from struct import pack, unpack
from six import moves
+import scapy.compat
from scapy.layers.inet import UDP, IP
from scapy.layers.inet6 import IPv6
-from scapy.layers.l2 import Ether
+from scapy.layers.l2 import Ether, GRE
from scapy.packet import Raw
from bfd import VppBFDAuthKey, BFD, BFDAuthType, VppBFDUDPSession, \
from vpp_lo_interface import VppLoInterface
from vpp_papi_provider import UnexpectedApiReturnValueError
from vpp_pg_interface import CaptureTimeoutError, is_ipv6_misc
+from vpp_gre_interface import VppGreInterface
USEC_IN_SEC = 1000000
while conf_key_id in self._conf_key_ids:
conf_key_id = randint(0, 0xFFFFFFFF)
self._conf_key_ids[conf_key_id] = 1
- key = str(bytearray([randint(0, 255) for _ in range(randint(1, 20))]))
+ key = scapy.compat.raw(
+ bytearray([randint(0, 255) for _ in range(randint(1, 20))]))
return VppBFDAuthKey(test=test, auth_type=auth_type,
conf_key_id=conf_key_id, key=key)
""" BFD session as seen from test framework side """
def __init__(self, test, interface, af, detect_mult=3, sha1_key=None,
- bfd_key_id=None, our_seq_number=None):
+ bfd_key_id=None, our_seq_number=None,
+ tunnel_header=None, phy_interface=None):
self.test = test
self.af = af
self.sha1_key = sha1_key
self.bfd_key_id = bfd_key_id
self.interface = interface
+ if phy_interface:
+ self.phy_interface = phy_interface
+ else:
+ self.phy_interface = self.interface
self.udp_sport = randint(49152, 65535)
if our_seq_number is None:
self.our_seq_number = randint(0, 40000000)
self.your_discriminator = None
self.state = BFDState.down
self.auth_type = BFDAuthType.no_auth
+ self.tunnel_header = tunnel_header
def inc_seq_num(self):
""" increment sequence number, wrapping if needed """
bfd.length = BFD.sha1_auth_len + BFD.bfd_pkt_len
else:
bfd = BFD()
+ packet = Ether(src=self.phy_interface.remote_mac,
+ dst=self.phy_interface.local_mac)
+ if self.tunnel_header:
+ packet = packet / self.tunnel_header
if self.af == AF_INET6:
- packet = (Ether(src=self.interface.remote_mac,
- dst=self.interface.local_mac) /
+ packet = (packet /
IPv6(src=self.interface.remote_ip6,
dst=self.interface.local_ip6,
hlim=255) /
UDP(sport=self.udp_sport, dport=BFD.udp_dport) /
bfd)
else:
- packet = (Ether(src=self.interface.remote_mac,
- dst=self.interface.local_mac) /
+ packet = (packet /
IP(src=self.interface.remote_ip4,
dst=self.interface.local_ip4,
ttl=255) /
self.test.logger.debug("BFD: Creating packet")
self.fill_packet_fields(packet)
if self.sha1_key:
- hash_material = str(packet[BFD])[:32] + self.sha1_key.key + \
+ hash_material = scapy.compat.raw(
+ packet[BFD])[:32] + self.sha1_key.key + \
"\0" * (20 - len(self.sha1_key.key))
self.test.logger.debug("BFD: Calculated SHA1 hash: %s" %
hashlib.sha1(hash_material).hexdigest())
if packet is None:
packet = self.create_packet()
if interface is None:
- interface = self.test.pg0
+ interface = self.phy_interface
self.test.logger.debug(ppp("Sending packet:", packet))
interface.add_stream(packet)
self.test.pg_start()
# last 20 bytes represent the hash - so replace them with the key,
# pad the result with zeros and hash the result
hash_material = bfd.original[:-20] + self.sha1_key.key + \
- "\0" * (20 - len(self.sha1_key.key))
+ b"\0" * (20 - len(self.sha1_key.key))
expected_hash = hashlib.sha1(hash_material).hexdigest()
self.test.assert_equal(binascii.hexlify(bfd.auth_key_hash),
expected_hash, "Auth key hash")
def bfd_session_up(test):
""" Bring BFD session up """
test.logger.info("BFD: Waiting for slow hello")
- p = wait_for_bfd_packet(test, 2)
+ p = wait_for_bfd_packet(test, 2, is_tunnel=test.vpp_session.is_tunnel)
old_offset = None
if hasattr(test, 'vpp_clock_offset'):
old_offset = test.vpp_clock_offset
""" Verify correctness of IP layer. """
if test.vpp_session.af == AF_INET6:
ip = packet[IPv6]
- local_ip = test.pg0.local_ip6
- remote_ip = test.pg0.remote_ip6
+ local_ip = test.vpp_session.interface.local_ip6
+ remote_ip = test.vpp_session.interface.remote_ip6
test.assert_equal(ip.hlim, 255, "IPv6 hop limit")
else:
ip = packet[IP]
- local_ip = test.pg0.local_ip4
- remote_ip = test.pg0.remote_ip4
+ local_ip = test.vpp_session.interface.local_ip4
+ remote_ip = test.vpp_session.interface.remote_ip4
test.assert_equal(ip.ttl, 255, "IPv4 TTL")
test.assert_equal(ip.src, local_ip, "IP source address")
test.assert_equal(ip.dst, remote_ip, "IP destination address")
test.assert_equal(e.state, expected_state, BFDState)
-def wait_for_bfd_packet(test, timeout=1, pcap_time_min=None):
+def wait_for_bfd_packet(test, timeout=1, pcap_time_min=None, is_tunnel=False):
""" wait for BFD packet and verify its correctness
:param timeout: how long to wait
(p.time, pcap_time_min), p))
else:
break
+ if is_tunnel:
+ # strip an IP layer and move to the next
+ p = p[IP].payload
+
bfd = p[BFD]
if bfd is None:
raise Exception(ppp("Unexpected or invalid BFD packet:", p))
# halve required min rx
old_required_min_rx = self.vpp_session.required_min_rx
self.vpp_session.modify_parameters(
- required_min_rx=0.5 * self.vpp_session.required_min_rx)
+ required_min_rx=self.vpp_session.required_min_rx // 2)
# now we wait 0.8*3*old-req-min-rx and the session should still be up
self.sleep(0.8 * self.vpp_session.detect_mult *
old_required_min_rx / USEC_IN_SEC,
udp_sport_rx += 1
# need to compare the hex payload here, otherwise BFD_vpp_echo
# gets in way
- self.assertEqual(str(p[UDP].payload),
- str(echo_packet[UDP].payload),
+ self.assertEqual(scapy.compat.raw(p[UDP].payload),
+ scapy.compat.raw(echo_packet[UDP].payload),
"Received packet is not the echo packet sent")
self.assert_equal(udp_sport_tx, udp_sport_rx, "UDP source port (== "
"ECHO packet identifier for test purposes)")
udp_sport_rx += 1
# need to compare the hex payload here, otherwise BFD_vpp_echo
# gets in way
- self.assertEqual(str(p[UDP].payload),
- str(echo_packet[UDP].payload),
+ self.assertEqual(scapy.compat.raw(p[UDP].payload),
+ scapy.compat.raw(echo_packet[UDP].payload),
"Received packet is not the echo packet sent")
self.assert_equal(udp_sport_tx, udp_sport_rx, "UDP source port (== "
"ECHO packet identifier for test purposes)")
# will have a BFD session
ip_2001_s_64 = VppIpRoute(self, "2001::", 64,
[VppRoutePath(self.pg0.remote_ip6,
- self.pg0.sw_if_index,
- proto=DpoProto.DPO_PROTO_IP6)],
- is_ip6=1)
+ self.pg0.sw_if_index)])
ip_2002_s_64 = VppIpRoute(self, "2002::", 64,
[VppRoutePath(self.pg0.remote_ip6,
- 0xffffffff,
- proto=DpoProto.DPO_PROTO_IP6)],
- is_ip6=1)
+ 0xffffffff)])
ip_2001_s_64.add_vpp_config()
ip_2002_s_64.add_vpp_config()
packet[IPv6].dst)
+@unittest.skipUnless(running_extended_tests, "part of extended tests")
+class BFDTunTestCase(VppTestCase):
+ """ BFD over GRE tunnel """
+
+ vpp_session = None
+ test_session = None
+
+ @classmethod
+ def setUpClass(cls):
+ super(BFDTunTestCase, cls).setUpClass()
+
+ @classmethod
+ def tearDownClass(cls):
+ super(BFDTunTestCase, cls).tearDownClass()
+
+ def setUp(self):
+ super(BFDTunTestCase, self).setUp()
+ self.create_pg_interfaces(range(1))
+
+ self.vapi.want_bfd_events()
+ self.pg0.enable_capture()
+
+ for i in self.pg_interfaces:
+ i.admin_up()
+ i.config_ip4()
+ i.resolve_arp()
+
+ def tearDown(self):
+ if not self.vpp_dead:
+ self.vapi.want_bfd_events(enable_disable=0)
+
+ super(BFDTunTestCase, self).tearDown()
+
+ @staticmethod
+ def pkt_is_not_data_traffic(p):
+ """ not data traffic implies BFD or the usual IPv6 ND/RA"""
+ if p.haslayer(BFD) or is_ipv6_misc(p):
+ return True
+ return False
+
+ def test_bfd_o_gre(self):
+ """ BFD-o-GRE """
+
+ # A GRE interface over which to run a BFD session
+ gre_if = VppGreInterface(self,
+ self.pg0.local_ip4,
+ self.pg0.remote_ip4)
+ gre_if.add_vpp_config()
+ gre_if.admin_up()
+ gre_if.config_ip4()
+
+ # bring the session up now the routes are present
+ self.vpp_session = VppBFDUDPSession(self,
+ gre_if,
+ gre_if.remote_ip4,
+ is_tunnel=True)
+ self.vpp_session.add_vpp_config()
+ self.vpp_session.admin_up()
+
+ self.test_session = BFDTestSession(
+ self, gre_if, AF_INET,
+ tunnel_header=(IP(src=self.pg0.remote_ip4,
+ dst=self.pg0.local_ip4) /
+ GRE()),
+ phy_interface=self.pg0)
+
+ # packets to match against both of the routes
+ p = [(Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
+ IP(src=self.pg0.remote_ip4, dst=gre_if.remote_ip4) /
+ UDP(sport=1234, dport=1234) /
+ Raw('\xa5' * 100))]
+
+ # session is up - traffic passes
+ bfd_session_up(self)
+
+ self.send_and_expect(self.pg0, p, self.pg0)
+
+ # bring session down
+ bfd_session_down(self)
+
+
@unittest.skipUnless(running_extended_tests, "part of extended tests")
class BFDSHA1TestCase(VppTestCase):
"""Bidirectional Forwarding Detection (BFD) (SHA1 auth) """
def cli_verify_no_response(self, cli):
""" execute a CLI, asserting that the response is empty """
self.assert_equal(self.vapi.cli(cli),
- "",
+ b"",
"CLI command response")
def cli_verify_response(self, cli, expected):
self.cli_verify_no_response(
"bfd key set conf-key-id %s type keyed-sha1 secret %s" %
(k.conf_key_id,
- "".join("{:02x}".format(ord(c)) for c in k.key)))
+ "".join("{:02x}".format(scapy.compat.orb(c)) for c in k.key)))
self.assertTrue(k.query_vpp_config())
self.vpp_session = VppBFDUDPSession(
self, self.pg0, self.pg0.remote_ip4, sha1_key=k)
self.cli_verify_response(
"bfd key set conf-key-id %s type keyed-sha1 secret %s" %
(k.conf_key_id,
- "".join("{:02x}".format(ord(c)) for c in k2.key)),
+ "".join("{:02x}".format(scapy.compat.orb(c)) for c in k2.key)),
"bfd key set: `bfd_auth_set_key' API call failed, "
"rv=-103:BFD object in use")
# manipulating the session using old secret should still work
self.cli_verify_no_response(
"bfd key set conf-key-id %s type meticulous-keyed-sha1 secret %s" %
(k.conf_key_id,
- "".join("{:02x}".format(ord(c)) for c in k.key)))
+ "".join("{:02x}".format(scapy.compat.orb(c)) for c in k.key)))
self.assertTrue(k.query_vpp_config())
self.vpp_session = VppBFDUDPSession(self, self.pg0,
self.pg0.remote_ip6, af=AF_INET6,
self.cli_verify_response(
"bfd key set conf-key-id %s type keyed-sha1 secret %s" %
(k.conf_key_id,
- "".join("{:02x}".format(ord(c)) for c in k2.key)),
+ "".join("{:02x}".format(scapy.compat.orb(c)) for c in k2.key)),
"bfd key set: `bfd_auth_set_key' API call failed, "
"rv=-103:BFD object in use")
# manipulating the session using old secret should still work
Code Review / vpp.git / blobdiff