diff options
author | Vladislav Grishenko <themiron@yandex-team.ru> | 2023-09-14 22:14:38 +0500 |
---|---|---|
committer | Ole Tr�an <otroan@employees.org> | 2023-10-16 13:13:00 +0000 |
commit | da34f4add5f141d58670d81d53553986e9a472b4 (patch) | |
tree | da22aadb4d979440daf735ec8640f87a204fef55 /test/test_nat44_ei.py | |
parent | ff344a98afd2057cd0df312a9d7277a95853fd0a (diff) |
nat: add ipfix rate-limiter for nat44-ed, nat44-ei and nat64
This prevents ipfix flood with the repeating events and allows
to enable nat64 max_session and max_bibs events. Also fix wrong
endian for det44 and nat64 ipfix tests, now should be fine with
extended tests enabled.
Max session per user event @ nat44-ei requires more precise rate
limiter per user address, probably with sparse vec, not handled.
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ib20cc1ee3f81e7acc88a415fe83b4e2deae2a836
Diffstat (limited to 'test/test_nat44_ei.py')
-rw-r--r-- | test/test_nat44_ei.py | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/test/test_nat44_ei.py b/test/test_nat44_ei.py index 15eb70a6664..dc74d03771b 100644 --- a/test/test_nat44_ei.py +++ b/test/test_nat44_ei.py @@ -663,6 +663,7 @@ class MethodHolder(VppTestCase): self.assertEqual(scapy.compat.orb(record[230]), 3) # natPoolID self.assertEqual(struct.pack("!I", 0), record[283]) + return len(data) def verify_ipfix_max_sessions(self, data, limit): self.assertEqual(1, len(data)) @@ -673,6 +674,7 @@ class MethodHolder(VppTestCase): self.assertEqual(struct.pack("!I", 1), record[466]) # maxSessionEntries self.assertEqual(struct.pack("!I", limit), record[471]) + return len(data) def verify_no_nat44_user(self): """Verify that there is no NAT44EI user""" @@ -2463,7 +2465,7 @@ class TestNAT44EI(MethodHolder): Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / TCP(sport=3025) - ) + ) * 3 self.pg0.add_stream(p) self.pg_enable_capture(self.pg_interfaces) self.pg_start() @@ -2482,10 +2484,12 @@ class TestNAT44EI(MethodHolder): if p.haslayer(Template): ipfix.add_template(p.getlayer(Template)) # verify events in data set + event_count = 0 for p in capture: if p.haslayer(Data): data = ipfix.decode_data_set(p.getlayer(Set)) - self.verify_ipfix_addr_exhausted(data) + event_count += self.verify_ipfix_addr_exhausted(data) + self.assertEqual(event_count, 1) def test_ipfix_max_sessions(self): """NAT44EI IPFIX logging maximum session entries exceeded""" @@ -2529,7 +2533,7 @@ class TestNAT44EI(MethodHolder): Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / TCP(sport=1025) - ) + ) * 3 self.pg0.add_stream(p) self.pg_enable_capture(self.pg_interfaces) self.pg_start() @@ -2548,10 +2552,14 @@ class TestNAT44EI(MethodHolder): if p.haslayer(Template): ipfix.add_template(p.getlayer(Template)) # verify events in data set + event_count = 0 for p in capture: if p.haslayer(Data): data = ipfix.decode_data_set(p.getlayer(Set)) - self.verify_ipfix_max_sessions(data, max_sessions_per_thread) + event_count += self.verify_ipfix_max_sessions( + data, max_sessions_per_thread + ) + self.assertEqual(event_count, 1) def test_syslog_apmap(self): """NAT44EI syslog address and port mapping creation and deletion""" |