diff options
author | Matus Fabian <matfabia@cisco.com> | 2017-08-21 07:05:03 -0700 |
---|---|---|
committer | Ole Trøan <otroan@employees.org> | 2017-08-23 07:42:10 +0000 |
commit | 2ba92e32e0197f676dd905e5edcb4ff3e1bec241 (patch) | |
tree | 4d5eba20eda422bde4e9218834e1b8662a43b001 /test | |
parent | cfc997ef3da9f406afe5caad99fc98a53aab7a77 (diff) |
NAT: Rename snat plugin to nat (VPP-955)
Change-Id: I30a7e3da7a4efc6038a91e27b48045d4b07e2764
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/test_nat.py (renamed from test/test_snat.py) | 874 | ||||
-rw-r--r-- | test/vpp_papi_provider.py | 187 |
2 files changed, 525 insertions, 536 deletions
diff --git a/test/test_snat.py b/test/test_nat.py index eb47bbb8..0d622b08 100644 --- a/test/test_snat.py +++ b/test/test_nat.py @@ -18,7 +18,7 @@ from time import sleep class MethodHolder(VppTestCase): - """ SNAT create capture and verify method holder """ + """ NAT create capture and verify method holder """ @classmethod def setUpClass(cls): @@ -241,11 +241,11 @@ class MethodHolder(VppTestCase): Create packet stream for outside network :param out_if: Outside interface - :param dst_ip: Destination IP address (Default use global SNAT address) + :param dst_ip: Destination IP address (Default use global NAT address) :param ttl: TTL of generated packets """ if dst_ip is None: - dst_ip = self.snat_addr + dst_ip = self.nat_addr pkts = [] # TCP p = (Ether(dst=out_if.local_mac, src=out_if.remote_mac) / @@ -273,13 +273,13 @@ class MethodHolder(VppTestCase): Verify captured packets on outside network :param capture: Captured packets - :param nat_ip: Translated IP address (Default use global SNAT address) + :param nat_ip: Translated IP address (Default use global NAT address) :param same_port: Sorce port number is not translated (Default False) :param packet_num: Expected number of packets (Default 3) :param dst_ip: Destination IP address (Default do not verify) """ if nat_ip is None: - nat_ip = self.snat_addr + nat_ip = self.nat_addr self.assertEqual(packet_num, len(capture)) for packet in capture: try: @@ -399,13 +399,13 @@ class MethodHolder(VppTestCase): :param capture: Captured packets :param src_ip: Translated IP address or IP address of VPP - (Default use global SNAT address) + (Default use global NAT address) :param packet_num: Expected number of packets (Default 3) :param icmp_type: Type of error ICMP packet we are expecting (Default 11) """ if src_ip is None: - src_ip = self.snat_addr + src_ip = self.nat_addr self.assertEqual(packet_num, len(capture)) for packet in capture: try: @@ -480,7 +480,7 @@ class MethodHolder(VppTestCase): # sourceIPv4Address self.assertEqual(self.pg0.remote_ip4n, record[8]) # postNATSourceIPv4Address - self.assertEqual(socket.inet_pton(socket.AF_INET, self.snat_addr), + self.assertEqual(socket.inet_pton(socket.AF_INET, self.nat_addr), record[225]) # ingressVRFID self.assertEqual(struct.pack("!I", 0), record[234]) @@ -518,12 +518,12 @@ class MethodHolder(VppTestCase): self.assertEqual(struct.pack("!I", 0), record[283]) -class TestSNAT(MethodHolder): - """ SNAT Test Cases """ +class TestNAT44(MethodHolder): + """ NAT44 Test Cases """ @classmethod def setUpClass(cls): - super(TestSNAT, cls).setUpClass() + super(TestNAT44, cls).setUpClass() try: cls.tcp_port_in = 6303 @@ -532,7 +532,7 @@ class TestSNAT(MethodHolder): cls.udp_port_out = 6304 cls.icmp_id_in = 6305 cls.icmp_id_out = 6305 - cls.snat_addr = '10.0.0.3' + cls.nat_addr = '10.0.0.3' cls.ipfix_src_port = 4739 cls.ipfix_domain_id = 1 @@ -570,12 +570,12 @@ class TestSNAT(MethodHolder): cls.pg8.admin_up() except Exception: - super(TestSNAT, cls).tearDownClass() + super(TestNAT44, cls).tearDownClass() raise - def clear_snat(self): + def clear_nat44(self): """ - Clear SNAT configuration. + Clear NAT44 configuration. """ # I found no elegant way to do this self.vapi.ip_add_del_route(dst_address=self.pg7.remote_ip4n, @@ -600,50 +600,51 @@ class TestSNAT(MethodHolder): if self.pg7.has_ip4_config: self.pg7.unconfig_ip4() - interfaces = self.vapi.snat_interface_addr_dump() + interfaces = self.vapi.nat44_interface_addr_dump() for intf in interfaces: - self.vapi.snat_add_interface_addr(intf.sw_if_index, is_add=0) + self.vapi.nat44_add_interface_addr(intf.sw_if_index, is_add=0) - self.vapi.snat_ipfix(enable=0, src_port=self.ipfix_src_port, - domain_id=self.ipfix_domain_id) + self.vapi.nat_ipfix(enable=0, src_port=self.ipfix_src_port, + domain_id=self.ipfix_domain_id) self.ipfix_src_port = 4739 self.ipfix_domain_id = 1 - interfaces = self.vapi.snat_interface_dump() + interfaces = self.vapi.nat44_interface_dump() for intf in interfaces: - self.vapi.snat_interface_add_del_feature(intf.sw_if_index, - intf.is_inside, - is_add=0) + self.vapi.nat44_interface_add_del_feature(intf.sw_if_index, + intf.is_inside, + is_add=0) - interfaces = self.vapi.snat_interface_output_feature_dump() + interfaces = self.vapi.nat44_interface_output_feature_dump() for intf in interfaces: - self.vapi.snat_interface_add_del_output_feature(intf.sw_if_index, - intf.is_inside, - is_add=0) + self.vapi.nat44_interface_add_del_output_feature(intf.sw_if_index, + intf.is_inside, + is_add=0) - static_mappings = self.vapi.snat_static_mapping_dump() + static_mappings = self.vapi.nat44_static_mapping_dump() for sm in static_mappings: - self.vapi.snat_add_static_mapping(sm.local_ip_address, - sm.external_ip_address, - local_port=sm.local_port, - external_port=sm.external_port, - addr_only=sm.addr_only, - vrf_id=sm.vrf_id, - protocol=sm.protocol, - is_add=0) - - adresses = self.vapi.snat_address_dump() + self.vapi.nat44_add_del_static_mapping( + sm.local_ip_address, + sm.external_ip_address, + local_port=sm.local_port, + external_port=sm.external_port, + addr_only=sm.addr_only, + vrf_id=sm.vrf_id, + protocol=sm.protocol, + is_add=0) + + adresses = self.vapi.nat44_address_dump() for addr in adresses: - self.vapi.snat_add_address_range(addr.ip_address, - addr.ip_address, - is_add=0) - - def snat_add_static_mapping(self, local_ip, external_ip='0.0.0.0', - local_port=0, external_port=0, vrf_id=0, - is_add=1, external_sw_if_index=0xFFFFFFFF, - proto=0): + self.vapi.nat44_add_del_address_range(addr.ip_address, + addr.ip_address, + is_add=0) + + def nat44_add_static_mapping(self, local_ip, external_ip='0.0.0.0', + local_port=0, external_port=0, vrf_id=0, + is_add=1, external_sw_if_index=0xFFFFFFFF, + proto=0): """ - Add/delete S-NAT static mapping + Add/delete NAT44 static mapping :param local_ip: Local IP address :param external_ip: External IP address @@ -659,7 +660,7 @@ class TestSNAT(MethodHolder): addr_only = 0 l_ip = socket.inet_pton(socket.AF_INET, local_ip) e_ip = socket.inet_pton(socket.AF_INET, external_ip) - self.vapi.snat_add_static_mapping( + self.vapi.nat44_add_del_static_mapping( l_ip, e_ip, external_sw_if_index, @@ -670,24 +671,24 @@ class TestSNAT(MethodHolder): proto, is_add) - def snat_add_address(self, ip, is_add=1, vrf_id=0xFFFFFFFF): + def nat44_add_address(self, ip, is_add=1, vrf_id=0xFFFFFFFF): """ - Add/delete S-NAT address + Add/delete NAT44 address :param ip: IP address :param is_add: 1 if add, 0 if delete (Default add) """ - snat_addr = socket.inet_pton(socket.AF_INET, ip) - self.vapi.snat_add_address_range(snat_addr, snat_addr, is_add, - vrf_id=vrf_id) + nat_addr = socket.inet_pton(socket.AF_INET, ip) + self.vapi.nat44_add_del_address_range(nat_addr, nat_addr, is_add, + vrf_id=vrf_id) def test_dynamic(self): - """ SNAT dynamic translation test """ + """ NAT44 dynamic translation test """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -706,12 +707,12 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg0) def test_dynamic_icmp_errors_in2out_ttl_1(self): - """ SNAT handling of client packets with TTL=1 """ + """ NAT44 handling of client packets with TTL=1 """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # Client side - generate traffic pkts = self.create_stream_in(self.pg0, self.pg1, ttl=1) @@ -724,12 +725,12 @@ class TestSNAT(MethodHolder): self.verify_capture_in_with_icmp_errors(capture, self.pg0) def test_dynamic_icmp_errors_out2in_ttl_1(self): - """ SNAT handling of server packets with TTL=1 """ + """ NAT44 handling of server packets with TTL=1 """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # Client side - create sessions pkts = self.create_stream_in(self.pg0, self.pg1) @@ -751,12 +752,12 @@ class TestSNAT(MethodHolder): src_ip=self.pg1.local_ip4) def test_dynamic_icmp_errors_in2out_ttl_2(self): - """ SNAT handling of error responses to client packets with TTL=2 """ + """ NAT44 handling of error responses to client packets with TTL=2 """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # Client side - generate traffic pkts = self.create_stream_in(self.pg0, self.pg1, ttl=2) @@ -767,7 +768,7 @@ class TestSNAT(MethodHolder): # Server side - simulate ICMP type 11 response capture = self.pg1.get_capture(len(pkts)) pkts = [Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / ICMP(type=11) / packet[IP] for packet in capture] self.pg1.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -778,12 +779,12 @@ class TestSNAT(MethodHolder): self.verify_capture_in_with_icmp_errors(capture, self.pg0) def test_dynamic_icmp_errors_out2in_ttl_2(self): - """ SNAT handling of error responses to server packets with TTL=2 """ + """ NAT44 handling of error responses to server packets with TTL=2 """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # Client side - create sessions pkts = self.create_stream_in(self.pg0, self.pg1) @@ -813,12 +814,12 @@ class TestSNAT(MethodHolder): self.verify_capture_out_with_icmp_errors(capture) def test_ping_out_interface_from_outside(self): - """ Ping SNAT out interface from outside network """ + """ Ping NAT44 out interface from outside network """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / IP(src=self.pg1.remote_ip4, dst=self.pg1.local_ip4) / @@ -843,14 +844,14 @@ class TestSNAT(MethodHolder): def test_ping_internal_host_from_outside(self): """ Ping internal host from outside network """ - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # out2in pkt = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr, ttl=64) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr, ttl=64) / ICMP(id=self.icmp_id_out, type='echo-request')) self.pg1.add_stream(pkt) self.pg_enable_capture(self.pg_interfaces) @@ -871,17 +872,17 @@ class TestSNAT(MethodHolder): self.assert_equal(capture[0][IP].proto, IP_PROTOS.icmp) def test_static_in(self): - """ SNAT 1:1 NAT initialized from inside network """ + """ 1:1 NAT initialized from inside network """ nat_ip = "10.0.0.10" self.tcp_port_out = 6303 self.udp_port_out = 6304 self.icmp_id_out = 6305 - self.snat_add_static_mapping(self.pg0.remote_ip4, nat_ip) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -900,17 +901,17 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg0) def test_static_out(self): - """ SNAT 1:1 NAT initialized from outside network """ + """ 1:1 NAT initialized from outside network """ nat_ip = "10.0.0.20" self.tcp_port_out = 6303 self.udp_port_out = 6304 self.icmp_id_out = 6305 - self.snat_add_static_mapping(self.pg0.remote_ip4, nat_ip) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # out2in pkts = self.create_stream_out(self.pg1, nat_ip) @@ -929,25 +930,25 @@ class TestSNAT(MethodHolder): self.verify_capture_out(capture, nat_ip, True) def test_static_with_port_in(self): - """ SNAT 1:1 NAT with port initialized from inside network """ + """ 1:1 NAPT initialized from inside network """ self.tcp_port_out = 3606 self.udp_port_out = 3607 self.icmp_id_out = 3608 - self.snat_add_address(self.snat_addr) - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr, - self.tcp_port_in, self.tcp_port_out, - proto=IP_PROTOS.tcp) - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr, - self.udp_port_in, self.udp_port_out, - proto=IP_PROTOS.udp) - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr, - self.icmp_id_in, self.icmp_id_out, - proto=IP_PROTOS.icmp) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, + self.tcp_port_in, self.tcp_port_out, + proto=IP_PROTOS.tcp) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, + self.udp_port_in, self.udp_port_out, + proto=IP_PROTOS.udp) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, + self.icmp_id_in, self.icmp_id_out, + proto=IP_PROTOS.icmp) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -966,25 +967,25 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg0) def test_static_with_port_out(self): - """ SNAT 1:1 NAT with port initialized from outside network """ + """ 1:1 NAPT initialized from outside network """ self.tcp_port_out = 30606 self.udp_port_out = 30607 self.icmp_id_out = 30608 - self.snat_add_address(self.snat_addr) - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr, - self.tcp_port_in, self.tcp_port_out, - proto=IP_PROTOS.tcp) - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr, - self.udp_port_in, self.udp_port_out, - proto=IP_PROTOS.udp) - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr, - self.icmp_id_in, self.icmp_id_out, - proto=IP_PROTOS.icmp) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, + self.tcp_port_in, self.tcp_port_out, + proto=IP_PROTOS.tcp) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, + self.udp_port_in, self.udp_port_out, + proto=IP_PROTOS.udp) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, + self.icmp_id_in, self.icmp_id_out, + proto=IP_PROTOS.icmp) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # out2in pkts = self.create_stream_out(self.pg1) @@ -1003,7 +1004,7 @@ class TestSNAT(MethodHolder): self.verify_capture_out(capture) def test_static_vrf_aware(self): - """ SNAT 1:1 NAT VRF awareness """ + """ 1:1 NAT VRF awareness """ nat_ip1 = "10.0.0.30" nat_ip2 = "10.0.0.40" @@ -1011,16 +1012,16 @@ class TestSNAT(MethodHolder): self.udp_port_out = 6304 self.icmp_id_out = 6305 - self.snat_add_static_mapping(self.pg4.remote_ip4, nat_ip1, - vrf_id=10) - self.snat_add_static_mapping(self.pg0.remote_ip4, nat_ip2, - vrf_id=10) - self.vapi.snat_interface_add_del_feature(self.pg3.sw_if_index, - is_inside=0) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg4.sw_if_index) + self.nat44_add_static_mapping(self.pg4.remote_ip4, nat_ip1, + vrf_id=10) + self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip2, + vrf_id=10) + self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index, + is_inside=0) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index) - # inside interface VRF match SNAT static mapping VRF + # inside interface VRF match NAT44 static mapping VRF pkts = self.create_stream_in(self.pg4, self.pg3) self.pg4.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -1028,7 +1029,7 @@ class TestSNAT(MethodHolder): capture = self.pg3.get_capture(len(pkts)) self.verify_capture_out(capture, nat_ip1, True) - # inside interface VRF don't match SNAT static mapping VRF (packets + # inside interface VRF don't match NAT44 static mapping VRF (packets # are dropped) pkts = self.create_stream_in(self.pg0, self.pg3) self.pg0.add_stream(pkts) @@ -1037,15 +1038,15 @@ class TestSNAT(MethodHolder): self.pg3.assert_nothing_captured() def test_multiple_inside_interfaces(self): - """ SNAT multiple inside interfaces (non-overlapping address space) """ + """ NAT44 multiple non-overlapping address space inside interfaces """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg3.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index, + is_inside=0) - # between two S-NAT inside interfaces (no translation) + # between two NAT44 inside interfaces (no translation) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -1053,7 +1054,7 @@ class TestSNAT(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.verify_capture_no_translation(capture, self.pg0, self.pg1) - # from S-NAT inside to interface without S-NAT feature (no translation) + # from NAT44 inside to interface without NAT44 feature (no translation) pkts = self.create_stream_in(self.pg0, self.pg2) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -1094,19 +1095,19 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg1) def test_inside_overlapping_interfaces(self): - """ SNAT multiple inside interfaces with overlapping address space """ + """ NAT44 multiple inside interfaces with overlapping address space """ static_nat_ip = "10.0.0.10" - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg3.sw_if_index, - is_inside=0) - self.vapi.snat_interface_add_del_feature(self.pg4.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg5.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg6.sw_if_index) - self.snat_add_static_mapping(self.pg6.remote_ip4, static_nat_ip, - vrf_id=20) - - # between S-NAT inside interfaces with same VRF (no translation) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index, + is_inside=0) + self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg5.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg6.sw_if_index) + self.nat44_add_static_mapping(self.pg6.remote_ip4, static_nat_ip, + vrf_id=20) + + # between NAT44 inside interfaces with same VRF (no translation) pkts = self.create_stream_in(self.pg4, self.pg5) self.pg4.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -1114,7 +1115,7 @@ class TestSNAT(MethodHolder): capture = self.pg5.get_capture(len(pkts)) self.verify_capture_no_translation(capture, self.pg4, self.pg5) - # between S-NAT inside interfaces with different VRF (hairpinning) + # between NAT44 inside interfaces with different VRF (hairpinning) p = (Ether(src=self.pg4.remote_mac, dst=self.pg4.local_mac) / IP(src=self.pg4.remote_ip4, dst=static_nat_ip) / TCP(sport=1234, dport=5678)) @@ -1126,7 +1127,7 @@ class TestSNAT(MethodHolder): try: ip = p[IP] tcp = p[TCP] - self.assertEqual(ip.src, self.snat_addr) + self.assertEqual(ip.src, self.nat_addr) self.assertEqual(ip.dst, self.pg6.remote_ip4) self.assertNotEqual(tcp.sport, 1234) self.assertEqual(tcp.dport, 5678) @@ -1167,9 +1168,9 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg5) # pg5 session dump - addresses = self.vapi.snat_address_dump() + addresses = self.vapi.nat44_address_dump() self.assertEqual(len(addresses), 1) - sessions = self.vapi.snat_user_session_dump(self.pg5.remote_ip4n, 10) + sessions = self.vapi.nat44_user_session_dump(self.pg5.remote_ip4n, 10) self.assertEqual(len(sessions), 3) for session in sessions: self.assertFalse(session.is_static) @@ -1204,13 +1205,13 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg6) # general user and session dump verifications - users = self.vapi.snat_user_dump() + users = self.vapi.nat44_user_dump() self.assertTrue(len(users) >= 3) - addresses = self.vapi.snat_address_dump() + addresses = self.vapi.nat44_address_dump() self.assertEqual(len(addresses), 1) for user in users: - sessions = self.vapi.snat_user_session_dump(user.ip_address, - user.vrf_id) + sessions = self.vapi.nat44_user_session_dump(user.ip_address, + user.vrf_id) for session in sessions: self.assertEqual(user.ip_address, session.inside_ip_address) self.assertTrue(session.total_bytes > session.total_pkts > 0) @@ -1219,7 +1220,7 @@ class TestSNAT(MethodHolder): IP_PROTOS.icmp]) # pg4 session dump - sessions = self.vapi.snat_user_session_dump(self.pg4.remote_ip4n, 10) + sessions = self.vapi.nat44_user_session_dump(self.pg4.remote_ip4n, 10) self.assertTrue(len(sessions) >= 4) for session in sessions: self.assertFalse(session.is_static) @@ -1229,7 +1230,7 @@ class TestSNAT(MethodHolder): addresses[0].ip_address) # pg6 session dump - sessions = self.vapi.snat_user_session_dump(self.pg6.remote_ip4n, 20) + sessions = self.vapi.nat44_user_session_dump(self.pg6.remote_ip4n, 20) self.assertTrue(len(sessions) >= 3) for session in sessions: self.assertTrue(session.is_static) @@ -1242,7 +1243,7 @@ class TestSNAT(MethodHolder): self.icmp_id_in]) def test_hairpinning(self): - """ SNAT hairpinning - 1:1 NAT with port""" + """ NAT44 hairpinning - 1:1 NAPT """ host = self.pg0.remote_hosts[0] server = self.pg0.remote_hosts[1] @@ -1251,18 +1252,18 @@ class TestSNAT(MethodHolder): server_in_port = 5678 server_out_port = 8765 - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # add static mapping for server - self.snat_add_static_mapping(server.ip4, self.snat_addr, - server_in_port, server_out_port, - proto=IP_PROTOS.tcp) + self.nat44_add_static_mapping(server.ip4, self.nat_addr, + server_in_port, server_out_port, + proto=IP_PROTOS.tcp) # send packet from host to server p = (Ether(src=host.mac, dst=self.pg0.local_mac) / - IP(src=host.ip4, dst=self.snat_addr) / + IP(src=host.ip4, dst=self.nat_addr) / TCP(sport=host_in_port, dport=server_out_port)) self.pg0.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -1272,7 +1273,7 @@ class TestSNAT(MethodHolder): try: ip = p[IP] tcp = p[TCP] - self.assertEqual(ip.src, self.snat_addr) + self.assertEqual(ip.src, self.nat_addr) self.assertEqual(ip.dst, server.ip4) self.assertNotEqual(tcp.sport, host_in_port) self.assertEqual(tcp.dport, server_in_port) @@ -1284,7 +1285,7 @@ class TestSNAT(MethodHolder): # send reply from server to host p = (Ether(src=server.mac, dst=self.pg0.local_mac) / - IP(src=server.ip4, dst=self.snat_addr) / + IP(src=server.ip4, dst=self.nat_addr) / TCP(sport=server_in_port, dport=host_out_port)) self.pg0.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -1294,7 +1295,7 @@ class TestSNAT(MethodHolder): try: ip = p[IP] tcp = p[TCP] - self.assertEqual(ip.src, self.snat_addr) + self.assertEqual(ip.src, self.nat_addr) self.assertEqual(ip.dst, host.ip4) self.assertEqual(tcp.sport, server_out_port) self.assertEqual(tcp.dport, host_in_port) @@ -1304,7 +1305,7 @@ class TestSNAT(MethodHolder): raise def test_hairpinning2(self): - """ SNAT hairpinning - 1:1 NAT""" + """ NAT44 hairpinning - 1:1 NAT""" server1_nat_ip = "10.0.0.10" server2_nat_ip = "10.0.0.11" @@ -1314,14 +1315,14 @@ class TestSNAT(MethodHolder): server_tcp_port = 22 server_udp_port = 20 - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # add static mapping for servers - self.snat_add_static_mapping(server1.ip4, server1_nat_ip) - self.snat_add_static_mapping(server2.ip4, server2_nat_ip) + self.nat44_add_static_mapping(server1.ip4, server1_nat_ip) + self.nat44_add_static_mapping(server2.ip4, server2_nat_ip) # host to server1 pkts = [] @@ -1343,7 +1344,7 @@ class TestSNAT(MethodHolder): capture = self.pg0.get_capture(len(pkts)) for packet in capture: try: - self.assertEqual(packet[IP].src, self.snat_addr) + self.assertEqual(packet[IP].src, self.nat_addr) self.assertEqual(packet[IP].dst, server1.ip4) if packet.haslayer(TCP): self.assertNotEqual(packet[TCP].sport, self.tcp_port_in) @@ -1364,15 +1365,15 @@ class TestSNAT(MethodHolder): # server1 to host pkts = [] p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / - IP(src=server1.ip4, dst=self.snat_addr) / + IP(src=server1.ip4, dst=self.nat_addr) / TCP(sport=server_tcp_port, dport=self.tcp_port_out)) pkts.append(p) p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / - IP(src=server1.ip4, dst=self.snat_addr) / + IP(src=server1.ip4, dst=self.nat_addr) / UDP(sport=server_udp_port, dport=self.udp_port_out)) pkts.append(p) p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / - IP(src=server1.ip4, dst=self.snat_addr) / + IP(src=server1.ip4, dst=self.nat_addr) / ICMP(id=self.icmp_id_out, type='echo-reply')) pkts.append(p) self.pg0.add_stream(pkts) @@ -1472,16 +1473,16 @@ class TestSNAT(MethodHolder): def test_max_translations_per_user(self): """ MAX translations per user - recycle the least recently used """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # get maximum number of translations per user - snat_config = self.vapi.snat_show_config() + nat44_config = self.vapi.nat_show_config() # send more than maximum number of translations per user packets - pkts_num = snat_config.max_translations_per_user + 5 + pkts_num = nat44_config.max_translations_per_user + 5 pkts = [] for port in range(0, pkts_num): p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -1496,39 +1497,40 @@ class TestSNAT(MethodHolder): self.pg1.get_capture(pkts_num) def test_interface_addr(self): - """ Acquire SNAT addresses from interface """ - self.vapi.snat_add_interface_addr(self.pg7.sw_if_index) + """ Acquire NAT44 addresses from interface """ + self.vapi.nat44_add_interface_addr(self.pg7.sw_if_index) # no address in NAT pool - adresses = self.vapi.snat_address_dump() + adresses = self.vapi.nat44_address_dump() self.assertEqual(0, len(adresses)) # configure interface address and check NAT address pool self.pg7.config_ip4() - adresses = self.vapi.snat_address_dump() + adresses = self.vapi.nat44_address_dump() self.assertEqual(1, len(adresses)) self.assertEqual(adresses[0].ip_address[0:4], self.pg7.local_ip4n) # remove interface address and check NAT address pool self.pg7.unconfig_ip4() - adresses = self.vapi.snat_address_dump() + adresses = self.vapi.nat44_address_dump() self.assertEqual(0, len(adresses)) def test_interface_addr_static_mapping(self): """ Static mapping with addresses from interface """ - self.vapi.snat_add_interface_addr(self.pg7.sw_if_index) - self.snat_add_static_mapping('1.2.3.4', - external_sw_if_index=self.pg7.sw_if_index) + self.vapi.nat44_add_interface_addr(self.pg7.sw_if_index) + self.nat44_add_static_mapping( + '1.2.3.4', + external_sw_if_index=self.pg7.sw_if_index) # static mappings with external interface - static_mappings = self.vapi.snat_static_mapping_dump() + static_mappings = self.vapi.nat44_static_mapping_dump() self.assertEqual(1, len(static_mappings)) self.assertEqual(self.pg7.sw_if_index, static_mappings[0].external_sw_if_index) # configure interface address and check static mappings self.pg7.config_ip4() - static_mappings = self.vapi.snat_static_mapping_dump() + static_mappings = self.vapi.nat44_static_mapping_dump() self.assertEqual(1, len(static_mappings)) self.assertEqual(static_mappings[0].external_ip_address[0:4], self.pg7.local_ip4n) @@ -1536,26 +1538,26 @@ class TestSNAT(MethodHolder): # remove interface address and check static mappings self.pg7.unconfig_ip4() - static_mappings = self.vapi.snat_static_mapping_dump() + static_mappings = self.vapi.nat44_static_mapping_dump() self.assertEqual(0, len(static_mappings)) def test_ipfix_nat44_sess(self): - """ S-NAT IPFIX logging NAT44 session created/delted """ + """ IPFIX logging NAT44 session created/delted """ self.ipfix_domain_id = 10 self.ipfix_src_port = 20202 colector_port = 30303 bind_layers(UDP, IPFIX, dport=30303) - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10, collector_port=colector_port) - self.vapi.snat_ipfix(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + self.vapi.nat_ipfix(domain_id=self.ipfix_domain_id, + src_port=self.ipfix_src_port) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -1563,7 +1565,7 @@ class TestSNAT(MethodHolder): self.pg_start() capture = self.pg1.get_capture(len(pkts)) self.verify_capture_out(capture) - self.snat_add_address(self.snat_addr, is_add=0) + self.nat44_add_address(self.nat_addr, is_add=0) self.vapi.cli("ipfix flush") # FIXME this should be an API call capture = self.pg3.get_capture(3) ipfix = IPFIXDecoder() @@ -1585,16 +1587,16 @@ class TestSNAT(MethodHolder): self.verify_ipfix_nat44_ses(data) def test_ipfix_addr_exhausted(self): - """ S-NAT IPFIX logging NAT addresses exhausted """ - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + """ IPFIX logging NAT addresses exhausted """ + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) - self.vapi.snat_ipfix(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + self.vapi.nat_ipfix(domain_id=self.ipfix_domain_id, + src_port=self.ipfix_src_port) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -1624,17 +1626,17 @@ class TestSNAT(MethodHolder): self.verify_ipfix_addr_exhausted(data) def test_pool_addr_fib(self): - """ S-NAT add pool addresses to FIB """ + """ NAT44 add pool addresses to FIB """ static_addr = '10.0.0.10' - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) - self.snat_add_static_mapping(self.pg0.remote_ip4, static_addr) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) + self.nat44_add_static_mapping(self.pg0.remote_ip4, static_addr) - # SNAT address + # NAT44 address p = (Ether(src=self.pg1.remote_mac, dst='ff:ff:ff:ff:ff:ff') / - ARP(op=ARP.who_has, pdst=self.snat_addr, + ARP(op=ARP.who_has, pdst=self.nat_addr, psrc=self.pg1.remote_ip4, hwsrc=self.pg1.remote_mac)) self.pg1.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -1654,9 +1656,9 @@ class TestSNAT(MethodHolder): self.assertTrue(capture[0].haslayer(ARP)) self.assertTrue(capture[0][ARP].op, ARP.is_at) - # send ARP to non-SNAT interface + # send ARP to non-NAT44 interface p = (Ether(src=self.pg2.remote_mac, dst='ff:ff:ff:ff:ff:ff') / - ARP(op=ARP.who_has, pdst=self.snat_addr, + ARP(op=ARP.who_has, pdst=self.nat_addr, psrc=self.pg2.remote_ip4, hwsrc=self.pg2.remote_mac)) self.pg2.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -1664,12 +1666,12 @@ class TestSNAT(MethodHolder): capture = self.pg1.get_capture(0) # remove addresses and verify - self.snat_add_address(self.snat_addr, is_add=0) - self.snat_add_static_mapping(self.pg0.remote_ip4, static_addr, - is_add=0) + self.nat44_add_address(self.nat_addr, is_add=0) + self.nat44_add_static_mapping(self.pg0.remote_ip4, static_addr, + is_add=0) p = (Ether(src=self.pg1.remote_mac, dst='ff:ff:ff:ff:ff:ff') / - ARP(op=ARP.who_has, pdst=self.snat_addr, + ARP(op=ARP.who_has, pdst=self.nat_addr, psrc=self.pg1.remote_ip4, hwsrc=self.pg1.remote_mac)) self.pg1.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -1685,7 +1687,7 @@ class TestSNAT(MethodHolder): capture = self.pg1.get_capture(0) def test_vrf_mode(self): - """ S-NAT tenant VRF aware address pool mode """ + """ NAT44 tenant VRF aware address pool mode """ vrf_id1 = 1 vrf_id2 = 2 @@ -1699,12 +1701,12 @@ class TestSNAT(MethodHolder): self.pg0.config_ip4() self.pg1.config_ip4() - self.snat_add_address(nat_ip1, vrf_id=vrf_id1) - self.snat_add_address(nat_ip2, vrf_id=vrf_id2) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg2.sw_if_index, - is_inside=0) + self.nat44_add_address(nat_ip1, vrf_id=vrf_id1) + self.nat44_add_address(nat_ip2, vrf_id=vrf_id2) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index, + is_inside=0) # first VRF pkts = self.create_stream_in(self.pg0, self.pg2) @@ -1723,17 +1725,17 @@ class TestSNAT(MethodHolder): self.verify_capture_out(capture, nat_ip2) def test_vrf_feature_independent(self): - """ S-NAT tenant VRF independent address pool mode """ + """ NAT44 tenant VRF independent address pool mode """ nat_ip1 = "10.0.0.10" nat_ip2 = "10.0.0.11" - self.snat_add_address(nat_ip1) - self.snat_add_address(nat_ip2) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg2.sw_if_index, - is_inside=0) + self.nat44_add_address(nat_ip1) + self.nat44_add_address(nat_ip2) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index, + is_inside=0) # first VRF pkts = self.create_stream_in(self.pg0, self.pg2) @@ -1752,7 +1754,7 @@ class TestSNAT(MethodHolder): self.verify_capture_out(capture, nat_ip1) def test_dynamic_ipless_interfaces(self): - """ SNAT interfaces without configured ip dynamic map """ + """ NAT44 interfaces without configured IP address """ self.vapi.ip_neighbor_add_del(self.pg7.sw_if_index, self.pg7.remote_mac, @@ -1772,10 +1774,10 @@ class TestSNAT(MethodHolder): next_hop_address=self.pg8.remote_ip4n, next_hop_sw_if_index=self.pg8.sw_if_index) - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg7.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg8.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index, + is_inside=0) # in2out pkts = self.create_stream_in(self.pg7, self.pg8) @@ -1786,7 +1788,7 @@ class TestSNAT(MethodHolder): self.verify_capture_out(capture) # out2in - pkts = self.create_stream_out(self.pg8, self.snat_addr) + pkts = self.create_stream_out(self.pg8, self.nat_addr) self.pg8.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) self.pg_start() @@ -1794,7 +1796,7 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg7) def test_static_ipless_interfaces(self): - """ SNAT 1:1 NAT interfaces without configured ip """ + """ NAT44 interfaces without configured IP address - 1:1 NAT """ self.vapi.ip_neighbor_add_del(self.pg7.sw_if_index, self.pg7.remote_mac, @@ -1814,10 +1816,10 @@ class TestSNAT(MethodHolder): next_hop_address=self.pg8.remote_ip4n, next_hop_sw_if_index=self.pg8.sw_if_index) - self.snat_add_static_mapping(self.pg7.remote_ip4, self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg7.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg8.sw_if_index, - is_inside=0) + self.nat44_add_static_mapping(self.pg7.remote_ip4, self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index, + is_inside=0) # out2in pkts = self.create_stream_out(self.pg8) @@ -1833,10 +1835,10 @@ class TestSNAT(MethodHolder): self.pg_enable_capture(self.pg_interfaces) self.pg_start() capture = self.pg8.get_capture(len(pkts)) - self.verify_capture_out(capture, self.snat_addr, True) + self.verify_capture_out(capture, self.nat_addr, True) def test_static_with_port_ipless_interfaces(self): - """ SNAT 1:1 NAT with port interfaces without configured ip """ + """ NAT44 interfaces without configured IP address - 1:1 NAPT """ self.tcp_port_out = 30606 self.udp_port_out = 30607 @@ -1860,19 +1862,19 @@ class TestSNAT(MethodHolder): next_hop_address=self.pg8.remote_ip4n, next_hop_sw_if_index=self.pg8.sw_if_index) - self.snat_add_address(self.snat_addr) - self.snat_add_static_mapping(self.pg7.remote_ip4, self.snat_addr, - self.tcp_port_in, self.tcp_port_out, - proto=IP_PROTOS.tcp) - self.snat_add_static_mapping(self.pg7.remote_ip4, self.snat_addr, - self.udp_port_in, self.udp_port_out, - proto=IP_PROTOS.udp) - self.snat_add_static_mapping(self.pg7.remote_ip4, self.snat_addr, - self.icmp_id_in, self.icmp_id_out, - proto=IP_PROTOS.icmp) - self.vapi.snat_interface_add_del_feature(self.pg7.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg8.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.nat44_add_static_mapping(self.pg7.remote_ip4, self.nat_addr, + self.tcp_port_in, self.tcp_port_out, + proto=IP_PROTOS.tcp) + self.nat44_add_static_mapping(self.pg7.remote_ip4, self.nat_addr, + self.udp_port_in, self.udp_port_out, + proto=IP_PROTOS.udp) + self.nat44_add_static_mapping(self.pg7.remote_ip4, self.nat_addr, + self.icmp_id_in, self.icmp_id_out, + proto=IP_PROTOS.icmp) + self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index, + is_inside=0) # out2in pkts = self.create_stream_out(self.pg8) @@ -1893,10 +1895,10 @@ class TestSNAT(MethodHolder): def test_static_unknown_proto(self): """ 1:1 NAT translate packet with unknown protocol """ nat_ip = "10.0.0.10" - self.snat_add_static_mapping(self.pg0.remote_ip4, nat_ip) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # in2out p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -1947,11 +1949,11 @@ class TestSNAT(MethodHolder): host_nat_ip = "10.0.0.10" server_nat_ip = "10.0.0.11" - self.snat_add_static_mapping(host.ip4, host_nat_ip) - self.snat_add_static_mapping(server.ip4, server_nat_ip) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_static_mapping(host.ip4, host_nat_ip) + self.nat44_add_static_mapping(server.ip4, server_nat_ip) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # host to server p = (Ether(dst=self.pg0.local_mac, src=host.mac) / @@ -1994,11 +1996,11 @@ class TestSNAT(MethodHolder): raise def test_unknown_proto(self): - """ SNAT translate packet with unknown protocol """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + """ NAT44 translate packet with unknown protocol """ + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # in2out p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -2020,7 +2022,7 @@ class TestSNAT(MethodHolder): p = self.pg1.get_capture(1) packet = p[0] try: - self.assertEqual(packet[IP].src, self.snat_addr) + self.assertEqual(packet[IP].src, self.nat_addr) self.assertEqual(packet[IP].dst, self.pg1.remote_ip4) self.assertTrue(packet.haslayer(GRE)) self.check_ip_checksum(packet) @@ -2030,7 +2032,7 @@ class TestSNAT(MethodHolder): # out2in p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / GRE() / IP(src=self.pg3.remote_ip4, dst=self.pg2.remote_ip4) / TCP(sport=1234, dport=1234)) @@ -2049,7 +2051,7 @@ class TestSNAT(MethodHolder): raise def test_hairpinning_unknown_proto(self): - """ SNAT translate packet with unknown protocol - hairpinning """ + """ NAT44 translate packet with unknown protocol - hairpinning """ host = self.pg0.remote_hosts[0] server = self.pg0.remote_hosts[1] host_in_port = 1234 @@ -2058,13 +2060,13 @@ class TestSNAT(MethodHolder): server_out_port = 8765 server_nat_ip = "10.0.0.11" - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # add static mapping for server - self.snat_add_static_mapping(server.ip4, server_nat_ip) + self.nat44_add_static_mapping(server.ip4, server_nat_ip) # host to server p = (Ether(src=host.mac, dst=self.pg0.local_mac) / @@ -2086,7 +2088,7 @@ class TestSNAT(MethodHolder): p = self.pg0.get_capture(1) packet = p[0] try: - self.assertEqual(packet[IP].src, self.snat_addr) + self.assertEqual(packet[IP].src, self.nat_addr) self.assertEqual(packet[IP].dst, server.ip4) self.assertTrue(packet.haslayer(GRE)) self.check_ip_checksum(packet) @@ -2096,7 +2098,7 @@ class TestSNAT(MethodHolder): # server to host p = (Ether(dst=self.pg0.local_mac, src=server.mac) / - IP(src=server.ip4, dst=self.snat_addr) / + IP(src=server.ip4, dst=self.nat_addr) / GRE() / IP(src=self.pg3.remote_ip4, dst=self.pg2.remote_ip4) / TCP(sport=1234, dport=1234)) @@ -2115,11 +2117,11 @@ class TestSNAT(MethodHolder): raise def test_output_feature(self): - """ S-NAT interface output feature (in2out postrouting) """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_output_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_output_feature(self.pg1.sw_if_index, - is_inside=0) + """ NAT44 interface output feature (in2out postrouting) """ + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_output_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index, + is_inside=0) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -2138,7 +2140,7 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg0) def test_output_feature_vrf_aware(self): - """ S-NAT interface output feature VRF aware (in2out postrouting) """ + """ NAT44 interface output feature VRF aware (in2out postrouting) """ nat_ip_vrf10 = "10.0.0.10" nat_ip_vrf20 = "10.0.0.20" @@ -2153,12 +2155,12 @@ class TestSNAT(MethodHolder): next_hop_sw_if_index=self.pg3.sw_if_index, table_id=20) - self.snat_add_address(nat_ip_vrf10, vrf_id=10) - self.snat_add_address(nat_ip_vrf20, vrf_id=20) - self.vapi.snat_interface_add_del_output_feature(self.pg4.sw_if_index) - self.vapi.snat_interface_add_del_output_feature(self.pg6.sw_if_index) - self.vapi.snat_interface_add_del_output_feature(self.pg3.sw_if_index, - is_inside=0) + self.nat44_add_address(nat_ip_vrf10, vrf_id=10) + self.nat44_add_address(nat_ip_vrf20, vrf_id=20) + self.vapi.nat44_interface_add_del_output_feature(self.pg4.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature(self.pg6.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature(self.pg3.sw_if_index, + is_inside=0) # in2out VRF 10 pkts = self.create_stream_in(self.pg4, self.pg3) @@ -2193,7 +2195,7 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg6) def test_output_feature_hairpinning(self): - """ S-NAT interface output feature hairpinning (in2out postrouting) """ + """ NAT44 interface output feature hairpinning (in2out postrouting) """ host = self.pg0.remote_hosts[0] server = self.pg0.remote_hosts[1] host_in_port = 1234 @@ -2201,19 +2203,19 @@ class TestSNAT(MethodHolder): server_in_port = 5678 server_out_port = 8765 - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_output_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_output_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_output_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index, + is_inside=0) # add static mapping for server - self.snat_add_static_mapping(server.ip4, self.snat_addr, - server_in_port, server_out_port, - proto=IP_PROTOS.tcp) + self.nat44_add_static_mapping(server.ip4, self.nat_addr, + server_in_port, server_out_port, + proto=IP_PROTOS.tcp) # send packet from host to server p = (Ether(src=host.mac, dst=self.pg0.local_mac) / - IP(src=host.ip4, dst=self.snat_addr) / + IP(src=host.ip4, dst=self.nat_addr) / TCP(sport=host_in_port, dport=server_out_port)) self.pg0.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -2223,7 +2225,7 @@ class TestSNAT(MethodHolder): try: ip = p[IP] tcp = p[TCP] - self.assertEqual(ip.src, self.snat_addr) + self.assertEqual(ip.src, self.nat_addr) self.assertEqual(ip.dst, server.ip4) self.assertNotEqual(tcp.sport, host_in_port) self.assertEqual(tcp.dport, server_in_port) @@ -2235,7 +2237,7 @@ class TestSNAT(MethodHolder): # send reply from server to host p = (Ether(src=server.mac, dst=self.pg0.local_mac) / - IP(src=server.ip4, dst=self.snat_addr) / + IP(src=server.ip4, dst=self.nat_addr) / TCP(sport=server_in_port, dport=host_out_port)) self.pg0.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -2245,7 +2247,7 @@ class TestSNAT(MethodHolder): try: ip = p[IP] tcp = p[TCP] - self.assertEqual(ip.src, self.snat_addr) + self.assertEqual(ip.src, self.nat_addr) self.assertEqual(ip.dst, host.ip4) self.assertEqual(tcp.sport, server_out_port) self.assertEqual(tcp.dport, host_in_port) @@ -2255,10 +2257,10 @@ class TestSNAT(MethodHolder): raise def tearDown(self): - super(TestSNAT, self).tearDown() + super(TestNAT44, self).tearDown() if not self.vpp_dead: - self.logger.info(self.vapi.cli("show snat verbose")) - self.clear_snat() + self.logger.info(self.vapi.cli("show nat44 verbose")) + self.clear_nat44() class TestDeterministicNAT(MethodHolder): @@ -2267,7 +2269,7 @@ class TestDeterministicNAT(MethodHolder): @classmethod def setUpConstants(cls): super(TestDeterministicNAT, cls).setUpConstants() - cls.vpp_cmdline.extend(["snat", "{", "deterministic", "}"]) + cls.vpp_cmdline.extend(["nat", "{", "deterministic", "}"]) @classmethod def setUpClass(cls): @@ -2279,7 +2281,7 @@ class TestDeterministicNAT(MethodHolder): cls.udp_port_in = 6304 cls.udp_external_port = 6304 cls.icmp_id_in = 6305 - cls.snat_addr = '10.0.0.3' + cls.nat_addr = '10.0.0.3' cls.create_pg_interfaces(range(3)) cls.interfaces = list(cls.pg_interfaces) @@ -2330,11 +2332,11 @@ class TestDeterministicNAT(MethodHolder): Create packet stream for outside network :param out_if: Outside interface - :param dst_ip: Destination IP address (Default use global SNAT address) + :param dst_ip: Destination IP address (Default use global NAT address) :param ttl: TTL of generated packets """ if dst_ip is None: - dst_ip = self.snat_addr + dst_ip = self.nat_addr pkts = [] # TCP p = (Ether(dst=out_if.local_mac, src=out_if.remote_mac) / @@ -2361,12 +2363,12 @@ class TestDeterministicNAT(MethodHolder): Verify captured packets on outside network :param capture: Captured packets - :param nat_ip: Translated IP address (Default use global SNAT address) + :param nat_ip: Translated IP address (Default use global NAT address) :param same_port: Sorce port number is not translated (Default False) :param packet_num: Expected number of packets (Default 3) """ if nat_ip is None: - nat_ip = self.snat_addr + nat_ip = self.nat_addr self.assertEqual(packet_num, len(capture)) for packet in capture: try: @@ -2404,7 +2406,7 @@ class TestDeterministicNAT(MethodHolder): # SYN + ACK packet out->in p = (Ether(src=out_if.remote_mac, dst=out_if.local_mac) / - IP(src=out_if.remote_ip4, dst=self.snat_addr) / + IP(src=out_if.remote_ip4, dst=self.nat_addr) / TCP(sport=self.tcp_external_port, dport=self.tcp_port_out, flags="SA")) out_if.add_stream(p) @@ -2442,7 +2444,7 @@ class TestDeterministicNAT(MethodHolder): self.assertEqual(self.pg0.remote_ip4n, record[8]) def test_deterministic_mode(self): - """ S-NAT run deterministic mode """ + """ NAT plugin run deterministic mode """ in_addr = '172.16.255.0' out_addr = '172.17.255.50' in_addr_t = '172.16.255.20' @@ -2452,17 +2454,17 @@ class TestDeterministicNAT(MethodHolder): in_plen = 24 out_plen = 32 - snat_config = self.vapi.snat_show_config() - self.assertEqual(1, snat_config.deterministic) + nat_config = self.vapi.nat_show_config() + self.assertEqual(1, nat_config.deterministic) - self.vapi.snat_add_det_map(in_addr_n, in_plen, out_addr_n, out_plen) + self.vapi.nat_det_add_del_map(in_addr_n, in_plen, out_addr_n, out_plen) - rep1 = self.vapi.snat_det_forward(in_addr_t_n) + rep1 = self.vapi.nat_det_forward(in_addr_t_n) self.assertEqual(rep1.out_addr[:4], out_addr_n) - rep2 = self.vapi.snat_det_reverse(out_addr_n, rep1.out_port_hi) + rep2 = self.vapi.nat_det_reverse(out_addr_n, rep1.out_port_hi) self.assertEqual(rep2.in_addr[:4], in_addr_t_n) - deterministic_mappings = self.vapi.snat_det_map_dump() + deterministic_mappings = self.vapi.nat_det_map_dump() self.assertEqual(len(deterministic_mappings), 1) dsm = deterministic_mappings[0] self.assertEqual(in_addr_n, dsm.in_addr[:4]) @@ -2470,20 +2472,20 @@ class TestDeterministicNAT(MethodHolder): self.assertEqual(out_addr_n, dsm.out_addr[:4]) self.assertEqual(out_plen, dsm.out_plen) - self.clear_snat() - deterministic_mappings = self.vapi.snat_det_map_dump() + self.clear_nat_det() + deterministic_mappings = self.vapi.nat_det_map_dump() self.assertEqual(len(deterministic_mappings), 0) def test_set_timeouts(self): """ Set deterministic NAT timeouts """ - timeouts_before = self.vapi.snat_det_get_timeouts() + timeouts_before = self.vapi.nat_det_get_timeouts() - self.vapi.snat_det_set_timeouts(timeouts_before.udp + 10, - timeouts_before.tcp_established + 10, - timeouts_before.tcp_transitory + 10, - timeouts_before.icmp + 10) + self.vapi.nat_det_set_timeouts(timeouts_before.udp + 10, + timeouts_before.tcp_established + 10, + timeouts_before.tcp_transitory + 10, + timeouts_before.icmp + 10) - timeouts_after = self.vapi.snat_det_get_timeouts() + timeouts_after = self.vapi.nat_det_get_timeouts() self.assertNotEqual(timeouts_before.udp, timeouts_after.udp) self.assertNotEqual(timeouts_before.icmp, timeouts_after.icmp) @@ -2493,17 +2495,17 @@ class TestDeterministicNAT(MethodHolder): timeouts_after.tcp_transitory) def test_det_in(self): - """ CGNAT translation test (TCP, UDP, ICMP) """ + """ Deterministic NAT translation test (TCP, UDP, ICMP) """ nat_ip = "10.0.0.10" - self.vapi.snat_add_det_map(self.pg0.remote_ip4n, - 32, - socket.inet_aton(nat_ip), - 32) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, + 32, + socket.inet_aton(nat_ip), + 32) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -2522,7 +2524,7 @@ class TestDeterministicNAT(MethodHolder): self.verify_capture_in(capture, self.pg0) # session dump test - sessions = self.vapi.snat_det_session_dump(self.pg0.remote_ip4n) + sessions = self.vapi.nat_det_session_dump(self.pg0.remote_ip4n) self.assertEqual(len(sessions), 3) # TCP session @@ -2546,7 +2548,7 @@ class TestDeterministicNAT(MethodHolder): self.assertEqual(s.out_port, self.icmp_external_id) def test_multiple_users(self): - """ CGNAT multiple users """ + """ Deterministic NAT multiple users """ nat_ip = "10.0.0.10" port_in = 80 @@ -2555,13 +2557,13 @@ class TestDeterministicNAT(MethodHolder): host0 = self.pg0.remote_hosts[0] host1 = self.pg0.remote_hosts[1] - self.vapi.snat_add_det_map(host0.ip4n, - 24, - socket.inet_aton(nat_ip), - 32) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.vapi.nat_det_add_del_map(host0.ip4n, + 24, + socket.inet_aton(nat_ip), + 32) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # host0 to out p = (Ether(src=host0.mac, dst=self.pg0.local_mac) / @@ -2603,7 +2605,7 @@ class TestDeterministicNAT(MethodHolder): self.logger.error(ppp("Unexpected or invalid packet:", p)) raise - dms = self.vapi.snat_det_map_dump() + dms = self.vapi.nat_det_map_dump() self.assertEqual(1, len(dms)) self.assertEqual(2, dms[0].ses_num) @@ -2648,29 +2650,29 @@ class TestDeterministicNAT(MethodHolder): raise # session close api test - self.vapi.snat_det_close_session_out(socket.inet_aton(nat_ip), - port_out1, - self.pg1.remote_ip4n, - external_port) - dms = self.vapi.snat_det_map_dump() - self.assertEqual(dms[0].ses_num, 1) - - self.vapi.snat_det_close_session_in(host0.ip4n, - port_in, + self.vapi.nat_det_close_session_out(socket.inet_aton(nat_ip), + port_out1, self.pg1.remote_ip4n, external_port) - dms = self.vapi.snat_det_map_dump() + dms = self.vapi.nat_det_map_dump() + self.assertEqual(dms[0].ses_num, 1) + + self.vapi.nat_det_close_session_in(host0.ip4n, + port_in, + self.pg1.remote_ip4n, + external_port) + dms = self.vapi.nat_det_map_dump() self.assertEqual(dms[0].ses_num, 0) def test_tcp_session_close_detection_in(self): - """ CGNAT TCP session close initiated from inside network """ - self.vapi.snat_add_det_map(self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.snat_addr), - 32) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + """ Deterministic NAT TCP session close from inside network """ + self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, + 32, + socket.inet_aton(self.nat_addr), + 32) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) self.initiate_tcp_session(self.pg0, self.pg1) @@ -2690,14 +2692,14 @@ class TestDeterministicNAT(MethodHolder): # ACK packet out -> in p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / TCP(sport=self.tcp_external_port, dport=self.tcp_port_out, flags="A")) pkts.append(p) # FIN packet out -> in p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / TCP(sport=self.tcp_external_port, dport=self.tcp_port_out, flags="F")) pkts.append(p) @@ -2717,22 +2719,22 @@ class TestDeterministicNAT(MethodHolder): self.pg_start() self.pg1.get_capture(1) - # Check if snat closed the session - dms = self.vapi.snat_det_map_dump() + # Check if deterministic NAT44 closed the session + dms = self.vapi.nat_det_map_dump() self.assertEqual(0, dms[0].ses_num) except: self.logger.error("TCP session termination failed") raise def test_tcp_session_close_detection_out(self): - """ CGNAT TCP session close initiated from outside network """ - self.vapi.snat_add_det_map(self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.snat_addr), - 32) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + """ Deterministic NAT TCP session close from outside network """ + self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, + 32, + socket.inet_aton(self.nat_addr), + 32) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) self.initiate_tcp_session(self.pg0, self.pg1) @@ -2740,7 +2742,7 @@ class TestDeterministicNAT(MethodHolder): try: # FIN packet out -> in p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / TCP(sport=self.tcp_external_port, dport=self.tcp_port_out, flags="F")) self.pg1.add_stream(p) @@ -2771,7 +2773,7 @@ class TestDeterministicNAT(MethodHolder): # ACK packet out -> in p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / TCP(sport=self.tcp_external_port, dport=self.tcp_port_out, flags="A")) self.pg1.add_stream(p) @@ -2779,8 +2781,8 @@ class TestDeterministicNAT(MethodHolder): self.pg_start() self.pg0.get_capture(1) - # Check if snat closed the session - dms = self.vapi.snat_det_map_dump() + # Check if deterministic NAT44 closed the session + dms = self.vapi.nat_det_map_dump() self.assertEqual(0, dms[0].ses_num) except: self.logger.error("TCP session termination failed") @@ -2788,17 +2790,17 @@ class TestDeterministicNAT(MethodHolder): @unittest.skipUnless(running_extended_tests(), "part of extended tests") def test_session_timeout(self): - """ CGNAT session timeouts """ - self.vapi.snat_add_det_map(self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.snat_addr), - 32) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + """ Deterministic NAT session timeouts """ + self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, + 32, + socket.inet_aton(self.nat_addr), + 32) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) self.initiate_tcp_session(self.pg0, self.pg1) - self.vapi.snat_det_set_timeouts(5, 5, 5, 5) + self.vapi.nat_det_set_timeouts(5, 5, 5, 5) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -2806,24 +2808,24 @@ class TestDeterministicNAT(MethodHolder): capture = self.pg1.get_capture(len(pkts)) sleep(15) - dms = self.vapi.snat_det_map_dump() + dms = self.vapi.nat_det_map_dump() self.assertEqual(0, dms[0].ses_num) @unittest.skipUnless(running_extended_tests(), "part of extended tests") def test_session_limit_per_user(self): - """ CGNAT maximum 1000 sessions per user should be created """ - self.vapi.snat_add_det_map(self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.snat_addr), - 32) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + """ Deterministic NAT maximum sessions per user limit """ + self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, + 32, + socket.inet_aton(self.nat_addr), + 32) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) self.vapi.set_ipfix_exporter(collector_address=self.pg2.remote_ip4n, src_address=self.pg2.local_ip4n, path_mtu=512, template_interval=10) - self.vapi.snat_ipfix() + self.vapi.nat_ipfix() pkts = [] for port in range(1025, 2025): @@ -2857,7 +2859,7 @@ class TestDeterministicNAT(MethodHolder): self.assertEqual(inner_ip[UDPerror].sport, 3001) self.assertEqual(inner_ip[UDPerror].dport, 3002) - dms = self.vapi.snat_det_map_dump() + dms = self.vapi.nat_det_map_dump() self.assertEqual(1000, dms[0].ses_num) @@ -2877,31 +2879,31 @@ class TestDeterministicNAT(MethodHolder): data = ipfix.decode_data_set(p.getlayer(Set)) self.verify_ipfix_max_entries_per_user(data) - def clear_snat(self): + def clear_nat_det(self): """ - Clear SNAT configuration. + Clear deterministic NAT configuration. """ - self.vapi.snat_ipfix(enable=0) - self.vapi.snat_det_set_timeouts() - deterministic_mappings = self.vapi.snat_det_map_dump() + self.vapi.nat_ipfix(enable=0) + self.vapi.nat_det_set_timeouts() + deterministic_mappings = self.vapi.nat_det_map_dump() for dsm in deterministic_mappings: - self.vapi.snat_add_det_map(dsm.in_addr, - dsm.in_plen, - dsm.out_addr, - dsm.out_plen, - is_add=0) + self.vapi.nat_det_add_del_map(dsm.in_addr, + dsm.in_plen, + dsm.out_addr, + dsm.out_plen, + is_add=0) - interfaces = self.vapi.snat_interface_dump() + interfaces = self.vapi.nat44_interface_dump() for intf in interfaces: - self.vapi.snat_interface_add_del_feature(intf.sw_if_index, - intf.is_inside, - is_add=0) + self.vapi.nat44_interface_add_del_feature(intf.sw_if_index, + intf.is_inside, + is_add=0) def tearDown(self): super(TestDeterministicNAT, self).tearDown() if not self.vpp_dead: - self.logger.info(self.vapi.cli("show snat detail")) - self.clear_snat() + self.logger.info(self.vapi.cli("show nat44 detail")) + self.clear_nat_det() class TestNAT64(MethodHolder): diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py index 95de0be6..61db4d6b 100644 --- a/test/vpp_papi_provider.py +++ b/test/vpp_papi_provider.py @@ -1061,41 +1061,41 @@ class VppPapiProvider(object): 'mt_next_hop_table_id': next_hop_table_id, 'mt_next_hop_out_label_stack': next_hop_out_label_stack}) - def snat_interface_add_del_feature( + def nat44_interface_add_del_feature( self, sw_if_index, is_inside=1, is_add=1): - """Enable/disable S-NAT feature on the interface + """Enable/disable NAT44 feature on the interface :param sw_if_index: Software index of the interface :param is_inside: 1 if inside, 0 if outside (Default value = 1) :param is_add: 1 if add, 0 if delete (Default value = 1) """ return self.api( - self.papi.snat_interface_add_del_feature, + self.papi.nat44_interface_add_del_feature, {'is_add': is_add, 'is_inside': is_inside, 'sw_if_index': sw_if_index}) - def snat_interface_add_del_output_feature( + def nat44_interface_add_del_output_feature( self, sw_if_index, is_inside=1, is_add=1): - """Enable/disable S-NAT output feature on the interface + """Enable/disable NAT44 output feature on the interface :param sw_if_index: Software index of the interface :param is_inside: 1 if inside, 0 if outside (Default value = 1) :param is_add: 1 if add, 0 if delete (Default value = 1) """ return self.api( - self.papi.snat_interface_add_del_output_feature, + self.papi.nat44_interface_add_del_output_feature, {'is_add': is_add, 'is_inside': is_inside, 'sw_if_index': sw_if_index}) - def snat_add_static_mapping( + def nat44_add_del_static_mapping( self, local_ip, external_ip=0, @@ -1105,9 +1105,8 @@ class VppPapiProvider(object): addr_only=1, vrf_id=0, protocol=0, - is_add=1, - is_ip4=1): - """Add/delete S-NAT static mapping + is_add=1): + """Add/delete NAT44 static mapping :param local_ip: Local IP address :param external_ip: External IP address @@ -1118,12 +1117,10 @@ class VppPapiProvider(object): :param vrf_id: VRF ID :param protocol: IP protocol (Default value = 0) :param is_add: 1 if add, 0 if delete (Default value = 1) - :param is_ip4: 1 if address type is IPv4 (Default value = 1) """ return self.api( - self.papi.snat_add_static_mapping, + self.papi.nat44_add_del_static_mapping, {'is_add': is_add, - 'is_ip4': is_ip4, 'addr_only': addr_only, 'local_ip_address': local_ip, 'external_ip_address': external_ip, @@ -1133,100 +1130,96 @@ class VppPapiProvider(object): 'vrf_id': vrf_id, 'protocol': protocol}) - def snat_add_address_range( + def nat44_add_del_address_range( self, first_ip_address, last_ip_address, is_add=1, - is_ip4=1, vrf_id=0xFFFFFFFF): - """Add/del S-NAT address range + """Add/del NAT44 address range :param first_ip_address: First IP address :param last_ip_address: Last IP address :param vrf_id: VRF id for the address range :param is_add: 1 if add, 0 if delete (Default value = 1) - :param is_ip4: 1 if address type is IPv4 (Default value = 1) """ return self.api( - self.papi.snat_add_address_range, - {'is_ip4': is_ip4, - 'first_ip_address': first_ip_address, + self.papi.nat44_add_del_address_range, + {'first_ip_address': first_ip_address, 'last_ip_address': last_ip_address, 'vrf_id': vrf_id, 'is_add': is_add}) - def snat_address_dump(self): - """Dump S-NAT addresses - :return: Dictionary of S-NAT addresses + def nat44_address_dump(self): + """Dump NAT44 addresses + :return: Dictionary of NAT44 addresses """ - return self.api(self.papi.snat_address_dump, {}) + return self.api(self.papi.nat44_address_dump, {}) - def snat_interface_dump(self): - """Dump interfaces with S-NAT feature - :return: Dictionary of interfaces with S-NAT feature + def nat44_interface_dump(self): + """Dump interfaces with NAT44 feature + :return: Dictionary of interfaces with NAT44 feature """ - return self.api(self.papi.snat_interface_dump, {}) + return self.api(self.papi.nat44_interface_dump, {}) - def snat_interface_output_feature_dump(self): - """Dump interfaces with S-NAT output feature - :return: Dictionary of interfaces with S-NAT output feature + def nat44_interface_output_feature_dump(self): + """Dump interfaces with NAT44 output feature + :return: Dictionary of interfaces with NAT44 output feature """ - return self.api(self.papi.snat_interface_output_feature_dump, {}) + return self.api(self.papi.nat44_interface_output_feature_dump, {}) - def snat_static_mapping_dump(self): - """Dump S-NAT static mappings - :return: Dictionary of S-NAT static mappings + def nat44_static_mapping_dump(self): + """Dump NAT44 static mappings + :return: Dictionary of NAT44 static mappings """ - return self.api(self.papi.snat_static_mapping_dump, {}) + return self.api(self.papi.nat44_static_mapping_dump, {}) - def snat_show_config(self): - """Show S-NAT config - :return: S-NAT config parameters + def nat_show_config(self): + """Show NAT plugin config + :return: NAT plugin config parameters """ - return self.api(self.papi.snat_show_config, {}) + return self.api(self.papi.nat_show_config, {}) - def snat_add_interface_addr( + def nat44_add_interface_addr( self, sw_if_index, is_add=1): - """Add/del S-NAT address from interface + """Add/del NAT44 address from interface :param sw_if_index: Software index of the interface :param is_add: 1 if add, 0 if delete (Default value = 1) """ - return self.api(self.papi.snat_add_del_interface_addr, + return self.api(self.papi.nat44_add_del_interface_addr, {'is_add': is_add, 'sw_if_index': sw_if_index}) - def snat_interface_addr_dump(self): - """Dump S-NAT addresses interfaces - :return: Dictionary of S-NAT addresses interfaces + def nat44_interface_addr_dump(self): + """Dump NAT44 addresses interfaces + :return: Dictionary of NAT44 addresses interfaces """ - return self.api(self.papi.snat_interface_addr_dump, {}) + return self.api(self.papi.nat44_interface_addr_dump, {}) - def snat_ipfix( + def nat_ipfix( self, domain_id=1, src_port=4739, enable=1): - """Enable/disable S-NAT IPFIX logging + """Enable/disable NAT IPFIX logging :param domain_id: Observation domain ID (Default value = 1) :param src_port: Source port number (Default value = 4739) :param enable: 1 if enable, 0 if disable (Default value = 1) """ return self.api( - self.papi.snat_ipfix_enable_disable, + self.papi.nat_ipfix_enable_disable, {'domain_id': domain_id, 'src_port': src_port, 'enable': enable}) - def snat_user_session_dump( + def nat44_user_session_dump( self, ip_address, - vrf_id, - is_ip4=1): - """Dump S-NAT user's sessions + vrf_id): + """Dump NAT44 user's sessions :param ip_address: ip adress of the user to be dumped :param cpu_index: cpu_index on which the user is @@ -1234,26 +1227,25 @@ class VppPapiProvider(object): :return: Dictionary of S-NAT sessions """ return self.api( - self.papi.snat_user_session_dump, + self.papi.nat44_user_session_dump, {'ip_address': ip_address, - 'vrf_id': vrf_id, - 'is_ip4': is_ip4}) + 'vrf_id': vrf_id}) - def snat_user_dump(self): - """Dump S-NAT users + def nat44_user_dump(self): + """Dump NAT44 users - :return: Dictionary of S-NAT users + :return: Dictionary of NAT44 users """ - return self.api(self.papi.snat_user_dump, {}) + return self.api(self.papi.nat44_user_dump, {}) - def snat_add_det_map( + def nat_det_add_del_map( self, in_addr, in_plen, out_addr, out_plen, is_add=1): - """Add/delete S-NAT deterministic mapping + """Add/delete deterministic NAT mapping :param is_add - 1 if add, 0 if delete :param in_addr - inside IP address @@ -1262,14 +1254,15 @@ class VppPapiProvider(object): :param out_plen - outside IP address prefix length """ return self.api( - self.papi.snat_add_det_map, + self.papi.nat_det_add_del_map, {'is_add': is_add, + 'is_nat44': 1, 'in_addr': in_addr, 'in_plen': in_plen, 'out_addr': out_addr, 'out_plen': out_plen}) - def snat_det_forward( + def nat_det_forward( self, in_addr): """Get outside address and port range from inside address @@ -1277,10 +1270,11 @@ class VppPapiProvider(object): :param in_addr - inside IP address """ return self.api( - self.papi.snat_det_forward, - {'in_addr': in_addr}) + self.papi.nat_det_forward, + {'in_addr': in_addr, + 'is_nat44': 1}) - def snat_det_reverse( + def nat_det_reverse( self, out_addr, out_port): @@ -1290,18 +1284,18 @@ class VppPapiProvider(object): :param out_port - outside port """ return self.api( - self.papi.snat_det_reverse, + self.papi.nat_det_reverse, {'out_addr': out_addr, 'out_port': out_port}) - def snat_det_map_dump(self): - """Dump S-NAT deterministic mappings + def nat_det_map_dump(self): + """Dump deterministic NAT mappings - :return: Dictionary of S-NAT deterministic mappings + :return: Dictionary of deterministic NAT mappings """ - return self.api(self.papi.snat_det_map_dump, {}) + return self.api(self.papi.nat_det_map_dump, {}) - def snat_det_set_timeouts( + def nat_det_set_timeouts( self, udp=300, tcp_established=7440, @@ -1315,78 +1309,71 @@ class VppPapiProvider(object): :param icmp - ICMP timeout (Default value = 60) """ return self.api( - self.papi.snat_det_set_timeouts, + self.papi.nat_det_set_timeouts, {'udp': udp, 'tcp_established': tcp_established, 'tcp_transitory': tcp_transitory, 'icmp': icmp}) - def snat_det_get_timeouts(self): + def nat_det_get_timeouts(self): """Get values of timeouts for deterministic NAT :return: Timeouts for deterministic NAT (in seconds) """ - return self.api(self.papi.snat_det_get_timeouts, {}) + return self.api(self.papi.nat_det_get_timeouts, {}) - def snat_det_close_session_out( + def nat_det_close_session_out( self, out_addr, out_port, ext_addr, - ext_port, - is_ip4=1): - """Close CGN session using outside address and port + ext_port): + """Close deterministic NAT session using outside address and port :param out_addr - outside IP address :param out_port - outside port :param ext_addr - external host IP address :param ext_port - external host port - :param is_ip4: 1 if address type is IPv4 (Default value = 1) """ return self.api( - self.papi.snat_det_close_session_out, + self.papi.nat_det_close_session_out, {'out_addr': out_addr, 'out_port': out_port, 'ext_addr': ext_addr, - 'ext_port': ext_port, - 'is_ip4': is_ip4}) + 'ext_port': ext_port}) - def snat_det_close_session_in( + def nat_det_close_session_in( self, in_addr, in_port, ext_addr, - ext_port, - is_ip4=1): - """Close CGN session using inside address and port + ext_port): + """Close deterministic NAT session using inside address and port :param in_addr - inside IP address :param in_port - inside port :param ext_addr - external host IP address :param ext_port - external host port - :param is_ip4: 1 if address type is IPv4 (Default value = 1) """ return self.api( - self.papi.snat_det_close_session_in, + self.papi.nat_det_close_session_in, {'in_addr': in_addr, 'in_port': in_port, 'ext_addr': ext_addr, 'ext_port': ext_port, - 'is_ip4': is_ip4}) + 'is_nat44': 1}) - def snat_det_session_dump( + def nat_det_session_dump( self, - user_addr, - is_ip4=1): - """Dump S-NAT deterministic sessions belonging to a user + user_addr): + """Dump deterministic NAT sessions belonging to a user :param user_addr - inside IP address of the user - :param is_ip4: - 1 if address type is IPv4 (Default value = 1) - :return: Dictionary of S-NAT deterministic sessions + :return: Dictionary of deterministic NAT sessions """ return self.api( - self.papi.snat_det_session_dump, - {'is_ip4': is_ip4, + self.papi.nat_det_session_dump, + {'is_nat44': 1, 'user_addr': user_addr}) def nat64_add_del_pool_addr_range( |