def do_counters_test(discard_group,
pkt,
ptfadapter,
duthost,
ports_info,
sniff_ports,
tx_dut_ports=None,
comparable_pkt=None):
"""
Execute test - send packet, check that expected discard counters were incremented and packet was dropped
@param discard_group: Supported 'discard_group' values: 'L2', 'L3', 'ACL', 'NO_DROPS'
@param pkt: PTF composed packet, sent by test case
@param ptfadapter: fixture
@param duthost: fixture
@param dut_iface: DUT interface name expected to receive packets from PTF
@param sniff_ports: DUT ports to check that packets were not egressed from
"""
check_if_skip()
base_verification(discard_group, pkt, ptfadapter, duthost, ports_info,
tx_dut_ports)
# Verify packets were not egresed the DUT
if discard_group != "NO_DROPS":
exp_pkt = expected_packet_mask(pkt)
testutils.verify_no_packet_any(ptfadapter,
exp_pkt,
ports=sniff_ports)
def test_acl_drop(do_test, ptfadapter, duthost, setup, tx_dut_ports,
pkt_fields, acl_setup, ports_info):
"""
@summary: Verify that DUT drops packet with SRC IP 20.0.0.0/24 matched by ingress ACL and ACL drop counter incremented
"""
if tx_dut_ports[ports_info["dut_iface"]] not in duthost.acl_facts(
)["ansible_facts"]["ansible_acl_facts"]["DATAACL"]["ports"]:
pytest.skip("RX DUT port absent in 'DATAACL' table")
ip_src = "20.0.0.5"
log_pkt_params(ports_info["dut_iface"], ports_info["dst_mac"],
ports_info["src_mac"], pkt_fields["ipv4_dst"], ip_src)
pkt = testutils.simple_tcp_packet(
eth_dst=ports_info["dst_mac"], # DUT port
eth_src=ports_info["src_mac"], # PTF port
ip_src=ip_src,
ip_dst=pkt_fields["ipv4_dst"],
tcp_sport=pkt_fields["tcp_sport"],
tcp_dport=pkt_fields["tcp_dport"])
base_verification("ACL", pkt, ptfadapter, duthost, ports_info,
tx_dut_ports)
# Verify packets were not egresed the DUT
exp_pkt = expected_packet_mask(pkt)
exp_pkt.set_do_not_care_scapy(packet.IP, 'ip_src')
testutils.verify_no_packet_any(ptfadapter,
exp_pkt,
ports=setup["neighbor_sniff_ports"])
def do_test(discard_group,
pkt,
ptfadapter,
duthost,
ptf_tx_port_id,
dut_iface,
sniff_ports,
l2_col_key=RX_DRP,
l3_col_key=RX_ERR):
"""
Execute test - send packet, check that expected discard counters were incremented and packet was dropped
@param discard_group: Supported 'discard_group' values: 'L2', 'L3', 'ACL'
@param pkt: PTF composed packet, sent by test case
@param ptfadapter: fixture
@param duthost: fixture
@param ptf_tx_port_id: TX PTF port ID
@param dut_iface: DUT interface name expected to receive packets from PTF
@param sniff_ports: DUT ports to check that packets were not egressed from
"""
base_verification(discard_group, pkt, ptfadapter, duthost, ptf_tx_port_id,
dut_iface, l2_col_key, l3_col_key)
# Verify packets were not egresed the DUT
exp_pkt = expected_packet_mask(pkt)
testutils.verify_no_packet_any(ptfadapter, exp_pkt, ports=sniff_ports)
def test_decap_standby_tor(apply_mock_dual_tor_tables,
apply_mock_dual_tor_kernel_configs,
apply_standby_state_to_orchagent,
build_encapsulated_packet, rand_selected_interface,
ptfadapter, tbinfo, rand_selected_dut,
tunnel_traffic_monitor):
tor = rand_selected_dut
encapsulated_packet = build_encapsulated_packet
iface, _ = rand_selected_interface
exp_ptf_port_index = get_ptf_server_intf_index(tor, tbinfo, iface)
exp_pkt = build_expected_packet_to_server(encapsulated_packet)
ptf_t1_intf = random.choice(get_t1_ptf_ports(tor, tbinfo))
logging.info("send encapsulated packet from ptf t1 interface %s",
ptf_t1_intf)
with tunnel_traffic_monitor(tor, existing=False):
testutils.send(ptfadapter,
int(ptf_t1_intf.strip("eth")),
encapsulated_packet,
count=1)
testutils.verify_no_packet_any(ptfadapter,
exp_pkt,
ports=[exp_ptf_port_index])
def send_and_verify_packet(ptfadapter, packet, expected_packet, tx_port, rx_ports, exp_recv):
ptfadapter.dataplane.flush()
testutils.send(ptfadapter, pkt=packet, port_id=tx_port)
if exp_recv:
testutils.verify_packet_any_port(ptfadapter, pkt=expected_packet, ports=rx_ports, timeout=5)
else:
testutils.verify_no_packet_any(ptfadapter, pkt=expected_packet, ports=rx_ports)
def _verify_acl_traffic(self, setup, direction, ptfadapter, pkt, dropped,
ip_version):
exp_pkt = self.expected_mask_routed_packet(pkt, ip_version)
if ip_version == "ipv4":
downstream_dst_port = DOWNSTREAM_IP_PORT_MAP.get(
pkt[packet.IP].dst)
else:
downstream_dst_port = DOWNSTREAM_IP_PORT_MAP.get(
pkt[packet.IPv6].dst)
ptfadapter.dataplane.flush()
testutils.send(ptfadapter, self.src_port, pkt)
if direction == "uplink->downlink" and downstream_dst_port:
if dropped:
testutils.verify_no_packet(ptfadapter, exp_pkt,
downstream_dst_port)
else:
testutils.verify_packet(ptfadapter, exp_pkt,
downstream_dst_port)
else:
if dropped:
testutils.verify_no_packet_any(ptfadapter,
exp_pkt,
ports=self.get_dst_ports(
setup, direction))
else:
testutils.verify_packet_any_port(ptfadapter,
exp_pkt,
ports=self.get_dst_ports(
setup, direction),
timeout=20)
def test_dst_ip_absent(ptfadapter, duthost, setup, tx_dut_ports, pkt_fields):
"""
@summary: Verify that packet with absent destination IP address is dropped and L3 drop cunter incremented
"""
dut_iface, ptf_tx_port_id, dst_mac, src_mac = get_test_ports_info(
ptfadapter, duthost, setup, tx_dut_ports)
log_pkt_params(dut_iface, dst_mac, src_mac, "", pkt_fields["ip_src"])
pkt = testutils.simple_tcp_packet(
eth_dst=dst_mac, # DUT port
eth_src=src_mac, # PTF port
ip_src=pkt_fields["ip_src"], # PTF source
ip_dst="", # DUT source
tcp_sport=pkt_fields["tcp_sport"],
tcp_dport=pkt_fields["tcp_dport"])
base_verification("L3", pkt, ptfadapter, duthost,
setup["combined_drop_counter"], ptf_tx_port_id,
tx_dut_ports[dut_iface])
# Verify packets were not egresed the DUT
exp_pkt = expected_packet_mask(pkt)
testutils.verify_no_packet_any(ptfadapter,
exp_pkt,
ports=setup["neighbor_sniff_ports"])
def test_vlan_tc1_send_untagged(
ptfadapter, work_vlan_ports_list,
toggle_all_simulator_ports_to_rand_selected_tor_m):
"""
Test case #1
Verify packets egress without tag from ports whose PVID same with ingress port
Verify packets egress with tag from ports who include VLAN ID but PVID different from ingress port.
"""
logger.info("Test case #1 starting ...")
for vlan_port in work_vlan_ports_list:
pkt = build_icmp_packet(0)
logger.info("Send untagged packet from {} ...".format(
vlan_port["port_index"][0]))
logger.info(
pkt.sprintf("%Ether.src% %IP.src% -> %Ether.dst% %IP.dst%"))
if vlan_port['pvid'] != 0:
testutils.send(ptfadapter, vlan_port["port_index"][0], pkt)
verify_icmp_packets(ptfadapter, work_vlan_ports_list, vlan_port,
vlan_port["pvid"])
else:
exp_pkt = Mask(pkt)
exp_pkt.set_do_not_care_scapy(scapy.Dot1Q, "vlan")
dst_ports = []
for port in work_vlan_ports_list:
dst_ports += port["port_index"] if port != vlan_port else []
testutils.send(ptfadapter, vlan_port["port_index"][0], pkt)
logger.info("Check on " + str(dst_ports) + "...")
testutils.verify_no_packet_any(ptfadapter, exp_pkt, dst_ports)
def test_vlan_tc3_send_invalid_vid(ptfadapter, vlan_ports_list):
"""
Test case #3
Send packets with invalid VLAN ID
Verify no port can receive these pacekts
"""
logger.info("Test case #3 starting ...")
invalid_tagged_pkt = build_icmp_packet(4095)
masked_invalid_tagged_pkt = Mask(invalid_tagged_pkt)
masked_invalid_tagged_pkt.set_do_not_care_scapy(scapy.Dot1Q, "vlan")
for vlan_port in vlan_ports_list:
src_port = vlan_port["port_index"]
dst_ports = [
port["port_index"] for port in vlan_ports_list if port != vlan_port
]
logger.info("Send invalid tagged packet " + " from " + str(src_port) +
"...")
logger.info(
invalid_tagged_pkt.sprintf(
"%Ether.src% %IP.src% -> %Ether.dst% %IP.dst%"))
testutils.send(ptfadapter, src_port, invalid_tagged_pkt)
logger.info("Check on " + str(dst_ports) + "...")
testutils.verify_no_packet_any(ptfadapter, masked_invalid_tagged_pkt,
dst_ports)
def test_unmatched_blocked(self, setup, direction, ptfadapter):
""" verify that unmatched packet is dropped """
pkt = self.tcp_packet(setup, direction, ptfadapter)
exp_pkt = self.expected_mask_routed_packet(pkt)
testutils.send(ptfadapter, self.get_src_port(setup, direction), pkt)
testutils.verify_no_packet_any(ptfadapter, exp_pkt, ports=self.get_dst_ports(setup, direction))
def generate_and_verify_traffic(duthost, ptfadapter, src_port, dst_port,
ip_src, ip_dst, pkt_action):
"""
Send ICMP request packet from PTF to DUT and
verify that DUT sends/doesn't send ICMP reply packet to PTF.
Args:
duthost: DUT host object
ptfadapter: PTF adapter
src_port: Port of PTF
dst_port: Port of DUT
ip_src: Source IP address of PTF
ip_dst: Destination IP address of DUT
pkt_action: Packet action (forwarded or drop)
"""
router_mac = get_mac_dut(duthost, dst_port)
src_port_number = int(get_port_number(src_port))
src_mac = ptfadapter.dataplane.get_mac(0, src_port_number)
# Get VLAN ID from name of sub-port
vlan_vid = int(src_port.split('.')[1])
ip_src = ip_src.split('/')[0]
ip_dst = ip_dst.split('/')[0]
# Create ICMP request packet
pkt = create_packet(eth_dst=router_mac,
eth_src=src_mac,
ip_src=ip_src,
ip_dst=ip_dst,
vlan_vid=vlan_vid,
dl_vlan_enable=True)
# Define ICMP reply packet
exp_pkt = create_packet(eth_src=router_mac,
eth_dst=src_mac,
ip_src=ip_dst,
ip_dst=ip_src,
vlan_vid=vlan_vid,
dl_vlan_enable=True,
icmp_type=0)
masked_exp_pkt = mask.Mask(exp_pkt)
masked_exp_pkt.set_do_not_care_scapy(packet.IP, "id")
masked_exp_pkt.set_do_not_care_scapy(packet.IP, "chksum")
masked_exp_pkt.set_do_not_care_scapy(packet.IP, "ttl")
masked_exp_pkt.set_do_not_care_scapy(packet.ICMP, "chksum")
ptfadapter.dataplane.flush()
testutils.send_packet(ptfadapter, src_port_number, pkt)
dst_port_list = [src_port_number]
if pkt_action == ACTION_FWD:
testutils.verify_packet_any_port(ptfadapter, masked_exp_pkt,
dst_port_list)
elif pkt_action == ACTION_DROP:
testutils.verify_no_packet_any(ptfadapter, masked_exp_pkt,
dst_port_list)
def send_and_check_mirror_packets(self,
setup,
mirror_session,
ptfadapter,
duthost,
mirror_packet,
src_port=None,
dest_ports=None,
expect_recv=True):
expected_mirror_packet = self._get_expected_mirror_packet(
mirror_session, setup, duthost, mirror_packet)
if not src_port:
src_port = self._get_random_src_port(setup)
if not dest_ports:
dest_ports = [
self._get_monitor_port(setup, mirror_session, duthost)
]
ptfadapter.dataplane.flush()
testutils.send(ptfadapter, src_port, mirror_packet)
if expect_recv:
_, received_packet = testutils.verify_packet_any_port(
ptfadapter, expected_mirror_packet, ports=dest_ports)
logging.info("Received packet: %s",
packet.Ether(received_packet).summary())
inner_packet = self._extract_mirror_payload(
received_packet, len(mirror_packet))
logging.info("Received inner packet: %s", inner_packet.summary())
inner_packet = Mask(inner_packet)
# For egress mirroring, we expect the DUT to have modified the packet
# before forwarding it. Specifically:
#
# - In L2 the SMAC and DMAC will change.
# - In L3 the TTL and checksum will change.
#
# We know what the TTL and SMAC should be after going through the pipeline,
# but DMAC and checksum are trickier. For now, update the TTL and SMAC, and
# mask off the DMAC and IP Checksum to verify the packet contents.
if self.mirror_type() == "egress":
mirror_packet[packet.IP].ttl -= 1
mirror_packet[packet.Ether].src = setup["router_mac"]
inner_packet.set_do_not_care_scapy(packet.Ether, "dst")
inner_packet.set_do_not_care_scapy(packet.IP, "chksum")
logging.info("Expected inner packet: %s", mirror_packet.summary())
pytest_assert(inner_packet.pkt_match(mirror_packet),
"Mirror payload does not match received packet")
else:
testutils.verify_no_packet_any(ptfadapter, expected_mirror_packet,
dest_ports)
def _verify_acl_traffic(self, setup, direction, ptfadapter, pkt, dropped):
exp_pkt = self.expected_mask_routed_packet(pkt)
ptfadapter.dataplane.flush()
testutils.send(ptfadapter, self.get_src_port(setup, direction), pkt)
if dropped:
testutils.verify_no_packet_any(ptfadapter, exp_pkt, ports=self.get_dst_ports(setup, direction))
else:
testutils.verify_packet_any_port(ptfadapter, exp_pkt, ports=self.get_dst_ports(setup, direction))
def test_rules_priority_dropped(self, setup, direction, ptfadapter, counters_sanity_check):
""" test rules priorities, drop rule case """
pkt = self.tcp_packet(setup, direction, ptfadapter)
pkt['IP'].src = '20.0.0.3'
exp_pkt = self.expected_mask_routed_packet(pkt)
testutils.send(ptfadapter, self.get_src_port(setup, direction), pkt)
testutils.verify_no_packet_any(ptfadapter, exp_pkt, ports=self.get_dst_ports(setup, direction))
counters_sanity_check.append(7)
def test_dest_ip_match_dropped(self, setup, direction, ptfadapter, counters_sanity_check):
""" test destination IP matched packet dropped """
pkt = self.tcp_packet(setup, direction, ptfadapter)
pkt['IP'].dst = DST_IP_TOR_BLOCKED if direction == 'spine->tor' else DST_IP_SPINE_BLOCKED
exp_pkt = self.expected_mask_routed_packet(pkt)
testutils.send(ptfadapter, self.get_src_port(setup, direction), pkt)
testutils.verify_no_packet_any(ptfadapter, exp_pkt, ports=self.get_dst_ports(setup, direction))
counters_sanity_check.append(15 if direction == 'spine->tor' else 16)
def test_icmp_source_ip_match_dropped(self, setup, direction, ptfadapter, counters_sanity_check):
""" test ICMP source IP matched packet dropped """
pkt = self.icmp_packet(setup, direction, ptfadapter)
pkt['IP'].src = '20.0.0.8'
exp_pkt = self.expected_mask_routed_packet(pkt)
testutils.send(ptfadapter, self.get_src_port(setup, direction), pkt)
testutils.verify_no_packet_any(ptfadapter, exp_pkt, ports=self.get_dst_ports(setup, direction))
counters_sanity_check.append(25)
def test_ip_proto_match_dropped(self, setup, direction, ptfadapter, counters_sanity_check):
""" test IP protocol matched packet dropped """
pkt = self.tcp_packet(setup, direction, ptfadapter)
pkt['IP'].proto = 0x7F
exp_pkt = self.expected_mask_routed_packet(pkt)
testutils.send(ptfadapter, self.get_src_port(setup, direction), pkt)
testutils.verify_no_packet_any(ptfadapter, exp_pkt, ports=self.get_dst_ports(setup, direction))
counters_sanity_check.append(18)
def test_l4_sport_match_dropped(self, setup, direction, ptfadapter, counters_sanity_check):
""" test L4 source port matched packet dropped """
pkt = self.tcp_packet(setup, direction, ptfadapter)
pkt['TCP'].sport = 0x1271
exp_pkt = self.expected_mask_routed_packet(pkt)
testutils.send(ptfadapter, self.get_src_port(setup, direction), pkt)
testutils.verify_no_packet_any(ptfadapter, exp_pkt, ports=self.get_dst_ports(setup, direction))
counters_sanity_check.append(10)
def test_tcp_flags_match_dropped(self, setup, direction, ptfadapter, counters_sanity_check):
""" test TCP flags matched packet dropped """
pkt = self.tcp_packet(setup, direction, ptfadapter)
pkt['TCP'].flags = 0x24
exp_pkt = self.expected_mask_routed_packet(pkt)
testutils.send(ptfadapter, self.get_src_port(setup, direction), pkt)
testutils.verify_no_packet_any(ptfadapter, exp_pkt, ports=self.get_dst_ports(setup, direction))
counters_sanity_check.append(5)
def test_udp_source_ip_match_dropped(self, setup, direction, ptfadapter, counters_sanity_check):
""" test UDP destination IP matched packet dropped """
pkt = self.udp_packet(setup, direction, ptfadapter)
pkt['IP'].src = '20.0.0.8'
exp_pkt = self.expected_mask_routed_packet(pkt)
ptfadapter.dataplane.flush()
testutils.send(ptfadapter, self.get_src_port(setup, direction), pkt)
testutils.verify_no_packet_any(ptfadapter, exp_pkt, ports=self.get_dst_ports(setup, direction))
counters_sanity_check.append(26)
def test_l4_dport_match_dropped(self, setup, direction, ptfadapter, counters_sanity_check):
""" test L4 destination port matched packet dropped """
pkt = self.tcp_packet(setup, direction, ptfadapter)
pkt['TCP'].dport = 0x127B
exp_pkt = self.expected_mask_routed_packet(pkt)
ptfadapter.dataplane.flush()
testutils.send(ptfadapter, self.get_src_port(setup, direction), pkt)
testutils.verify_no_packet_any(ptfadapter, exp_pkt, ports=self.get_dst_ports(setup, direction))
counters_sanity_check.append(22)
def runTest(self):
"""
Test run and verification
"""
self._constructPacket()
logger.info("Clear all counters before test run")
self.duthost.command("sonic-clear counters")
time.sleep(1)
logger.info("Collect drop counters before test run")
self._verifyIntfCounters(pretest=True)
for pkt, exp_pkt in zip(self.pkts, self.exp_pkts):
self.ptfadapter.dataplane.flush()
src_port = self.ptf_pc_ports[self.pkt_map[pkt]][0]
logger.info("Sending traffic on intf {}".format(self.pkt_map[pkt]))
testutils.send(self.ptfadapter, src_port, pkt, count=TEST_PKT_CNT)
testutils.verify_no_packet_any(self.ptfadapter, exp_pkt, ports=self.ptf_vlan_ports)
logger.info("Collect and verify drop counters after test run")
self._verifyIntfCounters()
def check_ipv4_route(self, src_port, dst_ip_addr, dst_port_list):
'''
@summary: Check IPv4 route works.
@param src_port: index of port to use for sending packet to switch
@param dest_ip_addr: destination IP to build packet with.
@param dst_port_list: list of ports on which to expect packet to come back from the switch
'''
sport = random.randint(0, 65535)
dport = random.randint(0, 65535)
ip_src = "30.0.0.1"
ip_dst = dst_ip_addr
src_mac = self.dataplane.get_mac(0, src_port)
router_mac = self.ptf_test_port_map[str(src_port)]['target_mac']
exp_router_mac = self.router_macs[self.ptf_test_port_map[str(src_port)]
['target_dut']]
pkt = simple_tcp_packet(pktlen=self.pktlen,
eth_dst=router_mac,
eth_src=src_mac,
ip_src=ip_src,
ip_dst=ip_dst,
tcp_sport=sport,
tcp_dport=dport,
ip_ttl=self.ttl,
ip_options=self.ip_options,
dl_vlan_enable=self.src_vid is not None,
vlan_vid=self.src_vid or 0)
exp_pkt = simple_tcp_packet(self.pktlen,
eth_src=exp_router_mac,
ip_src=ip_src,
ip_dst=ip_dst,
tcp_sport=sport,
tcp_dport=dport,
ip_ttl=max(self.ttl - 1, 0),
ip_options=self.ip_options,
dl_vlan_enable=self.dst_vid is not None,
vlan_vid=self.dst_vid or 0)
masked_exp_pkt = Mask(exp_pkt)
masked_exp_pkt.set_do_not_care_scapy(scapy.Ether, "dst")
# mask the chksum also if masking the ttl
if self.ignore_ttl:
masked_exp_pkt.set_do_not_care_scapy(scapy.IP, "ttl")
masked_exp_pkt.set_do_not_care_scapy(scapy.IP, "chksum")
masked_exp_pkt.set_do_not_care_scapy(scapy.TCP, "chksum")
send_packet(self, src_port, pkt)
logging.info('Sent Ether(src={}, dst={})/IP(src={}, dst={})/TCP(sport={}, dport={}) on port {}'\
.format(pkt.src,
pkt.dst,
pkt['IP'].src,
pkt['IP'].dst,
sport,
dport,
src_port))
logging.info('Expect Ether(src={}, dst={})/IP(src={}, dst={})/TCP(sport={}, dport={})'\
.format(exp_router_mac,
'any',
ip_src,
ip_dst,
sport,
dport))
if self.pkt_action == self.ACTION_FWD:
return verify_packet_any_port(self, masked_exp_pkt, dst_port_list)
elif self.pkt_action == self.ACTION_DROP:
return verify_no_packet_any(self, masked_exp_pkt, dst_port_list)
def verify_upstream_traffic(host,
ptfadapter,
tbinfo,
itfs,
server_ip,
pkt_num=100,
drop=False):
"""
@summary: Helper function for verifying upstream packets
@param host: The dut host
@param ptfadapter: The ptfadapter fixture
@param tbinfo: The tbinfo fixture
@param ifts: The interface name on DUT
@param server_ip: The IP address of server
@param pkt_num: The number of packets to generete and tx
@param drop: Packets are expected to be dropped if drop is True, and vice versa
@return: No return value. An exception will be raised if verify fails.
"""
random_ip = generate_ip_through_default_route(host).split('/')[0]
vlan_table = host.get_running_config_facts()['VLAN']
vlan_name = list(vlan_table.keys())[0]
vlan_mac = host.get_dut_iface_mac(vlan_name)
router_mac = host.facts['router_mac']
# Generate packets from server to a random IP address, which goes default routes
pkt = testutils.simple_ip_packet(eth_dst=vlan_mac,
ip_src=server_ip,
ip_dst=random_ip)
# Generate packet forwarded to portchannels
pkt_copy = pkt.copy()
pkt_copy[Ether].src = router_mac
exp_pkt = mask.Mask(pkt_copy)
exp_pkt.set_do_not_care_scapy(Ether, "dst")
exp_pkt.set_do_not_care_scapy(IP, "dst")
exp_pkt.set_do_not_care_scapy(IP, "ihl")
exp_pkt.set_do_not_care_scapy(IP, "tos")
exp_pkt.set_do_not_care_scapy(IP, "len")
exp_pkt.set_do_not_care_scapy(IP, "id")
exp_pkt.set_do_not_care_scapy(IP, "flags")
exp_pkt.set_do_not_care_scapy(IP, "frag")
exp_pkt.set_do_not_care_scapy(IP, "ttl")
exp_pkt.set_do_not_care_scapy(IP, "proto")
exp_pkt.set_do_not_care_scapy(IP, "chksum")
exp_pkt.set_ignore_extra_bytes()
port_channels = get_t1_ptf_pc_ports(host, tbinfo)
rx_ports = []
for v in port_channels.values():
rx_ports += v
rx_ports = [int(x.strip('eth')) for x in rx_ports]
mg_facts = host.get_extended_minigraph_facts(tbinfo)
tx_port = mg_facts['minigraph_ptf_indices'][itfs]
logger.info(
"Verifying upstream traffic. packet number = {} interface = {} server_ip = {} expect_drop = {}"
.format(pkt_num, itfs, server_ip, drop))
for i in range(0, pkt_num):
ptfadapter.dataplane.flush()
testutils.send(ptfadapter, tx_port, pkt, count=1)
if drop:
testutils.verify_no_packet_any(ptfadapter, exp_pkt, rx_ports)
else:
testutils.verify_packet_any_port(ptfadapter, exp_pkt, rx_ports)
def send_and_check_mirror_packets(self,
setup,
mirror_session,
ptfadapter,
duthost,
mirror_packet,
src_port=None,
dest_ports=None,
expect_recv=True,
valid_across_namespace=True):
expected_mirror_packet = self._get_expected_mirror_packet(
mirror_session, setup, duthost, mirror_packet)
if not src_port:
src_port = self._get_random_src_port(setup)
if not dest_ports:
dest_ports = [
self._get_monitor_port(setup, mirror_session, duthost)
]
# In Below logic idea is to send traffic in such a way so that mirror traffic
# will need to go across namespaces and within namespace. If source and mirror destination
# namespace are different then traffic mirror will go across namespace via (backend asic)
# else via same namespace(asic)
src_port_namespace = self._get_port_namespace(setup, int(src_port))
dest_ports_namespace = self._get_port_namespace(
setup, int(dest_ports[0]))
src_port_set = set()
# Some of test scenario are not valid across namespaces so test will explicltly pass
# valid_across_namespace as False (default is True)
if valid_across_namespace == True or src_port_namespace == dest_ports_namespace:
src_port_set.add(src_port)
# To verify same namespace mirroring we will add destination port also to the Source Port Set
if src_port_namespace != dest_ports_namespace:
src_port_set.add(dest_ports[0])
# Loop through Source Port Set and send traffic on each source port of the set
for src_port in src_port_set:
ptfadapter.dataplane.flush()
testutils.send(ptfadapter, src_port, mirror_packet)
if expect_recv:
_, received_packet = testutils.verify_packet_any_port(
ptfadapter, expected_mirror_packet, ports=dest_ports)
logging.info("Received packet: %s",
packet.Ether(received_packet).summary())
inner_packet = self._extract_mirror_payload(
received_packet, len(mirror_packet))
logging.info("Received inner packet: %s",
inner_packet.summary())
inner_packet = Mask(inner_packet)
# For egress mirroring, we expect the DUT to have modified the packet
# before forwarding it. Specifically:
#
# - In L2 the SMAC and DMAC will change.
# - In L3 the TTL and checksum will change.
#
# We know what the TTL and SMAC should be after going through the pipeline,
# but DMAC and checksum are trickier. For now, update the TTL and SMAC, and
# mask off the DMAC and IP Checksum to verify the packet contents.
if self.mirror_type() == "egress":
mirror_packet[packet.IP].ttl -= 1
mirror_packet[packet.Ether].src = setup["router_mac"]
inner_packet.set_do_not_care_scapy(packet.Ether, "dst")
inner_packet.set_do_not_care_scapy(packet.IP, "chksum")
logging.info("Expected inner packet: %s",
mirror_packet.summary())
pytest_assert(inner_packet.pkt_match(mirror_packet),
"Mirror payload does not match received packet")
else:
testutils.verify_no_packet_any(ptfadapter,
expected_mirror_packet,
dest_ports)
def generate_and_verify_icmp_traffic(duthost,
ptfadapter,
src_port,
dst_port,
ip_src,
ip_dst,
pkt_action,
tr_type,
ttl=64,
untagged_icmp_request=False):
"""
Send ICMP request packet from PTF to DUT and
verify that DUT sends/doesn't send ICMP reply packet to PTF.
Args:
duthost: DUT host object
ptfadapter: PTF adapter
src_port: Port of PTF
dst_port: Port of DUT
ip_src: Source IP address of PTF
ip_dst: Destination IP address of DUT
pkt_action: Packet action (forwarded or drop)
tr_type: Type of traffic (TCP or UDP)
ttl: Time to live
untagged_icmp_request: send untagged ICMP request if True
"""
vlan_vid = None
dl_vlan_enable = False
router_mac = duthost.facts['router_mac']
src_port_number = int(get_port_number(src_port))
src_mac = ptfadapter.dataplane.get_mac(0, src_port_number)
# Get VLAN ID from name of sub-port
if '.' in src_port:
vlan_vid = int(src_port.split('.')[1])
dl_vlan_enable = True
ip_src = ip_src.split('/')[0]
ip_dst = ip_dst.split('/')[0]
# Create ICMP request packet
pkt = create_packet(eth_dst=router_mac,
eth_src=src_mac,
ip_src=ip_src,
ip_dst=ip_dst,
vlan_vid=vlan_vid,
dl_vlan_enable=not untagged_icmp_request
and dl_vlan_enable,
tr_type=tr_type,
ttl=64)
# Define ICMP reply packet
exp_pkt = create_packet(eth_src=router_mac,
eth_dst=src_mac,
ip_src=ip_dst,
ip_dst=ip_src,
vlan_vid=vlan_vid,
dl_vlan_enable=dl_vlan_enable,
icmp_type=0,
tr_type=tr_type,
ttl=ttl)
masked_exp_pkt = mask.Mask(exp_pkt)
masked_exp_pkt.set_do_not_care_scapy(packet.IP, "id")
masked_exp_pkt.set_do_not_care_scapy(packet.IP, "chksum")
masked_exp_pkt.set_do_not_care_scapy(packet.ICMP, "chksum")
ptfadapter.dataplane.flush()
time.sleep(1)
testutils.send_packet(ptfadapter, src_port_number, pkt)
dst_port_list = [src_port_number]
if pkt_action == ACTION_FWD:
testutils.verify_packet_any_port(ptfadapter, masked_exp_pkt,
dst_port_list)
elif pkt_action == ACTION_DROP:
testutils.verify_no_packet_any(ptfadapter, masked_exp_pkt,
dst_port_list)
def test_encap(self,
ptf_port,
vni,
ptf_addr,
destination,
nhs,
test_ecn=False,
vlan=0):
rv = True
try:
pkt_len = self.DEFAULT_PKT_LEN
if 'vlan' != 0:
tagged = True
pkt_len += 4
else:
tagged = False
options = {'ip_ecn': 0}
options_v6 = {'ipv6_ecn': 0}
if test_ecn:
ecn = random.randint(0, 3)
options = {'ip_ecn': ecn}
options_v6 = {'ipv6_ecn': ecn}
# ECMP support, assume it is a string of comma seperated list of addresses.
returned_ip_addresses = {}
check_ecmp = False
for host_address in nhs:
check_ecmp = True
# This will ensure that every nh is used atleast once.
for i in range(self.packet_count):
tcp_sport = get_incremental_value('tcp_sport')
valid_combination = True
if isinstance(ip_address(destination),
ipaddress.IPv4Address) and isinstance(
ip_address(ptf_addr),
ipaddress.IPv4Address):
pkt_opts = {
"pktlen": pkt_len,
"eth_dst": self.dut_mac,
"eth_src": self.ptf_mac_addrs['eth%d' % ptf_port],
"ip_dst": destination,
"ip_src": ptf_addr,
"ip_id": 105,
"ip_ttl": 64,
"tcp_sport": tcp_sport,
"tcp_dport": VARS['tcp_dport']
}
pkt_opts.update(options)
pkt = simple_tcp_packet(**pkt_opts)
pkt_opts['ip_ttl'] = 63
pkt_opts['eth_src'] = self.dut_mac
exp_pkt = simple_tcp_packet(**pkt_opts)
elif isinstance(ip_address(destination),
ipaddress.IPv6Address) and isinstance(
ip_address(ptf_addr),
ipaddress.IPv6Address):
pkt_opts = {
"pktlen": pkt_len,
"eth_dst": self.dut_mac,
"eth_src": self.ptf_mac_addrs['eth%d' % ptf_port],
"ipv6_dst": destination,
"ipv6_src": ptf_addr,
"ipv6_hlim": 64,
"tcp_sport": tcp_sport,
"tcp_dport": VARS['tcp_dport']
}
pkt_opts.update(options_v6)
pkt = simple_tcpv6_packet(**pkt_opts)
pkt_opts['ipv6_hlim'] = 63
pkt_opts['eth_src'] = self.dut_mac
exp_pkt = simple_tcpv6_packet(**pkt_opts)
else:
valid_combination = False
udp_sport = 1234 # Use entropy_hash(pkt), it will be ignored in the test later.
udp_dport = self.vxlan_port
if isinstance(ip_address(host_address),
ipaddress.IPv4Address):
encap_pkt = simple_vxlan_packet(
eth_src=self.dut_mac,
eth_dst=self.random_mac,
ip_id=0,
ip_src=self.loopback_ipv4,
ip_dst=host_address,
ip_ttl=128,
udp_sport=udp_sport,
udp_dport=udp_dport,
with_udp_chksum=False,
vxlan_vni=vni,
inner_frame=exp_pkt,
**options)
encap_pkt[scapy.IP].flags = 0x2
elif isinstance(ip_address(host_address),
ipaddress.IPv6Address):
encap_pkt = simple_vxlanv6_packet(
eth_src=self.dut_mac,
eth_dst=self.random_mac,
ipv6_src=self.loopback_ipv6,
ipv6_dst=host_address,
udp_sport=udp_sport,
udp_dport=udp_dport,
with_udp_chksum=False,
vxlan_vni=vni,
inner_frame=exp_pkt,
**options_v6)
send_packet(self, ptf_port, str(pkt))
masked_exp_pkt = Mask(encap_pkt)
masked_exp_pkt.set_do_not_care_scapy(scapy.Ether, "src")
masked_exp_pkt.set_do_not_care_scapy(scapy.Ether, "dst")
if isinstance(ip_address(host_address),
ipaddress.IPv4Address):
masked_exp_pkt.set_do_not_care_scapy(scapy.IP, "ttl")
masked_exp_pkt.set_do_not_care_scapy(
scapy.IP, "chksum")
masked_exp_pkt.set_do_not_care_scapy(scapy.IP, "dst")
else:
masked_exp_pkt.set_do_not_care_scapy(
scapy.IPv6, "hlim")
masked_exp_pkt.set_do_not_care_scapy(
scapy.IPv6, "chksum")
masked_exp_pkt.set_do_not_care_scapy(scapy.IPv6, "dst")
masked_exp_pkt.set_do_not_care_scapy(scapy.UDP, "sport")
masked_exp_pkt.set_do_not_care_scapy(scapy.UDP, "chksum")
logger.info("Sending packet from port " + str(ptf_port) +
" to " + destination)
if self.expect_encap_success:
_, received_pkt = verify_packet_any_port(
self, masked_exp_pkt, self.t2_ports)
scapy_pkt = scapy.Ether(received_pkt)
# Store every destination that was received.
if isinstance(ip_address(host_address),
ipaddress.IPv6Address):
dest_ip = scapy_pkt['IPv6'].dst
else:
dest_ip = scapy_pkt['IP'].dst
try:
returned_ip_addresses[
dest_ip] = returned_ip_addresses[dest_ip] + 1
except KeyError:
returned_ip_addresses[dest_ip] = 1
else:
check_ecmp = False
logger.info("Verifying no packet")
verify_no_packet_any(self, masked_exp_pkt,
self.t2_ports)
# Verify ECMP:
if check_ecmp:
self.verify_all_addresses_used_equally(nhs,
returned_ip_addresses)
pkt.load = '0' * 60 + str(len(self.packets))
self.packets.append((ptf_port, str(pkt).encode("base64")))
finally:
logger.info("")
def check_ipv6_route(self, src_port, dst_ip_addr, dst_port_list):
'''
@summary: Check IPv6 route works.
@param source_port_index: index of port to use for sending packet to switch
@param dest_ip_addr: destination IP to build packet with.
@param dst_port_list: list of ports on which to expect packet to come back from the switch
@return Boolean
'''
sport = random.randint(0, 65535)
dport = random.randint(0, 65535)
ip_src = '2000:0030::1'
ip_dst = dst_ip_addr
src_mac = self.dataplane.get_mac(0, src_port)
router_mac = self.ptf_test_port_map[str(src_port)]['target_mac']
exp_router_mac = self.router_macs[self.ptf_test_port_map[str(src_port)]['target_dut']]
pkt = simple_tcpv6_packet(
pktlen=self.pktlen,
eth_dst=router_mac,
eth_src=src_mac,
ipv6_dst=ip_dst,
ipv6_src=ip_src,
tcp_sport=sport,
tcp_dport=dport,
ipv6_hlim=self.ttl,
dl_vlan_enable=self.src_vid is not None,
vlan_vid=self.src_vid or 0)
exp_pkt = simple_tcpv6_packet(
pktlen=self.pktlen,
eth_src=exp_router_mac,
ipv6_dst=ip_dst,
ipv6_src=ip_src,
tcp_sport=sport,
tcp_dport=dport,
ipv6_hlim=max(self.ttl-1, 0),
dl_vlan_enable=self.dst_vid is not None,
vlan_vid=self.dst_vid or 0)
masked_exp_pkt = Mask(exp_pkt)
masked_exp_pkt.set_do_not_care_scapy(scapy.Ether,"dst")
send_packet(self, src_port, pkt)
logging.info('Sent Ether(src={}, dst={})/IPv6(src={}, dst={})/TCP(sport={}, dport={})'\
.format(pkt.src,
pkt.dst,
pkt['IPv6'].src,
pkt['IPv6'].dst,
sport,
dport))
logging.info('Expect Ether(src={}, dst={})/IPv6(src={}, dst={})/TCP(sport={}, dport={})'\
.format(exp_router_mac,
'any',
ip_src,
ip_dst,
sport,
dport))
if self.pkt_action == self.ACTION_FWD:
return verify_packet_any_port(self, masked_exp_pkt, dst_port_list)
elif self.pkt_action == self.ACTION_DROP:
return verify_no_packet_any(self, masked_exp_pkt, dst_port_list)
def check_ipv6_route(self, src_port, dst_ip_addr, dst_port_list):
'''
@summary: Check IPv6 route works.
@param source_port_index: index of port to use for sending packet to switch
@param dest_ip_addr: destination IP to build packet with.
@param dst_port_list: list of ports on which to expect packet to come back from the switch
@return Boolean
'''
sport = random.randint(0, 65535)
dport = random.randint(0, 65535)
ip_src = '2000:0030::1'
ip_dst = dst_ip_addr
src_mac = self.dataplane.get_mac(0, src_port)
router_mac = self.ptf_test_port_map[str(src_port)]['target_mac']
pkt = simple_tcpv6_packet(pktlen=self.pktlen,
eth_dst=router_mac,
eth_src=src_mac,
ipv6_dst=ip_dst,
ipv6_src=ip_src,
tcp_sport=sport,
tcp_dport=dport,
ipv6_hlim=self.ttl,
dl_vlan_enable=self.src_vid is not None,
vlan_vid=self.src_vid or 0)
exp_pkt = simple_tcpv6_packet(pktlen=self.pktlen,
ipv6_dst=ip_dst,
ipv6_src=ip_src,
tcp_sport=sport,
tcp_dport=dport,
ipv6_hlim=max(self.ttl - 1, 0),
dl_vlan_enable=self.dst_vid is not None,
vlan_vid=self.dst_vid or 0)
masked_exp_pkt = Mask(exp_pkt)
masked_exp_pkt.set_do_not_care_scapy(scapy.Ether, "dst")
masked_exp_pkt.set_do_not_care_scapy(scapy.Ether, "src")
# mask the chksum also if masking the ttl
if self.ignore_ttl:
masked_exp_pkt.set_do_not_care_scapy(scapy.IPv6, "hlim")
masked_exp_pkt.set_do_not_care_scapy(scapy.IPv6, "chksum")
masked_exp_pkt.set_do_not_care_scapy(scapy.TCP, "chksum")
send_packet(self, src_port, pkt)
logging.info('Sent Ether(src={}, dst={})/IPv6(src={}, dst={})/TCP(sport={}, dport={}) on port {}'\
.format(pkt.src,
pkt.dst,
pkt['IPv6'].src,
pkt['IPv6'].dst,
sport,
dport,
src_port))
logging.info('Expect Ether(src={}, dst={})/IPv6(src={}, dst={})/TCP(sport={}, dport={})'\
.format('any',
'any',
ip_src,
ip_dst,
sport,
dport))
if self.pkt_action == self.ACTION_FWD:
rcvd_port, rcvd_pkt = verify_packet_any_port(
self, masked_exp_pkt, dst_port_list)
exp_src_mac = self.router_macs[self.ptf_test_port_map[str(
dst_port_list[rcvd_port])]['target_dut']]
actual_src_mac = Ether(rcvd_pkt).src
if actual_src_mac != exp_src_mac:
raise Exception(
"Pkt sent from {} to {} on port {} was rcvd pkt on {} which is one of the expected ports, "
"but the src mac doesn't match, expected {}, got {}".
format(ip_src, ip_dst, src_port, dst_port_list[rcvd_port],
exp_src_mac, actual_src_mac))
return (rcvd_port, rcvd_pkt)
elif self.pkt_action == self.ACTION_DROP:
return verify_no_packet_any(self, masked_exp_pkt, dst_port_list)
