summaryrefslogtreecommitdiffstats
path: root/src/plugins/map/test/test_map_br.py
AgeCommit message (Collapse)AuthorFilesLines
2021-05-13tests: move test source to vpp/testDave Wallace1-694/+0
- Generate copyright year and version instead of using hard-coded data Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e
2020-03-24map: fix translation of icmp6 error messagesAlexander Chernavin1-1/+80
Translation of ICMPv6 error messages to ICMP error messages fails because the sender port is not set that leads to securtiy check failure. With this commit, during ICMPv6 error messages translation, get the sender port value from the inner packet. Type: fix Change-Id: I1ee295a3685fab4837172edfb629a699f49afbee Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-15map: fix translation of icmp4 error messagesAlexander Chernavin1-2/+43
ICMP error messages are translated to ICMPv6 error messages with erroneous destination address in the outer IPv6 header because sender port is used instead of receiver port. Both source and destination addresses in the inner IPv6 header are translated erroneously because source and destination addresses of the inner IPv4 header are getting zeroed during the translation. With this commit, use receiver port for translation and save addresses of the inner IPv4 header before translation of the inner header. Type: fix Change-Id: I1e93d54c1bbc154b401adcbb0fb661299655d01a Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-04map: fix map port calculation for ICMPVladimir Isaev1-0/+23
type should be used to get ICMP type instead of code. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Iabf4ae38befde18309caff8efd9e1d956a2fde82
2020-01-30map: Add several more MAP-T BR testsJon Loeliger1-8/+294
Add several more MAP-T BR tests for normal packet flow. Type: test Change-Id: Ica880dd23c923795279e9d08dca2796f2925069a Signed-off-by: Jon Loeliger <jdl@netgate.com>
2020-01-30map: Prevent IPv4 prefix spoofing during IPv6 -> IPv4Jon Loeliger1-0/+265
Prevent malicious packets with spoofed embedded IPv4 addresses by limiting the IPv6 ingress packets to known MAP-T domains. Drop spoofed packets. Add several tests that ensure spoofing isn't allowed. Type: fix Fixes: fc7344f9be Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2 Signed-off-by: Jon Loeliger <jdl@netgate.com>