summaryrefslogtreecommitdiffstats
path: root/test/test_nat44_ed.py
AgeCommit message (Collapse)AuthorFilesLines
2021-08-17nat: fix counters increment for output featureAlexander Chernavin1-1/+1
Type: fix The NAT plugin stores packet counters and a counter represents a vector indexed by interface index. When an interface is assigned a NAT role, the counters are validated to be long enough for the given interface index. When a packet traverses NAT in2out and output feature is disabled, the appropriate counters are updated by the RX interface index. In this case, translation happens on the inside interface and its index was ensured to be valid in all of the counters during NAT role assignment. When a packet traverses NAT in2out and output feature is enabled, the appropriate counters are updated by the RX interface index too. In this case, translation happens on the outside interface and the packet could be received on any interface, even with no NAT role assigned. If that's the case and its index is greater than the greatest index validated in the counters, a new counter value will be written to memory that does not belong to the counter. As a result, a crash will occur at some point. With this change, use TX interface index to update the counters when output feature is enabled. TX interface is an actual interface where translation happens and its index is always valid in the counters. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I53a52af949fe96419e1b5fef4134ab4062198f51
2021-07-29nat: fix ICMP checksum validationKlement Sekera1-0/+44
Handle case where extra data is present in buffer which is not part of IP/ICMP headers. Type: fix Fixes: 05b5a5b3b4b04823776feed6403b5a99b2e06d76 Change-Id: Icfef811470056d38c60fc45cc302139ed7594385 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-07-19nat: harden ICMP handlingKlement Sekera1-0/+4
Verify that headers are not truncated and that checksums are valid. Correct checksum computation in translation code. Type: fix Change-Id: I6acfcec4661411f83c86b15aafac90cd4538c0b5 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-07-14nat: adding support for icmp-error msgFilip Varga1-0/+35
Extending tests. Type: test Change-Id: I98cc1d214ead10ac53fed34a1492d9b5f37975a2 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-07-14nat: refactoring NAT44ED cfg functionsFilip Varga1-11/+2
Refactored & fixed NAT44ED configuration functions used for handling interfaces and nodes. Type: refactor Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I6fbbb7f0fe35d572675997745d53290152987424
2021-06-22nat: don't drop packet with ttl=1 if output featureKlement Sekera1-0/+26
TTL was already decremented in ip4-rewrite so it's okay if it's 1. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I587dc343737c15247eb62837a06d5e44c0d11acc
2021-05-18nat: refactor multiple vrf testsKlement Sekera1-25/+120
Replace VRF test testing multiple scenarios into more simpler tests to improve readability and ease of debugging. Type: refactor Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ibaad5328c73b401f52c5fe513dc0ed68ff3e3374
2021-05-13tests: move test source to vpp/testDave Wallace1-0/+3662
- Generate copyright year and version instead of using hard-coded data Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e