X-Git-Url: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=blobdiff_plain;f=test%2Ftest_ipip.py;h=cb4166ab5dbfcb50f6bbb91ab70c429e01046d77;hp=e5b9092a4312bdd597daf1b13e4824fc6f2bac18;hb=9534696b4;hpb=3a343d42d7bd90753ea6ed48fe750a7a209b1ddf diff --git a/test/test_ipip.py b/test/test_ipip.py index e5b9092a431..cb4166ab5db 100644 --- a/test/test_ipip.py +++ b/test/test_ipip.py @@ -1,12 +1,14 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 """IP{4,6} over IP{v,6} tunnel functional tests""" import unittest -from scapy.layers.inet6 import IPv6, Ether, IP, UDP, IPv6ExtHdrFragment +from scapy.layers.inet6 import IPv6, Ether, IP, UDP, IPv6ExtHdrFragment, Raw from scapy.all import fragment, fragment6, RandShort, defragment6 from framework import VppTestCase, VppTestRunner from vpp_ip import DpoProto -from vpp_ip_route import VppIpRoute, VppRoutePath, VppIpTable +from vpp_ip_route import VppIpRoute, VppRoutePath, VppIpTable, FibPathProto +from vpp_ipip_tun_interface import VppIpIpTunInterface +from vpp_papi import VppEnum from socket import AF_INET, AF_INET6, inet_pton from util import reassemble4 @@ -17,6 +19,25 @@ IPIP tests. """ +def ipip_add_tunnel(test, src, dst, table_id=0, dscp=0x0, + flags=0): + """ Add a IPIP tunnel """ + return test.vapi.ipip_add_tunnel( + tunnel={ + 'src': src, + 'dst': dst, + 'table_id': table_id, + 'instance': 0xffffffff, + 'dscp': dscp, + 'flags': flags + } + ) + +# the number of packets to send when injecting traffic. +# a multiple of 8 minus one, so we test all by 8/4/2/1 loops +N_PACKETS = 64 - 1 + + class TestIPIP(VppTestCase): """ IPIP Test Case """ @@ -63,95 +84,285 @@ class TestIPIP(VppTestCase): p4_reply.ttl -= 1 return frags, p4_reply + def verify_ip4ip4_encaps(self, a, p_ip4s, p_ip4_encaps): + for i, p_ip4 in enumerate(p_ip4s): + p_ip4.dst = a + p4 = (self.p_ether / p_ip4 / self.p_payload) + p_ip4_inner = p_ip4 + p_ip4_inner.ttl -= 1 + p4_reply = (p_ip4_encaps[i] / p_ip4_inner / self.p_payload) + p4_reply.ttl -= 1 + p4_reply.id = 0 + rx = self.send_and_expect(self.pg0, p4 * N_PACKETS, self.pg1) + for p in rx: + self.validate(p[1], p4_reply) + self.assert_packet_checksums_valid(p) + + def verify_ip6ip4_encaps(self, a, p_ip6s, p_ip4_encaps): + for i, p_ip6 in enumerate(p_ip6s): + p_ip6.dst = a + p6 = (self.p_ether / p_ip6 / self.p_payload) + p_inner_ip6 = p_ip6 + p_inner_ip6.hlim -= 1 + p6_reply = (p_ip4_encaps[i] / p_inner_ip6 / self.p_payload) + p6_reply.ttl -= 1 + rx = self.send_and_expect(self.pg0, p6 * N_PACKETS, self.pg1) + for p in rx: + self.validate(p[1], p6_reply) + self.assert_packet_checksums_valid(p) + def test_ipip4(self): """ ip{v4,v6} over ip4 test """ - p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) - p_ip6 = IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=42) - p_ip4 = IP(src="1.2.3.4", dst="130.67.0.1", tos=42) - p_payload = UDP(sport=1234, dport=1234) - - # IPv4 transport - rv = self.vapi.ipip_add_tunnel( - src_address=self.pg0.local_ip4n, - dst_address=self.pg1.remote_ip4n, - is_ipv6=0, tc_tos=0xFF) - sw_if_index = rv.sw_if_index - - # Set interface up and enable IP on it - self.vapi.sw_interface_set_flags(sw_if_index, 1) - self.vapi.sw_interface_set_unnumbered( - sw_if_index=self.pg0.sw_if_index, - unnumbered_sw_if_index=sw_if_index) - # Add IPv4 and IPv6 routes via tunnel interface - ip4_via_tunnel = VppIpRoute( - self, "130.67.0.0", 16, - [VppRoutePath("0.0.0.0", - sw_if_index, - proto=DpoProto.DPO_PROTO_IP4)], is_ip6=0) - ip4_via_tunnel.add_vpp_config() + self.pg1.generate_remote_hosts(5) + self.pg1.configure_ipv4_neighbors() + e = VppEnum.vl_api_ipip_tunnel_flags_t + d = VppEnum.vl_api_ip_dscp_t + self.p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) + self.p_payload = UDP(sport=1234, dport=1234) / Raw(b'X' * 100) + + # create a TOS byte by shifting a DSCP code point 2 bits. those 2 bits + # are for the ECN. + dscp = d.IP_API_DSCP_AF31 << 2 + ecn = 3 + dscp_ecn = d.IP_API_DSCP_AF31 << 2 | ecn + + # IPv4 transport that copies the DCSP from the payload + tun_dscp = VppIpIpTunInterface( + self, + self.pg0, + self.pg0.local_ip4, + self.pg1.remote_hosts[0].ip4, + flags=e.IPIP_TUNNEL_API_FLAG_ENCAP_COPY_DSCP).add_vpp_config() + # IPv4 transport that copies the DCSP and ECN from the payload + tun_dscp_ecn = VppIpIpTunInterface( + self, + self.pg0, + self.pg0.local_ip4, + self.pg1.remote_hosts[1].ip4, + flags=(e.IPIP_TUNNEL_API_FLAG_ENCAP_COPY_DSCP | + e.IPIP_TUNNEL_API_FLAG_ENCAP_COPY_ECN)).add_vpp_config() + # IPv4 transport that copies the ECN from the payload and sets the + # DF bit on encap. copies the ECN on decap + tun_ecn = VppIpIpTunInterface( + self, + self.pg0, + self.pg0.local_ip4, + self.pg1.remote_hosts[2].ip4, + flags=(e.IPIP_TUNNEL_API_FLAG_ENCAP_COPY_ECN | + e.IPIP_TUNNEL_API_FLAG_ENCAP_SET_DF | + e.IPIP_TUNNEL_API_FLAG_DECAP_COPY_ECN)).add_vpp_config() + # IPv4 transport that sets a fixed DSCP in the encap and copies + # the DF bit + tun = VppIpIpTunInterface( + self, + self.pg0, + self.pg0.local_ip4, + self.pg1.remote_hosts[3].ip4, + dscp=d.IP_API_DSCP_AF11, + flags=e.IPIP_TUNNEL_API_FLAG_ENCAP_COPY_DF).add_vpp_config() + + # array of all the tunnels + tuns = [tun_dscp, tun_dscp_ecn, tun_ecn, tun] + + # addresses for prefixes routed via each tunnel + a4s = ["" for i in range(len(tuns))] + a6s = ["" for i in range(len(tuns))] + + # IP headers with each combination of DSCp/ECN tested + p_ip6s = [IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=dscp), + IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=dscp_ecn), + IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=ecn), + IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=0xff)] + p_ip4s = [IP(src="1.2.3.4", dst="130.67.0.1", tos=dscp, flags='DF'), + IP(src="1.2.3.4", dst="130.67.0.1", tos=dscp_ecn), + IP(src="1.2.3.4", dst="130.67.0.1", tos=ecn), + IP(src="1.2.3.4", dst="130.67.0.1", tos=0xff)] + + # Configure each tunnel + for i, t in enumerate(tuns): + # Set interface up and enable IP on it + self.vapi.sw_interface_set_flags(t.sw_if_index, 1) + self.vapi.sw_interface_set_unnumbered( + sw_if_index=self.pg0.sw_if_index, + unnumbered_sw_if_index=t.sw_if_index) + + # prefix for route / destination address for packets + a4s[i] = "130.67.%d.0" % i + a6s[i] = "dead:%d::" % i + + # Add IPv4 and IPv6 routes via tunnel interface + ip4_via_tunnel = VppIpRoute( + self, a4s[i], 24, + [VppRoutePath("0.0.0.0", + t.sw_if_index, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP4)]) + ip4_via_tunnel.add_vpp_config() + + ip6_via_tunnel = VppIpRoute( + self, a6s[i], 64, + [VppRoutePath("::", + t.sw_if_index, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP6)]) + ip6_via_tunnel.add_vpp_config() - ip6_via_tunnel = VppIpRoute( - self, "dead::", 16, - [VppRoutePath("::", - sw_if_index, - proto=DpoProto.DPO_PROTO_IP6)], is_ip6=1) - ip6_via_tunnel.add_vpp_config() + # + # Encapsulation + # - # IPv6 in to IPv4 tunnel - p6 = (p_ether / p_ip6 / p_payload) - p_inner_ip6 = p_ip6 - p_inner_ip6.hlim -= 1 - p6_reply = (IP(src=self.pg0.local_ip4, dst=self.pg1.remote_ip4, - proto='ipv6', id=0, tos=42) / p_inner_ip6 / p_payload) - p6_reply.ttl -= 1 - rx = self.send_and_expect(self.pg0, p6 * 10, self.pg1) - for p in rx: - self.validate(p[1], p6_reply) + # tun_dscp copies only the dscp + # expected TC values are thus only the DCSP value is present from the + # inner + exp_tcs = [dscp, dscp, 0, 0xfc] + p_ip44_encaps = [IP(src=self.pg0.local_ip4, + dst=tun_dscp.dst, + tos=tc) for tc in exp_tcs] + p_ip64_encaps = [IP(src=self.pg0.local_ip4, + dst=tun_dscp.dst, + proto='ipv6', id=0, tos=tc) for tc in exp_tcs] # IPv4 in to IPv4 tunnel - p4 = (p_ether / p_ip4 / p_payload) - p_ip4_inner = p_ip4 - p_ip4_inner.ttl -= 1 - p4_reply = (IP(src=self.pg0.local_ip4, dst=self.pg1.remote_ip4, - tos=42) / - p_ip4_inner / p_payload) - p4_reply.ttl -= 1 - p4_reply.id = 0 - rx = self.send_and_expect(self.pg0, p4 * 10, self.pg1) - for p in rx: - self.validate(p[1], p4_reply) + self.verify_ip4ip4_encaps(a4s[0], p_ip4s, p_ip44_encaps) + # IPv6 in to IPv4 tunnel + self.verify_ip6ip4_encaps(a6s[0], p_ip6s, p_ip64_encaps) + + # tun_dscp_ecn copies the dscp and the ecn + exp_tcs = [dscp, dscp_ecn, ecn, 0xff] + p_ip44_encaps = [IP(src=self.pg0.local_ip4, + dst=tun_dscp_ecn.dst, + tos=tc) for tc in exp_tcs] + p_ip64_encaps = [IP(src=self.pg0.local_ip4, + dst=tun_dscp_ecn.dst, + proto='ipv6', id=0, tos=tc) for tc in exp_tcs] + + self.verify_ip4ip4_encaps(a4s[1], p_ip4s, p_ip44_encaps) + self.verify_ip6ip4_encaps(a6s[1], p_ip6s, p_ip64_encaps) + + # tun_ecn copies only the ecn and always sets DF + exp_tcs = [0, ecn, ecn, ecn] + p_ip44_encaps = [IP(src=self.pg0.local_ip4, + dst=tun_ecn.dst, + flags='DF', tos=tc) for tc in exp_tcs] + p_ip64_encaps = [IP(src=self.pg0.local_ip4, + dst=tun_ecn.dst, + flags='DF', proto='ipv6', id=0, tos=tc) + for tc in exp_tcs] + + self.verify_ip4ip4_encaps(a4s[2], p_ip4s, p_ip44_encaps) + self.verify_ip6ip4_encaps(a6s[2], p_ip6s, p_ip64_encaps) + + # tun sets a fixed dscp and copies DF + fixed_dscp = tun.dscp << 2 + flags = ['DF', 0, 0, 0] + p_ip44_encaps = [IP(src=self.pg0.local_ip4, + dst=tun.dst, + flags=f, + tos=fixed_dscp) for f in flags] + p_ip64_encaps = [IP(src=self.pg0.local_ip4, + dst=tun.dst, + proto='ipv6', id=0, + tos=fixed_dscp) for i in range(len(p_ip4s))] + + self.verify_ip4ip4_encaps(a4s[3], p_ip4s, p_ip44_encaps) + self.verify_ip6ip4_encaps(a6s[3], p_ip6s, p_ip64_encaps) + # # Decapsulation - p_ether = Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) + # + n_packets_decapped = 0 + self.p_ether = Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) # IPv4 tunnel to IPv4 - p_ip4 = IP(src="1.2.3.4", dst=self.pg0.remote_ip4) - p4 = (p_ether / IP(src=self.pg1.remote_ip4, - dst=self.pg0.local_ip4) / p_ip4 / p_payload) - p4_reply = (p_ip4 / p_payload) - p4_reply.ttl -= 1 - rx = self.send_and_expect(self.pg1, p4 * 10, self.pg0) - for p in rx: - self.validate(p[1], p4_reply) + tcs = [0, dscp, dscp_ecn, ecn] - err = self.statistics.get_counter( + # one overlay packet and all combinations of its encap + p_ip4 = IP(src="1.2.3.4", dst=self.pg0.remote_ip4) + p_ip4_encaps = [IP(src=tun.dst, + dst=self.pg0.local_ip4, + tos=tc) for tc in tcs] + + # for each encap tun will produce the same inner packet because it does + # not copy up fields from the payload + for p_ip4_encap in p_ip4_encaps: + p4 = (self.p_ether / p_ip4_encap / p_ip4 / self.p_payload) + p4_reply = (p_ip4 / self.p_payload) + p4_reply.ttl -= 1 + rx = self.send_and_expect(self.pg1, p4 * N_PACKETS, self.pg0) + n_packets_decapped += N_PACKETS + for p in rx: + self.validate(p[1], p4_reply) + self.assert_packet_checksums_valid(p) + + err = self.statistics.get_err_counter( + '/err/ipip4-input/packets decapsulated') + self.assertEqual(err, n_packets_decapped) + + # tun_ecn copies the ECN bits from the encap to the inner + p_ip4_encaps = [IP(src=tun_ecn.dst, + dst=self.pg0.local_ip4, + tos=tc) for tc in tcs] + p_ip4_replys = [p_ip4.copy() for i in range(len(p_ip4_encaps))] + p_ip4_replys[2].tos = ecn + p_ip4_replys[3].tos = ecn + for i, p_ip4_encap in enumerate(p_ip4_encaps): + p4 = (self.p_ether / p_ip4_encap / p_ip4 / self.p_payload) + p4_reply = (p_ip4_replys[i] / self.p_payload) + p4_reply.ttl -= 1 + rx = self.send_and_expect(self.pg1, p4 * N_PACKETS, self.pg0) + n_packets_decapped += N_PACKETS + for p in rx: + self.validate(p[1], p4_reply) + self.assert_packet_checksums_valid(p) + + err = self.statistics.get_err_counter( '/err/ipip4-input/packets decapsulated') - self.assertEqual(err, 10) + self.assertEqual(err, n_packets_decapped) # IPv4 tunnel to IPv6 + # for each encap tun will produce the same inner packet because it does + # not copy up fields from the payload + p_ip4_encaps = [IP(src=tun.dst, + dst=self.pg0.local_ip4, + tos=tc) for tc in tcs] p_ip6 = IPv6(src="1:2:3::4", dst=self.pg0.remote_ip6) - p6 = (p_ether / IP(src=self.pg1.remote_ip4, - dst=self.pg0.local_ip4) / p_ip6 / p_payload) - p6_reply = (p_ip6 / p_payload) - p6_reply.hlim = 63 - rx = self.send_and_expect(self.pg1, p6 * 10, self.pg0) - for p in rx: - self.validate(p[1], p6_reply) + for p_ip4_encap in p_ip4_encaps: + p6 = (self.p_ether / + p_ip4_encap / p_ip6 / + self.p_payload) + p6_reply = (p_ip6 / self.p_payload) + p6_reply.hlim = 63 + rx = self.send_and_expect(self.pg1, p6 * N_PACKETS, self.pg0) + n_packets_decapped += N_PACKETS + for p in rx: + self.validate(p[1], p6_reply) + self.assert_packet_checksums_valid(p) + + err = self.statistics.get_err_counter( + '/err/ipip4-input/packets decapsulated') + self.assertEqual(err, n_packets_decapped) - err = self.statistics.get_counter( + # IPv4 tunnel to IPv6 + # tun_ecn copies the ECN bits from the encap to the inner + p_ip4_encaps = [IP(src=tun_ecn.dst, + dst=self.pg0.local_ip4, + tos=tc) for tc in tcs] + p_ip6 = IPv6(src="1:2:3::4", dst=self.pg0.remote_ip6) + p_ip6_replys = [p_ip6.copy() for i in range(len(p_ip4_encaps))] + p_ip6_replys[2].tc = ecn + p_ip6_replys[3].tc = ecn + for i, p_ip4_encap in enumerate(p_ip4_encaps): + p6 = (self.p_ether / p_ip4_encap / p_ip6 / self.p_payload) + p6_reply = (p_ip6_replys[i] / self.p_payload) + p6_reply.hlim = 63 + rx = self.send_and_expect(self.pg1, p6 * N_PACKETS, self.pg0) + n_packets_decapped += N_PACKETS + for p in rx: + self.validate(p[1], p6_reply) + self.assert_packet_checksums_valid(p) + + err = self.statistics.get_err_counter( '/err/ipip4-input/packets decapsulated') - self.assertEqual(err, 20) + self.assertEqual(err, n_packets_decapped) # # Fragmentation / Reassembly and Re-fragmentation @@ -174,13 +385,14 @@ class TestIPIP(VppTestCase): self.pg_enable_capture() self.pg_start() rx = self.pg0.get_capture(1000) + n_packets_decapped += 1000 for p in rx: self.validate(p[1], p4_reply) - err = self.statistics.get_counter( + err = self.statistics.get_err_counter( '/err/ipip4-input/packets decapsulated') - self.assertEqual(err, 1020) + self.assertEqual(err, n_packets_decapped) f = [] r = [] @@ -209,7 +421,6 @@ class TestIPIP(VppTestCase): self.pg_start() rx = self.pg0.get_capture(6) reass_pkt = reassemble4(rx) - p4_reply.ttl -= 1 p4_reply.id = 256 self.validate(reass_pkt, p4_reply) @@ -220,15 +431,27 @@ class TestIPIP(VppTestCase): self.pg_start() rx = self.pg0.get_capture(2) reass_pkt = reassemble4(rx) - p4_reply.ttl -= 1 p4_reply.id = 512 self.validate(reass_pkt, p4_reply) + # send large packets through the tunnel, expect them to be fragmented + self.vapi.sw_interface_set_mtu(tun_dscp.sw_if_index, [600, 0, 0, 0]) + + p4 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / + IP(src="1.2.3.4", dst="130.67.0.1", tos=42) / + UDP(sport=1234, dport=1234) / Raw(b'Q' * 1000)) + rx = self.send_and_expect(self.pg0, p4 * 15, self.pg1, 30) + inners = [] + for p in rx: + inners.append(p[IP].payload) + reass_pkt = reassemble4(inners) + for p in reass_pkt: + self.assert_packet_checksums_valid(p) + self.assertEqual(p[IP].ttl, 63) + def test_ipip_create(self): """ ipip create / delete interface test """ - rv = self.vapi.ipip_add_tunnel( - src_address=inet_pton(AF_INET, '1.2.3.4'), - dst_address=inet_pton(AF_INET, '2.3.4.5'), is_ipv6=0) + rv = ipip_add_tunnel(self, '1.2.3.4', '2.3.4.5') sw_if_index = rv.sw_if_index self.vapi.ipip_del_tunnel(sw_if_index) @@ -237,10 +460,7 @@ class TestIPIP(VppTestCase): t = VppIpTable(self, 20) t.add_vpp_config() - rv = self.vapi.ipip_add_tunnel( - src_address=inet_pton(AF_INET, '1.2.3.4'), - dst_address=inet_pton(AF_INET, '2.3.4.5'), is_ipv6=0, - table_id=20) + rv = ipip_add_tunnel(self, '1.2.3.4', '2.3.4.5', table_id=20) sw_if_index = rv.sw_if_index self.vapi.ipip_del_tunnel(sw_if_index) @@ -283,9 +503,9 @@ class TestIPIP6(VppTestCase): def setup_tunnel(self): # IPv6 transport - rv = self.vapi.ipip_add_tunnel( - src_address=self.pg0.local_ip6n, - dst_address=self.pg1.remote_ip6n, tc_tos=255) + rv = ipip_add_tunnel(self, + self.pg0.local_ip6, + self.pg1.remote_ip6) sw_if_index = rv.sw_if_index self.tunnel_if_index = sw_if_index @@ -299,14 +519,14 @@ class TestIPIP6(VppTestCase): self, "130.67.0.0", 16, [VppRoutePath("0.0.0.0", sw_if_index, - proto=DpoProto.DPO_PROTO_IP4)], is_ip6=0) + proto=FibPathProto.FIB_PATH_NH_PROTO_IP4)]) ip4_via_tunnel.add_vpp_config() ip6_via_tunnel = VppIpRoute( self, "dead::", 16, [VppRoutePath("::", sw_if_index, - proto=DpoProto.DPO_PROTO_IP6)], is_ip6=1) + proto=FibPathProto.FIB_PATH_NH_PROTO_IP6)]) ip6_via_tunnel.add_vpp_config() self.tunnel_ip6_via_tunnel = ip6_via_tunnel @@ -359,7 +579,7 @@ class TestIPIP6(VppTestCase): # IPv6 in to IPv6 tunnel p6 = (p_ether / p_ip6 / p_payload) p6_reply = (IPv6(src=self.pg0.local_ip6, dst=self.pg1.remote_ip6, - hlim=64, tc=42) / + hlim=64) / p_ip6 / p_payload) p6_reply[1].hlim -= 1 rx = self.send_and_expect(self.pg0, p6 * 11, self.pg1) @@ -369,7 +589,7 @@ class TestIPIP6(VppTestCase): # IPv4 in to IPv6 tunnel p4 = (p_ether / p_ip4 / p_payload) p4_reply = (IPv6(src=self.pg0.local_ip6, - dst=self.pg1.remote_ip6, hlim=64, tc=42) / + dst=self.pg1.remote_ip6, hlim=64) / p_ip4 / p_payload) p4_reply[1].ttl -= 1 rx = self.send_and_expect(self.pg0, p4 * 11, self.pg1) @@ -405,6 +625,270 @@ class TestIPIP6(VppTestCase): for p in rx: self.validate(p[1], p6_reply) + def verify_ip4ip6_encaps(self, a, p_ip4s, p_ip6_encaps): + for i, p_ip4 in enumerate(p_ip4s): + p_ip4.dst = a + p4 = (self.p_ether / p_ip4 / self.p_payload) + p_ip4_inner = p_ip4 + p_ip4_inner.ttl -= 1 + p6_reply = (p_ip6_encaps[i] / p_ip4_inner / self.p_payload) + rx = self.send_and_expect(self.pg0, p4 * N_PACKETS, self.pg1) + for p in rx: + self.validate(p[1], p6_reply) + self.assert_packet_checksums_valid(p) + + def verify_ip6ip6_encaps(self, a, p_ip6s, p_ip6_encaps): + for i, p_ip6 in enumerate(p_ip6s): + p_ip6.dst = a + p6 = (self.p_ether / p_ip6 / self.p_payload) + p_inner_ip6 = p_ip6 + p_inner_ip6.hlim -= 1 + p6_reply = (p_ip6_encaps[i] / p_inner_ip6 / self.p_payload) + rx = self.send_and_expect(self.pg0, p6 * N_PACKETS, self.pg1) + for p in rx: + self.validate(p[1], p6_reply) + self.assert_packet_checksums_valid(p) + + def test_ipip6(self): + """ ip{v4,v6} over ip6 test """ + + # that's annoying + self.destroy_tunnel() + + self.pg1.generate_remote_hosts(5) + self.pg1.configure_ipv6_neighbors() + e = VppEnum.vl_api_ipip_tunnel_flags_t + d = VppEnum.vl_api_ip_dscp_t + self.p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) + self.p_payload = UDP(sport=1234, dport=1234) / Raw(b'X' * 100) + + # create a TOS byte by shifting a DSCP code point 2 bits. those 2 bits + # are for the ECN. + dscp = d.IP_API_DSCP_AF31 << 2 + ecn = 3 + dscp_ecn = d.IP_API_DSCP_AF31 << 2 | ecn + + # IPv4 transport that copies the DCSP from the payload + tun_dscp = VppIpIpTunInterface( + self, + self.pg0, + self.pg0.local_ip6, + self.pg1.remote_hosts[0].ip6, + flags=e.IPIP_TUNNEL_API_FLAG_ENCAP_COPY_DSCP).add_vpp_config() + # IPv4 transport that copies the DCSP and ECN from the payload + tun_dscp_ecn = VppIpIpTunInterface( + self, + self.pg0, + self.pg0.local_ip6, + self.pg1.remote_hosts[1].ip6, + flags=(e.IPIP_TUNNEL_API_FLAG_ENCAP_COPY_DSCP | + e.IPIP_TUNNEL_API_FLAG_ENCAP_COPY_ECN)).add_vpp_config() + # IPv4 transport that copies the ECN from the payload and sets the + # DF bit on encap. copies the ECN on decap + tun_ecn = VppIpIpTunInterface( + self, + self.pg0, + self.pg0.local_ip6, + self.pg1.remote_hosts[2].ip6, + flags=(e.IPIP_TUNNEL_API_FLAG_ENCAP_COPY_ECN | + e.IPIP_TUNNEL_API_FLAG_ENCAP_SET_DF | + e.IPIP_TUNNEL_API_FLAG_DECAP_COPY_ECN)).add_vpp_config() + # IPv4 transport that sets a fixed DSCP in the encap and copies + # the DF bit + tun = VppIpIpTunInterface( + self, + self.pg0, + self.pg0.local_ip6, + self.pg1.remote_hosts[3].ip6, + dscp=d.IP_API_DSCP_AF11, + flags=e.IPIP_TUNNEL_API_FLAG_ENCAP_COPY_DF).add_vpp_config() + + # array of all the tunnels + tuns = [tun_dscp, tun_dscp_ecn, tun_ecn, tun] + + # addresses for prefixes routed via each tunnel + a4s = ["" for i in range(len(tuns))] + a6s = ["" for i in range(len(tuns))] + + # IP headers for inner packets with each combination of DSCp/ECN tested + p_ip6s = [IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=dscp), + IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=dscp_ecn), + IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=ecn), + IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=0xff)] + p_ip4s = [IP(src="1.2.3.4", dst="130.67.0.1", tos=dscp, flags='DF'), + IP(src="1.2.3.4", dst="130.67.0.1", tos=dscp_ecn), + IP(src="1.2.3.4", dst="130.67.0.1", tos=ecn), + IP(src="1.2.3.4", dst="130.67.0.1", tos=0xff)] + + # Configure each tunnel + for i, t in enumerate(tuns): + # Set interface up and enable IP on it + self.vapi.sw_interface_set_flags(t.sw_if_index, 1) + self.vapi.sw_interface_set_unnumbered( + sw_if_index=self.pg0.sw_if_index, + unnumbered_sw_if_index=t.sw_if_index) + + # prefix for route / destination address for packets + a4s[i] = "130.67.%d.0" % i + a6s[i] = "dead:%d::" % i + + # Add IPv4 and IPv6 routes via tunnel interface + ip4_via_tunnel = VppIpRoute( + self, a4s[i], 24, + [VppRoutePath("0.0.0.0", + t.sw_if_index, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP4)]) + ip4_via_tunnel.add_vpp_config() + + ip6_via_tunnel = VppIpRoute( + self, a6s[i], 64, + [VppRoutePath("::", + t.sw_if_index, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP6)]) + ip6_via_tunnel.add_vpp_config() + + # + # Encapsulation + # + + # tun_dscp copies only the dscp + # expected TC values are thus only the DCSP value is present from the + # inner + exp_tcs = [dscp, dscp, 0, 0xfc] + p_ip6_encaps = [IPv6(src=self.pg0.local_ip6, + dst=tun_dscp.dst, + tc=tc) for tc in exp_tcs] + + # IPv4 in to IPv4 tunnel + self.verify_ip4ip6_encaps(a4s[0], p_ip4s, p_ip6_encaps) + # IPv6 in to IPv4 tunnel + self.verify_ip6ip6_encaps(a6s[0], p_ip6s, p_ip6_encaps) + + # tun_dscp_ecn copies the dscp and the ecn + exp_tcs = [dscp, dscp_ecn, ecn, 0xff] + p_ip6_encaps = [IPv6(src=self.pg0.local_ip6, + dst=tun_dscp_ecn.dst, + tc=tc) for tc in exp_tcs] + + self.verify_ip4ip6_encaps(a4s[1], p_ip4s, p_ip6_encaps) + self.verify_ip6ip6_encaps(a6s[1], p_ip6s, p_ip6_encaps) + + # tun_ecn copies only the ecn and always sets DF + exp_tcs = [0, ecn, ecn, ecn] + p_ip6_encaps = [IPv6(src=self.pg0.local_ip6, + dst=tun_ecn.dst, + tc=tc) for tc in exp_tcs] + + self.verify_ip4ip6_encaps(a4s[2], p_ip4s, p_ip6_encaps) + self.verify_ip6ip6_encaps(a6s[2], p_ip6s, p_ip6_encaps) + + # tun sets a fixed dscp + fixed_dscp = tun.dscp << 2 + p_ip6_encaps = [IPv6(src=self.pg0.local_ip6, + dst=tun.dst, + tc=fixed_dscp) for i in range(len(p_ip4s))] + + self.verify_ip4ip6_encaps(a4s[3], p_ip4s, p_ip6_encaps) + self.verify_ip6ip6_encaps(a6s[3], p_ip6s, p_ip6_encaps) + + # + # Decapsulation + # + n_packets_decapped = self.statistics.get_err_counter( + '/err/ipip6-input/packets decapsulated') + + self.p_ether = Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) + + # IPv6 tunnel to IPv4 + tcs = [0, dscp, dscp_ecn, ecn] + + # one overlay packet and all combinations of its encap + p_ip4 = IP(src="1.2.3.4", dst=self.pg0.remote_ip4) + p_ip6_encaps = [IPv6(src=tun.dst, + dst=self.pg0.local_ip6, + tc=tc) for tc in tcs] + + # for each encap tun will produce the same inner packet because it does + # not copy up fields from the payload + for p_ip6_encap in p_ip6_encaps: + p6 = (self.p_ether / p_ip6_encap / p_ip4 / self.p_payload) + p4_reply = (p_ip4 / self.p_payload) + p4_reply.ttl -= 1 + rx = self.send_and_expect(self.pg1, p6 * N_PACKETS, self.pg0) + n_packets_decapped += N_PACKETS + for p in rx: + self.validate(p[1], p4_reply) + self.assert_packet_checksums_valid(p) + + err = self.statistics.get_err_counter( + '/err/ipip6-input/packets decapsulated') + self.assertEqual(err, n_packets_decapped) + + # tun_ecn copies the ECN bits from the encap to the inner + p_ip6_encaps = [IPv6(src=tun_ecn.dst, + dst=self.pg0.local_ip6, + tc=tc) for tc in tcs] + p_ip4_replys = [p_ip4.copy() for i in range(len(p_ip6_encaps))] + p_ip4_replys[2].tos = ecn + p_ip4_replys[3].tos = ecn + for i, p_ip6_encap in enumerate(p_ip6_encaps): + p6 = (self.p_ether / p_ip6_encap / p_ip4 / self.p_payload) + p4_reply = (p_ip4_replys[i] / self.p_payload) + p4_reply.ttl -= 1 + rx = self.send_and_expect(self.pg1, p6 * N_PACKETS, self.pg0) + n_packets_decapped += N_PACKETS + for p in rx: + self.validate(p[1], p4_reply) + self.assert_packet_checksums_valid(p) + + err = self.statistics.get_err_counter( + '/err/ipip6-input/packets decapsulated') + self.assertEqual(err, n_packets_decapped) + + # IPv6 tunnel to IPv6 + # for each encap tun will produce the same inner packet because it does + # not copy up fields from the payload + p_ip6_encaps = [IPv6(src=tun.dst, + dst=self.pg0.local_ip6, + tc=tc) for tc in tcs] + p_ip6 = IPv6(src="1:2:3::4", dst=self.pg0.remote_ip6) + for p_ip6_encap in p_ip6_encaps: + p6 = (self.p_ether / p_ip6_encap / p_ip6 / self.p_payload) + p6_reply = (p_ip6 / self.p_payload) + p6_reply.hlim = 63 + rx = self.send_and_expect(self.pg1, p6 * N_PACKETS, self.pg0) + n_packets_decapped += N_PACKETS + for p in rx: + self.validate(p[1], p6_reply) + self.assert_packet_checksums_valid(p) + + err = self.statistics.get_err_counter( + '/err/ipip6-input/packets decapsulated') + self.assertEqual(err, n_packets_decapped) + + # IPv6 tunnel to IPv6 + # tun_ecn copies the ECN bits from the encap to the inner + p_ip6_encaps = [IPv6(src=tun_ecn.dst, + dst=self.pg0.local_ip6, + tc=tc) for tc in tcs] + p_ip6 = IPv6(src="1:2:3::4", dst=self.pg0.remote_ip6) + p_ip6_replys = [p_ip6.copy() for i in range(len(p_ip6_encaps))] + p_ip6_replys[2].tc = ecn + p_ip6_replys[3].tc = ecn + for i, p_ip6_encap in enumerate(p_ip6_encaps): + p6 = (self.p_ether / p_ip6_encap / p_ip6 / self.p_payload) + p6_reply = (p_ip6_replys[i] / self.p_payload) + p6_reply.hlim = 63 + rx = self.send_and_expect(self.pg1, p6 * N_PACKETS, self.pg0) + n_packets_decapped += N_PACKETS + for p in rx: + self.validate(p[1], p6_reply) + self.assert_packet_checksums_valid(p) + + err = self.statistics.get_err_counter( + '/err/ipip6-input/packets decapsulated') + self.assertEqual(err, n_packets_decapped) + def test_frag(self): """ ip{v4,v6} over ip6 test frag """ @@ -426,7 +910,7 @@ class TestIPIP6(VppTestCase): is_ip6=1) # Send lots of fragments, verify reassembled packet - before_cnt = self.statistics.get_counter( + before_cnt = self.statistics.get_err_counter( '/err/ipip6-input/packets decapsulated') frags, p6_reply = self.generate_ip6_frags(3131, 1400) f = [] @@ -440,7 +924,7 @@ class TestIPIP6(VppTestCase): for p in rx: self.validate(p[1], p6_reply) - cnt = self.statistics.get_counter( + cnt = self.statistics.get_err_counter( '/err/ipip6-input/packets decapsulated') self.assertEqual(cnt, before_cnt + 1000) @@ -469,7 +953,7 @@ class TestIPIP6(VppTestCase): p6 = (p_ether / p_ip6 / p_payload) p6_reply = (IPv6(src=self.pg0.local_ip6, dst=self.pg1.remote_ip6, - hlim=63, tc=42) / + hlim=63) / p_ip6 / p_payload) p6_reply[1].hlim -= 1 self.pg_enable_capture() @@ -502,9 +986,7 @@ class TestIPIP6(VppTestCase): def test_ipip_create(self): """ ipip create / delete interface test """ - rv = self.vapi.ipip_add_tunnel( - src_address=inet_pton(AF_INET, '1.2.3.4'), - dst_address=inet_pton(AF_INET, '2.3.4.5'), is_ipv6=0) + rv = ipip_add_tunnel(self, '1.2.3.4', '2.3.4.5') sw_if_index = rv.sw_if_index self.vapi.ipip_del_tunnel(sw_if_index) @@ -513,10 +995,7 @@ class TestIPIP6(VppTestCase): t = VppIpTable(self, 20) t.add_vpp_config() - rv = self.vapi.ipip_add_tunnel( - src_address=inet_pton(AF_INET, '1.2.3.4'), - dst_address=inet_pton(AF_INET, '2.3.4.5'), is_ipv6=0, - table_id=20) + rv = ipip_add_tunnel(self, '1.2.3.4', '2.3.4.5', table_id=20) sw_if_index = rv.sw_if_index self.vapi.ipip_del_tunnel(sw_if_index)