def test_0002(self):
""" no timers, two CFLOW packets (mtu=256), 3 Flows in each"""
self.logger.info("FFP_TEST_START_0002")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self, mtu=256)
ipfix.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
# template packet should arrive immediately
self.vapi.ipfix_flush()
templates = ipfix.verify_templates(ipfix_decoder)
self.create_stream(packets=6)
capture = self.send_packets()
# make sure the one packet we expect actually showed up
cflows = []
self.vapi.ipfix_flush()
cflows.append(self.wait_for_cflow_packet(self.collector,
templates[1]))
cflows.append(self.wait_for_cflow_packet(self.collector,
templates[1]))
self.verify_cflow_data_notimer(ipfix_decoder, capture, cflows)
self.collector.get_capture(5)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0002")
def test_L4onL2(self):
""" L4 data on L2 datapath"""
self.logger.info("FFP_TEST_START_0003")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self, layer='l4')
ipfix.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
# template packet should arrive immediately
templates = ipfix.verify_templates(ipfix_decoder, count=2)
self.create_stream(packets=1)
capture = self.send_packets()
# make sure the one packet we expect actually showed up
self.vapi.ipfix_flush()
cflow = self.wait_for_cflow_packet(self.collector, templates[0])
self.verify_cflow_data_detail(ipfix_decoder, capture, cflow,
{2: 'packets', 7: 'sport', 11: 'dport'})
self.collector.get_capture(3)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0003")
def test_L4onIP6(self):
""" L4 data on IP6 datapath"""
self.logger.info("FFP_TEST_START_0003")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self, intf='pg6', layer='l4', datapath='ip6')
ipfix.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
# template packet should arrive immediately
templates = ipfix.verify_templates(ipfix_decoder, count=1)
self.create_stream(src_if=self.pg5, dst_if=self.pg6, packets=1,
ip_ver='IPv6')
capture = self.send_packets(src_if=self.pg5, dst_if=self.pg6)
# make sure the one packet we expect actually showed up
self.vapi.ipfix_flush()
cflow = self.wait_for_cflow_packet(self.collector, templates[0])
self.verify_cflow_data_detail(ipfix_decoder, capture, cflow,
{2: 'packets', 7: 'sport', 11: 'dport'},
ip_ver='v6')
# expected two templates and one cflow packet
self.collector.get_capture(2)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0003")
def test_0001(self):
""" disable IPFIX after first packets"""
self.logger.info("FFP_TEST_START_0001")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self)
ipfix.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
# template packet should arrive immediately
templates = ipfix.verify_templates(ipfix_decoder)
self.create_stream()
self.send_packets()
# make sure the one packet we expect actually showed up
self.vapi.ipfix_flush()
self.wait_for_cflow_packet(self.collector, templates[1])
self.collector.get_capture(4)
# disable IPFIX
ipfix.disable_exporter()
self.pg_enable_capture([self.collector])
self.send_packets()
# make sure no one packet arrived in 1 minute
self.vapi.ipfix_flush()
self.sleep(1, "wait before verifying no packets sent")
self.collector.assert_nothing_captured()
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0001")
def test_0002(self):
""" timer greater than template timeout"""
self.logger.info("FFP_TEST_START_0002")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self, timeout=3, active=4)
ipfix.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
# template packet should arrive immediately
ipfix.verify_templates()
self.create_stream(packets=2)
self.send_packets()
capture = self.pg2.get_capture(2)
# next set of template packet should arrive after 20 seconds
# template packet should arrive within 20 s
templates = ipfix.verify_templates(ipfix_decoder, timeout=5)
# make sure the one packet we expect actually showed up
cflow = self.wait_for_cflow_packet(self.collector, templates[1], 15)
self.verify_cflow_data(ipfix_decoder, capture, cflow)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0002")
def test_0001(self):
""" disable flowprobe feature after first packets"""
self.logger.info("FFP_TEST_START_0001")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self)
ipfix.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
# template packet should arrive immediately
templates = ipfix.verify_templates(ipfix_decoder)
self.create_stream()
self.send_packets()
# make sure the one packet we expect actually showed up
self.vapi.ipfix_flush()
self.wait_for_cflow_packet(self.collector, templates[1])
self.collector.get_capture(4)
# disable IPFIX
ipfix.disable_flowprobe_feature()
self.pg_enable_capture([self.collector])
self.send_packets()
# make sure no one packet arrived in active timer span
self.vapi.ipfix_flush()
self.wait_for_cflow_packet(self.collector, templates[1],
expected=False)
self.collector.get_capture(0)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0001")
def test_0011(self):
""" disable IPFIX after first packets and re-enable after few packets
"""
self.logger.info("FFP_TEST_START_0001")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self)
ipfix.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
# template packet should arrive immediately
templates = ipfix.verify_templates(ipfix_decoder)
self.create_stream(packets=5)
self.send_packets()
# make sure the one packet we expect actually showed up
self.vapi.cli("ipfix flush")
self.wait_for_cflow_packet(self.collector, templates[1])
self.collector.get_capture(4)
# disble IPFIX
ipfix.disable_exporter()
self.vapi.cli("ipfix flush")
self.pg_enable_capture([self.collector])
self.send_packets()
# make sure no one packet arrived in active timer span
self.vapi.cli("ipfix flush")
self.wait_for_cflow_packet(self.collector,
templates[1],
expected=False)
self.collector.get_capture(0)
self.pg2.get_capture(5)
# enable IPFIX
ipfix.enable_exporter()
capture = self.collector.get_capture(4)
nr_templates = 0
nr_data = 0
for p in capture:
self.assertTrue(p.haslayer(IPFIX))
if p.haslayer(Template):
nr_templates += 1
self.assertTrue(nr_templates, 3)
for p in capture:
self.assertTrue(p.haslayer(IPFIX))
if p.haslayer(Data):
nr_data += 1
self.assertTrue(nr_templates, 1)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0001")
def test_0001(self):
""" disable flowprobe feature after first packets and re-enable
after few packets """
self.logger.info("FFP_TEST_START_0001")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self)
ipfix.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
# template packet should arrive immediately
self.vapi.ipfix_flush()
templates = ipfix.verify_templates(ipfix_decoder, timeout=3)
self.create_stream()
self.send_packets()
# make sure the one packet we expect actually showed up
self.vapi.ipfix_flush()
self.wait_for_cflow_packet(self.collector, templates[1], 5)
self.collector.get_capture(4)
# disable FPP feature
ipfix.disable_flowprobe_feature()
self.pg_enable_capture([self.collector])
self.send_packets()
# make sure no one packet arrived in active timer span
self.vapi.ipfix_flush()
self.sleep(5, "wait before verifying no packets sent")
self.collector.assert_nothing_captured()
# enable FPP feature
ipfix.enable_flowprobe_feature()
self.vapi.ipfix_flush()
templates = ipfix.verify_templates(ipfix_decoder, timeout=3)
self.send_packets()
# make sure the next packets (templates and data) we expect actually
# showed up
self.vapi.ipfix_flush()
self.wait_for_cflow_packet(self.collector, templates[1], 5)
self.collector.get_capture(4)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0001")
def test_0001(self):
""" disable IPFIX after first packets and re-enable after few packets
"""
self.logger.info("FFP_TEST_START_0001")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self, active=10)
ipfix.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
# template packet should arrive immediately
templates = ipfix.verify_templates(ipfix_decoder, timeout=3)
self.create_stream()
self.send_packets()
# make sure the one packet we expect actually showed up
self.wait_for_cflow_packet(self.collector, templates[1], 30)
self.collector.get_capture(4)
# disble IPFIX
ipfix.disable_exporter()
self.pg_enable_capture([self.collector])
self.send_packets()
# make sure no one packet arrived in active timer span
self.wait_for_cflow_packet(self.collector, templates[1], 30,
expected=False)
self.collector.get_capture(0)
# enable IPFIX
ipfix.enable_exporter()
self.vapi.cli("ipfix flush")
templates = ipfix.verify_templates(ipfix_decoder, timeout=3)
self.send_packets()
# make sure the next packets (templates and data) we expect actually
# showed up
self.wait_for_cflow_packet(self.collector, templates[1], 30)
self.collector.get_capture(4)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0001")
def test_L3onIP6(self):
"""L3 data on IP6 datapath"""
self.logger.info("FFP_TEST_START_0002")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(
test=self,
intf=self.intf3,
layer="l3",
datapath="ip6",
direction=self.direction,
)
ipfix.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
# template packet should arrive immediately
templates = ipfix.verify_templates(ipfix_decoder, count=1)
self.create_stream(src_if=self.pg5,
dst_if=self.pg6,
packets=1,
ip_ver="IPv6")
capture = self.send_packets(src_if=self.pg5, dst_if=self.pg6)
# make sure the one packet we expect actually showed up
self.vapi.ipfix_flush()
cflow = self.wait_for_cflow_packet(self.collector, templates[0])
self.verify_cflow_data_detail(
ipfix_decoder,
capture,
cflow,
{
2: "packets",
27: "src_ip",
28: "dst_ip",
61: (self.direction == "tx")
},
ip_ver="v6",
)
# expected two templates and one cflow packet
self.collector.get_capture(2)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0002")
def test_0002(self):
""" timer=10s, less than template timeout"""
self.logger.info("FFP_TEST_START_0002")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self, active=20)
ipfix.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
# template packet should arrive immediately
templates = ipfix.verify_templates(ipfix_decoder, timeout=3)
self.create_stream()
capture = self.send_packets()
# make sure the one packet we expect actually showed up
cflow = self.wait_for_cflow_packet(self.collector, templates[1], 39)
self.verify_cflow_data(ipfix_decoder, capture, cflow)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0002")
def test_L3onL2(self):
"""L3 data on L2 datapath"""
self.logger.info("FFP_TEST_START_0002")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self,
intf=self.intf1,
layer="l3",
direction=self.direction)
ipfix.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
# template packet should arrive immediately
templates = ipfix.verify_templates(ipfix_decoder, count=2)
self.create_stream(packets=1)
capture = self.send_packets()
# make sure the one packet we expect actually showed up
self.vapi.ipfix_flush()
cflow = self.wait_for_cflow_packet(self.collector, templates[0])
self.verify_cflow_data_detail(
ipfix_decoder,
capture,
cflow,
{
2: "packets",
4: 17,
8: "src_ip",
12: "dst_ip",
61: (self.direction == "tx"),
},
)
self.collector.get_capture(3)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0002")
def test_0001(self):
""" no timers, one CFLOW packet, 9 Flows inside"""
self.logger.info("FFP_TEST_START_0001")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self)
ipfix.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
# template packet should arrive immediately
templates = ipfix.verify_templates(ipfix_decoder)
self.create_stream(packets=9)
capture = self.send_packets()
# make sure the one packet we expect actually showed up
self.vapi.cli("ipfix flush")
cflow = self.wait_for_cflow_packet(self.collector, templates[1])
self.verify_cflow_data_notimer(ipfix_decoder, capture, [cflow])
self.collector.get_capture(4)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0001")
def test_session_limit_per_user(self):
""" Deterministic NAT maximum sessions per user limit """
self.vapi.det44_add_del_map(is_add=1, in_addr=self.pg0.remote_ip4,
in_plen=32,
out_addr=socket.inet_aton(self.nat_addr),
out_plen=32)
self.vapi.det44_interface_add_del_feature(
sw_if_index=self.pg0.sw_if_index,
is_add=1, is_inside=1)
self.vapi.det44_interface_add_del_feature(
sw_if_index=self.pg1.sw_if_index,
is_add=1, is_inside=0)
self.vapi.set_ipfix_exporter(collector_address=self.pg2.remote_ip4,
src_address=self.pg2.local_ip4,
path_mtu=512,
template_interval=10)
self.vapi.nat_ipfix_enable_disable(domain_id=1, src_port=4739,
enable=1)
pkts = []
for port in range(1025, 2025):
p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) /
UDP(sport=port, dport=port))
pkts.append(p)
self.pg0.add_stream(pkts)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.pg1.get_capture(len(pkts))
p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) /
UDP(sport=3001, dport=3002))
self.pg0.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.pg1.assert_nothing_captured()
# verify ICMP error packet
capture = self.pg0.get_capture(1)
p = capture[0]
self.assertTrue(p.haslayer(ICMP))
icmp = p[ICMP]
self.assertEqual(icmp.type, 3)
self.assertEqual(icmp.code, 1)
self.assertTrue(icmp.haslayer(IPerror))
inner_ip = icmp[IPerror]
self.assertEqual(inner_ip[UDPerror].sport, 3001)
self.assertEqual(inner_ip[UDPerror].dport, 3002)
dms = self.vapi.det44_map_dump()
self.assertEqual(1000, dms[0].ses_num)
# verify IPFIX logging
self.vapi.ipfix_flush()
capture = self.pg2.get_capture(2)
ipfix = IPFIXDecoder()
# first load template
for p in capture:
self.assertTrue(p.haslayer(IPFIX))
if p.haslayer(Template):
ipfix.add_template(p.getlayer(Template))
# verify events in data set
for p in capture:
if p.haslayer(Data):
data = ipfix.decode_data_set(p.getlayer(Set))
self.verify_ipfix_max_entries_per_user(data,
1000,
self.pg0.remote_ip4)
self.vapi.nat_ipfix_enable_disable(domain_id=1, src_port=4739,
enable=0)
def test_cflow_packet(self):
"""verify cflow packet fields"""
self.logger.info("FFP_TEST_START_0000")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self,
intf='pg8',
datapath="ip4",
layer='l2 l3 l4',
active=2)
ipfix.add_vpp_config()
route_9001 = VppIpRoute(self, "9.0.0.0", 24, [
VppRoutePath(self.pg8._remote_hosts[0].ip4, self.pg8.sw_if_index)
])
route_9001.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
templates = ipfix.verify_templates(ipfix_decoder, count=1)
self.pkts = [
(Ether(dst=self.pg7.local_mac, src=self.pg7.remote_mac) /
IP(src=self.pg7.remote_ip4, dst="9.0.0.100") /
TCP(sport=1234, dport=4321, flags=80) / Raw('\xa5' * 100))
]
nowUTC = int(time.time())
nowUNIX = nowUTC + 2208988800
self.send_packets(src_if=self.pg7, dst_if=self.pg8)
cflow = self.wait_for_cflow_packet(self.collector, templates[0], 10)
self.collector.get_capture(2)
if cflow[0].haslayer(IPFIX):
self.assertEqual(cflow[IPFIX].version, 10)
self.assertEqual(cflow[IPFIX].observationDomainID, 1)
self.assertEqual(cflow[IPFIX].sequenceNumber, 0)
self.assertAlmostEqual(cflow[IPFIX].exportTime, nowUTC, delta=5)
if cflow.haslayer(Data):
record = ipfix_decoder.decode_data_set(cflow[0].getlayer(Set))[0]
# ingress interface
self.assertEqual(int(binascii.hexlify(record[10]), 16), 8)
# egress interface
self.assertEqual(int(binascii.hexlify(record[14]), 16), 9)
# packets
self.assertEqual(int(binascii.hexlify(record[2]), 16), 1)
# src mac
self.assertEqual(
':'.join(re.findall('..', record[56].encode('hex'))),
self.pg8.local_mac)
# dst mac
self.assertEqual(
':'.join(re.findall('..', record[80].encode('hex'))),
self.pg8.remote_mac)
flowTimestamp = int(binascii.hexlify(record[156]), 16) >> 32
# flow start timestamp
self.assertAlmostEqual(flowTimestamp, nowUNIX, delta=1)
flowTimestamp = int(binascii.hexlify(record[157]), 16) >> 32
# flow end timestamp
self.assertAlmostEqual(flowTimestamp, nowUNIX, delta=1)
# ethernet type
self.assertEqual(int(binascii.hexlify(record[256]), 16), 8)
# src ip
self.assertEqual(
'.'.join(re.findall('..', record[8].encode('hex'))),
'.'.join('{:02x}'.format(int(n))
for n in self.pg7.remote_ip4.split('.')))
# dst ip
self.assertEqual(
'.'.join(re.findall('..', record[12].encode('hex'))),
'.'.join('{:02x}'.format(int(n))
for n in "9.0.0.100".split('.')))
# protocol (TCP)
self.assertEqual(int(binascii.hexlify(record[4]), 16), 6)
# src port
self.assertEqual(int(binascii.hexlify(record[7]), 16), 1234)
# dst port
self.assertEqual(int(binascii.hexlify(record[11]), 16), 4321)
# tcp flags
self.assertEqual(int(binascii.hexlify(record[6]), 16), 80)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0000")
def test_cflow_packet(self):
"""verify cflow packet fields"""
self.logger.info("FFP_TEST_START_0000")
self.pg_enable_capture(self.pg_interfaces)
self.pkts = []
ipfix = VppCFLOW(test=self, intf='pg8', datapath="ip4",
layer='l2 l3 l4', active=2)
ipfix.add_vpp_config()
route_9001 = VppIpRoute(self, "9.0.0.0", 24,
[VppRoutePath(self.pg8._remote_hosts[0].ip4,
self.pg8.sw_if_index)])
route_9001.add_vpp_config()
ipfix_decoder = IPFIXDecoder()
templates = ipfix.verify_templates(ipfix_decoder, count=1)
self.pkts = [(Ether(dst=self.pg7.local_mac,
src=self.pg7.remote_mac) /
IP(src=self.pg7.remote_ip4, dst="9.0.0.100") /
TCP(sport=1234, dport=4321, flags=80) /
Raw('\xa5' * 100))]
nowUTC = int(time.time())
nowUNIX = nowUTC+2208988800
self.send_packets(src_if=self.pg7, dst_if=self.pg8)
cflow = self.wait_for_cflow_packet(self.collector, templates[0], 10)
self.collector.get_capture(2)
if cflow[0].haslayer(IPFIX):
self.assertEqual(cflow[IPFIX].version, 10)
self.assertEqual(cflow[IPFIX].observationDomainID, 1)
self.assertEqual(cflow[IPFIX].sequenceNumber, 0)
self.assertAlmostEqual(cflow[IPFIX].exportTime, nowUTC, delta=5)
if cflow.haslayer(Data):
record = ipfix_decoder.decode_data_set(cflow[0].getlayer(Set))[0]
# ingress interface
self.assertEqual(int(binascii.hexlify(record[10]), 16), 8)
# egress interface
self.assertEqual(int(binascii.hexlify(record[14]), 16), 9)
# packets
self.assertEqual(int(binascii.hexlify(record[2]), 16), 1)
# src mac
self.assertEqual(':'.join(re.findall('..', record[56].encode(
'hex'))), self.pg8.local_mac)
# dst mac
self.assertEqual(':'.join(re.findall('..', record[80].encode(
'hex'))), self.pg8.remote_mac)
flowTimestamp = int(binascii.hexlify(record[156]), 16) >> 32
# flow start timestamp
self.assertAlmostEqual(flowTimestamp, nowUNIX, delta=1)
flowTimestamp = int(binascii.hexlify(record[157]), 16) >> 32
# flow end timestamp
self.assertAlmostEqual(flowTimestamp, nowUNIX, delta=1)
# ethernet type
self.assertEqual(int(binascii.hexlify(record[256]), 16), 8)
# src ip
self.assertEqual('.'.join(re.findall('..', record[8].encode(
'hex'))),
'.'.join('{:02x}'.format(int(n)) for n in
self.pg7.remote_ip4.split('.')))
# dst ip
self.assertEqual('.'.join(re.findall('..', record[12].encode(
'hex'))),
'.'.join('{:02x}'.format(int(n)) for n in
"9.0.0.100".split('.')))
# protocol (TCP)
self.assertEqual(int(binascii.hexlify(record[4]), 16), 6)
# src port
self.assertEqual(int(binascii.hexlify(record[7]), 16), 1234)
# dst port
self.assertEqual(int(binascii.hexlify(record[11]), 16), 4321)
# tcp flags
self.assertEqual(int(binascii.hexlify(record[6]), 16), 80)
ipfix.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0000")