4 from socket import AF_INET, AF_INET6, inet_pton
6 from framework import VppTestCase, VppTestRunner
7 from vpp_neighbor import VppNeighbor, find_nbr
8 from vpp_ip_route import VppIpRoute, VppRoutePath, find_route
10 from scapy.packet import Raw
11 from scapy.layers.l2 import Ether, ARP
12 from scapy.layers.inet import IP, UDP
13 from scapy.contrib.mpls import MPLS
15 # not exported by scapy, so redefined here
16 arp_opts = {"who-has": 1, "is-at": 2}
19 class ARPTestCase(VppTestCase):
23 super(ARPTestCase, self).setUp()
25 # create 3 pg interfaces
26 self.create_pg_interfaces(range(4))
28 # pg0 configured with ip4 and 6 addresses used for input
29 # pg1 configured with ip4 and 6 addresses used for output
30 # pg2 is unnumbered to pg0
31 for i in self.pg_interfaces:
36 self.pg0.resolve_arp()
41 # pg3 in a different VRF
42 self.pg3.set_table_ip4(1)
46 super(ARPTestCase, self).tearDown()
47 self.pg0.unconfig_ip4()
48 self.pg0.unconfig_ip6()
50 self.pg1.unconfig_ip4()
51 self.pg1.unconfig_ip6()
53 self.pg3.unconfig_ip4()
55 for i in self.pg_interfaces:
58 def verify_arp_req(self, rx, smac, sip, dip):
60 self.assertEqual(ether.dst, "ff:ff:ff:ff:ff:ff")
61 self.assertEqual(ether.src, smac)
64 self.assertEqual(arp.hwtype, 1)
65 self.assertEqual(arp.ptype, 0x800)
66 self.assertEqual(arp.hwlen, 6)
67 self.assertEqual(arp.plen, 4)
68 self.assertEqual(arp.op, arp_opts["who-has"])
69 self.assertEqual(arp.hwsrc, smac)
70 self.assertEqual(arp.hwdst, "00:00:00:00:00:00")
71 self.assertEqual(arp.psrc, sip)
72 self.assertEqual(arp.pdst, dip)
74 def verify_arp_resp(self, rx, smac, dmac, sip, dip):
76 self.assertEqual(ether.dst, dmac)
77 self.assertEqual(ether.src, smac)
80 self.assertEqual(arp.hwtype, 1)
81 self.assertEqual(arp.ptype, 0x800)
82 self.assertEqual(arp.hwlen, 6)
83 self.assertEqual(arp.plen, 4)
84 self.assertEqual(arp.op, arp_opts["is-at"])
85 self.assertEqual(arp.hwsrc, smac)
86 self.assertEqual(arp.hwdst, dmac)
87 self.assertEqual(arp.psrc, sip)
88 self.assertEqual(arp.pdst, dip)
90 def verify_ip(self, rx, smac, dmac, sip, dip):
92 self.assertEqual(ether.dst, dmac)
93 self.assertEqual(ether.src, smac)
96 self.assertEqual(ip.src, sip)
97 self.assertEqual(ip.dst, dip)
99 def verify_ip_o_mpls(self, rx, smac, dmac, label, sip, dip):
101 self.assertEqual(ether.dst, dmac)
102 self.assertEqual(ether.src, smac)
105 self.assertTrue(mpls.label, label)
108 self.assertEqual(ip.src, sip)
109 self.assertEqual(ip.dst, dip)
111 def send_and_assert_no_replies(self, intf, pkts, remark):
112 intf.add_stream(pkts)
113 self.pg_enable_capture(self.pg_interfaces)
116 for i in self.pg_interfaces:
117 i.get_capture(0, timeout=timeout)
118 i.assert_nothing_captured(remark=remark)
125 # Generate some hosts on the LAN
127 self.pg1.generate_remote_hosts(9)
130 # Send IP traffic to one of these unresolved hosts.
131 # expect the generation of an ARP request
133 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
134 IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[1].ip4) /
135 UDP(sport=1234, dport=1234) /
138 self.pg0.add_stream(p)
139 self.pg_enable_capture(self.pg_interfaces)
142 rx = self.pg1.get_capture(1)
144 self.verify_arp_req(rx[0],
147 self.pg1._remote_hosts[1].ip4)
150 # And a dynamic ARP entry for host 1
152 dyn_arp = VppNeighbor(self,
153 self.pg1.sw_if_index,
154 self.pg1.remote_hosts[1].mac,
155 self.pg1.remote_hosts[1].ip4)
156 dyn_arp.add_vpp_config()
159 # now we expect IP traffic forwarded
161 dyn_p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
162 IP(src=self.pg0.remote_ip4,
163 dst=self.pg1._remote_hosts[1].ip4) /
164 UDP(sport=1234, dport=1234) /
167 self.pg0.add_stream(dyn_p)
168 self.pg_enable_capture(self.pg_interfaces)
171 rx = self.pg1.get_capture(1)
173 self.verify_ip(rx[0],
175 self.pg1.remote_hosts[1].mac,
177 self.pg1._remote_hosts[1].ip4)
180 # And a Static ARP entry for host 2
182 static_arp = VppNeighbor(self,
183 self.pg1.sw_if_index,
184 self.pg1.remote_hosts[2].mac,
185 self.pg1.remote_hosts[2].ip4,
187 static_arp.add_vpp_config()
189 static_p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
190 IP(src=self.pg0.remote_ip4,
191 dst=self.pg1._remote_hosts[2].ip4) /
192 UDP(sport=1234, dport=1234) /
195 self.pg0.add_stream(static_p)
196 self.pg_enable_capture(self.pg_interfaces)
199 rx = self.pg1.get_capture(1)
201 self.verify_ip(rx[0],
203 self.pg1.remote_hosts[2].mac,
205 self.pg1._remote_hosts[2].ip4)
208 # flap the link. dynamic ARPs get flush, statics don't
210 self.pg1.admin_down()
213 self.pg0.add_stream(static_p)
214 self.pg_enable_capture(self.pg_interfaces)
216 rx = self.pg1.get_capture(1)
218 self.verify_ip(rx[0],
220 self.pg1.remote_hosts[2].mac,
222 self.pg1._remote_hosts[2].ip4)
224 self.pg0.add_stream(dyn_p)
225 self.pg_enable_capture(self.pg_interfaces)
228 rx = self.pg1.get_capture(1)
229 self.verify_arp_req(rx[0],
232 self.pg1._remote_hosts[1].ip4)
235 # Send an ARP request from one of the so-far unlearned remote hosts
237 p = (Ether(dst="ff:ff:ff:ff:ff:ff",
238 src=self.pg1._remote_hosts[3].mac) /
240 hwsrc=self.pg1._remote_hosts[3].mac,
241 pdst=self.pg1.local_ip4,
242 psrc=self.pg1._remote_hosts[3].ip4))
244 self.pg1.add_stream(p)
245 self.pg_enable_capture(self.pg_interfaces)
248 rx = self.pg1.get_capture(1)
249 self.verify_arp_resp(rx[0],
251 self.pg1._remote_hosts[3].mac,
253 self.pg1._remote_hosts[3].ip4)
256 # VPP should have learned the mapping for the remote host
258 self.assertTrue(find_nbr(self,
259 self.pg1.sw_if_index,
260 self.pg1._remote_hosts[3].ip4))
262 # Fire in an ARP request before the interface becomes IP enabled
264 self.pg2.generate_remote_hosts(4)
266 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
268 hwsrc=self.pg2.remote_mac,
269 pdst=self.pg1.local_ip4,
270 psrc=self.pg2.remote_hosts[3].ip4))
271 self.send_and_assert_no_replies(self.pg2, p,
272 "interface not IP enabled")
275 # Make pg2 un-numbered to pg1
277 self.pg2.set_unnumbered(self.pg1.sw_if_index)
280 # We should respond to ARP requests for the unnumbered to address
281 # once an attached route to the source is known
283 self.send_and_assert_no_replies(
285 "ARP req for unnumbered address - no source")
287 attached_host = VppIpRoute(self, self.pg2.remote_hosts[3].ip4, 32,
288 [VppRoutePath("0.0.0.0",
289 self.pg2.sw_if_index)])
290 attached_host.add_vpp_config()
292 self.pg2.add_stream(p)
293 self.pg_enable_capture(self.pg_interfaces)
296 rx = self.pg2.get_capture(1)
297 self.verify_arp_resp(rx[0],
301 self.pg2.remote_hosts[3].ip4)
304 # A neighbor entry that has no associated FIB-entry
306 arp_no_fib = VppNeighbor(self,
307 self.pg1.sw_if_index,
308 self.pg1.remote_hosts[4].mac,
309 self.pg1.remote_hosts[4].ip4,
311 arp_no_fib.add_vpp_config()
314 # check we have the neighbor, but no route
316 self.assertTrue(find_nbr(self,
317 self.pg1.sw_if_index,
318 self.pg1._remote_hosts[4].ip4))
319 self.assertFalse(find_route(self,
320 self.pg1._remote_hosts[4].ip4,
323 # pg2 is unnumbered to pg1, so we can form adjacencies out of pg2
324 # from within pg1's subnet
326 arp_unnum = VppNeighbor(self,
327 self.pg2.sw_if_index,
328 self.pg1.remote_hosts[5].mac,
329 self.pg1.remote_hosts[5].ip4)
330 arp_unnum.add_vpp_config()
332 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
333 IP(src=self.pg0.remote_ip4,
334 dst=self.pg1._remote_hosts[5].ip4) /
335 UDP(sport=1234, dport=1234) /
338 self.pg0.add_stream(p)
339 self.pg_enable_capture(self.pg_interfaces)
342 rx = self.pg2.get_capture(1)
344 self.verify_ip(rx[0],
346 self.pg1.remote_hosts[5].mac,
348 self.pg1._remote_hosts[5].ip4)
351 # ARP requests from hosts in pg1's subnet sent on pg2 are replied to
352 # with the unnumbered interface's address as the source
354 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
356 hwsrc=self.pg2.remote_mac,
357 pdst=self.pg1.local_ip4,
358 psrc=self.pg1.remote_hosts[6].ip4))
360 self.pg2.add_stream(p)
361 self.pg_enable_capture(self.pg_interfaces)
364 rx = self.pg2.get_capture(1)
365 self.verify_arp_resp(rx[0],
369 self.pg1.remote_hosts[6].ip4)
372 # An attached host route out of pg2 for an undiscovered hosts generates
373 # an ARP request with the unnumbered address as the source
375 att_unnum = VppIpRoute(self, self.pg1.remote_hosts[7].ip4, 32,
376 [VppRoutePath("0.0.0.0",
377 self.pg2.sw_if_index)])
378 att_unnum.add_vpp_config()
380 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
381 IP(src=self.pg0.remote_ip4,
382 dst=self.pg1._remote_hosts[7].ip4) /
383 UDP(sport=1234, dport=1234) /
386 self.pg0.add_stream(p)
387 self.pg_enable_capture(self.pg_interfaces)
390 rx = self.pg2.get_capture(1)
392 self.verify_arp_req(rx[0],
395 self.pg1._remote_hosts[7].ip4)
397 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
399 hwsrc=self.pg2.remote_mac,
400 pdst=self.pg1.local_ip4,
401 psrc=self.pg1.remote_hosts[7].ip4))
403 self.pg2.add_stream(p)
404 self.pg_enable_capture(self.pg_interfaces)
407 rx = self.pg2.get_capture(1)
408 self.verify_arp_resp(rx[0],
412 self.pg1.remote_hosts[7].ip4)
415 # An attached host route as yet unresolved out of pg2 for an
416 # undiscovered host, an ARP requests begets a response.
418 att_unnum1 = VppIpRoute(self, self.pg1.remote_hosts[8].ip4, 32,
419 [VppRoutePath("0.0.0.0",
420 self.pg2.sw_if_index)])
421 att_unnum1.add_vpp_config()
423 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
425 hwsrc=self.pg2.remote_mac,
426 pdst=self.pg1.local_ip4,
427 psrc=self.pg1.remote_hosts[8].ip4))
429 self.pg2.add_stream(p)
430 self.pg_enable_capture(self.pg_interfaces)
433 rx = self.pg2.get_capture(1)
434 self.verify_arp_resp(rx[0],
438 self.pg1.remote_hosts[8].ip4)
442 # 1 - don't respond to ARP request for address not within the
443 # interface's sub-net
444 # 1b - nor within the unnumbered subnet
445 # 1c - nor within the subnet of a different interface
447 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
449 hwsrc=self.pg0.remote_mac,
451 psrc=self.pg0.remote_ip4))
452 self.send_and_assert_no_replies(self.pg0, p,
453 "ARP req for non-local destination")
454 self.assertFalse(find_nbr(self,
455 self.pg0.sw_if_index,
458 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
460 hwsrc=self.pg2.remote_mac,
462 psrc=self.pg1.remote_hosts[7].ip4))
463 self.send_and_assert_no_replies(
465 "ARP req for non-local destination - unnum")
467 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
469 hwsrc=self.pg0.remote_mac,
470 pdst=self.pg1.local_ip4,
471 psrc=self.pg1.remote_ip4))
472 self.send_and_assert_no_replies(self.pg0, p,
473 "ARP req diff sub-net")
474 self.assertFalse(find_nbr(self,
475 self.pg0.sw_if_index,
476 self.pg1.remote_ip4))
479 # 2 - don't respond to ARP request from an address not within the
480 # interface's sub-net
482 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
484 hwsrc=self.pg0.remote_mac,
486 pdst=self.pg0.local_ip4))
487 self.send_and_assert_no_replies(self.pg0, p,
488 "ARP req for non-local source")
489 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
491 hwsrc=self.pg2.remote_mac,
493 pdst=self.pg0.local_ip4))
494 self.send_and_assert_no_replies(
496 "ARP req for non-local source - unnum")
499 # 3 - don't respond to ARP request from an address that belongs to
502 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
504 hwsrc=self.pg0.remote_mac,
505 psrc=self.pg0.local_ip4,
506 pdst=self.pg0.local_ip4))
507 self.send_and_assert_no_replies(self.pg0, p,
508 "ARP req for non-local source")
511 # 4 - don't respond to ARP requests that has mac source different
512 # from ARP request HW source
515 p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
517 hwsrc="00:00:00:DE:AD:BE",
518 psrc=self.pg0.remote_ip4,
519 pdst=self.pg0.local_ip4))
520 self.send_and_assert_no_replies(self.pg0, p,
521 "ARP req for non-local source")
526 dyn_arp.remove_vpp_config()
527 static_arp.remove_vpp_config()
528 self.pg2.unset_unnumbered(self.pg1.sw_if_index)
530 # need this to flush the adj-fibs
531 self.pg2.unset_unnumbered(self.pg1.sw_if_index)
532 self.pg2.admin_down()
534 def test_proxy_arp(self):
537 self.pg1.generate_remote_hosts(2)
540 # Proxy ARP rewquest packets for each interface
542 arp_req_pg0 = (Ether(src=self.pg0.remote_mac,
543 dst="ff:ff:ff:ff:ff:ff") /
545 hwsrc=self.pg0.remote_mac,
547 psrc=self.pg0.remote_ip4))
548 arp_req_pg1 = (Ether(src=self.pg1.remote_mac,
549 dst="ff:ff:ff:ff:ff:ff") /
551 hwsrc=self.pg1.remote_mac,
553 psrc=self.pg1.remote_ip4))
554 arp_req_pg2 = (Ether(src=self.pg2.remote_mac,
555 dst="ff:ff:ff:ff:ff:ff") /
557 hwsrc=self.pg2.remote_mac,
559 psrc=self.pg1.remote_hosts[1].ip4))
560 arp_req_pg3 = (Ether(src=self.pg3.remote_mac,
561 dst="ff:ff:ff:ff:ff:ff") /
563 hwsrc=self.pg3.remote_mac,
565 psrc=self.pg3.remote_ip4))
568 # Configure Proxy ARP for 10.10.10.0 -> 10.10.10.124
570 self.vapi.proxy_arp_add_del(inet_pton(AF_INET, "10.10.10.2"),
571 inet_pton(AF_INET, "10.10.10.124"))
574 # No responses are sent when the interfaces are not enabled for proxy
577 self.send_and_assert_no_replies(self.pg0, arp_req_pg0,
578 "ARP req from unconfigured interface")
579 self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
580 "ARP req from unconfigured interface")
583 # Make pg2 un-numbered to pg1
586 self.pg2.set_unnumbered(self.pg1.sw_if_index)
588 self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
589 "ARP req from unnumbered interface")
592 # Enable each interface to reply to proxy ARPs
594 for i in self.pg_interfaces:
598 # Now each of the interfaces should reply to a request to a proxied
601 self.pg0.add_stream(arp_req_pg0)
602 self.pg_enable_capture(self.pg_interfaces)
605 rx = self.pg0.get_capture(1)
606 self.verify_arp_resp(rx[0],
612 self.pg1.add_stream(arp_req_pg1)
613 self.pg_enable_capture(self.pg_interfaces)
616 rx = self.pg1.get_capture(1)
617 self.verify_arp_resp(rx[0],
623 self.pg2.add_stream(arp_req_pg2)
624 self.pg_enable_capture(self.pg_interfaces)
627 rx = self.pg2.get_capture(1)
628 self.verify_arp_resp(rx[0],
632 self.pg1.remote_hosts[1].ip4)
635 # A request for an address out of the configured range
637 arp_req_pg1_hi = (Ether(src=self.pg1.remote_mac,
638 dst="ff:ff:ff:ff:ff:ff") /
640 hwsrc=self.pg1.remote_mac,
642 psrc=self.pg1.remote_ip4))
643 self.send_and_assert_no_replies(self.pg1, arp_req_pg1_hi,
644 "ARP req out of range HI")
645 arp_req_pg1_low = (Ether(src=self.pg1.remote_mac,
646 dst="ff:ff:ff:ff:ff:ff") /
648 hwsrc=self.pg1.remote_mac,
650 psrc=self.pg1.remote_ip4))
651 self.send_and_assert_no_replies(self.pg1, arp_req_pg1_low,
652 "ARP req out of range Low")
655 # Request for an address in the proxy range but from an interface
658 self.send_and_assert_no_replies(self.pg3, arp_req_pg3,
659 "ARP req from different VRF")
662 # Disable Each interface for proxy ARP
663 # - expect none to respond
665 for i in self.pg_interfaces:
668 self.send_and_assert_no_replies(self.pg0, arp_req_pg0,
669 "ARP req from disable")
670 self.send_and_assert_no_replies(self.pg1, arp_req_pg1,
671 "ARP req from disable")
672 self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
673 "ARP req from disable")
676 # clean up on interface 2
678 self.pg2.unset_unnumbered(self.pg1.sw_if_index)
684 # Interface 2 does not yet have ip4 config
686 self.pg2.config_ip4()
687 self.pg2.generate_remote_hosts(2)
690 # Add a reoute with out going label via an ARP unresolved next-hop
692 ip_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32,
693 [VppRoutePath(self.pg2.remote_hosts[1].ip4,
694 self.pg2.sw_if_index,
696 ip_10_0_0_1.add_vpp_config()
699 # packets should generate an ARP request
701 p = (Ether(src=self.pg0.remote_mac,
702 dst=self.pg0.local_mac) /
703 IP(src=self.pg0.remote_ip4, dst="10.0.0.1") /
704 UDP(sport=1234, dport=1234) /
707 self.pg0.add_stream(p)
708 self.pg_enable_capture(self.pg_interfaces)
711 rx = self.pg2.get_capture(1)
712 self.verify_arp_req(rx[0],
715 self.pg2._remote_hosts[1].ip4)
718 # now resolve the neighbours
720 self.pg2.configure_ipv4_neighbors()
723 # Now packet should be properly MPLS encapped.
724 # This verifies that MPLS link-type adjacencies are completed
725 # when the ARP entry resolves
727 self.pg0.add_stream(p)
728 self.pg_enable_capture(self.pg_interfaces)
731 rx = self.pg2.get_capture(1)
732 self.verify_ip_o_mpls(rx[0],
734 self.pg2.remote_hosts[1].mac,
738 self.pg2.unconfig_ip4()
740 if __name__ == '__main__':
741 unittest.main(testRunner=VppTestRunner)