diff options
author | Steven Luong <sluong@cisco.com> | 2024-07-30 13:44:01 -0700 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2024-09-06 18:26:56 +0000 |
commit | c4b5d10115d4370488ac14eb0ba7295b049a0615 (patch) | |
tree | 9c8bdf757de6d995e051959d1c11bded0b9267a6 /src/plugins/unittest | |
parent | 2a5bb3b5ab3e05cee0da6a78b77e67fbc3bdca75 (diff) |
session: add Source Deny List
With this feature, session enable is now modified to have 3 modes of operation
session enable -- only enable session
session enable rt-backend sdl -- enable session with sdl
session enable rt-backend rule-table -- enable session with rule-table
session rule tables are now created on demand, upon adding first rule
to the rule table.
refactor session table to remove depenency from sesssion rules table. Now
session rules table APIs take srtg_handle and transport
proto instead of srt pointer.
Type: feature
Change-Id: Idde6a9b2f46b29bb931f9039636562575572aa14
Signed-off-by: Steven Luong <sluong@cisco.com>
Diffstat (limited to 'src/plugins/unittest')
-rw-r--r-- | src/plugins/unittest/segment_manager_test.c | 5 | ||||
-rw-r--r-- | src/plugins/unittest/session_test.c | 365 | ||||
-rw-r--r-- | src/plugins/unittest/tcp_test.c | 5 |
3 files changed, 320 insertions, 55 deletions
diff --git a/src/plugins/unittest/segment_manager_test.c b/src/plugins/unittest/segment_manager_test.c index a106470ee48..29da662e007 100644 --- a/src/plugins/unittest/segment_manager_test.c +++ b/src/plugins/unittest/segment_manager_test.c @@ -739,8 +739,11 @@ segment_manager_test (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd_arg) { int res = 0; + session_enable_disable_args_t args = { .is_en = 1, + .rt_engine_type = + RT_BACKEND_ENGINE_RULE_TABLE }; - vnet_session_enable_disable (vm, 1); + vnet_session_enable_disable (vm, &args); while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { diff --git a/src/plugins/unittest/session_test.c b/src/plugins/unittest/session_test.c index 6d28b2d25ec..a70a6ea88bf 100644 --- a/src/plugins/unittest/session_test.c +++ b/src/plugins/unittest/session_test.c @@ -13,13 +13,11 @@ * limitations under the License. */ -#include <vnet/session/application_namespace.h> -#include <vnet/session/application_interface.h> +#include <arpa/inet.h> #include <vnet/session/application.h> #include <vnet/session/session.h> -#include <vnet/session/session_rules_table.h> -#include <vnet/tcp/tcp.h> #include <sys/epoll.h> +#include <vnet/session/session_rules_table.h> #define SESSION_TEST_I(_cond, _comment, _args...) \ ({ \ @@ -775,10 +773,37 @@ session_test_namespace (vlib_main_t * vm, unformat_input_t * input) return 0; } +static void +session_test_disable_rt_backend_engine (vlib_main_t *vm) +{ + session_enable_disable_args_t args = { .is_en = 0, + .rt_engine_type = + RT_BACKEND_ENGINE_DISABLE }; + vnet_session_enable_disable (vm, &args); +} + +static void +session_test_enable_rule_table_engine (vlib_main_t *vm) +{ + session_enable_disable_args_t args = { .is_en = 1, + .rt_engine_type = + RT_BACKEND_ENGINE_RULE_TABLE }; + vnet_session_enable_disable (vm, &args); +} + +static void +session_test_enable_sdl_engine (vlib_main_t *vm) +{ + session_enable_disable_args_t args = { .is_en = 1, + .rt_engine_type = + RT_BACKEND_ENGINE_SDL }; + vnet_session_enable_disable (vm, &args); +} + static int session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) { - session_rules_table_t _srt, *srt = &_srt; + session_table_t *st = session_table_alloc (); u16 lcl_port = 1234, rmt_port = 4321; u32 action_index = 1, res; ip4_address_t lcl_lkup, rmt_lkup; @@ -796,8 +821,11 @@ session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) } } - clib_memset (srt, 0, sizeof (*srt)); - session_rules_table_init (srt); + session_test_disable_rt_backend_engine (vm); + session_test_enable_rule_table_engine (vm); + + session_table_init (st, FIB_PROTOCOL_MAX); + session_rules_table_init (st, FIB_PROTOCOL_MAX); ip4_address_t lcl_ip = { .as_u32 = clib_host_to_net_u32 (0x01020304), @@ -836,12 +864,13 @@ session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) .action_index = action_index++, .is_add = 1, }; - error = session_rules_table_add_del (srt, &args); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); SESSION_TEST ((error == 0), "Add 1.2.3.4/16 1234 5.6.7.8/16 4321 action %d", action_index - 1); - res = - session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port); + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_ip, &rmt_ip, lcl_port, rmt_port); SESSION_TEST ((res == 1), "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 1: %d", res); @@ -852,13 +881,15 @@ session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) args.lcl.fp_addr.ip4 = lcl_ip; args.lcl.fp_len = 24; args.action_index = action_index++; - error = session_rules_table_add_del (srt, &args); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1234 5.6.7.8/16 4321 action %d", action_index - 1); args.rmt.fp_addr.ip4 = rmt_ip; args.rmt.fp_len = 24; args.action_index = action_index++; - error = session_rules_table_add_del (srt, &args); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1234 5.6.7.8/24 4321 action %d", action_index - 1); @@ -870,13 +901,15 @@ session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) args.rmt.fp_addr.ip4 = rmt_ip2; args.rmt.fp_len = 16; args.action_index = action_index++; - error = session_rules_table_add_del (srt, &args); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); SESSION_TEST ((error == 0), "Add 2.2.2.2/24 1234 6.6.6.6/16 4321 action %d", action_index - 1); args.lcl.fp_addr.ip4 = lcl_ip3; args.rmt.fp_addr.ip4 = rmt_ip3; args.action_index = action_index++; - error = session_rules_table_add_del (srt, &args); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); SESSION_TEST ((error == 0), "Add 3.3.3.3/24 1234 7.7.7.7/16 4321 action %d", action_index - 1); @@ -886,7 +919,8 @@ session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) args.lcl.fp_addr.ip4 = lcl_ip3; args.rmt.fp_addr.ip4 = rmt_ip3; args.action_index = action_index++; - error = session_rules_table_add_del (srt, &args); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); SESSION_TEST ((error == 0), "overwrite 3.3.3.3/24 1234 7.7.7.7/16 4321 " "action %d", action_index - 1); @@ -894,23 +928,22 @@ session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) * Lookup 1.2.3.4/32 1234 5.6.7.8/32 4321, 1.2.2.4/32 1234 5.6.7.9/32 4321 * and 3.3.3.3 1234 7.7.7.7 4321 */ - res = - session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port); + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_ip, &rmt_ip, lcl_port, rmt_port); SESSION_TEST ((res == 3), "Lookup 1.2.3.4 1234 5.6.7.8 4321 action " "should be 3: %d", res); lcl_lkup.as_u32 = clib_host_to_net_u32 (0x01020204); rmt_lkup.as_u32 = clib_host_to_net_u32 (0x05060709); - res = - session_rules_table_lookup4 (srt, &lcl_lkup, - &rmt_lkup, lcl_port, rmt_port); + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_lkup, &rmt_lkup, lcl_port, rmt_port); SESSION_TEST ((res == 1), "Lookup 1.2.2.4 1234 5.6.7.9 4321, action " "should be 1: %d", res); - res = - session_rules_table_lookup4 (srt, &lcl_ip3, &rmt_ip3, lcl_port, rmt_port); + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_ip3, &rmt_ip3, lcl_port, rmt_port); SESSION_TEST ((res == 6), "Lookup 3.3.3.3 1234 7.7.7.7 4321, action " "should be 6 (updated): %d", res); @@ -926,17 +959,17 @@ session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) args.lcl_port = 0; args.rmt_port = 0; args.action_index = action_index++; - error = session_rules_table_add_del (srt, &args); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); SESSION_TEST ((error == 0), "Add 1.2.3.4/24 * 5.6.7.8/24 * action %d", action_index - 1); - res = - session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port); + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_ip, &rmt_ip, lcl_port, rmt_port); SESSION_TEST ((res == 7), "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should" " be 7 (lpm dst): %d", res); - res = - session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, - lcl_port + 1, rmt_port); + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_ip, &rmt_ip, lcl_port + 1, rmt_port); SESSION_TEST ((res == 7), "Lookup 1.2.3.4 1235 5.6.7.8 4321, action should " "be 7: %d", res); @@ -948,7 +981,8 @@ session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) * 1.2.3.4 1235 5.6.7.8 4322 */ args.is_add = 0; - error = session_rules_table_add_del (srt, &args); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); SESSION_TEST ((error == 0), "Del 1.2.3.4/24 * 5.6.7.8/24 *"); args.lcl.fp_addr.ip4 = lcl_ip; @@ -959,7 +993,8 @@ session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) args.rmt_port = 0; args.action_index = action_index++; args.is_add = 1; - error = session_rules_table_add_del (srt, &args); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); SESSION_TEST ((error == 0), "Add 1.2.3.4/16 * 5.6.7.8/16 * action %d", action_index - 1); @@ -971,27 +1006,28 @@ session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) args.rmt_port = rmt_port; args.action_index = action_index++; args.is_add = 1; - error = session_rules_table_add_del (srt, &args); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1235 5.6.7.8/24 4321 action %d", action_index - 1); if (verbose) - session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP4); + session_rules_table_cli_dump (vm, st->srtg_handle, TRANSPORT_PROTO_TCP, + FIB_PROTOCOL_IP4); - res = - session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port); + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_ip, &rmt_ip, lcl_port, rmt_port); SESSION_TEST ((res == 3), "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d", res); - res = - session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, - lcl_port + 1, rmt_port); + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_ip, &rmt_ip, lcl_port + 1, rmt_port); SESSION_TEST ((res == 9), "Lookup 1.2.3.4 1235 5.6.7.8 4321, action should " "be 9: %d", res); res = - session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, - lcl_port + 1, rmt_port + 1); + session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, &lcl_ip, + &rmt_ip, lcl_port + 1, rmt_port + 1); SESSION_TEST ((res == 8), "Lookup 1.2.3.4 1235 5.6.7.8 4322, action should " "be 8: %d", res); @@ -1005,10 +1041,11 @@ session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) args.lcl.fp_len = 16; args.rmt.fp_len = 16; args.is_add = 0; - error = session_rules_table_add_del (srt, &args); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); SESSION_TEST ((error == 0), "Del 1.2.0.0/16 1234 5.6.0.0/16 4321"); - res = - session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port); + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_ip, &rmt_ip, lcl_port, rmt_port); SESSION_TEST ((res == 3), "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d", res); @@ -1016,10 +1053,11 @@ session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) args.lcl_port = 0; args.rmt_port = 0; args.is_add = 0; - error = session_rules_table_add_del (srt, &args); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); SESSION_TEST ((error == 0), "Del 1.2.0.0/16 * 5.6.0.0/16 *"); - res = - session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port); + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_ip, &rmt_ip, lcl_port, rmt_port); SESSION_TEST ((res == 3), "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d", res); @@ -1034,12 +1072,15 @@ session_test_rule_table (vlib_main_t * vm, unformat_input_t * input) args.lcl_port = 1234; args.rmt_port = 4321; args.is_add = 0; - error = session_rules_table_add_del (srt, &args); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); SESSION_TEST ((error == 0), "Del 1.2.3.4/24 1234 5.6.7.5/24"); - res = - session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port); + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_ip, &rmt_ip, lcl_port, rmt_port); SESSION_TEST ((res == 2), "Action should be 2: %d", res); + session_table_free (st, FIB_PROTOCOL_MAX); + return 0; } @@ -1075,6 +1116,9 @@ session_test_rules (vlib_main_t * vm, unformat_input_t * input) } } + session_test_disable_rt_backend_engine (vm); + session_test_enable_rule_table_engine (vm); + server_sep.is_ip4 = 1; server_sep.port = placeholder_port; clib_memset (options, 0, sizeof (options)); @@ -2115,15 +2159,19 @@ session_test_enable_disable (vlib_main_t *vm, unformat_input_t *input) /* warm up */ for (i = 0; i < 10; i++) { - vnet_session_enable_disable (vm, 0); - vnet_session_enable_disable (vm, 1); + session_test_disable_rt_backend_engine (vm); + session_test_enable_sdl_engine (vm); + session_test_disable_rt_backend_engine (vm); + session_test_enable_rule_table_engine (vm); } was_using = session_get_memory_usage (); for (i = 0; i < iteration; i++) { - vnet_session_enable_disable (vm, 0); - vnet_session_enable_disable (vm, 1); + session_test_disable_rt_backend_engine (vm); + session_test_enable_sdl_engine (vm); + session_test_disable_rt_backend_engine (vm); + session_test_enable_rule_table_engine (vm); } now_using = session_get_memory_usage (); @@ -2134,13 +2182,220 @@ session_test_enable_disable (vlib_main_t *vm, unformat_input_t *input) return 0; } +static int +session_test_sdl (vlib_main_t *vm, unformat_input_t *input) +{ + session_table_t *st = session_table_alloc (); + u16 lcl_port = 0, rmt_port = 0; + u32 action_index = 1, res; + int verbose = 0, error; + ip4_address_t lcl_ip; + const char ip_str_1234[] = "1.2.3.4"; + inet_pton (AF_INET, ip_str_1234, &lcl_ip); + ip4_address_t rmt_ip = { + .as_u32 = clib_host_to_net_u32 (0x0), + }; + ip6_address_t rmt_ip6 = { + .as_u64 = { 0, 0 }, + }; + fib_prefix_t lcl_pref = { + .fp_addr.ip4.as_u32 = lcl_ip.as_u32, + .fp_len = 16, + .fp_proto = FIB_PROTOCOL_IP4, + }; + fib_prefix_t rmt_pref = { + .fp_addr.ip4.as_u32 = rmt_ip.as_u32, + .fp_len = 0, + .fp_proto = 0, + }; + session_rule_table_add_del_args_t args = { + .lcl = lcl_pref, + .rmt = rmt_pref, + .lcl_port = lcl_port, + .rmt_port = rmt_port, + .action_index = action_index++, + .is_add = 1, + }; + const char ip_str_1200[] = "1.2.0.0"; + const char ip_str_1230[] = "1.2.3.0"; + const char ip_str_1111[] = "1.1.1.1"; + const char ip6_str[] = "2501:0db8:85a3:0000:0000:8a2e:0371:1"; + const char ip6_str2[] = "2501:0db8:85a3:0000:0000:8a2e:0372:1"; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "verbose")) + verbose = 1; + else + { + vlib_cli_output (vm, "parse error: '%U'", format_unformat_error, + input); + return -1; + } + } + + session_test_disable_rt_backend_engine (vm); + session_test_enable_sdl_engine (vm); + + session_table_init (st, FIB_PROTOCOL_MAX); + session_rules_table_init (st, FIB_PROTOCOL_MAX); + + /* Add 1.2.0.0/16 */ + args.lcl.fp_len = 16; + inet_pton (AF_INET, ip_str_1200, &args.lcl.fp_addr.ip4.as_u32); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); + SESSION_TEST ((error == 0), "Add %s/%d action %d", ip_str_1200, + args.lcl.fp_len, action_index - 1); + + /* Lookup 1.2.3.4 */ + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_ip, &rmt_ip, lcl_port, rmt_port); + SESSION_TEST ((res == action_index - 1), + "Lookup %s, action should " + "be 1: %d", + ip_str_1234, action_index - 1); + + /* + * Add 1.2.3.0/24 + */ + args.lcl.fp_len = 24; + inet_pton (AF_INET, ip_str_1230, &args.lcl.fp_addr.ip4.as_u32); + args.action_index = action_index++; + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); + SESSION_TEST ((error == 0), "Add %s/%d action %d", ip_str_1230, + args.lcl.fp_len, action_index - 1); + + /* Lookup 1.2.3.4 */ + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_ip, &rmt_ip, lcl_port, rmt_port); + SESSION_TEST ((res == action_index - 1), + "Lookup %s, action should " + "be 2: %d", + ip_str_1234, action_index - 1); + + /* look up 1.1.1.1, should be -1 (invalid index) */ + inet_pton (AF_INET, ip_str_1111, &lcl_ip); + res = session_rules_table_lookup4 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_ip, &rmt_ip, lcl_port, rmt_port); + SESSION_TEST ((res == SESSION_TABLE_INVALID_INDEX), + "Lookup %s, action should " + "be -1: %d", + ip_str_1111, res); + + /* Add again 1.2.0.0/16, should be rejected */ + args.lcl.fp_len = 16; + inet_pton (AF_INET, ip_str_1200, &args.lcl.fp_addr.ip4.as_u32); + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); + SESSION_TEST ((error == SESSION_E_IPINUSE), "Add %s/%d action %d", + ip_str_1200, args.lcl.fp_len, error); + /* + * Add 0.0.0.0/0, should get an error + */ + args.lcl.fp_len = 0; + args.lcl.fp_addr.ip4.as_u32 = 0; + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); + SESSION_TEST ((error == SESSION_E_IPINUSE), "Add 0.0.0.0/%d action %d", + args.lcl.fp_len, error); + + /* delete 0.0.0.0 should be rejected */ + args.is_add = 0; + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); + SESSION_TEST ((error == SESSION_E_NOROUTE), "Del 0.0.0.0/%d action %d", + args.lcl.fp_len, error); + if (verbose) + session_rules_table_cli_dump (vm, st->srtg_handle, TRANSPORT_PROTO_TCP, + FIB_PROTOCOL_IP4); + + /* + * Clean up + * Delete 1.2.0.0/16 + * Delete 1.2.3.0/24 + */ + inet_pton (AF_INET, ip_str_1200, &args.lcl.fp_addr.ip4.as_u32); + args.lcl.fp_len = 16; + args.is_add = 0; + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); + SESSION_TEST ((error == 0), "Del %s/%d should 0: %d", ip_str_1200, + args.lcl.fp_len, error); + + inet_pton (AF_INET, ip_str_1230, &args.lcl.fp_addr.ip4.as_u32); + args.lcl.fp_len = 24; + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); + SESSION_TEST ((error == 0), "Del %s/%d, should be 0: %d", ip_str_1230, + args.lcl.fp_len, error); + if (verbose) + session_rules_table_cli_dump (vm, st->srtg_handle, TRANSPORT_PROTO_TCP, + FIB_PROTOCOL_IP4); + + /* ip6 tests */ + + /* + * Add ip6 2001:0db8:85a3:0000:0000:8a2e:0371:1/124 + */ + ip6_address_t lcl_lkup; + inet_pton (AF_INET6, ip6_str, &args.lcl.fp_addr.ip6); + args.lcl.fp_len = 124; + args.lcl.fp_proto = FIB_PROTOCOL_IP6; + args.action_index = action_index++; + args.is_add = 1; + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); + SESSION_TEST ((error == 0), "Add %s/%d action %d", ip6_str, args.lcl.fp_len, + action_index - 1); + if (verbose) + session_rules_table_cli_dump (vm, st->srtg_handle, TRANSPORT_PROTO_TCP, + FIB_PROTOCOL_IP6); + + /* Lookup 2001:0db8:85a3:0000:0000:8a2e:0371:1 */ + res = session_rules_table_lookup6 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &args.lcl.fp_addr.ip6, &rmt_ip6, lcl_port, + rmt_port); + SESSION_TEST ((res == action_index - 1), + "Lookup %s action should " + "be 3: %d", + ip6_str, action_index - 1); + + /* Lookup 2001:0db8:85a3:0000:0000:8a2e:0372:1 */ + inet_pton (AF_INET6, ip6_str2, &lcl_lkup); + res = session_rules_table_lookup6 (st->srtg_handle, TRANSPORT_PROTO_TCP, + &lcl_lkup, &rmt_ip6, lcl_port, rmt_port); + SESSION_TEST ((res == SESSION_TABLE_INVALID_INDEX), + "Lookup %s action should " + "be -1: %d", + ip6_str2, res); + + /* + * del ip6 2001:0db8:85a3:0000:0000:8a2e:0371:1/124 + */ + args.is_add = 0; + args.lcl.fp_len = 124; + error = + session_rules_table_add_del (st->srtg_handle, TRANSPORT_PROTO_TCP, &args); + SESSION_TEST ((error == 0), "del %s/%d, should be 0: %d", ip6_str, + args.lcl.fp_len, error); + if (verbose) + session_rules_table_cli_dump (vm, st->srtg_handle, TRANSPORT_PROTO_TCP, + FIB_PROTOCOL_IP6); + + session_table_free (st, FIB_PROTOCOL_MAX); + + return 0; +} + static clib_error_t * session_test (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd_arg) { int res = 0; - vnet_session_enable_disable (vm, 1); + session_test_enable_rule_table_engine (vm); while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { @@ -2162,6 +2417,8 @@ session_test (vlib_main_t * vm, res = session_test_mq_basic (vm, input); else if (unformat (input, "enable-disable")) res = session_test_enable_disable (vm, input); + else if (unformat (input, "sdl")) + res = session_test_sdl (vm, input); else if (unformat (input, "all")) { if ((res = session_test_basic (vm, input))) @@ -2180,6 +2437,8 @@ session_test (vlib_main_t * vm, goto done; if ((res = session_test_mq_basic (vm, input))) goto done; + if ((res = session_test_sdl (vm, input))) + goto done; if ((res = session_test_enable_disable (vm, input))) goto done; } diff --git a/src/plugins/unittest/tcp_test.c b/src/plugins/unittest/tcp_test.c index 34033a0b622..bd39474ce93 100644 --- a/src/plugins/unittest/tcp_test.c +++ b/src/plugins/unittest/tcp_test.c @@ -1550,8 +1550,11 @@ tcp_test (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd_arg) { int res = 0; + session_enable_disable_args_t args = { .is_en = 1, + .rt_engine_type = + RT_BACKEND_ENGINE_RULE_TABLE }; - vnet_session_enable_disable (vm, 1); + vnet_session_enable_disable (vm, &args); while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { |