#!/usr/bin/env python """ BFD tests """ from __future__ import division import unittest import hashlib import binascii import time from struct import pack, unpack from random import randint, shuffle, getrandbits from socket import AF_INET, AF_INET6, inet_ntop from scapy.packet import Raw from scapy.layers.l2 import Ether from scapy.layers.inet import UDP, IP from scapy.layers.inet6 import IPv6 from bfd import VppBFDAuthKey, BFD, BFDAuthType, VppBFDUDPSession, \ BFDDiagCode, BFDState, BFD_vpp_echo from framework import VppTestCase, VppTestRunner from vpp_pg_interface import CaptureTimeoutError from util import ppp from vpp_papi_provider import UnexpectedApiReturnValueError USEC_IN_SEC = 1000000 class AuthKeyFactory(object): """Factory class for creating auth keys with unique conf key ID""" def __init__(self): self._conf_key_ids = {} def create_random_key(self, test, auth_type=BFDAuthType.keyed_sha1): """ create a random key with unique conf key id """ conf_key_id = randint(0, 0xFFFFFFFF) while conf_key_id in self._conf_key_ids: conf_key_id = randint(0, 0xFFFFFFFF) self._conf_key_ids[conf_key_id] = 1 key = str(bytearray([randint(0, 255) for _ in range(randint(1, 20))])) return VppBFDAuthKey(test=test, auth_type=auth_type, conf_key_id=conf_key_id, key=key) class BFDAPITestCase(VppTestCase): """Bidirectional Forwarding Detection (BFD) - API""" pg0 = None pg1 = None @classmethod def setUpClass(cls): super(BFDAPITestCase, cls).setUpClass() try: cls.create_pg_interfaces(range(2)) for i in cls.pg_interfaces: i.config_ip4() i.config_ip6() i.resolve_arp() except Exception: super(BFDAPITestCase, cls).tearDownClass() raise def setUp(self): super(BFDAPITestCase, self).setUp() self.factory = AuthKeyFactory() def test_add_bfd(self): """ create a BFD session """ session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) session.add_vpp_config() self.logger.debug("Session state is %s", session.state) session.remove_vpp_config() session.add_vpp_config() self.logger.debug("Session state is %s", session.state) session.remove_vpp_config() def test_double_add(self): """ create the same BFD session twice (negative case) """ session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) session.add_vpp_config() with self.vapi.expect_negative_api_retval(): session.add_vpp_config() session.remove_vpp_config() def test_add_bfd6(self): """ create IPv6 BFD session """ session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip6, af=AF_INET6) session.add_vpp_config() self.logger.debug("Session state is %s", session.state) session.remove_vpp_config() session.add_vpp_config() self.logger.debug("Session state is %s", session.state) session.remove_vpp_config() def test_mod_bfd(self): """ modify BFD session parameters """ session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, desired_min_tx=50000, required_min_rx=10000, detect_mult=1) session.add_vpp_config() s = session.get_bfd_udp_session_dump_entry() self.assert_equal(session.desired_min_tx, s.desired_min_tx, "desired min transmit interval") self.assert_equal(session.required_min_rx, s.required_min_rx, "required min receive interval") self.assert_equal(session.detect_mult, s.detect_mult, "detect mult") session.modify_parameters(desired_min_tx=session.desired_min_tx * 2, required_min_rx=session.required_min_rx * 2, detect_mult=session.detect_mult * 2) s = session.get_bfd_udp_session_dump_entry() self.assert_equal(session.desired_min_tx, s.desired_min_tx, "desired min transmit interval") self.assert_equal(session.required_min_rx, s.required_min_rx, "required min receive interval") self.assert_equal(session.detect_mult, s.detect_mult, "detect mult") def test_add_sha1_keys(self): """ add SHA1 keys """ key_count = 10 keys = [self.factory.create_random_key( self) for i in range(0, key_count)] for key in keys: self.assertFalse(key.query_vpp_config()) for key in keys: key.add_vpp_config() for key in keys: self.assertTrue(key.query_vpp_config()) # remove randomly indexes = range(key_count) shuffle(indexes) removed = [] for i in indexes: key = keys[i] key.remove_vpp_config() removed.append(i) for j in range(key_count): key = keys[j] if j in removed: self.assertFalse(key.query_vpp_config()) else: self.assertTrue(key.query_vpp_config()) # should be removed now for key in keys: self.assertFalse(key.query_vpp_config()) # add back and remove again for key in keys: key.add_vpp_config() for key in keys: self.assertTrue(key.query_vpp_config()) for key in keys: key.remove_vpp_config() for key in keys: self.assertFalse(key.query_vpp_config()) def test_add_bfd_sha1(self): """ create a BFD session (SHA1) """ key = self.factory.create_random_key(self) key.add_vpp_config() session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) session.add_vpp_config() self.logger.debug("Session state is %s", session.state) session.remove_vpp_config() session.add_vpp_config() self.logger.debug("Session state is %s", session.state) session.remove_vpp_config() def test_double_add_sha1(self): """ create the same BFD session twice (negative case) (SHA1) """ key = self.factory.create_random_key(self) key.add_vpp_config() session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) session.add_vpp_config() with self.assertRaises(Exception): session.add_vpp_config() def test_add_auth_nonexistent_key(self): """ create BFD session using non-existent SHA1 (negative case) """ session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=self.factory.create_random_key(self)) with self.assertRaises(Exception): session.add_vpp_config() def test_shared_sha1_key(self): """ share single SHA1 key between multiple BFD sessions """ key = self.factory.create_random_key(self) key.add_vpp_config() sessions = [ VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key), VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip6, sha1_key=key, af=AF_INET6), VppBFDUDPSession(self, self.pg1, self.pg1.remote_ip4, sha1_key=key), VppBFDUDPSession(self, self.pg1, self.pg1.remote_ip6, sha1_key=key, af=AF_INET6)] for s in sessions: s.add_vpp_config() removed = 0 for s in sessions: e = key.get_bfd_auth_keys_dump_entry() self.assert_equal(e.use_count, len(sessions) - removed, "Use count for shared key") s.remove_vpp_config() removed += 1 e = key.get_bfd_auth_keys_dump_entry() self.assert_equal(e.use_count, len(sessions) - removed, "Use count for shared key") def test_activate_auth(self): """ activate SHA1 authentication """ key = self.factory.create_random_key(self) key.add_vpp_config() session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) session.add_vpp_config() session.activate_auth(key) def test_deactivate_auth(self): """ deactivate SHA1 authentication """ key = self.factory.create_random_key(self) key.add_vpp_config() session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) session.add_vpp_config() session.activate_auth(key) session.deactivate_auth() def test_change_key(self): """ change SHA1 key """ key1 = self.factory.create_random_key(self) key2 = self.factory.create_random_key(self) while key2.conf_key_id == key1.conf_key_id: key2 = self.factory.create_random_key(self) key1.add_vpp_config() key2.add_vpp_config() session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key1) session.add_vpp_config() session.activate_auth(key2) class BFDTestSession(object): """ BFD session as seen from test framework side """ def __init__(self, test, interface, af, detect_mult=3, sha1_key=None, bfd_key_id=None, our_seq_number=None): self.test = test self.af = af self.sha1_key = sha1_key self.bfd_key_id = bfd_key_id self.interface = interface self.udp_sport = randint(49152, 65535) if our_seq_number is None: self.our_seq_number = randint(0, 40000000) else: self.our_seq_number = our_seq_number self.vpp_seq_number = None self.my_discriminator = 0 self.desired_min_tx = 100000 self.required_min_rx = 100000 self.required_min_echo_rx = None self.detect_mult = detect_mult self.diag = BFDDiagCode.no_diagnostic self.your_discriminator = None self.state = BFDState.down self.auth_type = BFDAuthType.no_auth def inc_seq_num(self): """ increment sequence number, wrapping if needed """ if self.our_seq_number == 0xFFFFFFFF: self.our_seq_number = 0 else: self.our_seq_number += 1 def update(self, my_discriminator=None, your_discriminator=None, desired_min_tx=None, required_min_rx=None, required_min_echo_rx=None, detect_mult=None, diag=None, state=None, auth_type=None): """ update BFD parameters associated with session """ if my_discriminator is not None: self.my_discriminator = my_discriminator if your_discriminator is not None: self.your_discriminator = your_discriminator if required_min_rx is not None: self.required_min_rx = required_min_rx if required_min_echo_rx is not None: self.required_min_echo_rx = required_min_echo_rx if desired_min_tx is not None: self.desired_min_tx = desired_min_tx if detect_mult is not None: self.detect_mult = detect_mult if diag is not None: self.diag = diag if state is not None: self.state = state if auth_type is not None: self.auth_type = auth_type def fill_packet_fields(self, packet): """ set packet fields with known values in packet """ bfd = packet[BFD] if self.my_discriminator: self.test.logger.debug("BFD: setting packet.my_discriminator=%s", self.my_discriminator) bfd.my_discriminator = self.my_discriminator if self.your_discriminator: self.test.logger.debug("BFD: setting packet.your_discriminator=%s", self.your_discriminator) bfd.your_discriminator = self.your_discriminator if self.required_min_rx: self.test.logger.debug( "BFD: setting packet.required_min_rx_interval=%s", self.required_min_rx) bfd.required_min_rx_interval = self.required_min_rx if self.required_min_echo_rx: self.test.logger.debug( "BFD: setting packet.required_min_echo_rx=%s", self.required_min_echo_rx) bfd.required_min_echo_rx_interval = self.required_min_echo_rx if self.desired_min_tx: self.test.logger.debug( "BFD: setting packet.desired_min_tx_interval=%s", self.desired_min_tx) bfd.desired_min_tx_interval = self.desired_min_tx if self.detect_mult: self.test.logger.debug( "BFD: setting packet.detect_mult=%s", self.detect_mult) bfd.detect_mult = self.detect_mult if self.diag: self.test.logger.debug("BFD: setting packet.diag=%s", self.diag) bfd.diag = self.diag if self.state: self.test.logger.debug("BFD: setting packet.state=%s", self.state) bfd.state = self.state if self.auth_type: # this is used by a negative test-case self.test.logger.debug("BFD: setting packet.auth_type=%s", self.auth_type) bfd.auth_type = self.auth_type def create_packet(self): """ create a BFD packet, reflecting the current state of session """ if self.sha1_key: bfd = BFD(flags="A") bfd.auth_type = self.sha1_key.auth_type bfd.auth_len = BFD.sha1_auth_len bfd.auth_key_id = self.bfd_key_id bfd.auth_seq_num = self.our_seq_number bfd.length = BFD.sha1_auth_len + BFD.bfd_pkt_len else: bfd = BFD() if self.af == AF_INET6: packet = (Ether(src=self.interface.remote_mac, dst=self.interface.local_mac) / IPv6(src=self.interface.remote_ip6, 
/*
 * Copyright (c) 2017 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
#include <nat/dslite.h>
#include <nat/nat_inlines.h>

typedef enum
{
  DSLITE_OUT2IN_NEXT_IP4_LOOKUP,
  DSLITE_OUT2IN_NEXT_IP6_LOOKUP,
  DSLITE_OUT2IN_NEXT_DROP,
  DSLITE_OUT2IN_N_NEXT,
} dslite_out2in_next_t;

static char *dslite_out2in_error_strings[] = {
#define _(sym,string) string,
  foreach_dslite_error
#undef _
};

static inline u32
dslite_icmp_out2in (dslite_main_t * dm, ip4_header_t * ip4,
		    dslite_session_t ** sp, u32 next, u8 * error,
		    u32 thread_index)
{
  dslite_session_t *s = 0;
  icmp46_header_t *icmp = ip4_next_header (ip4);
  clib_bihash_kv_8_8_t kv, value;
  snat_session_key_t key;
  u32 n = next;
  icmp_echo_header_t *echo;
  u32 new_addr, old_addr;
  u16 old_id, new_id;
  ip_csum_t sum;

  echo = (icmp_echo_header_t *) (icmp + 1);

  if (icmp_is_error_message (icmp) || (icmp->type != ICMP4_echo_reply))
    {
      n = DSLITE_OUT2IN_NEXT_DROP;
      *error = DSLITE_ERROR_BAD_ICMP_TYPE;
      goto done;
    }

  key.addr = ip4->dst_address;
  key.port = echo->identifier;
  key.protocol = SNAT_PROTOCOL_ICMP;
  key.fib_index = 0;
  kv.key = key.as_u64;

  if (clib_bihash_search_8_8
      (&dm->per_thread_data[thread_index].out2in, &kv, &value))
    {
      next = DSLITE_OUT2IN_NEXT_DROP;
      *error = DSLITE_ERROR_NO_TRANSLATION;
      goto done;
    }
  else
    {
      s =
	pool_elt_at_index (dm->per_thread_data[thread_index].sessions,
			   value.value);
    }

  old_id = echo->identifier;
  echo->identifier = new_id = s->in2out.port;
  sum = icmp->checksum;
  sum = ip_csum_update (sum, old_id, new_id, icmp_echo_header_t, identifier);
  icmp->checksum = ip_csum_fold (sum);

  old_addr = ip4->dst_address.as_u32;
  ip4->dst_address = s->in2out.addr;
  new_addr = ip4->dst_address.as_u32;

  sum = ip4->checksum;
  sum = ip_csum_update (sum, old_addr, new_addr, ip4_header_t, dst_address);
  ip4->checksum = ip_csum_fold (sum);

done:
  *sp = s;
  return n;
}

VLIB_NODE_FN (dslite_out2in_node) (vlib_main_t * vm,
				   vlib_node_runtime_t * node,
				   vlib_frame_t * frame)
{
  u32 n_left_from, *from, *to_next;
  dslite_out2in_next_t next_index;
  vlib_node_runtime_t *error_node;
  u32 thread_index = vm->thread_index;
  f64 now = vlib_time_now (vm);
  dslite_main_t *dm = &dslite_main;

  error_node = vlib_node_get_runtime (vm, dm->dslite_out2in_node_index);

  from = vlib_frame_vector_args (frame);
  n_left_from = frame->n_vectors;
  next_index = node->cached_next_index;


  while (n_left_from > 0)
    {
      u32 n_left_to_next;

      vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);

      while (n_left_from > 0 && n_left_to_next > 0)
	{
	  u32 bi0;
	  vlib_buffer_t *b0;
	  u32 next0 = DSLITE_OUT2IN_NEXT_IP6_LOOKUP;
	  u8 error0 = DSLITE_ERROR_OUT2IN;
	  ip4_header_t *ip40;
	  ip6_header_t *ip60;
	  u32 proto0;
	  udp_header_t *udp0;
	  tcp_header_t *tcp0;
	  clib_bihash_kv_8_8_t kv0, value0;
	  snat_session_key_t key0;
	  dslite_session_t *s0 = 0;
	  ip_csum_t sum0;
	  u32 new_addr0, old_addr0;
	  u16 new_port0, old_port0;

	  /* speculatively enqueue b0 to the current next frame */
	  bi0 = from[0];
	  to_next[0] = bi0;
	  from += 1;
	  to_next += 1;
	  n_left_from -= 1;
	  n_left_to_next -= 1;

	  b0 = vlib_get_buffer (vm, bi0);
	  ip40 = vlib_buffer_get_current (b0);
	  proto0 = ip_proto_to_snat_proto (ip40->protocol);

	  if (PREDICT_FALSE (proto0 == ~0))
	    {
	      error0 = DSLITE_ERROR_UNSUPPORTED_PROTOCOL;
	      next0 = DSLITE_OUT2IN_NEXT_DROP;
	      goto trace0;
	    }

	  if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP))
	    {
	      next0 =
		dslite_icmp_out2in (dm, ip40, &s0, next0, &error0,
				    thread_index);
	      if (PREDICT_FALSE (next0 == DSLITE_OUT2IN_NEXT_DROP))
		goto trace0;

	      goto encap0;
	    }

	  udp0 = ip4_next_header (ip40);
	  tcp0 = (tcp_header_t *) udp0;

	  key0.addr = ip40->dst_address;
	  key0.port = udp0->dst_port;
	  key0.protocol = proto0;
	  key0.fib_index = 0;
	  kv0.key = key0.as_u64;

	  if (clib_bihash_search_8_8
	      (&dm->per_thread_data[thread_index].out2in, &kv0, &value0))
	    {
	      next0 = DSLITE_OUT2IN_NEXT_DROP;
	      error0 = DSLITE_ERROR_NO_TRANSLATION;
	      goto trace0;
	    }
	  else
	    {
	      s0 =
		pool_elt_at_index (dm->per_thread_data[thread_index].sessions,
				   value0.value);
	    }

	  old_addr0 = ip40->dst_address.as_u32;
	  ip40->dst_address = s0->in2out.addr;
	  new_addr0 = ip40->dst_address.as_u32;

	  sum0 = ip40->checksum;
	  sum0 =
	    ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
			    dst_address);
	  ip40->checksum = ip_csum_fold (sum0);

	  if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
	    {
	      old_port0 = tcp0->dst_port;
	      tcp0->dst_port = s0->in2out.port;
	      new_port0 = tcp0->dst_port;

	      sum0 = tcp0->checksum;
	      sum0 =
		ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
				dst_address);
	      sum0 =
		ip_csum_update (sum0, old_port0, new_port0, ip4_header_t,
				length);
	      tcp0->checksum = ip_csum_fold (sum0);
	    }
	  else
	    {
	      old_port0 = udp0->dst_port;
	      udp0->dst_port = s0->in2out.port;
	      udp0->checksum = 0;
	    }

	encap0:
	  /* Construct IPv6 header */
	  vlib_buffer_advance (b0, -(sizeof (ip6_header_t)));
	  ip60 = vlib_buffer_get_current (b0);
	  ip60->ip_version_traffic_class_and_flow_label =
	    clib_host_to_net_u32 ((6 << 28) + (ip40->tos << 20));
	  ip60->payload_length = ip40->length;
	  ip60->protocol = IP_PROTOCOL_IP_IN_IP;
	  ip60->hop_limit = ip40->ttl;
	  ip60->src_address.as_u64[0] = dm->aftr_ip6_addr.as_u64[0];
	  ip60->src_address.as_u64[1] = dm->aftr_ip6_addr.as_u64[1];
	  ip60->dst_address.as_u64[0] = s0->in2out.softwire_id.as_u64[0];
	  ip60->dst_address.as_u64[1] = s0->in2out.softwire_id.as_u64[1];

	  /* Accounting */
	  s0->last_heard = now;
	  s0->total_pkts++;
	  s0->total_bytes += vlib_buffer_length_in_chain (vm, b0);
	  /* Per-B4 LRU list maintenance */
	  clib_dlist_remove (dm->per_thread_data[thread_index].list_pool,
			     s0->per_b4_index);
	  clib_dlist_addtail (dm->per_thread_data[thread_index].list_pool,
			      s0->per_b4_list_head_index, s0->per_b4_index);
	trace0:
	  if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
			     && (b0->flags & VLIB_BUFFER_IS_TRACED)))
	    {
	      dslite_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t));
	      t->next_index = next0;
	      t->session_index = ~0;
	      if (s0)
		t->session_index =
		  s0 - dm->per_thread_data[thread_index].sessions;
	    }

	  b0->error = error_node->errors[error0];

	  /* verify speculative enqueue, maybe switch current next frame */
	  vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
					   n_left_to_next, bi0, next0);
	}
      vlib_put_next_frame (vm, node, next_index, n_left_to_next);
    }

  return frame->n_vectors;
}

/* *INDENT-OFF* */
VLIB_REGISTER_NODE (dslite_out2in_node) = {
  .name = "dslite-out2in",
  .vector_size = sizeof (u32),
  .format_trace = format_dslite_trace,
  .type = VLIB_NODE_TYPE_INTERNAL,
  .n_errors = ARRAY_LEN (dslite_out2in_error_strings),
  .error_strings = dslite_out2in_error_strings,
  .n_next_nodes = DSLITE_OUT2IN_N_NEXT,
  /* edit / add dispositions here */
  .next_nodes = {
    [DSLITE_OUT2IN_NEXT_DROP] = "error-drop",
    [DSLITE_OUT2IN_NEXT_IP4_LOOKUP] = "ip4-lookup",
    [DSLITE_OUT2IN_NEXT_IP6_LOOKUP] = "ip6-lookup",
  },
};
/* *INDENT-ON* */

/*
 * fd.io coding-style-patch-verification: ON
 *
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */
eue super(BFD6TestCase, self).tearDown() def test_session_up(self): """ bring BFD session up """ bfd_session_up(self) def test_session_up_by_ip(self): """ bring BFD session up - first frame looked up by address pair """ self.logger.info("BFD: Sending Slow control frame") self.test_session.update(my_discriminator=randint(0, 40000000)) self.test_session.send_packet() self.pg0.enable_capture() p = self.pg0.wait_for_packet(1) self.assert_equal(p[BFD].your_discriminator, self.test_session.my_discriminator, "BFD - your discriminator") self.assert_equal(p[BFD].state, BFDState.init, BFDState) self.test_session.update(your_discriminator=p[BFD].my_discriminator, state=BFDState.up) self.logger.info("BFD: Waiting for event") e = self.vapi.wait_for_event(1, "bfd_udp_session_details") verify_event(self, e, expected_state=BFDState.init) self.logger.info("BFD: Sending Up") self.test_session.send_packet() self.logger.info("BFD: Waiting for event") e = self.vapi.wait_for_event(1, "bfd_udp_session_details") verify_event(self, e, expected_state=BFDState.up) self.logger.info("BFD: Session is Up") self.test_session.update(state=BFDState.up) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) def test_hold_up(self): """ hold BFD session up """ bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): wait_for_bfd_packet(self) self.test_session.send_packet() self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) def test_echo_looped_back(self): """ echo packets looped back """ # don't need a session in this case.. self.vpp_session.remove_vpp_config() self.pg0.enable_capture() echo_packet_count = 10 # random source port low enough to increment a few times.. udp_sport_tx = randint(1, 50000) udp_sport_rx = udp_sport_tx echo_packet = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IPv6(src=self.pg0.remote_ip6, dst=self.pg0.remote_ip6) / UDP(dport=BFD.udp_dport_echo) / Raw("this should be looped back")) for dummy in range(echo_packet_count): self.sleep(.01, "delay between echo packets") echo_packet[UDP].sport = udp_sport_tx udp_sport_tx += 1 self.logger.debug(ppp("Sending packet:", echo_packet)) self.pg0.add_stream(echo_packet) self.pg_start() for dummy in range(echo_packet_count): p = self.pg0.wait_for_packet(1) self.logger.debug(ppp("Got packet:", p)) ether = p[Ether] self.assert_equal(self.pg0.remote_mac, ether.dst, "Destination MAC") self.assert_equal(self.pg0.local_mac, ether.src, "Source MAC") ip = p[IPv6] self.assert_equal(self.pg0.remote_ip6, ip.dst, "Destination IP") self.assert_equal(self.pg0.remote_ip6, ip.src, "Destination IP") udp = p[UDP] self.assert_equal(udp.dport, BFD.udp_dport_echo, "UDP destination port") self.assert_equal(udp.sport, udp_sport_rx, "UDP source port") udp_sport_rx += 1 # need to compare the hex payload here, otherwise BFD_vpp_echo # gets in way self.assertEqual(str(p[UDP].payload), str(echo_packet[UDP].payload), "Received packet is not the echo packet sent") self.assert_equal(udp_sport_tx, udp_sport_rx, "UDP source port (== " "ECHO packet identifier for test purposes)") self.assert_equal(udp_sport_tx, udp_sport_rx, "UDP source port (== " "ECHO packet identifier for test purposes)") def test_echo(self): """ echo function used """ bfd_session_up(self) self.test_session.update(required_min_echo_rx=50000) self.test_session.send_packet() detection_time = self.test_session.detect_mult *\ self.vpp_session.required_min_rx / USEC_IN_SEC # echo shouldn't work without echo source set for dummy in range(3): sleep = 0.75 * detection_time self.sleep(sleep, "delay before sending bfd packet") self.test_session.send_packet() p = wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) self.assert_equal(p[BFD].required_min_rx_interval, self.vpp_session.required_min_rx, "BFD required min rx interval") self.vapi.bfd_udp_set_echo_source(self.loopback0.sw_if_index) # should be turned on - loopback echo packets for dummy in range(3): loop_until = time.time() + 0.75 * detection_time while time.time() < loop_until: p = self.pg0.wait_for_packet(1) self.logger.debug(ppp("Got packet:", p)) if p[UDP].dport == BFD.udp_dport_echo: self.assert_equal( p[IPv6].dst, self.pg0.local_ip6, "BFD ECHO dst IP") self.assertNotEqual(p[IPv6].src, self.loopback0.local_ip6, "BFD ECHO src IP equal to loopback IP") self.logger.debug(ppp("Looping back packet:", p)) self.pg0.add_stream(p) self.pg_start() elif p.haslayer(BFD): self.assertGreaterEqual(p[BFD].required_min_rx_interval, 1000000) if "P" in p.sprintf("%BFD.flags%"): final = self.test_session.create_packet() final[BFD].flags = "F" self.test_session.send_packet(final) else: raise Exception(ppp("Received unknown packet:", p)) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") self.test_session.send_packet() class BFDSHA1TestCase(VppTestCase): """Bidirectional Forwarding Detection (BFD) (SHA1 auth) """ pg0 = None vpp_clock_offset = None vpp_session = None test_session = None @classmethod def setUpClass(cls): super(BFDSHA1TestCase, cls).setUpClass() try: cls.create_pg_interfaces([0]) cls.pg0.config_ip4() cls.pg0.admin_up() cls.pg0.resolve_arp() except Exception: super(BFDSHA1TestCase, cls).tearDownClass() raise def setUp(self): super(BFDSHA1TestCase, self).setUp() self.factory = AuthKeyFactory() self.vapi.want_bfd_events() self.pg0.enable_capture() def tearDown(self): if not self.vpp_dead: self.vapi.want_bfd_events(enable_disable=0) self.vapi.collect_events() # clear the event queue super(BFDSHA1TestCase, self).tearDown() def test_session_up(self): """ bring BFD session up """ key = self.factory.create_random_key(self) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.vpp_session.admin_up() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) def test_hold_up(self): """ hold BFD session up """ key = self.factory.create_random_key(self) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.vpp_session.admin_up() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): wait_for_bfd_packet(self) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) def test_hold_up_meticulous(self): """ hold BFD session up - meticulous auth """ key = self.factory.create_random_key( self, BFDAuthType.meticulous_keyed_sha1) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.vpp_session.admin_up() # specify sequence number so that it wraps self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id, our_seq_number=0xFFFFFFFF - 4) bfd_session_up(self) for dummy in range(30): wait_for_bfd_packet(self) self.test_session.inc_seq_num() self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) def test_send_bad_seq_number(self): """ session is not kept alive by msgs with bad sequence numbers""" key = self.factory.create_random_key( self, BFDAuthType.meticulous_keyed_sha1) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) detection_time = self.test_session.detect_mult *\ self.vpp_session.required_min_rx / USEC_IN_SEC send_until = time.time() + 2 * detection_time while time.time() < send_until: self.test_session.send_packet() self.sleep(0.7 * self.vpp_session.required_min_rx / USEC_IN_SEC, "time between bfd packets") e = self.vapi.collect_events() # session should be down now, because the sequence numbers weren't # updated self.assert_equal(len(e), 1, "number of bfd events") verify_event(self, e[0], expected_state=BFDState.down) def execute_rogue_session_scenario(self, vpp_bfd_udp_session, legitimate_test_session, rogue_test_session, rogue_bfd_values=None): """ execute a rogue session interaction scenario 1. create vpp session, add config 2. bring the legitimate session up 3. copy the bfd values from legitimate session to rogue session 4. apply rogue_bfd_values to rogue session 5. set rogue session state to down 6. send message to take the session down from the rogue session 7. assert that the legitimate session is unaffected """ self.vpp_session = vpp_bfd_udp_session self.vpp_session.add_vpp_config() self.test_session = legitimate_test_session # bring vpp session up bfd_session_up(self) # send packet from rogue session rogue_test_session.update( my_discriminator=self.test_session.my_discriminator, your_discriminator=self.test_session.your_discriminator, desired_min_tx=self.test_session.desired_min_tx, required_min_rx=self.test_session.required_min_rx, detect_mult=self.test_session.detect_mult, diag=self.test_session.diag, state=self.test_session.state, auth_type=self.test_session.auth_type) if rogue_bfd_values: rogue_test_session.update(**rogue_bfd_values) rogue_test_session.update(state=BFDState.down) rogue_test_session.send_packet() wait_for_bfd_packet(self) self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) def test_mismatch_auth(self): """ session is not brought down by unauthenticated msg """ key = self.factory.create_random_key(self) key.add_vpp_config() vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=key) legitimate_test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=vpp_session.bfd_key_id) rogue_test_session = BFDTestSession(self, self.pg0, AF_INET) self.execute_rogue_session_scenario(vpp_session, legitimate_test_session, rogue_test_session) def test_mismatch_bfd_key_id(self): """ session is not brought down by msg with non-existent key-id """ key = self.factory.create_random_key(self) key.add_vpp_config() vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=key) # pick a different random bfd key id x = randint(0, 255) while x == vpp_session.bfd_key_id: x = randint(0, 255) legitimate_test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=vpp_session.bfd_key_id) rogue_test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=x) self.execute_rogue_session_scenario(vpp_session, legitimate_test_session, rogue_test_session) def test_mismatched_auth_type(self): """ session is not brought down by msg with wrong auth type """ key = self.factory.create_random_key(self) key.add_vpp_config() vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=key) legitimate_test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=vpp_session.bfd_key_id) rogue_test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=vpp_session.bfd_key_id) self.execute_rogue_session_scenario( vpp_session, legitimate_test_session, rogue_test_session, {'auth_type': BFDAuthType.keyed_md5}) def test_restart(self): """ simulate remote peer restart and resynchronization """ key = self.factory.create_random_key( self, BFDAuthType.meticulous_keyed_sha1) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id, our_seq_number=0) bfd_session_up(self) # don't send any packets for 2*detection_time detection_time = self.test_session.detect_mult *\ self.vpp_session.required_min_rx / USEC_IN_SEC self.sleep(2*detection_time, "simulating peer restart") events = self.vapi.collect_events() self.assert_equal(len(events), 1, "number of bfd events") verify_event(self, events[0], expected_state=BFDState.down) self.test_session.update(state=BFDState.down) # reset sequence number self.test_session.our_seq_number = 0 self.test_session.vpp_seq_number = None # now throw away any pending packets self.pg0.enable_capture() bfd_session_up(self) class BFDAuthOnOffTestCase(VppTestCase): """Bidirectional Forwarding Detection (BFD) (changing auth) """ pg0 = None vpp_session = None test_session = None @classmethod def setUpClass(cls): super(BFDAuthOnOffTestCase, cls).setUpClass() try: cls.create_pg_interfaces([0]) cls.pg0.config_ip4() cls.pg0.admin_up() cls.pg0.resolve_arp() except Exception: super(BFDAuthOnOffTestCase, cls).tearDownClass() raise def setUp(self): super(BFDAuthOnOffTestCase, self).setUp() self.factory = AuthKeyFactory() self.vapi.want_bfd_events() self.pg0.enable_capture() def tearDown(self): if not self.vpp_dead: self.vapi.want_bfd_events(enable_disable=0) self.vapi.collect_events() # clear the event queue super(BFDAuthOnOffTestCase, self).tearDown() def test_auth_on_immediate(self): """ turn auth on without disturbing session state (immediate) """ key = self.factory.create_random_key(self) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession(self, self.pg0, AF_INET) bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.vpp_session.activate_auth(key) self.test_session.bfd_key_id = self.vpp_session.bfd_key_id self.test_session.sha1_key = key for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") def test_auth_off_immediate(self): """ turn auth off without disturbing session state (immediate) """ key = self.factory.create_random_key(self) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) # self.vapi.want_bfd_events(enable_disable=0) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.inc_seq_num() self.test_session.send_packet() self.vpp_session.deactivate_auth() self.test_session.bfd_key_id = None self.test_session.sha1_key = None for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.inc_seq_num() self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") def test_auth_change_key_immediate(self): """ change auth key without disturbing session state (immediate) """ key1 = self.factory.create_random_key(self) key1.add_vpp_config() key2 = self.factory.create_random_key(self) key2.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key1) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key1, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.vpp_session.activate_auth(key2) self.test_session.bfd_key_id = self.vpp_session.bfd_key_id self.test_session.sha1_key = key2 for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") def test_auth_on_delayed(self): """ turn auth on without disturbing session state (delayed) """ key = self.factory.create_random_key(self) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession(self, self.pg0, AF_INET) bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): wait_for_bfd_packet(self) self.test_session.send_packet() self.vpp_session.activate_auth(key, delayed=True) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.test_session.bfd_key_id = self.vpp_session.bfd_key_id self.test_session.sha1_key = key self.test_session.send_packet() for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") def test_auth_off_delayed(self): """ turn auth off without disturbing session state (delayed) """ key = self.factory.create_random_key(self) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.vpp_session.deactivate_auth(delayed=True) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.test_session.bfd_key_id = None self.test_session.sha1_key = None self.test_session.send_packet() for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") def test_auth_change_key_delayed(self): """ change auth key without disturbing session state (delayed) """ key1 = self.factory.create_random_key(self) key1.add_vpp_config() key2 = self.factory.create_random_key(self) key2.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key1) self.vpp_session.add_vpp_config() self.vpp_session.admin_up() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key1, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.vpp_session.activate_auth(key2, delayed=True) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.test_session.bfd_key_id = self.vpp_session.bfd_key_id self.test_session.sha1_key = key2 self.test_session.send_packet() for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") class BFDCLITestCase(VppTestCase): """Bidirectional Forwarding Detection (BFD) (CLI) """ pg0 = None @classmethod def setUpClass(cls): super(BFDCLITestCase, cls).setUpClass() try: cls.create_pg_interfaces((0,)) cls.pg0.config_ip4() cls.pg0.config_ip6() cls.pg0.resolve_arp() cls.pg0.resolve_ndp() except Exception: super(BFDCLITestCase, cls).tearDownClass() raise def setUp(self): super(BFDCLITestCase, self).setUp() self.factory = AuthKeyFactory() self.pg0.enable_capture() def tearDown(self): try: self.vapi.want_bfd_events(enable_disable=0) except UnexpectedApiReturnValueError: # some tests aren't subscribed, so this is not an issue pass self.vapi.collect_events() # clear the event queue super(BFDCLITestCase, self).tearDown() def cli_verify_no_response(self, cli): """ execute a CLI, asserting that the response is empty """ self.assert_equal(self.vapi.cli(cli), "", "CLI command response") def cli_verify_response(self, cli, expected): """ execute a CLI, asserting that the response matches expectation """ self.assert_equal(self.vapi.cli(cli).strip(), expected, "CLI command response") def test_show(self): """ show commands """ k1 = self.factory.create_random_key(self) k1.add_vpp_config() k2 = self.factory.create_random_key( self, auth_type=BFDAuthType.meticulous_keyed_sha1) k2.add_vpp_config() s1 = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) s1.add_vpp_config() s2 = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip6, af=AF_INET6, sha1_key=k2) s2.add_vpp_config() self.logger.info(self.vapi.ppcli("show bfd keys")) self.logger.info(self.vapi.ppcli("show bfd sessions")) self.logger.info(self.vapi.ppcli("show bfd")) def test_set_del_sha1_key(self): """ set/delete SHA1 auth key """ k = self.factory.create_random_key(self) self.registry.register(k, self.logger) self.cli_verify_no_response( "bfd key set conf-key-id %s type keyed-sha1 secret %s" % (k.conf_key_id, "".join("{:02x}".format(ord(c)) for c in k.key))) self.assertTrue(k.query_vpp_config()) self.vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=k) self.vpp_session.add_vpp_config() self.test_session = \ BFDTestSession(self, self.pg0, AF_INET, sha1_key=k, bfd_key_id=self.vpp_session.bfd_key_id) self.vapi.want_bfd_events() bfd_session_up(self) bfd_session_down(self) # try to replace the secret for the key - should fail because the key # is in-use k2 = self.factory.create_random_key(self) self.cli_verify_response( "bfd key set conf-key-id %s type keyed-sha1 secret %s" % (k.conf_key_id, "".join("{:02x}".format(ord(c)) for c in k2.key)), "bfd key set: `bfd_auth_set_key' API call failed, " "rv=-103:BFD object in use") # manipulating the session using old secret should still work bfd_session_up(self) bfd_session_down(self) self.vpp_session.remove_vpp_config() self.cli_verify_no_response( "bfd key del conf-key-id %s" % k.conf_key_id) self.assertFalse(k.query_vpp_config()) def test_set_del_meticulous_sha1_key(self): """ set/delete meticulous SHA1 auth key """ k = self.factory.create_random_key( self, auth_type=BFDAuthType.meticulous_keyed_sha1) self.registry.register(k, self.logger) self.cli_verify_no_response( "bfd key set conf-key-id %s type meticulous-keyed-sha1 secret %s" % (k.conf_key_id, "".join("{:02x}".format(ord(c)) for c in k.key))) self.assertTrue(k.query_vpp_config()) self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip6, af=AF_INET6, sha1_key=k) self.vpp_session.add_vpp_config() self.vpp_session.admin_up() self.test_session = \ BFDTestSession(self, self.pg0, AF_INET6, sha1_key=k, bfd_key_id=self.vpp_session.bfd_key_id) self.vapi.want_bfd_events() bfd_session_up(self) bfd_session_down(self) # try to replace the secret for the key - should fail because the key # is in-use k2 = self.factory.create_random_key(self) self.cli_verify_response( "bfd key set conf-key-id %s type keyed-sha1 secret %s" % (k.conf_key_id, "".join("{:02x}".format(ord(c)) for c in k2.key)), "bfd key set: `bfd_auth_set_key' API call failed, " "rv=-103:BFD object in use") # manipulating the session using old secret should still work bfd_session_up(self) bfd_session_down(self) self.vpp_session.remove_vpp_config() self.cli_verify_no_response( "bfd key del conf-key-id %s" % k.conf_key_id) self.assertFalse(k.query_vpp_config()) def test_add_mod_del_bfd_udp(self): """ create/modify/delete IPv4 BFD UDP session """ vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4) self.registry.register(vpp_session, self.logger) cli_add_cmd = "bfd udp session add interface %s local-addr %s " \ "peer-addr %s desired-min-tx %s required-min-rx %s "\ "detect-mult %s" % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4, vpp_session.desired_min_tx, vpp_session.required_min_rx, vpp_session.detect_mult) self.cli_verify_no_response(cli_add_cmd) # 2nd add should fail self.cli_verify_response( cli_add_cmd, "bfd udp session add: `bfd_add_add_session' API call" " failed, rv=-101:Duplicate BFD object") verify_bfd_session_config(self, vpp_session) mod_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, required_min_rx=2 * vpp_session.required_min_rx, desired_min_tx=3 * vpp_session.desired_min_tx, detect_mult=4 * vpp_session.detect_mult) self.cli_verify_no_response( "bfd udp session mod interface %s local-addr %s peer-addr %s " "desired-min-tx %s required-min-rx %s detect-mult %s" % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4, mod_session.desired_min_tx, mod_session.required_min_rx, mod_session.detect_mult)) verify_bfd_session_config(self, mod_session) cli_del_cmd = "bfd udp session del interface %s local-addr %s "\ "peer-addr %s" % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4) self.cli_verify_no_response(cli_del_cmd) # 2nd del is expected to fail self.cli_verify_response( cli_del_cmd, "bfd udp session del: `bfd_udp_del_session' API call" " failed, rv=-102:No such BFD object") self.assertFalse(vpp_session.query_vpp_config()) def test_add_mod_del_bfd_udp6(self): """ create/modify/delete IPv6 BFD UDP session """ vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip6, af=AF_INET6) self.registry.register(vpp_session, self.logger) cli_add_cmd = "bfd udp session add interface %s local-addr %s " \ "peer-addr %s desired-min-tx %s required-min-rx %s "\ "detect-mult %s" % (self.pg0.name, self.pg0.local_ip6, self.pg0.remote_ip6, vpp_session.desired_min_tx, vpp_session.required_min_rx, vpp_session.detect_mult) self.cli_verify_no_response(cli_add_cmd) # 2nd add should fail self.cli_verify_response( cli_add_cmd, "bfd udp session add: `bfd_add_add_session' API call" " failed, rv=-101:Duplicate BFD object") verify_bfd_session_config(self, vpp_session) mod_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip6, af=AF_INET6, required_min_rx=2 * vpp_session.required_min_rx, desired_min_tx=3 * vpp_session.desired_min_tx, detect_mult=4 * vpp_session.detect_mult) self.cli_verify_no_response( "bfd udp session mod interface %s local-addr %s peer-addr %s " "desired-min-tx %s required-min-rx %s detect-mult %s" % (self.pg0.name, self.pg0.local_ip6, self.pg0.remote_ip6, mod_session.desired_min_tx, mod_session.required_min_rx, mod_session.detect_mult)) verify_bfd_session_config(self, mod_session) cli_del_cmd = "bfd udp session del interface %s local-addr %s "\ "peer-addr %s" % (self.pg0.name, self.pg0.local_ip6, self.pg0.remote_ip6) self.cli_verify_no_response(cli_del_cmd) # 2nd del is expected to fail self.cli_verify_response( cli_del_cmd, "bfd udp session del: `bfd_udp_del_session' API call" " failed, rv=-102:No such BFD object") self.assertFalse(vpp_session.query_vpp_config()) def test_add_mod_del_bfd_udp_auth(self): """ create/modify/delete IPv4 BFD UDP session (authenticated) """ key = self.factory.create_random_key(self) key.add_vpp_config() vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.registry.register(vpp_session, self.logger) cli_add_cmd = "bfd udp session add interface %s local-addr %s " \ "peer-addr %s desired-min-tx %s required-min-rx %s "\ "detect-mult %s conf-key-id %s bfd-key-id %s"\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4, vpp_session.desired_min_tx, vpp_session.required_min_rx, vpp_session.detect_mult, key.conf_key_id, vpp_session.bfd_key_id) self.cli_verify_no_response(cli_add_cmd) # 2nd add should fail self.cli_verify_response( cli_add_cmd, "bfd udp session add: `bfd_add_add_session' API call" " failed, rv=-101:Duplicate BFD object") verify_bfd_session_config(self, vpp_session) mod_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=key, bfd_key_id=vpp_session.bfd_key_id, required_min_rx=2 * vpp_session.required_min_rx, desired_min_tx=3 * vpp_session.desired_min_tx, detect_mult=4 * vpp_session.detect_mult) self.cli_verify_no_response( "bfd udp session mod interface %s local-addr %s peer-addr %s " "desired-min-tx %s required-min-rx %s detect-mult %s" % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4, mod_session.desired_min_tx, mod_session.required_min_rx, mod_session.detect_mult)) verify_bfd_session_config(self, mod_session) cli_del_cmd = "bfd udp session del interface %s local-addr %s "\ "peer-addr %s" % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4) self.cli_verify_no_response(cli_del_cmd) # 2nd del is expected to fail self.cli_verify_response( cli_del_cmd, "bfd udp session del: `bfd_udp_del_session' API call" " failed, rv=-102:No such BFD object") self.assertFalse(vpp_session.query_vpp_config()) def test_add_mod_del_bfd_udp6_auth(self): """ create/modify/delete IPv6 BFD UDP session (authenticated) """ key = self.factory.create_random_key( self, auth_type=BFDAuthType.meticulous_keyed_sha1) key.add_vpp_config() vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip6, af=AF_INET6, sha1_key=key) self.registry.register(vpp_session, self.logger) cli_add_cmd = "bfd udp session add interface %s local-addr %s " \ "peer-addr %s desired-min-tx %s required-min-rx %s "\ "detect-mult %s conf-key-id %s bfd-key-id %s" \ % (self.pg0.name, self.pg0.local_ip6, self.pg0.remote_ip6, vpp_session.desired_min_tx, vpp_session.required_min_rx, vpp_session.detect_mult, key.conf_key_id, vpp_session.bfd_key_id) self.cli_verify_no_response(cli_add_cmd) # 2nd add should fail self.cli_verify_response( cli_add_cmd, "bfd udp session add: `bfd_add_add_session' API call" " failed, rv=-101:Duplicate BFD object") verify_bfd_session_config(self, vpp_session) mod_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip6, af=AF_INET6, sha1_key=key, bfd_key_id=vpp_session.bfd_key_id, required_min_rx=2 * vpp_session.required_min_rx, desired_min_tx=3 * vpp_session.desired_min_tx, detect_mult=4 * vpp_session.detect_mult) self.cli_verify_no_response( "bfd udp session mod interface %s local-addr %s peer-addr %s " "desired-min-tx %s required-min-rx %s detect-mult %s" % (self.pg0.name, self.pg0.local_ip6, self.pg0.remote_ip6, mod_session.desired_min_tx, mod_session.required_min_rx, mod_session.detect_mult)) verify_bfd_session_config(self, mod_session) cli_del_cmd = "bfd udp session del interface %s local-addr %s "\ "peer-addr %s" % (self.pg0.name, self.pg0.local_ip6, self.pg0.remote_ip6) self.cli_verify_no_response(cli_del_cmd) # 2nd del is expected to fail self.cli_verify_response( cli_del_cmd, "bfd udp session del: `bfd_udp_del_session' API call" " failed, rv=-102:No such BFD object") self.assertFalse(vpp_session.query_vpp_config()) def test_auth_on_off(self): """ turn authentication on and off """ key = self.factory.create_random_key( self, auth_type=BFDAuthType.meticulous_keyed_sha1) key.add_vpp_config() session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) auth_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) session.add_vpp_config() cli_activate = \ "bfd udp session auth activate interface %s local-addr %s "\ "peer-addr %s conf-key-id %s bfd-key-id %s"\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4, key.conf_key_id, auth_session.bfd_key_id) self.cli_verify_no_response(cli_activate) verify_bfd_session_config(self, auth_session) self.cli_verify_no_response(cli_activate) verify_bfd_session_config(self, auth_session) cli_deactivate = \ "bfd udp session auth deactivate interface %s local-addr %s "\ "peer-addr %s "\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4) self.cli_verify_no_response(cli_deactivate) verify_bfd_session_config(self, session) self.cli_verify_no_response(cli_deactivate) verify_bfd_session_config(self, session) def test_auth_on_off_delayed(self): """ turn authentication on and off (delayed) """ key = self.factory.create_random_key( self, auth_type=BFDAuthType.meticulous_keyed_sha1) key.add_vpp_config() session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) auth_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) session.add_vpp_config() cli_activate = \ "bfd udp session auth activate interface %s local-addr %s "\ "peer-addr %s conf-key-id %s bfd-key-id %s delayed yes"\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4, key.conf_key_id, auth_session.bfd_key_id) self.cli_verify_no_response(cli_activate) verify_bfd_session_config(self, auth_session) self.cli_verify_no_response(cli_activate) verify_bfd_session_config(self, auth_session) cli_deactivate = \ "bfd udp session auth deactivate interface %s local-addr %s "\ "peer-addr %s delayed yes"\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4) self.cli_verify_no_response(cli_deactivate) verify_bfd_session_config(self, session) self.cli_verify_no_response(cli_deactivate) verify_bfd_session_config(self, session) def test_admin_up_down(self): """ put session admin-up and admin-down """ session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) session.add_vpp_config() cli_down = \ "bfd udp session set-flags admin down interface %s local-addr %s "\ "peer-addr %s "\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4) cli_up = \ "bfd udp session set-flags admin up interface %s local-addr %s "\ "peer-addr %s "\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4) self.cli_verify_no_response(cli_down) verify_bfd_session_config(self, session, state=BFDState.admin_down) self.cli_verify_no_response(cli_up) verify_bfd_session_config(self, session, state=BFDState.down) def test_set_del_udp_echo_source(self): """ set/del udp echo source """ self.create_loopback_interfaces([0]) self.loopback0 = self.lo_interfaces[0] self.loopback0.admin_up() self.cli_verify_response("show bfd echo-source", "UDP echo source is not set.") cli_set = "bfd udp echo-source set interface %s" % self.loopback0.name self.cli_verify_no_response(cli_set) self.cli_verify_response("show bfd echo-source", "UDP echo source is: %s\n" "IPv4 address usable as echo source: none\n" "IPv6 address usable as echo source: none" % self.loopback0.name) self.loopback0.config_ip4() unpacked = unpack("!L", self.loopback0.local_ip4n) echo_ip4 = inet_ntop(AF_INET, pack("!L", unpacked[0] ^ 1)) self.cli_verify_response("show bfd echo-source", "UDP echo source is: %s\n" "IPv4 address usable as echo source: %s\n" "IPv6 address usable as echo source: none" % (self.loopback0.name, echo_ip4)) unpacked = unpack("!LLLL", self.loopback0.local_ip6n) echo_ip6 = inet_ntop(AF_INET6, pack("!LLLL", unpacked[0], unpacked[1], unpacked[2], unpacked[3] ^ 1)) self.loopback0.config_ip6() self.cli_verify_response("show bfd echo-source", "UDP echo source is: %s\n" "IPv4 address usable as echo source: %s\n" "IPv6 address usable as echo source: %s" % (self.loopback0.name, echo_ip4, echo_ip6)) cli_del = "bfd udp echo-source del" self.cli_verify_no_response(cli_del) self.cli_verify_response("show bfd echo-source", "UDP echo source is not set.") if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)