diff options
Diffstat (limited to 'test/test_nat.py')
-rw-r--r-- | test/test_nat.py | 1891 |
1 files changed, 1175 insertions, 716 deletions
diff --git a/test/test_nat.py b/test/test_nat.py index c88981b48b4..e0e50c03dde 100644 --- a/test/test_nat.py +++ b/test/test_nat.py @@ -106,90 +106,94 @@ class MethodHolder(VppTestCase): if self.pg7.has_ip4_config: self.pg7.unconfig_ip4() - self.vapi.nat44_forwarding_enable_disable(0) + self.vapi.nat44_forwarding_enable_disable(enable=0) interfaces = self.vapi.nat44_interface_addr_dump() for intf in interfaces: - self.vapi.nat44_add_del_interface_addr(intf.sw_if_index, - flags=intf.flags, - is_add=0) + self.vapi.nat44_add_del_interface_addr( + is_add=0, + sw_if_index=intf.sw_if_index, + flags=intf.flags) - self.vapi.nat_ipfix_enable_disable(enable=0, + self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, src_port=self.ipfix_src_port, - domain_id=self.ipfix_domain_id) + enable=0) self.ipfix_src_port = 4739 self.ipfix_domain_id = 1 self.vapi.syslog_set_filter(SYSLOG_SEVERITY.EMERG) - self.vapi.nat_ha_set_listener('0.0.0.0', 0) - self.vapi.nat_ha_set_failover('0.0.0.0', 0) + self.vapi.nat_ha_set_listener(ip_address='0.0.0.0', port=0, + path_mtu=512) + self.vapi.nat_ha_set_failover(ip_address='0.0.0.0', port=0, + session_refresh_interval=10) interfaces = self.vapi.nat44_interface_dump() for intf in interfaces: if intf.flags & self.config_flags.NAT_IS_INSIDE and \ - intf.flags & self.config_flags.NAT_IS_OUTSIDE: - self.vapi.nat44_interface_add_del_feature(intf.sw_if_index, - is_add=0) - self.vapi.nat44_interface_add_del_feature(intf.sw_if_index, - is_add=0, - flags=intf.flags) + intf.flags & self.config_flags.NAT_IS_OUTSIDE: + self.vapi.nat44_interface_add_del_feature( + sw_if_index=intf.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=intf.sw_if_index, + flags=intf.flags) interfaces = self.vapi.nat44_interface_output_feature_dump() for intf in interfaces: - self.vapi.nat44_interface_add_del_output_feature(intf.sw_if_index, - is_add=0, - flags=intf.flags) + self.vapi.nat44_interface_add_del_output_feature( + is_add=0, + flags=intf.flags, + sw_if_index=intf.sw_if_index) static_mappings = self.vapi.nat44_static_mapping_dump() for sm in static_mappings: self.vapi.nat44_add_del_static_mapping( - sm.local_ip_address, - sm.external_ip_address, - sm.external_sw_if_index, - sm.local_port, - sm.external_port, - sm.vrf_id, - sm.protocol, is_add=0, - flags=sm.flags, - tag=sm.tag) + local_ip_address=sm.local_ip_address, + external_ip_address=sm.external_ip_address, + external_sw_if_index=sm.external_sw_if_index, + local_port=sm.local_port, + external_port=sm.external_port, + vrf_id=sm.vrf_id, + protocol=sm.protocol, + flags=sm.flags, tag=sm.tag) lb_static_mappings = self.vapi.nat44_lb_static_mapping_dump() for lb_sm in lb_static_mappings: self.vapi.nat44_add_del_lb_static_mapping( - lb_sm.external_addr, - lb_sm.external_port, - lb_sm.protocol, - tag=lb_sm.tag, is_add=0, - local_num=0, - locals=[], - flags=lb_sm.flags) + flags=lb_sm.flags, + external_addr=lb_sm.external_addr, + external_port=lb_sm.external_port, + protocol=lb_sm.protocol, + local_num=0, locals=[], + tag=lb_sm.tag) identity_mappings = self.vapi.nat44_identity_mapping_dump() for id_m in identity_mappings: self.vapi.nat44_add_del_identity_mapping( - flags=id_m.flags, - ip=id_m.ip_address, - port=id_m.port, + ip_address=id_m.ip_address, sw_if_index=id_m.sw_if_index, + port=id_m.port, + flags=id_m.flags, vrf_id=id_m.vrf_id, - protocol=id_m.protocol, - is_add=0) + protocol=id_m.protocol) addresses = self.vapi.nat44_address_dump() for addr in addresses: - self.vapi.nat44_add_del_address_range(addr.ip_address, - addr.ip_address, - is_add=0, - flags=addr.flags) - - self.vapi.nat_set_reass() - self.vapi.nat_set_reass(is_ip6=1) + self.vapi.nat44_add_del_address_range( + first_ip_address=addr.ip_address, + last_ip_address=addr.ip_address, + vrf_id=0xFFFFFFFF, flags=addr.flags) + + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=5, + drop_frag=0) + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=5, + drop_frag=0, is_ip6=1) self.verify_no_nat44_user() - self.vapi.nat_set_timeouts() + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=240, icmp=60) self.vapi.nat_set_addr_and_port_alloc_alg() - self.vapi.nat_set_mss_clamping() + self.vapi.nat_set_mss_clamping(enable=0, mss_value=1500) def nat44_add_static_mapping(self, local_ip, external_ip='0.0.0.0', local_port=0, external_port=0, vrf_id=0, @@ -214,16 +218,15 @@ class MethodHolder(VppTestCase): flags |= self.config_flags.NAT_IS_ADDR_ONLY self.vapi.nat44_add_del_static_mapping( - local_ip, - external_ip, - external_sw_if_index, - local_port, - external_port, - vrf_id, - proto, - is_add, - flags, - tag) + is_add=is_add, + local_ip_address=local_ip, + external_ip_address=external_ip, + external_sw_if_index=external_sw_if_index, + local_port=local_port, + external_port=external_port, + vrf_id=vrf_id, protocol=proto, + flags=flags, + tag=tag) def nat44_add_address(self, ip, is_add=1, vrf_id=0xFFFFFFFF, twice_nat=0): """ @@ -234,8 +237,10 @@ class MethodHolder(VppTestCase): :param twice_nat: twice NAT address for external hosts """ flags = self.config_flags.NAT_IS_TWICE_NAT if twice_nat else 0 - self.vapi.nat44_add_del_address_range(ip, ip, is_add, + self.vapi.nat44_add_del_address_range(first_ip_address=ip, + last_ip_address=ip, vrf_id=vrf_id, + is_add=is_add, flags=flags) def create_stream_in(self, in_if, out_if, dst_ip=None, ttl=64): @@ -874,7 +879,8 @@ class MethodHolder(VppTestCase): record[225]) # ingressVRFID self.assertEqual(struct.pack("!I", 0), record[234]) - # protocolIdentifier/sourceTransportPort/postNAPTSourceTransportPort + # protocolIdentifier/sourceTransportPort + # /postNAPTSourceTransportPort if IP_PROTOS.icmp == scapy.compat.orb(record[4]): self.assertEqual(struct.pack("!H", self.icmp_id_in), record[7]) self.assertEqual(struct.pack("!H", self.icmp_id_out), @@ -1559,9 +1565,12 @@ class TestNAT44(MethodHolder): """ NAT44 dynamic translation test """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out tcpn = self.statistics.get_counter( @@ -1627,9 +1636,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # Client side - generate traffic pkts = self.create_stream_in(self.pg0, self.pg1, ttl=1) @@ -1646,9 +1658,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # Client side - create sessions pkts = self.create_stream_in(self.pg0, self.pg1) @@ -1674,9 +1689,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # Client side - generate traffic pkts = self.create_stream_in(self.pg0, self.pg1, ttl=2) @@ -1702,9 +1720,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # Client side - create sessions pkts = self.create_stream_in(self.pg0, self.pg1) @@ -1738,9 +1759,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / IP(src=self.pg1.remote_ip4, dst=self.pg1.local_ip4) / @@ -1766,9 +1790,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # out2in pkt = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / @@ -1796,16 +1823,21 @@ class TestNAT44(MethodHolder): """ NAT44 forwarding test """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_forwarding_enable_disable(enable=1) real_ip = self.pg0.remote_ip4n alias_ip = self.nat_addr flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(local_ip=real_ip, - external_ip=alias_ip, + self.vapi.nat44_add_del_static_mapping(is_add=1, + local_ip_address=real_ip, + external_ip_address=alias_ip, + external_sw_if_index=0xFFFFFFFF, flags=flags) try: @@ -1850,11 +1882,14 @@ class TestNAT44(MethodHolder): self.pg0.remote_hosts[0] = host0 finally: - self.vapi.nat44_forwarding_enable_disable(0) + self.vapi.nat44_forwarding_enable_disable(enable=0) flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(local_ip=real_ip, - external_ip=alias_ip, - is_add=0, flags=flags) + self.vapi.nat44_add_del_static_mapping( + is_add=0, + local_ip_address=real_ip, + external_ip_address=alias_ip, + external_sw_if_index=0xFFFFFFFF, + flags=flags) def test_static_in(self): """ 1:1 NAT initialized from inside network """ @@ -1866,9 +1901,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sm = self.vapi.nat44_static_mapping_dump() self.assertEqual(len(sm), 1) self.assertEqual((sm[0].tag).split(b'\0', 1)[0], b'') @@ -1903,9 +1941,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip, tag=tag) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sm = self.vapi.nat44_static_mapping_dump() self.assertEqual(len(sm), 1) self.assertEqual((sm[0].tag).split(b'\0', 1)[0], tag) @@ -1944,9 +1985,12 @@ class TestNAT44(MethodHolder): self.icmp_id_in, self.icmp_id_out, proto=IP_PROTOS.icmp) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -1982,9 +2026,12 @@ class TestNAT44(MethodHolder): self.icmp_id_in, self.icmp_id_out, proto=IP_PROTOS.icmp) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # out2in pkts = self.create_stream_out(self.pg1) @@ -2016,11 +2063,15 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip2, vrf_id=10) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg3.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg4.sw_if_index, + flags=flags, is_add=1) # inside interface VRF match NAT44 static mapping VRF pkts = self.create_stream_in(self.pg4, self.pg3) @@ -2047,9 +2098,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # dynamic pkts = self.create_stream_in(self.pg0, self.pg1) @@ -2073,12 +2127,16 @@ class TestNAT44(MethodHolder): def test_identity_nat(self): """ Identity NAT """ flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_identity_mapping(ip=self.pg0.remote_ip4n, - flags=flags) + self.vapi.nat44_add_del_identity_mapping( + ip_address=self.pg0.remote_ip4n, sw_if_index=0xFFFFFFFF, + flags=flags, is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / IP(src=self.pg1.remote_ip4, dst=self.pg0.remote_ip4) / @@ -2103,8 +2161,9 @@ class TestNAT44(MethodHolder): sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) self.assertEqual(len(sessions), 0) flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_identity_mapping(ip=self.pg0.remote_ip4n, - flags=flags, vrf_id=1) + self.vapi.nat44_add_del_identity_mapping( + ip_address=self.pg0.remote_ip4n, sw_if_index=0xFFFFFFFF, + flags=flags, vrf_id=1, is_add=1) identity_mappings = self.vapi.nat44_identity_mapping_dump() self.assertEqual(len(identity_mappings), 2) @@ -2113,11 +2172,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg3.sw_if_index, + is_add=1) # between two NAT44 inside interfaces (no translation) pkts = self.create_stream_in(self.pg0, self.pg1) @@ -2173,13 +2236,18 @@ class TestNAT44(MethodHolder): static_nat_ip = "10.0.0.10" self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg5.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg6.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg3.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg4.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg5.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg6.sw_if_index, + flags=flags, is_add=1) self.nat44_add_static_mapping(self.pg6.remote_ip4, static_nat_ip, vrf_id=20) @@ -2332,9 +2400,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for server self.nat44_add_static_mapping(server.ip4, self.nat_addr, @@ -2397,9 +2468,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for servers self.nat44_add_static_mapping(server1.ip4, server1_nat_ip) @@ -2556,9 +2630,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # get maximum number of translations per user nat44_config = self.vapi.nat_show_config() @@ -2605,7 +2682,9 @@ class TestNAT44(MethodHolder): def test_interface_addr(self): """ Acquire NAT44 addresses from interface """ - self.vapi.nat44_add_del_interface_addr(self.pg7.sw_if_index) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg7.sw_if_index) # no address in NAT pool addresses = self.vapi.nat44_address_dump() @@ -2626,7 +2705,9 @@ class TestNAT44(MethodHolder): """ Static mapping with addresses from interface """ tag = b"testTAG" - self.vapi.nat44_add_del_interface_addr(self.pg7.sw_if_index) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg7.sw_if_index) self.nat44_add_static_mapping( '1.2.3.4', external_sw_if_index=self.pg7.sw_if_index, @@ -2686,11 +2767,15 @@ class TestNAT44(MethodHolder): """ Identity NAT with addresses from interface """ port = 53053 - self.vapi.nat44_add_del_interface_addr(self.pg7.sw_if_index) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg7.sw_if_index) self.vapi.nat44_add_del_identity_mapping( + ip_address=b'0', sw_if_index=self.pg7.sw_if_index, port=port, - protocol=IP_PROTOS.tcp) + protocol=IP_PROTOS.tcp, + is_add=1) # identity mappings with external interface identity_mappings = self.vapi.nat44_identity_mapping_dump() @@ -2727,16 +2812,20 @@ class TestNAT44(MethodHolder): bind_layers(UDP, IPFIX, dport=30303) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10, collector_port=collector_port) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -2768,15 +2857,19 @@ class TestNAT44(MethodHolder): def test_ipfix_addr_exhausted(self): """ IPFIX logging NAT addresses exhausted """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -2811,9 +2904,12 @@ class TestNAT44(MethodHolder): """ IPFIX logging maximum session entries exceeded """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) nat44_config = self.vapi.nat_show_config() max_sessions = 10 * nat44_config.translation_buckets @@ -2835,7 +2931,8 @@ class TestNAT44(MethodHolder): path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -2871,9 +2968,12 @@ class TestNAT44(MethodHolder): self.vapi.syslog_set_sender(self.pg3.local_ip4n, self.pg3.remote_ip4n) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -2897,9 +2997,12 @@ class TestNAT44(MethodHolder): static_addr = '10.0.0.10' self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.nat44_add_static_mapping(self.pg0.remote_ip4, static_addr) # NAT44 address @@ -2976,11 +3079,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(nat_ip1, vrf_id=vrf_id1) self.nat44_add_address(nat_ip2, vrf_id=vrf_id2) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg2.sw_if_index, + is_add=1) try: # first VRF @@ -3020,11 +3127,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(nat_ip1) self.nat44_add_address(nat_ip2, vrf_id=99) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg2.sw_if_index, + is_add=1) # first VRF pkts = self.create_stream_in(self.pg0, self.pg2) @@ -3069,9 +3180,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg7.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg8.sw_if_index, + is_add=1) # in2out pkts = self.create_stream_in(self.pg7, self.pg8) @@ -3116,9 +3230,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg7.remote_ip4, self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg7.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg8.sw_if_index, + is_add=1) # out2in pkts = self.create_stream_out(self.pg8) @@ -3176,9 +3293,12 @@ class TestNAT44(MethodHolder): self.icmp_id_in, self.icmp_id_out, proto=IP_PROTOS.icmp) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg7.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg8.sw_if_index, + is_add=1) # out2in pkts = self.create_stream_out(self.pg8) @@ -3201,9 +3321,12 @@ class TestNAT44(MethodHolder): nat_ip = "10.0.0.10" self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -3257,9 +3380,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(host.ip4, host_nat_ip) self.nat44_add_static_mapping(server.ip4, server_nat_ip) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # host to server p = (Ether(dst=self.pg0.local_mac, src=host.mac) / @@ -3305,11 +3431,15 @@ class TestNAT44(MethodHolder): """ NAT44 interface output feature (in2out postrouting) """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_output_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg3.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg3.sw_if_index) # in2out pkts = self.create_stream_in(self.pg0, self.pg3) @@ -3354,11 +3484,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(nat_ip_vrf10, vrf_id=10) self.nat44_add_address(nat_ip_vrf20, vrf_id=20) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_output_feature(self.pg4.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg6.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg3.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg4.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg6.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg3.sw_if_index) # in2out VRF 10 pkts = self.create_stream_in(self.pg4, self.pg3) @@ -3403,9 +3537,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_output_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) # add static mapping for server self.nat44_add_static_mapping(server.ip4, self.nat_addr, @@ -3463,9 +3600,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg9.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg9.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg9.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg9.sw_if_index, + flags=flags, is_add=1) # in2out p = (Ether(src=self.pg9.remote_mac, dst=self.pg9.local_mac) / @@ -3519,9 +3659,12 @@ class TestNAT44(MethodHolder): """ Delete NAT44 session """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -3532,20 +3675,20 @@ class TestNAT44(MethodHolder): sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) nsessions = len(sessions) - self.vapi.nat44_del_session(sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + self.vapi.nat44_del_session(address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=self.config_flags.NAT_IS_INSIDE) - self.vapi.nat44_del_session(sessions[1].outside_ip_address, - sessions[1].outside_port, - sessions[1].protocol) + self.vapi.nat44_del_session(address=sessions[1].outside_ip_address, + port=sessions[1].outside_port, + protocol=sessions[1].protocol) sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) self.assertEqual(nsessions - len(sessions), 2) - self.vapi.nat44_del_session(sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + self.vapi.nat44_del_session(address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=self.config_flags.NAT_IS_INSIDE) self.verify_no_nat44_user() @@ -3556,7 +3699,8 @@ class TestNAT44(MethodHolder): self.vapi.nat_set_reass(timeout=reas_cfg1.ip4_timeout + 5, max_reass=reas_cfg1.ip4_max_reass * 2, - max_frag=reas_cfg1.ip4_max_frag * 2) + max_frag=reas_cfg1.ip4_max_frag * 2, + drop_frag=0) reas_cfg2 = self.vapi.nat_get_reass() @@ -3564,7 +3708,8 @@ class TestNAT44(MethodHolder): self.assertEqual(reas_cfg1.ip4_max_reass * 2, reas_cfg2.ip4_max_reass) self.assertEqual(reas_cfg1.ip4_max_frag * 2, reas_cfg2.ip4_max_frag) - self.vapi.nat_set_reass(drop_frag=1) + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=5, + drop_frag=1) self.assertTrue(self.vapi.nat_get_reass().ip4_drop_frag) def test_frag_in_order(self): @@ -3572,9 +3717,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.frag_in_order(proto=IP_PROTOS.tcp) self.frag_in_order(proto=IP_PROTOS.udp) @@ -3582,12 +3730,17 @@ class TestNAT44(MethodHolder): def test_frag_forwarding(self): """ NAT44 forwarding fragment test """ - self.vapi.nat44_add_del_interface_addr(self.pg1.sw_if_index) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg1.sw_if_index) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_forwarding_enable_disable(enable=1) data = b"A" * 16 + b"B" * 16 + b"C" * 3 pkts = self.create_stream_frag(self.pg1, @@ -3617,9 +3770,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for server self.nat44_add_static_mapping(self.server.ip4, self.nat_addr, self.server_in_port, @@ -3640,9 +3796,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.frag_out_of_order(proto=IP_PROTOS.tcp) self.frag_out_of_order(proto=IP_PROTOS.udp) @@ -3652,9 +3811,12 @@ class TestNAT44(MethodHolder): """ Port restricted NAT44 (MAP-E CE) """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.nat_set_addr_and_port_alloc_alg(alg=1, psid_offset=6, psid_length=6, @@ -3685,9 +3847,12 @@ class TestNAT44(MethodHolder): """ External address port range """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.nat_set_addr_and_port_alloc_alg(alg=2, start_port=1025, end_port=1027) @@ -3711,16 +3876,21 @@ class TestNAT44(MethodHolder): """ IPFIX logging maximum fragments pending reassembly exceeded """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_set_reass(max_frag=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=1, + drop_frag=0) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) data = b"A" * 4 + b"B" * 16 + b"C" * 3 self.tcp_port_in = random.randint(1025, 65535) @@ -3774,10 +3944,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg2.sw_if_index, + is_add=1) try: # first VRF @@ -3829,10 +4004,14 @@ class TestNAT44(MethodHolder): """ NAT44 session timeouts """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_set_timeouts(udp=5) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_set_timeouts(udp=5, tcp_established=7440, + tcp_transitory=240, icmp=60) max_sessions = 1000 pkts = [] @@ -3871,9 +4050,12 @@ class TestNAT44(MethodHolder): """ TCP MSS clamping """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -3888,7 +4070,7 @@ class TestNAT44(MethodHolder): # Negotiated MSS value greater than configured - changed self.verify_mss_value(capture[0], 1000) - self.vapi.nat_set_mss_clamping(enable=0) + self.vapi.nat_set_mss_clamping(enable=0, mss_value=1500) self.pg0.add_stream(p) self.pg_enable_capture(self.pg_interfaces) self.pg_start() @@ -3909,11 +4091,17 @@ class TestNAT44(MethodHolder): """ Send HA session synchronization events (active) """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_ha_set_listener(self.pg3.local_ip4, port=12345) - self.vapi.nat_ha_set_failover(self.pg3.remote_ip4, port=12346) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_ha_set_listener(ip_address=self.pg3.local_ip4, + port=12345, + path_mtu=512) + self.vapi.nat_ha_set_failover(ip_address=self.pg3.remote_ip4, + port=12346, session_refresh_interval=10) bind_layers(UDP, HANATStateSync, sport=12345) # create sessions @@ -3964,9 +4152,9 @@ class TestNAT44(MethodHolder): # delete one session self.pg_enable_capture(self.pg_interfaces) - self.vapi.nat44_del_session(self.pg0.remote_ip4n, - self.tcp_port_in, - IP_PROTOS.tcp, + self.vapi.nat44_del_session(address=self.pg0.remote_ip4n, + port=self.tcp_port_in, + protocol=IP_PROTOS.tcp, flags=self.config_flags.NAT_IS_INSIDE) self.vapi.nat_ha_flush() stats = self.statistics.get_counter('/nat44/ha/del-event-send') @@ -4039,10 +4227,15 @@ class TestNAT44(MethodHolder): """ Receive HA session synchronization events (passive) """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_ha_set_listener(self.pg3.local_ip4, port=12345) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_ha_set_listener(ip_address=self.pg3.local_ip4, + port=12345, + path_mtu=512) bind_layers(UDP, HANATStateSync, sport=12345) self.tcp_port_out = random.randint(1025, 65535) @@ -4347,9 +4540,12 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 translate fragments arriving in order """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.frag_in_order(proto=IP_PROTOS.tcp) self.frag_in_order(proto=IP_PROTOS.udp) self.frag_in_order(proto=IP_PROTOS.icmp) @@ -4357,9 +4553,12 @@ class TestNAT44EndpointDependent(MethodHolder): def test_frag_in_order_dont_translate(self): """ NAT44 don't translate fragments arriving in order """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.nat44_forwarding_enable_disable(enable=True) self.frag_in_order(proto=IP_PROTOS.tcp, dont_translate=True) @@ -4367,9 +4566,12 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 translate fragments arriving out of order """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.frag_out_of_order(proto=IP_PROTOS.tcp) self.frag_out_of_order(proto=IP_PROTOS.udp) self.frag_out_of_order(proto=IP_PROTOS.icmp) @@ -4377,21 +4579,30 @@ class TestNAT44EndpointDependent(MethodHolder): def test_frag_out_of_order_dont_translate(self): """ NAT44 don't translate fragments arriving out of order """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.nat44_forwarding_enable_disable(enable=True) self.frag_out_of_order(proto=IP_PROTOS.tcp, dont_translate=True) def test_frag_in_order_in_plus_out(self): """ in+out interface fragments in order """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) self.server = self.pg1.remote_hosts[0] @@ -4417,7 +4628,8 @@ class TestNAT44EndpointDependent(MethodHolder): self.server_out_addr, proto=IP_PROTOS.icmp) - self.vapi.nat_set_reass(timeout=10) + self.vapi.nat_set_reass(timeout=10, max_reass=1024, max_frag=5, + drop_frag=0) self.frag_in_order_in_plus_out(proto=IP_PROTOS.tcp) self.frag_in_order_in_plus_out(proto=IP_PROTOS.udp) @@ -4426,12 +4638,18 @@ class TestNAT44EndpointDependent(MethodHolder): def test_frag_out_of_order_in_plus_out(self): """ in+out interface fragments out of order """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) self.server = self.pg1.remote_hosts[0] @@ -4457,7 +4675,8 @@ class TestNAT44EndpointDependent(MethodHolder): self.server_out_addr, proto=IP_PROTOS.icmp) - self.vapi.nat_set_reass(timeout=10) + self.vapi.nat_set_reass(timeout=10, max_reass=1024, max_frag=5, + drop_frag=0) self.frag_out_of_order_in_plus_out(proto=IP_PROTOS.tcp) self.frag_out_of_order_in_plus_out(proto=IP_PROTOS.udp) @@ -4472,9 +4691,12 @@ class TestNAT44EndpointDependent(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for server self.nat44_add_static_mapping(self.server.ip4, self.nat_addr, self.server_in_port, @@ -4495,9 +4717,12 @@ class TestNAT44EndpointDependent(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) nat_config = self.vapi.nat_show_config() self.assertEqual(1, nat_config.endpoint_dependent) @@ -4567,16 +4792,21 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 forwarding test """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_forwarding_enable_disable(enable=1) real_ip = self.pg0.remote_ip4 alias_ip = self.nat_addr flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(local_ip=real_ip, - external_ip=alias_ip, + self.vapi.nat44_add_del_static_mapping(is_add=1, + local_ip_address=real_ip, + external_ip_address=alias_ip, + external_sw_if_index=0xFFFFFFFF, flags=flags) try: @@ -4626,9 +4856,9 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertTrue(sessions[0].flags & self.config_flags.NAT_IS_EXT_HOST_VALID) self.vapi.nat44_del_session( - sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=(self.config_flags.NAT_IS_INSIDE | self.config_flags.NAT_IS_EXT_HOST_VALID), ext_host_address=sessions[0].ext_host_address, @@ -4637,11 +4867,14 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertEqual(len(sessions), 2) finally: - self.vapi.nat44_forwarding_enable_disable(0) + self.vapi.nat44_forwarding_enable_disable(enable=0) flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(local_ip=real_ip, - external_ip=alias_ip, - is_add=0, flags=flags) + self.vapi.nat44_add_del_static_mapping( + is_add=0, + local_ip_address=real_ip, + external_ip_address=alias_ip, + external_sw_if_index=0xFFFFFFFF, + flags=flags) def test_static_lb(self): """ NAT44 local service load balancing """ @@ -4661,15 +4894,20 @@ class TestNAT44EndpointDependent(MethodHolder): 'vrf_id': 0}] self.nat44_add_address(self.nat_addr) - self.vapi.nat44_add_del_lb_static_mapping(external_addr_n, - external_port, - IP_PROTOS.tcp, - local_num=len(locals), - locals=locals) + self.vapi.nat44_add_del_lb_static_mapping( + is_add=1, + external_addr=external_addr_n, + external_port=external_port, + protocol=IP_PROTOS.tcp, + local_num=len(locals), + locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # from client to service p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / @@ -4719,9 +4957,9 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertTrue(sessions[0].flags & self.config_flags.NAT_IS_EXT_HOST_VALID) self.vapi.nat44_del_session( - sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=(self.config_flags.NAT_IS_INSIDE | self.config_flags.NAT_IS_EXT_HOST_VALID), ext_host_address=sessions[0].ext_host_address, @@ -4750,15 +4988,19 @@ class TestNAT44EndpointDependent(MethodHolder): 'vrf_id': 0}] self.nat44_add_address(self.nat_addr) - self.vapi.nat44_add_del_lb_static_mapping(external_addr, - external_port, - IP_PROTOS.tcp, + self.vapi.nat44_add_del_lb_static_mapping(is_add=1, + external_addr=external_addr, + external_port=external_port, + protocol=IP_PROTOS.tcp, local_num=len(locals), locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) server1_n = 0 server2_n = 0 @@ -4780,13 +5022,20 @@ class TestNAT44EndpointDependent(MethodHolder): server2_n += 1 self.assertGreater(server1_n, server2_n) + local = { + 'addr': server3.ip4n, + 'port': local_port, + 'probability': 20, + 'vrf_id': 0 + } + # add new back-end - self.vapi.nat44_lb_static_mapping_add_del_local(external_addr, - external_port, - server3.ip4n, - local_port, - IP_PROTOS.tcp, - 20) + self.vapi.nat44_lb_static_mapping_add_del_local( + is_add=1, + external_addr=external_addr, + external_port=external_port, + local=local, + protocol=IP_PROTOS.tcp) server1_n = 0 server2_n = 0 server3_n = 0 @@ -4813,14 +5062,20 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertGreater(server2_n, 0) self.assertGreater(server3_n, 0) + local = { + 'addr': server2.ip4n, + 'port': local_port, + 'probability': 10, + 'vrf_id': 0 + } + # remove one back-end - self.vapi.nat44_lb_static_mapping_add_del_local(external_addr, - external_port, - server2.ip4n, - local_port, - IP_PROTOS.tcp, - 10, - is_add=0) + self.vapi.nat44_lb_static_mapping_add_del_local( + is_add=0, + external_addr=external_addr, + external_port=external_port, + local=local, + protocol=IP_PROTOS.tcp) server1_n = 0 server2_n = 0 server3_n = 0 @@ -4856,18 +5111,21 @@ class TestNAT44EndpointDependent(MethodHolder): 'probability': 30, 'vrf_id': 0}] - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) flags = self.config_flags.NAT_IS_OUT2IN_ONLY - self.vapi.nat44_add_del_lb_static_mapping(external_addr, - external_port, - IP_PROTOS.tcp, + self.vapi.nat44_add_del_lb_static_mapping(is_add=1, flags=flags, + external_addr=external_addr, + external_port=external_port, + protocol=IP_PROTOS.tcp, local_num=len(locals), - locals=locals, - flags=flags) + locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # from client to service p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / @@ -4969,16 +5227,20 @@ class TestNAT44EndpointDependent(MethodHolder): 'vrf_id': 0}] self.nat44_add_address(self.nat_addr) - self.vapi.nat44_add_del_lb_static_mapping(external_addr, - external_port, - IP_PROTOS.tcp, + self.vapi.nat44_add_del_lb_static_mapping(is_add=1, + external_addr=external_addr, + external_port=external_port, + protocol=IP_PROTOS.tcp, affinity=10800, local_num=len(locals), locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / @@ -4994,9 +5256,9 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertTrue(sessions[0].flags & self.config_flags.NAT_IS_EXT_HOST_VALID) self.vapi.nat44_del_session( - sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=(self.config_flags.NAT_IS_INSIDE | self.config_flags.NAT_IS_EXT_HOST_VALID), ext_host_address=sessions[0].ext_host_address, @@ -5019,9 +5281,12 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 translate packet with unknown protocol """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -5081,9 +5346,12 @@ class TestNAT44EndpointDependent(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for server self.nat44_add_static_mapping(server.ip4, server_nat_ip) @@ -5142,20 +5410,26 @@ class TestNAT44EndpointDependent(MethodHolder): external_port = 80 local_port = 8080 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_identity_mapping(ip=self.pg1.remote_ip4n, - flags=flags) + self.vapi.nat44_add_del_identity_mapping( + ip_address=self.pg1.remote_ip4n, sw_if_index=0xFFFFFFFF, + flags=flags, is_add=1) flags = self.config_flags.NAT_IS_OUT2IN_ONLY self.nat44_add_static_mapping(self.pg0.remote_ip4, external_addr, local_port, external_port, proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) # from client to service p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / @@ -5219,9 +5493,11 @@ class TestNAT44EndpointDependent(MethodHolder): def test_output_feature_and_service2(self): """ NAT44 interface output feature and service host direct access """ - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) # session initiated from service host - translate pkts = self.create_stream_in(self.pg0, self.pg1) @@ -5265,17 +5541,22 @@ class TestNAT44EndpointDependent(MethodHolder): external_port = 80 local_port = 8080 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_OUT2IN_ONLY self.nat44_add_static_mapping(self.pg1.remote_ip4, external_addr, local_port, external_port, proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=external_addr) / @@ -5324,7 +5605,7 @@ class TestNAT44EndpointDependent(MethodHolder): local_port = 8080 post_twice_nat_port = 0 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(twice_nat_addr, twice_nat=1) flags = (self.config_flags.NAT_IS_OUT2IN_ONLY | self.config_flags.NAT_IS_SELF_TWICE_NAT) @@ -5332,7 +5613,9 @@ class TestNAT44EndpointDependent(MethodHolder): local_port, external_port, proto=IP_PROTOS.tcp, vrf_id=1, flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg6.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg6.sw_if_index, + is_add=1) p = (Ether(src=self.pg6.remote_mac, dst=self.pg6.local_mac) / IP(src=self.pg6.remote_ip4, dst=self.pg1.remote_ip4) / @@ -5432,16 +5715,19 @@ class TestNAT44EndpointDependent(MethodHolder): 'vrf_id': 0}] out_addr = self.nat_addr - self.vapi.nat44_add_del_lb_static_mapping(out_addr, - port_out, - IP_PROTOS.tcp, + self.vapi.nat44_add_del_lb_static_mapping(is_add=1, flags=flags, + external_addr=out_addr, + external_port=port_out, + protocol=IP_PROTOS.tcp, local_num=len(locals), - locals=locals, - flags=flags) + locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=pg1.sw_if_index, + is_add=1) if same_pg: if not lb: @@ -5520,9 +5806,9 @@ class TestNAT44EndpointDependent(MethodHolder): self.config_flags.NAT_IS_TWICE_NAT) self.logger.error(self.vapi.cli("show nat44 sessions detail")) self.vapi.nat44_del_session( - sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=(self.config_flags.NAT_IS_INSIDE | self.config_flags.NAT_IS_EXT_HOST_VALID), ext_host_address=sessions[0].ext_host_nat_address, @@ -5559,8 +5845,10 @@ class TestNAT44EndpointDependent(MethodHolder): def test_twice_nat_interface_addr(self): """ Acquire twice NAT44 addresses from interface """ flags = self.config_flags.NAT_IS_TWICE_NAT - self.vapi.nat44_add_del_interface_addr(self.pg3.sw_if_index, - flags=flags) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg3.sw_if_index, + flags=flags) # no address in NAT pool adresses = self.vapi.nat44_address_dump() @@ -5581,16 +5869,21 @@ class TestNAT44EndpointDependent(MethodHolder): def test_tcp_close(self): """ Close TCP session from inside network - output feature """ - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.pg1.local_ip4) twice_nat_addr = '10.0.1.3' service_ip = '192.168.16.150' self.nat44_add_address(twice_nat_addr, twice_nat=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) flags = (self.config_flags.NAT_IS_OUT2IN_ONLY | self.config_flags.NAT_IS_TWICE_NAT) self.nat44_add_static_mapping(self.pg0.remote_ip4, @@ -5674,9 +5967,12 @@ class TestNAT44EndpointDependent(MethodHolder): proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) start_sessnum = len(sessions) @@ -5740,9 +6036,12 @@ class TestNAT44EndpointDependent(MethodHolder): proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) start_sessnum = len(sessions) @@ -5796,9 +6095,12 @@ class TestNAT44EndpointDependent(MethodHolder): proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) start_sessnum = len(sessions) @@ -5857,7 +6159,7 @@ class TestNAT44EndpointDependent(MethodHolder): local_port = 8080 eh_port_in = 0 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr, twice_nat=1) flags = (self.config_flags.NAT_IS_OUT2IN_ONLY | self.config_flags.NAT_IS_TWICE_NAT) @@ -5865,9 +6167,12 @@ class TestNAT44EndpointDependent(MethodHolder): local_port, external_port, proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg4.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg4.sw_if_index, + flags=flags, is_add=1) # from client to service p = (Ether(src=self.pg4.remote_mac, dst=self.pg4.local_mac) / @@ -5918,15 +6223,18 @@ class TestNAT44EndpointDependent(MethodHolder): external_port = 80 local_port = 8080 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) flags = self.config_flags.NAT_IS_OUT2IN_ONLY self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, local_port, external_port, proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # from client to service p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / @@ -6042,10 +6350,14 @@ class TestNAT44EndpointDependent(MethodHolder): def test_output_feature(self): """ NAT44 interface output feature (in2out postrouting) """ - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -6070,29 +6382,39 @@ class TestNAT44EndpointDependent(MethodHolder): local_port = 8080 port = 0 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg5.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg5.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg6.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg5.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg5.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg6.sw_if_index, + is_add=1) flags = self.config_flags.NAT_IS_OUT2IN_ONLY self.nat44_add_static_mapping(self.pg5.remote_ip4, external_addr, local_port, external_port, vrf_id=1, proto=IP_PROTOS.tcp, flags=flags) self.nat44_add_static_mapping( - self.pg0.remote_ip4, - external_sw_if_index=self.pg0.sw_if_index, - local_port=local_port, - vrf_id=0, - external_port=external_port, - proto=IP_PROTOS.tcp, - flags=flags + self.pg0.remote_ip4, + external_sw_if_index=self.pg0.sw_if_index, + local_port=local_port, + vrf_id=0, + external_port=external_port, + proto=IP_PROTOS.tcp, + flags=flags ) # from client to service (both VRF1) @@ -6366,10 +6688,14 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 session timeouts """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_set_timeouts(icmp=5) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=240, icmp=5) max_sessions = 1000 pkts = [] @@ -6409,10 +6735,14 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 session RST timeouts """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_set_timeouts(tcp_transitory=5) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=5, icmp=60) self.initiate_tcp_session(self.pg0, self.pg1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / @@ -6447,14 +6777,18 @@ class TestNAT44EndpointDependent(MethodHolder): """ Maximum sessions per user limit """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.set_ipfix_exporter(collector_address=self.pg2.remote_ip4n, src_address=self.pg2.local_ip4n, path_mtu=512, template_interval=10) - self.vapi.nat_set_timeouts(udp=5) + self.vapi.nat_set_timeouts(udp=5, tcp_established=7440, + tcp_transitory=240, icmp=60) # get maximum number of translations per user nat44_config = self.vapi.nat_show_config() @@ -6472,7 +6806,8 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -6516,9 +6851,12 @@ class TestNAT44EndpointDependent(MethodHolder): self.vapi.syslog_set_sender(self.pg2.local_ip4n, self.pg2.remote_ip4n) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -6623,9 +6961,12 @@ class TestNAT44Out2InDPO(MethodHolder): self.configure_xlat() flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_add_del_address_range(self.nat_addr_n, self.nat_addr_n) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_add_del_address_range(first_ip_address=self.nat_addr_n, + last_ip_address=self.nat_addr_n, + vrf_id=0xFFFFFFFF, is_add=1) out_src_ip6 = self.compose_ip6(self.dst_ip4, self.dst_ip6_pfx, self.dst_ip6_pfx_len) @@ -6649,10 +6990,13 @@ class TestNAT44Out2InDPO(MethodHolder): capture = self.pg0.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg0) finally: - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - is_add=0, flags=flags) - self.vapi.nat44_add_del_address_range(self.nat_addr_n, - self.nat_addr_n, is_add=0) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags) + self.vapi.nat44_add_del_address_range( + first_ip_address=self.nat_addr_n, + last_ip_address=self.nat_addr_n, + vrf_id=0xFFFFFFFF) @unittest.skip('Temporary disabled') def test_464xlat_ce_no_nat(self): @@ -6816,7 +7160,9 @@ class TestDeterministicNAT(MethodHolder): nat_config = self.vapi.nat_show_config() self.assertEqual(1, nat_config.deterministic) - self.vapi.nat_det_add_del_map(1, in_addr, in_plen, out_addr, out_plen) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=in_addr, + in_plen=in_plen, out_addr=out_addr, + out_plen=out_plen) rep1 = self.vapi.nat_det_forward(in_addr_t) self.assertEqual(str(rep1.out_addr), out_addr) @@ -6840,10 +7186,11 @@ class TestDeterministicNAT(MethodHolder): """ Set deterministic NAT timeouts """ timeouts_before = self.vapi.nat_get_timeouts() - self.vapi.nat_set_timeouts(timeouts_before.udp + 10, - timeouts_before.tcp_established + 10, - timeouts_before.tcp_transitory + 10, - timeouts_before.icmp + 10) + self.vapi.nat_set_timeouts( + udp=timeouts_before.udp + 10, + tcp_established=timeouts_before.tcp_established + 10, + tcp_transitory=timeouts_before.tcp_transitory + 10, + icmp=timeouts_before.icmp + 10) timeouts_after = self.vapi.nat_get_timeouts() @@ -6859,16 +7206,18 @@ class TestDeterministicNAT(MethodHolder): nat_ip = "10.0.0.10" - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(nat_ip), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(nat_ip), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -6920,15 +7269,16 @@ class TestDeterministicNAT(MethodHolder): host0 = self.pg0.remote_hosts[0] host1 = self.pg0.remote_hosts[1] - self.vapi.nat_det_add_del_map(1, - host0.ip4n, - 24, - socket.inet_aton(nat_ip), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=host0.ip4n, in_plen=24, + out_addr=socket.inet_aton(nat_ip), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # host0 to out p = (Ether(src=host0.mac, dst=self.pg0.local_mac) / @@ -7031,15 +7381,17 @@ class TestDeterministicNAT(MethodHolder): def test_tcp_session_close_detection_in(self): """ Deterministic NAT TCP session close from inside network """ - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.nat_addr), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(self.nat_addr), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.initiate_tcp_session(self.pg0, self.pg1) @@ -7095,15 +7447,17 @@ class TestDeterministicNAT(MethodHolder): def test_tcp_session_close_detection_out(self): """ Deterministic NAT TCP session close from outside network """ - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.nat_addr), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(self.nat_addr), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.initiate_tcp_session(self.pg0, self.pg1) @@ -7160,18 +7514,21 @@ class TestDeterministicNAT(MethodHolder): @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_timeout(self): """ Deterministic NAT session timeouts """ - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.nat_addr), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(self.nat_addr), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.initiate_tcp_session(self.pg0, self.pg1) - self.vapi.nat_set_timeouts(5, 5, 5, 5) + self.vapi.nat_set_timeouts(udp=5, tcp_established=5, tcp_transitory=5, + icmp=5) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -7185,20 +7542,23 @@ class TestDeterministicNAT(MethodHolder): @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_limit_per_user(self): """ Deterministic NAT maximum sessions per user limit """ - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.nat_addr), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(self.nat_addr), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.set_ipfix_exporter(collector_address=self.pg2.remote_ip4n, src_address=self.pg2.local_ip4n, path_mtu=512, template_interval=10) - self.vapi.nat_ipfix_enable_disable() + self.vapi.nat_ipfix_enable_disable(domain_id=1, src_port=4739, + enable=1) pkts = [] for port in range(1025, 2025): @@ -7258,21 +7618,22 @@ class TestDeterministicNAT(MethodHolder): """ Clear deterministic NAT configuration. """ - self.vapi.nat_ipfix_enable_disable(enable=0) - self.vapi.nat_set_timeouts() + self.vapi.nat_ipfix_enable_disable(domain_id=1, src_port=4739, + enable=0) + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=240, icmp=60) deterministic_mappings = self.vapi.nat_det_map_dump() for dsm in deterministic_mappings: - self.vapi.nat_det_add_del_map(0, - dsm.in_addr, - dsm.in_plen, - dsm.out_addr, - dsm.out_plen) + self.vapi.nat_det_add_del_map(is_add=0, in_addr=dsm.in_addr, + in_plen=dsm.in_plen, + out_addr=dsm.out_addr, + out_plen=dsm.out_plen) interfaces = self.vapi.nat44_interface_dump() for intf in interfaces: - self.vapi.nat44_interface_add_del_feature(intf.sw_if_index, - is_add=0, - flags=intf.flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=intf.sw_if_index, + flags=intf.flags) def tearDown(self): super(TestDeterministicNAT, self).tearDown() @@ -7359,7 +7720,8 @@ class TestNAT64(MethodHolder): """ NAT64 inside interface handles Neighbor Advertisement """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg5.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg5.sw_if_index) # Try to send ping ping = (Ether(dst=self.pg5.local_mac, src=self.pg5.remote_mac) / @@ -7412,13 +7774,17 @@ class TestNAT64(MethodHolder): """ Add/delete address to NAT64 pool """ nat_addr = '1.2.3.4' - self.vapi.nat64_add_del_pool_addr_range(nat_addr, nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=nat_addr, + end_addr=nat_addr, + vrf_id=0xFFFFFFFF, is_add=1) addresses = self.vapi.nat64_pool_addr_dump() self.assertEqual(len(addresses), 1) self.assertEqual(str(addresses[0].address), nat_addr) - self.vapi.nat64_add_del_pool_addr_range(nat_addr, nat_addr, is_add=0) + self.vapi.nat64_add_del_pool_addr_range(start_addr=nat_addr, + end_addr=nat_addr, + vrf_id=0xFFFFFFFF, is_add=0) addresses = self.vapi.nat64_pool_addr_dump() self.assertEqual(len(addresses), 0) @@ -7426,8 +7792,10 @@ class TestNAT64(MethodHolder): def test_interface(self): """ Enable/disable NAT64 feature on the interface """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) interfaces = self.vapi.nat64_interface_dump() self.assertEqual(len(interfaces), 2) @@ -7448,8 +7816,10 @@ class TestNAT64(MethodHolder): features = self.vapi.cli("show interface features pg1") self.assertIn('nat64-out2in', features) - self.vapi.nat64_add_del_interface(0, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(0, flags, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=0, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=0, flags=flags, + sw_if_index=self.pg1.sw_if_index) interfaces = self.vapi.nat64_interface_dump() self.assertEqual(len(interfaces), 0) @@ -7462,12 +7832,10 @@ class TestNAT64(MethodHolder): out_port = 5678 proto = IP_PROTOS.tcp - self.vapi.nat64_add_del_static_bib(in_addr, - out_addr, - in_port, - out_port, - proto) - bib = self.vapi.nat64_bib_dump(IP_PROTOS.tcp) + self.vapi.nat64_add_del_static_bib(i_addr=in_addr, o_addr=out_addr, + i_port=in_port, o_port=out_port, + proto=proto, vrf_id=0, is_add=1) + bib = self.vapi.nat64_bib_dump(proto=IP_PROTOS.tcp) static_bib_num = 0 for bibe in bib: if bibe.flags & self.config_flags.NAT_IS_STATIC: @@ -7480,13 +7848,10 @@ class TestNAT64(MethodHolder): bibs = self.statistics.get_counter('/nat64/total-bibs') self.assertEqual(bibs[0][0], 1) - self.vapi.nat64_add_del_static_bib(in_addr, - out_addr, - in_port, - out_port, - proto, - is_add=0) - bib = self.vapi.nat64_bib_dump(IP_PROTOS.tcp) + self.vapi.nat64_add_del_static_bib(i_addr=in_addr, o_addr=out_addr, + i_port=in_port, o_port=out_port, + proto=proto, vrf_id=0, is_add=0) + bib = self.vapi.nat64_bib_dump(proto=IP_PROTOS.tcp) static_bib_num = 0 for bibe in bib: if bibe.flags & self.config_flags.NAT_IS_STATIC: @@ -7505,8 +7870,8 @@ class TestNAT64(MethodHolder): self.assertEqual(timeouts.tcp_established, 7440) # set and verify custom values - self.vapi.nat_set_timeouts(udp=200, icmp=30, tcp_transitory=250, - tcp_established=7450) + self.vapi.nat_set_timeouts(udp=200, tcp_established=7450, + tcp_transitory=250, icmp=30) timeouts = self.vapi.nat_get_timeouts() self.assertEqual(timeouts.udp, 200) self.assertEqual(timeouts.icmp, 30) @@ -7521,11 +7886,15 @@ class TestNAT64(MethodHolder): ses_num_start = self.nat64_get_ses_num() - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) # in2out tcpn = self.statistics.get_counter('/err/nat64-in2out/TCP packets') @@ -7604,11 +7973,12 @@ class TestNAT64(MethodHolder): self.assertEqual(ses_num_end - ses_num_start, 3) # tenant with specific VRF - self.vapi.nat64_add_del_pool_addr_range(self.vrf1_nat_addr, - self.vrf1_nat_addr, - vrf_id=self.vrf1_id) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.vrf1_nat_addr, + end_addr=self.vrf1_nat_addr, + vrf_id=self.vrf1_id, is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg2.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg2.sw_if_index) pkts = self.create_stream_in_ip6(self.pg2, self.pg1) self.pg2.add_stream(pkts) @@ -7636,27 +8006,34 @@ class TestNAT64(MethodHolder): ses_num_start = self.nat64_get_ses_num() - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - - self.vapi.nat64_add_del_static_bib(self.pg0.remote_ip6n, - self.nat_addr, - self.tcp_port_in, - self.tcp_port_out, - IP_PROTOS.tcp) - self.vapi.nat64_add_del_static_bib(self.pg0.remote_ip6n, - self.nat_addr, - self.udp_port_in, - self.udp_port_out, - IP_PROTOS.udp) - self.vapi.nat64_add_del_static_bib(self.pg0.remote_ip6n, - self.nat_addr, - self.icmp_id_in, - self.icmp_id_out, - IP_PROTOS.icmp) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + + self.vapi.nat64_add_del_static_bib(i_addr=self.pg0.remote_ip6n, + o_addr=self.nat_addr, + i_port=self.tcp_port_in, + o_port=self.tcp_port_out, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) + self.vapi.nat64_add_del_static_bib(i_addr=self.pg0.remote_ip6n, + o_addr=self.nat_addr, + i_port=self.udp_port_in, + o_port=self.udp_port_out, + proto=IP_PROTOS.udp, vrf_id=0, + is_add=1) + self.vapi.nat64_add_del_static_bib(i_addr=self.pg0.remote_ip6n, + o_addr=self.nat_addr, + i_port=self.icmp_id_in, + o_port=self.icmp_id_out, + proto=IP_PROTOS.icmp, vrf_id=0, + is_add=1) # in2out pkts = self.create_stream_in_ip6(self.pg0, self.pg1) @@ -7684,12 +8061,18 @@ class TestNAT64(MethodHolder): def test_session_timeout(self): """ NAT64 session timeout """ self.icmp_id_in = 1234 - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - self.vapi.nat_set_timeouts(icmp=5, tcp_transitory=5, tcp_established=5) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat_set_timeouts(udp=300, tcp_established=5, + tcp_transitory=5, + icmp=5) pkts = self.create_stream_in_ip6(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -7711,11 +8094,15 @@ class TestNAT64(MethodHolder): self.udp_port_in = 6304 self.icmp_id_in = 6305 - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) # send some packets to create sessions pkts = self.create_stream_in_ip6(self.pg0, self.pg1) @@ -7811,22 +8198,28 @@ class TestNAT64(MethodHolder): ip = IPv6(src=''.join(['64:ff9b::', self.nat_addr])) nat_addr_ip6 = ip.src - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - - self.vapi.nat64_add_del_static_bib(server.ip6n, - self.nat_addr, - server_tcp_in_port, - server_tcp_out_port, - IP_PROTOS.tcp) - self.vapi.nat64_add_del_static_bib(server.ip6n, - self.nat_addr, - server_udp_in_port, - server_udp_out_port, - IP_PROTOS.udp) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=self.nat_addr, + i_port=server_tcp_in_port, + o_port=server_tcp_out_port, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=self.nat_addr, + i_port=server_udp_in_port, + o_port=server_udp_out_port, + proto=IP_PROTOS.udp, vrf_id=0, + is_add=1) # client to server pkts = [] @@ -7923,21 +8316,27 @@ class TestNAT64(MethodHolder): def test_prefix(self): """ NAT64 Network-Specific Prefix """ - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - self.vapi.nat64_add_del_pool_addr_range(self.vrf1_nat_addr, - self.vrf1_nat_addr, - vrf_id=self.vrf1_id) - self.vapi.nat64_add_del_interface(1, flags, self.pg2.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.vrf1_nat_addr, + end_addr=self.vrf1_nat_addr, + vrf_id=self.vrf1_id, is_add=1) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg2.sw_if_index) # Add global prefix global_pref64 = "2001:db8::" global_pref64_len = 32 global_pref64_str = "{}/{}".format(global_pref64, global_pref64_len) - self.vapi.nat64_add_del_prefix(global_pref64_str) + self.vapi.nat64_add_del_prefix(prefix=global_pref64_str, vrf_id=0, + is_add=1) prefix = self.vapi.nat64_prefix_dump() self.assertEqual(len(prefix), 1) @@ -7949,7 +8348,8 @@ class TestNAT64(MethodHolder): vrf1_pref64 = "2001:db8:122:300::" vrf1_pref64_len = 56 vrf1_pref64_str = "{}/{}".format(vrf1_pref64, vrf1_pref64_len) - self.vapi.nat64_add_del_prefix(vrf1_pref64_str, vrf_id=self.vrf1_id) + self.vapi.nat64_add_del_prefix(prefix=vrf1_pref64_str, + vrf_id=self.vrf1_id, is_add=1) prefix = self.vapi.nat64_prefix_dump() self.assertEqual(len(prefix), 2) @@ -8001,11 +8401,15 @@ class TestNAT64(MethodHolder): def test_unknown_proto(self): """ NAT64 translate packet with unknown protocol """ - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) remote_ip6 = self.compose_ip6(self.pg1.remote_ip4, '64:ff9b::', 96) # in2out @@ -8069,29 +8473,35 @@ class TestNAT64(MethodHolder): server_nat_ip6 = self.compose_ip6(server_nat_ip, '64:ff9b::', 96) client_nat_ip6 = self.compose_ip6(client_nat_ip, '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(server_nat_ip, - client_nat_ip) + self.vapi.nat64_add_del_pool_addr_range(start_addr=server_nat_ip, + end_addr=client_nat_ip, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - - self.vapi.nat64_add_del_static_bib(server.ip6n, - server_nat_ip, - server_tcp_in_port, - server_tcp_out_port, - IP_PROTOS.tcp) - - self.vapi.nat64_add_del_static_bib(server.ip6n, - server_nat_ip, - 0, - 0, - IP_PROTOS.gre) - - self.vapi.nat64_add_del_static_bib(client.ip6n, - client_nat_ip, - client_tcp_in_port, - client_tcp_out_port, - IP_PROTOS.tcp) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=server_nat_ip, + i_port=server_tcp_in_port, + o_port=server_tcp_out_port, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) + + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=server_nat_ip, i_port=0, + o_port=0, + proto=IP_PROTOS.gre, vrf_id=0, + is_add=1) + + self.vapi.nat64_add_del_static_bib(i_addr=client.ip6n, + o_addr=client_nat_ip, + i_port=client_tcp_in_port, + o_port=client_tcp_out_port, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) # client to server p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -8146,11 +8556,15 @@ class TestNAT64(MethodHolder): '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg3.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg3.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg3.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg3.sw_if_index) # in2out p = (Ether(src=self.pg3.remote_mac, dst=self.pg3.local_mac) / @@ -8199,11 +8613,15 @@ class TestNAT64(MethodHolder): """ NAT64 translate fragments arriving in order """ self.tcp_port_in = random.randint(1025, 65535) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) reass = self.vapi.nat_reass_dump() reass_n_start = len(reass) @@ -8256,18 +8674,23 @@ class TestNAT64(MethodHolder): ip = IPv6(src=''.join(['64:ff9b::', self.nat_addr])) nat_addr_ip6 = ip.src - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) # add static BIB entry for server - self.vapi.nat64_add_del_static_bib(server.ip6n, - self.nat_addr, - server_in_port, - server_out_port, - IP_PROTOS.tcp) + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=self.nat_addr, + i_port=server_in_port, + o_port=server_out_port, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) # send packet from host to server pkts = self.create_stream_frag_ip6(self.pg0, @@ -8288,11 +8711,15 @@ class TestNAT64(MethodHolder): """ NAT64 translate fragments arriving out of order """ self.tcp_port_in = random.randint(1025, 65535) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) # in2out data = b'a' * 200 @@ -8331,7 +8758,9 @@ class TestNAT64(MethodHolder): def test_interface_addr(self): """ Acquire NAT64 pool addresses from interface """ - self.vapi.nat64_add_del_interface_addr(self.pg4.sw_if_index) + self.vapi.nat64_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg4.sw_if_index) # no address in NAT64 pool addresses = self.vapi.nat44_address_dump() @@ -8359,11 +8788,15 @@ class TestNAT64(MethodHolder): '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) pkts = [] src = "" @@ -8387,7 +8820,8 @@ class TestNAT64(MethodHolder): path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IPv6(src=src, dst=remote_host_ip6) / @@ -8442,18 +8876,24 @@ class TestNAT64(MethodHolder): def test_ipfix_max_frags(self): """ IPFIX logging maximum fragments pending reassembly exceeded """ - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - self.vapi.nat_set_reass(max_frag=1, is_ip6=1) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=1, + drop_frag=0, is_ip6=1) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) data = b'a' * 200 pkts = self.create_stream_frag_ip6(self.pg0, self.pg1.remote_ip4, @@ -8492,17 +8932,22 @@ class TestNAT64(MethodHolder): '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) # Create p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / @@ -8544,8 +8989,9 @@ class TestNAT64(MethodHolder): # Delete self.pg_enable_capture(self.pg_interfaces) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr, + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, is_add=0) self.vapi.cli("ipfix flush") # FIXME this should be an API call capture = self.pg3.get_capture(2) @@ -8578,11 +9024,15 @@ class TestNAT64(MethodHolder): '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) self.vapi.syslog_set_filter(SYSLOG_SEVERITY.INFO) self.vapi.syslog_set_sender(self.pg3.local_ip4n, self.pg3.remote_ip4n) @@ -8599,8 +9049,9 @@ class TestNAT64(MethodHolder): self.pg_enable_capture(self.pg_interfaces) self.pg_start() - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr, + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, is_add=0) capture = self.pg3.get_capture(1) self.verify_syslog_sess(capture[0][Raw].load, False, True) @@ -8609,52 +9060,51 @@ class TestNAT64(MethodHolder): """ Return number of active NAT64 sessions. """ - st = self.vapi.nat64_st_dump() + st = self.vapi.nat64_st_dump(proto=255) return len(st) def clear_nat64(self): """ Clear NAT64 configuration. """ - self.vapi.nat_ipfix_enable_disable(enable=0, + self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, src_port=self.ipfix_src_port, - domain_id=self.ipfix_domain_id) + enable=0) self.ipfix_src_port = 4739 self.ipfix_domain_id = 1 self.vapi.syslog_set_filter(SYSLOG_SEVERITY.EMERG) - self.vapi.nat_set_timeouts() + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=240, icmp=60) interfaces = self.vapi.nat64_interface_dump() for intf in interfaces: - self.vapi.nat64_add_del_interface(0, - intf.flags, - intf.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=0, flags=intf.flags, + sw_if_index=intf.sw_if_index) - bib = self.vapi.nat64_bib_dump(255) + bib = self.vapi.nat64_bib_dump(proto=255) for bibe in bib: if bibe.flags & self.config_flags.NAT_IS_STATIC: - self.vapi.nat64_add_del_static_bib(bibe.i_addr, - bibe.o_addr, - bibe.i_port, - bibe.o_port, - bibe.proto, - bibe.vrf_id, + self.vapi.nat64_add_del_static_bib(i_addr=bibe.i_addr, + o_addr=bibe.o_addr, + i_port=bibe.i_port, + o_port=bibe.o_port, + proto=bibe.proto, + vrf_id=bibe.vrf_id, is_add=0) adresses = self.vapi.nat64_pool_addr_dump() for addr in adresses: - self.vapi.nat64_add_del_pool_addr_range(addr.address, - addr.address, + self.vapi.nat64_add_del_pool_addr_range(start_addr=addr.address, + end_addr=addr.address, vrf_id=addr.vrf_id, is_add=0) prefixes = self.vapi.nat64_prefix_dump() for prefix in prefixes: - self.vapi.nat64_add_del_prefix(str(prefix.prefix), - vrf_id=prefix.vrf_id, - is_add=0) + self.vapi.nat64_add_del_prefix(prefix=str(prefix.prefix), + vrf_id=prefix.vrf_id, is_add=0) bibs = self.statistics.get_counter('/nat64/total-bibs') self.assertEqual(bibs[0][0], 0) @@ -8733,11 +9183,12 @@ class TestDSlite(MethodHolder): nat_config = self.vapi.nat_show_config() self.assertEqual(0, nat_config.dslite_ce) - self.vapi.dslite_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.dslite_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + is_add=1) aftr_ip4 = '192.0.0.1' aftr_ip6 = '2001:db8:85a3::8a2e:370:1' - self.vapi.dslite_set_aftr_addr(aftr_ip6, aftr_ip4) + self.vapi.dslite_set_aftr_addr(ip4_addr=aftr_ip4, ip6_addr=aftr_ip6) self.vapi.syslog_set_sender(self.pg2.local_ip4n, self.pg2.remote_ip4n) # UDP @@ -8910,12 +9361,12 @@ class TestDSliteCE(MethodHolder): b4_ip4 = '192.0.0.2' b4_ip6 = '2001:db8:62aa::375e:f4c1:1' - self.vapi.dslite_set_b4_addr(b4_ip6, b4_ip4) + self.vapi.dslite_set_b4_addr(ip4_addr=b4_ip4, ip6_addr=b4_ip6) aftr_ip4 = '192.0.0.1' aftr_ip6 = '2001:db8:85a3::8a2e:370:1' aftr_ip6_n = socket.inet_pton(socket.AF_INET6, aftr_ip6) - self.vapi.dslite_set_aftr_addr(aftr_ip6, aftr_ip4) + self.vapi.dslite_set_aftr_addr(ip4_addr=aftr_ip4, ip6_addr=aftr_ip6) self.vapi.ip_add_del_route(dst_address=aftr_ip6_n, dst_address_length=128, @@ -9009,10 +9460,14 @@ class TestNAT66(MethodHolder): def test_static(self): """ 1:1 NAT66 test """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat66_add_del_interface(self.pg0.sw_if_index, flags=flags) - self.vapi.nat66_add_del_interface(self.pg1.sw_if_index) - self.vapi.nat66_add_del_static_mapping(self.pg0.remote_ip6n, - self.nat_addr) + self.vapi.nat66_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat66_add_del_interface(is_add=1, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=self.pg0.remote_ip6n, + external_ip_address=self.nat_addr, + is_add=1) # in2out pkts = [] @@ -9083,10 +9538,14 @@ class TestNAT66(MethodHolder): def test_check_no_translate(self): """ NAT66 translate only when egress interface is outside interface """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat66_add_del_interface(self.pg0.sw_if_index, flags=flags) - self.vapi.nat66_add_del_interface(self.pg1.sw_if_index, flags=flags) - self.vapi.nat66_add_del_static_mapping(self.pg0.remote_ip6n, - self.nat_addr) + self.vapi.nat66_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat66_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=self.pg0.remote_ip6n, + external_ip_address=self.nat_addr, + is_add=1) # in2out p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -9110,16 +9569,15 @@ class TestNAT66(MethodHolder): """ interfaces = self.vapi.nat66_interface_dump() for intf in interfaces: - self.vapi.nat66_add_del_interface(intf.sw_if_index, - is_add=0, - flags=intf.flags) + self.vapi.nat66_add_del_interface(is_add=0, flags=intf.flags, + sw_if_index=intf.sw_if_index) static_mappings = self.vapi.nat66_static_mapping_dump() for sm in static_mappings: - self.vapi.nat66_add_del_static_mapping(sm.local_ip_address, - sm.external_ip_address, - sm.vrf_id, - is_add=0) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=sm.local_ip_address, + external_ip_address=sm.external_ip_address, vrf_id=sm.vrf_id, + is_add=0) def tearDown(self): super(TestNAT66, self).tearDown() @@ -9129,5 +9587,6 @@ class TestNAT66(MethodHolder): self.logger.info(self.vapi.cli("show nat66 interfaces")) self.logger.info(self.vapi.cli("show nat66 static mappings")) + if __name__ == '__main__': unittest.main(testRunner=VppTestRunner) |