diff options
| author |   Matthew Smith <mgsmith@netgate.com> | 2019-12-04 15:02:46 -0600 |
|---|---|---|
| committer | Matthew Smith <mgsmith@netgate.com> | 2019-12-05 10:24:41 -0600 |
| commit | 9f3569615eaadcf24a880d8d5547df9ad7a1d35f (patch) | |
| tree | 600e092bcbdea0338f1f26336c1904a5ae1bd2c0 /src/plugins/map/test | |
| parent | 1063f2ae80666d355407d58e0fda35fbd5292d9b (diff) | |
map: fix MAP-T ip6 port check
Type: fix
Ticket: VPP-1804
Fix a regression introduced by 640edcd90.
The port set ID on received IPv6 packets for MAP-T was being
checked against the destination port. It should be checked
against the source port.
Added a new unit test to verify that a v6 packet with a good
source port is translated and forwarded and a v6 packet with
a bad source port is dropped. The important part of the test
which will prevent similar future regressions is that the
source port and destination port are not equal. The existing
unit test used the same source and destination port which is
why it did not fail when the regression was introduced.
Change-Id: Idc144ea509722bb9e0f80b3887d220384a04e6d6
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Diffstat (limited to 'src/plugins/map/test')
| -rw-r--r-- | src/plugins/map/test/test_map.py | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/src/plugins/map/test/test_map.py b/src/plugins/map/test/test_map.py index 94cb6d7865d..9da3d0c9074 100644 --- a/src/plugins/map/test/test_map.py +++ b/src/plugins/map/test/test_map.py @@ -640,6 +640,61 @@ class TestMAP(VppTestCase): for p in rx: self.validate(p[1], p4_translated) + def test_map_t_ip6_psid(self): + """ MAP-T v6->v4 PSID validation""" + + # + # Add a domain that maps from pg0 to pg1 + # + map_dst = '2001:db8::/32' + map_src = '1234:5678:90ab:cdef::/64' + ip4_pfx = '192.168.0.0/24' + tag = 'MAP-T Test Domain' + + self.vapi.map_add_domain(ip6_prefix=map_dst, + ip4_prefix=ip4_pfx, + ip6_src=map_src, + ea_bits_len=16, + psid_offset=6, + psid_length=4, + mtu=1500, + tag=tag) + + # Enable MAP-T on interfaces. + self.vapi.map_if_enable_disable(is_enable=1, + sw_if_index=self.pg0.sw_if_index, + is_translation=1) + self.vapi.map_if_enable_disable(is_enable=1, + sw_if_index=self.pg1.sw_if_index, + is_translation=1) + + map_route = VppIpRoute(self, + "2001:db8::", + 32, + [VppRoutePath(self.pg1.remote_ip6, + self.pg1.sw_if_index, + proto=DpoProto.DPO_PROTO_IP6)]) + map_route.add_vpp_config() + + p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) + p_ip6 = IPv6(src='2001:db8:1f0::c0a8:1:f', + dst='1234:5678:90ab:cdef:ac:1001:200:0') + + # Send good IPv6 source port, ensure translated IPv4 received + payload = TCP(sport=0xabcd, dport=80) + p6 = (p_ether6 / p_ip6 / payload) + p4_translated = (IP(src='192.168.0.1', + dst=self.pg0.remote_ip4) / payload) + p4_translated.id = 0 + p4_translated.ttl -= 1 + rx = self.send_and_expect(self.pg1, p6*1, self.pg0) + for p in rx: + self.validate(p[1], p4_translated) + + # Send bad IPv6 source port, ensure translated IPv4 not received + payload = TCP(sport=0xdcba, dport=80) + p6 = (p_ether6 / p_ip6 / payload) + self.send_and_assert_no_replies(self.pg1, p6*1) if __name__ == '__main__': unittest.main(testRunner=VppTestRunner) |