summaryrefslogtreecommitdiffstats
path: root/test/test_nat44_ei.py
diff options
context:
space:
mode:
authorVladislav Grishenko <themiron@yandex-team.ru>2023-09-14 22:14:38 +0500
committerOle Tr�an <otroan@employees.org>2023-10-16 13:13:00 +0000
commitda34f4add5f141d58670d81d53553986e9a472b4 (patch)
treeda22aadb4d979440daf735ec8640f87a204fef55 /test/test_nat44_ei.py
parentff344a98afd2057cd0df312a9d7277a95853fd0a (diff)
nat: add ipfix rate-limiter for nat44-ed, nat44-ei and nat64
This prevents ipfix flood with the repeating events and allows to enable nat64 max_session and max_bibs events. Also fix wrong endian for det44 and nat64 ipfix tests, now should be fine with extended tests enabled. Max session per user event @ nat44-ei requires more precise rate limiter per user address, probably with sparse vec, not handled. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ib20cc1ee3f81e7acc88a415fe83b4e2deae2a836
Diffstat (limited to 'test/test_nat44_ei.py')
-rw-r--r--test/test_nat44_ei.py16
1 files changed, 12 insertions, 4 deletions
diff --git a/test/test_nat44_ei.py b/test/test_nat44_ei.py
index 15eb70a6664..dc74d03771b 100644
--- a/test/test_nat44_ei.py
+++ b/test/test_nat44_ei.py
@@ -663,6 +663,7 @@ class MethodHolder(VppTestCase):
self.assertEqual(scapy.compat.orb(record[230]), 3)
# natPoolID
self.assertEqual(struct.pack("!I", 0), record[283])
+ return len(data)
def verify_ipfix_max_sessions(self, data, limit):
self.assertEqual(1, len(data))
@@ -673,6 +674,7 @@ class MethodHolder(VppTestCase):
self.assertEqual(struct.pack("!I", 1), record[466])
# maxSessionEntries
self.assertEqual(struct.pack("!I", limit), record[471])
+ return len(data)
def verify_no_nat44_user(self):
"""Verify that there is no NAT44EI user"""
@@ -2463,7 +2465,7 @@ class TestNAT44EI(MethodHolder):
Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
/ IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4)
/ TCP(sport=3025)
- )
+ ) * 3
self.pg0.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
@@ -2482,10 +2484,12 @@ class TestNAT44EI(MethodHolder):
if p.haslayer(Template):
ipfix.add_template(p.getlayer(Template))
# verify events in data set
+ event_count = 0
for p in capture:
if p.haslayer(Data):
data = ipfix.decode_data_set(p.getlayer(Set))
- self.verify_ipfix_addr_exhausted(data)
+ event_count += self.verify_ipfix_addr_exhausted(data)
+ self.assertEqual(event_count, 1)
def test_ipfix_max_sessions(self):
"""NAT44EI IPFIX logging maximum session entries exceeded"""
@@ -2529,7 +2533,7 @@ class TestNAT44EI(MethodHolder):
Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
/ IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4)
/ TCP(sport=1025)
- )
+ ) * 3
self.pg0.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
@@ -2548,10 +2552,14 @@ class TestNAT44EI(MethodHolder):
if p.haslayer(Template):
ipfix.add_template(p.getlayer(Template))
# verify events in data set
+ event_count = 0
for p in capture:
if p.haslayer(Data):
data = ipfix.decode_data_set(p.getlayer(Set))
- self.verify_ipfix_max_sessions(data, max_sessions_per_thread)
+ event_count += self.verify_ipfix_max_sessions(
+ data, max_sessions_per_thread
+ )
+ self.assertEqual(event_count, 1)
def test_syslog_apmap(self):
"""NAT44EI syslog address and port mapping creation and deletion"""