def test_missing_upper(self):
""" missing upper layer """
p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) /
IPv6(src=self.src_if.remote_ip6,
dst=self.src_if.local_ip6) /
UDP(sport=1234, dport=5678) /
Raw())
self.extend_packet(p, 1000, self.padding)
fragments = fragment_rfc8200(p, 1, 500)
bad_fragment = p.__class__(str(fragments[1]))
bad_fragment[IPv6ExtHdrFragment].nh = 59
bad_fragment[IPv6ExtHdrFragment].offset = 0
self.pg_enable_capture()
self.src_if.add_stream([bad_fragment])
self.pg_start()
pkts = self.src_if.get_capture(expected_count=1)
icmp = pkts[0]
self.assertIn(ICMPv6ParamProblem, icmp)
self.assert_equal(icmp[ICMPv6ParamProblem].code, 3, "ICMP code")
def test_no_p2p_subif(self):
"""standard routing without p2p subinterfaces"""
self.logger.info("FFP_TEST_START_0001")
route_8000 = VppIpRoute(self, "8000::", 64,
[VppRoutePath(self.pg0.remote_ip6,
self.pg0.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
route_8000.add_vpp_config()
self.packets = [(Ether(dst=self.pg1.local_mac,
src=self.pg1.remote_mac) /
IPv6(src="3001::1", dst="8000::100") /
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))]
self.send_packets(self.pg1, self.pg0)
self.logger.info("FFP_TEST_FINISH_0001")
def simple_ipv6_sr_packet(eth_dst='00:01:02:03:04:05',
eth_src='00:06:07:08:09:0a',
ipv6_src='2000::1',
ipv6_dst='2000::2',
ipv6_hlim=63,
srh_seg_left=0,
srh_first_seg=0,
srh_flags=0,
srh_seg_list=[],
srh_nh=59):
pkt = Ether(dst=eth_dst, src=eth_src)
pkt /= IPv6(src=ipv6_src, dst=ipv6_dst, nh=43, hlim=ipv6_hlim)
reserved = (srh_first_seg << 24) + (srh_flags << 8)
pkt /= IPv6ExtHdrRouting(nh=srh_nh,
type=4,
segleft=srh_seg_left,
reserved=reserved,
addresses=srh_seg_list)
return pkt
def test_tun_basic66(self, count=1):
""" ipsec 6o6 tunnel basic test """
self.vapi.cli("clear errors")
try:
p = self.params[socket.AF_INET6]
vpp_tun_sa, scapy_tun_sa = self.configure_sa_tun(p)
send_pkts = self.gen_encrypt_pkts6(scapy_tun_sa,
self.tun_if,
src=p.remote_tun_if_host,
dst=self.pg1.remote_ip6,
count=count)
recv_pkts = self.send_and_expect(self.tun_if, send_pkts, self.pg1)
for recv_pkt in recv_pkts:
self.assert_equal(recv_pkt[IPv6].src, p.remote_tun_if_host)
self.assert_equal(recv_pkt[IPv6].dst, self.pg1.remote_ip6)
self.assert_packet_checksums_valid(recv_pkt)
send_pkts = self.gen_pkts6(self.pg1,
src=self.pg1.remote_ip6,
dst=p.remote_tun_if_host,
count=count)
recv_pkts = self.send_and_expect(self.pg1, send_pkts, self.tun_if)
for recv_pkt in recv_pkts:
try:
decrypt_pkt = vpp_tun_sa.decrypt(recv_pkt[IPv6])
if not decrypt_pkt.haslayer(IPv6):
decrypt_pkt = IPv6(decrypt_pkt[Raw].load)
self.assert_equal(decrypt_pkt.src, self.pg1.remote_ip6)
self.assert_equal(decrypt_pkt.dst, p.remote_tun_if_host)
self.assert_packet_checksums_valid(decrypt_pkt)
except:
self.logger.debug(ppp("Unexpected packet:", recv_pkt))
try:
self.logger.debug(ppp("Decrypted packet:",
decrypt_pkt))
except:
pass
raise
finally:
self.logger.info(self.vapi.ppcli("show error"))
self.logger.info(self.vapi.ppcli("show ipsec"))
self.assert_packet_counter_equal(self.tun6_encrypt_node_name, count)
self.assert_packet_counter_equal(self.tun6_decrypt_node_name, count)
def test_map_t_echo_request_ip6_to_ip4(self):
""" MAP-T echo request IPv6 -> IPv4 """
eth = Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac)
ip = IPv6(src=self.ipv6_cpe_address, dst=self.ipv6_map_address)
icmp = ICMPv6EchoRequest()
icmp.id = self.ipv6_udp_or_tcp_map_port
payload = "H" * 10
tx_pkt = eth / ip / icmp / payload
self.pg_send(self.pg1, tx_pkt * 1)
rx_pkts = self.pg0.get_capture(1)
rx_pkt = rx_pkts[0]
self.assertEqual(rx_pkt[IP].proto, IP(proto="icmp").proto)
self.assertEqual(rx_pkt[ICMP].type, ICMP(type="echo-request").type)
self.assertEqual(rx_pkt[ICMP].code, 0)
self.assertEqual(rx_pkt[ICMP].id, self.ipv6_udp_or_tcp_map_port)
def vrrp_adv_packet(self, prio=None, src_ip=None):
dst_ip = self._adv_dest_ip
if prio is None:
prio = self._prio
eth = Ether(dst=self._adv_dest_mac, src=self._virtual_mac)
vrrp = VRRPv3(vrid=self._vr_id, priority=prio,
ipcount=len(self._vips), adv=self._intvl)
if self._is_ipv6:
src_ip = (self._intf.local_ip6_ll if src_ip is None else src_ip)
ip = IPv6(src=src_ip, dst=dst_ip, nh=IPPROTO_VRRP, hlim=255)
vrrp.addrlist = self._vips
else:
src_ip = (self._intf.local_ip4 if src_ip is None else src_ip)
ip = IP(src=src_ip, dst=dst_ip, proto=IPPROTO_VRRP, ttl=255, id=0)
vrrp.addrlist = self._vips
# Fill in default values & checksums
pkt = Ether(raw(eth / ip / vrrp))
return pkt
def verify_encrypted6(self, p, sa, rxs):
for rx in rxs:
try:
pkt = sa.decrypt(rx[IPv6])
if not pkt.haslayer(IPv6):
pkt = IPv6(pkt[Raw].load)
self.assert_packet_checksums_valid(pkt)
self.assert_equal(pkt[IPv6].dst, self.pg0.remote_ip6)
self.assert_equal(pkt[IPv6].src, self.pg0.local_ip6)
inner = pkt[IPv6].payload
self.assertEqual(inner[IPv6][IPv6].dst, p.remote_tun_if_host)
except (IndexError, AssertionError):
self.logger.debug(ppp("Unexpected packet:", rx))
try:
self.logger.debug(ppp("Decrypted packet:", pkt))
except:
pass
raise
def process_packet(self, packet, udp_dport=UDP_INT_DST_PORT):
"""
Processes a packet to determine if an attack is occurring if the IP
protocol is as expected
:param packet: the packet to process
:param udp_dport: the UDP port value on which to filter
:return: T/F - True when an attack has been triggered
"""
logger.debug('Packet data - [%s]', packet.summary())
ip_pkt = None
protocol = None
if packet[Ether].type == IPV4_TYPE:
ip_pkt = IP(_pkt=packet[Ether].payload)
protocol = ip_pkt.proto
elif packet[Ether].type == IPV6_TYPE:
ip_pkt = IPv6(_pkt=packet[Ether].payload)
protocol = ip_pkt.nh
if ip_pkt and protocol and protocol == UDP_PROTO:
udp_packet = UDP(_pkt=ip_pkt.payload)
logger.debug(
'udp sport - [%s] dport - [%s] - expected dport - [%s]',
udp_packet.sport, udp_packet.dport, udp_dport)
if udp_packet.dport == udp_dport and udp_dport == UDP_INT_DST_PORT:
int_data = extract_int_data(packet[Ether])
if int_data:
return self.__process(int_data)
else:
logger.warn('Unable to debug INT data')
return False
elif (udp_packet.dport == udp_dport
and udp_dport == UDP_TRPT_DST_PORT):
int_data = extract_trpt_data(udp_packet)
if int_data:
return self.__process(int_data)
else:
logger.warn('Unable to debug INT data')
return False
else:
logger.debug(
'Cannot process UDP packet dport of - [%s], expected - '
'[%s]', udp_packet.dport, udp_dport)
return False
def test_map_t_tcp_ip4_to_ip6(self):
""" MAP-T TCP IPv4 -> IPv6 """
eth = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
ip = IP(src=self.pg0.remote_ip4, dst=self.ipv4_map_address, tos=0)
tcp = TCP(sport=self.ipv4_udp_or_tcp_internet_port,
dport=self.ipv4_udp_or_tcp_map_port)
payload = "a" * 82
tx_pkt = eth / ip / tcp / payload
self.pg_send(self.pg0, tx_pkt * 1)
rx_pkts = self.pg1.get_capture(1)
rx_pkt = rx_pkts[0]
self.v6_address_check(rx_pkt)
self.v6_port_check(rx_pkt, TCP)
self.assertEqual(rx_pkt[IPv6].tc, 0) # IPv4 ToS passed to v6 TC
self.assertEqual(rx_pkt[IPv6].nh, IPv6(nh="TCP").nh)
def recv_raw(self, x=MTU):
try:
data, address = self.ins.recvfrom(x)
except IOError: # BlockingIOError
return None, None, None
if self.ipv6:
# AF_INET6 does not return the IPv6 header. Let's build it
# (host, port, flowinfo, scopeid)
host, _, flowinfo, _ = address
header = raw(
IPv6(
src=host,
dst=self.host_ip6,
fl=flowinfo,
nh=self.proto, # fixed for AF_INET6
plen=len(data)))
return IPv6, header + data, time.time()
else:
return IP, data, time.time()
def test_punt_socket_traffic_multi_ports_multi_sockets(self):
""" Punt socket traffic multi ports and multi sockets"""
punt_l4 = mk_vpp_cfg6()
# configuration for each UDP port
cfgs = dict()
#
# create stream of packets for each port
#
for port in self.ports:
# choose port from port list
cfgs[port] = {}
pkt = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) /
UDP(sport=9876, dport=port) / Raw('\xa5' * 100))
cfgs[port]['pkts'] = pkt * self.nr_packets
cfgs[port]['port'] = port
cfgs[port]['vpp'] = copy.deepcopy(set_port(punt_l4, port))
# configure punt sockets
cfgs[port]['sock'] = self.socket_client_create(
b"%s/socket_%d" % (six.ensure_binary(self.tempdir), port))
self.vapi.punt_socket_register(
cfgs[port]['vpp'],
b"%s/socket_%d" % (six.ensure_binary(self.tempdir), port))
#
# send the packets that get punted
#
for cfg in cfgs.values():
self.send_and_assert_no_replies(self.pg0, cfg['pkts'])
#
# test that we got the excepted packets on the expected socket
#
for cfg in cfgs.values():
rx = cfg['sock'].close()
self.verify_udp_pkts(rx, len(cfg['pkts']), cfg['port'])
self.vapi.punt_socket_deregister(cfg['vpp'])
def create_relay_forward(level=1):
"""
Encapsulate message in relay-forward message.
"""
assert level > 0
# set flag for adding client option client-id which is added by default
world.cfg["relay"] = True
# we pretend to be relay-server so we need to listen on 547 port
world.cfg["source_port"] = 547
# get only DHCPv6 part of the message
msg = world.climsg.pop().getlayer(2)
# message encapsulation
for lvl in range(level):
# all three values: linkaddr, peeraddr and hopcount must be filled
relay_msg = dhcp6.DHCP6_RelayForward(
hopcount=lvl + 1,
linkaddr=world.cfg["values"]["linkaddr"],
peeraddr=world.cfg["values"]["peeraddr"])
for each_option in world.relayopts:
relay_msg /= each_option
relay_msg /= dhcp6.DHCP6OptRelayMsg(message=msg)
msg = relay_msg
# build full message
full_msg = IPv6(dst=world.cfg["address_v6"],
src=world.cfg["cli_link_local"])
full_msg /= UDP(sport=world.cfg["source_port"],
dport=world.cfg["destination_port"])
full_msg /= msg
# in case if unicast used, get back to multicast address.
world.cfg["address_v6"] = "ff02::1:2"
world.climsg.append(full_msg)
world.relayopts = []
world.cfg[
"source_port"] = 546 # we should be able to change relay ports from test itself
world.cfg["relay"] = False
def main():
parser = argparse.ArgumentParser(description="Generate packets for"
"TLDK rx/tx tests")
parser.add_argument("l_ip")
parser.add_argument("r_ip")
parser.add_argument("l_port", type=int)
parser.add_argument("r_port", type=int)
parser.add_argument("nb_pkts", type=int)
parser.add_argument("file")
parser.add_argument("-bc3", "--bad_chksum_l3", default=None, type=int)
parser.add_argument("-bc4", "--bad_chksum_l4", default=None, type=int)
parser.add_argument("-f", "--fragment")
parser.add_argument("-r", "--rand-pkt-size")
args = parser.parse_args()
ip_ver = ""
try:
inet_pton(socket.AF_INET, args.l_ip)
ip_ver = "ipv4"
except socket.error:
ip_ver = "ipv6"
pkts = read_pkts(args.file)
if "ipv4" in ip_ver:
for i in range(0, args.nb_pkts):
pkt = Ether(dst=dst_mac, src=src_mac) /\
IP(src=args.l_ip, dst=args.r_ip, frag=0, chksum=args.bad_chksum_l3) /\
UDP(sport=args.l_port, dport=args.r_port, chksum=args.bad_chksum_l4) /\
Raw(RandString(size=(100 - udpv4_hdr_len)))
pkts.append(pkt)
else:
for i in range(0, args.nb_pkts):
pkt = Ether(dst=dst_mac, src=src_mac) /\
IPv6(src=args.l_ip, dst=args.r_ip) /\
UDP(sport=args.l_port, dport=args.r_port, chksum=args.bad_chksum_l4) / \
Raw(RandString(size=(100 - udpv6_hdr_len)))
pkts.append(pkt)
shuffle(pkts)
write_pkts(pkts, args.file)
def callback(packet):
global dup
if dup is True:
dup = False
return
dup = True
new_ip_header = IPv6(src=packet['IPv6'].src,
dst='::1',
ttl=generate_ttl(packet['IPv6'].hlim))
new_udp_header = UDP(sport=packet['UDP'].sport, dport=10005)
new_packet = new_ip_header / new_udp_header / Raw(
packet['UDP'].payload)
del new_packet[IPv6].chksum
del new_packet[UDP].chksum
del new_packet[IPv6].payload.chksum
send(new_packet)
def get_alive_clients():
if get_local_ipv6_addr() == SERVER_ADDR:
return []
while True:
sendp(
Ether(src=LOCAL_MAC_ADDR, dst=NEXT_HOP_MAC) /
IPv6(dst=SERVER_ADDR) /
UDP(sport=ACCESS_CLIENT_LIST_PORT, dport=ACCESS_CLIENT_LIST_PORT),
iface=LOCAL_IPv6_IFACE)
recv_packets = sniff(
filter=
f'dst host {LOCAL_IPv6_ADDR} && port {ACCESS_CLIENT_LIST_PORT}',
count=1,
timeout=3,
iface=LOCAL_IPv6_IFACE)
if len(recv_packets) > 0:
clients = parse_payload(recv_packets[0])
return [client for client in clients if client != LOCAL_IPv6_ADDR]
else:
print(f'server is sleeping?')
def test_map_t_echo_reply_ip4_to_ip6(self):
""" MAP-T echo reply IPv4 -> IPv6 """
eth = Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac)
ip = IP(src=self.pg0.remote_ip4, dst=self.ipv4_map_address)
icmp = ICMP(type="echo-reply", id=self.ipv6_udp_or_tcp_map_port)
payload = "H" * 10
tx_pkt = eth / ip / icmp / payload
self.pg_send(self.pg0, tx_pkt * 1)
rx_pkts = self.pg1.get_capture(1)
rx_pkt = rx_pkts[0]
self.assertEqual(rx_pkt[IPv6].nh, IPv6(nh="ICMPv6").nh)
self.assertEqual(rx_pkt[ICMPv6EchoReply].type,
ICMPv6EchoReply(type="Echo Reply").type)
self.assertEqual(rx_pkt[ICMPv6EchoReply].code, 0)
self.assertEqual(rx_pkt[ICMPv6EchoReply].id,
self.ipv6_udp_or_tcp_map_port)
def test_6rd_ip4_to_ip6_suffix(self):
""" ip4 -> ip6 (decap) 6rd test """
rv = self.vapi.ipip_6rd_add_tunnel(0, 0, inet_pton(AF_INET6, '2002::'),
inet_pton(AF_INET, '172.0.0.0'),
self.pg0.local_ip4n, 16, 8, True)
self.tunnel_index = rv.sw_if_index
self.vapi.cli("show ip6 fib")
p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
p_ip4 = IP(src=self.pg1.remote_ip4, dst=self.pg0.local_ip4)
p_ip6 = (IPv6(src="2002:1002:0200::1", dst=self.pg1.remote_ip6) /
UDP(sport=1234, dport=1234))
p = (p_ether / p_ip4 / p_ip6)
rx = self.send_and_expect(self.pg0, p * 10, self.pg1)
for p in rx:
self.validate_4in6(p, p_ip6)
self.vapi.ipip_6rd_del_tunnel(self.tunnel_index)
def recv_from_tuntcp(socket, packet):
plen, type = unpack("!HH", packet[0:4])
log.debug("Len: %d Type %d" % (plen, type))
# Assume that we got the whole packet...
# In the future we should check - and wait for more if not complete.
if type == TYPE_HANDSHAKE_MAC_GET:
data = struct.pack("!HH", 8 + 4,
TYPE_HANDSHAKE_MAC_SET) + get_next_mac()
socket.send(data)
elif type == TYPE_RAW_IPV6:
ip = IPv6(packet[4:])
dst = ipaddress.ip_address(ip.dst)
# Not matching prefix... Send to all tuntcp except "socket" to get things out to other nodes.
if dst.packed[0:4] != prefix[0:4]:
log.debug("Not matching prefix - send back to all. %d" %
len(tuntcp))
ip.show()
send_to_tuntcp(socket, packet[4:])
else:
recv_from_tun(packet[4:])
def create_packet_header_IPv6_SRH_IPv4(self, srcaddr, sidlist, segleft):
"""Create packet header: IPv4 encapsulated in SRv6:
IPv6 header with SRH, IPv4 header, UDP header
:param int srcaddr: outer source address
:param list sidlist: segment list of outer IPv6 SRH
:param int segleft: segments-left field of outer IPv6 SRH
Outer IPv6 source address is set to srcaddr
Outer IPv6 destination address is set to sidlist[segleft]
Inner IPv4 source address is 123.1.1.1
Inner IPv4 destination address is 124.1.1.1
UDP source port and destination port are 1234
"""
p = (IPv6(src=srcaddr, dst=sidlist[segleft]) /
IPv6ExtHdrSegmentRouting(addresses=sidlist, segleft=segleft, nh=4)
/ IP(src="123.1.1.1", dst="124.1.1.1") /
UDP(sport=1234, dport=1234))
return p
def test_vrrp6_accept_mode_disabled(self):
""" IPv6 Master VR does not reply for VIP w/ accept mode off """
# accept mode only matters when prio < 255, so it will have to
# come up as a backup and take over as master after the timeout
vr_id = 100
prio = 100
intvl = self._default_adv
vip = self.pg0.remote_hosts[4].ip6
vr = VppVRRPVirtualRouter(self,
self.pg0,
vr_id,
prio=prio,
intvl=intvl,
flags=self._default_flags,
vips=[vip])
self._vrs.append(vr)
vr.add_vpp_config()
# After adding the VR, it should be in the init state
vr.assert_state_equals(VRRP_VR_STATE_INIT)
# start VR
vr.start_stop(is_start=1)
vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
# wait for VR to take over as master
end_time = vr.start_time() + vr.master_down_seconds()
sleep_s = end_time - time.time()
time.sleep(sleep_s)
vr.assert_state_equals(VRRP_VR_STATE_MASTER)
# send an ICMPv6 echo to the VR virtual IP address
echo = (Ether(dst=vr.virtual_mac(), src=self.pg0.remote_mac) /
IPv6(dst=vip, src=self.pg0.remote_ip6) /
ICMPv6EchoRequest(seq=1, id=self.pg0.sw_if_index))
self.pg_send(self.pg0, [echo])
# wait for an echo reply. none should be received
time.sleep(1)
self.pg0.assert_nothing_captured(filter_out_fn=is_not_echo_reply)
def send_packet(self, msg_type, t1=None, t2=None, iapdopt=None):
if t1 is None:
t1 = self.T1
if t2 is None:
t2 = self.T2
if iapdopt is None:
opt_ia_pd = DHCP6OptIA_PD(iaid=1, T1=t1, T2=t2)
else:
opt_ia_pd = DHCP6OptIA_PD(iaid=1, T1=t1, T2=t2, iapdopt=iapdopt)
p = (
Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
/ IPv6(src=util.mk_ll_addr(self.pg0.remote_mac), dst=self.pg0.local_ip6_ll)
/ UDP(sport=547, dport=546)
/ msg_type(trid=self.trid)
/ DHCP6OptServerId(duid=self.server_duid)
/ DHCP6OptClientId(duid=self.client_duid)
/ opt_ia_pd
)
self.pg0.add_stream([p])
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
def test_map_t_tcp_ip6_to_ip4(self):
""" MAP-T TCP IPv6 -> IPv4 """
eth = Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac)
ip = IPv6(src=self.ipv6_cpe_address, dst=self.ipv6_map_address)
tcp = TCP(sport=self.ipv6_udp_or_tcp_map_port,
dport=self.ipv6_udp_or_tcp_internet_port)
payload = "a" * 82
tx_pkt = eth / ip / tcp / payload
self.pg_send(self.pg1, tx_pkt * 1)
rx_pkts = self.pg0.get_capture(1)
rx_pkt = rx_pkts[0]
self.v4_address_check(rx_pkt)
self.v4_port_check(rx_pkt, TCP)
self.assertEqual(rx_pkt[IP].proto, IP(proto="tcp").proto)
self.assertEqual(rx_pkt[IP].tos, 0) # IPv6 TC passed to v4 ToS
df_bit = IP(flags="DF").flags
self.assertNotEqual(rx_pkt[IP].flags & df_bit, df_bit)
def test_6rd_ip4_to_ip6_suffix(self):
""" ip4 -> ip6 (decap) 6rd test """
rv = self.vapi.sixrd_add_tunnel(
0, str(ip_address('2002::').packed), 16,
str(ip_address('172.0.0.0').packed), 8,
str(ip_address(self.pg0.local_ip4).packed), 0, True)
self.assertEqual(rv.retval, 0)
self.tunnel_index = rv.sw_if_index
self.vapi.cli("show ip6 fib")
p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
p_ip4 = IP(src=self.pg1.remote_ip4, dst=self.pg0.local_ip4)
p_ip6 = (IPv6(src="2002:1002:0200::1", dst=self.pg1.remote_ip6) /
UDP(sport=1234, dport=1234))
p = (p_ether / p_ip4 / p_ip6)
rx = self.send_and_expect(self.pg0, p * 10, self.pg1)
for p in rx:
self.validate_4in6(p, p_ip6)
def create_stream(self, src_if, packet_sizes):
"""Create input packet stream for defined interface.
:param VppInterface src_if: Interface to create packet stream for.
:param list packet_sizes: Required packet sizes.
"""
pkts = []
for i in range(0, 257):
dst_if = self.flows[src_if][i % 2]
info = self.create_packet_info(src_if, dst_if)
payload = self.info_to_payload(info)
p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
IPv6(src=src_if.remote_ip6, dst=dst_if.remote_ip6) /
UDP(sport=1234, dport=1234) / Raw(payload))
info.data = p.copy()
if isinstance(src_if, VppSubInterface):
p = src_if.add_dot1_layer(p)
size = packet_sizes[(i // 2) % len(packet_sizes)]
self.extend_packet(p, size)
pkts.append(p)
return pkts
def verify_tun_64(self, p, count=1):
self.vapi.cli("clear errors")
try:
config_tun_params(p, self.encryption_type, self.tun_if)
send_pkts = self.gen_encrypt_pkts6(p.scapy_tun_sa,
self.tun_if,
src=p.remote_tun_if_host6,
dst=self.pg1.remote_ip6,
count=count)
recv_pkts = self.send_and_expect(self.tun_if, send_pkts, self.pg1)
for recv_pkt in recv_pkts:
self.assert_equal(recv_pkt[IPv6].src, p.remote_tun_if_host6)
self.assert_equal(recv_pkt[IPv6].dst, self.pg1.remote_ip6)
self.assert_packet_checksums_valid(recv_pkt)
send_pkts = self.gen_pkts6(self.pg1,
src=self.pg1.remote_ip6,
dst=p.remote_tun_if_host6,
count=count)
recv_pkts = self.send_and_expect(self.pg1, send_pkts, self.tun_if)
for recv_pkt in recv_pkts:
try:
decrypt_pkt = p.vpp_tun_sa.decrypt(recv_pkt[IP])
if not decrypt_pkt.haslayer(IPv6):
decrypt_pkt = IPv6(decrypt_pkt[Raw].load)
self.assert_equal(decrypt_pkt.src, self.pg1.remote_ip6)
self.assert_equal(decrypt_pkt.dst, p.remote_tun_if_host6)
self.assert_packet_checksums_valid(decrypt_pkt)
except:
self.logger.error(ppp("Unexpected packet:", recv_pkt))
try:
self.logger.debug(ppp("Decrypted packet:",
decrypt_pkt))
except:
pass
raise
finally:
self.logger.info(self.vapi.ppcli("show error"))
self.logger.info(self.vapi.ppcli("show ipsec all"))
self.verify_counters(p, count)
def test_vrrp6_backup_nond(self):
""" IPv6 Backup VR ignores NDP """
# We need an address for a virtual IP that is not the IP that
# ARP requests will originate from
vr_id = 100
prio = 100
intvl = self._default_adv
intvl_s = intvl * 0.01
vip = self.pg0.remote_hosts[1].ip6
vr = VppVRRPVirtualRouter(self,
self.pg0,
vr_id,
prio=prio,
intvl=intvl,
flags=self._default_flags,
vips=[vip])
vr.add_vpp_config()
self._vrs.append(vr)
nsma = in6_getnsma(inet_pton(socket.AF_INET6, vip))
dmac = in6_getnsmac(nsma)
dst_ip = inet_ntop(socket.AF_INET6, nsma)
ndp_req = (Ether(dst=dmac, src=self.pg0.remote_mac) /
IPv6(dst=dst_ip, src=self.pg0.remote_ip6) /
ICMPv6ND_NS(tgt=vip) /
ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
# Before the VR is started make sure no reply to request for VIP
self.send_and_assert_no_replies(self.pg0, [ndp_req], timeout=1)
# VR should start in backup state and still should not reply to NDP
# send a higher priority adv to make sure it does not become master
adv = vr.vrrp_adv_packet(prio=prio + 10, src_ip=self.pg0.remote_ip6)
pkts = [adv, ndp_req]
vr.start_stop(is_start=1)
self.send_and_assert_no_replies(self.pg0, pkts, timeout=intvl_s)
vr.start_stop(is_start=0)
def create_stream(self, src_if, dst_if, packet_sizes,
proto_l=UDP(sport=1234, dport=5678)):
"""Create input packet stream for defined interfaces.
:param VppInterface src_if: Source Interface for packet stream.
:param VppInterface dst_if: Destination Interface for packet stream.
:param list packet_sizes: packet size to test.
:param Scapy proto_l: Required IP protocol. Default protocol is UDP.
"""
pkts = []
for size in packet_sizes:
info = self.create_packet_info(src_if, dst_if)
payload = self.info_to_payload(info)
p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
IPv6(src=src_if.remote_ip6, dst=dst_if.remote_ip6) /
proto_l /
Raw(payload))
info.data = p.copy()
self.extend_packet(p, size)
pkts.append(p)
return pkts
def test_6rd_ip4_to_ip6_suffix(self):
""" ip4 -> ip6 (decap) 6rd test """
rv = self.vapi.ipip_6rd_add_tunnel(ip6_table_id=0,
ip4_table_id=0,
ip6_prefix='2002::/16',
ip4_prefix='172.0.0.0/8',
ip4_src=self.pg0.local_ip4,
security_check=True)
self.tunnel_index = rv.sw_if_index
self.vapi.cli("show ip6 fib")
p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
p_ip4 = IP(src=self.pg1.remote_ip4, dst=self.pg0.local_ip4)
p_ip6 = (IPv6(src="2002:1002:0200::1", dst=self.pg1.remote_ip6) /
UDP(sport=1234, dport=1234))
p = (p_ether / p_ip4 / p_ip6)
rx = self.send_and_expect(self.pg0, p * 10, self.pg1)
for p in rx:
self.validate_4in6(p, p_ip6)
self.vapi.ipip_6rd_del_tunnel(self.tunnel_index)
def handle_ns_request(self, pipe, packet):
'''
process incoming NS request and send
corresponding NA.
'''
self.log("ND: RX NS: {0} <-- {1},{2}".format(packet[ICMPv6ND_NS].tgt,
packet[IPv6].src,
packet[Ether].src))
na_response = Ether(src=packet[Ether].dst, dst=packet[Ether].src)/ \
IPv6(src=packet[ICMPv6ND_NS].tgt, dst=packet[IPv6].src, hlim = 255)/ \
ICMPv6ND_NA(tgt=packet[ICMPv6ND_NS].tgt, R = 0, S = 1, O = 1)/ \
ICMPv6NDOptDstLLAddr(lladdr=packet[Ether].dst)
if not self.vlan.is_default():
self.vlan.embed(na_response, fmt=self.fmt)
self.log("ND: TX NA: {0},{1} -> {2},{3}".format(
packet[ICMPv6ND_NS].tgt, packet[Ether].dst, packet[IPv6].src,
packet[Ether].src))
pipe.async_tx_pkt(na_response)
self.record.verified()
def create_packet_header_IPv6_SRH_L2(self, sidlist, segleft, vlan=0):
"""Create packet header: L2 encapsulated in SRv6:
IPv6 header with SRH, L2
:param list sidlist: segment list of outer IPv6 SRH
:param int segleft: segments-left field of outer IPv6 SRH
:param vlan: L2 vlan; if vlan!=0 then add 802.1q header
Outer IPv6 destination address is set to sidlist[segleft]
IPv6 source address is 1234::1
"""
eth = Ether(src='00:11:22:33:44:55', dst='00:55:44:33:22:11')
etype = 0x8137 # IPX
if vlan:
# add 802.1q layer
eth /= Dot1Q(vlan=vlan, type=etype)
else:
eth.type = etype
p = (IPv6(src='1234::1', dst=sidlist[segleft]) /
IPv6ExtHdrSegmentRouting(
addresses=sidlist, segleft=segleft, nh=59) / eth)
return p
