e4238aa34f
When the NIC does not support mac filter, we rely on ethernet-input node to do the destination mac check, ie, when the interface is in L3, the mac address for the packet must be the mac address of the interface where the packet arrives. This works fine in ethernet-input node when all packets in the frame might have different interfaces, ie, ETH_INPUT_FRAME_F_SINGLE_SW_IF_ID is not set in the frame. However, when all packets are having the same interface, ETH_INPUT_FRAME_F_SINGLE_SW_IF_ID is set, ethernet-input node goes through the optimized routine eth_input_single_int -> eth_input_process_frame. That is where dmac check has a bug when all packets in the frame are either, ip4, ip6, or mpls without vlan tags. Because without vlan tags, the code handles all packets in fast path and ignores dmac check. With vlan tags, the code goes to slow path where dmac check is handled properly. The fix is to check if we have a bad dmac in the fast path and force the code to go to slow path which will handle dmac check properly. Also do a wholesale correction on all the testcases which do not use the proper dmac when sending L3 packets. Type: fix Change-Id: I73153a805cecdc24c4eefcc781676de04737ae2c Signed-off-by: Steven Luong <sluong@cisco.com>
2654 lines
92 KiB
Python
2654 lines
92 KiB
Python
#!/usr/bin/env python3
|
|
|
|
import unittest
|
|
from random import shuffle, randrange
|
|
|
|
from framework import VppTestCase
|
|
from asfframework import VppTestRunner
|
|
|
|
from scapy.packet import Raw
|
|
from scapy.layers.l2 import Ether, GRE
|
|
from scapy.layers.inet import IP, UDP, ICMP, icmptypes
|
|
from scapy.layers.inet6 import (
|
|
HBHOptUnknown,
|
|
ICMPv6ParamProblem,
|
|
ICMPv6TimeExceeded,
|
|
IPv6,
|
|
IPv6ExtHdrFragment,
|
|
IPv6ExtHdrHopByHop,
|
|
IPv6ExtHdrDestOpt,
|
|
PadN,
|
|
ICMPv6EchoRequest,
|
|
ICMPv6EchoReply,
|
|
)
|
|
from util import ppp, fragment_rfc791, fragment_rfc8200
|
|
from vpp_gre_interface import VppGreInterface
|
|
from vpp_ip_route import VppIpRoute, VppRoutePath
|
|
from vpp_papi import VppEnum
|
|
|
|
# 35 is enough to have >257 400-byte fragments
|
|
test_packet_count = 35
|
|
|
|
|
|
class TestIPv4Reassembly(VppTestCase):
|
|
"""IPv4 Reassembly"""
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
super().setUpClass()
|
|
|
|
cls.create_pg_interfaces([0, 1])
|
|
cls.src_if = cls.pg0
|
|
cls.dst_if = cls.pg1
|
|
|
|
# setup all interfaces
|
|
for i in cls.pg_interfaces:
|
|
i.admin_up()
|
|
i.config_ip4()
|
|
i.resolve_arp()
|
|
|
|
# packet sizes
|
|
cls.packet_sizes = [64, 512, 1518, 9018]
|
|
cls.padding = " abcdefghijklmn"
|
|
cls.create_stream(cls.packet_sizes)
|
|
cls.create_fragments()
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
super().tearDownClass()
|
|
|
|
def setUp(self):
|
|
"""Test setup - force timeout on existing reassemblies"""
|
|
super().setUp()
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=self.src_if.sw_if_index, enable_ip4=True
|
|
)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=0,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=10,
|
|
)
|
|
self.virtual_sleep(0.25)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=1000000,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=10000,
|
|
)
|
|
|
|
def tearDown(self):
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=self.src_if.sw_if_index, enable_ip4=False
|
|
)
|
|
super().tearDown()
|
|
|
|
def show_commands_at_teardown(self):
|
|
self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
|
|
@classmethod
|
|
def create_stream(cls, packet_sizes, packet_count=test_packet_count):
|
|
"""Create input packet stream
|
|
|
|
:param list packet_sizes: Required packet sizes.
|
|
"""
|
|
for i in range(0, packet_count):
|
|
info = cls.create_packet_info(cls.src_if, cls.src_if)
|
|
payload = cls.info_to_payload(info)
|
|
p = (
|
|
Ether(dst=cls.src_if.local_mac, src=cls.src_if.remote_mac)
|
|
/ IP(
|
|
id=info.index, src=cls.src_if.remote_ip4, dst=cls.dst_if.remote_ip4
|
|
)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
size = packet_sizes[(i // 2) % len(packet_sizes)]
|
|
cls.extend_packet(p, size, cls.padding)
|
|
info.data = p
|
|
|
|
@classmethod
|
|
def create_fragments(cls):
|
|
infos = cls._packet_infos
|
|
cls.pkt_infos = []
|
|
for index, info in infos.items():
|
|
p = info.data
|
|
# cls.logger.debug(ppp("Packet:",
|
|
# p.__class__(scapy.compat.raw(p))))
|
|
fragments_400 = fragment_rfc791(p, 400)
|
|
fragments_300 = fragment_rfc791(p, 300)
|
|
fragments_200 = [x for f in fragments_400 for x in fragment_rfc791(f, 200)]
|
|
cls.pkt_infos.append((index, fragments_400, fragments_300, fragments_200))
|
|
cls.fragments_400 = [x for (_, frags, _, _) in cls.pkt_infos for x in frags]
|
|
cls.fragments_300 = [x for (_, _, frags, _) in cls.pkt_infos for x in frags]
|
|
cls.fragments_200 = [x for (_, _, _, frags) in cls.pkt_infos for x in frags]
|
|
cls.logger.debug(
|
|
"Fragmented %s packets into %s 400-byte fragments, "
|
|
"%s 300-byte fragments and %s 200-byte fragments"
|
|
% (
|
|
len(infos),
|
|
len(cls.fragments_400),
|
|
len(cls.fragments_300),
|
|
len(cls.fragments_200),
|
|
)
|
|
)
|
|
|
|
def verify_capture(self, capture, dropped_packet_indexes=[]):
|
|
"""Verify captured packet stream.
|
|
|
|
:param list capture: Captured packet stream.
|
|
"""
|
|
info = None
|
|
seen = set()
|
|
for packet in capture:
|
|
try:
|
|
self.logger.debug(ppp("Got packet:", packet))
|
|
ip = packet[IP]
|
|
udp = packet[UDP]
|
|
payload_info = self.payload_to_info(packet[Raw])
|
|
packet_index = payload_info.index
|
|
self.assertTrue(
|
|
packet_index not in dropped_packet_indexes,
|
|
ppp("Packet received, but should be dropped:", packet),
|
|
)
|
|
if packet_index in seen:
|
|
raise Exception(ppp("Duplicate packet received", packet))
|
|
seen.add(packet_index)
|
|
self.assertEqual(payload_info.dst, self.src_if.sw_if_index)
|
|
info = self._packet_infos[packet_index]
|
|
self.assertTrue(info is not None)
|
|
self.assertEqual(packet_index, info.index)
|
|
saved_packet = info.data
|
|
self.assertEqual(ip.src, saved_packet[IP].src)
|
|
self.assertEqual(ip.dst, saved_packet[IP].dst)
|
|
self.assertEqual(udp.payload, saved_packet[UDP].payload)
|
|
except Exception:
|
|
self.logger.error(ppp("Unexpected or invalid packet:", packet))
|
|
raise
|
|
for index in self._packet_infos:
|
|
self.assertTrue(
|
|
index in seen or index in dropped_packet_indexes,
|
|
"Packet with packet_index %d not received" % index,
|
|
)
|
|
|
|
def test_reassembly(self):
|
|
"""basic reassembly"""
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(self.fragments_200)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
# run it all again to verify correctness
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(self.fragments_200)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_verify_clear_trace_mid_reassembly(self):
|
|
"""verify clear trace works mid-reassembly"""
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(self.fragments_200[0:-1])
|
|
self.pg_start()
|
|
|
|
self.logger.debug(self.vapi.cli("show trace"))
|
|
self.vapi.cli("clear trace")
|
|
|
|
self.src_if.add_stream(self.fragments_200[-1])
|
|
self.pg_start()
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
|
|
def test_reversed(self):
|
|
"""reverse order reassembly"""
|
|
|
|
fragments = list(self.fragments_200)
|
|
fragments.reverse()
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.packet_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
# run it all again to verify correctness
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.packet_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_long_fragment_chain(self):
|
|
"""long fragment chain"""
|
|
|
|
error_cnt_str = "/err/ip4-full-reassembly-feature/reass_fragment_chain_too_long"
|
|
|
|
error_cnt = self.statistics.get_err_counter(error_cnt_str)
|
|
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=100,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=3,
|
|
expire_walk_interval_ms=50,
|
|
)
|
|
|
|
p1 = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(id=1000, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(b"X" * 1000)
|
|
)
|
|
p2 = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(id=1001, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(b"X" * 1000)
|
|
)
|
|
frags = fragment_rfc791(p1, 200) + fragment_rfc791(p2, 500)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(frags)
|
|
self.pg_start()
|
|
|
|
self.dst_if.get_capture(1)
|
|
self.assert_error_counter_equal(error_cnt_str, error_cnt + 1)
|
|
|
|
def test_5737(self):
|
|
"""fragment length + ip header size > 65535"""
|
|
self.vapi.cli("clear errors")
|
|
raw = b"""E\x00\x00\x88,\xf8\x1f\xfe@\x01\x98\x00\xc0\xa8\n-\xc0\xa8\n\
|
|
\x01\x08\x00\xf0J\xed\xcb\xf1\xf5Test-group: IPv4.IPv4.ipv4-message.\
|
|
Ethernet-Payload.IPv4-Packet.IPv4-Header.Fragment-Offset; Test-case: 5737"""
|
|
malformed_packet = Ether(
|
|
dst=self.src_if.local_mac, src=self.src_if.remote_mac
|
|
) / IP(raw)
|
|
p = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(id=1000, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(b"X" * 1000)
|
|
)
|
|
valid_fragments = fragment_rfc791(p, 400)
|
|
|
|
counter = "/err/ip4-full-reassembly-feature/reass_malformed_packet"
|
|
error_counter = self.statistics.get_err_counter(counter)
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream([malformed_packet] + valid_fragments)
|
|
self.pg_start()
|
|
|
|
self.dst_if.get_capture(1)
|
|
self.logger.debug(self.vapi.ppcli("show error"))
|
|
self.assertEqual(self.statistics.get_err_counter(counter), error_counter + 1)
|
|
|
|
def test_44924(self):
|
|
"""compress tiny fragments"""
|
|
packets = [
|
|
(
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(
|
|
id=24339,
|
|
flags="MF",
|
|
frag=0,
|
|
ttl=64,
|
|
src=self.src_if.remote_ip4,
|
|
dst=self.dst_if.remote_ip4,
|
|
)
|
|
/ ICMP(type="echo-request", code=0, id=0x1FE6, seq=0x2407)
|
|
/ Raw(load="Test-group: IPv4")
|
|
),
|
|
(
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(
|
|
id=24339,
|
|
flags="MF",
|
|
frag=3,
|
|
ttl=64,
|
|
src=self.src_if.remote_ip4,
|
|
dst=self.dst_if.remote_ip4,
|
|
)
|
|
/ ICMP(type="echo-request", code=0, id=0x1FE6, seq=0x2407)
|
|
/ Raw(load=".IPv4.Fragmentation.vali")
|
|
),
|
|
(
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(
|
|
id=24339,
|
|
frag=6,
|
|
ttl=64,
|
|
src=self.src_if.remote_ip4,
|
|
dst=self.dst_if.remote_ip4,
|
|
)
|
|
/ ICMP(type="echo-request", code=0, id=0x1FE6, seq=0x2407)
|
|
/ Raw(load="d; Test-case: 44924")
|
|
),
|
|
]
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(packets)
|
|
self.pg_start()
|
|
|
|
self.dst_if.get_capture(1)
|
|
|
|
def test_frag_1(self):
|
|
"""fragment of size 1"""
|
|
self.vapi.cli("clear errors")
|
|
malformed_packets = [
|
|
(
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(
|
|
id=7,
|
|
len=21,
|
|
flags="MF",
|
|
frag=0,
|
|
ttl=64,
|
|
src=self.src_if.remote_ip4,
|
|
dst=self.dst_if.remote_ip4,
|
|
)
|
|
/ ICMP(type="echo-request")
|
|
),
|
|
(
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(
|
|
id=7,
|
|
len=21,
|
|
frag=1,
|
|
ttl=64,
|
|
src=self.src_if.remote_ip4,
|
|
dst=self.dst_if.remote_ip4,
|
|
)
|
|
/ Raw(load=b"\x08")
|
|
),
|
|
]
|
|
|
|
p = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(id=1000, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(b"X" * 1000)
|
|
)
|
|
valid_fragments = fragment_rfc791(p, 400)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(malformed_packets + valid_fragments)
|
|
self.pg_start()
|
|
|
|
self.dst_if.get_capture(1)
|
|
|
|
self.assert_packet_counter_equal("ip4-full-reassembly-feature", 1)
|
|
# TODO remove above, uncomment below once clearing of counters
|
|
# is supported
|
|
# self.assert_packet_counter_equal(
|
|
# "/err/ip4-full-reassembly-feature/reass_malformed_packet", 1)
|
|
|
|
def test_random(self):
|
|
"""random order reassembly"""
|
|
|
|
fragments = list(self.fragments_200)
|
|
shuffle(fragments)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.packet_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
# run it all again to verify correctness
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.packet_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_duplicates(self):
|
|
"""duplicate fragments"""
|
|
|
|
fragments = [
|
|
x
|
|
for (_, frags, _, _) in self.pkt_infos
|
|
for x in frags
|
|
for _ in range(0, min(2, len(frags)))
|
|
]
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_overlap1(self):
|
|
"""overlapping fragments case #1"""
|
|
|
|
fragments = []
|
|
for _, _, frags_300, frags_200 in self.pkt_infos:
|
|
if len(frags_300) == 1:
|
|
fragments.extend(frags_300)
|
|
else:
|
|
for i, j in zip(frags_200, frags_300):
|
|
fragments.extend(i)
|
|
fragments.extend(j)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
# run it all to verify correctness
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_overlap2(self):
|
|
"""overlapping fragments case #2"""
|
|
|
|
fragments = []
|
|
for _, _, frags_300, frags_200 in self.pkt_infos:
|
|
if len(frags_300) == 1:
|
|
fragments.extend(frags_300)
|
|
else:
|
|
# care must be taken here so that there are no fragments
|
|
# received by vpp after reassembly is finished, otherwise
|
|
# new reassemblies will be started and packet generator will
|
|
# freak out when it detects unfreed buffers
|
|
zipped = zip(frags_300, frags_200)
|
|
for i, j in zipped:
|
|
fragments.extend(i)
|
|
fragments.extend(j)
|
|
fragments.pop()
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
# run it all to verify correctness
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_timeout_inline(self):
|
|
"""timeout (inline)"""
|
|
|
|
dropped_packet_indexes = set(
|
|
index for (index, frags, _, _) in self.pkt_infos if len(frags) > 1
|
|
)
|
|
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=0,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=3,
|
|
expire_walk_interval_ms=10000,
|
|
)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(self.fragments_400)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(
|
|
len(self.pkt_infos) - len(dropped_packet_indexes)
|
|
)
|
|
self.verify_capture(packets, dropped_packet_indexes)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_timeout_cleanup(self):
|
|
"""timeout (cleanup)"""
|
|
|
|
# whole packets + fragmented packets sans last fragment
|
|
fragments = [
|
|
x
|
|
for (_, frags_400, _, _) in self.pkt_infos
|
|
for x in frags_400[: -1 if len(frags_400) > 1 else None]
|
|
]
|
|
|
|
# last fragments for fragmented packets
|
|
fragments2 = [
|
|
frags_400[-1]
|
|
for (_, frags_400, _, _) in self.pkt_infos
|
|
if len(frags_400) > 1
|
|
]
|
|
|
|
dropped_packet_indexes = set(
|
|
index for (index, frags_400, _, _) in self.pkt_infos if len(frags_400) > 1
|
|
)
|
|
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=100,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=50,
|
|
)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
self.virtual_sleep(0.25, "wait before sending rest of fragments")
|
|
|
|
self.src_if.add_stream(fragments2)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(
|
|
len(self.pkt_infos) - len(dropped_packet_indexes)
|
|
)
|
|
self.verify_capture(packets, dropped_packet_indexes)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_disabled(self):
|
|
"""reassembly disabled"""
|
|
|
|
dropped_packet_indexes = set(
|
|
index for (index, frags_400, _, _) in self.pkt_infos if len(frags_400) > 1
|
|
)
|
|
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=1000,
|
|
max_reassemblies=0,
|
|
max_reassembly_length=3,
|
|
expire_walk_interval_ms=10000,
|
|
)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(self.fragments_400)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(
|
|
len(self.pkt_infos) - len(dropped_packet_indexes)
|
|
)
|
|
self.verify_capture(packets, dropped_packet_indexes)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_local_enable_disable(self):
|
|
"""local reassembly enabled/disable"""
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=self.src_if.sw_if_index, enable_ip4=False
|
|
)
|
|
self.vapi.ip_local_reass_enable_disable(enable_ip4=True)
|
|
p = (
|
|
Ether(src=self.src_if.remote_mac, dst=self.src_if.local_mac)
|
|
/ IP(src=self.src_if.remote_ip4, dst=self.src_if.local_ip4)
|
|
/ ICMP(id=1234, type="echo-request")
|
|
/ Raw("x" * 1000)
|
|
)
|
|
frags = fragment_rfc791(p, 400)
|
|
r = self.send_and_expect(self.src_if, frags, self.src_if, n_rx=1)[0]
|
|
self.assertEqual(1234, r[ICMP].id)
|
|
self.assertEqual(icmptypes[r[ICMP].type], "echo-reply")
|
|
self.vapi.ip_local_reass_enable_disable()
|
|
|
|
self.send_and_assert_no_replies(self.src_if, frags)
|
|
self.vapi.ip_local_reass_enable_disable(enable_ip4=True)
|
|
|
|
|
|
class TestIPv4SVReassembly(VppTestCase):
|
|
"""IPv4 Shallow Virtual Reassembly"""
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
super().setUpClass()
|
|
|
|
cls.create_pg_interfaces([0, 1])
|
|
cls.src_if = cls.pg0
|
|
cls.dst_if = cls.pg1
|
|
|
|
# setup all interfaces
|
|
for i in cls.pg_interfaces:
|
|
i.admin_up()
|
|
i.config_ip4()
|
|
i.resolve_arp()
|
|
|
|
def setUp(self):
|
|
"""Test setup - force timeout on existing reassemblies"""
|
|
super().setUp()
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=self.src_if.sw_if_index,
|
|
enable_ip4=True,
|
|
type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL,
|
|
)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=0,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL,
|
|
expire_walk_interval_ms=10,
|
|
)
|
|
self.virtual_sleep(0.25)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=1000000,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL,
|
|
expire_walk_interval_ms=10000,
|
|
)
|
|
|
|
def tearDown(self):
|
|
super().tearDown()
|
|
self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
|
|
def test_basic(self):
|
|
"""basic reassembly"""
|
|
payload_len = 1000
|
|
payload = ""
|
|
counter = 0
|
|
while len(payload) < payload_len:
|
|
payload += "%u " % counter
|
|
counter += 1
|
|
|
|
p = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(id=1, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
fragments = fragment_rfc791(p, payload_len / 4)
|
|
|
|
# send fragment #2 - should be cached inside reassembly
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[1])
|
|
self.pg_start()
|
|
self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
self.logger.debug(self.vapi.ppcli("show trace"))
|
|
self.dst_if.assert_nothing_captured()
|
|
|
|
# send fragment #1 - reassembly is finished now and both fragments
|
|
# forwarded
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[0])
|
|
self.pg_start()
|
|
self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
self.logger.debug(self.vapi.ppcli("show trace"))
|
|
c = self.dst_if.get_capture(2)
|
|
for sent, recvd in zip([fragments[1], fragments[0]], c):
|
|
self.assertEqual(sent[IP].src, recvd[IP].src)
|
|
self.assertEqual(sent[IP].dst, recvd[IP].dst)
|
|
self.assertEqual(sent[Raw].payload, recvd[Raw].payload)
|
|
|
|
# send rest of fragments - should be immediately forwarded
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[2:])
|
|
self.pg_start()
|
|
c = self.dst_if.get_capture(len(fragments[2:]))
|
|
for sent, recvd in zip(fragments[2:], c):
|
|
self.assertEqual(sent[IP].src, recvd[IP].src)
|
|
self.assertEqual(sent[IP].dst, recvd[IP].dst)
|
|
self.assertEqual(sent[Raw].payload, recvd[Raw].payload)
|
|
|
|
def test_verify_clear_trace_mid_reassembly(self):
|
|
"""verify clear trace works mid-reassembly"""
|
|
payload_len = 1000
|
|
payload = ""
|
|
counter = 0
|
|
while len(payload) < payload_len:
|
|
payload += "%u " % counter
|
|
counter += 1
|
|
|
|
p = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(id=1, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
fragments = fragment_rfc791(p, payload_len / 4)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[1])
|
|
self.pg_start()
|
|
|
|
self.logger.debug(self.vapi.cli("show trace"))
|
|
self.vapi.cli("clear trace")
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[0])
|
|
self.pg_start()
|
|
self.dst_if.get_capture(2)
|
|
|
|
self.logger.debug(self.vapi.cli("show trace"))
|
|
self.vapi.cli("clear trace")
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[2:])
|
|
self.pg_start()
|
|
self.dst_if.get_capture(len(fragments[2:]))
|
|
|
|
def test_timeout(self):
|
|
"""reassembly timeout"""
|
|
payload_len = 1000
|
|
payload = ""
|
|
counter = 0
|
|
while len(payload) < payload_len:
|
|
payload += "%u " % counter
|
|
counter += 1
|
|
|
|
p = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(id=1, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
fragments = fragment_rfc791(p, payload_len / 4)
|
|
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=100,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=50,
|
|
type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL,
|
|
)
|
|
|
|
# send fragments #2 and #1 - should be forwarded
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[0:2])
|
|
self.pg_start()
|
|
self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
self.logger.debug(self.vapi.ppcli("show trace"))
|
|
c = self.dst_if.get_capture(2)
|
|
for sent, recvd in zip([fragments[1], fragments[0]], c):
|
|
self.assertEqual(sent[IP].src, recvd[IP].src)
|
|
self.assertEqual(sent[IP].dst, recvd[IP].dst)
|
|
self.assertEqual(sent[Raw].payload, recvd[Raw].payload)
|
|
|
|
# wait for cleanup
|
|
self.virtual_sleep(0.25, "wait before sending rest of fragments")
|
|
|
|
# send rest of fragments - shouldn't be forwarded
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[2:])
|
|
self.pg_start()
|
|
self.dst_if.assert_nothing_captured()
|
|
|
|
def test_lru(self):
|
|
"""reassembly reuses LRU element"""
|
|
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=1000000,
|
|
max_reassemblies=1,
|
|
max_reassembly_length=1000,
|
|
type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL,
|
|
expire_walk_interval_ms=10000,
|
|
)
|
|
|
|
payload_len = 1000
|
|
payload = ""
|
|
counter = 0
|
|
while len(payload) < payload_len:
|
|
payload += "%u " % counter
|
|
counter += 1
|
|
|
|
packet_count = 10
|
|
|
|
fragments = [
|
|
f
|
|
for i in range(packet_count)
|
|
for p in (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(id=i, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
for f in fragment_rfc791(p, payload_len / 4)
|
|
]
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
c = self.dst_if.get_capture(len(fragments))
|
|
for sent, recvd in zip(fragments, c):
|
|
self.assertEqual(sent[IP].src, recvd[IP].src)
|
|
self.assertEqual(sent[IP].dst, recvd[IP].dst)
|
|
self.assertEqual(sent[Raw].payload, recvd[Raw].payload)
|
|
|
|
def send_mixed_and_verify_capture(self, traffic):
|
|
stream = []
|
|
for t in traffic:
|
|
for c in range(t["count"]):
|
|
stream.append(
|
|
(
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(
|
|
id=self.counter,
|
|
flags=t["flags"],
|
|
src=self.src_if.remote_ip4,
|
|
dst=self.dst_if.remote_ip4,
|
|
)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw("abcdef")
|
|
)
|
|
)
|
|
self.counter = self.counter + 1
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(stream)
|
|
self.pg_start()
|
|
self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
self.logger.debug(self.vapi.ppcli("show trace"))
|
|
self.dst_if.get_capture(len(stream))
|
|
|
|
def test_mixed(self):
|
|
"""mixed traffic correctly passes through SVR"""
|
|
self.counter = 1
|
|
|
|
self.send_mixed_and_verify_capture([{"count": 1, "flags": ""}])
|
|
self.send_mixed_and_verify_capture([{"count": 2, "flags": ""}])
|
|
self.send_mixed_and_verify_capture([{"count": 3, "flags": ""}])
|
|
self.send_mixed_and_verify_capture([{"count": 8, "flags": ""}])
|
|
self.send_mixed_and_verify_capture([{"count": 257, "flags": ""}])
|
|
|
|
self.send_mixed_and_verify_capture([{"count": 1, "flags": "MF"}])
|
|
self.send_mixed_and_verify_capture([{"count": 2, "flags": "MF"}])
|
|
self.send_mixed_and_verify_capture([{"count": 3, "flags": "MF"}])
|
|
self.send_mixed_and_verify_capture([{"count": 8, "flags": "MF"}])
|
|
self.send_mixed_and_verify_capture([{"count": 257, "flags": "MF"}])
|
|
|
|
self.send_mixed_and_verify_capture(
|
|
[{"count": 1, "flags": ""}, {"count": 1, "flags": "MF"}]
|
|
)
|
|
self.send_mixed_and_verify_capture(
|
|
[{"count": 2, "flags": ""}, {"count": 2, "flags": "MF"}]
|
|
)
|
|
self.send_mixed_and_verify_capture(
|
|
[{"count": 3, "flags": ""}, {"count": 3, "flags": "MF"}]
|
|
)
|
|
self.send_mixed_and_verify_capture(
|
|
[{"count": 8, "flags": ""}, {"count": 8, "flags": "MF"}]
|
|
)
|
|
self.send_mixed_and_verify_capture(
|
|
[{"count": 129, "flags": ""}, {"count": 129, "flags": "MF"}]
|
|
)
|
|
|
|
self.send_mixed_and_verify_capture(
|
|
[
|
|
{"count": 1, "flags": ""},
|
|
{"count": 1, "flags": "MF"},
|
|
{"count": 1, "flags": ""},
|
|
{"count": 1, "flags": "MF"},
|
|
]
|
|
)
|
|
self.send_mixed_and_verify_capture(
|
|
[
|
|
{"count": 2, "flags": ""},
|
|
{"count": 2, "flags": "MF"},
|
|
{"count": 2, "flags": ""},
|
|
{"count": 2, "flags": "MF"},
|
|
]
|
|
)
|
|
self.send_mixed_and_verify_capture(
|
|
[
|
|
{"count": 3, "flags": ""},
|
|
{"count": 3, "flags": "MF"},
|
|
{"count": 3, "flags": ""},
|
|
{"count": 3, "flags": "MF"},
|
|
]
|
|
)
|
|
self.send_mixed_and_verify_capture(
|
|
[
|
|
{"count": 8, "flags": ""},
|
|
{"count": 8, "flags": "MF"},
|
|
{"count": 8, "flags": ""},
|
|
{"count": 8, "flags": "MF"},
|
|
]
|
|
)
|
|
self.send_mixed_and_verify_capture(
|
|
[
|
|
{"count": 65, "flags": ""},
|
|
{"count": 65, "flags": "MF"},
|
|
{"count": 65, "flags": ""},
|
|
{"count": 65, "flags": "MF"},
|
|
]
|
|
)
|
|
|
|
|
|
class TestIPv4MWReassembly(VppTestCase):
|
|
"""IPv4 Reassembly (multiple workers)"""
|
|
|
|
vpp_worker_count = 3
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
super().setUpClass()
|
|
|
|
cls.create_pg_interfaces(range(cls.vpp_worker_count + 1))
|
|
cls.src_if = cls.pg0
|
|
cls.send_ifs = cls.pg_interfaces[:-1]
|
|
cls.dst_if = cls.pg_interfaces[-1]
|
|
|
|
# setup all interfaces
|
|
for i in cls.pg_interfaces:
|
|
i.admin_up()
|
|
i.config_ip4()
|
|
i.resolve_arp()
|
|
|
|
# packets sizes reduced here because we are generating packets without
|
|
# Ethernet headers, which are added later (diff fragments go via
|
|
# different interfaces)
|
|
cls.packet_sizes = [
|
|
64 - len(Ether()),
|
|
512 - len(Ether()),
|
|
1518 - len(Ether()),
|
|
9018 - len(Ether()),
|
|
]
|
|
cls.padding = " abcdefghijklmn"
|
|
cls.create_stream(cls.packet_sizes)
|
|
cls.create_fragments()
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
super().tearDownClass()
|
|
|
|
def setUp(self):
|
|
"""Test setup - force timeout on existing reassemblies"""
|
|
super().setUp()
|
|
for intf in self.send_ifs:
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=intf.sw_if_index, enable_ip4=True
|
|
)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=0,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=10,
|
|
)
|
|
self.virtual_sleep(0.25)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=1000000,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=10000,
|
|
)
|
|
|
|
def tearDown(self):
|
|
for intf in self.send_ifs:
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=intf.sw_if_index, enable_ip4=False
|
|
)
|
|
super().tearDown()
|
|
|
|
def show_commands_at_teardown(self):
|
|
self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
|
|
@classmethod
|
|
def create_stream(cls, packet_sizes, packet_count=test_packet_count):
|
|
"""Create input packet stream
|
|
|
|
:param list packet_sizes: Required packet sizes.
|
|
"""
|
|
for i in range(0, packet_count):
|
|
info = cls.create_packet_info(cls.src_if, cls.src_if)
|
|
payload = cls.info_to_payload(info)
|
|
p = (
|
|
IP(id=info.index, src=cls.src_if.remote_ip4, dst=cls.dst_if.remote_ip4)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
size = packet_sizes[(i // 2) % len(packet_sizes)]
|
|
cls.extend_packet(p, size, cls.padding)
|
|
info.data = p
|
|
|
|
@classmethod
|
|
def create_fragments(cls):
|
|
infos = cls._packet_infos
|
|
cls.pkt_infos = []
|
|
for index, info in infos.items():
|
|
p = info.data
|
|
# cls.logger.debug(ppp("Packet:",
|
|
# p.__class__(scapy.compat.raw(p))))
|
|
fragments_400 = fragment_rfc791(p, 400)
|
|
cls.pkt_infos.append((index, fragments_400))
|
|
cls.fragments_400 = [x for (_, frags) in cls.pkt_infos for x in frags]
|
|
cls.logger.debug(
|
|
"Fragmented %s packets into %s 400-byte fragments, "
|
|
% (len(infos), len(cls.fragments_400))
|
|
)
|
|
|
|
def verify_capture(self, capture, dropped_packet_indexes=[]):
|
|
"""Verify captured packet stream.
|
|
|
|
:param list capture: Captured packet stream.
|
|
"""
|
|
info = None
|
|
seen = set()
|
|
for packet in capture:
|
|
try:
|
|
self.logger.debug(ppp("Got packet:", packet))
|
|
ip = packet[IP]
|
|
udp = packet[UDP]
|
|
payload_info = self.payload_to_info(packet[Raw])
|
|
packet_index = payload_info.index
|
|
self.assertTrue(
|
|
packet_index not in dropped_packet_indexes,
|
|
ppp("Packet received, but should be dropped:", packet),
|
|
)
|
|
if packet_index in seen:
|
|
raise Exception(ppp("Duplicate packet received", packet))
|
|
seen.add(packet_index)
|
|
self.assertEqual(payload_info.dst, self.src_if.sw_if_index)
|
|
info = self._packet_infos[packet_index]
|
|
self.assertTrue(info is not None)
|
|
self.assertEqual(packet_index, info.index)
|
|
saved_packet = info.data
|
|
self.assertEqual(ip.src, saved_packet[IP].src)
|
|
self.assertEqual(ip.dst, saved_packet[IP].dst)
|
|
self.assertEqual(udp.payload, saved_packet[UDP].payload)
|
|
except Exception:
|
|
self.logger.error(ppp("Unexpected or invalid packet:", packet))
|
|
raise
|
|
for index in self._packet_infos:
|
|
self.assertTrue(
|
|
index in seen or index in dropped_packet_indexes,
|
|
"Packet with packet_index %d not received" % index,
|
|
)
|
|
|
|
def send_packets(self, packets):
|
|
for counter in range(self.vpp_worker_count):
|
|
if 0 == len(packets[counter]):
|
|
continue
|
|
send_if = self.send_ifs[counter]
|
|
send_if.add_stream(
|
|
(
|
|
Ether(dst=send_if.local_mac, src=send_if.remote_mac) / x
|
|
for x in packets[counter]
|
|
),
|
|
worker=counter,
|
|
)
|
|
self.pg_start()
|
|
|
|
def test_worker_conflict(self):
|
|
"""1st and FO=0 fragments on different workers"""
|
|
|
|
# in first wave we send fragments which don't start at offset 0
|
|
# then we send fragments with offset 0 on a different thread
|
|
# then the rest of packets on a random thread
|
|
first_packets = [[] for n in range(self.vpp_worker_count)]
|
|
second_packets = [[] for n in range(self.vpp_worker_count)]
|
|
rest_of_packets = [[] for n in range(self.vpp_worker_count)]
|
|
for _, p in self.pkt_infos:
|
|
wi = randrange(self.vpp_worker_count)
|
|
second_packets[wi].append(p[0])
|
|
if len(p) <= 1:
|
|
continue
|
|
wi2 = wi
|
|
while wi2 == wi:
|
|
wi2 = randrange(self.vpp_worker_count)
|
|
first_packets[wi2].append(p[1])
|
|
wi3 = randrange(self.vpp_worker_count)
|
|
rest_of_packets[wi3].extend(p[2:])
|
|
|
|
self.pg_enable_capture()
|
|
self.send_packets(first_packets)
|
|
self.send_packets(second_packets)
|
|
self.send_packets(rest_of_packets)
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
for send_if in self.send_ifs:
|
|
send_if.assert_nothing_captured()
|
|
|
|
self.logger.debug(self.vapi.ppcli("show trace"))
|
|
self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
self.vapi.cli("clear trace")
|
|
|
|
self.pg_enable_capture()
|
|
self.send_packets(first_packets)
|
|
self.send_packets(second_packets)
|
|
self.send_packets(rest_of_packets)
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
for send_if in self.send_ifs:
|
|
send_if.assert_nothing_captured()
|
|
|
|
|
|
class TestIPv6Reassembly(VppTestCase):
|
|
"""IPv6 Reassembly"""
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
super().setUpClass()
|
|
|
|
cls.create_pg_interfaces([0, 1])
|
|
cls.src_if = cls.pg0
|
|
cls.dst_if = cls.pg1
|
|
|
|
# setup all interfaces
|
|
for i in cls.pg_interfaces:
|
|
i.admin_up()
|
|
i.config_ip6()
|
|
i.resolve_ndp()
|
|
|
|
# packet sizes
|
|
cls.packet_sizes = [64, 512, 1518, 9018]
|
|
cls.padding = " abcdefghijklmn"
|
|
cls.create_stream(cls.packet_sizes)
|
|
cls.create_fragments()
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
super().tearDownClass()
|
|
|
|
def setUp(self):
|
|
"""Test setup - force timeout on existing reassemblies"""
|
|
super().setUp()
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=self.src_if.sw_if_index, enable_ip6=True
|
|
)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=0,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=10,
|
|
is_ip6=1,
|
|
)
|
|
self.virtual_sleep(0.25)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=1000000,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=10000,
|
|
is_ip6=1,
|
|
)
|
|
self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
|
|
def tearDown(self):
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=self.src_if.sw_if_index, enable_ip6=False
|
|
)
|
|
super().tearDown()
|
|
|
|
def show_commands_at_teardown(self):
|
|
self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
|
|
@classmethod
|
|
def create_stream(cls, packet_sizes, packet_count=test_packet_count):
|
|
"""Create input packet stream for defined interface.
|
|
|
|
:param list packet_sizes: Required packet sizes.
|
|
"""
|
|
for i in range(0, packet_count):
|
|
info = cls.create_packet_info(cls.src_if, cls.src_if)
|
|
payload = cls.info_to_payload(info)
|
|
p = (
|
|
Ether(dst=cls.src_if.local_mac, src=cls.src_if.remote_mac)
|
|
/ IPv6(src=cls.src_if.remote_ip6, dst=cls.dst_if.remote_ip6)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
size = packet_sizes[(i // 2) % len(packet_sizes)]
|
|
cls.extend_packet(p, size, cls.padding)
|
|
info.data = p
|
|
|
|
@classmethod
|
|
def create_fragments(cls):
|
|
infos = cls._packet_infos
|
|
cls.pkt_infos = []
|
|
for index, info in infos.items():
|
|
p = info.data
|
|
# cls.logger.debug(ppp("Packet:",
|
|
# p.__class__(scapy.compat.raw(p))))
|
|
fragments_400 = fragment_rfc8200(p, info.index, 400)
|
|
fragments_300 = fragment_rfc8200(p, info.index, 300)
|
|
cls.pkt_infos.append((index, fragments_400, fragments_300))
|
|
cls.fragments_400 = [x for _, frags, _ in cls.pkt_infos for x in frags]
|
|
cls.fragments_300 = [x for _, _, frags in cls.pkt_infos for x in frags]
|
|
cls.logger.debug(
|
|
"Fragmented %s packets into %s 400-byte fragments, "
|
|
"and %s 300-byte fragments"
|
|
% (len(infos), len(cls.fragments_400), len(cls.fragments_300))
|
|
)
|
|
|
|
def verify_capture(self, capture, dropped_packet_indexes=[]):
|
|
"""Verify captured packet strea .
|
|
|
|
:param list capture: Captured packet stream.
|
|
"""
|
|
info = None
|
|
seen = set()
|
|
for packet in capture:
|
|
try:
|
|
self.logger.debug(ppp("Got packet:", packet))
|
|
ip = packet[IPv6]
|
|
udp = packet[UDP]
|
|
payload_info = self.payload_to_info(packet[Raw])
|
|
packet_index = payload_info.index
|
|
self.assertTrue(
|
|
packet_index not in dropped_packet_indexes,
|
|
ppp("Packet received, but should be dropped:", packet),
|
|
)
|
|
if packet_index in seen:
|
|
raise Exception(ppp("Duplicate packet received", packet))
|
|
seen.add(packet_index)
|
|
self.assertEqual(payload_info.dst, self.src_if.sw_if_index)
|
|
info = self._packet_infos[packet_index]
|
|
self.assertTrue(info is not None)
|
|
self.assertEqual(packet_index, info.index)
|
|
saved_packet = info.data
|
|
self.assertEqual(ip.src, saved_packet[IPv6].src)
|
|
self.assertEqual(ip.dst, saved_packet[IPv6].dst)
|
|
self.assertEqual(udp.payload, saved_packet[UDP].payload)
|
|
except Exception:
|
|
self.logger.error(ppp("Unexpected or invalid packet:", packet))
|
|
raise
|
|
for index in self._packet_infos:
|
|
self.assertTrue(
|
|
index in seen or index in dropped_packet_indexes,
|
|
"Packet with packet_index %d not received" % index,
|
|
)
|
|
|
|
def test_reassembly(self):
|
|
"""basic reassembly"""
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(self.fragments_400)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
# run it all again to verify correctness
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(self.fragments_400)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_buffer_boundary(self):
|
|
"""fragment header crossing buffer boundary"""
|
|
|
|
p = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.src_if.local_ip6)
|
|
/ IPv6ExtHdrHopByHop(options=[HBHOptUnknown(otype=0xFF, optlen=0)] * 1000)
|
|
/ IPv6ExtHdrFragment(m=1)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw()
|
|
)
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream([p])
|
|
self.pg_start()
|
|
self.src_if.assert_nothing_captured()
|
|
self.dst_if.assert_nothing_captured()
|
|
|
|
def test_verify_clear_trace_mid_reassembly(self):
|
|
"""verify clear trace works mid-reassembly"""
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(self.fragments_400[0:-1])
|
|
self.pg_start()
|
|
|
|
self.logger.debug(self.vapi.cli("show trace"))
|
|
self.vapi.cli("clear trace")
|
|
|
|
self.src_if.add_stream(self.fragments_400[-1])
|
|
self.pg_start()
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
|
|
def test_reversed(self):
|
|
"""reverse order reassembly"""
|
|
|
|
fragments = list(self.fragments_400)
|
|
fragments.reverse()
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
# run it all again to verify correctness
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_random(self):
|
|
"""random order reassembly"""
|
|
|
|
fragments = list(self.fragments_400)
|
|
shuffle(fragments)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
# run it all again to verify correctness
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_duplicates(self):
|
|
"""duplicate fragments"""
|
|
|
|
fragments = [
|
|
x
|
|
for (_, frags, _) in self.pkt_infos
|
|
for x in frags
|
|
for _ in range(0, min(2, len(frags)))
|
|
]
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_long_fragment_chain(self):
|
|
"""long fragment chain"""
|
|
|
|
error_cnt_str = "/err/ip6-full-reassembly-feature/reass_fragment_chain_too_long"
|
|
|
|
error_cnt = self.statistics.get_err_counter(error_cnt_str)
|
|
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=100,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=3,
|
|
expire_walk_interval_ms=50,
|
|
is_ip6=1,
|
|
)
|
|
|
|
p = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(b"X" * 1000)
|
|
)
|
|
frags = fragment_rfc8200(p, 1, 300) + fragment_rfc8200(p, 2, 500)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(frags)
|
|
self.pg_start()
|
|
|
|
self.dst_if.get_capture(1)
|
|
self.assert_error_counter_equal(error_cnt_str, error_cnt + 1)
|
|
|
|
def test_overlap1(self):
|
|
"""overlapping fragments case #1"""
|
|
|
|
fragments = []
|
|
for _, frags_400, frags_300 in self.pkt_infos:
|
|
if len(frags_300) == 1:
|
|
fragments.extend(frags_400)
|
|
else:
|
|
for i, j in zip(frags_300, frags_400):
|
|
fragments.extend(i)
|
|
fragments.extend(j)
|
|
|
|
dropped_packet_indexes = set(
|
|
index for (index, _, frags) in self.pkt_infos if len(frags) > 1
|
|
)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(
|
|
len(self.pkt_infos) - len(dropped_packet_indexes)
|
|
)
|
|
self.verify_capture(packets, dropped_packet_indexes)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_overlap2(self):
|
|
"""overlapping fragments case #2"""
|
|
|
|
fragments = []
|
|
for _, frags_400, frags_300 in self.pkt_infos:
|
|
if len(frags_400) == 1:
|
|
fragments.extend(frags_400)
|
|
else:
|
|
# care must be taken here so that there are no fragments
|
|
# received by vpp after reassembly is finished, otherwise
|
|
# new reassemblies will be started and packet generator will
|
|
# freak out when it detects unfreed buffers
|
|
zipped = zip(frags_400, frags_300)
|
|
for i, j in zipped:
|
|
fragments.extend(i)
|
|
fragments.extend(j)
|
|
fragments.pop()
|
|
|
|
dropped_packet_indexes = set(
|
|
index for (index, _, frags) in self.pkt_infos if len(frags) > 1
|
|
)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(
|
|
len(self.pkt_infos) - len(dropped_packet_indexes)
|
|
)
|
|
self.verify_capture(packets, dropped_packet_indexes)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_timeout_inline(self):
|
|
"""timeout (inline)"""
|
|
|
|
dropped_packet_indexes = set(
|
|
index for (index, frags, _) in self.pkt_infos if len(frags) > 1
|
|
)
|
|
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=0,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=3,
|
|
expire_walk_interval_ms=10000,
|
|
is_ip6=1,
|
|
)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(self.fragments_400)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(
|
|
len(self.pkt_infos) - len(dropped_packet_indexes)
|
|
)
|
|
self.verify_capture(packets, dropped_packet_indexes)
|
|
pkts = self.src_if._get_capture(1)
|
|
for icmp in pkts:
|
|
self.assertIn(ICMPv6TimeExceeded, icmp)
|
|
self.assertIn(IPv6ExtHdrFragment, icmp)
|
|
self.assertIn(icmp[IPv6ExtHdrFragment].id, dropped_packet_indexes)
|
|
dropped_packet_indexes.remove(icmp[IPv6ExtHdrFragment].id)
|
|
|
|
def test_timeout_cleanup(self):
|
|
"""timeout (cleanup)"""
|
|
|
|
# whole packets + fragmented packets sans last fragment
|
|
fragments = [
|
|
x
|
|
for (_, frags_400, _) in self.pkt_infos
|
|
for x in frags_400[: -1 if len(frags_400) > 1 else None]
|
|
]
|
|
|
|
# last fragments for fragmented packets
|
|
fragments2 = [
|
|
frags_400[-1] for (_, frags_400, _) in self.pkt_infos if len(frags_400) > 1
|
|
]
|
|
|
|
dropped_packet_indexes = set(
|
|
index for (index, frags_400, _) in self.pkt_infos if len(frags_400) > 1
|
|
)
|
|
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=100,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=50,
|
|
)
|
|
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=100,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=50,
|
|
is_ip6=1,
|
|
)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
|
|
self.virtual_sleep(0.25, "wait before sending rest of fragments")
|
|
|
|
self.src_if.add_stream(fragments2)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(
|
|
len(self.pkt_infos) - len(dropped_packet_indexes)
|
|
)
|
|
self.verify_capture(packets, dropped_packet_indexes)
|
|
pkts = self.src_if._get_capture(1)
|
|
for icmp in pkts:
|
|
self.assertIn(ICMPv6TimeExceeded, icmp)
|
|
self.assertIn(IPv6ExtHdrFragment, icmp)
|
|
self.assertIn(icmp[IPv6ExtHdrFragment].id, dropped_packet_indexes)
|
|
dropped_packet_indexes.remove(icmp[IPv6ExtHdrFragment].id)
|
|
|
|
def test_disabled(self):
|
|
"""reassembly disabled"""
|
|
|
|
dropped_packet_indexes = set(
|
|
index for (index, frags_400, _) in self.pkt_infos if len(frags_400) > 1
|
|
)
|
|
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=1000,
|
|
max_reassemblies=0,
|
|
max_reassembly_length=3,
|
|
expire_walk_interval_ms=10000,
|
|
is_ip6=1,
|
|
)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(self.fragments_400)
|
|
self.pg_start()
|
|
|
|
packets = self.dst_if.get_capture(
|
|
len(self.pkt_infos) - len(dropped_packet_indexes)
|
|
)
|
|
self.verify_capture(packets, dropped_packet_indexes)
|
|
self.src_if.assert_nothing_captured()
|
|
|
|
def test_missing_upper(self):
|
|
"""missing upper layer"""
|
|
optdata = "\x00" * 100
|
|
p = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.src_if.local_ip6)
|
|
/ IPv6ExtHdrFragment(m=1)
|
|
/ IPv6ExtHdrDestOpt(
|
|
nh=17, options=PadN(optdata="\101" * 255) / PadN(optdata="\102" * 255)
|
|
)
|
|
)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream([p])
|
|
self.pg_start()
|
|
pkts = self.src_if.get_capture(expected_count=1)
|
|
icmp = pkts[0]
|
|
self.assertIn(ICMPv6ParamProblem, icmp)
|
|
self.assert_equal(icmp[ICMPv6ParamProblem].code, 3, "ICMP code")
|
|
|
|
def test_invalid_frag_size(self):
|
|
"""fragment size not a multiple of 8"""
|
|
p = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.src_if.local_ip6)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw()
|
|
)
|
|
self.extend_packet(p, 1000, self.padding)
|
|
fragments = fragment_rfc8200(p, 1, 500)
|
|
bad_fragment = fragments[0]
|
|
self.extend_packet(bad_fragment, len(bad_fragment) + 5)
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream([bad_fragment])
|
|
self.pg_start()
|
|
pkts = self.src_if.get_capture(expected_count=1)
|
|
icmp = pkts[0]
|
|
self.assertIn(ICMPv6ParamProblem, icmp)
|
|
self.assert_equal(icmp[ICMPv6ParamProblem].code, 0, "ICMP code")
|
|
|
|
def test_invalid_packet_size(self):
|
|
"""total packet size > 65535"""
|
|
p = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.src_if.local_ip6)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw()
|
|
)
|
|
self.extend_packet(p, 1000, self.padding)
|
|
fragments = fragment_rfc8200(p, 1, 500)
|
|
bad_fragment = fragments[1]
|
|
bad_fragment[IPv6ExtHdrFragment].offset = 65500
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream([bad_fragment])
|
|
self.pg_start()
|
|
pkts = self.src_if.get_capture(expected_count=1)
|
|
icmp = pkts[0]
|
|
self.assertIn(ICMPv6ParamProblem, icmp)
|
|
self.assert_equal(icmp[ICMPv6ParamProblem].code, 0, "ICMP code")
|
|
|
|
def test_atomic_fragment(self):
|
|
"""IPv6 atomic fragment"""
|
|
pkt = (
|
|
Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
|
|
/ IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6, nh=44, plen=65535)
|
|
/ IPv6ExtHdrFragment(
|
|
offset=8191, m=1, res1=0xFF, res2=0xFF, nh=255, id=0xFFFF
|
|
)
|
|
/ ("X" * 1452)
|
|
)
|
|
|
|
rx = self.send_and_expect(self.pg0, [pkt], self.pg0)
|
|
self.assertIn(ICMPv6ParamProblem, rx[0])
|
|
|
|
def test_truncated_fragment(self):
|
|
"""IPv6 truncated fragment header"""
|
|
pkt = (
|
|
Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac)
|
|
/ IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6, nh=44, plen=2)
|
|
/ IPv6ExtHdrFragment(nh=6)
|
|
)
|
|
|
|
self.send_and_assert_no_replies(self.pg0, [pkt])
|
|
|
|
pkt = (
|
|
Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
|
|
/ IPv6(src=self.pg0.remote_ip6, dst=self.pg0.remote_ip6)
|
|
/ ICMPv6EchoRequest()
|
|
)
|
|
rx = self.send_and_expect(self.pg0, [pkt], self.pg0)
|
|
|
|
def test_one_fragment(self):
|
|
"""whole packet in one fragment processed independently"""
|
|
pkt = (
|
|
Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
|
|
/ IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6)
|
|
/ ICMPv6EchoRequest()
|
|
/ Raw("X" * 1600)
|
|
)
|
|
frags = fragment_rfc8200(pkt, 1, 400)
|
|
|
|
# send a fragment with known id
|
|
self.send_and_assert_no_replies(self.pg0, [frags[0]])
|
|
|
|
# send an atomic fragment with same id - should be reassembled
|
|
pkt = (
|
|
Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
|
|
/ IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6)
|
|
/ IPv6ExtHdrFragment(id=1)
|
|
/ ICMPv6EchoRequest()
|
|
)
|
|
rx = self.send_and_expect(self.pg0, [pkt], self.pg0)
|
|
self.assertNotIn(IPv6ExtHdrFragment, rx)
|
|
|
|
# now finish the original reassembly, this should still be possible
|
|
rx = self.send_and_expect(self.pg0, frags[1:], self.pg0, n_rx=1)
|
|
self.assertNotIn(IPv6ExtHdrFragment, rx)
|
|
|
|
def test_bunch_of_fragments(self):
|
|
"""valid fragments followed by rogue fragments and atomic fragment"""
|
|
pkt = (
|
|
Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
|
|
/ IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6)
|
|
/ ICMPv6EchoRequest()
|
|
/ Raw("X" * 1600)
|
|
)
|
|
frags = fragment_rfc8200(pkt, 1, 400)
|
|
self.send_and_expect(self.pg0, frags, self.pg0, n_rx=1)
|
|
|
|
inc_frag = (
|
|
Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac)
|
|
/ IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6)
|
|
/ IPv6ExtHdrFragment(id=1, nh=58, offset=608)
|
|
/ Raw("X" * 308)
|
|
)
|
|
|
|
self.send_and_assert_no_replies(self.pg0, inc_frag * 604)
|
|
|
|
pkt = (
|
|
Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
|
|
/ IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6)
|
|
/ IPv6ExtHdrFragment(id=1)
|
|
/ ICMPv6EchoRequest()
|
|
)
|
|
rx = self.send_and_expect(self.pg0, [pkt], self.pg0)
|
|
self.assertNotIn(IPv6ExtHdrFragment, rx)
|
|
|
|
def test_local_enable_disable(self):
|
|
"""local reassembly enabled/disable"""
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=self.src_if.sw_if_index, enable_ip6=False
|
|
)
|
|
self.vapi.ip_local_reass_enable_disable(enable_ip6=True)
|
|
pkt = (
|
|
Ether(src=self.src_if.remote_mac, dst=self.src_if.local_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.src_if.local_ip6)
|
|
/ ICMPv6EchoRequest(id=1234)
|
|
/ Raw("X" * 1600)
|
|
)
|
|
frags = fragment_rfc8200(pkt, 1, 400)
|
|
r = self.send_and_expect(self.src_if, frags, self.src_if, n_rx=1)[0]
|
|
self.assertEqual(1234, r[ICMPv6EchoReply].id)
|
|
self.vapi.ip_local_reass_enable_disable()
|
|
|
|
self.send_and_assert_no_replies(self.src_if, frags)
|
|
self.vapi.ip_local_reass_enable_disable(enable_ip6=True)
|
|
|
|
|
|
class TestIPv6MWReassembly(VppTestCase):
|
|
"""IPv6 Reassembly (multiple workers)"""
|
|
|
|
vpp_worker_count = 3
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
super().setUpClass()
|
|
|
|
cls.create_pg_interfaces(range(cls.vpp_worker_count + 1))
|
|
cls.src_if = cls.pg0
|
|
cls.send_ifs = cls.pg_interfaces[:-1]
|
|
cls.dst_if = cls.pg_interfaces[-1]
|
|
|
|
# setup all interfaces
|
|
for i in cls.pg_interfaces:
|
|
i.admin_up()
|
|
i.config_ip6()
|
|
i.resolve_ndp()
|
|
|
|
# packets sizes reduced here because we are generating packets without
|
|
# Ethernet headers, which are added later (diff fragments go via
|
|
# different interfaces)
|
|
cls.packet_sizes = [
|
|
64 - len(Ether()),
|
|
512 - len(Ether()),
|
|
1518 - len(Ether()),
|
|
9018 - len(Ether()),
|
|
]
|
|
cls.padding = " abcdefghijklmn"
|
|
cls.create_stream(cls.packet_sizes)
|
|
cls.create_fragments()
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
super().tearDownClass()
|
|
|
|
def setUp(self):
|
|
"""Test setup - force timeout on existing reassemblies"""
|
|
super().setUp()
|
|
for intf in self.send_ifs:
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=intf.sw_if_index, enable_ip6=True
|
|
)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=0,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=10,
|
|
is_ip6=1,
|
|
)
|
|
self.virtual_sleep(0.25)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=1000000,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=1000,
|
|
is_ip6=1,
|
|
)
|
|
|
|
def tearDown(self):
|
|
for intf in self.send_ifs:
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=intf.sw_if_index, enable_ip6=False
|
|
)
|
|
super().tearDown()
|
|
|
|
def show_commands_at_teardown(self):
|
|
self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
|
|
@classmethod
|
|
def create_stream(cls, packet_sizes, packet_count=test_packet_count):
|
|
"""Create input packet stream
|
|
|
|
:param list packet_sizes: Required packet sizes.
|
|
"""
|
|
for i in range(0, packet_count):
|
|
info = cls.create_packet_info(cls.src_if, cls.src_if)
|
|
payload = cls.info_to_payload(info)
|
|
p = (
|
|
IPv6(src=cls.src_if.remote_ip6, dst=cls.dst_if.remote_ip6)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
size = packet_sizes[(i // 2) % len(packet_sizes)]
|
|
cls.extend_packet(p, size, cls.padding)
|
|
info.data = p
|
|
|
|
@classmethod
|
|
def create_fragments(cls):
|
|
infos = cls._packet_infos
|
|
cls.pkt_infos = []
|
|
for index, info in infos.items():
|
|
p = info.data
|
|
# cls.logger.debug(ppp("Packet:",
|
|
# p.__class__(scapy.compat.raw(p))))
|
|
fragments_400 = fragment_rfc8200(p, index, 400)
|
|
cls.pkt_infos.append((index, fragments_400))
|
|
cls.fragments_400 = [x for (_, frags) in cls.pkt_infos for x in frags]
|
|
cls.logger.debug(
|
|
"Fragmented %s packets into %s 400-byte fragments, "
|
|
% (len(infos), len(cls.fragments_400))
|
|
)
|
|
|
|
def verify_capture(self, capture, dropped_packet_indexes=[]):
|
|
"""Verify captured packet strea .
|
|
|
|
:param list capture: Captured packet stream.
|
|
"""
|
|
info = None
|
|
seen = set()
|
|
for packet in capture:
|
|
try:
|
|
self.logger.debug(ppp("Got packet:", packet))
|
|
ip = packet[IPv6]
|
|
udp = packet[UDP]
|
|
payload_info = self.payload_to_info(packet[Raw])
|
|
packet_index = payload_info.index
|
|
self.assertTrue(
|
|
packet_index not in dropped_packet_indexes,
|
|
ppp("Packet received, but should be dropped:", packet),
|
|
)
|
|
if packet_index in seen:
|
|
raise Exception(ppp("Duplicate packet received", packet))
|
|
seen.add(packet_index)
|
|
self.assertEqual(payload_info.dst, self.src_if.sw_if_index)
|
|
info = self._packet_infos[packet_index]
|
|
self.assertTrue(info is not None)
|
|
self.assertEqual(packet_index, info.index)
|
|
saved_packet = info.data
|
|
self.assertEqual(ip.src, saved_packet[IPv6].src)
|
|
self.assertEqual(ip.dst, saved_packet[IPv6].dst)
|
|
self.assertEqual(udp.payload, saved_packet[UDP].payload)
|
|
except Exception:
|
|
self.logger.error(ppp("Unexpected or invalid packet:", packet))
|
|
raise
|
|
for index in self._packet_infos:
|
|
self.assertTrue(
|
|
index in seen or index in dropped_packet_indexes,
|
|
"Packet with packet_index %d not received" % index,
|
|
)
|
|
|
|
def send_packets(self, packets):
|
|
for counter in range(self.vpp_worker_count):
|
|
if 0 == len(packets[counter]):
|
|
continue
|
|
send_if = self.send_ifs[counter]
|
|
send_if.add_stream(
|
|
(
|
|
Ether(dst=send_if.local_mac, src=send_if.remote_mac) / x
|
|
for x in packets[counter]
|
|
),
|
|
worker=counter,
|
|
)
|
|
self.pg_start()
|
|
|
|
def test_worker_conflict(self):
|
|
"""1st and FO=0 fragments on different workers"""
|
|
|
|
# in first wave we send fragments which don't start at offset 0
|
|
# then we send fragments with offset 0 on a different thread
|
|
# then the rest of packets on a random thread
|
|
first_packets = [[] for n in range(self.vpp_worker_count)]
|
|
second_packets = [[] for n in range(self.vpp_worker_count)]
|
|
rest_of_packets = [[] for n in range(self.vpp_worker_count)]
|
|
for _, p in self.pkt_infos:
|
|
wi = randrange(self.vpp_worker_count)
|
|
second_packets[wi].append(p[0])
|
|
if len(p) <= 1:
|
|
continue
|
|
wi2 = wi
|
|
while wi2 == wi:
|
|
wi2 = randrange(self.vpp_worker_count)
|
|
first_packets[wi2].append(p[1])
|
|
wi3 = randrange(self.vpp_worker_count)
|
|
rest_of_packets[wi3].extend(p[2:])
|
|
|
|
self.pg_enable_capture()
|
|
self.send_packets(first_packets)
|
|
self.send_packets(second_packets)
|
|
self.send_packets(rest_of_packets)
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
for send_if in self.send_ifs:
|
|
send_if.assert_nothing_captured()
|
|
|
|
self.logger.debug(self.vapi.ppcli("show trace"))
|
|
self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
self.vapi.cli("clear trace")
|
|
|
|
self.pg_enable_capture()
|
|
self.send_packets(first_packets)
|
|
self.send_packets(second_packets)
|
|
self.send_packets(rest_of_packets)
|
|
|
|
packets = self.dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
for send_if in self.send_ifs:
|
|
send_if.assert_nothing_captured()
|
|
|
|
|
|
class TestIPv6SVReassembly(VppTestCase):
|
|
"""IPv6 Shallow Virtual Reassembly"""
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
super().setUpClass()
|
|
|
|
cls.create_pg_interfaces([0, 1])
|
|
cls.src_if = cls.pg0
|
|
cls.dst_if = cls.pg1
|
|
|
|
# setup all interfaces
|
|
for i in cls.pg_interfaces:
|
|
i.admin_up()
|
|
i.config_ip6()
|
|
i.resolve_ndp()
|
|
|
|
def setUp(self):
|
|
"""Test setup - force timeout on existing reassemblies"""
|
|
super().setUp()
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=self.src_if.sw_if_index,
|
|
enable_ip6=True,
|
|
type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL,
|
|
)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=0,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL,
|
|
expire_walk_interval_ms=10,
|
|
is_ip6=1,
|
|
)
|
|
self.virtual_sleep(0.25)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=1000000,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL,
|
|
expire_walk_interval_ms=10000,
|
|
is_ip6=1,
|
|
)
|
|
|
|
def tearDown(self):
|
|
super().tearDown()
|
|
self.logger.debug(self.vapi.ppcli("show ip6-sv-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
|
|
def test_basic(self):
|
|
"""basic reassembly"""
|
|
payload_len = 1000
|
|
payload = ""
|
|
counter = 0
|
|
while len(payload) < payload_len:
|
|
payload += "%u " % counter
|
|
counter += 1
|
|
|
|
p = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
fragments = fragment_rfc8200(p, 1, payload_len / 4)
|
|
|
|
# send fragment #2 - should be cached inside reassembly
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[1])
|
|
self.pg_start()
|
|
self.logger.debug(self.vapi.ppcli("show ip6-sv-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
self.logger.debug(self.vapi.ppcli("show trace"))
|
|
self.dst_if.assert_nothing_captured()
|
|
|
|
# send fragment #1 - reassembly is finished now and both fragments
|
|
# forwarded
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[0])
|
|
self.pg_start()
|
|
self.logger.debug(self.vapi.ppcli("show ip6-sv-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
self.logger.debug(self.vapi.ppcli("show trace"))
|
|
c = self.dst_if.get_capture(2)
|
|
for sent, recvd in zip([fragments[1], fragments[0]], c):
|
|
self.assertEqual(sent[IPv6].src, recvd[IPv6].src)
|
|
self.assertEqual(sent[IPv6].dst, recvd[IPv6].dst)
|
|
self.assertEqual(sent[Raw].payload, recvd[Raw].payload)
|
|
|
|
# send rest of fragments - should be immediately forwarded
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[2:])
|
|
self.pg_start()
|
|
c = self.dst_if.get_capture(len(fragments[2:]))
|
|
for sent, recvd in zip(fragments[2:], c):
|
|
self.assertEqual(sent[IPv6].src, recvd[IPv6].src)
|
|
self.assertEqual(sent[IPv6].dst, recvd[IPv6].dst)
|
|
self.assertEqual(sent[Raw].payload, recvd[Raw].payload)
|
|
|
|
def test_verify_clear_trace_mid_reassembly(self):
|
|
"""verify clear trace works mid-reassembly"""
|
|
payload_len = 1000
|
|
payload = ""
|
|
counter = 0
|
|
while len(payload) < payload_len:
|
|
payload += "%u " % counter
|
|
counter += 1
|
|
|
|
p = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
fragments = fragment_rfc8200(p, 1, payload_len / 4)
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[1])
|
|
self.pg_start()
|
|
|
|
self.logger.debug(self.vapi.cli("show trace"))
|
|
self.vapi.cli("clear trace")
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[0])
|
|
self.pg_start()
|
|
self.dst_if.get_capture(2)
|
|
|
|
self.logger.debug(self.vapi.cli("show trace"))
|
|
self.vapi.cli("clear trace")
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[2:])
|
|
self.pg_start()
|
|
self.dst_if.get_capture(len(fragments[2:]))
|
|
|
|
def test_timeout(self):
|
|
"""reassembly timeout"""
|
|
payload_len = 1000
|
|
payload = ""
|
|
counter = 0
|
|
while len(payload) < payload_len:
|
|
payload += "%u " % counter
|
|
counter += 1
|
|
|
|
p = (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
fragments = fragment_rfc8200(p, 1, payload_len / 4)
|
|
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=100,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=50,
|
|
is_ip6=1,
|
|
type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL,
|
|
)
|
|
|
|
# send fragments #2 and #1 - should be forwarded
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[0:2])
|
|
self.pg_start()
|
|
self.logger.debug(self.vapi.ppcli("show ip4-sv-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
self.logger.debug(self.vapi.ppcli("show trace"))
|
|
c = self.dst_if.get_capture(2)
|
|
for sent, recvd in zip([fragments[1], fragments[0]], c):
|
|
self.assertEqual(sent[IPv6].src, recvd[IPv6].src)
|
|
self.assertEqual(sent[IPv6].dst, recvd[IPv6].dst)
|
|
self.assertEqual(sent[Raw].payload, recvd[Raw].payload)
|
|
|
|
# wait for cleanup
|
|
self.virtual_sleep(0.25, "wait before sending rest of fragments")
|
|
|
|
# send rest of fragments - shouldn't be forwarded
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments[2:])
|
|
self.pg_start()
|
|
self.dst_if.assert_nothing_captured()
|
|
|
|
def test_lru(self):
|
|
"""reassembly reuses LRU element"""
|
|
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=1000000,
|
|
max_reassemblies=1,
|
|
max_reassembly_length=1000,
|
|
type=VppEnum.vl_api_ip_reass_type_t.IP_REASS_TYPE_SHALLOW_VIRTUAL,
|
|
is_ip6=1,
|
|
expire_walk_interval_ms=10000,
|
|
)
|
|
|
|
payload_len = 1000
|
|
payload = ""
|
|
counter = 0
|
|
while len(payload) < payload_len:
|
|
payload += "%u " % counter
|
|
counter += 1
|
|
|
|
packet_count = 10
|
|
|
|
fragments = [
|
|
f
|
|
for i in range(packet_count)
|
|
for p in (
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
for f in fragment_rfc8200(p, i, payload_len / 4)
|
|
]
|
|
|
|
self.pg_enable_capture()
|
|
self.src_if.add_stream(fragments)
|
|
self.pg_start()
|
|
c = self.dst_if.get_capture(len(fragments))
|
|
for sent, recvd in zip(fragments, c):
|
|
self.assertEqual(sent[IPv6].src, recvd[IPv6].src)
|
|
self.assertEqual(sent[IPv6].dst, recvd[IPv6].dst)
|
|
self.assertEqual(sent[Raw].payload, recvd[Raw].payload)
|
|
|
|
def test_one_fragment(self):
|
|
"""whole packet in one fragment processed independently"""
|
|
pkt = (
|
|
Ether(src=self.src_if.remote_mac, dst=self.src_if.local_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6)
|
|
/ ICMPv6EchoRequest()
|
|
/ Raw("X" * 1600)
|
|
)
|
|
frags = fragment_rfc8200(pkt, 1, 400)
|
|
|
|
# send a fragment with known id
|
|
self.send_and_expect(self.src_if, [frags[0]], self.dst_if)
|
|
|
|
# send an atomic fragment with same id - should be reassembled
|
|
pkt = (
|
|
Ether(src=self.src_if.remote_mac, dst=self.src_if.local_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6)
|
|
/ IPv6ExtHdrFragment(id=1)
|
|
/ ICMPv6EchoRequest()
|
|
)
|
|
rx = self.send_and_expect(self.src_if, [pkt], self.dst_if)
|
|
|
|
# now forward packets matching original reassembly, should still work
|
|
rx = self.send_and_expect(self.src_if, frags[1:], self.dst_if)
|
|
|
|
def test_bunch_of_fragments(self):
|
|
"""valid fragments followed by rogue fragments and atomic fragment"""
|
|
pkt = (
|
|
Ether(src=self.src_if.remote_mac, dst=self.src_if.local_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6)
|
|
/ ICMPv6EchoRequest()
|
|
/ Raw("X" * 1600)
|
|
)
|
|
frags = fragment_rfc8200(pkt, 1, 400)
|
|
rx = self.send_and_expect(self.src_if, frags, self.dst_if)
|
|
|
|
rogue = (
|
|
Ether(src=self.src_if.remote_mac, dst=self.src_if.local_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6)
|
|
/ IPv6ExtHdrFragment(id=1, nh=58, offset=608)
|
|
/ Raw("X" * 308)
|
|
)
|
|
|
|
self.send_and_expect(self.src_if, rogue * 604, self.dst_if)
|
|
|
|
pkt = (
|
|
Ether(src=self.src_if.remote_mac, dst=self.src_if.local_mac)
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6)
|
|
/ IPv6ExtHdrFragment(id=1)
|
|
/ ICMPv6EchoRequest()
|
|
)
|
|
rx = self.send_and_expect(self.src_if, [pkt], self.dst_if)
|
|
|
|
def test_truncated_fragment(self):
|
|
"""truncated fragment"""
|
|
pkt = (
|
|
Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac)
|
|
/ IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6, nh=44, plen=2)
|
|
/ IPv6ExtHdrFragment(nh=6)
|
|
)
|
|
|
|
self.send_and_assert_no_replies(self.pg0, [pkt], self.pg0)
|
|
|
|
|
|
class TestIPv4ReassemblyLocalNode(VppTestCase):
|
|
"""IPv4 Reassembly for packets coming to ip4-local node"""
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
super().setUpClass()
|
|
|
|
cls.create_pg_interfaces([0])
|
|
cls.src_dst_if = cls.pg0
|
|
|
|
# setup all interfaces
|
|
for i in cls.pg_interfaces:
|
|
i.admin_up()
|
|
i.config_ip4()
|
|
i.resolve_arp()
|
|
|
|
cls.padding = " abcdefghijklmn"
|
|
cls.create_stream()
|
|
cls.create_fragments()
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
super().tearDownClass()
|
|
|
|
def setUp(self):
|
|
"""Test setup - force timeout on existing reassemblies"""
|
|
super().setUp()
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=0,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=10,
|
|
)
|
|
self.virtual_sleep(0.25)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=1000000,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=10000,
|
|
)
|
|
|
|
def tearDown(self):
|
|
super().tearDown()
|
|
|
|
def show_commands_at_teardown(self):
|
|
self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
|
|
@classmethod
|
|
def create_stream(cls, packet_count=test_packet_count):
|
|
"""Create input packet stream for defined interface.
|
|
|
|
:param list packet_sizes: Required packet sizes.
|
|
"""
|
|
for i in range(0, packet_count):
|
|
info = cls.create_packet_info(cls.src_dst_if, cls.src_dst_if)
|
|
payload = cls.info_to_payload(info)
|
|
p = (
|
|
Ether(dst=cls.src_dst_if.local_mac, src=cls.src_dst_if.remote_mac)
|
|
/ IP(
|
|
id=info.index,
|
|
src=cls.src_dst_if.remote_ip4,
|
|
dst=cls.src_dst_if.local_ip4,
|
|
)
|
|
/ ICMP(type="echo-request", id=1234)
|
|
/ Raw(payload)
|
|
)
|
|
cls.extend_packet(p, 1518, cls.padding)
|
|
info.data = p
|
|
|
|
@classmethod
|
|
def create_fragments(cls):
|
|
infos = cls._packet_infos
|
|
cls.pkt_infos = []
|
|
for index, info in infos.items():
|
|
p = info.data
|
|
# cls.logger.debug(ppp("Packet:",
|
|
# p.__class__(scapy.compat.raw(p))))
|
|
fragments_300 = fragment_rfc791(p, 300)
|
|
cls.pkt_infos.append((index, fragments_300))
|
|
cls.fragments_300 = [x for (_, frags) in cls.pkt_infos for x in frags]
|
|
cls.logger.debug(
|
|
"Fragmented %s packets into %s 300-byte fragments"
|
|
% (len(infos), len(cls.fragments_300))
|
|
)
|
|
|
|
def verify_capture(self, capture):
|
|
"""Verify captured packet stream.
|
|
|
|
:param list capture: Captured packet stream.
|
|
"""
|
|
info = None
|
|
seen = set()
|
|
for packet in capture:
|
|
try:
|
|
self.logger.debug(ppp("Got packet:", packet))
|
|
ip = packet[IP]
|
|
icmp = packet[ICMP]
|
|
payload_info = self.payload_to_info(packet[Raw])
|
|
packet_index = payload_info.index
|
|
if packet_index in seen:
|
|
raise Exception(ppp("Duplicate packet received", packet))
|
|
seen.add(packet_index)
|
|
self.assertEqual(payload_info.dst, self.src_dst_if.sw_if_index)
|
|
info = self._packet_infos[packet_index]
|
|
self.assertIsNotNone(info)
|
|
self.assertEqual(packet_index, info.index)
|
|
saved_packet = info.data
|
|
self.assertEqual(ip.src, saved_packet[IP].dst)
|
|
self.assertEqual(ip.dst, saved_packet[IP].src)
|
|
self.assertEqual(icmp.type, 0) # echo reply
|
|
self.assertEqual(icmp.id, saved_packet[ICMP].id)
|
|
self.assertEqual(icmp.payload, saved_packet[ICMP].payload)
|
|
except Exception:
|
|
self.logger.error(ppp("Unexpected or invalid packet:", packet))
|
|
raise
|
|
for index in self._packet_infos:
|
|
self.assertIn(
|
|
index, seen, "Packet with packet_index %d not received" % index
|
|
)
|
|
|
|
def test_reassembly(self):
|
|
"""basic reassembly"""
|
|
|
|
self.pg_enable_capture()
|
|
self.src_dst_if.add_stream(self.fragments_300)
|
|
self.pg_start()
|
|
|
|
packets = self.src_dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
|
|
# run it all again to verify correctness
|
|
self.pg_enable_capture()
|
|
self.src_dst_if.add_stream(self.fragments_300)
|
|
self.pg_start()
|
|
|
|
packets = self.src_dst_if.get_capture(len(self.pkt_infos))
|
|
self.verify_capture(packets)
|
|
|
|
|
|
class TestFIFReassembly(VppTestCase):
|
|
"""Fragments in fragments reassembly"""
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
super().setUpClass()
|
|
|
|
cls.create_pg_interfaces([0, 1])
|
|
cls.src_if = cls.pg0
|
|
cls.dst_if = cls.pg1
|
|
for i in cls.pg_interfaces:
|
|
i.admin_up()
|
|
i.config_ip4()
|
|
i.resolve_arp()
|
|
i.config_ip6()
|
|
i.resolve_ndp()
|
|
|
|
cls.packet_sizes = [64, 512, 1518, 9018]
|
|
cls.padding = " abcdefghijklmn"
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
super().tearDownClass()
|
|
|
|
def setUp(self):
|
|
"""Test setup - force timeout on existing reassemblies"""
|
|
super().setUp()
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=self.src_if.sw_if_index, enable_ip4=True, enable_ip6=True
|
|
)
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=self.dst_if.sw_if_index, enable_ip4=True, enable_ip6=True
|
|
)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=0,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=10,
|
|
)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=0,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=10,
|
|
is_ip6=1,
|
|
)
|
|
self.virtual_sleep(0.25)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=1000000,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=10000,
|
|
)
|
|
self.vapi.ip_reassembly_set(
|
|
timeout_ms=1000000,
|
|
max_reassemblies=1000,
|
|
max_reassembly_length=1000,
|
|
expire_walk_interval_ms=10000,
|
|
is_ip6=1,
|
|
)
|
|
|
|
def tearDown(self):
|
|
super().tearDown()
|
|
|
|
def show_commands_at_teardown(self):
|
|
self.logger.debug(self.vapi.ppcli("show ip4-full-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show ip6-full-reassembly details"))
|
|
self.logger.debug(self.vapi.ppcli("show buffers"))
|
|
|
|
def verify_capture(self, capture, ip_class, dropped_packet_indexes=[]):
|
|
"""Verify captured packet stream.
|
|
|
|
:param list capture: Captured packet stream.
|
|
"""
|
|
info = None
|
|
seen = set()
|
|
for packet in capture:
|
|
try:
|
|
self.logger.debug(ppp("Got packet:", packet))
|
|
ip = packet[ip_class]
|
|
udp = packet[UDP]
|
|
payload_info = self.payload_to_info(packet[Raw])
|
|
packet_index = payload_info.index
|
|
self.assertTrue(
|
|
packet_index not in dropped_packet_indexes,
|
|
ppp("Packet received, but should be dropped:", packet),
|
|
)
|
|
if packet_index in seen:
|
|
raise Exception(ppp("Duplicate packet received", packet))
|
|
seen.add(packet_index)
|
|
self.assertEqual(payload_info.dst, self.dst_if.sw_if_index)
|
|
info = self._packet_infos[packet_index]
|
|
self.assertTrue(info is not None)
|
|
self.assertEqual(packet_index, info.index)
|
|
saved_packet = info.data
|
|
self.assertEqual(ip.src, saved_packet[ip_class].src)
|
|
self.assertEqual(ip.dst, saved_packet[ip_class].dst)
|
|
self.assertEqual(udp.payload, saved_packet[UDP].payload)
|
|
except Exception:
|
|
self.logger.error(ppp("Unexpected or invalid packet:", packet))
|
|
raise
|
|
for index in self._packet_infos:
|
|
self.assertTrue(
|
|
index in seen or index in dropped_packet_indexes,
|
|
"Packet with packet_index %d not received" % index,
|
|
)
|
|
|
|
def test_fif4(self):
|
|
"""Fragments in fragments (4o4)"""
|
|
|
|
# TODO this should be ideally in setUpClass, but then we hit a bug
|
|
# with VppIpRoute incorrectly reporting it's present when it's not
|
|
# so we need to manually remove the vpp config, thus we cannot have
|
|
# it shared for multiple test cases
|
|
self.tun_ip4 = "1.1.1.2"
|
|
|
|
self.gre4 = VppGreInterface(self, self.src_if.local_ip4, self.tun_ip4)
|
|
self.gre4.add_vpp_config()
|
|
self.gre4.admin_up()
|
|
self.gre4.config_ip4()
|
|
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=self.gre4.sw_if_index, enable_ip4=True
|
|
)
|
|
|
|
self.route4 = VppIpRoute(
|
|
self,
|
|
self.tun_ip4,
|
|
32,
|
|
[VppRoutePath(self.src_if.remote_ip4, self.src_if.sw_if_index)],
|
|
)
|
|
self.route4.add_vpp_config()
|
|
|
|
self.reset_packet_infos()
|
|
for i in range(test_packet_count):
|
|
info = self.create_packet_info(self.src_if, self.dst_if)
|
|
payload = self.info_to_payload(info)
|
|
# Ethernet header here is only for size calculation, thus it
|
|
# doesn't matter how it's initialized. This is to ensure that
|
|
# reassembled packet is not > 9000 bytes, so that it's not dropped
|
|
p = (
|
|
Ether()
|
|
/ IP(id=i, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
size = self.packet_sizes[(i // 2) % len(self.packet_sizes)]
|
|
self.extend_packet(p, size, self.padding)
|
|
info.data = p[IP] # use only IP part, without ethernet header
|
|
|
|
fragments = [
|
|
x
|
|
for _, p in self._packet_infos.items()
|
|
for x in fragment_rfc791(p.data, 400)
|
|
]
|
|
|
|
encapped_fragments = [
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IP(src=self.tun_ip4, dst=self.src_if.local_ip4)
|
|
/ GRE()
|
|
/ p
|
|
for p in fragments
|
|
]
|
|
|
|
fragmented_encapped_fragments = [
|
|
x for p in encapped_fragments for x in fragment_rfc791(p, 200)
|
|
]
|
|
|
|
self.src_if.add_stream(fragmented_encapped_fragments)
|
|
|
|
self.pg_enable_capture(self.pg_interfaces)
|
|
self.pg_start()
|
|
|
|
self.src_if.assert_nothing_captured()
|
|
packets = self.dst_if.get_capture(len(self._packet_infos))
|
|
self.verify_capture(packets, IP)
|
|
|
|
# TODO remove gre vpp config by hand until VppIpRoute gets fixed
|
|
# so that it's query_vpp_config() works as it should
|
|
self.gre4.remove_vpp_config()
|
|
self.logger.debug(self.vapi.ppcli("show interface"))
|
|
|
|
def test_fif6(self):
|
|
"""Fragments in fragments (6o6)"""
|
|
# TODO this should be ideally in setUpClass, but then we hit a bug
|
|
# with VppIpRoute incorrectly reporting it's present when it's not
|
|
# so we need to manually remove the vpp config, thus we cannot have
|
|
# it shared for multiple test cases
|
|
self.tun_ip6 = "1002::1"
|
|
|
|
self.gre6 = VppGreInterface(self, self.src_if.local_ip6, self.tun_ip6)
|
|
self.gre6.add_vpp_config()
|
|
self.gre6.admin_up()
|
|
self.gre6.config_ip6()
|
|
|
|
self.vapi.ip_reassembly_enable_disable(
|
|
sw_if_index=self.gre6.sw_if_index, enable_ip6=True
|
|
)
|
|
|
|
self.route6 = VppIpRoute(
|
|
self,
|
|
self.tun_ip6,
|
|
128,
|
|
[VppRoutePath(self.src_if.remote_ip6, self.src_if.sw_if_index)],
|
|
)
|
|
self.route6.add_vpp_config()
|
|
|
|
self.reset_packet_infos()
|
|
for i in range(test_packet_count):
|
|
info = self.create_packet_info(self.src_if, self.dst_if)
|
|
payload = self.info_to_payload(info)
|
|
# Ethernet header here is only for size calculation, thus it
|
|
# doesn't matter how it's initialized. This is to ensure that
|
|
# reassembled packet is not > 9000 bytes, so that it's not dropped
|
|
p = (
|
|
Ether()
|
|
/ IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6)
|
|
/ UDP(sport=1234, dport=5678)
|
|
/ Raw(payload)
|
|
)
|
|
size = self.packet_sizes[(i // 2) % len(self.packet_sizes)]
|
|
self.extend_packet(p, size, self.padding)
|
|
info.data = p[IPv6] # use only IPv6 part, without ethernet header
|
|
|
|
fragments = [
|
|
x
|
|
for _, i in self._packet_infos.items()
|
|
for x in fragment_rfc8200(i.data, i.index, 400)
|
|
]
|
|
|
|
encapped_fragments = [
|
|
Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac)
|
|
/ IPv6(src=self.tun_ip6, dst=self.src_if.local_ip6)
|
|
/ GRE()
|
|
/ p
|
|
for p in fragments
|
|
]
|
|
|
|
fragmented_encapped_fragments = [
|
|
x
|
|
for p in encapped_fragments
|
|
for x in (
|
|
fragment_rfc8200(
|
|
p, 2 * len(self._packet_infos) + p[IPv6ExtHdrFragment].id, 200
|
|
)
|
|
if IPv6ExtHdrFragment in p
|
|
else [p]
|
|
)
|
|
]
|
|
|
|
self.src_if.add_stream(fragmented_encapped_fragments)
|
|
|
|
self.pg_enable_capture(self.pg_interfaces)
|
|
self.pg_start()
|
|
|
|
self.src_if.assert_nothing_captured()
|
|
packets = self.dst_if.get_capture(len(self._packet_infos))
|
|
self.verify_capture(packets, IPv6)
|
|
|
|
# TODO remove gre vpp config by hand until VppIpRoute gets fixed
|
|
# so that it's query_vpp_config() works as it should
|
|
self.gre6.remove_vpp_config()
|
|
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main(testRunner=VppTestRunner)
|