diff options
Diffstat (limited to 'test/test_gbp.py')
-rw-r--r-- | test/test_gbp.py | 287 |
1 files changed, 129 insertions, 158 deletions
diff --git a/test/test_gbp.py b/test/test_gbp.py index cc38bc9c1ce..2e6dca5b2b1 100644 --- a/test/test_gbp.py +++ b/test/test_gbp.py @@ -6,7 +6,7 @@ import unittest from scapy.packet import Raw from scapy.layers.l2 import Ether, ARP, Dot1Q from scapy.layers.inet import IP, UDP, ICMP -from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6NDOptSrcLLAddr, \ +from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6NDOptSrcLLAddr, \ ICMPv6ND_NA from scapy.utils6 import in6_getnsma, in6_getnsmac from scapy.layers.vxlan import VXLAN @@ -220,6 +220,7 @@ class VppGbpSubnet(VppObject): """ GBP Subnet """ + def __init__(self, test, rd, address, address_len, type, sw_if_index=None, sclass=None): self._test = test @@ -253,8 +254,8 @@ class VppGbpSubnet(VppObject): ss = self._test.vapi.gbp_subnet_dump() for s in ss: if s.subnet.rd_id == self.rd_id and \ - s.subnet.type == self.type and \ - s.subnet.prefix == self.prefix: + s.subnet.type == self.type and \ + s.subnet.prefix == self.prefix: return True return False @@ -475,7 +476,7 @@ class VppGbpContract(VppObject): cs = self._test.vapi.gbp_contract_dump() for c in cs: if c.contract.sclass == self.sclass \ - and c.contract.dclass == self.dclass: + and c.contract.dclass == self.dclass: return True return False @@ -800,10 +801,12 @@ class TestGBP(VppTestCase): # The BVIs are NAT inside interfaces flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index, - flags=flags) - self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=epg.bvi.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat66_add_del_interface( + is_add=1, flags=flags, + sw_if_index=epg.bvi.sw_if_index) if_ip4 = VppIpInterfaceAddress(self, epg.bvi, epg.bvi_ip4, 32) if_ip6 = VppIpInterfaceAddress(self, epg.bvi, epg.bvi_ip6, 128) @@ -835,9 +838,10 @@ class TestGBP(VppTestCase): recirc.epg.rd.t6).add_vpp_config() self.vapi.nat44_interface_add_del_feature( - recirc.recirc.sw_if_index) + sw_if_index=recirc.recirc.sw_if_index, is_add=1) self.vapi.nat66_add_del_interface( - recirc.recirc.sw_if_index) + is_add=1, + sw_if_index=recirc.recirc.sw_if_index) recirc.add_vpp_config() @@ -858,14 +862,18 @@ class TestGBP(VppTestCase): # Add static mappings for each EP from the 10/8 to 11/8 network if ip.af == AF_INET: flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(ip.bytes, - fip.bytes, - vrf_id=0, - flags=flags) + self.vapi.nat44_add_del_static_mapping( + is_add=1, + local_ip_address=ip.bytes, + external_ip_address=fip.bytes, + external_sw_if_index=0xFFFFFFFF, + vrf_id=0, + flags=flags) else: - self.vapi.nat66_add_del_static_mapping(ip.bytes, - fip.bytes, - vrf_id=0) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=ip.bytes, + external_ip_address=fip.bytes, + vrf_id=0, is_add=1) # VPP EP create ... ep.add_vpp_config() @@ -1138,9 +1146,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -1158,9 +1166,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c2.add_vpp_config() @@ -1200,9 +1208,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c3.add_vpp_config() @@ -1305,9 +1313,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c4.add_vpp_config() @@ -1346,9 +1354,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c5.add_vpp_config() @@ -1405,34 +1413,37 @@ class TestGBP(VppTestCase): for ep in eps: # del static mappings for each EP from the 10/8 to 11/8 network flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(ep.ip4.bytes, - ep.fip4.bytes, - vrf_id=0, - is_add=0, - flags=flags) - self.vapi.nat66_add_del_static_mapping(ep.ip6.bytes, - ep.fip6.bytes, - vrf_id=0, - is_add=0) + self.vapi.nat44_add_del_static_mapping( + is_add=0, + local_ip_address=ep.ip4.bytes, + external_ip_address=ep.fip4.bytes, + external_sw_if_index=0xFFFFFFFF, + vrf_id=0, + flags=flags) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=ep.ip6.bytes, + external_ip_address=ep.fip6.bytes, + vrf_id=0, is_add=0) for epg in epgs: # IP config on the BVI interfaces if epg != epgs[0] and epg != epgs[3]: flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index, - flags=flags, - is_add=0) - self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index, - flags=flags, - is_add=0) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=epg.bvi.sw_if_index, + flags=flags, + is_add=0) + self.vapi.nat66_add_del_interface( + is_add=0, flags=flags, + sw_if_index=epg.bvi.sw_if_index) for recirc in recircs: self.vapi.nat44_interface_add_del_feature( - recirc.recirc.sw_if_index, + sw_if_index=recirc.recirc.sw_if_index, is_add=0) self.vapi.nat66_add_del_interface( - recirc.recirc.sw_if_index, - is_add=0) + is_add=0, + sw_if_index=recirc.recirc.sw_if_index) def wait_for_ep_timeout(self, sw_if_index=None, ip=None, mac=None, n_tries=100, s_time=1): @@ -1732,7 +1743,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * 65, self.pg0) for l in learnt: self.assertFalse(find_gbp_endpoint(self, @@ -1755,7 +1766,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * 65, self.pg0) self.assertTrue(find_gbp_endpoint(self, vx_tun_l2_1.sw_if_index, @@ -1807,31 +1818,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) - - self.assertTrue(find_gbp_endpoint(self, - vx_tun_l2_1.sw_if_index, - mac=l['mac'])) - - # - # repeat in the other EPG - # there's no contract between 220 and 330, but the sclass is set to 1 - # so the packet is cleared for delivery - # - for l in learnt: - # a packet with an sclass from a known EPG - p = (Ether(src=self.pg2.remote_mac, - dst=self.pg2.local_mac) / - IP(src=self.pg2.remote_hosts[1].ip4, - dst=self.pg2.local_ip4) / - UDP(sport=1234, dport=48879) / - VXLAN(vni=99, gpid=1, flags=0x88) / - Ether(src=l['mac'], dst=ep.mac) / - IP(src=l['ip'], dst=ep.ip4.address) / - UDP(sport=1234, dport=1234) / - Raw('\xa5' * 100)) - - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * 65, self.pg0) self.assertTrue(find_gbp_endpoint(self, vx_tun_l2_1.sw_if_index, @@ -1864,7 +1851,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * 65, self.pg0) self.assertTrue(find_gbp_endpoint(self, vx_tun_l2_1.sw_if_index, @@ -1882,9 +1869,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -1943,7 +1930,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * 65, self.pg0) self.assertTrue(find_gbp_endpoint(self, vx_tun_l2_1.sw_if_index, @@ -2363,7 +2350,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rxs = self.send_and_expect(self.pg0, p*1, self.pg2) + rxs = self.send_and_expect(self.pg0, p * 1, self.pg2) for rx in rxs: self.assertEqual(rx[IP].src, self.pg2.local_ip4) @@ -2436,7 +2423,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rxs = self.send_and_expect(self.pg0, p*65, self.pg2) + rxs = self.send_and_expect(self.pg0, p * 65, self.pg2) for rx in rxs: self.assertEqual(rx[IP].src, self.pg2.local_ip4) @@ -2575,7 +2562,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rxs = self.send_and_expect(self.pg0, p*65, self.pg2) + rxs = self.send_and_expect(self.pg0, p * 65, self.pg2) for rx in rxs: self.assertEqual(rx[IP].src, self.pg2.local_ip4) @@ -2866,13 +2853,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -2885,13 +2872,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c2.add_vpp_config() @@ -2998,13 +2985,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -3017,13 +3004,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c2.add_vpp_config() @@ -3082,13 +3069,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c3.add_vpp_config() @@ -3114,9 +3101,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c4.add_vpp_config() @@ -3196,13 +3183,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_DST_IP, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_DST_IP, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c5.add_vpp_config() @@ -3497,9 +3484,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -3511,9 +3498,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c2.add_vpp_config() c3 = VppGbpContract( @@ -3521,9 +3508,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c3.add_vpp_config() @@ -3653,9 +3640,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c4.add_vpp_config() @@ -3691,22 +3678,6 @@ class TestGBP(VppTestCase): # # ping from host in remote to local external subnets - # there's no contract for this, but sclass is 1. - # - p = (Ether(src=self.pg7.remote_mac, dst=self.pg7.local_mac) / - IP(src=self.pg7.remote_ip4, dst=self.pg7.local_ip4) / - UDP(sport=1234, dport=48879) / - VXLAN(vni=445, gpid=1, flags=0x88) / - Ether(src=self.pg0.remote_mac, dst=str(self.router_mac)) / - IP(src="10.222.0.1", dst="10.220.0.1") / - UDP(sport=1234, dport=1234) / - Raw('\xa5' * 100)) - - rxs = self.send_and_expect(self.pg7, p * 3, self.pg0) - self.assertFalse(find_gbp_endpoint(self, ip="10.222.0.1")) - - # - # ping from host in remote to local external subnets # there's no contract for this, but the A bit is set. # p = (Ether(src=self.pg7.remote_mac, dst=self.pg7.local_mac) / |