diff options
author | Vladislav Grishenko <themiron@yandex-team.ru> | 2022-06-23 00:45:16 +0500 |
---|---|---|
committer | Neale Ranns <neale@graphiant.com> | 2022-09-30 03:48:42 +0000 |
commit | 5c801b362a536fcae704c50bf1573362d372bb3c (patch) | |
tree | f8724d4f1d7d68a7fbf3d47523e08a478ee70aea /test | |
parent | a30495ce0dd15240c5d03a5f3e17c3428e09dd5c (diff) |
udp: add udp encap source port entropy support
Encode entropy value in UDP source port when requested per RFC 7510.
CLI already has "src-port-is-entropy", use zero UDP source port in API
to avoid breaking changes, since zero port is not something to be used
in wild.
Also, mark UDP encapsualtion API as mp-safe as already done for CLI.
Type: feature
Change-Id: Ieb61ee11e058179ed566ff1f251a3391eb169d52
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Diffstat (limited to 'test')
-rw-r--r-- | test/test_udp.py | 203 |
1 files changed, 199 insertions, 4 deletions
diff --git a/test/test_udp.py b/test/test_udp.py index c7e97c641b8..ebc99e85388 100644 --- a/test/test_udp.py +++ b/test/test_udp.py @@ -25,6 +25,8 @@ from scapy.layers.inet6 import IPv6 from scapy.contrib.mpls import MPLS NUM_PKTS = 67 +ENTROPY_PORT_MIN = 0x3 << 14 +ENTROPY_PORT_MAX = 0xFFFF @tag_fixme_vpp_workers @@ -78,16 +80,22 @@ class TestUdpEncap(VppTestCase): i.admin_down() super(TestUdpEncap, self).tearDown() - def validate_outer4(self, rx, encap_obj): + def validate_outer4(self, rx, encap_obj, sport_entropy=False): self.assertEqual(rx[IP].src, encap_obj.src_ip_s) self.assertEqual(rx[IP].dst, encap_obj.dst_ip_s) - self.assertEqual(rx[UDP].sport, encap_obj.src_port) + if sport_entropy: + self.assert_in_range(rx[UDP].sport, ENTROPY_PORT_MIN, ENTROPY_PORT_MAX) + else: + self.assertEqual(rx[UDP].sport, encap_obj.src_port) self.assertEqual(rx[UDP].dport, encap_obj.dst_port) - def validate_outer6(self, rx, encap_obj): + def validate_outer6(self, rx, encap_obj, sport_entropy=False): self.assertEqual(rx[IPv6].src, encap_obj.src_ip_s) self.assertEqual(rx[IPv6].dst, encap_obj.dst_ip_s) - self.assertEqual(rx[UDP].sport, encap_obj.src_port) + if sport_entropy: + self.assert_in_range(rx[UDP].sport, ENTROPY_PORT_MIN, ENTROPY_PORT_MAX) + else: + self.assertEqual(rx[UDP].sport, encap_obj.src_port) self.assertEqual(rx[UDP].dport, encap_obj.dst_port) def validate_inner4(self, rx, tx, ttl=None): @@ -343,6 +351,193 @@ class TestUdpEncap(VppTestCase): self.validate_inner4(p, p_4omo4, ttl=63) self.assertEqual(udp_encap_1.get_stats()["packets"], 2 * NUM_PKTS) + def test_udp_encap_entropy(self): + """UDP Encap src port entropy test""" + + # + # construct a UDP encap object through each of the peers + # v4 through the first two peers, v6 through the second. + # use zero source port to enable entropy per rfc7510. + # + udp_encap_0 = VppUdpEncap(self, self.pg0.local_ip4, self.pg0.remote_ip4, 0, 440) + udp_encap_1 = VppUdpEncap( + self, self.pg1.local_ip4, self.pg1.remote_ip4, 0, 441, table_id=1 + ) + udp_encap_2 = VppUdpEncap( + self, self.pg2.local_ip6, self.pg2.remote_ip6, 0, 442, table_id=2 + ) + udp_encap_3 = VppUdpEncap( + self, self.pg3.local_ip6, self.pg3.remote_ip6, 0, 443, table_id=3 + ) + udp_encap_0.add_vpp_config() + udp_encap_1.add_vpp_config() + udp_encap_2.add_vpp_config() + udp_encap_3.add_vpp_config() + + self.logger.info(self.vapi.cli("sh udp encap")) + + self.assertTrue(find_udp_encap(self, udp_encap_0)) + self.assertTrue(find_udp_encap(self, udp_encap_1)) + self.assertTrue(find_udp_encap(self, udp_encap_2)) + self.assertTrue(find_udp_encap(self, udp_encap_3)) + + # + # Routes via each UDP encap object - all combinations of v4 and v6. + # + route_4o4 = VppIpRoute( + self, + "1.1.0.1", + 24, + [ + VppRoutePath( + "0.0.0.0", + 0xFFFFFFFF, + type=FibPathType.FIB_PATH_TYPE_UDP_ENCAP, + next_hop_id=udp_encap_0.id, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP4, + ) + ], + table_id=1, + ) + route_4o6 = VppIpRoute( + self, + "1.1.2.1", + 32, + [ + VppRoutePath( + "0.0.0.0", + 0xFFFFFFFF, + type=FibPathType.FIB_PATH_TYPE_UDP_ENCAP, + next_hop_id=udp_encap_2.id, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP4, + ) + ], + ) + route_6o4 = VppIpRoute( + self, + "2001::1", + 128, + [ + VppRoutePath( + "0.0.0.0", + 0xFFFFFFFF, + type=FibPathType.FIB_PATH_TYPE_UDP_ENCAP, + next_hop_id=udp_encap_1.id, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP6, + ) + ], + ) + route_6o6 = VppIpRoute( + self, + "2001::3", + 128, + [ + VppRoutePath( + "0.0.0.0", + 0xFFFFFFFF, + type=FibPathType.FIB_PATH_TYPE_UDP_ENCAP, + next_hop_id=udp_encap_3.id, + proto=FibPathProto.FIB_PATH_NH_PROTO_IP6, + ) + ], + ) + route_4o4.add_vpp_config() + route_4o6.add_vpp_config() + route_6o6.add_vpp_config() + route_6o4.add_vpp_config() + + # + # 4o4 encap + # + p_4o4 = [] + for i in range(NUM_PKTS): + p_4o4.append( + Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) + / IP(src="2.2.2.2", dst="1.1.0.1") + / UDP(sport=1234 + i, dport=1234) + / Raw(b"\xa5" * 100) + ) + rx = self.send_and_expect(self.pg1, p_4o4, self.pg0) + sports = set() + for i, p in enumerate(rx): + self.validate_outer4(p, udp_encap_0, True) + sports.add(p["UDP"].sport) + p = IP(p["UDP"].payload.load) + self.validate_inner4(p, p_4o4[i]) + self.assertEqual(udp_encap_0.get_stats()["packets"], NUM_PKTS) + self.assertGreater( + len(sports), 1, "source port {} is not an entropy value".format(sports) + ) + + # + # 4o6 encap + # + p_4o6 = [] + for i in range(NUM_PKTS): + p_4o6.append( + Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) + / IP(src="2.2.2.2", dst="1.1.2.1") + / UDP(sport=1234 + i, dport=1234) + / Raw(b"\xa5" * 100) + ) + rx = self.send_and_expect(self.pg0, p_4o6, self.pg2) + sports = set() + for p in rx: + self.validate_outer6(p, udp_encap_2, True) + sports.add(p["UDP"].sport) + p = IP(p["UDP"].payload.load) + self.validate_inner4(p, p_4o6[i]) + self.assertEqual(udp_encap_2.get_stats()["packets"], NUM_PKTS) + self.assertGreater( + len(sports), 1, "source port {} is not an entropy value".format(sports) + ) + + # + # 6o4 encap + # + p_6o4 = [] + for i in range(NUM_PKTS): + p_6o4.append( + Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) + / IPv6(src="2001::100", dst="2001::1") + / UDP(sport=1234 + i, dport=1234) + / Raw(b"\xa5" * 100) + ) + rx = self.send_and_expect(self.pg0, p_6o4, self.pg1) + sports = set() + for p in rx: + self.validate_outer4(p, udp_encap_1, True) + sports.add(p["UDP"].sport) + p = IPv6(p["UDP"].payload.load) + self.validate_inner6(p, p_6o4[i]) + self.assertEqual(udp_encap_1.get_stats()["packets"], NUM_PKTS) + self.assertGreater( + len(sports), 1, "source port {} is not an entropy value".format(sports) + ) + + # + # 6o6 encap + # + p_6o6 = [] + for i in range(NUM_PKTS): + p_6o6.append( + Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) + / IPv6(src="2001::100", dst="2001::3") + / UDP(sport=1234 + i, dport=1234) + / Raw(b"\xa5" * 100) + ) + rx = self.send_and_expect(self.pg0, p_6o6, self.pg3) + sports = set() + for p in rx: + self.validate_outer6(p, udp_encap_3, True) + sports.add(p["UDP"].sport) + p = IPv6(p["UDP"].payload.load) + self.validate_inner6(p, p_6o6[i]) + self.assertEqual(udp_encap_3.get_stats()["packets"], NUM_PKTS) + self.assertGreater( + len(sports), 1, "source port {} is not an entropy value".format(sports) + ) + def test_udp_decap(self): """UDP Decap test""" # |