From cebb47733923f9c66d5fe794c040f7baf6271a47 Mon Sep 17 00:00:00 2001 From: Mohsin Kazmi Date: Wed, 7 Apr 2021 19:50:35 +0200 Subject: [PATCH] ip6-nd: add ip6-nd proxy Type: feature Change-Id: I91f72f5802db195d1a15424d67c1b6e518168f9f Signed-off-by: Mohsin Kazmi --- src/vnet/CMakeLists.txt | 1 + src/vnet/ip6-nd/FEATURE.yaml | 5 +- src/vnet/ip6-nd/ip6_nd.api | 14 ++ src/vnet/ip6-nd/ip6_nd.h | 1 + src/vnet/ip6-nd/ip6_nd_api.c | 18 ++ src/vnet/ip6-nd/ip6_nd_mirror_proxy.c | 414 ++++++++++++++++++++++++++++++++++ test/test_ip6_nd_mirror_proxy.py | 188 +++++++++++++++ 7 files changed, 639 insertions(+), 2 deletions(-) create mode 100644 src/vnet/ip6-nd/ip6_nd_mirror_proxy.c create mode 100644 test/test_ip6_nd_mirror_proxy.py diff --git a/src/vnet/CMakeLists.txt b/src/vnet/CMakeLists.txt index 52208bde069..78a2ba77c0e 100644 --- a/src/vnet/CMakeLists.txt +++ b/src/vnet/CMakeLists.txt @@ -1470,6 +1470,7 @@ list (APPEND VNET_SOURCES ip6-nd/ip6_nd.c ip6-nd/ip6_nd_api.c ip6-nd/ip6_nd_proxy.c + ip6-nd/ip6_nd_mirror_proxy.c ip6-nd/ip6_ra.c ip6-nd/rd_cp.c ip6-nd/rd_cp_api.c diff --git a/src/vnet/ip6-nd/FEATURE.yaml b/src/vnet/ip6-nd/FEATURE.yaml index ce16fa24bd1..ccdbf10d2ef 100644 --- a/src/vnet/ip6-nd/FEATURE.yaml +++ b/src/vnet/ip6-nd/FEATURE.yaml @@ -1,12 +1,13 @@ --- -name: IPv6 Neighbor Discovery +name: IPv6 Neighbor Discovery and Proxy maintainer: Neale Ranns features: - Neighbor discovery. - ND Auto address configuration - Multicast Listener Discovery - only as host role to send adverts - Router Advertisements + - ND (mirror) proxy on given interface -description: "An implementation of the IPv6 Neighbor discovery protocol as described in RFC4861 and RFC4862." +description: "An implementation of the IPv6 Neighbor discovery protocol as described in RFC4861 and RFC4862. It also implements ND (mirror) proxy on given interface (some inspiration from RFC4389)." state: production properties: [API, CLI, MULTITHREAD] diff --git a/src/vnet/ip6-nd/ip6_nd.api b/src/vnet/ip6-nd/ip6_nd.api index 91b5faf9bdf..0a519c16f7f 100644 --- a/src/vnet/ip6-nd/ip6_nd.api +++ b/src/vnet/ip6-nd/ip6_nd.api @@ -106,6 +106,20 @@ autoreply define sw_interface_ip6nd_ra_prefix u32 pref_lifetime; }; +/** \brief IPv6 ND (mirror) proxy + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param sw_if_index - The interface the host is on + @param is_enable - enable or disable +*/ +autoreply define ip6nd_proxy_enable_disable +{ + u32 client_index; + u32 context; + vl_api_interface_index_t sw_if_index; + bool is_enable; +}; + /** \brief IPv6 ND proxy config @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request diff --git a/src/vnet/ip6-nd/ip6_nd.h b/src/vnet/ip6-nd/ip6_nd.h index 4dab7440b4a..2aade3fb512 100644 --- a/src/vnet/ip6-nd/ip6_nd.h +++ b/src/vnet/ip6-nd/ip6_nd.h @@ -23,6 +23,7 @@ extern int ip6_nd_proxy_add (u32 sw_if_index, const ip6_address_t * addr); extern int ip6_nd_proxy_del (u32 sw_if_index, const ip6_address_t * addr); +extern int ip6_nd_proxy_enable_disable (u32 sw_if_index, u8 enable); #endif /* included_ip6_neighbor_h */ diff --git a/src/vnet/ip6-nd/ip6_nd_api.c b/src/vnet/ip6-nd/ip6_nd_api.c index b949e218cfd..6520a61f691 100644 --- a/src/vnet/ip6-nd/ip6_nd_api.c +++ b/src/vnet/ip6-nd/ip6_nd_api.c @@ -118,6 +118,24 @@ vl_api_ip6nd_proxy_dump_t_handler (vl_api_ip6nd_proxy_dump_t * mp) vec_free (ctx.indices); } +static void +vl_api_ip6nd_proxy_enable_disable_t_handler ( + vl_api_ip6nd_proxy_enable_disable_t *mp) +{ + vl_api_ip6nd_proxy_enable_disable_reply_t *rmp; + int rv = 0; + + VALIDATE_SW_IF_INDEX (mp); + + if (mp->is_enable) + rv = ip6_nd_proxy_enable_disable (ntohl (mp->sw_if_index), 1); + else + rv = ip6_nd_proxy_enable_disable (ntohl (mp->sw_if_index), 0); + + BAD_SW_IF_INDEX_LABEL; + REPLY_MACRO (VL_API_IP6ND_PROXY_ENABLE_DISABLE_REPLY); +} + static void vl_api_ip6nd_proxy_add_del_t_handler (vl_api_ip6nd_proxy_add_del_t * mp) { diff --git a/src/vnet/ip6-nd/ip6_nd_mirror_proxy.c b/src/vnet/ip6-nd/ip6_nd_mirror_proxy.c new file mode 100644 index 00000000000..478bb05e1d3 --- /dev/null +++ b/src/vnet/ip6-nd/ip6_nd_mirror_proxy.c @@ -0,0 +1,414 @@ +/* + * Copyright (c) 2021 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +int +ip6_nd_proxy_enable_disable (u32 sw_if_index, u8 enable) +{ + + if (enable) + { + vnet_feature_enable_disable ("ip6-unicast", "ip6-unicast-nd-proxy", + sw_if_index, 1, NULL, 0); + vnet_feature_enable_disable ("ip6-multicast", "ip6-multicast-nd-proxy", + sw_if_index, 1, NULL, 0); + } + else + { + vnet_feature_enable_disable ("ip6-unicast", "ip6-unicast-nd-proxy", + sw_if_index, 0, NULL, 0); + vnet_feature_enable_disable ("ip6-multicast", "ip6-multicast-nd-proxy", + sw_if_index, 0, NULL, 0); + } + return 0; +} + +static clib_error_t * +set_int_ip6_nd_proxy_command_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + vnet_main_t *vnm = vnet_get_main (); + u32 sw_if_index; + int enable = 0; + + sw_if_index = ~0; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "%U", unformat_vnet_sw_interface, vnm, + &sw_if_index)) + ; + else if (unformat (input, "enable")) + enable = 1; + else if (unformat (input, "disable")) + enable = 0; + else + break; + } + + if (~0 == sw_if_index) + return clib_error_return (0, "unknown input '%U'", format_unformat_error, + input); + + ip6_nd_proxy_enable_disable (sw_if_index, enable); + + return 0; +} + +VLIB_CLI_COMMAND (set_int_ip6_nd_proxy_enable_command, static) = { + .path = "set interface ip6-nd proxy", + .short_help = "set interface ip6-nd proxy [enable|disable]", + .function = set_int_ip6_nd_proxy_command_fn, +}; + +typedef struct +{ + u8 is_multicast; + u32 sw_if_index; +} vnet_ip6_nd_proxy_trace_t; + +static u8 * +format_ip6_nd_proxy_trace (u8 *s, va_list *args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + vnet_main_t *vnm = vnet_get_main (); + vnet_ip6_nd_proxy_trace_t *t = va_arg (*args, vnet_ip6_nd_proxy_trace_t *); + u32 indent = format_get_indent (s); + + if (t->is_multicast) + s = format (s, "%U %U multicast ", format_white_space, indent, + format_vnet_sw_if_index_name, vnm, t->sw_if_index); + else + s = format (s, "%U %U unicast ", format_white_space, indent, + format_vnet_sw_if_index_name, vnm, t->sw_if_index); + + return s; +} + +static_always_inline void +ip6_nd_proxy_unicast (vlib_main_t *vm, vlib_node_runtime_t *node, + vlib_buffer_t *b0, ip6_header_t *ip6, u32 *next0) +{ + if (PREDICT_FALSE (ip6->protocol == IP_PROTOCOL_ICMP6)) + { + icmp46_header_t *icmp0; + icmp6_type_t type0; + + icmp0 = ip6_next_header (ip6); + type0 = icmp0->type; + if (type0 == ICMP6_neighbor_solicitation || + type0 == ICMP6_neighbor_advertisement) + { + icmp6_neighbor_solicitation_or_advertisement_header_t *icmp6_nsa; + icmp6_neighbor_discovery_ethernet_link_layer_address_option_t + *icmp6_nd_ell_addr; + u32 sw_if_index0; + + icmp6_nsa = (void *) icmp0; + icmp6_nd_ell_addr = (void *) (icmp6_nsa + 1); + + sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; + + /* unicast neighbor solicitation */ + fib_node_index_t fei; + u32 fib_index; + + fib_index = ip6_fib_table_get_index_for_sw_if_index (sw_if_index0); + + if (~0 == fib_index) + { + *next0 = ICMP6_NEIGHBOR_SOLICITATION_NEXT_DROP; + } + else + { + if (ip6_address_is_link_local_unicast (&ip6->dst_address)) + { + fei = ip6_fib_table_lookup_exact_match ( + ip6_ll_fib_get (sw_if_index0), &ip6->dst_address, 128); + } + else + { + fei = ip6_fib_table_lookup_exact_match ( + fib_index, &ip6->dst_address, 128); + } + + if (FIB_NODE_INDEX_INVALID != fei) + { + *next0 = ICMP6_NEIGHBOR_SOLICITATION_NEXT_REPLY; + icmp6_send_neighbor_advertisement ( + vm, b0, ip6, icmp6_nsa, icmp6_nd_ell_addr, sw_if_index0); + } + } + if (b0->flags & VLIB_BUFFER_IS_TRACED) + { + vnet_ip6_nd_proxy_trace_t *t; + t = vlib_add_trace (vm, node, b0, sizeof (t[0])); + t->sw_if_index = sw_if_index0; + t->is_multicast = 0; + } + } + } +} + +static_always_inline void +ip6_nd_proxy_multicast (vlib_main_t *vm, vlib_node_runtime_t *node, + vlib_buffer_t *b0, ip6_header_t *ip6, u32 *next0) +{ + if (PREDICT_FALSE (ip6->protocol == IP_PROTOCOL_ICMP6)) + { + icmp46_header_t *icmp0; + icmp6_type_t type0; + + icmp0 = ip6_next_header (ip6); + type0 = icmp0->type; + if (type0 == ICMP6_neighbor_solicitation || + type0 == ICMP6_neighbor_advertisement) + { + icmp6_neighbor_solicitation_or_advertisement_header_t *icmp6_nsa; + icmp6_neighbor_discovery_ethernet_link_layer_address_option_t + *icmp6_nd_ell_addr; + u32 sw_if_index0; + + icmp6_nsa = (void *) icmp0; + icmp6_nd_ell_addr = (void *) (icmp6_nsa + 1); + + sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; + if (type0 == ICMP6_neighbor_solicitation) + { + if ( + (icmp6_nd_ell_addr->header.type == + ICMP6_NEIGHBOR_DISCOVERY_OPTION_source_link_layer_address) && + (!ip6_address_is_unspecified (&ip6->src_address)) && + (!ip6_address_is_link_local_unicast (&ip6->src_address))) + { + ip_neighbor_learn_t learn = { .sw_if_index = sw_if_index0, + .ip = { + .version = AF_IP6, + .ip.ip6 = ip6->src_address, + } }; + clib_memcpy (&learn.mac, icmp6_nd_ell_addr->ethernet_address, + sizeof (learn.mac)); + ip_neighbor_learn_dp (&learn); + + *next0 = ICMP6_NEIGHBOR_SOLICITATION_NEXT_REPLY; + icmp6_send_neighbor_advertisement ( + vm, b0, ip6, icmp6_nsa, icmp6_nd_ell_addr, sw_if_index0); + } + } + else // type0 = ICMP6_neighbor_advertisement + { + icmp6_neighbor_solicitation_or_advertisement_header_t + *icmp6_nsa = (void *) icmp0; + icmp6_neighbor_discovery_ethernet_link_layer_address_option_t + *icmp6_nd_ell_addr = (void *) (icmp6_nsa + 1); + if ( + (icmp6_nd_ell_addr->header.type == + ICMP6_NEIGHBOR_DISCOVERY_OPTION_target_link_layer_address) && + (!ip6_address_is_unspecified (&ip6->src_address)) && + (!ip6_address_is_link_local_unicast (&ip6->src_address))) + { + ip_neighbor_learn_t learn = { .sw_if_index = sw_if_index0, + .ip = { + .version = AF_IP6, + .ip.ip6 = + icmp6_nsa->target_address, + } }; + clib_memcpy (&learn.mac, icmp6_nd_ell_addr->ethernet_address, + sizeof (learn.mac)); + ip_neighbor_learn_dp (&learn); + + *next0 = ICMP6_NEIGHBOR_SOLICITATION_NEXT_DROP; + } + } + + if (b0->flags & VLIB_BUFFER_IS_TRACED) + { + vnet_ip6_nd_proxy_trace_t *t; + t = vlib_add_trace (vm, node, b0, sizeof (t[0])); + t->sw_if_index = sw_if_index0; + t->is_multicast = 1; + } + } + } +} + +static_always_inline uword +ip6_nd_proxy_node_inline (vlib_main_t *vm, vlib_node_runtime_t *node, + vlib_frame_t *frame, u8 is_multicast) +{ + u32 n_left_from, *from, *to_next; + u32 next_index, n_left_to_next; + vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs; + + from = vlib_frame_vector_args (frame); + n_left_from = frame->n_vectors; + next_index = node->cached_next_index; + + vlib_get_buffers (vm, from, bufs, n_left_from); + + while (n_left_from > 0) + { + vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); + + while (n_left_from > 4 && n_left_to_next > 2) + { + ip6_header_t *ip6_0, *ip6_1; + u32 next0, next1; + u32 bi0, bi1; + + /* Prefetch next iteration. */ + { + vlib_prefetch_buffer_header (b[2], LOAD); + vlib_prefetch_buffer_header (b[3], LOAD); + + vlib_prefetch_buffer_data (b[2], LOAD); + vlib_prefetch_buffer_data (b[3], LOAD); + } + + /* + * speculatively enqueue b0 and b1 to the current next frame + */ + to_next[0] = bi0 = from[0]; + to_next[1] = bi1 = from[1]; + to_next += 2; + n_left_to_next -= 2; + + vnet_feature_next (&next0, b[0]); + vnet_feature_next (&next1, b[1]); + + ip6_0 = vlib_buffer_get_current (b[0]); + ip6_1 = vlib_buffer_get_current (b[1]); + + if (is_multicast) + { + ip6_nd_proxy_multicast (vm, node, b[0], ip6_0, &next0); + ip6_nd_proxy_multicast (vm, node, b[1], ip6_1, &next1); + } + else + { + ip6_nd_proxy_unicast (vm, node, b[0], ip6_0, &next0); + ip6_nd_proxy_unicast (vm, node, b[1], ip6_1, &next1); + } + vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next, + n_left_to_next, bi0, bi1, next0, + next1); + + b += 2; + from += 2; + n_left_from -= 2; + } + + while (n_left_from > 0 && n_left_to_next > 0) + { + ip6_header_t *ip6_0; + u32 next0, bi0; + + /* speculatively enqueue b0 to the current next frame */ + to_next[0] = bi0 = from[0]; + to_next += 1; + n_left_to_next -= 1; + + vnet_feature_next (&next0, b[0]); + ip6_0 = vlib_buffer_get_current (b[0]); + + if (is_multicast) + ip6_nd_proxy_multicast (vm, node, b[0], ip6_0, &next0); + else + ip6_nd_proxy_unicast (vm, node, b[0], ip6_0, &next0); + + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, + n_left_to_next, bi0, next0); + b += 1; + from += 1; + n_left_from -= 1; + } + vlib_put_next_frame (vm, node, next_index, n_left_to_next); + } + + return frame->n_vectors; +} + +VLIB_NODE_FN (ip6_unicast_nd_proxy_node) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) +{ + return ip6_nd_proxy_node_inline (vm, node, frame, 0 /* is_multicast */); +} + +VLIB_REGISTER_NODE (ip6_unicast_nd_proxy_node) = { + .vector_size = sizeof (u32), + .format_trace = format_ip6_nd_proxy_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + .n_errors = 0, + .n_next_nodes = ICMP6_NEIGHBOR_SOLICITATION_N_NEXT, + .next_nodes = { + [ICMP6_NEIGHBOR_SOLICITATION_NEXT_DROP] = "ip6-drop", + [ICMP6_NEIGHBOR_SOLICITATION_NEXT_REPLY] = "interface-output", + }, + .name = "ip6-unicast-nd-proxy", +}; + +VLIB_NODE_FN (ip6_multicast_nd_proxy_node) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) +{ + return ip6_nd_proxy_node_inline (vm, node, frame, 1 /* is_multicast */); +} + +VLIB_REGISTER_NODE (ip6_multicast_nd_proxy_node) = { + .vector_size = sizeof (u32), + .format_trace = format_ip6_nd_proxy_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + .n_errors = 0, + .n_next_nodes = ICMP6_NEIGHBOR_SOLICITATION_N_NEXT, + .next_nodes = { + [ICMP6_NEIGHBOR_SOLICITATION_NEXT_DROP] = "ip6-drop", + [ICMP6_NEIGHBOR_SOLICITATION_NEXT_REPLY] = "interface-output", + }, + .name = "ip6-multicast-nd-proxy", +}; + +VNET_FEATURE_INIT (ip6_unicast_nd_proxy_node, static) = { + .arc_name = "ip6-unicast", + .node_name = "ip6-unicast-nd-proxy", + .runs_before = VNET_FEATURES ("ip6-lookup"), +}; + +VNET_FEATURE_INIT (ip6_multicast_nd_proxy_node, static) = { + .arc_name = "ip6-multicast", + .node_name = "ip6-multicast-nd-proxy", + .runs_before = VNET_FEATURES ("ip6-mfib-forward-lookup"), +}; + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/test/test_ip6_nd_mirror_proxy.py b/test/test_ip6_nd_mirror_proxy.py new file mode 100644 index 00000000000..fa9880122fc --- /dev/null +++ b/test/test_ip6_nd_mirror_proxy.py @@ -0,0 +1,188 @@ +#!/usr/bin/env python3 + +import unittest +import os +from socket import AF_INET6, inet_pton, inet_ntop + +from framework import tag_fixme_vpp_workers +from framework import VppTestCase, VppTestRunner +from vpp_neighbor import VppNeighbor, find_nbr +from vpp_ip_route import VppIpRoute, VppRoutePath, find_route, \ + VppIpTable, DpoProto, FibPathType, VppIpInterfaceAddress +from vpp_papi import VppEnum +from vpp_ip import VppIpPuntRedirect + +import scapy.compat +from scapy.packet import Raw +from scapy.layers.l2 import Ether, ARP, Dot1Q +from scapy.layers.inet import IP, UDP, TCP +from scapy.layers.inet6 import IPv6, ipv6nh, ICMPv6ND_NS, ICMPv6ND_NA, \ + ICMPv6NDOptSrcLLAddr, ICMPv6NDOptDstLLAddr, ICMPv6EchoRequest, \ + ICMPv6EchoReply +from scapy.utils6 import in6_ptop, in6_getnsma, in6_getnsmac, in6_ismaddr + + +class TestNDPROXY(VppTestCase): + """ IP6 ND (mirror) Proxy Test Case """ + + @classmethod + def setUpClass(self): + super(TestNDPROXY, self).setUpClass() + self.create_pg_interfaces(range(2)) + + @classmethod + def tearDownClass(self): + super(TestNDPROXY, self).tearDownClass() + + def setUp(self): + super(TestNDPROXY, self).setUp() + for i in self.pg_interfaces: + i.admin_up() + i.config_ip6() + i.disable_ipv6_ra() + + def tearDown(self): + super(TestNDPROXY, self).tearDown() + if not self.vpp_dead: + for i in self.pg_interfaces: + i.unconfig_ip6() + i.admin_down() + + def test_nd_mirror_proxy(self): + """ Interface (Mirror) Proxy ND """ + + # + # When VPP has an interface whose address is also applied to a TAP + # interface on the host, then VPP's TAP interface will be unnumbered + # to the 'real' interface and do proxy ND from the host. + # the curious aspect of this setup is that ND requests from the host + # will come from the VPP's own address. + # + addr = self.pg0.remote_ip6 + nsma = in6_getnsma(inet_pton(socket.AF_INET6, addr)) + d = inet_ntop(socket.AF_INET6, nsma) + + # Make pg1 un-numbered to pg0 + # + self.pg1.unconfig_ip6() + self.pg1.set_unnumbered(self.pg0.sw_if_index) + + # + # Enable ND proxy on pg1 + # + self.vapi.ip6nd_proxy_enable_disable(sw_if_index=self.pg1.sw_if_index, + is_enable=1) + # + # Send the ND request with an originating address that + # is VPP's own address + # + nd_req_from_host = (Ether(src=self.pg1.remote_mac, + dst=in6_getnsmac(nsma)) / + IPv6(dst=d, src=self.pg0.local_ip6) / + ICMPv6ND_NS(tgt=addr) / + ICMPv6NDOptSrcLLAddr(lladdr=self.pg1.remote_mac)) + + rx = self.send_and_expect(self.pg1, [nd_req_from_host], self.pg1) + self.assertEqual(rx[0][Ether].src, self.pg1.local_mac) + self.assertEqual(rx[0][Ether].dst, self.pg1.remote_mac) + self.assertEqual(rx[0][IPv6].src, self.pg0.remote_ip6) + self.assertEqual(rx[0][IPv6].dst, self.pg0.local_ip6) + self.assertEqual(ipv6nh[rx[0][IPv6].nh], "ICMPv6") + self.assertEqual(rx[0][ICMPv6ND_NA].tgt, self.pg0.remote_ip6) + self.assertTrue(rx[0].haslayer(ICMPv6NDOptDstLLAddr)) + self.assertEqual(rx[0][ICMPv6NDOptDstLLAddr].lladdr, + self.pg1.local_mac) + + # + # Send the unicast ND request + # + unicast_nd_req_from_host = (Ether(src=self.pg1.remote_mac, + dst=self.pg1.local_mac) / + IPv6(dst=self.pg0.remote_ip6, + src=self.pg1.remote_ip6_ll) / + ICMPv6ND_NS(tgt=self.pg0.remote_ip6) / + ICMPv6NDOptSrcLLAddr( + lladdr=self.pg1.remote_mac)) + + rx = self.send_and_expect(self.pg1, [unicast_nd_req_from_host], + self.pg0) + self.assertEqual(rx[0][Ether].src, self.pg0.local_mac) + self.assertEqual(rx[0][Ether].dst, in6_getnsmac(nsma)) + self.assertEqual(rx[0][IPv6].src, self.pg0.local_ip6) + self.assertEqual(rx[0][IPv6].dst, d) + self.assertEqual(ipv6nh[rx[0][IPv6].nh], "ICMPv6") + self.assertEqual(rx[0][ICMPv6ND_NS].tgt, self.pg0.remote_ip6) + self.assertTrue(rx[0].haslayer(ICMPv6NDOptSrcLLAddr)) + self.assertEqual(rx[0][ICMPv6NDOptSrcLLAddr].lladdr, + self.pg0.local_mac) + + # Resolve the NDs on the uplink + self.pg0.resolve_ndp() + + # + # Again send the unicast ND request, this time dst address should be + # in local cache + # + rx = self.send_and_expect(self.pg1, [unicast_nd_req_from_host], + self.pg1) + self.assertEqual(rx[0][Ether].src, self.pg1.local_mac) + self.assertEqual(rx[0][Ether].dst, self.pg1.remote_mac) + self.assertEqual(rx[0][IPv6].src, self.pg0.remote_ip6) + self.assertEqual(in6_ptop(rx[0][IPv6].dst), + in6_ptop(self.pg1.remote_ip6_ll)) + self.assertEqual(ipv6nh[rx[0][IPv6].nh], "ICMPv6") + self.assertEqual(rx[0][ICMPv6ND_NA].tgt, self.pg0.remote_ip6) + self.assertTrue(rx[0].haslayer(ICMPv6NDOptDstLLAddr)) + self.assertEqual(rx[0][ICMPv6NDOptDstLLAddr].lladdr, + self.pg1.local_mac) + + # + # Send the Echo Request from host to remote (of uplink) + # + id = self.pg1.sw_if_index + seq = 0x1 + echo_request = (Ether(dst=self.pg1.local_mac, + src=self.pg1.remote_mac) / + IPv6(dst=self.pg0.remote_ip6, src=self.pg0.local_ip6) / + ICMPv6EchoRequest(seq=seq, id=id)) + + rx = self.send_and_expect(self.pg1, [echo_request], self.pg0) + self.assertEqual(rx[0][Ether].src, self.pg0.local_mac) + self.assertEqual(rx[0][Ether].dst, self.pg0.remote_mac) + self.assertEqual(rx[0][IPv6].src, self.pg0.local_ip6) + self.assertEqual(rx[0][IPv6].dst, self.pg0.remote_ip6) + self.assertEqual(ipv6nh[rx[0][IPv6].nh], "ICMPv6") + self.assertTrue(rx[0].haslayer(ICMPv6EchoRequest)) + self.assertEqual(rx[0][ICMPv6EchoRequest].id, id) + self.assertEqual(rx[0][ICMPv6EchoRequest].seq, seq) + + # + # setup a punt redirect so packets from the uplink go to the tap + # + redirect = VppIpPuntRedirect(self, self.pg0.sw_if_index, + self.pg1.sw_if_index, self.pg0.local_ip6) + redirect.add_vpp_config() + + echo_reply = (Ether(dst=self.pg0.remote_mac, src=self.pg0.local_mac) / + IPv6(dst=self.pg0.local_ip6, src=self.pg0.remote_ip6) / + ICMPv6EchoReply(seq=1, id=id)) + + rx = self.send_and_expect(self.pg0, [echo_reply], self.pg1) + self.assertEqual(rx[0][Ether].src, self.pg1.local_mac) + self.assertEqual(rx[0][Ether].dst, self.pg1.remote_mac) + self.assertEqual(rx[0][IPv6].src, self.pg0.remote_ip6) + self.assertEqual(rx[0][IPv6].dst, self.pg0.local_ip6) + self.assertEqual(ipv6nh[rx[0][IPv6].nh], "ICMPv6") + self.assertTrue(rx[0].haslayer(ICMPv6EchoReply)) + self.assertEqual(rx[0][ICMPv6EchoReply].id, id) + self.assertEqual(rx[0][ICMPv6EchoReply].seq, seq) + + # + # cleanup + # + self.vapi.ip6nd_proxy_enable_disable(sw_if_index=self.pg1.sw_if_index, + is_enable=0) + redirect.remove_vpp_config() + +if __name__ == '__main__': + unittest.main(testRunner=VppTestRunner) -- 2.16.6