2018-10-04 06:40:30 -07:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
|
|
|
|
import unittest
|
|
|
|
|
2023-08-31 00:47:44 -04:00
|
|
|
from framework import VppTestCase
|
|
|
|
from asfframework import VppTestRunner
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
from scapy.layers.inet import IP, TCP
|
|
|
|
from scapy.layers.inet6 import IPv6
|
|
|
|
from scapy.layers.l2 import Ether
|
|
|
|
from scapy.packet import Raw
|
|
|
|
|
|
|
|
|
|
|
|
class TestMSSClamp(VppTestCase):
|
2022-04-26 19:02:15 +02:00
|
|
|
"""TCP MSS Clamping Test Case"""
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
super(TestMSSClamp, self).setUp()
|
|
|
|
|
|
|
|
# create 2 pg interfaces
|
|
|
|
self.create_pg_interfaces(range(2))
|
|
|
|
|
|
|
|
for i in self.pg_interfaces:
|
|
|
|
i.admin_up()
|
|
|
|
i.config_ip4()
|
|
|
|
i.resolve_arp()
|
|
|
|
i.config_ip6()
|
|
|
|
i.resolve_ndp()
|
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
for i in self.pg_interfaces:
|
|
|
|
i.unconfig_ip4()
|
|
|
|
i.unconfig_ip6()
|
|
|
|
i.admin_down()
|
|
|
|
super(TestMSSClamp, self).tearDown()
|
|
|
|
|
|
|
|
def verify_pkt(self, rx, expected_mss):
|
|
|
|
# check that the MSS size equals the expected value
|
|
|
|
# and the IP and TCP checksums are correct
|
|
|
|
tcp = rx[TCP]
|
|
|
|
tcp_csum = tcp.chksum
|
|
|
|
del tcp.chksum
|
|
|
|
ip_csum = 0
|
2022-04-26 19:02:15 +02:00
|
|
|
if rx.haslayer(IP):
|
2018-10-04 06:40:30 -07:00
|
|
|
ip_csum = rx[IP].chksum
|
|
|
|
del rx[IP].chksum
|
|
|
|
|
|
|
|
opt = tcp.options
|
2022-04-26 19:02:15 +02:00
|
|
|
self.assertEqual(opt[0][0], "MSS")
|
2018-10-04 06:40:30 -07:00
|
|
|
self.assertEqual(opt[0][1], expected_mss)
|
|
|
|
# recalculate checksums
|
|
|
|
rx = rx.__class__(bytes(rx))
|
|
|
|
tcp = rx[TCP]
|
|
|
|
self.assertEqual(tcp_csum, tcp.chksum)
|
2022-04-26 19:02:15 +02:00
|
|
|
if rx.haslayer(IP):
|
2018-10-04 06:40:30 -07:00
|
|
|
self.assertEqual(ip_csum, rx[IP].chksum)
|
|
|
|
|
|
|
|
def send_and_verify_ip4(self, src_pg, dst_pg, mss, expected_mss):
|
|
|
|
# IPv4 TCP packet with the requested MSS option.
|
|
|
|
# from a host on src_pg to a host on dst_pg.
|
2022-04-26 19:02:15 +02:00
|
|
|
p = (
|
|
|
|
Ether(dst=src_pg.local_mac, src=src_pg.remote_mac)
|
|
|
|
/ IP(src=src_pg.remote_ip4, dst=dst_pg.remote_ip4)
|
|
|
|
/ TCP(
|
|
|
|
sport=1234,
|
|
|
|
dport=1234,
|
|
|
|
flags="S",
|
|
|
|
options=[("MSS", (mss)), ("EOL", None)],
|
|
|
|
)
|
|
|
|
/ Raw("\xa5" * 100)
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
rxs = self.send_and_expect(src_pg, p * 65, dst_pg)
|
|
|
|
|
|
|
|
for rx in rxs:
|
|
|
|
self.verify_pkt(rx, expected_mss)
|
|
|
|
|
|
|
|
def send_and_verify_ip6(self, src_pg, dst_pg, mss, expected_mss):
|
|
|
|
#
|
|
|
|
# IPv6 TCP packet with the requested MSS option.
|
|
|
|
# from a host on src_pg to a host on dst_pg.
|
|
|
|
#
|
2022-04-26 19:02:15 +02:00
|
|
|
p = (
|
|
|
|
Ether(dst=src_pg.local_mac, src=src_pg.remote_mac)
|
|
|
|
/ IPv6(src=src_pg.remote_ip6, dst=dst_pg.remote_ip6)
|
|
|
|
/ TCP(
|
|
|
|
sport=1234,
|
|
|
|
dport=1234,
|
|
|
|
flags="S",
|
|
|
|
options=[("MSS", (mss)), ("EOL", None)],
|
|
|
|
)
|
|
|
|
/ Raw("\xa5" * 100)
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
rxs = self.send_and_expect(src_pg, p * 65, dst_pg)
|
|
|
|
|
|
|
|
for rx in rxs:
|
|
|
|
self.verify_pkt(rx, expected_mss)
|
|
|
|
|
|
|
|
def test_tcp_mss_clamping_ip4_tx(self):
|
2022-04-26 19:02:15 +02:00
|
|
|
"""IP4 TCP MSS Clamping TX"""
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# enable the TCP MSS clamping feature to lower the MSS to 1424.
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=1424,
|
|
|
|
ipv6_mss=0,
|
|
|
|
ipv4_direction=3,
|
|
|
|
ipv6_direction=0,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Verify that the feature is enabled.
|
|
|
|
rv, reply = self.vapi.mss_clamp_get(sw_if_index=self.pg1.sw_if_index)
|
|
|
|
self.assertEqual(reply[0].ipv4_mss, 1424)
|
|
|
|
self.assertEqual(reply[0].ipv4_direction, 3)
|
|
|
|
|
|
|
|
# Send syn packets and verify that the MSS value is lowered.
|
|
|
|
self.send_and_verify_ip4(self.pg0, self.pg1, 1460, 1424)
|
|
|
|
|
|
|
|
# check the stats
|
2022-04-26 19:02:15 +02:00
|
|
|
stats = self.statistics.get_counter("/err/tcp-mss-clamping-ip4-out/clamped")
|
2018-10-04 06:40:30 -07:00
|
|
|
self.assertEqual(sum(stats), 65)
|
|
|
|
|
|
|
|
# Send syn packets with small enough MSS values and verify they are
|
|
|
|
# unchanged.
|
|
|
|
self.send_and_verify_ip4(self.pg0, self.pg1, 1400, 1400)
|
|
|
|
|
|
|
|
# enable the the feature only in TX direction
|
|
|
|
# and change the max MSS value
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=1420,
|
|
|
|
ipv6_mss=0,
|
|
|
|
ipv4_direction=2,
|
|
|
|
ipv6_direction=0,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Send syn packets and verify that the MSS value is lowered.
|
|
|
|
self.send_and_verify_ip4(self.pg0, self.pg1, 1460, 1420)
|
|
|
|
|
|
|
|
# enable the the feature only in RX direction
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=1424,
|
|
|
|
ipv6_mss=0,
|
|
|
|
ipv4_direction=1,
|
|
|
|
ipv6_direction=0,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Send the packets again and ensure they are unchanged.
|
|
|
|
self.send_and_verify_ip4(self.pg0, self.pg1, 1460, 1460)
|
|
|
|
|
|
|
|
# disable the feature
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=0,
|
|
|
|
ipv6_mss=0,
|
|
|
|
ipv4_direction=0,
|
|
|
|
ipv6_direction=0,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Send the packets again and ensure they are unchanged.
|
|
|
|
self.send_and_verify_ip4(self.pg0, self.pg1, 1460, 1460)
|
|
|
|
|
|
|
|
def test_tcp_mss_clamping_ip4_rx(self):
|
2022-04-26 19:02:15 +02:00
|
|
|
"""IP4 TCP MSS Clamping RX"""
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# enable the TCP MSS clamping feature to lower the MSS to 1424.
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=1424,
|
|
|
|
ipv6_mss=0,
|
|
|
|
ipv4_direction=3,
|
|
|
|
ipv6_direction=0,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Verify that the feature is enabled.
|
|
|
|
rv, reply = self.vapi.mss_clamp_get(sw_if_index=self.pg1.sw_if_index)
|
|
|
|
self.assertEqual(reply[0].ipv4_mss, 1424)
|
|
|
|
self.assertEqual(reply[0].ipv4_direction, 3)
|
|
|
|
|
|
|
|
# Send syn packets and verify that the MSS value is lowered.
|
|
|
|
self.send_and_verify_ip4(self.pg1, self.pg0, 1460, 1424)
|
|
|
|
|
|
|
|
# check the stats
|
2022-04-26 19:02:15 +02:00
|
|
|
stats = self.statistics.get_counter("/err/tcp-mss-clamping-ip4-in/clamped")
|
2018-10-04 06:40:30 -07:00
|
|
|
self.assertEqual(sum(stats), 65)
|
|
|
|
|
|
|
|
# Send syn packets with small enough MSS values and verify they are
|
|
|
|
# unchanged.
|
|
|
|
self.send_and_verify_ip4(self.pg1, self.pg0, 1400, 1400)
|
|
|
|
|
|
|
|
# enable the the feature only in RX direction
|
|
|
|
# and change the max MSS value
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=1420,
|
|
|
|
ipv6_mss=0,
|
|
|
|
ipv4_direction=1,
|
|
|
|
ipv6_direction=0,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Send syn packets and verify that the MSS value is lowered.
|
|
|
|
self.send_and_verify_ip4(self.pg1, self.pg0, 1460, 1420)
|
|
|
|
|
|
|
|
# enable the the feature only in TX direction
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=1424,
|
|
|
|
ipv6_mss=0,
|
|
|
|
ipv4_direction=2,
|
|
|
|
ipv6_direction=0,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Send the packets again and ensure they are unchanged.
|
|
|
|
self.send_and_verify_ip4(self.pg1, self.pg0, 1460, 1460)
|
|
|
|
|
|
|
|
# disable the feature
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=0,
|
|
|
|
ipv6_mss=0,
|
|
|
|
ipv4_direction=0,
|
|
|
|
ipv6_direction=0,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Send the packets again and ensure they are unchanged.
|
|
|
|
self.send_and_verify_ip4(self.pg1, self.pg0, 1460, 1460)
|
|
|
|
|
|
|
|
def test_tcp_mss_clamping_ip6_tx(self):
|
2022-04-26 19:02:15 +02:00
|
|
|
"""IP6 TCP MSS Clamping TX"""
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# enable the TCP MSS clamping feature to lower the MSS to 1424.
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=0,
|
|
|
|
ipv6_mss=1424,
|
|
|
|
ipv4_direction=0,
|
|
|
|
ipv6_direction=3,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Verify that the feature is enabled.
|
|
|
|
rv, reply = self.vapi.mss_clamp_get(sw_if_index=self.pg1.sw_if_index)
|
|
|
|
self.assertEqual(reply[0].ipv6_mss, 1424)
|
|
|
|
self.assertEqual(reply[0].ipv6_direction, 3)
|
|
|
|
|
|
|
|
# Send syn packets and verify that the MSS value is lowered.
|
|
|
|
self.send_and_verify_ip6(self.pg0, self.pg1, 1460, 1424)
|
|
|
|
|
|
|
|
# check the stats
|
2022-04-26 19:02:15 +02:00
|
|
|
stats = self.statistics.get_counter("/err/tcp-mss-clamping-ip6-out/clamped")
|
2018-10-04 06:40:30 -07:00
|
|
|
self.assertEqual(sum(stats), 65)
|
|
|
|
|
|
|
|
# Send syn packets with small enough MSS values and verify they are
|
|
|
|
# unchanged.
|
|
|
|
self.send_and_verify_ip6(self.pg0, self.pg1, 1400, 1400)
|
|
|
|
|
|
|
|
# enable the the feature only in TX direction
|
|
|
|
# and change the max MSS value
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=0,
|
|
|
|
ipv6_mss=1420,
|
|
|
|
ipv4_direction=0,
|
|
|
|
ipv6_direction=2,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Send syn packets and verify that the MSS value is lowered.
|
|
|
|
self.send_and_verify_ip6(self.pg0, self.pg1, 1460, 1420)
|
|
|
|
|
|
|
|
# enable the the feature only in RX direction
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=0,
|
|
|
|
ipv6_mss=1424,
|
|
|
|
ipv4_direction=0,
|
|
|
|
ipv6_direction=1,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Send the packets again and ensure they are unchanged.
|
|
|
|
self.send_and_verify_ip6(self.pg0, self.pg1, 1460, 1460)
|
|
|
|
|
|
|
|
# disable the feature
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=0,
|
|
|
|
ipv6_mss=0,
|
|
|
|
ipv4_direction=0,
|
|
|
|
ipv6_direction=0,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Send the packets again and ensure they are unchanged.
|
|
|
|
self.send_and_verify_ip6(self.pg0, self.pg1, 1460, 1460)
|
|
|
|
|
|
|
|
def test_tcp_mss_clamping_ip6_rx(self):
|
2022-04-26 19:02:15 +02:00
|
|
|
"""IP6 TCP MSS Clamping RX"""
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# enable the TCP MSS clamping feature to lower the MSS to 1424.
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=0,
|
|
|
|
ipv6_mss=1424,
|
|
|
|
ipv4_direction=0,
|
|
|
|
ipv6_direction=3,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Verify that the feature is enabled.
|
|
|
|
rv, reply = self.vapi.mss_clamp_get(sw_if_index=self.pg1.sw_if_index)
|
|
|
|
self.assertEqual(reply[0].ipv6_mss, 1424)
|
|
|
|
self.assertEqual(reply[0].ipv6_direction, 3)
|
|
|
|
|
|
|
|
# Send syn packets and verify that the MSS value is lowered.
|
|
|
|
self.send_and_verify_ip6(self.pg1, self.pg0, 1460, 1424)
|
|
|
|
|
|
|
|
# check the stats
|
2022-04-26 19:02:15 +02:00
|
|
|
stats = self.statistics.get_counter("/err/tcp-mss-clamping-ip6-in/clamped")
|
2018-10-04 06:40:30 -07:00
|
|
|
self.assertEqual(sum(stats), 65)
|
|
|
|
|
|
|
|
# Send syn packets with small enough MSS values and verify they are
|
|
|
|
# unchanged.
|
|
|
|
self.send_and_verify_ip6(self.pg1, self.pg0, 1400, 1400)
|
|
|
|
|
|
|
|
# enable the the feature only in RX direction
|
|
|
|
# and change the max MSS value
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=0,
|
|
|
|
ipv6_mss=1420,
|
|
|
|
ipv4_direction=0,
|
|
|
|
ipv6_direction=1,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Send syn packets and verify that the MSS value is lowered.
|
|
|
|
self.send_and_verify_ip6(self.pg1, self.pg0, 1460, 1420)
|
|
|
|
|
|
|
|
# enable the the feature only in TX direction
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=0,
|
|
|
|
ipv6_mss=1424,
|
|
|
|
ipv4_direction=0,
|
|
|
|
ipv6_direction=2,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Send the packets again and ensure they are unchanged.
|
|
|
|
self.send_and_verify_ip6(self.pg1, self.pg0, 1460, 1460)
|
|
|
|
|
|
|
|
# disable the feature
|
2022-04-26 19:02:15 +02:00
|
|
|
self.vapi.mss_clamp_enable_disable(
|
|
|
|
self.pg1.sw_if_index,
|
|
|
|
ipv4_mss=0,
|
|
|
|
ipv6_mss=0,
|
|
|
|
ipv4_direction=0,
|
|
|
|
ipv6_direction=0,
|
|
|
|
)
|
2018-10-04 06:40:30 -07:00
|
|
|
|
|
|
|
# Send the packets again and ensure they are unchanged.
|
|
|
|
self.send_and_verify_ip6(self.pg1, self.pg0, 1460, 1460)
|
|
|
|
|
|
|
|
|
2022-04-26 19:02:15 +02:00
|
|
|
if __name__ == "__main__":
|
2018-10-04 06:40:30 -07:00
|
|
|
unittest.main(testRunner=VppTestRunner)
|