+
+class IPv6NDProxyTest(TestIPv6ND):
+ """ IPv6 ND ProxyTest Case """
+
+ def setUp(self):
+ super(IPv6NDProxyTest, self).setUp()
+
+ # create 3 pg interfaces
+ self.create_pg_interfaces(range(3))
+
+ # pg0 is the master interface, with the configured subnet
+ self.pg0.admin_up()
+ self.pg0.config_ip6()
+ self.pg0.resolve_ndp()
+
+ self.pg1.ip6_enable()
+ self.pg2.ip6_enable()
+
+ def tearDown(self):
+ super(IPv6NDProxyTest, self).tearDown()
+
+ def test_nd_proxy(self):
+ """ IPv6 Proxy ND """
+
+ #
+ # Generate some hosts in the subnet that we are proxying
+ #
+ self.pg0.generate_remote_hosts(8)
+
+ nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
+ d = inet_ntop(AF_INET6, nsma)
+
+ #
+ # Send an NS for one of those remote hosts on one of the proxy links
+ # expect no response since it's from an address that is not
+ # on the link that has the prefix configured
+ #
+ ns_pg1 = (Ether(dst=in6_getnsmac(nsma), src=self.pg1.remote_mac) /
+ IPv6(dst=d, src=self.pg0._remote_hosts[2].ip6) /
+ ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
+ ICMPv6NDOptSrcLLAddr(lladdr=self.pg0._remote_hosts[2].mac))
+
+ self.send_and_assert_no_replies(self.pg1, ns_pg1, "Off link NS")
+
+ #
+ # Add proxy support for the host
+ #
+ self.vapi.ip6_nd_proxy(
+ inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
+ self.pg1.sw_if_index)
+
+ #
+ # try that NS again. this time we expect an NA back
+ #
+ self.pg1.add_stream(ns_pg1)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ rx = self.pg1.get_capture(1)
+
+ self.validate_na(self.pg1, rx[0],
+ dst_ip=self.pg0._remote_hosts[2].ip6,
+ tgt_ip=self.pg0.local_ip6)
+
+ #
+ # ... and that we have an entry in the ND cache
+ #
+ self.assertTrue(find_nbr(self,
+ self.pg1.sw_if_index,
+ self.pg0._remote_hosts[2].ip6,
+ inet=AF_INET6))
+
+ #
+ # ... and we can route traffic to it
+ #
+ t = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
+ IPv6(dst=self.pg0._remote_hosts[2].ip6,
+ src=self.pg0.remote_ip6) /
+ UDP(sport=10000, dport=20000) /
+ Raw('\xa5' * 100))
+
+ self.pg0.add_stream(t)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ rx = self.pg1.get_capture(1)
+ rx = rx[0]
+
+ self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
+ self.assertEqual(rx[Ether].src, self.pg1.local_mac)
+
+ self.assertEqual(rx[IPv6].src, t[IPv6].src)
+ self.assertEqual(rx[IPv6].dst, t[IPv6].dst)
+
+ #
+ # Test we proxy for the host on the main interface
+ #
+ ns_pg0 = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
+ IPv6(dst=d, src=self.pg0.remote_ip6) /
+ ICMPv6ND_NS(tgt=self.pg0._remote_hosts[2].ip6) /
+ ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
+
+ self.pg0.add_stream(ns_pg0)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ rx = self.pg0.get_capture(1)
+
+ self.validate_na(self.pg0, rx[0],
+ tgt_ip=self.pg0._remote_hosts[2].ip6,
+ dst_ip=self.pg0.remote_ip6)
+
+ #
+ # Setup and resolve proxy for another host on another interface
+ #
+ ns_pg2 = (Ether(dst=in6_getnsmac(nsma), src=self.pg2.remote_mac) /
+ IPv6(dst=d, src=self.pg0._remote_hosts[3].ip6) /
+ ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
+ ICMPv6NDOptSrcLLAddr(lladdr=self.pg0._remote_hosts[2].mac))
+
+ self.vapi.ip6_nd_proxy(
+ inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
+ self.pg2.sw_if_index)
+
+ self.pg2.add_stream(ns_pg2)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ rx = self.pg2.get_capture(1)
+
+ self.validate_na(self.pg2, rx[0],
+ dst_ip=self.pg0._remote_hosts[3].ip6,
+ tgt_ip=self.pg0.local_ip6)
+
+ self.assertTrue(find_nbr(self,
+ self.pg2.sw_if_index,
+ self.pg0._remote_hosts[3].ip6,
+ inet=AF_INET6))
+
+ #
+ # hosts can communicate. pg2->pg1
+ #
+ t2 = (Ether(dst=self.pg2.local_mac,
+ src=self.pg0.remote_hosts[3].mac) /
+ IPv6(dst=self.pg0._remote_hosts[2].ip6,
+ src=self.pg0._remote_hosts[3].ip6) /
+ UDP(sport=10000, dport=20000) /
+ Raw('\xa5' * 100))
+
+ self.pg2.add_stream(t2)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ rx = self.pg1.get_capture(1)
+ rx = rx[0]
+
+ self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
+ self.assertEqual(rx[Ether].src, self.pg1.local_mac)
+
+ self.assertEqual(rx[IPv6].src, t2[IPv6].src)
+ self.assertEqual(rx[IPv6].dst, t2[IPv6].dst)
+
+ #
+ # remove the proxy configs
+ #
+ self.vapi.ip6_nd_proxy(
+ inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
+ self.pg1.sw_if_index,
+ is_del=1)
+ self.vapi.ip6_nd_proxy(
+ inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
+ self.pg2.sw_if_index,
+ is_del=1)
+
+ self.assertFalse(find_nbr(self,
+ self.pg2.sw_if_index,
+ self.pg0._remote_hosts[3].ip6,
+ inet=AF_INET6))
+ self.assertFalse(find_nbr(self,
+ self.pg1.sw_if_index,
+ self.pg0._remote_hosts[2].ip6,
+ inet=AF_INET6))
+
+ #
+ # no longer proxy-ing...
+ #
+ self.send_and_assert_no_replies(self.pg0, ns_pg0, "Proxy unconfigured")
+ self.send_and_assert_no_replies(self.pg1, ns_pg1, "Proxy unconfigured")
+ self.send_and_assert_no_replies(self.pg2, ns_pg2, "Proxy unconfigured")
+
+ #
+ # no longer forwarding. traffic generates NS out of the glean/main
+ # interface
+ #
+ self.pg2.add_stream(t2)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+
+ rx = self.pg0.get_capture(1)
+
+ self.assertTrue(rx[0].haslayer(ICMPv6ND_NS))
+
+