X-Git-Url: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=blobdiff_plain;f=test%2Ftest_nat.py;h=c64359a4db743ebf187c4198a12b2e3c80f5433d;hp=b873074eccce6f1f5d8772339a3a967347233e85;hb=fc7344f;hpb=7f99183a20d60cd5c648cc23d7a2f30a594a215b diff --git a/test/test_nat.py b/test/test_nat.py index b873074eccc..c64359a4db7 100644 --- a/test/test_nat.py +++ b/test/test_nat.py @@ -18,7 +18,7 @@ from util import ppp from ipfix import IPFIX, Set, Template, Data, IPFIXDecoder from time import sleep from util import ip4_range -from vpp_mac import mactobinary +from vpp_papi import mac_pton from syslog_rfc5424_parser import SyslogMessage, ParseError from syslog_rfc5424_parser.constants import SyslogFacility, SyslogSeverity from vpp_papi_provider import SYSLOG_SEVERITY @@ -1015,6 +1015,10 @@ class MethodHolder(VppTestCase): """ Verify that there is no NAT44 user """ users = self.vapi.nat44_user_dump() self.assertEqual(len(users), 0) + users = self.statistics.get_counter('/nat44/total-users') + self.assertEqual(users[0][0], 0) + sessions = self.statistics.get_counter('/nat44/total-sessions') + self.assertEqual(sessions[0][0], 0) def verify_ipfix_max_entries_per_user(self, data, limit, src_addr): """ @@ -1507,13 +1511,21 @@ class TestNAT44(MethodHolder): def test_dynamic(self): """ NAT44 dynamic translation test """ - self.nat44_add_address(self.nat_addr) self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, is_inside=0) # in2out + tcpn = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/TCP packets') + udpn = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/UDP packets') + icmpn = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/ICMP packets') + totaln = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/good in2out packets processed') + pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -1521,7 +1533,26 @@ class TestNAT44(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.verify_capture_out(capture) + err = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/TCP packets') + self.assertEqual(err - tcpn, 1) + err = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/UDP packets') + self.assertEqual(err - udpn, 1) + err = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/ICMP packets') + self.assertEqual(err - icmpn, 1) + err = self.statistics.get_counter( + '/err/nat44-in2out-slowpath/good in2out packets processed') + self.assertEqual(err - totaln, 3) + # out2in + tcpn = self.statistics.get_counter('/err/nat44-out2in/TCP packets') + udpn = self.statistics.get_counter('/err/nat44-out2in/UDP packets') + icmpn = self.statistics.get_counter('/err/nat44-out2in/ICMP packets') + totaln = self.statistics.get_counter( + '/err/nat44-out2in/good out2in packets processed') + pkts = self.create_stream_out(self.pg1) self.pg1.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -1529,6 +1560,21 @@ class TestNAT44(MethodHolder): capture = self.pg0.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg0) + err = self.statistics.get_counter('/err/nat44-out2in/TCP packets') + self.assertEqual(err - tcpn, 1) + err = self.statistics.get_counter('/err/nat44-out2in/UDP packets') + self.assertEqual(err - udpn, 1) + err = self.statistics.get_counter('/err/nat44-out2in/ICMP packets') + self.assertEqual(err - icmpn, 1) + err = self.statistics.get_counter( + '/err/nat44-out2in/good out2in packets processed') + self.assertEqual(err - totaln, 3) + + users = self.statistics.get_counter('/nat44/total-users') + self.assertEqual(users[0][0], 1) + sessions = self.statistics.get_counter('/nat44/total-sessions') + self.assertEqual(sessions[0][0], 3) + def test_dynamic_icmp_errors_in2out_ttl_1(self): """ NAT44 handling of client packets with TTL=1 """ @@ -2682,7 +2728,7 @@ class TestNAT44(MethodHolder): data = ipfix.decode_data_set(p.getlayer(Set)) self.verify_ipfix_addr_exhausted(data) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_ipfix_max_sessions(self): """ IPFIX logging maximum session entries exceeded """ self.nat44_add_address(self.nat_addr) @@ -2915,11 +2961,11 @@ class TestNAT44(MethodHolder): """ NAT44 interfaces without configured IP address """ self.vapi.ip_neighbor_add_del(self.pg7.sw_if_index, - mactobinary(self.pg7.remote_mac), + mac_pton(self.pg7.remote_mac), self.pg7.remote_ip4n, is_static=1) self.vapi.ip_neighbor_add_del(self.pg8.sw_if_index, - mactobinary(self.pg8.remote_mac), + mac_pton(self.pg8.remote_mac), self.pg8.remote_ip4n, is_static=1) @@ -2957,11 +3003,11 @@ class TestNAT44(MethodHolder): """ NAT44 interfaces without configured IP address - 1:1 NAT """ self.vapi.ip_neighbor_add_del(self.pg7.sw_if_index, - mactobinary(self.pg7.remote_mac), + mac_pton(self.pg7.remote_mac), self.pg7.remote_ip4n, is_static=1) self.vapi.ip_neighbor_add_del(self.pg8.sw_if_index, - mactobinary(self.pg8.remote_mac), + mac_pton(self.pg8.remote_mac), self.pg8.remote_ip4n, is_static=1) @@ -3003,11 +3049,11 @@ class TestNAT44(MethodHolder): self.icmp_id_out = 30608 self.vapi.ip_neighbor_add_del(self.pg7.sw_if_index, - mactobinary(self.pg7.remote_mac), + mac_pton(self.pg7.remote_mac), self.pg7.remote_ip4n, is_static=1) self.vapi.ip_neighbor_add_del(self.pg8.sw_if_index, - mactobinary(self.pg8.remote_mac), + mac_pton(self.pg8.remote_mac), self.pg8.remote_ip4n, is_static=1) @@ -3356,6 +3402,11 @@ class TestNAT44(MethodHolder): self.logger.error(ppp("Unexpected or invalid packet:", p)) raise + err = self.statistics.get_counter('/err/nat44-classify/next in2out') + self.assertEqual(err, 1) + err = self.statistics.get_counter('/err/nat44-classify/next out2in') + self.assertEqual(err, 1) + def test_del_session(self): """ Delete NAT44 session """ self.nat44_add_address(self.nat_addr) @@ -3656,7 +3707,7 @@ class TestNAT44(MethodHolder): self.pg1.resolve_arp() self.pg2.resolve_arp() - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_timeout(self): """ NAT44 session timeouts """ self.nat44_add_address(self.nat_addr) @@ -4008,6 +4059,15 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertEqual(1, nat_config.endpoint_dependent) # in2out + tcpn = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/TCP packets') + udpn = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/UDP packets') + icmpn = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/ICMP packets') + totaln = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/good in2out packets processed') + pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -4015,7 +4075,27 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.verify_capture_out(capture) + err = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/TCP packets') + self.assertEqual(err - tcpn, 1) + err = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/UDP packets') + self.assertEqual(err - udpn, 1) + err = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/ICMP packets') + self.assertEqual(err - icmpn, 1) + err = self.statistics.get_counter( + '/err/nat44-ed-in2out-slowpath/good in2out packets processed') + self.assertEqual(err - totaln, 3) + # out2in + tcpn = self.statistics.get_counter('/err/nat44-ed-out2in/TCP packets') + udpn = self.statistics.get_counter('/err/nat44-ed-out2in/UDP packets') + icmpn = self.statistics.get_counter( + '/err/nat44-ed-out2in-slowpath/ICMP packets') + totaln = self.statistics.get_counter( + '/err/nat44-ed-out2in/good out2in packets processed') + pkts = self.create_stream_out(self.pg1) self.pg1.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -4023,6 +4103,22 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg0.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg0) + err = self.statistics.get_counter('/err/nat44-ed-out2in/TCP packets') + self.assertEqual(err - tcpn, 1) + err = self.statistics.get_counter('/err/nat44-ed-out2in/UDP packets') + self.assertEqual(err - udpn, 1) + err = self.statistics.get_counter( + '/err/nat44-ed-out2in-slowpath/ICMP packets') + self.assertEqual(err - icmpn, 1) + err = self.statistics.get_counter( + '/err/nat44-ed-out2in/good out2in packets processed') + self.assertEqual(err - totaln, 2) + + users = self.statistics.get_counter('/nat44/total-users') + self.assertEqual(users[0][0], 1) + sessions = self.statistics.get_counter('/nat44/total-sessions') + self.assertEqual(sessions[0][0], 3) + def test_forwarding(self): """ NAT44 forwarding test """ @@ -4178,7 +4274,7 @@ class TestNAT44EndpointDependent(MethodHolder): sessions = self.vapi.nat44_user_session_dump(server.ip4n, 0) self.assertEqual(len(sessions), 0) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_static_lb_multi_clients(self): """ NAT44 local service load balancing - multiple clients""" @@ -4187,6 +4283,7 @@ class TestNAT44EndpointDependent(MethodHolder): local_port = 8080 server1 = self.pg0.remote_hosts[0] server2 = self.pg0.remote_hosts[1] + server3 = self.pg0.remote_hosts[2] locals = [{'addr': server1.ip4n, 'port': local_port, @@ -4227,6 +4324,65 @@ class TestNAT44EndpointDependent(MethodHolder): server2_n += 1 self.assertGreater(server1_n, server2_n) + # add new back-end + self.vapi.nat44_lb_static_mapping_add_del_local(external_addr_n, + external_port, + server3.ip4n, + local_port, + IP_PROTOS.tcp, + 20) + server1_n = 0 + server2_n = 0 + server3_n = 0 + clients = ip4_range(self.pg1.remote_ip4, 60, 110) + pkts = [] + for client in clients: + p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / + IP(src=client, dst=self.nat_addr) / + TCP(sport=12346, dport=external_port)) + pkts.append(p) + self.assertGreater(len(pkts), 0) + self.pg1.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg0.get_capture(len(pkts)) + for p in capture: + if p[IP].dst == server1.ip4: + server1_n += 1 + elif p[IP].dst == server2.ip4: + server2_n += 1 + else: + server3_n += 1 + self.assertGreater(server1_n, 0) + self.assertGreater(server2_n, 0) + self.assertGreater(server3_n, 0) + + # remove one back-end + self.vapi.nat44_lb_static_mapping_add_del_local(external_addr_n, + external_port, + server2.ip4n, + local_port, + IP_PROTOS.tcp, + 10, + is_add=0) + server1_n = 0 + server2_n = 0 + server3_n = 0 + self.pg1.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg0.get_capture(len(pkts)) + for p in capture: + if p[IP].dst == server1.ip4: + server1_n += 1 + elif p[IP].dst == server2.ip4: + server2_n += 1 + else: + server3_n += 1 + self.assertGreater(server1_n, 0) + self.assertEqual(server2_n, 0) + self.assertGreater(server3_n, 0) + def test_static_lb_2(self): """ NAT44 local service load balancing (asymmetrical rule) """ external_addr_n = socket.inet_pton(socket.AF_INET, self.nat_addr) @@ -5711,7 +5867,7 @@ class TestNAT44EndpointDependent(MethodHolder): self.logger.error(ppp("Unexpected or invalid packet:", p)) raise - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_timeout(self): """ NAT44 session timeouts """ self.nat44_add_address(self.nat_addr) @@ -5753,7 +5909,7 @@ class TestNAT44EndpointDependent(MethodHolder): nsessions = nsessions + user.nsessions self.assertLess(nsessions, 2 * max_sessions) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_rst_timeout(self): """ NAT44 session RST timeouts """ self.nat44_add_address(self.nat_addr) @@ -5789,7 +5945,7 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertEqual(users[0].ip_address, self.pg0.remote_ip4n) self.assertEqual(users[0].nsessions, 1) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_limit_per_user(self): """ Maximum sessions per user limit """ self.nat44_add_address(self.nat_addr) @@ -5950,8 +6106,7 @@ class TestNAT44Out2InDPO(MethodHolder): self.src_ip6_pfx_len = 96 self.vapi.map_add_domain(self.dst_ip6_pfx_n, self.dst_ip6_pfx_len, self.src_ip6_pfx_n, self.src_ip6_pfx_len, - '\x00\x00\x00\x00', 0, is_translation=1, - is_rfc6052=1) + '\x00\x00\x00\x00', 0) @unittest.skip('Temporary disabled') def test_464xlat_ce(self): @@ -6484,7 +6639,7 @@ class TestDeterministicNAT(MethodHolder): self.logger.error("TCP session termination failed") raise - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_timeout(self): """ Deterministic NAT session timeouts """ self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, @@ -6507,7 +6662,7 @@ class TestDeterministicNAT(MethodHolder): dms = self.vapi.nat_det_map_dump() self.assertEqual(0, dms[0].ses_num) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_limit_per_user(self): """ Deterministic NAT maximum sessions per user limit """ self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, @@ -6794,6 +6949,8 @@ class TestNAT64(MethodHolder): self.assertEqual(bibe.i_port, in_port) self.assertEqual(bibe.o_port, out_port) self.assertEqual(static_bib_num, 1) + bibs = self.statistics.get_counter('/nat64/total-bibs') + self.assertEqual(bibs[0][0], 1) self.vapi.nat64_add_del_static_bib(in_addr, out_addr, @@ -6807,6 +6964,8 @@ class TestNAT64(MethodHolder): if bibe.is_static: static_bib_num += 1 self.assertEqual(static_bib_num, 0) + bibs = self.statistics.get_counter('/nat64/total-bibs') + self.assertEqual(bibs[0][0], 0) def test_set_timeouts(self): """ Set NAT64 timeouts """ @@ -6840,6 +6999,12 @@ class TestNAT64(MethodHolder): self.vapi.nat64_add_del_interface(self.pg1.sw_if_index, is_inside=0) # in2out + tcpn = self.statistics.get_counter('/err/nat64-in2out/TCP packets') + udpn = self.statistics.get_counter('/err/nat64-in2out/UDP packets') + icmpn = self.statistics.get_counter('/err/nat64-in2out/ICMP packets') + totaln = self.statistics.get_counter( + '/err/nat64-in2out/good in2out packets processed') + pkts = self.create_stream_in_ip6(self.pg0, self.pg1) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -6848,7 +7013,23 @@ class TestNAT64(MethodHolder): self.verify_capture_out(capture, nat_ip=self.nat_addr, dst_ip=self.pg1.remote_ip4) + err = self.statistics.get_counter('/err/nat64-in2out/TCP packets') + self.assertEqual(err - tcpn, 1) + err = self.statistics.get_counter('/err/nat64-in2out/UDP packets') + self.assertEqual(err - udpn, 1) + err = self.statistics.get_counter('/err/nat64-in2out/ICMP packets') + self.assertEqual(err - icmpn, 1) + err = self.statistics.get_counter( + '/err/nat64-in2out/good in2out packets processed') + self.assertEqual(err - totaln, 3) + # out2in + tcpn = self.statistics.get_counter('/err/nat64-out2in/TCP packets') + udpn = self.statistics.get_counter('/err/nat64-out2in/UDP packets') + icmpn = self.statistics.get_counter('/err/nat64-out2in/ICMP packets') + totaln = self.statistics.get_counter( + '/err/nat64-out2in/good out2in packets processed') + pkts = self.create_stream_out(self.pg1, dst_ip=self.nat_addr) self.pg1.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -6857,6 +7038,21 @@ class TestNAT64(MethodHolder): ip = IPv6(src=''.join(['64:ff9b::', self.pg1.remote_ip4])) self.verify_capture_in_ip6(capture, ip[IPv6].src, self.pg0.remote_ip6) + err = self.statistics.get_counter('/err/nat64-out2in/TCP packets') + self.assertEqual(err - tcpn, 1) + err = self.statistics.get_counter('/err/nat64-out2in/UDP packets') + self.assertEqual(err - udpn, 1) + err = self.statistics.get_counter('/err/nat64-out2in/ICMP packets') + self.assertEqual(err - icmpn, 1) + err = self.statistics.get_counter( + '/err/nat64-out2in/good out2in packets processed') + self.assertEqual(err - totaln, 3) + + bibs = self.statistics.get_counter('/nat64/total-bibs') + self.assertEqual(bibs[0][0], 3) + sessions = self.statistics.get_counter('/nat64/total-sessions') + self.assertEqual(sessions[0][0], 3) + # in2out pkts = self.create_stream_in_ip6(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -6953,7 +7149,7 @@ class TestNAT64(MethodHolder): self.assertEqual(ses_num_end - ses_num_start, 3) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_timeout(self): """ NAT64 session timeout """ self.icmp_id_in = 1234 @@ -7614,7 +7810,7 @@ class TestNAT64(MethodHolder): addresses = self.vapi.nat64_pool_addr_dump() self.assertEqual(0, len(adresses)) - @unittest.skipUnless(running_extended_tests(), "part of extended tests") + @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_ipfix_max_bibs_sessions(self): """ IPFIX logging maximum session and BIB entries exceeded """ max_bibs = 1280 @@ -7920,6 +8116,11 @@ class TestNAT64(MethodHolder): vrf_id=prefix.vrf_id, is_add=0) + bibs = self.statistics.get_counter('/nat64/total-bibs') + self.assertEqual(bibs[0][0], 0) + sessions = self.statistics.get_counter('/nat64/total-sessions') + self.assertEqual(sessions[0][0], 0) + def tearDown(self): super(TestNAT64, self).tearDown() if not self.vpp_dead: @@ -8112,6 +8313,11 @@ class TestDSlite(MethodHolder): self.assertEqual(capture[IPv6].dst, self.pg1.remote_hosts[1].ip6) self.assertTrue(capture.haslayer(ICMPv6EchoReply)) + b4s = self.statistics.get_counter('/dslite/total-b4s') + self.assertEqual(b4s[0][0], 2) + sessions = self.statistics.get_counter('/dslite/total-sessions') + self.assertEqual(sessions[0][0], 3) + def tearDown(self): super(TestDSlite, self).tearDown() if not self.vpp_dead: