summaryrefslogtreecommitdiffstats
path: root/test/test_nat.py
AgeCommit message (Collapse)AuthorFilesLines
2019-02-27NAT44: active-passive HA (VPP-1571)Matus Fabian1-2/+351
session synchronization so that we can build a plain active-passive HA NAT pair Change-Id: I21db200491081ca46b7af3e82afc677c1985abf4 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2019-01-30Use IP and MAC API types for neighborsNeale Ranns1-30/+44
use address_t and mac_address_t for IPv6 and ARP entries and all other API calls in ip.api aprat from the route ones, that will follow in a separate commit Change-Id: I67161737c2184d3f8fc1e79ebd2b55121c5b0191 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-01-18VTL: Don't swallow exceptions from syslog_rfc5424_parserPaul Vinciguerra1-6/+11
Change-Id: I4e93073ceb7b75476e847ae8d56301770c8b264f Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2018-12-21MAP: Convert from DPO to input feature.Jon Loeliger1-2/+1
Change-Id: I25c86aea23dff19656449b23133db27b1f062ac0 Signed-off-by: Jon Loeliger <jdl@netgate.com> Signed-off-by: Ole Troan <ot@cisco.com>
2018-12-20NAT: total users and sessions gauges (VPP-1484)Matus Fabian1-0/+33
Change-Id: I41a82e21571d5c64d01af72cd88c3983afac26ed Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-12-20Tests: Cleanup @skip decorator.Paul Vinciguerra1-10/+10
The runnning environment is static as of module load time, so only evalute the conditions once at module load time. Track-by: VPP-1518 Change-Id: I73b0d17ae1ff90789e70307f168d43921829aec8 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2018-12-18NAT44: nat44_add_del_lb_static_mapping enhancements (VPP-1514)Matus Fabian1-0/+60
Change-Id: I5419e06592b0402e911e132796368800321f355a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-12-18PAPI: Add MACAddress object wrapper for vl_api_mac_address_tOle Troan1-7/+7
Change the definition of vl_api_mac_address_t to an aliased type. Change-Id: I1434f316d0fad6a099592f39bceeb8faeaf1d134 Signed-off-by: Ole Troan <ot@cisco.com>
2018-12-14NAT: counters (VPP-1484)Matus Fabian1-1/+115
Change-Id: I5d1852a09712adfe7547c200d161539736aca6f5 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-12-10Test framework: StringIO fixes for Python3Ole Troan1-6/+6
Add 2/3 support to binarytomac and mactobinary and move to vpp_mac.py Change-Id: I3dc7e4a24486aee22140c781aae7e44e58935877 Signed-off-by: Ole Troan <ot@cisco.com>
2018-11-30Tests: Fix traceback.Paul Vinciguerra1-15/+14
self.assertTrue(packet.haslayer(msg_type)) File "/usr/lib/python2.7/unittest/case.py", line 422, in assertTrue raise self.failureException(msg) AssertionError: 0 is not true * Scapy packet.haslayer() returns 1 or 0. Replace with assertEqual(packet.haslayer(), 1) to fix tracebacks. * Scapy has multiple layers called TCP/UDP Specify the module name to prevent namespace collisions. * Remove duplicate import. Change-Id: I600f9f330075cd40e1da50f8b2ceb24f645f2c20 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2018-11-29NAT: syslog - sessions logging (VPP-1139)Matus Fabian1-1/+173
Change-Id: I6e0b7cf37c1a9ac66f8ac011db29504e57844ee9 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-26Python3 tests: Fix asserts.Paul Vinciguerra1-4/+4
Use assert(Not)Equal() Use assert{Greater,Less}[Equal] Change-Id: I7c14570b8dce463ee13a67e9c1f10beb1a0308a8 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2018-11-23NAT44: improve expired sessions reuse (VPP-1503)Matus Fabian1-17/+2
Change-Id: Iab506f127136c94a641df31ded108016de26260b Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-22MAP: Use explicit address/prefix types in APIOle Troan1-0/+2
Change-Id: Ic751fecc4a060eedcdb9eaf5d02e1416c838fd63 Signed-off-by: Ole Troan <ot@cisco.com>
2018-11-22NAT44: Apply transitory timeout on TCP RST (VPP-1494)Matus Fabian1-0/+51
RFC7857 section 2.2. Change-Id: I031af5fe379b72262e83fd8565c34fa1b772f2c8 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-20NAT44: fix virtual fragmentation reassembly in forwarding mode (VPP-1501)Matus Fabian1-0/+26
Change-Id: Id86d8aa8753b9b2ff4c709b11e3901ba8d552918 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-19NAT44: fix bug in TCP close with output-feature interface (VPP-1493)Matus Fabian1-0/+82
Change-Id: If8c883d6b1ee58de9a03012d3567ec82211a0225 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-19NAT44: fix ICMP virtual fragmentation reassembly (VPP-1466)Matus Fabian1-109/+22
Change-Id: I8006bca02948d9121f474a3d14f0576747bb3c51 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-12NAT44: identity NAT fix (VPP-1441)Matus Fabian1-0/+4
Change-Id: Ic4affc54d15d08b9b730f6ec6146ee053b28b4b6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-08NAT44: do not create session record for identity mapping (VPP-1439)Matus Fabian1-0/+3
Change-Id: I39a3146a4e4ba8eadf50af7113b9ae6b1c1d688f Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-24NAT44: endpoint-dependent mode session timeout improvement (VPP-1423)Matus Fabian1-0/+10
Change-Id: I630f3da1ea4e6e50a50f1352c097becef1efe3c0 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-20NAT44 virtual fragmentation reassembly for endpoint-dependent mode (VPP-1325)Juraj Sloboda1-16/+518
Change-Id: I36ece2ef2eaef9fa559d69ec7f7f07e7c16a7a9d Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-09-13NAT: TCP MSS clampingMatus Fabian1-0/+52
NAT plugin changes the MSS value in TCP SYN packets to avoid fragmentation. If the negotiated MSS value is greater than the configured value it is changed to the configured value. If the negotiated MSS value is smaller than the configured value it remains unchanged. Change-Id: Ic3c4f94a2f1b76e2bf79f50f3ad36a4097f3f188 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-06NAT: fix maximum out of order fragments (VPP-1399)Matus Fabian1-6/+8
All fragments should be dropped when max_frag is 1 and 2 non-initial fragments are received before first fragment. Change-Id: Id0c968f45629698e347e8226c5926f27b48b82d6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-06NAT: test cleanup (VPP-1252)Matus Fabian1-30/+11
"assertEqual(len(capture), <expected packet count>)" no more needed since it is done by get_capture Change-Id: I1cbe223cf55198cec946b8ea0883f2a4fa632005 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-04NAT: add support for configurable port range (VPP-1346)Matus Fabian1-3/+32
Change-Id: I6882b6daa05db866fe6e78a62b380ec331507f74 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-03NAT44: client-IP based session affinity for load-balancing (VPP-1297)Matus Fabian1-0/+61
Enable client-IP based session affinity per LB NAT rule with specific timeout. Change-Id: I9aade152e330218d21dfda99cc5e984d769ab806 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-27NAT44: add support for session timeout (VPP-1272)Matus Fabian1-40/+185
NAT44 (vanilla/simple and endpoint-dependent mode) now lazily delete expired sessions. When inserting to session lookup hash and bucket is full, expired session is overwritten. Change-Id: Ib1b34959f60f0ca4f5b13525b1d41dd2f992288d Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-22NAT: update nat_show_config_reply API (VPP-1403)Matus Fabian1-0/+12
Change-Id: I85383e428cb54c4c09ab387811dd6390f7c61d97 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-15NAT44: fix next_src_nat (VPP-1384)Matus Fabian1-0/+57
Use rx_fib_index instead of sm->inside_fib_index for session lookup key. Change-Id: I2d6cce5b9376fa8ac4d75a9bbfa8498be0fd1493 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-15NAT64: fix TCP session expire (VPP-1390)Matus Fabian1-3/+3
Add missing call of nat64_tcp_session_set_state to set TCP session state. Change-Id: Ifd297ea3ffe20870e1e34a95449b5c9404ec13eb Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-09NAT44: delete user with zero sessions (VPP-1282)Matus Fabian1-0/+12
Change-Id: I756e3ad3de9ffe1494221ef95c1943c8591f8f50 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-08-02NAT44: LB NAT - local backends in multiple VRFs (VPP-1345)Matus Fabian1-9/+16
Add support for local backends in multiple VRFs for load-balancing NAT rules. Change-Id: I64e6818bd67a7e69985003498cf1f16f7200c334 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-07-23NAT44: fix forwarding feature bug (VPP-1349)Matus Fabian1-16/+3
Change-Id: I5009fcfde5c627d59dea3edda15486b9392134a2 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-07-10NAT44: multiple outside FIB tables (VPP-1314)Matus Fabian1-21/+442
Change-Id: I56eb15f8fd2d3049845287dc3df7870582764f8b Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-07-10Do not translate packets destined for NAT64 inside interface (VPP-1331)Juraj Sloboda1-2/+60
Change-Id: Ieb8020f57ed5ad20daf552cd62ae3fdd8c573926 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-06-26NAT44: fix nat44_ed_not_translate_output_feature (VPP-1329)Matus Fabian1-0/+25
Change-Id: Iddb0b848c53da03116524e203c7112c82b401ac5 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-06-15NAT44: endpoint dependent mode (VPP-1273)Matus Fabian1-936/+1105
To enable NAT plugin endpoint dependent mode add following to statrup config: nat { endpoint-dependent } Enable endpoint dependent filtering and mapping for all sessions. Move some existing functionality such as service load balancing, twice nat, out2in-only static mappings and unknown protocol dynamic translations, which use endpoint dependent lookup hash tables before. Basically split to vanilla NAT44 and extra features NAT44. Change-Id: I3925eb5ddcc8f1ec4cf6af4e2a618a7ec7aa9735 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-28NAT44: code cleanup and refactor (VPP-1285)Matus Fabian1-136/+150
Change-Id: I088163f10ae5515d7a9115781cc13ef563fafed5 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-17NAT44: nat44_del_session and nat44_user_session_details API update (VPP-1271)Matus Fabian1-24/+54
Change-Id: I484d79000c1bbd87ff83847cf567bf3414a719d3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-16make test: unify packet checksum verificationsKlement Sekera1-234/+65
Change-Id: If9cc7c5e32ebecff398fd38b39e8f485754a4ad4 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-05-14NAT44: delete closed TCP session (VPP-1274)Matus Fabian1-3/+3
Change-Id: Id25b447bddccb7b321123e4abc4134e7261a0807 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-10NAT44: sessions counters per user fix (VPP-1270)Matus Fabian1-0/+25
Change-Id: I6306b81e0e1c3e1c591f929a76bb265c1c1d0859 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-08NAT44: TCP connection close detection (VPP-1266)Matus Fabian1-44/+233
Change-Id: Iba1cc1179ee80478e29888790a6476571d1904dc Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-24NAT44: one-armed NAT and identity mapping (VPP-1212)Matus Fabian1-0/+3
Change-Id: I228728bacfca6056dc409a96de1bffb9cadcd3e6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-19Add special Twice-NAT feature (VPP-1221)Juraj Sloboda1-96/+125
When enabled then Twice-NAT is applied only when source IP equals destination IP after DNAT Change-Id: I58a9d1d222b2a10c83eafffb2107f32c1b4aa3a8 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-04-13NAT66: Do not translate if packet not aimed at outside interfaceJuraj Sloboda1-0/+23
Change-Id: Id5a2a90d81cc9cb87cb6fb89ac2f4ca3cbcb51e2 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-03-28NAT44: make 1:1NAT for DHCP addressed interface persistentMatus Fabian1-12/+48
Static mapping is not deleted from resolution vector after address is set on interface. Change-Id: Ib7c45ca2e307123d101248c5a1b17d130ac32cd0 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-22NAT44: interface output feature and dst NAT (VPP-1200)Matus Fabian1-0/+59
Do not translate packet which go out via nat44-in2out-output and was tranlated in nat44-out2in before. On way back forward packet to nat44-in2out node. Change-Id: I934d69856f0178c86ff879bc691c9e074b8485c8 Signed-off-by: Matus Fabian <matfabia@cisco.com>