO_IP6),
1377 VppRoutePath(self.pg2.remote_ip6,
1378 self.pg2.sw_if_index,
1380 proto=DpoProto.DPO_PROTO_IP6)])
1381 route_67.add_vpp_config()
1384 # inject the packet on pg0 - expect load-balancing across the 2 paths
1385 # - since the default hash config is to use IP src,dst and port
1387 # We are not going to ensure equal amounts of packets across each link,
1388 # since the hash algorithm is statistical and therefore this can never
1389 # be guaranteed. But wuth 64 different packets we do expect some
1390 # balancing. So instead just ensure there is traffic on each link.
1392 self.send_and_expect_load_balancing(self.pg0, port_ip_pkts,
1393 [self.pg1, self.pg2])
1394 self.send_and_expect_load_balancing(self.pg0, src_ip_pkts,
1395 [self.pg1, self.pg2])
1396 self.send_and_expect_load_balancing(self.pg0, port_mpls_pkts,
1397 [self.pg1, self.pg2])
1398 self.send_and_expect_load_balancing(self.pg0, src_mpls_pkts,
1399 [self.pg1, self.pg2])
1400 self.send_and_expect_load_balancing(self.pg0, port_mpls_neos_pkts,
1401 [self.pg1, self.pg2])
1404 # The packets with Entropy label in should not load-balance,
1405 # since the Entorpy value is fixed.
1407 self.send_and_expect_one_itf(self.pg0, port_ent_pkts, self.pg1)
1410 # change the flow hash config so it's only IP src,dst
1411 # - now only the stream with differing source address will
1414 self.vapi.set_ip_flow_hash(0, is_ip6=1, src=1, dst=1, sport=0, dport=0)
1416 self.send_and_expect_load_balancing(self.pg0, src_ip_pkts,
1417 [self.pg1, self.pg2])
1418 self.send_and_expect_load_balancing(self.pg0, src_mpls_pkts,
1419 [self.pg1, self.pg2])
1420 self.send_and_expect_one_itf(self.pg0, port_ip_pkts, self.pg2)
1423 # change the flow hash config back to defaults
1425 self.vapi.set_ip_flow_hash(0, is_ip6=1, src=1, dst=1, sport=1, dport=1)
1428 # Recursive prefixes
1429 # - testing that 2 stages of load-balancing occurs and there is no
1430 # polarisation (i.e. only 2 of 4 paths are used)
1435 for ii in range(257):
1436 port_pkts.append((Ether(src=self.pg0.remote_mac,
1437 dst=self.pg0.local_mac) /
1438 IPv6(dst="4000::1", src="4000:1::1") /
1439 UDP(sport=1234, dport=1234 + ii) /
1441 src_pkts.append((Ether(src=self.pg0.remote_mac,
1442 dst=self.pg0.local_mac) /
1443 IPv6(dst="4000::1", src="4000:1::%d" % ii) /
1444 UDP(sport=1234, dport=1234) /
1447 route_3000_2 = VppIpRoute(self, "3000::2", 128,
1448 [VppRoutePath(self.pg3.remote_ip6,
1449 self.pg3.sw_if_index,
1450 proto=DpoProto.DPO_PROTO_IP6),
1451 VppRoutePath(self.pg4.remote_ip6,
1452 self.pg4.sw_if_index,
1453 proto=DpoProto.DPO_PROTO_IP6)],
1455 route_3000_2.add_vpp_config()
1457 route_4000_1 = VppIpRoute(self, "4000::1", 128,
1458 [VppRoutePath("3000::1",
1460 proto=DpoProto.DPO_PROTO_IP6),
1461 VppRoutePath("3000::2",
1463 proto=DpoProto.DPO_PROTO_IP6)],
1465 route_4000_1.add_vpp_config()
1468 # inject the packet on pg0 - expect load-balancing across all 4 paths
1470 self.vapi.cli("clear trace")
1471 self.send_and_expect_load_balancing(self.pg0, port_pkts,
1472 [self.pg1, self.pg2,
1473 self.pg3, self.pg4])
1474 self.send_and_expect_load_balancing(self.pg0, src_pkts,
1475 [self.pg1, self.pg2,
1476 self.pg3, self.pg4])
1479 # Recursive prefixes
1480 # - testing that 2 stages of load-balancing no choices
1484 for ii in range(257):
1485 port_pkts.append((Ether(src=self.pg0.remote_mac,
1486 dst=self.pg0.local_mac) /
1487 IPv6(dst="6000::1", src="6000:1::1") /
1488 UDP(sport=1234, dport=1234 + ii) /
1491 route_5000_2 = VppIpRoute(self, "5000::2", 128,
1492 [VppRoutePath(self.pg3.remote_ip6,
1493 self.pg3.sw_if_index,
1494 proto=DpoProto.DPO_PROTO_IP6)],
1496 route_5000_2.add_vpp_config()
1498 route_6000_1 = VppIpRoute(self, "6000::1", 128,
1499 [VppRoutePath("5000::2",
1501 proto=DpoProto.DPO_PROTO_IP6)],
1503 route_6000_1.add_vpp_config()
1506 # inject the packet on pg0 - expect load-balancing across all 4 paths
1508 self.vapi.cli("clear trace")
1509 self.send_and_expect_one_itf(self.pg0, port_pkts, self.pg3)
1512 class TestIP6Punt(VppTestCase):
1513 """ IPv6 Punt Police/Redirect """
1516 super(TestIP6Punt, self).setUp()
1518 self.create_pg_interfaces(range(2))
1520 for i in self.pg_interfaces:
1526 super(TestIP6Punt, self).tearDown()
1527 for i in self.pg_interfaces:
1531 def send_and_expect(self, input, pkts, output):
1532 input.add_stream(pkts)
1533 self.pg_enable_capture(self.pg_interfaces)
1535 rx = output.get_capture(len(pkts))
1538 def send_and_assert_no_replies(self, intf, pkts, remark):
1539 self.vapi.cli("clear trace")
1540 intf.add_stream(pkts)
1541 self.pg_enable_capture(self.pg_interfaces)
1543 for i in self.pg_interfaces:
1545 i.assert_nothing_captured(remark=remark)
1547 def test_ip_punt(self):
1548 """ IP6 punt police and redirect """
1550 p = (Ether(src=self.pg0.remote_mac,
1551 dst=self.pg0.local_mac) /
1552 IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) /
1553 TCP(sport=1234, dport=1234) /
1559 # Configure a punt redirect via pg1.
1561 nh_addr = inet_pton(AF_INET6,
1562 self.pg1.remote_ip6)
1563 self.vapi.ip_punt_redirect(self.pg0.sw_if_index,
1564 self.pg1.sw_if_index,
1568 self.send_and_expect(self.pg0, pkts, self.pg1)
1573 policer = self.vapi.policer_add_del("ip6-punt", 400, 0, 10, 0,
1575 self.vapi.ip_punt_police(policer.policer_index, is_ip6=1)
1577 self.vapi.cli("clear trace")
1578 self.pg0.add_stream(pkts)
1579 self.pg_enable_capture(self.pg_interfaces)
1583 # the number of packet recieved should be greater than 0,
1584 # but not equal to the number sent, since some were policed
1586 rx = self.pg1._get_capture(1)
1587 self.assertTrue(len(rx) > 0)
1588 self.assertTrue(len(rx) < len(pkts))
1591 # remove the poilcer. back to full rx
1593 self.vapi.ip_punt_police(policer.policer_index, is_add=0, is_ip6=1)
1594 self.vapi.policer_add_del("ip6-punt", 400, 0, 10, 0,
1595 rate_type=1, is_add=0)
1596 self.send_and_expect(self.pg0, pkts, self.pg1)
1599 # remove the redirect. expect full drop.
1601 self.vapi.ip_punt_redirect(self.pg0.sw_if_index,
1602 self.pg1.sw_if_index,
1606 self.send_and_assert_no_replies(self.pg0, pkts,
1607 "IP no punt config")
1610 # Add a redirect that is not input port selective
1612 self.vapi.ip_punt_redirect(0xffffffff,
1613 self.pg1.sw_if_index,
1616 self.send_and_expect(self.pg0, pkts, self.pg1)
1618 self.vapi.ip_punt_redirect(0xffffffff,
1619 self.pg1.sw_if_index,
1625 class TestIP6Input(VppTestCase):
1626 """ IPv6 Input Exceptions """
1629 super(TestIP6Input, self).setUp()
1631 self.create_pg_interfaces(range(2))
1633 for i in self.pg_interfaces:
1639 super(TestIP6Input, self).tearDown()
1640 for i in self.pg_interfaces:
1644 def send_and_expect(self, input, pkts, output):
1645 self.vapi.cli("clear trace")
1646 input.add_stream(pkts)
1647 self.pg_enable_capture(self.pg_interfaces)
1649 rx = output.get_capture(len(pkts))
1652 def send_and_assert_no_replies(self, intf, pkts, remark):
1653 self.vapi.cli("clear trace")
1654 intf.add_stream(pkts)
1655 self.pg_enable_capture(self.pg_interfaces)
1657 for i in self.pg_interfaces:
1659 i.assert_nothing_captured(remark=remark)
1661 def test_ip_input(self):
1662 """ IP6 Input Exceptions """
1665 # bad version - this is dropped
1667 p_version = (Ether(src=self.pg0.remote_mac,
1668 dst=self.pg0.local_mac) /
1669 IPv6(src=self.pg0.remote_ip6,
1670 dst=self.pg1.remote_ip6,
1672 UDP(sport=1234, dport=1234) /
1675 self.send_and_assert_no_replies(self.pg0, p_version * 65,
1679 # hop limit - IMCP replies
1681 p_version = (Ether(src=self.pg0.remote_mac,
1682 dst=self.pg0.local_mac) /
1683 IPv6(src=self.pg0.remote_ip6,
1684 dst=self.pg1.remote_ip6,
1686 UDP(sport=1234, dport=1234) /
1689 rx = self.send_and_expect(self.pg0, p_version * 65, self.pg0)
1691 icmp = rx[ICMPv6TimeExceeded]
1692 self.assertEqual(icmp.type, 3)
1693 # 0: "hop limit exceeded in transit",
1694 self.assertEqual(icmp.code, 0)
1697 if __name__ == '__main__':
1698 unittest.main(testRunner=VppTestRunner)
Code Review / vpp.git / blob