From f4749ca4d26206bb16cced12be7e73ab7b9cdf74 Mon Sep 17 00:00:00 2001 From: Filip Varga Date: Thu, 25 Apr 2019 14:55:32 +0200 Subject: NAT: VPP-1661 - test case cleanup and refactoring Change-Id: I0eb85252d4b489ba25dcf59252e2bcf3b0cd5c6a Signed-off-by: Filip Varga --- test/test_gbp.py | 287 ++++--- test/test_nat.py | 1891 ++++++++++++++++++++++++++++----------------- test/vpp_papi_provider.py | 459 ----------- 3 files changed, 1304 insertions(+), 1333 deletions(-) diff --git a/test/test_gbp.py b/test/test_gbp.py index cc38bc9c1ce..2e6dca5b2b1 100644 --- a/test/test_gbp.py +++ b/test/test_gbp.py @@ -6,7 +6,7 @@ import unittest from scapy.packet import Raw from scapy.layers.l2 import Ether, ARP, Dot1Q from scapy.layers.inet import IP, UDP, ICMP -from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6NDOptSrcLLAddr, \ +from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6NDOptSrcLLAddr, \ ICMPv6ND_NA from scapy.utils6 import in6_getnsma, in6_getnsmac from scapy.layers.vxlan import VXLAN @@ -220,6 +220,7 @@ class VppGbpSubnet(VppObject): """ GBP Subnet """ + def __init__(self, test, rd, address, address_len, type, sw_if_index=None, sclass=None): self._test = test @@ -253,8 +254,8 @@ class VppGbpSubnet(VppObject): ss = self._test.vapi.gbp_subnet_dump() for s in ss: if s.subnet.rd_id == self.rd_id and \ - s.subnet.type == self.type and \ - s.subnet.prefix == self.prefix: + s.subnet.type == self.type and \ + s.subnet.prefix == self.prefix: return True return False @@ -475,7 +476,7 @@ class VppGbpContract(VppObject): cs = self._test.vapi.gbp_contract_dump() for c in cs: if c.contract.sclass == self.sclass \ - and c.contract.dclass == self.dclass: + and c.contract.dclass == self.dclass: return True return False @@ -800,10 +801,12 @@ class TestGBP(VppTestCase): # The BVIs are NAT inside interfaces flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index, - flags=flags) - self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=epg.bvi.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat66_add_del_interface( + is_add=1, flags=flags, + sw_if_index=epg.bvi.sw_if_index) if_ip4 = VppIpInterfaceAddress(self, epg.bvi, epg.bvi_ip4, 32) if_ip6 = VppIpInterfaceAddress(self, epg.bvi, epg.bvi_ip6, 128) @@ -835,9 +838,10 @@ class TestGBP(VppTestCase): recirc.epg.rd.t6).add_vpp_config() self.vapi.nat44_interface_add_del_feature( - recirc.recirc.sw_if_index) + sw_if_index=recirc.recirc.sw_if_index, is_add=1) self.vapi.nat66_add_del_interface( - recirc.recirc.sw_if_index) + is_add=1, + sw_if_index=recirc.recirc.sw_if_index) recirc.add_vpp_config() @@ -858,14 +862,18 @@ class TestGBP(VppTestCase): # Add static mappings for each EP from the 10/8 to 11/8 network if ip.af == AF_INET: flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(ip.bytes, - fip.bytes, - vrf_id=0, - flags=flags) + self.vapi.nat44_add_del_static_mapping( + is_add=1, + local_ip_address=ip.bytes, + external_ip_address=fip.bytes, + external_sw_if_index=0xFFFFFFFF, + vrf_id=0, + flags=flags) else: - self.vapi.nat66_add_del_static_mapping(ip.bytes, - fip.bytes, - vrf_id=0) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=ip.bytes, + external_ip_address=fip.bytes, + vrf_id=0, is_add=1) # VPP EP create ... ep.add_vpp_config() @@ -1138,9 +1146,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -1158,9 +1166,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c2.add_vpp_config() @@ -1200,9 +1208,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c3.add_vpp_config() @@ -1305,9 +1313,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c4.add_vpp_config() @@ -1346,9 +1354,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c5.add_vpp_config() @@ -1405,34 +1413,37 @@ class TestGBP(VppTestCase): for ep in eps: # del static mappings for each EP from the 10/8 to 11/8 network flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(ep.ip4.bytes, - ep.fip4.bytes, - vrf_id=0, - is_add=0, - flags=flags) - self.vapi.nat66_add_del_static_mapping(ep.ip6.bytes, - ep.fip6.bytes, - vrf_id=0, - is_add=0) + self.vapi.nat44_add_del_static_mapping( + is_add=0, + local_ip_address=ep.ip4.bytes, + external_ip_address=ep.fip4.bytes, + external_sw_if_index=0xFFFFFFFF, + vrf_id=0, + flags=flags) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=ep.ip6.bytes, + external_ip_address=ep.fip6.bytes, + vrf_id=0, is_add=0) for epg in epgs: # IP config on the BVI interfaces if epg != epgs[0] and epg != epgs[3]: flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index, - flags=flags, - is_add=0) - self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index, - flags=flags, - is_add=0) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=epg.bvi.sw_if_index, + flags=flags, + is_add=0) + self.vapi.nat66_add_del_interface( + is_add=0, flags=flags, + sw_if_index=epg.bvi.sw_if_index) for recirc in recircs: self.vapi.nat44_interface_add_del_feature( - recirc.recirc.sw_if_index, + sw_if_index=recirc.recirc.sw_if_index, is_add=0) self.vapi.nat66_add_del_interface( - recirc.recirc.sw_if_index, - is_add=0) + is_add=0, + sw_if_index=recirc.recirc.sw_if_index) def wait_for_ep_timeout(self, sw_if_index=None, ip=None, mac=None, n_tries=100, s_time=1): @@ -1732,7 +1743,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * 65, self.pg0) for l in learnt: self.assertFalse(find_gbp_endpoint(self, @@ -1755,7 +1766,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * 65, self.pg0) self.assertTrue(find_gbp_endpoint(self, vx_tun_l2_1.sw_if_index, @@ -1807,31 +1818,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) - - self.assertTrue(find_gbp_endpoint(self, - vx_tun_l2_1.sw_if_index, - mac=l['mac'])) - - # - # repeat in the other EPG - # there's no contract between 220 and 330, but the sclass is set to 1 - # so the packet is cleared for delivery - # - for l in learnt: - # a packet with an sclass from a known EPG - p = (Ether(src=self.pg2.remote_mac, - dst=self.pg2.local_mac) / - IP(src=self.pg2.remote_hosts[1].ip4, - dst=self.pg2.local_ip4) / - UDP(sport=1234, dport=48879) / - VXLAN(vni=99, gpid=1, flags=0x88) / - Ether(src=l['mac'], dst=ep.mac) / - IP(src=l['ip'], dst=ep.ip4.address) / - UDP(sport=1234, dport=1234) / - Raw('\xa5' * 100)) - - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * 65, self.pg0) self.assertTrue(find_gbp_endpoint(self, vx_tun_l2_1.sw_if_index, @@ -1864,7 +1851,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * 65, self.pg0) self.assertTrue(find_gbp_endpoint(self, vx_tun_l2_1.sw_if_index, @@ -1882,9 +1869,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -1943,7 +1930,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * 65, self.pg0) self.assertTrue(find_gbp_endpoint(self, vx_tun_l2_1.sw_if_index, @@ -2363,7 +2350,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rxs = self.send_and_expect(self.pg0, p*1, self.pg2) + rxs = self.send_and_expect(self.pg0, p * 1, self.pg2) for rx in rxs: self.assertEqual(rx[IP].src, self.pg2.local_ip4) @@ -2436,7 +2423,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rxs = self.send_and_expect(self.pg0, p*65, self.pg2) + rxs = self.send_and_expect(self.pg0, p * 65, self.pg2) for rx in rxs: self.assertEqual(rx[IP].src, self.pg2.local_ip4) @@ -2575,7 +2562,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rxs = self.send_and_expect(self.pg0, p*65, self.pg2) + rxs = self.send_and_expect(self.pg0, p * 65, self.pg2) for rx in rxs: self.assertEqual(rx[IP].src, self.pg2.local_ip4) @@ -2866,13 +2853,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -2885,13 +2872,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c2.add_vpp_config() @@ -2998,13 +2985,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -3017,13 +3004,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c2.add_vpp_config() @@ -3082,13 +3069,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c3.add_vpp_config() @@ -3114,9 +3101,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c4.add_vpp_config() @@ -3196,13 +3183,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_DST_IP, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_DST_IP, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c5.add_vpp_config() @@ -3497,9 +3484,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -3511,9 +3498,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c2.add_vpp_config() c3 = VppGbpContract( @@ -3521,9 +3508,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c3.add_vpp_config() @@ -3653,9 +3640,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c4.add_vpp_config() @@ -3689,22 +3676,6 @@ class TestGBP(VppTestCase): self.assertEqual(inner[IP].src, "10.220.0.1") self.assertEqual(inner[IP].dst, "10.222.0.1") - # - # ping from host in remote to local external subnets - # there's no contract for this, but sclass is 1. - # - p = (Ether(src=self.pg7.remote_mac, dst=self.pg7.local_mac) / - IP(src=self.pg7.remote_ip4, dst=self.pg7.local_ip4) / - UDP(sport=1234, dport=48879) / - VXLAN(vni=445, gpid=1, flags=0x88) / - Ether(src=self.pg0.remote_mac, dst=str(self.router_mac)) / - IP(src="10.222.0.1", dst="10.220.0.1") / - UDP(sport=1234, dport=1234) / - Raw('\xa5' * 100)) - - rxs = self.send_and_expect(self.pg7, p * 3, self.pg0) - self.assertFalse(find_gbp_endpoint(self, ip="10.222.0.1")) - # # ping from host in remote to local external subnets # there's no contract for this, but the A bit is set. diff --git a/test/test_nat.py b/test/test_nat.py index c88981b48b4..e0e50c03dde 100644 --- a/test/test_nat.py +++ b/test/test_nat.py @@ -106,90 +106,94 @@ class MethodHolder(VppTestCase): if self.pg7.has_ip4_config: self.pg7.unconfig_ip4() - self.vapi.nat44_forwarding_enable_disable(0) + self.vapi.nat44_forwarding_enable_disable(enable=0) interfaces = self.vapi.nat44_interface_addr_dump() for intf in interfaces: - self.vapi.nat44_add_del_interface_addr(intf.sw_if_index, - flags=intf.flags, - is_add=0) + self.vapi.nat44_add_del_interface_addr( + is_add=0, + sw_if_index=intf.sw_if_index, + flags=intf.flags) - self.vapi.nat_ipfix_enable_disable(enable=0, + self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, src_port=self.ipfix_src_port, - domain_id=self.ipfix_domain_id) + enable=0) self.ipfix_src_port = 4739 self.ipfix_domain_id = 1 self.vapi.syslog_set_filter(SYSLOG_SEVERITY.EMERG) - self.vapi.nat_ha_set_listener('0.0.0.0', 0) - self.vapi.nat_ha_set_failover('0.0.0.0', 0) + self.vapi.nat_ha_set_listener(ip_address='0.0.0.0', port=0, + path_mtu=512) + self.vapi.nat_ha_set_failover(ip_address='0.0.0.0', port=0, + session_refresh_interval=10) interfaces = self.vapi.nat44_interface_dump() for intf in interfaces: if intf.flags & self.config_flags.NAT_IS_INSIDE and \ - intf.flags & self.config_flags.NAT_IS_OUTSIDE: - self.vapi.nat44_interface_add_del_feature(intf.sw_if_index, - is_add=0) - self.vapi.nat44_interface_add_del_feature(intf.sw_if_index, - is_add=0, - flags=intf.flags) + intf.flags & self.config_flags.NAT_IS_OUTSIDE: + self.vapi.nat44_interface_add_del_feature( + sw_if_index=intf.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=intf.sw_if_index, + flags=intf.flags) interfaces = self.vapi.nat44_interface_output_feature_dump() for intf in interfaces: - self.vapi.nat44_interface_add_del_output_feature(intf.sw_if_index, - is_add=0, - flags=intf.flags) + self.vapi.nat44_interface_add_del_output_feature( + is_add=0, + flags=intf.flags, + sw_if_index=intf.sw_if_index) static_mappings = self.vapi.nat44_static_mapping_dump() for sm in static_mappings: self.vapi.nat44_add_del_static_mapping( - sm.local_ip_address, - sm.external_ip_address, - sm.external_sw_if_index, - sm.local_port, - sm.external_port, - sm.vrf_id, - sm.protocol, is_add=0, - flags=sm.flags, - tag=sm.tag) + local_ip_address=sm.local_ip_address, + external_ip_address=sm.external_ip_address, + external_sw_if_index=sm.external_sw_if_index, + local_port=sm.local_port, + external_port=sm.external_port, + vrf_id=sm.vrf_id, + protocol=sm.protocol, + flags=sm.flags, tag=sm.tag) lb_static_mappings = self.vapi.nat44_lb_static_mapping_dump() for lb_sm in lb_static_mappings: self.vapi.nat44_add_del_lb_static_mapping( - lb_sm.external_addr, - lb_sm.external_port, - lb_sm.protocol, - tag=lb_sm.tag, is_add=0, - local_num=0, - locals=[], - flags=lb_sm.flags) + flags=lb_sm.flags, + external_addr=lb_sm.external_addr, + external_port=lb_sm.external_port, + protocol=lb_sm.protocol, + local_num=0, locals=[], + tag=lb_sm.tag) identity_mappings = self.vapi.nat44_identity_mapping_dump() for id_m in identity_mappings: self.vapi.nat44_add_del_identity_mapping( - flags=id_m.flags, - ip=id_m.ip_address, - port=id_m.port, + ip_address=id_m.ip_address, sw_if_index=id_m.sw_if_index, + port=id_m.port, + flags=id_m.flags, vrf_id=id_m.vrf_id, - protocol=id_m.protocol, - is_add=0) + protocol=id_m.protocol) addresses = self.vapi.nat44_address_dump() for addr in addresses: - self.vapi.nat44_add_del_address_range(addr.ip_address, - addr.ip_address, - is_add=0, - flags=addr.flags) - - self.vapi.nat_set_reass() - self.vapi.nat_set_reass(is_ip6=1) + self.vapi.nat44_add_del_address_range( + first_ip_address=addr.ip_address, + last_ip_address=addr.ip_address, + vrf_id=0xFFFFFFFF, flags=addr.flags) + + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=5, + drop_frag=0) + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=5, + drop_frag=0, is_ip6=1) self.verify_no_nat44_user() - self.vapi.nat_set_timeouts() + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=240, icmp=60) self.vapi.nat_set_addr_and_port_alloc_alg() - self.vapi.nat_set_mss_clamping() + self.vapi.nat_set_mss_clamping(enable=0, mss_value=1500) def nat44_add_static_mapping(self, local_ip, external_ip='0.0.0.0', local_port=0, external_port=0, vrf_id=0, @@ -214,16 +218,15 @@ class MethodHolder(VppTestCase): flags |= self.config_flags.NAT_IS_ADDR_ONLY self.vapi.nat44_add_del_static_mapping( - local_ip, - external_ip, - external_sw_if_index, - local_port, - external_port, - vrf_id, - proto, - is_add, - flags, - tag) + is_add=is_add, + local_ip_address=local_ip, + external_ip_address=external_ip, + external_sw_if_index=external_sw_if_index, + local_port=local_port, + external_port=external_port, + vrf_id=vrf_id, protocol=proto, + flags=flags, + tag=tag) def nat44_add_address(self, ip, is_add=1, vrf_id=0xFFFFFFFF, twice_nat=0): """ @@ -234,8 +237,10 @@ class MethodHolder(VppTestCase): :param twice_nat: twice NAT address for external hosts """ flags = self.config_flags.NAT_IS_TWICE_NAT if twice_nat else 0 - self.vapi.nat44_add_del_address_range(ip, ip, is_add, + self.vapi.nat44_add_del_address_range(first_ip_address=ip, + last_ip_address=ip, vrf_id=vrf_id, + is_add=is_add, flags=flags) def create_stream_in(self, in_if, out_if, dst_ip=None, ttl=64): @@ -874,7 +879,8 @@ class MethodHolder(VppTestCase): record[225]) # ingressVRFID self.assertEqual(struct.pack("!I", 0), record[234]) - # protocolIdentifier/sourceTransportPort/postNAPTSourceTransportPort + # protocolIdentifier/sourceTransportPort + # /postNAPTSourceTransportPort if IP_PROTOS.icmp == scapy.compat.orb(record[4]): self.assertEqual(struct.pack("!H", self.icmp_id_in), record[7]) self.assertEqual(struct.pack("!H", self.icmp_id_out), @@ -1559,9 +1565,12 @@ class TestNAT44(MethodHolder): """ NAT44 dynamic translation test """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out tcpn = self.statistics.get_counter( @@ -1627,9 +1636,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # Client side - generate traffic pkts = self.create_stream_in(self.pg0, self.pg1, ttl=1) @@ -1646,9 +1658,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # Client side - create sessions pkts = self.create_stream_in(self.pg0, self.pg1) @@ -1674,9 +1689,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # Client side - generate traffic pkts = self.create_stream_in(self.pg0, self.pg1, ttl=2) @@ -1702,9 +1720,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # Client side - create sessions pkts = self.create_stream_in(self.pg0, self.pg1) @@ -1738,9 +1759,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / IP(src=self.pg1.remote_ip4, dst=self.pg1.local_ip4) / @@ -1766,9 +1790,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # out2in pkt = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / @@ -1796,16 +1823,21 @@ class TestNAT44(MethodHolder): """ NAT44 forwarding test """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_forwarding_enable_disable(enable=1) real_ip = self.pg0.remote_ip4n alias_ip = self.nat_addr flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(local_ip=real_ip, - external_ip=alias_ip, + self.vapi.nat44_add_del_static_mapping(is_add=1, + local_ip_address=real_ip, + external_ip_address=alias_ip, + external_sw_if_index=0xFFFFFFFF, flags=flags) try: @@ -1850,11 +1882,14 @@ class TestNAT44(MethodHolder): self.pg0.remote_hosts[0] = host0 finally: - self.vapi.nat44_forwarding_enable_disable(0) + self.vapi.nat44_forwarding_enable_disable(enable=0) flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(local_ip=real_ip, - external_ip=alias_ip, - is_add=0, flags=flags) + self.vapi.nat44_add_del_static_mapping( + is_add=0, + local_ip_address=real_ip, + external_ip_address=alias_ip, + external_sw_if_index=0xFFFFFFFF, + flags=flags) def test_static_in(self): """ 1:1 NAT initialized from inside network """ @@ -1866,9 +1901,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sm = self.vapi.nat44_static_mapping_dump() self.assertEqual(len(sm), 1) self.assertEqual((sm[0].tag).split(b'\0', 1)[0], b'') @@ -1903,9 +1941,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip, tag=tag) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sm = self.vapi.nat44_static_mapping_dump() self.assertEqual(len(sm), 1) self.assertEqual((sm[0].tag).split(b'\0', 1)[0], tag) @@ -1944,9 +1985,12 @@ class TestNAT44(MethodHolder): self.icmp_id_in, self.icmp_id_out, proto=IP_PROTOS.icmp) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -1982,9 +2026,12 @@ class TestNAT44(MethodHolder): self.icmp_id_in, self.icmp_id_out, proto=IP_PROTOS.icmp) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # out2in pkts = self.create_stream_out(self.pg1) @@ -2016,11 +2063,15 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip2, vrf_id=10) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg3.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg4.sw_if_index, + flags=flags, is_add=1) # inside interface VRF match NAT44 static mapping VRF pkts = self.create_stream_in(self.pg4, self.pg3) @@ -2047,9 +2098,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # dynamic pkts = self.create_stream_in(self.pg0, self.pg1) @@ -2073,12 +2127,16 @@ class TestNAT44(MethodHolder): def test_identity_nat(self): """ Identity NAT """ flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_identity_mapping(ip=self.pg0.remote_ip4n, - flags=flags) + self.vapi.nat44_add_del_identity_mapping( + ip_address=self.pg0.remote_ip4n, sw_if_index=0xFFFFFFFF, + flags=flags, is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / IP(src=self.pg1.remote_ip4, dst=self.pg0.remote_ip4) / @@ -2103,8 +2161,9 @@ class TestNAT44(MethodHolder): sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) self.assertEqual(len(sessions), 0) flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_identity_mapping(ip=self.pg0.remote_ip4n, - flags=flags, vrf_id=1) + self.vapi.nat44_add_del_identity_mapping( + ip_address=self.pg0.remote_ip4n, sw_if_index=0xFFFFFFFF, + flags=flags, vrf_id=1, is_add=1) identity_mappings = self.vapi.nat44_identity_mapping_dump() self.assertEqual(len(identity_mappings), 2) @@ -2113,11 +2172,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg3.sw_if_index, + is_add=1) # between two NAT44 inside interfaces (no translation) pkts = self.create_stream_in(self.pg0, self.pg1) @@ -2173,13 +2236,18 @@ class TestNAT44(MethodHolder): static_nat_ip = "10.0.0.10" self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg5.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg6.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg3.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg4.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg5.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg6.sw_if_index, + flags=flags, is_add=1) self.nat44_add_static_mapping(self.pg6.remote_ip4, static_nat_ip, vrf_id=20) @@ -2332,9 +2400,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for server self.nat44_add_static_mapping(server.ip4, self.nat_addr, @@ -2397,9 +2468,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for servers self.nat44_add_static_mapping(server1.ip4, server1_nat_ip) @@ -2556,9 +2630,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # get maximum number of translations per user nat44_config = self.vapi.nat_show_config() @@ -2605,7 +2682,9 @@ class TestNAT44(MethodHolder): def test_interface_addr(self): """ Acquire NAT44 addresses from interface """ - self.vapi.nat44_add_del_interface_addr(self.pg7.sw_if_index) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg7.sw_if_index) # no address in NAT pool addresses = self.vapi.nat44_address_dump() @@ -2626,7 +2705,9 @@ class TestNAT44(MethodHolder): """ Static mapping with addresses from interface """ tag = b"testTAG" - self.vapi.nat44_add_del_interface_addr(self.pg7.sw_if_index) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg7.sw_if_index) self.nat44_add_static_mapping( '1.2.3.4', external_sw_if_index=self.pg7.sw_if_index, @@ -2686,11 +2767,15 @@ class TestNAT44(MethodHolder): """ Identity NAT with addresses from interface """ port = 53053 - self.vapi.nat44_add_del_interface_addr(self.pg7.sw_if_index) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg7.sw_if_index) self.vapi.nat44_add_del_identity_mapping( + ip_address=b'0', sw_if_index=self.pg7.sw_if_index, port=port, - protocol=IP_PROTOS.tcp) + protocol=IP_PROTOS.tcp, + is_add=1) # identity mappings with external interface identity_mappings = self.vapi.nat44_identity_mapping_dump() @@ -2727,16 +2812,20 @@ class TestNAT44(MethodHolder): bind_layers(UDP, IPFIX, dport=30303) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10, collector_port=collector_port) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -2768,15 +2857,19 @@ class TestNAT44(MethodHolder): def test_ipfix_addr_exhausted(self): """ IPFIX logging NAT addresses exhausted """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -2811,9 +2904,12 @@ class TestNAT44(MethodHolder): """ IPFIX logging maximum session entries exceeded """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) nat44_config = self.vapi.nat_show_config() max_sessions = 10 * nat44_config.translation_buckets @@ -2835,7 +2931,8 @@ class TestNAT44(MethodHolder): path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -2871,9 +2968,12 @@ class TestNAT44(MethodHolder): self.vapi.syslog_set_sender(self.pg3.local_ip4n, self.pg3.remote_ip4n) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -2897,9 +2997,12 @@ class TestNAT44(MethodHolder): static_addr = '10.0.0.10' self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.nat44_add_static_mapping(self.pg0.remote_ip4, static_addr) # NAT44 address @@ -2976,11 +3079,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(nat_ip1, vrf_id=vrf_id1) self.nat44_add_address(nat_ip2, vrf_id=vrf_id2) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg2.sw_if_index, + is_add=1) try: # first VRF @@ -3020,11 +3127,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(nat_ip1) self.nat44_add_address(nat_ip2, vrf_id=99) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg2.sw_if_index, + is_add=1) # first VRF pkts = self.create_stream_in(self.pg0, self.pg2) @@ -3069,9 +3180,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg7.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg8.sw_if_index, + is_add=1) # in2out pkts = self.create_stream_in(self.pg7, self.pg8) @@ -3116,9 +3230,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(self.pg7.remote_ip4, self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg7.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg8.sw_if_index, + is_add=1) # out2in pkts = self.create_stream_out(self.pg8) @@ -3176,9 +3293,12 @@ class TestNAT44(MethodHolder): self.icmp_id_in, self.icmp_id_out, proto=IP_PROTOS.icmp) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg7.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg8.sw_if_index, + is_add=1) # out2in pkts = self.create_stream_out(self.pg8) @@ -3201,9 +3321,12 @@ class TestNAT44(MethodHolder): nat_ip = "10.0.0.10" self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -3257,9 +3380,12 @@ class TestNAT44(MethodHolder): self.nat44_add_static_mapping(host.ip4, host_nat_ip) self.nat44_add_static_mapping(server.ip4, server_nat_ip) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # host to server p = (Ether(dst=self.pg0.local_mac, src=host.mac) / @@ -3305,11 +3431,15 @@ class TestNAT44(MethodHolder): """ NAT44 interface output feature (in2out postrouting) """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_output_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg3.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg3.sw_if_index) # in2out pkts = self.create_stream_in(self.pg0, self.pg3) @@ -3354,11 +3484,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(nat_ip_vrf10, vrf_id=10) self.nat44_add_address(nat_ip_vrf20, vrf_id=20) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_output_feature(self.pg4.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg6.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg3.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg4.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg6.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg3.sw_if_index) # in2out VRF 10 pkts = self.create_stream_in(self.pg4, self.pg3) @@ -3403,9 +3537,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_output_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) # add static mapping for server self.nat44_add_static_mapping(server.ip4, self.nat_addr, @@ -3463,9 +3600,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg9.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg9.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg9.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg9.sw_if_index, + flags=flags, is_add=1) # in2out p = (Ether(src=self.pg9.remote_mac, dst=self.pg9.local_mac) / @@ -3519,9 +3659,12 @@ class TestNAT44(MethodHolder): """ Delete NAT44 session """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -3532,20 +3675,20 @@ class TestNAT44(MethodHolder): sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) nsessions = len(sessions) - self.vapi.nat44_del_session(sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + self.vapi.nat44_del_session(address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=self.config_flags.NAT_IS_INSIDE) - self.vapi.nat44_del_session(sessions[1].outside_ip_address, - sessions[1].outside_port, - sessions[1].protocol) + self.vapi.nat44_del_session(address=sessions[1].outside_ip_address, + port=sessions[1].outside_port, + protocol=sessions[1].protocol) sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) self.assertEqual(nsessions - len(sessions), 2) - self.vapi.nat44_del_session(sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + self.vapi.nat44_del_session(address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=self.config_flags.NAT_IS_INSIDE) self.verify_no_nat44_user() @@ -3556,7 +3699,8 @@ class TestNAT44(MethodHolder): self.vapi.nat_set_reass(timeout=reas_cfg1.ip4_timeout + 5, max_reass=reas_cfg1.ip4_max_reass * 2, - max_frag=reas_cfg1.ip4_max_frag * 2) + max_frag=reas_cfg1.ip4_max_frag * 2, + drop_frag=0) reas_cfg2 = self.vapi.nat_get_reass() @@ -3564,7 +3708,8 @@ class TestNAT44(MethodHolder): self.assertEqual(reas_cfg1.ip4_max_reass * 2, reas_cfg2.ip4_max_reass) self.assertEqual(reas_cfg1.ip4_max_frag * 2, reas_cfg2.ip4_max_frag) - self.vapi.nat_set_reass(drop_frag=1) + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=5, + drop_frag=1) self.assertTrue(self.vapi.nat_get_reass().ip4_drop_frag) def test_frag_in_order(self): @@ -3572,9 +3717,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.frag_in_order(proto=IP_PROTOS.tcp) self.frag_in_order(proto=IP_PROTOS.udp) @@ -3582,12 +3730,17 @@ class TestNAT44(MethodHolder): def test_frag_forwarding(self): """ NAT44 forwarding fragment test """ - self.vapi.nat44_add_del_interface_addr(self.pg1.sw_if_index) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg1.sw_if_index) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_forwarding_enable_disable(enable=1) data = b"A" * 16 + b"B" * 16 + b"C" * 3 pkts = self.create_stream_frag(self.pg1, @@ -3617,9 +3770,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for server self.nat44_add_static_mapping(self.server.ip4, self.nat_addr, self.server_in_port, @@ -3640,9 +3796,12 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.frag_out_of_order(proto=IP_PROTOS.tcp) self.frag_out_of_order(proto=IP_PROTOS.udp) @@ -3652,9 +3811,12 @@ class TestNAT44(MethodHolder): """ Port restricted NAT44 (MAP-E CE) """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.nat_set_addr_and_port_alloc_alg(alg=1, psid_offset=6, psid_length=6, @@ -3685,9 +3847,12 @@ class TestNAT44(MethodHolder): """ External address port range """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.nat_set_addr_and_port_alloc_alg(alg=2, start_port=1025, end_port=1027) @@ -3711,16 +3876,21 @@ class TestNAT44(MethodHolder): """ IPFIX logging maximum fragments pending reassembly exceeded """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_set_reass(max_frag=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=1, + drop_frag=0) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) data = b"A" * 4 + b"B" * 16 + b"C" * 3 self.tcp_port_in = random.randint(1025, 65535) @@ -3774,10 +3944,15 @@ class TestNAT44(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg2.sw_if_index, + is_add=1) try: # first VRF @@ -3829,10 +4004,14 @@ class TestNAT44(MethodHolder): """ NAT44 session timeouts """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_set_timeouts(udp=5) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_set_timeouts(udp=5, tcp_established=7440, + tcp_transitory=240, icmp=60) max_sessions = 1000 pkts = [] @@ -3871,9 +4050,12 @@ class TestNAT44(MethodHolder): """ TCP MSS clamping """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -3888,7 +4070,7 @@ class TestNAT44(MethodHolder): # Negotiated MSS value greater than configured - changed self.verify_mss_value(capture[0], 1000) - self.vapi.nat_set_mss_clamping(enable=0) + self.vapi.nat_set_mss_clamping(enable=0, mss_value=1500) self.pg0.add_stream(p) self.pg_enable_capture(self.pg_interfaces) self.pg_start() @@ -3909,11 +4091,17 @@ class TestNAT44(MethodHolder): """ Send HA session synchronization events (active) """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_ha_set_listener(self.pg3.local_ip4, port=12345) - self.vapi.nat_ha_set_failover(self.pg3.remote_ip4, port=12346) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_ha_set_listener(ip_address=self.pg3.local_ip4, + port=12345, + path_mtu=512) + self.vapi.nat_ha_set_failover(ip_address=self.pg3.remote_ip4, + port=12346, session_refresh_interval=10) bind_layers(UDP, HANATStateSync, sport=12345) # create sessions @@ -3964,9 +4152,9 @@ class TestNAT44(MethodHolder): # delete one session self.pg_enable_capture(self.pg_interfaces) - self.vapi.nat44_del_session(self.pg0.remote_ip4n, - self.tcp_port_in, - IP_PROTOS.tcp, + self.vapi.nat44_del_session(address=self.pg0.remote_ip4n, + port=self.tcp_port_in, + protocol=IP_PROTOS.tcp, flags=self.config_flags.NAT_IS_INSIDE) self.vapi.nat_ha_flush() stats = self.statistics.get_counter('/nat44/ha/del-event-send') @@ -4039,10 +4227,15 @@ class TestNAT44(MethodHolder): """ Receive HA session synchronization events (passive) """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_ha_set_listener(self.pg3.local_ip4, port=12345) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_ha_set_listener(ip_address=self.pg3.local_ip4, + port=12345, + path_mtu=512) bind_layers(UDP, HANATStateSync, sport=12345) self.tcp_port_out = random.randint(1025, 65535) @@ -4347,9 +4540,12 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 translate fragments arriving in order """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.frag_in_order(proto=IP_PROTOS.tcp) self.frag_in_order(proto=IP_PROTOS.udp) self.frag_in_order(proto=IP_PROTOS.icmp) @@ -4357,9 +4553,12 @@ class TestNAT44EndpointDependent(MethodHolder): def test_frag_in_order_dont_translate(self): """ NAT44 don't translate fragments arriving in order """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.nat44_forwarding_enable_disable(enable=True) self.frag_in_order(proto=IP_PROTOS.tcp, dont_translate=True) @@ -4367,9 +4566,12 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 translate fragments arriving out of order """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.frag_out_of_order(proto=IP_PROTOS.tcp) self.frag_out_of_order(proto=IP_PROTOS.udp) self.frag_out_of_order(proto=IP_PROTOS.icmp) @@ -4377,21 +4579,30 @@ class TestNAT44EndpointDependent(MethodHolder): def test_frag_out_of_order_dont_translate(self): """ NAT44 don't translate fragments arriving out of order """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.nat44_forwarding_enable_disable(enable=True) self.frag_out_of_order(proto=IP_PROTOS.tcp, dont_translate=True) def test_frag_in_order_in_plus_out(self): """ in+out interface fragments in order """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) self.server = self.pg1.remote_hosts[0] @@ -4417,7 +4628,8 @@ class TestNAT44EndpointDependent(MethodHolder): self.server_out_addr, proto=IP_PROTOS.icmp) - self.vapi.nat_set_reass(timeout=10) + self.vapi.nat_set_reass(timeout=10, max_reass=1024, max_frag=5, + drop_frag=0) self.frag_in_order_in_plus_out(proto=IP_PROTOS.tcp) self.frag_in_order_in_plus_out(proto=IP_PROTOS.udp) @@ -4426,12 +4638,18 @@ class TestNAT44EndpointDependent(MethodHolder): def test_frag_out_of_order_in_plus_out(self): """ in+out interface fragments out of order """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + flags=flags, is_add=1) self.server = self.pg1.remote_hosts[0] @@ -4457,7 +4675,8 @@ class TestNAT44EndpointDependent(MethodHolder): self.server_out_addr, proto=IP_PROTOS.icmp) - self.vapi.nat_set_reass(timeout=10) + self.vapi.nat_set_reass(timeout=10, max_reass=1024, max_frag=5, + drop_frag=0) self.frag_out_of_order_in_plus_out(proto=IP_PROTOS.tcp) self.frag_out_of_order_in_plus_out(proto=IP_PROTOS.udp) @@ -4472,9 +4691,12 @@ class TestNAT44EndpointDependent(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for server self.nat44_add_static_mapping(self.server.ip4, self.nat_addr, self.server_in_port, @@ -4495,9 +4717,12 @@ class TestNAT44EndpointDependent(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) nat_config = self.vapi.nat_show_config() self.assertEqual(1, nat_config.endpoint_dependent) @@ -4567,16 +4792,21 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 forwarding test """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat44_forwarding_enable_disable(enable=1) real_ip = self.pg0.remote_ip4 alias_ip = self.nat_addr flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(local_ip=real_ip, - external_ip=alias_ip, + self.vapi.nat44_add_del_static_mapping(is_add=1, + local_ip_address=real_ip, + external_ip_address=alias_ip, + external_sw_if_index=0xFFFFFFFF, flags=flags) try: @@ -4626,9 +4856,9 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertTrue(sessions[0].flags & self.config_flags.NAT_IS_EXT_HOST_VALID) self.vapi.nat44_del_session( - sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=(self.config_flags.NAT_IS_INSIDE | self.config_flags.NAT_IS_EXT_HOST_VALID), ext_host_address=sessions[0].ext_host_address, @@ -4637,11 +4867,14 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertEqual(len(sessions), 2) finally: - self.vapi.nat44_forwarding_enable_disable(0) + self.vapi.nat44_forwarding_enable_disable(enable=0) flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_static_mapping(local_ip=real_ip, - external_ip=alias_ip, - is_add=0, flags=flags) + self.vapi.nat44_add_del_static_mapping( + is_add=0, + local_ip_address=real_ip, + external_ip_address=alias_ip, + external_sw_if_index=0xFFFFFFFF, + flags=flags) def test_static_lb(self): """ NAT44 local service load balancing """ @@ -4661,15 +4894,20 @@ class TestNAT44EndpointDependent(MethodHolder): 'vrf_id': 0}] self.nat44_add_address(self.nat_addr) - self.vapi.nat44_add_del_lb_static_mapping(external_addr_n, - external_port, - IP_PROTOS.tcp, - local_num=len(locals), - locals=locals) + self.vapi.nat44_add_del_lb_static_mapping( + is_add=1, + external_addr=external_addr_n, + external_port=external_port, + protocol=IP_PROTOS.tcp, + local_num=len(locals), + locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # from client to service p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / @@ -4719,9 +4957,9 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertTrue(sessions[0].flags & self.config_flags.NAT_IS_EXT_HOST_VALID) self.vapi.nat44_del_session( - sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=(self.config_flags.NAT_IS_INSIDE | self.config_flags.NAT_IS_EXT_HOST_VALID), ext_host_address=sessions[0].ext_host_address, @@ -4750,15 +4988,19 @@ class TestNAT44EndpointDependent(MethodHolder): 'vrf_id': 0}] self.nat44_add_address(self.nat_addr) - self.vapi.nat44_add_del_lb_static_mapping(external_addr, - external_port, - IP_PROTOS.tcp, + self.vapi.nat44_add_del_lb_static_mapping(is_add=1, + external_addr=external_addr, + external_port=external_port, + protocol=IP_PROTOS.tcp, local_num=len(locals), locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) server1_n = 0 server2_n = 0 @@ -4780,13 +5022,20 @@ class TestNAT44EndpointDependent(MethodHolder): server2_n += 1 self.assertGreater(server1_n, server2_n) + local = { + 'addr': server3.ip4n, + 'port': local_port, + 'probability': 20, + 'vrf_id': 0 + } + # add new back-end - self.vapi.nat44_lb_static_mapping_add_del_local(external_addr, - external_port, - server3.ip4n, - local_port, - IP_PROTOS.tcp, - 20) + self.vapi.nat44_lb_static_mapping_add_del_local( + is_add=1, + external_addr=external_addr, + external_port=external_port, + local=local, + protocol=IP_PROTOS.tcp) server1_n = 0 server2_n = 0 server3_n = 0 @@ -4813,14 +5062,20 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertGreater(server2_n, 0) self.assertGreater(server3_n, 0) + local = { + 'addr': server2.ip4n, + 'port': local_port, + 'probability': 10, + 'vrf_id': 0 + } + # remove one back-end - self.vapi.nat44_lb_static_mapping_add_del_local(external_addr, - external_port, - server2.ip4n, - local_port, - IP_PROTOS.tcp, - 10, - is_add=0) + self.vapi.nat44_lb_static_mapping_add_del_local( + is_add=0, + external_addr=external_addr, + external_port=external_port, + local=local, + protocol=IP_PROTOS.tcp) server1_n = 0 server2_n = 0 server3_n = 0 @@ -4856,18 +5111,21 @@ class TestNAT44EndpointDependent(MethodHolder): 'probability': 30, 'vrf_id': 0}] - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) flags = self.config_flags.NAT_IS_OUT2IN_ONLY - self.vapi.nat44_add_del_lb_static_mapping(external_addr, - external_port, - IP_PROTOS.tcp, + self.vapi.nat44_add_del_lb_static_mapping(is_add=1, flags=flags, + external_addr=external_addr, + external_port=external_port, + protocol=IP_PROTOS.tcp, local_num=len(locals), - locals=locals, - flags=flags) + locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # from client to service p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / @@ -4969,16 +5227,20 @@ class TestNAT44EndpointDependent(MethodHolder): 'vrf_id': 0}] self.nat44_add_address(self.nat_addr) - self.vapi.nat44_add_del_lb_static_mapping(external_addr, - external_port, - IP_PROTOS.tcp, + self.vapi.nat44_add_del_lb_static_mapping(is_add=1, + external_addr=external_addr, + external_port=external_port, + protocol=IP_PROTOS.tcp, affinity=10800, local_num=len(locals), locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / @@ -4994,9 +5256,9 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertTrue(sessions[0].flags & self.config_flags.NAT_IS_EXT_HOST_VALID) self.vapi.nat44_del_session( - sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=(self.config_flags.NAT_IS_INSIDE | self.config_flags.NAT_IS_EXT_HOST_VALID), ext_host_address=sessions[0].ext_host_address, @@ -5019,9 +5281,12 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 translate packet with unknown protocol """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -5081,9 +5346,12 @@ class TestNAT44EndpointDependent(MethodHolder): self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # add static mapping for server self.nat44_add_static_mapping(server.ip4, server_nat_ip) @@ -5142,20 +5410,26 @@ class TestNAT44EndpointDependent(MethodHolder): external_port = 80 local_port = 8080 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_ADDR_ONLY - self.vapi.nat44_add_del_identity_mapping(ip=self.pg1.remote_ip4n, - flags=flags) + self.vapi.nat44_add_del_identity_mapping( + ip_address=self.pg1.remote_ip4n, sw_if_index=0xFFFFFFFF, + flags=flags, is_add=1) flags = self.config_flags.NAT_IS_OUT2IN_ONLY self.nat44_add_static_mapping(self.pg0.remote_ip4, external_addr, local_port, external_port, proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) # from client to service p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / @@ -5219,9 +5493,11 @@ class TestNAT44EndpointDependent(MethodHolder): def test_output_feature_and_service2(self): """ NAT44 interface output feature and service host direct access """ - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) # session initiated from service host - translate pkts = self.create_stream_in(self.pg0, self.pg1) @@ -5265,17 +5541,22 @@ class TestNAT44EndpointDependent(MethodHolder): external_port = 80 local_port = 8080 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_OUT2IN_ONLY self.nat44_add_static_mapping(self.pg1.remote_ip4, external_addr, local_port, external_port, proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=external_addr) / @@ -5324,7 +5605,7 @@ class TestNAT44EndpointDependent(MethodHolder): local_port = 8080 post_twice_nat_port = 0 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(twice_nat_addr, twice_nat=1) flags = (self.config_flags.NAT_IS_OUT2IN_ONLY | self.config_flags.NAT_IS_SELF_TWICE_NAT) @@ -5332,7 +5613,9 @@ class TestNAT44EndpointDependent(MethodHolder): local_port, external_port, proto=IP_PROTOS.tcp, vrf_id=1, flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg6.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg6.sw_if_index, + is_add=1) p = (Ether(src=self.pg6.remote_mac, dst=self.pg6.local_mac) / IP(src=self.pg6.remote_ip4, dst=self.pg1.remote_ip4) / @@ -5432,16 +5715,19 @@ class TestNAT44EndpointDependent(MethodHolder): 'vrf_id': 0}] out_addr = self.nat_addr - self.vapi.nat44_add_del_lb_static_mapping(out_addr, - port_out, - IP_PROTOS.tcp, + self.vapi.nat44_add_del_lb_static_mapping(is_add=1, flags=flags, + external_addr=out_addr, + external_port=port_out, + protocol=IP_PROTOS.tcp, local_num=len(locals), - locals=locals, - flags=flags) + locals=locals) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=pg1.sw_if_index, + is_add=1) if same_pg: if not lb: @@ -5520,9 +5806,9 @@ class TestNAT44EndpointDependent(MethodHolder): self.config_flags.NAT_IS_TWICE_NAT) self.logger.error(self.vapi.cli("show nat44 sessions detail")) self.vapi.nat44_del_session( - sessions[0].inside_ip_address, - sessions[0].inside_port, - sessions[0].protocol, + address=sessions[0].inside_ip_address, + port=sessions[0].inside_port, + protocol=sessions[0].protocol, flags=(self.config_flags.NAT_IS_INSIDE | self.config_flags.NAT_IS_EXT_HOST_VALID), ext_host_address=sessions[0].ext_host_nat_address, @@ -5559,8 +5845,10 @@ class TestNAT44EndpointDependent(MethodHolder): def test_twice_nat_interface_addr(self): """ Acquire twice NAT44 addresses from interface """ flags = self.config_flags.NAT_IS_TWICE_NAT - self.vapi.nat44_add_del_interface_addr(self.pg3.sw_if_index, - flags=flags) + self.vapi.nat44_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg3.sw_if_index, + flags=flags) # no address in NAT pool adresses = self.vapi.nat44_address_dump() @@ -5581,16 +5869,21 @@ class TestNAT44EndpointDependent(MethodHolder): def test_tcp_close(self): """ Close TCP session from inside network - output feature """ - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.pg1.local_ip4) twice_nat_addr = '10.0.1.3' service_ip = '192.168.16.150' self.nat44_add_address(twice_nat_addr, twice_nat=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) flags = (self.config_flags.NAT_IS_OUT2IN_ONLY | self.config_flags.NAT_IS_TWICE_NAT) self.nat44_add_static_mapping(self.pg0.remote_ip4, @@ -5674,9 +5967,12 @@ class TestNAT44EndpointDependent(MethodHolder): proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) start_sessnum = len(sessions) @@ -5740,9 +6036,12 @@ class TestNAT44EndpointDependent(MethodHolder): proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) start_sessnum = len(sessions) @@ -5796,9 +6095,12 @@ class TestNAT44EndpointDependent(MethodHolder): proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) sessions = self.vapi.nat44_user_session_dump(self.pg0.remote_ip4n, 0) start_sessnum = len(sessions) @@ -5857,7 +6159,7 @@ class TestNAT44EndpointDependent(MethodHolder): local_port = 8080 eh_port_in = 0 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr, twice_nat=1) flags = (self.config_flags.NAT_IS_OUT2IN_ONLY | self.config_flags.NAT_IS_TWICE_NAT) @@ -5865,9 +6167,12 @@ class TestNAT44EndpointDependent(MethodHolder): local_port, external_port, proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index, - flags=flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg4.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg4.sw_if_index, + flags=flags, is_add=1) # from client to service p = (Ether(src=self.pg4.remote_mac, dst=self.pg4.local_mac) / @@ -5918,15 +6223,18 @@ class TestNAT44EndpointDependent(MethodHolder): external_port = 80 local_port = 8080 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) flags = self.config_flags.NAT_IS_OUT2IN_ONLY self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, local_port, external_port, proto=IP_PROTOS.tcp, flags=flags) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # from client to service p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / @@ -6042,10 +6350,14 @@ class TestNAT44EndpointDependent(MethodHolder): def test_output_feature(self): """ NAT44 interface output feature (in2out postrouting) """ - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -6070,29 +6382,39 @@ class TestNAT44EndpointDependent(MethodHolder): local_port = 8080 port = 0 - self.vapi.nat44_forwarding_enable_disable(1) + self.vapi.nat44_forwarding_enable_disable(enable=1) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg5.sw_if_index) - self.vapi.nat44_interface_add_del_feature(self.pg5.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg6.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_output_feature( + is_add=1, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg5.sw_if_index, + is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg5.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg6.sw_if_index, + is_add=1) flags = self.config_flags.NAT_IS_OUT2IN_ONLY self.nat44_add_static_mapping(self.pg5.remote_ip4, external_addr, local_port, external_port, vrf_id=1, proto=IP_PROTOS.tcp, flags=flags) self.nat44_add_static_mapping( - self.pg0.remote_ip4, - external_sw_if_index=self.pg0.sw_if_index, - local_port=local_port, - vrf_id=0, - external_port=external_port, - proto=IP_PROTOS.tcp, - flags=flags + self.pg0.remote_ip4, + external_sw_if_index=self.pg0.sw_if_index, + local_port=local_port, + vrf_id=0, + external_port=external_port, + proto=IP_PROTOS.tcp, + flags=flags ) # from client to service (both VRF1) @@ -6366,10 +6688,14 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 session timeouts """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_set_timeouts(icmp=5) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=240, icmp=5) max_sessions = 1000 pkts = [] @@ -6409,10 +6735,14 @@ class TestNAT44EndpointDependent(MethodHolder): """ NAT44 session RST timeouts """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.nat_set_timeouts(tcp_transitory=5) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=5, icmp=60) self.initiate_tcp_session(self.pg0, self.pg1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / @@ -6447,14 +6777,18 @@ class TestNAT44EndpointDependent(MethodHolder): """ Maximum sessions per user limit """ self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.set_ipfix_exporter(collector_address=self.pg2.remote_ip4n, src_address=self.pg2.local_ip4n, path_mtu=512, template_interval=10) - self.vapi.nat_set_timeouts(udp=5) + self.vapi.nat_set_timeouts(udp=5, tcp_established=7440, + tcp_transitory=240, icmp=60) # get maximum number of translations per user nat44_config = self.vapi.nat_show_config() @@ -6472,7 +6806,8 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -6516,9 +6851,12 @@ class TestNAT44EndpointDependent(MethodHolder): self.vapi.syslog_set_sender(self.pg2.local_ip4n, self.pg2.remote_ip4n) self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -6623,9 +6961,12 @@ class TestNAT44Out2InDPO(MethodHolder): self.configure_xlat() flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_add_del_address_range(self.nat_addr_n, self.nat_addr_n) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_add_del_address_range(first_ip_address=self.nat_addr_n, + last_ip_address=self.nat_addr_n, + vrf_id=0xFFFFFFFF, is_add=1) out_src_ip6 = self.compose_ip6(self.dst_ip4, self.dst_ip6_pfx, self.dst_ip6_pfx_len) @@ -6649,10 +6990,13 @@ class TestNAT44Out2InDPO(MethodHolder): capture = self.pg0.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg0) finally: - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - is_add=0, flags=flags) - self.vapi.nat44_add_del_address_range(self.nat_addr_n, - self.nat_addr_n, is_add=0) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags) + self.vapi.nat44_add_del_address_range( + first_ip_address=self.nat_addr_n, + last_ip_address=self.nat_addr_n, + vrf_id=0xFFFFFFFF) @unittest.skip('Temporary disabled') def test_464xlat_ce_no_nat(self): @@ -6816,7 +7160,9 @@ class TestDeterministicNAT(MethodHolder): nat_config = self.vapi.nat_show_config() self.assertEqual(1, nat_config.deterministic) - self.vapi.nat_det_add_del_map(1, in_addr, in_plen, out_addr, out_plen) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=in_addr, + in_plen=in_plen, out_addr=out_addr, + out_plen=out_plen) rep1 = self.vapi.nat_det_forward(in_addr_t) self.assertEqual(str(rep1.out_addr), out_addr) @@ -6840,10 +7186,11 @@ class TestDeterministicNAT(MethodHolder): """ Set deterministic NAT timeouts """ timeouts_before = self.vapi.nat_get_timeouts() - self.vapi.nat_set_timeouts(timeouts_before.udp + 10, - timeouts_before.tcp_established + 10, - timeouts_before.tcp_transitory + 10, - timeouts_before.icmp + 10) + self.vapi.nat_set_timeouts( + udp=timeouts_before.udp + 10, + tcp_established=timeouts_before.tcp_established + 10, + tcp_transitory=timeouts_before.tcp_transitory + 10, + icmp=timeouts_before.icmp + 10) timeouts_after = self.vapi.nat_get_timeouts() @@ -6859,16 +7206,18 @@ class TestDeterministicNAT(MethodHolder): nat_ip = "10.0.0.10" - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(nat_ip), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(nat_ip), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -6920,15 +7269,16 @@ class TestDeterministicNAT(MethodHolder): host0 = self.pg0.remote_hosts[0] host1 = self.pg0.remote_hosts[1] - self.vapi.nat_det_add_del_map(1, - host0.ip4n, - 24, - socket.inet_aton(nat_ip), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=host0.ip4n, in_plen=24, + out_addr=socket.inet_aton(nat_ip), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) # host0 to out p = (Ether(src=host0.mac, dst=self.pg0.local_mac) / @@ -7031,15 +7381,17 @@ class TestDeterministicNAT(MethodHolder): def test_tcp_session_close_detection_in(self): """ Deterministic NAT TCP session close from inside network """ - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.nat_addr), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(self.nat_addr), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.initiate_tcp_session(self.pg0, self.pg1) @@ -7095,15 +7447,17 @@ class TestDeterministicNAT(MethodHolder): def test_tcp_session_close_detection_out(self): """ Deterministic NAT TCP session close from outside network """ - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.nat_addr), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(self.nat_addr), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.initiate_tcp_session(self.pg0, self.pg1) @@ -7160,18 +7514,21 @@ class TestDeterministicNAT(MethodHolder): @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_timeout(self): """ Deterministic NAT session timeouts """ - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.nat_addr), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(self.nat_addr), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.initiate_tcp_session(self.pg0, self.pg1) - self.vapi.nat_set_timeouts(5, 5, 5, 5) + self.vapi.nat_set_timeouts(udp=5, tcp_established=5, tcp_transitory=5, + icmp=5) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -7185,20 +7542,23 @@ class TestDeterministicNAT(MethodHolder): @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_limit_per_user(self): """ Deterministic NAT maximum sessions per user limit """ - self.vapi.nat_det_add_del_map(1, - self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.nat_addr), - 32) + self.vapi.nat_det_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4n, + in_plen=32, + out_addr=socket.inet_aton(self.nat_addr), + out_plen=32) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, - flags=flags) - self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg0.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=self.pg1.sw_if_index, + is_add=1) self.vapi.set_ipfix_exporter(collector_address=self.pg2.remote_ip4n, src_address=self.pg2.local_ip4n, path_mtu=512, template_interval=10) - self.vapi.nat_ipfix_enable_disable() + self.vapi.nat_ipfix_enable_disable(domain_id=1, src_port=4739, + enable=1) pkts = [] for port in range(1025, 2025): @@ -7258,21 +7618,22 @@ class TestDeterministicNAT(MethodHolder): """ Clear deterministic NAT configuration. """ - self.vapi.nat_ipfix_enable_disable(enable=0) - self.vapi.nat_set_timeouts() + self.vapi.nat_ipfix_enable_disable(domain_id=1, src_port=4739, + enable=0) + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=240, icmp=60) deterministic_mappings = self.vapi.nat_det_map_dump() for dsm in deterministic_mappings: - self.vapi.nat_det_add_del_map(0, - dsm.in_addr, - dsm.in_plen, - dsm.out_addr, - dsm.out_plen) + self.vapi.nat_det_add_del_map(is_add=0, in_addr=dsm.in_addr, + in_plen=dsm.in_plen, + out_addr=dsm.out_addr, + out_plen=dsm.out_plen) interfaces = self.vapi.nat44_interface_dump() for intf in interfaces: - self.vapi.nat44_interface_add_del_feature(intf.sw_if_index, - is_add=0, - flags=intf.flags) + self.vapi.nat44_interface_add_del_feature( + sw_if_index=intf.sw_if_index, + flags=intf.flags) def tearDown(self): super(TestDeterministicNAT, self).tearDown() @@ -7359,7 +7720,8 @@ class TestNAT64(MethodHolder): """ NAT64 inside interface handles Neighbor Advertisement """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg5.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg5.sw_if_index) # Try to send ping ping = (Ether(dst=self.pg5.local_mac, src=self.pg5.remote_mac) / @@ -7412,13 +7774,17 @@ class TestNAT64(MethodHolder): """ Add/delete address to NAT64 pool """ nat_addr = '1.2.3.4' - self.vapi.nat64_add_del_pool_addr_range(nat_addr, nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=nat_addr, + end_addr=nat_addr, + vrf_id=0xFFFFFFFF, is_add=1) addresses = self.vapi.nat64_pool_addr_dump() self.assertEqual(len(addresses), 1) self.assertEqual(str(addresses[0].address), nat_addr) - self.vapi.nat64_add_del_pool_addr_range(nat_addr, nat_addr, is_add=0) + self.vapi.nat64_add_del_pool_addr_range(start_addr=nat_addr, + end_addr=nat_addr, + vrf_id=0xFFFFFFFF, is_add=0) addresses = self.vapi.nat64_pool_addr_dump() self.assertEqual(len(addresses), 0) @@ -7426,8 +7792,10 @@ class TestNAT64(MethodHolder): def test_interface(self): """ Enable/disable NAT64 feature on the interface """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) interfaces = self.vapi.nat64_interface_dump() self.assertEqual(len(interfaces), 2) @@ -7448,8 +7816,10 @@ class TestNAT64(MethodHolder): features = self.vapi.cli("show interface features pg1") self.assertIn('nat64-out2in', features) - self.vapi.nat64_add_del_interface(0, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(0, flags, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=0, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=0, flags=flags, + sw_if_index=self.pg1.sw_if_index) interfaces = self.vapi.nat64_interface_dump() self.assertEqual(len(interfaces), 0) @@ -7462,12 +7832,10 @@ class TestNAT64(MethodHolder): out_port = 5678 proto = IP_PROTOS.tcp - self.vapi.nat64_add_del_static_bib(in_addr, - out_addr, - in_port, - out_port, - proto) - bib = self.vapi.nat64_bib_dump(IP_PROTOS.tcp) + self.vapi.nat64_add_del_static_bib(i_addr=in_addr, o_addr=out_addr, + i_port=in_port, o_port=out_port, + proto=proto, vrf_id=0, is_add=1) + bib = self.vapi.nat64_bib_dump(proto=IP_PROTOS.tcp) static_bib_num = 0 for bibe in bib: if bibe.flags & self.config_flags.NAT_IS_STATIC: @@ -7480,13 +7848,10 @@ class TestNAT64(MethodHolder): bibs = self.statistics.get_counter('/nat64/total-bibs') self.assertEqual(bibs[0][0], 1) - self.vapi.nat64_add_del_static_bib(in_addr, - out_addr, - in_port, - out_port, - proto, - is_add=0) - bib = self.vapi.nat64_bib_dump(IP_PROTOS.tcp) + self.vapi.nat64_add_del_static_bib(i_addr=in_addr, o_addr=out_addr, + i_port=in_port, o_port=out_port, + proto=proto, vrf_id=0, is_add=0) + bib = self.vapi.nat64_bib_dump(proto=IP_PROTOS.tcp) static_bib_num = 0 for bibe in bib: if bibe.flags & self.config_flags.NAT_IS_STATIC: @@ -7505,8 +7870,8 @@ class TestNAT64(MethodHolder): self.assertEqual(timeouts.tcp_established, 7440) # set and verify custom values - self.vapi.nat_set_timeouts(udp=200, icmp=30, tcp_transitory=250, - tcp_established=7450) + self.vapi.nat_set_timeouts(udp=200, tcp_established=7450, + tcp_transitory=250, icmp=30) timeouts = self.vapi.nat_get_timeouts() self.assertEqual(timeouts.udp, 200) self.assertEqual(timeouts.icmp, 30) @@ -7521,11 +7886,15 @@ class TestNAT64(MethodHolder): ses_num_start = self.nat64_get_ses_num() - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) # in2out tcpn = self.statistics.get_counter('/err/nat64-in2out/TCP packets') @@ -7604,11 +7973,12 @@ class TestNAT64(MethodHolder): self.assertEqual(ses_num_end - ses_num_start, 3) # tenant with specific VRF - self.vapi.nat64_add_del_pool_addr_range(self.vrf1_nat_addr, - self.vrf1_nat_addr, - vrf_id=self.vrf1_id) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.vrf1_nat_addr, + end_addr=self.vrf1_nat_addr, + vrf_id=self.vrf1_id, is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg2.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg2.sw_if_index) pkts = self.create_stream_in_ip6(self.pg2, self.pg1) self.pg2.add_stream(pkts) @@ -7636,27 +8006,34 @@ class TestNAT64(MethodHolder): ses_num_start = self.nat64_get_ses_num() - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - - self.vapi.nat64_add_del_static_bib(self.pg0.remote_ip6n, - self.nat_addr, - self.tcp_port_in, - self.tcp_port_out, - IP_PROTOS.tcp) - self.vapi.nat64_add_del_static_bib(self.pg0.remote_ip6n, - self.nat_addr, - self.udp_port_in, - self.udp_port_out, - IP_PROTOS.udp) - self.vapi.nat64_add_del_static_bib(self.pg0.remote_ip6n, - self.nat_addr, - self.icmp_id_in, - self.icmp_id_out, - IP_PROTOS.icmp) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + + self.vapi.nat64_add_del_static_bib(i_addr=self.pg0.remote_ip6n, + o_addr=self.nat_addr, + i_port=self.tcp_port_in, + o_port=self.tcp_port_out, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) + self.vapi.nat64_add_del_static_bib(i_addr=self.pg0.remote_ip6n, + o_addr=self.nat_addr, + i_port=self.udp_port_in, + o_port=self.udp_port_out, + proto=IP_PROTOS.udp, vrf_id=0, + is_add=1) + self.vapi.nat64_add_del_static_bib(i_addr=self.pg0.remote_ip6n, + o_addr=self.nat_addr, + i_port=self.icmp_id_in, + o_port=self.icmp_id_out, + proto=IP_PROTOS.icmp, vrf_id=0, + is_add=1) # in2out pkts = self.create_stream_in_ip6(self.pg0, self.pg1) @@ -7684,12 +8061,18 @@ class TestNAT64(MethodHolder): def test_session_timeout(self): """ NAT64 session timeout """ self.icmp_id_in = 1234 - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - self.vapi.nat_set_timeouts(icmp=5, tcp_transitory=5, tcp_established=5) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat_set_timeouts(udp=300, tcp_established=5, + tcp_transitory=5, + icmp=5) pkts = self.create_stream_in_ip6(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -7711,11 +8094,15 @@ class TestNAT64(MethodHolder): self.udp_port_in = 6304 self.icmp_id_in = 6305 - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) # send some packets to create sessions pkts = self.create_stream_in_ip6(self.pg0, self.pg1) @@ -7811,22 +8198,28 @@ class TestNAT64(MethodHolder): ip = IPv6(src=''.join(['64:ff9b::', self.nat_addr])) nat_addr_ip6 = ip.src - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - - self.vapi.nat64_add_del_static_bib(server.ip6n, - self.nat_addr, - server_tcp_in_port, - server_tcp_out_port, - IP_PROTOS.tcp) - self.vapi.nat64_add_del_static_bib(server.ip6n, - self.nat_addr, - server_udp_in_port, - server_udp_out_port, - IP_PROTOS.udp) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=self.nat_addr, + i_port=server_tcp_in_port, + o_port=server_tcp_out_port, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=self.nat_addr, + i_port=server_udp_in_port, + o_port=server_udp_out_port, + proto=IP_PROTOS.udp, vrf_id=0, + is_add=1) # client to server pkts = [] @@ -7923,21 +8316,27 @@ class TestNAT64(MethodHolder): def test_prefix(self): """ NAT64 Network-Specific Prefix """ - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - self.vapi.nat64_add_del_pool_addr_range(self.vrf1_nat_addr, - self.vrf1_nat_addr, - vrf_id=self.vrf1_id) - self.vapi.nat64_add_del_interface(1, flags, self.pg2.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.vrf1_nat_addr, + end_addr=self.vrf1_nat_addr, + vrf_id=self.vrf1_id, is_add=1) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg2.sw_if_index) # Add global prefix global_pref64 = "2001:db8::" global_pref64_len = 32 global_pref64_str = "{}/{}".format(global_pref64, global_pref64_len) - self.vapi.nat64_add_del_prefix(global_pref64_str) + self.vapi.nat64_add_del_prefix(prefix=global_pref64_str, vrf_id=0, + is_add=1) prefix = self.vapi.nat64_prefix_dump() self.assertEqual(len(prefix), 1) @@ -7949,7 +8348,8 @@ class TestNAT64(MethodHolder): vrf1_pref64 = "2001:db8:122:300::" vrf1_pref64_len = 56 vrf1_pref64_str = "{}/{}".format(vrf1_pref64, vrf1_pref64_len) - self.vapi.nat64_add_del_prefix(vrf1_pref64_str, vrf_id=self.vrf1_id) + self.vapi.nat64_add_del_prefix(prefix=vrf1_pref64_str, + vrf_id=self.vrf1_id, is_add=1) prefix = self.vapi.nat64_prefix_dump() self.assertEqual(len(prefix), 2) @@ -8001,11 +8401,15 @@ class TestNAT64(MethodHolder): def test_unknown_proto(self): """ NAT64 translate packet with unknown protocol """ - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) remote_ip6 = self.compose_ip6(self.pg1.remote_ip4, '64:ff9b::', 96) # in2out @@ -8069,29 +8473,35 @@ class TestNAT64(MethodHolder): server_nat_ip6 = self.compose_ip6(server_nat_ip, '64:ff9b::', 96) client_nat_ip6 = self.compose_ip6(client_nat_ip, '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(server_nat_ip, - client_nat_ip) + self.vapi.nat64_add_del_pool_addr_range(start_addr=server_nat_ip, + end_addr=client_nat_ip, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - - self.vapi.nat64_add_del_static_bib(server.ip6n, - server_nat_ip, - server_tcp_in_port, - server_tcp_out_port, - IP_PROTOS.tcp) - - self.vapi.nat64_add_del_static_bib(server.ip6n, - server_nat_ip, - 0, - 0, - IP_PROTOS.gre) - - self.vapi.nat64_add_del_static_bib(client.ip6n, - client_nat_ip, - client_tcp_in_port, - client_tcp_out_port, - IP_PROTOS.tcp) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=server_nat_ip, + i_port=server_tcp_in_port, + o_port=server_tcp_out_port, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) + + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=server_nat_ip, i_port=0, + o_port=0, + proto=IP_PROTOS.gre, vrf_id=0, + is_add=1) + + self.vapi.nat64_add_del_static_bib(i_addr=client.ip6n, + o_addr=client_nat_ip, + i_port=client_tcp_in_port, + o_port=client_tcp_out_port, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) # client to server p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -8146,11 +8556,15 @@ class TestNAT64(MethodHolder): '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg3.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg3.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg3.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg3.sw_if_index) # in2out p = (Ether(src=self.pg3.remote_mac, dst=self.pg3.local_mac) / @@ -8199,11 +8613,15 @@ class TestNAT64(MethodHolder): """ NAT64 translate fragments arriving in order """ self.tcp_port_in = random.randint(1025, 65535) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) reass = self.vapi.nat_reass_dump() reass_n_start = len(reass) @@ -8256,18 +8674,23 @@ class TestNAT64(MethodHolder): ip = IPv6(src=''.join(['64:ff9b::', self.nat_addr])) nat_addr_ip6 = ip.src - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) # add static BIB entry for server - self.vapi.nat64_add_del_static_bib(server.ip6n, - self.nat_addr, - server_in_port, - server_out_port, - IP_PROTOS.tcp) + self.vapi.nat64_add_del_static_bib(i_addr=server.ip6n, + o_addr=self.nat_addr, + i_port=server_in_port, + o_port=server_out_port, + proto=IP_PROTOS.tcp, vrf_id=0, + is_add=1) # send packet from host to server pkts = self.create_stream_frag_ip6(self.pg0, @@ -8288,11 +8711,15 @@ class TestNAT64(MethodHolder): """ NAT64 translate fragments arriving out of order """ self.tcp_port_in = random.randint(1025, 65535) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) # in2out data = b'a' * 200 @@ -8331,7 +8758,9 @@ class TestNAT64(MethodHolder): def test_interface_addr(self): """ Acquire NAT64 pool addresses from interface """ - self.vapi.nat64_add_del_interface_addr(self.pg4.sw_if_index) + self.vapi.nat64_add_del_interface_addr( + is_add=1, + sw_if_index=self.pg4.sw_if_index) # no address in NAT64 pool addresses = self.vapi.nat44_address_dump() @@ -8359,11 +8788,15 @@ class TestNAT64(MethodHolder): '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) pkts = [] src = "" @@ -8387,7 +8820,8 @@ class TestNAT64(MethodHolder): path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IPv6(src=src, dst=remote_host_ip6) / @@ -8442,18 +8876,24 @@ class TestNAT64(MethodHolder): def test_ipfix_max_frags(self): """ IPFIX logging maximum fragments pending reassembly exceeded """ - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) - self.vapi.nat_set_reass(max_frag=1, is_ip6=1) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat_set_reass(timeout=2, max_reass=1024, max_frag=1, + drop_frag=0, is_ip6=1) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) data = b'a' * 200 pkts = self.create_stream_frag_ip6(self.pg0, self.pg1.remote_ip4, @@ -8492,17 +8932,22 @@ class TestNAT64(MethodHolder): '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + src_port=self.ipfix_src_port, + enable=1) # Create p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / @@ -8544,8 +8989,9 @@ class TestNAT64(MethodHolder): # Delete self.pg_enable_capture(self.pg_interfaces) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr, + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, is_add=0) self.vapi.cli("ipfix flush") # FIXME this should be an API call capture = self.pg3.get_capture(2) @@ -8578,11 +9024,15 @@ class TestNAT64(MethodHolder): '64:ff9b::', 96) - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, + is_add=1) flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat64_add_del_interface(1, flags, self.pg0.sw_if_index) - self.vapi.nat64_add_del_interface(1, 0, self.pg1.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=1, flags=0, + sw_if_index=self.pg1.sw_if_index) self.vapi.syslog_set_filter(SYSLOG_SEVERITY.INFO) self.vapi.syslog_set_sender(self.pg3.local_ip4n, self.pg3.remote_ip4n) @@ -8599,8 +9049,9 @@ class TestNAT64(MethodHolder): self.pg_enable_capture(self.pg_interfaces) self.pg_start() - self.vapi.nat64_add_del_pool_addr_range(self.nat_addr, - self.nat_addr, + self.vapi.nat64_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + vrf_id=0xFFFFFFFF, is_add=0) capture = self.pg3.get_capture(1) self.verify_syslog_sess(capture[0][Raw].load, False, True) @@ -8609,52 +9060,51 @@ class TestNAT64(MethodHolder): """ Return number of active NAT64 sessions. """ - st = self.vapi.nat64_st_dump() + st = self.vapi.nat64_st_dump(proto=255) return len(st) def clear_nat64(self): """ Clear NAT64 configuration. """ - self.vapi.nat_ipfix_enable_disable(enable=0, + self.vapi.nat_ipfix_enable_disable(domain_id=self.ipfix_domain_id, src_port=self.ipfix_src_port, - domain_id=self.ipfix_domain_id) + enable=0) self.ipfix_src_port = 4739 self.ipfix_domain_id = 1 self.vapi.syslog_set_filter(SYSLOG_SEVERITY.EMERG) - self.vapi.nat_set_timeouts() + self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, + tcp_transitory=240, icmp=60) interfaces = self.vapi.nat64_interface_dump() for intf in interfaces: - self.vapi.nat64_add_del_interface(0, - intf.flags, - intf.sw_if_index) + self.vapi.nat64_add_del_interface(is_add=0, flags=intf.flags, + sw_if_index=intf.sw_if_index) - bib = self.vapi.nat64_bib_dump(255) + bib = self.vapi.nat64_bib_dump(proto=255) for bibe in bib: if bibe.flags & self.config_flags.NAT_IS_STATIC: - self.vapi.nat64_add_del_static_bib(bibe.i_addr, - bibe.o_addr, - bibe.i_port, - bibe.o_port, - bibe.proto, - bibe.vrf_id, + self.vapi.nat64_add_del_static_bib(i_addr=bibe.i_addr, + o_addr=bibe.o_addr, + i_port=bibe.i_port, + o_port=bibe.o_port, + proto=bibe.proto, + vrf_id=bibe.vrf_id, is_add=0) adresses = self.vapi.nat64_pool_addr_dump() for addr in adresses: - self.vapi.nat64_add_del_pool_addr_range(addr.address, - addr.address, + self.vapi.nat64_add_del_pool_addr_range(start_addr=addr.address, + end_addr=addr.address, vrf_id=addr.vrf_id, is_add=0) prefixes = self.vapi.nat64_prefix_dump() for prefix in prefixes: - self.vapi.nat64_add_del_prefix(str(prefix.prefix), - vrf_id=prefix.vrf_id, - is_add=0) + self.vapi.nat64_add_del_prefix(prefix=str(prefix.prefix), + vrf_id=prefix.vrf_id, is_add=0) bibs = self.statistics.get_counter('/nat64/total-bibs') self.assertEqual(bibs[0][0], 0) @@ -8733,11 +9183,12 @@ class TestDSlite(MethodHolder): nat_config = self.vapi.nat_show_config() self.assertEqual(0, nat_config.dslite_ce) - self.vapi.dslite_add_del_pool_addr_range(self.nat_addr, - self.nat_addr) + self.vapi.dslite_add_del_pool_addr_range(start_addr=self.nat_addr, + end_addr=self.nat_addr, + is_add=1) aftr_ip4 = '192.0.0.1' aftr_ip6 = '2001:db8:85a3::8a2e:370:1' - self.vapi.dslite_set_aftr_addr(aftr_ip6, aftr_ip4) + self.vapi.dslite_set_aftr_addr(ip4_addr=aftr_ip4, ip6_addr=aftr_ip6) self.vapi.syslog_set_sender(self.pg2.local_ip4n, self.pg2.remote_ip4n) # UDP @@ -8910,12 +9361,12 @@ class TestDSliteCE(MethodHolder): b4_ip4 = '192.0.0.2' b4_ip6 = '2001:db8:62aa::375e:f4c1:1' - self.vapi.dslite_set_b4_addr(b4_ip6, b4_ip4) + self.vapi.dslite_set_b4_addr(ip4_addr=b4_ip4, ip6_addr=b4_ip6) aftr_ip4 = '192.0.0.1' aftr_ip6 = '2001:db8:85a3::8a2e:370:1' aftr_ip6_n = socket.inet_pton(socket.AF_INET6, aftr_ip6) - self.vapi.dslite_set_aftr_addr(aftr_ip6, aftr_ip4) + self.vapi.dslite_set_aftr_addr(ip4_addr=aftr_ip4, ip6_addr=aftr_ip6) self.vapi.ip_add_del_route(dst_address=aftr_ip6_n, dst_address_length=128, @@ -9009,10 +9460,14 @@ class TestNAT66(MethodHolder): def test_static(self): """ 1:1 NAT66 test """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat66_add_del_interface(self.pg0.sw_if_index, flags=flags) - self.vapi.nat66_add_del_interface(self.pg1.sw_if_index) - self.vapi.nat66_add_del_static_mapping(self.pg0.remote_ip6n, - self.nat_addr) + self.vapi.nat66_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat66_add_del_interface(is_add=1, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=self.pg0.remote_ip6n, + external_ip_address=self.nat_addr, + is_add=1) # in2out pkts = [] @@ -9083,10 +9538,14 @@ class TestNAT66(MethodHolder): def test_check_no_translate(self): """ NAT66 translate only when egress interface is outside interface """ flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat66_add_del_interface(self.pg0.sw_if_index, flags=flags) - self.vapi.nat66_add_del_interface(self.pg1.sw_if_index, flags=flags) - self.vapi.nat66_add_del_static_mapping(self.pg0.remote_ip6n, - self.nat_addr) + self.vapi.nat66_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg0.sw_if_index) + self.vapi.nat66_add_del_interface(is_add=1, flags=flags, + sw_if_index=self.pg1.sw_if_index) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=self.pg0.remote_ip6n, + external_ip_address=self.nat_addr, + is_add=1) # in2out p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -9110,16 +9569,15 @@ class TestNAT66(MethodHolder): """ interfaces = self.vapi.nat66_interface_dump() for intf in interfaces: - self.vapi.nat66_add_del_interface(intf.sw_if_index, - is_add=0, - flags=intf.flags) + self.vapi.nat66_add_del_interface(is_add=0, flags=intf.flags, + sw_if_index=intf.sw_if_index) static_mappings = self.vapi.nat66_static_mapping_dump() for sm in static_mappings: - self.vapi.nat66_add_del_static_mapping(sm.local_ip_address, - sm.external_ip_address, - sm.vrf_id, - is_add=0) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=sm.local_ip_address, + external_ip_address=sm.external_ip_address, vrf_id=sm.vrf_id, + is_add=0) def tearDown(self): super(TestNAT66, self).tearDown() @@ -9129,5 +9587,6 @@ class TestNAT66(MethodHolder): self.logger.info(self.vapi.cli("show nat66 interfaces")) self.logger.info(self.vapi.cli("show nat66 static mappings")) + if __name__ == '__main__': unittest.main(testRunner=VppTestRunner) diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py index 86f13d1c54e..a3d20bf3088 100644 --- a/test/vpp_papi_provider.py +++ b/test/vpp_papi_provider.py @@ -66,7 +66,6 @@ defaultmapping = { 'dhcp_client_config': {'is_add': 1, 'set_broadcast_flag': 1, }, 'dhcp_proxy_config': {'is_add': 1, }, 'dhcp_proxy_set_vss': {'vss_type': 255, 'is_add': 1, }, - 'dslite_add_del_pool_addr_range': {'is_add': 1, }, 'gbp_subnet_add_del': {'sw_if_index': 4294967295, 'epg_id': 65535, }, 'geneve_add_del_tunnel': {'mcast_sw_if_index': 4294967295, 'is_add': 1, 'decap_next_index': 4294967295, }, @@ -122,35 +121,6 @@ defaultmapping = { 'next_hop_via_label': 1048576, 'is_add': 1, }, 'mpls_tunnel_dump': {'sw_if_index': 4294967295, }, - 'nat44_add_del_address_range': {'is_add': 1, 'vrf_id': 4294967295, }, - 'nat44_add_del_identity_mapping': {'ip': b'0', 'sw_if_index': 4294967295, - 'is_add': 1, }, - 'nat44_add_del_interface_addr': {'is_add': 1, }, - 'nat44_add_del_lb_static_mapping': {'is_add': 1, }, - 'nat44_add_del_static_mapping': {'external_sw_if_index': 4294967295, - 'is_add': 1, }, - 'nat44_interface_add_del_feature': {'is_add': 1, }, - 'nat44_interface_add_del_output_feature': {'is_add': 1, }, - 'nat44_lb_static_mapping_add_del_local': {'is_add': 1, }, - 'nat64_add_del_interface': {'is_add': 1, }, - 'nat64_add_del_interface_addr': {'is_add': 1, }, - 'nat64_add_del_pool_addr_range': {'vrf_id': 4294967295, 'is_add': 1, }, - 'nat64_add_del_prefix': {'is_add': 1, }, - 'nat64_add_del_static_bib': {'is_add': 1, }, - 'nat64_bib_dump': {'protocol': 255, }, - 'nat64_st_dump': {'protocol': 255, }, - 'nat66_add_del_interface': {'is_add': 1, }, - 'nat66_add_del_static_mapping': {'is_add': 1, }, - 'nat_det_add_del_map': {'is_add': 1, }, - 'nat_ha_resync': {'want_resync_event': 1, }, - 'nat_ha_set_failover': {'refresh': 10, }, - 'nat_ha_set_listener': {'path_mtu': 512, }, - 'nat_ipfix_enable_disable': {'domain_id': 1, 'src_port': 4739, - 'enable': 1, }, - 'nat_set_mss_clamping': {'mss_value': 1500, }, - 'nat_set_reass': {'timeout': 2, 'max_reass': 1024, 'max_frag': 5, }, - 'nat_set_timeouts': {'udp': 300, 'tcp_established': 7440, - 'tcp_transitory': 240, 'icmp': 60, }, 'output_acl_set_interface': {'ip4_table_index': 4294967295, 'ip6_table_index': 4294967295, 'l2_table_index': 4294967295, }, @@ -761,435 +731,6 @@ class VppPapiProvider(object): 'mt_next_hop_via_label': next_hop_via_label, 'mt_next_hop_out_label_stack': next_hop_out_label_stack}) - def nat44_interface_add_del_feature( - self, - sw_if_index, - is_add=1, - flags=0): - """Enable/disable NAT44 feature on the interface - - :param sw_if_index: Software index of the interface - :param is_add: 1 if add, 0 if delete (Default value = 1) - :param flags: NAT_IS_INSIDE if inside else outside - """ - return self.api( - self.papi.nat44_interface_add_del_feature, - {'is_add': is_add, - 'flags': flags, - 'sw_if_index': sw_if_index}) - - def nat44_interface_add_del_output_feature( - self, - sw_if_index, - is_add=1, - flags=0): - """Enable/disable NAT44 output feature on the interface - - :param sw_if_index: Software index of the interface - :param is_add: 1 if add, 0 if delete (Default value = 1) - :param flags: NAT_IS_INSIDE if inside else outside - """ - return self.api( - self.papi.nat44_interface_add_del_output_feature, - {'is_add': is_add, - 'flags': flags, - 'sw_if_index': sw_if_index}) - - def nat44_add_del_static_mapping( - self, - local_ip, - external_ip=0, - external_sw_if_index=0xFFFFFFFF, - local_port=0, - external_port=0, - vrf_id=0, - protocol=0, - is_add=1, - flags=0, - tag=""): - """Add/delete NAT44 static mapping - - :param local_ip: Local IP address - :param external_ip: External IP address - :param external_sw_if_index: External interface instead of IP address - :param local_port: Local port number (Default value = 0) - :param external_port: External port number (Default value = 0) - :param vrf_id: VRF ID - :param protocol: IP protocol (Default value = 0) - :param flags: NAT configuration flags - :param is_add: 1 if add, 0 if delete (Default value = 1) - :param tag: Opaque string tag - """ - return self.api( - self.papi.nat44_add_del_static_mapping, - {'is_add': is_add, - 'flags': flags, - 'local_ip_address': local_ip, - 'external_ip_address': external_ip, - 'protocol': protocol, - 'local_port': local_port, - 'external_port': external_port, - 'external_sw_if_index': external_sw_if_index, - 'vrf_id': vrf_id, - 'tag': tag}) - - def nat44_add_del_identity_mapping( - self, - ip=b'0', - sw_if_index=0xFFFFFFFF, - port=0, - flags=0, - vrf_id=0, - protocol=0, - tag='', - is_add=1): - """Add/delete NAT44 identity mapping - - :param ip: IP address (Default value = 0) - :param sw_if_index: Interface instead of IP address - :param port: Port number (Default value = 0) - :param flags: NAT configuration flags (NAT_IS_ADDR_ONLY) - :param vrf_id: VRF ID - :param protocol: IP protocol (Default value = 0) - :param tag: Opaque string tag - :param is_add: 1 if add, 0 if delete (Default value = 1) - """ - return self.api( - self.papi.nat44_add_del_identity_mapping, - {'is_add': is_add, - 'flags': flags, - 'ip_address': ip, - 'protocol': protocol, - 'port': port, - 'sw_if_index': sw_if_index, - 'vrf_id': vrf_id, - 'tag': tag}) - - def nat44_add_del_address_range( - self, - first_ip_address, - last_ip_address, - is_add=1, - vrf_id=0xFFFFFFFF, - flags=0): - """Add/del NAT44 address range - - :param first_ip_address: First IP address - :param last_ip_address: Last IP address - :param vrf_id: VRF id for the address range - :param is_add: 1 if add, 0 if delete (Default value = 1) - :param flags: NAT configuration flags (NAT_IS_TWICE_NAT) - """ - return self.api( - self.papi.nat44_add_del_address_range, - {'first_ip_address': first_ip_address, - 'last_ip_address': last_ip_address, - 'vrf_id': vrf_id, - 'is_add': is_add, - 'flags': flags}) - - def nat44_add_del_interface_addr( - self, - sw_if_index, - flags=0, - is_add=1): - """Add/del NAT44 address from interface - - :param sw_if_index: Software index of the interface - :param flags: NAT configuration flags (NAT_IS_TWICE_NAT) - :param is_add: 1 if add, 0 if delete (Default value = 1) - """ - return self.api( - self.papi.nat44_add_del_interface_addr, - {'is_add': is_add, - 'sw_if_index': sw_if_index, - 'flags': flags}) - - def nat44_add_del_lb_static_mapping( - self, - external_addr, - external_port, - protocol, - tag='', - affinity=0, - local_num=0, - locals=[], - flags=0, - is_add=1): - """Add/delete NAT44 load balancing static mapping - - :param tag: Opaque string tag - :param affinity: if 0 disabled, otherwise client IP affinity timeout - :param flags: NAT configuration flags (NAT_IS_TWICE_NAT) - :param is_add - 1 if add, 0 if delete - """ - return self.api( - self.papi.nat44_add_del_lb_static_mapping, - {'is_add': is_add, - 'flags': flags, - 'external_addr': external_addr, - 'external_port': external_port, - 'protocol': protocol, - 'affinity': affinity, - 'local_num': local_num, - 'locals': locals, - 'tag': tag}) - - def nat44_lb_static_mapping_add_del_local( - self, - external_addr, - external_port, - local_addr, - local_port, - protocol, - probability, - vrf_id=0, - is_add=1): - """Add/delete NAT44 load-balancing static mapping rule backend - - :param external_addr: external IPv4 address of the service - :param external_port: external L4 port number of the service - :param local_addr: IPv4 address of the internal node - :param local_port: L4 port number of the internal node - :param protocol: IP protocol number - :param probability: probability of the internal node - :param vrf_id: VRF id of the internal node - :param is_add: 1 if add, 0 if delete - """ - return self.api( - self.papi.nat44_lb_static_mapping_add_del_local, - {'is_add': is_add, - 'external_addr': external_addr, - 'external_port': external_port, - 'local': { - 'addr': local_addr, - 'port': local_port, - 'probability': probability, - 'vrf_id': vrf_id}, - 'protocol': protocol}) - - def nat44_del_session( - self, - addr, - port, - protocol, - vrf_id=0, - flags=0, - ext_host_address=None, - ext_host_port=0): - """Delete NAT44 session - - :param addr: IPv4 address - :param por: port number - :param protocol: IP protocol number - :param vrf_id: VRF ID - :param flags: NAT configuration flags (NAT_IS_INSIDE) - :param ext_host_address: external host IPv4 address - :param ext_host_port: external host port - """ - return self.api( - self.papi.nat44_del_session, - {'address': addr, - 'protocol': protocol, - 'port': port, - 'vrf_id': vrf_id, - 'flags': flags, - 'ext_host_address': ext_host_address, - 'ext_host_port': ext_host_port}) - - def nat44_forwarding_enable_disable( - self, - enable): - """Enable/disable forwarding for NAT44 - - :param enable: 1 for enable, 0 for disable - """ - return self.api( - self.papi.nat44_forwarding_enable_disable, - {'enable': enable}) - - def nat_det_map_dump(self): - """Dump deterministic NAT mappings - - :return: Dictionary of deterministic NAT mappings - """ - return self.api(self.papi.nat_det_map_dump, {}) - - def nat_set_mss_clamping(self, enable=0, mss_value=1500): - """Set TCP MSS rewriting configuration - - :param enable: disable(0)/enable(1) MSS rewriting feature - :param mss_value: MSS value to be used for MSS rewriting - """ - return self.api( - self.papi.nat_set_mss_clamping, - {'enable': enable, 'mss_value': mss_value}) - - def nat64_add_del_static_bib( - self, - in_ip, - out_ip, - in_port, - out_port, - protocol, - vrf_id=0, - is_add=1): - """Add/delete S-NAT static BIB entry - - :param in_ip: Inside IPv6 address - :param out_ip: Outside IPv4 address - :param in_port: Inside port number - :param out_port: Outside port number - :param protocol: IP protocol - :param vrf_id: VRF ID (Default value = 0) - :param is_add: 1 if add, 0 if delete (Default value = 1) - """ - return self.api( - self.papi.nat64_add_del_static_bib, - {'i_addr': in_ip, - 'o_addr': out_ip, - 'i_port': in_port, - 'o_port': out_port, - 'vrf_id': vrf_id, - 'proto': protocol, - 'is_add': is_add}) - - def nat64_bib_dump(self, protocol=255): - """Dump NAT64 BIB - - :param protocol: IP protocol (Default value = 255, all BIBs) - :returns: Dictionary of NAT64 BIB entries - """ - return self.api(self.papi.nat64_bib_dump, {'proto': protocol}) - - def nat64_st_dump(self, protocol=255): - """Dump NAT64 session table - - :param protocol: IP protocol (Default value = 255, all STs) - :returns: Dictionary of NAT64 session table entries - """ - return self.api(self.papi.nat64_st_dump, {'proto': protocol}) - - def nat64_add_del_prefix(self, prefix, vrf_id=0, is_add=1): - """Add/del NAT64 prefix - - :param prefix: NAT64 prefix - :param vrf_id: VRF id of tenant (Default 0) - :param is_add: 1 if add, 0 if delete (Default value = 1) - """ - return self.api( - self.papi.nat64_add_del_prefix, - {'prefix': prefix, - 'vrf_id': vrf_id, - 'is_add': is_add}) - - def nat64_add_del_interface_addr( - self, - sw_if_index, - is_add=1): - """Add/del NAT64 address from interface - - :param sw_if_index: Software index of the interface - :param is_add: 1 if add, 0 if delete (Default value = 1) - """ - return self.api(self.papi.nat64_add_del_interface_addr, - {'is_add': is_add, 'sw_if_index': sw_if_index}) - - def dslite_set_aftr_addr(self, ip6, ip4): - """Set DS-Lite AFTR addresses - - :param ip4: IPv4 address - :param ip6: IPv6 address - """ - return self.api( - self.papi.dslite_set_aftr_addr, - {'ip4_addr': ip4, - 'ip6_addr': ip6}) - - def dslite_set_b4_addr(self, ip6, ip4): - """Set DS-Lite B4 IPv6 address - - :param ip4: IPv4 address - :param ip6: IPv6 address - """ - return self.api( - self.papi.dslite_set_b4_addr, - {'ip4_addr': ip4, - 'ip6_addr': ip6}) - - def nat66_add_del_interface( - self, - sw_if_index, - flags=0, - is_add=1): - """Enable/disable NAT66 feature on the interface - - :param sw_if_index: Index of the interface - :param flags: NAT configuration flags (NAT_IS_INSIDE) - :param is_add: 1 if add, 0 if delete (Default value = 1) - """ - return self.api( - self.papi.nat66_add_del_interface, - {'is_add': is_add, - 'flags': flags, - 'sw_if_index': sw_if_index}) - - def nat66_add_del_static_mapping( - self, - in_ip, - out_ip, - vrf_id=0, - is_add=1): - """Add/delete NAT66 static mapping - - :param in_ip: Inside IPv6 address - :param out_ip: Outside IPv6 address - :param vrf_id: VRF ID (Default value = 0) - :param is_add: 1 if add, 0 if delete (Default value = 1) - """ - return self.api( - self.papi.nat66_add_del_static_mapping, - {'local_ip_address': in_ip, - 'external_ip_address': out_ip, - 'vrf_id': vrf_id, - 'is_add': is_add}) - - def nat_ha_set_listener(self, addr, port, path_mtu=512): - """Set HA listener (local settings) - - :param addr: local IP4 address - :param port: local UDP port number - :param path_mtu: path MTU (Default value = 512) - """ - return self.api(self.papi.nat_ha_set_listener, - {'ip_address': addr, - 'port': port, - 'path_mtu': path_mtu}) - - def nat_ha_get_listener(self): - """Get HA listener/local configuration""" - return self.api(self.papi.nat_ha_get_listener, {}) - - def nat_ha_set_failover(self, addr, port, refresh=10): - """Set HA failover (remote settings) - - :param addr: failover IP4 address - :param port: failover UDP port number - :param refresh: number of seconds after which to send session refresh - """ - return self.api(self.papi.nat_ha_set_failover, - {'ip_address': addr, - 'port': port, - 'session_refresh_interval': refresh}) - - def nat_ha_resync(self, want_resync_event=1): - """Resync HA (resend existing sessions to new failover) - :param want_resync_event: if non-zero resync completed event sent - """ - return self.api(self.papi.nat_ha_resync, - {'want_resync_event': want_resync_event, - 'pid': os.getpid()}) - def bfd_udp_add(self, sw_if_index, desired_min_tx, required_min_rx, detect_mult, local_addr, peer_addr, is_ipv6=0, bfd_key_id=None, conf_key_id=None): -- cgit 1.2.3-korg