diff --git a/autotest/units/001_one_port/050_firewall_state_resend/001-expect.pcap b/autotest/units/001_one_port/050_firewall_state_resend/001-expect.pcap new file mode 100644 index 00000000..0641abe4 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/001-expect.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/001-send.pcap b/autotest/units/001_one_port/050_firewall_state_resend/001-send.pcap new file mode 100644 index 00000000..2ab2c20d Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/001-send.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/002-expect.pcap b/autotest/units/001_one_port/050_firewall_state_resend/002-expect.pcap new file mode 100644 index 00000000..c50cb702 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/002-expect.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/002-send.pcap b/autotest/units/001_one_port/050_firewall_state_resend/002-send.pcap new file mode 100644 index 00000000..a201cfcf Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/002-send.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/003-expect.pcap b/autotest/units/001_one_port/050_firewall_state_resend/003-expect.pcap new file mode 100644 index 00000000..49563ecc Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/003-expect.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/003-send.pcap b/autotest/units/001_one_port/050_firewall_state_resend/003-send.pcap new file mode 100644 index 00000000..a3243045 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/003-send.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/004-expect.pcap b/autotest/units/001_one_port/050_firewall_state_resend/004-expect.pcap new file mode 100644 index 00000000..a3243045 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/004-expect.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/004-send.pcap b/autotest/units/001_one_port/050_firewall_state_resend/004-send.pcap new file mode 100644 index 00000000..1c4e3797 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/004-send.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/005-expect.pcap b/autotest/units/001_one_port/050_firewall_state_resend/005-expect.pcap new file mode 100644 index 00000000..724f47fd Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/005-expect.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/005-send.pcap b/autotest/units/001_one_port/050_firewall_state_resend/005-send.pcap new file mode 100644 index 00000000..a9ccbde6 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/005-send.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/006-expect.pcap b/autotest/units/001_one_port/050_firewall_state_resend/006-expect.pcap new file mode 100644 index 00000000..f0a3c7bc Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/006-expect.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/006-send.pcap b/autotest/units/001_one_port/050_firewall_state_resend/006-send.pcap new file mode 100644 index 00000000..a3243045 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/006-send.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/007-expect.pcap b/autotest/units/001_one_port/050_firewall_state_resend/007-expect.pcap new file mode 100644 index 00000000..65a1e1f8 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/007-expect.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/007-send.pcap b/autotest/units/001_one_port/050_firewall_state_resend/007-send.pcap new file mode 100644 index 00000000..452db8d2 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/007-send.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/008-expect.pcap b/autotest/units/001_one_port/050_firewall_state_resend/008-expect.pcap new file mode 100644 index 00000000..4613f888 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/008-expect.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/008-send.pcap b/autotest/units/001_one_port/050_firewall_state_resend/008-send.pcap new file mode 100644 index 00000000..ed4a3ab3 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/008-send.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/009-expect.pcap b/autotest/units/001_one_port/050_firewall_state_resend/009-expect.pcap new file mode 100644 index 00000000..de796eee Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/009-expect.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/009-send.pcap b/autotest/units/001_one_port/050_firewall_state_resend/009-send.pcap new file mode 100644 index 00000000..a3243045 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/009-send.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/010-expect.pcap b/autotest/units/001_one_port/050_firewall_state_resend/010-expect.pcap new file mode 100644 index 00000000..a3243045 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/010-expect.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/010-send.pcap b/autotest/units/001_one_port/050_firewall_state_resend/010-send.pcap new file mode 100644 index 00000000..6d229a9d Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/010-send.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/011-expect.pcap b/autotest/units/001_one_port/050_firewall_state_resend/011-expect.pcap new file mode 100644 index 00000000..1da63435 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/011-expect.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/011-send.pcap b/autotest/units/001_one_port/050_firewall_state_resend/011-send.pcap new file mode 100644 index 00000000..c46cf956 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/011-send.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/012-expect.pcap b/autotest/units/001_one_port/050_firewall_state_resend/012-expect.pcap new file mode 100644 index 00000000..a4cd4731 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/012-expect.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/012-send.pcap b/autotest/units/001_one_port/050_firewall_state_resend/012-send.pcap new file mode 100644 index 00000000..a3243045 Binary files /dev/null and b/autotest/units/001_one_port/050_firewall_state_resend/012-send.pcap differ diff --git a/autotest/units/001_one_port/050_firewall_state_resend/autotest.yaml b/autotest/units/001_one_port/050_firewall_state_resend/autotest.yaml new file mode 100644 index 00000000..d7eafc9a --- /dev/null +++ b/autotest/units/001_one_port/050_firewall_state_resend/autotest.yaml @@ -0,0 +1,61 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap +- sendPackets: + - port: kni0 + send: 002-send.pcap + expect: 002-expect.pcap +- sleep: 10 +- sendPackets: + - port: kni0 + send: 003-send.pcap + expect: 003-expect.pcap +- clearFWState: 1 +- sendPackets: + - port: kni0 + send: 004-send.pcap + expect: 004-expect.pcap +- sleep: 1 +- sendPackets: + - port: kni0 + send: 005-send.pcap + expect: 005-expect.pcap +- sleep: 9 +- sendPackets: + - port: kni0 + send: 006-send.pcap + expect: 006-expect.pcap +- clearFWState: 1 +- sendPackets: + - port: kni0 + send: 007-send.pcap + expect: 007-expect.pcap +- sendPackets: + - port: kni0 + send: 008-send.pcap + expect: 008-expect.pcap +- sleep: 10 +- sendPackets: + - port: kni0 + send: 009-send.pcap + expect: 009-expect.pcap +- clearFWState: 1 +- sendPackets: + - port: kni0 + send: 010-send.pcap + expect: 010-expect.pcap +- sleep: 1 +- sendPackets: + - port: kni0 + send: 011-send.pcap + expect: 011-expect.pcap +- sleep: 9 +- sendPackets: + - port: kni0 + send: 012-send.pcap + expect: 012-expect.pcap +- clearFWState: 1 diff --git a/autotest/units/001_one_port/050_firewall_state_resend/controlplane.conf b/autotest/units/001_one_port/050_firewall_state_resend/controlplane.conf new file mode 100644 index 00000000..668bb151 --- /dev/null +++ b/autotest/units/001_one_port/050_firewall_state_resend/controlplane.conf @@ -0,0 +1,64 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.2000": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "2000", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "firewall": "firewall.txt", + "synchronization": { + "ipv6SourceAddress": "fe80::f1", + "multicastIpv6Address": "ff02::1", + "multicastDestinationPort": 11995, + "logicalPorts": [ + "lp0.2000" + ], + "ingressNextModule": "vrf0" + }, + "nextModules": [ + "vrf0" + ] + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipv6Prefix": "fe80::2/64", + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipv4Prefix": "200.0.0.2/24", + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + }, + "kni0.2000": { + "ipAddresses": ["ff02::2000"], + "neighborIPv6Address": "fe80::2000", + "neighborMacAddress": "00:00:00:33:33:33", + "nextModule": "lp0.2000" + } + } + } + } +} diff --git a/autotest/units/001_one_port/050_firewall_state_resend/firewall.txt b/autotest/units/001_one_port/050_firewall_state_resend/firewall.txt new file mode 100644 index 00000000..9554503a --- /dev/null +++ b/autotest/units/001_one_port/050_firewall_state_resend/firewall.txt @@ -0,0 +1,7 @@ +:BEGIN +add skipto :IN ip from any to any in + +:IN +add allow udp from 10.0.0.0/24 to any 53 keep-state +add allow udp from any to 2020:ddd:ff1c:2030::/60 53 keep-state +add deny ip from any to any diff --git a/autotest/units/001_one_port/050_firewall_state_resend/gen.py b/autotest/units/001_one_port/050_firewall_state_resend/gen.py new file mode 100755 index 00000000..8ea5866b --- /dev/null +++ b/autotest/units/001_one_port/050_firewall_state_resend/gen.py @@ -0,0 +1,200 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +import ipaddress +import socket +import struct +from typing import List + +from scapy.layers.inet import UDP, IP +from scapy.layers.inet6 import IPv6 +from scapy.layers.l2 import Ether, Dot1Q +from scapy.packet import Packet, Raw +from scapy.utils import PcapWriter + + +def write_pcap(path: str, packets: List[Packet]) -> None: + with PcapWriter(path) as fh: + for p in packets: + fh.write(p) + + +def ipv4_send(src: str, dst: str) -> Packet: + return Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11") / Dot1Q(vlan=100) / IP(src=src, dst=dst, ttl=64) + + +def ipv4_recv(src: str, dst: str) -> Packet: + return Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55") / Dot1Q(vlan=200) / IP(src=src, dst=dst, ttl=63) + + +def ipv6_send(src: str, dst: str) -> Packet: + return Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22") / \ + Dot1Q(vlan=200) / \ + IPv6(src=src, dst=dst, hlim=64, fl=0) + + +def ipv6_recv(src: str, dst: str) -> Packet: + return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55") / \ + Dot1Q(vlan=100) / \ + IPv6(src=src, dst=dst, hlim=63, fl=0) + + +def make_payload6(src_ip: str, dst_ip: str, src_port: int, dst_port: int) -> bytes: + data = struct.pack( + " bytes: + data = b'' + data += ipaddress.ip_address(dst_ip).packed + data += ipaddress.ip_address(src_ip).packed + + data += struct.pack( + " 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap +- sendPackets: + - port: kni0 + send: 002-send.pcap + expect: 002-expect.pcap +- sleep: 1 +- sendPackets: + - port: kni0 + send: 003-send.pcap + expect: 003-expect.pcap +- clearFWState: 1 +- sendPackets: + - port: kni0 + send: 004-send.pcap + expect: 004-expect.pcap +- sendPackets: + - port: kni0 + send: 005-send.pcap + expect: 005-expect.pcap +- sleep: 1 +- sendPackets: + - port: kni0 + send: 006-send.pcap + expect: 006-expect.pcap +- sendPackets: + - port: kni0 + send: 007-send.pcap + expect: + - 007-expect-tcp.pcap + - 007-expect-tech.pcap +- cli: "fw list states | grep 'allow tcp from 2220:ddd:ff1c:2030::1 12345 to 1111:2222::1 777' | grep 'flags SAF:SAF'" +- clearFWState: 1 diff --git a/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/controlplane.conf b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/controlplane.conf new file mode 100644 index 00000000..9ef9dfcd --- /dev/null +++ b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/controlplane.conf @@ -0,0 +1,67 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.2000": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "2000", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "firewall": "firewall.txt", + "synchronization": { + "ipv6SourceAddress": "fe80::f1", + "multicastIpv6Address": "ff02::1", + "unicastIpv6SourceAddress": "3333::4444", + "unicastIpv6Address": "2222::1111", + "multicastDestinationPort": 11995, + "unicastDestinationPort": 21995, + "logicalPorts": [ + "lp0.2000" + ], + "ingressNextModule": "vrf0" + }, + "nextModules": [ + "vrf0" + ] + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipv6Prefix": "fe80::2/64", + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipv4Prefix": "200.0.0.2/24", + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + }, + "kni0.2000": { + "ipAddresses": ["ff02::2000"], + "neighborIPv6Address": "fe80::2000", + "neighborMacAddress": "00:00:00:33:33:33", + "nextModule": "lp0.2000" + } + } + } + } +} diff --git a/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/firewall.txt b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/firewall.txt new file mode 100644 index 00000000..539109ae --- /dev/null +++ b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/firewall.txt @@ -0,0 +1,7 @@ +:BEGIN +add skipto :IN ip from any to any in + +:IN +add allow tcp from 12.0.0.0/24 to any 12345 keep-state +add allow tcp from any to 2220:ddd:ff1c:2030::/60 12345 keep-state +add deny ip from any to any diff --git a/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/gen.py b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/gen.py new file mode 100755 index 00000000..1cea9e98 --- /dev/null +++ b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/gen.py @@ -0,0 +1,178 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +import ipaddress +import socket +import struct +from typing import List + +from scapy.layers.inet import UDP, IP, TCP +from scapy.layers.inet6 import IPv6 +from scapy.layers.l2 import Ether, Dot1Q +from scapy.packet import Packet, Raw +from scapy.utils import PcapWriter + + +def write_pcap(path: str, packets: List[Packet]) -> None: + with PcapWriter(path) as fh: + for p in packets: + fh.write(p) + + +def ipv4_send(src: str, dst: str) -> Packet: + return Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11") / Dot1Q(vlan=100) / IP(src=src, dst=dst, ttl=64) + + +def ipv4_recv(src: str, dst: str) -> Packet: + return Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55") / Dot1Q(vlan=200) / IP(src=src, dst=dst, ttl=63) + + +def ipv6_send(src: str, dst: str) -> Packet: + return Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22") / \ + Dot1Q(vlan=200) / \ + IPv6(src=src, dst=dst, hlim=64, fl=0) + + +def ipv6_recv(src: str, dst: str) -> Packet: + return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55") / \ + Dot1Q(vlan=100) / \ + IPv6(src=src, dst=dst, hlim=63, fl=0) + + +def make_payload6(proto: int, src_ip: str, dst_ip: str, src_port: int, dst_port: int, flags: int) -> bytes: + data = struct.pack( + " bytes: + data = b'' + data += ipaddress.ip_address(dst_ip).packed + data += ipaddress.ip_address(src_ip).packed + + data += struct.pack( + " 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sendPackets: + - port: kni0 + send: decap.pcap + expect: decap_expect.pcap +- sendPackets: + - port: kni0 + send: encap.pcap + expect: encap_expect.pcap +- sendPackets: + - port: kni0 + send: encap_rnd.pcap + expect: encap_rnd_expect.pcap diff --git a/autotest/units/001_one_port/051_tun64/controlplane.conf b/autotest/units/001_one_port/051_tun64/controlplane.conf new file mode 100644 index 00000000..ce0b4fd0 --- /dev/null +++ b/autotest/units/001_one_port/051_tun64/controlplane.conf @@ -0,0 +1,91 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "nextModules": [ + "mgif0", + "mgif1" + ] + }, + "mgif0": { + "type": "tun64", + "ipv6SourceAddress": "2020:ddd:b010:a0ff::1", + "prefixes": [ + "1.23.111.0/24", + "11.220.222.64/28", + "111.222.128.16/28" + ], + "mappings": { + "1.23.111.4": { + "net_loc": "LOC1", + "scheme": "tun64", + "fqdn": "2020:ddd:ccc:4444:111:111:0:2222", + "addr6": "2020:ddd:ccc:4444:111:111:0:2222" + }, + "1.23.111.5": { + "net_loc": "LOC1", + "scheme": "tun64", + "fqdn": "2020:ddd:ccc:6666:111:3333:0:7777", + "addr6": "2020:ddd:ccc:6666:111:3333:0:7777" + }, + "11.220.222.73": { + "net_loc": "LOC2", + "scheme": "tun64", + "fqdn": "2020:ddd:ccc:5555:0:4567:5555:9999", + "addr6": "2020:ddd:ccc:5555:0:4567:5555:9999" + }, + "111.222.128.16": { + "net_loc": "LOC2", + "scheme": "tun64", + "fqdn": "fqdn1.net", + "addr6": "2020:ddd:ccc:7777:0:777:aaaa:5555" + } + }, + "nextModule": "vrf0" + }, + "mgif1": { + "type": "tun64", + "ipv6SourceAddress": "2020:ddd:abcd::", + "random_source": "true", + "prefixes": [ + "1.23.123.128/25", + "123.0.250.64/26" + ], + "mappings": [ + "map64_rndsrc.json" + ], + "nextModule": "vrf0" + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipv6Prefix": "fe80::2/64", + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipv4Prefix": "200.0.0.2/24", + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/051_tun64/decap.pcap b/autotest/units/001_one_port/051_tun64/decap.pcap new file mode 100644 index 00000000..1c1d35af Binary files /dev/null and b/autotest/units/001_one_port/051_tun64/decap.pcap differ diff --git a/autotest/units/001_one_port/051_tun64/decap_expect.pcap b/autotest/units/001_one_port/051_tun64/decap_expect.pcap new file mode 100644 index 00000000..007e09df Binary files /dev/null and b/autotest/units/001_one_port/051_tun64/decap_expect.pcap differ diff --git a/autotest/units/001_one_port/051_tun64/encap.pcap b/autotest/units/001_one_port/051_tun64/encap.pcap new file mode 100644 index 00000000..29acbb1e Binary files /dev/null and b/autotest/units/001_one_port/051_tun64/encap.pcap differ diff --git a/autotest/units/001_one_port/051_tun64/encap_expect.pcap b/autotest/units/001_one_port/051_tun64/encap_expect.pcap new file mode 100644 index 00000000..8e1b2c05 Binary files /dev/null and b/autotest/units/001_one_port/051_tun64/encap_expect.pcap differ diff --git a/autotest/units/001_one_port/051_tun64/encap_rnd.pcap b/autotest/units/001_one_port/051_tun64/encap_rnd.pcap new file mode 100644 index 00000000..18fccacb Binary files /dev/null and b/autotest/units/001_one_port/051_tun64/encap_rnd.pcap differ diff --git a/autotest/units/001_one_port/051_tun64/encap_rnd_expect.pcap b/autotest/units/001_one_port/051_tun64/encap_rnd_expect.pcap new file mode 100644 index 00000000..894870eb Binary files /dev/null and b/autotest/units/001_one_port/051_tun64/encap_rnd_expect.pcap differ diff --git a/autotest/units/001_one_port/051_tun64/gen.py b/autotest/units/001_one_port/051_tun64/gen.py new file mode 100755 index 00000000..d762156b --- /dev/null +++ b/autotest/units/001_one_port/051_tun64/gen.py @@ -0,0 +1,42 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + PcapWriter(filename) + for packets in packetsList: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + + +# First packet will be accounted by one mapping +# Second packet will be accounted by the decap_unknown counter +write_pcap("decap.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2020:ddd:b010:a0ff::1", src="2020:ddd:ccc:4444:111:111:0:2222")/IP(dst="8.8.8.8", src="1.23.111.4")/ICMP(), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=100)/IPv6(dst="2020:ddd:b010:a0ff::1", src="fe80::cafe")/IP(dst="8.8.8.8", src="10.0.0.1")/ICMP()) + +write_pcap("decap_expect.pcap", + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="8.8.8.8", src="1.23.111.4", ttl=63)/ICMP(), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="8.8.8.8", src="10.0.0.1", ttl=63)/ICMP()) + +# First packet will be accounted by one mapping +# Second packet will be accounted by the encap_dropped counter +write_pcap("encap.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22")/Dot1Q(vlan=200)/IP(dst="1.23.111.4", src="8.8.8.8", ttl=59)/ICMP(), + Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22")/Dot1Q(vlan=200)/IP(dst="11.220.222.65", src="8.8.8.8")/ICMP()) + +write_pcap("encap_expect.pcap", + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="2020:ddd:ccc:4444:111:111:0:2222", src="2020:ddd:b010:a0ff::1",hlim=63)/IP(dst="1.23.111.4", src="8.8.8.8", ttl=59)/ICMP()) + + +# Both packets will be accounted by some mapping +write_pcap("encap_rnd.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22")/Dot1Q(vlan=200)/IP(dst="1.23.123.134", src="8.8.8.8", ttl=59)/ICMP(), + Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22")/Dot1Q(vlan=200)/IP(dst="123.0.250.66", src="1.1.1.1", ttl=59)/ICMP()) + +write_pcap("encap_rnd_expect.pcap", + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="2020:ddd:ccc:bbb:0:4444:cccc:3737", src="2020:ddd:abcd::808:808:0:0",hlim=63)/IP(dst="1.23.123.134", src="8.8.8.8", ttl=59)/ICMP(), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="2020:ddd:ccc:111:0:567:5555:8888", src="2020:ddd:abcd::101:101:0:0",hlim=63)/IP(dst="123.0.250.66", src="1.1.1.1", ttl=59)/ICMP()) + diff --git a/autotest/units/001_one_port/051_tun64/map64_rndsrc.json b/autotest/units/001_one_port/051_tun64/map64_rndsrc.json new file mode 100644 index 00000000..332d51b3 --- /dev/null +++ b/autotest/units/001_one_port/051_tun64/map64_rndsrc.json @@ -0,0 +1,14 @@ +{ + "1.23.123.134": { + "net_loc": "LOC3", + "scheme": "tun64", + "fqdn": "fqdn2.net", + "addr6": "2020:ddd:ccc:bbb:0:4444:cccc:3737" + }, + "123.0.250.66": { + "net_loc": "LOC4", + "scheme": "tun64", + "fqdn": "fqdn3.net", + "addr6": "2020:ddd:ccc:111:0:567:5555:8888" + } +} diff --git a/autotest/units/001_one_port/052_firewall_samples/001-expect.pcap b/autotest/units/001_one_port/052_firewall_samples/001-expect.pcap new file mode 100644 index 00000000..2c916174 Binary files /dev/null and b/autotest/units/001_one_port/052_firewall_samples/001-expect.pcap differ diff --git a/autotest/units/001_one_port/052_firewall_samples/001-send.pcap b/autotest/units/001_one_port/052_firewall_samples/001-send.pcap new file mode 100644 index 00000000..a9c453a3 Binary files /dev/null and b/autotest/units/001_one_port/052_firewall_samples/001-send.pcap differ diff --git a/autotest/units/001_one_port/052_firewall_samples/002-expect.pcap b/autotest/units/001_one_port/052_firewall_samples/002-expect.pcap new file mode 100644 index 00000000..1f944066 Binary files /dev/null and b/autotest/units/001_one_port/052_firewall_samples/002-expect.pcap differ diff --git a/autotest/units/001_one_port/052_firewall_samples/002-send.pcap b/autotest/units/001_one_port/052_firewall_samples/002-send.pcap new file mode 100644 index 00000000..42033765 Binary files /dev/null and b/autotest/units/001_one_port/052_firewall_samples/002-send.pcap differ diff --git a/autotest/units/001_one_port/052_firewall_samples/autotest.yaml b/autotest/units/001_one_port/052_firewall_samples/autotest.yaml new file mode 100644 index 00000000..1abe1fd5 --- /dev/null +++ b/autotest/units/001_one_port/052_firewall_samples/autotest.yaml @@ -0,0 +1,23 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sleep: 1 +- cli: "samples show" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap +- sendPackets: + - port: kni0 + send: 002-send.pcap + expect: 002-expect.pcap +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap +- sendPackets: + - port: kni0 + send: 002-send.pcap + expect: 002-expect.pcap +- cli: "samples dump | diff - TESTDIR/samples.json" +- clearFWState: 1 diff --git a/autotest/units/001_one_port/052_firewall_samples/controlplane.conf b/autotest/units/001_one_port/052_firewall_samples/controlplane.conf new file mode 100644 index 00000000..0b1f589e --- /dev/null +++ b/autotest/units/001_one_port/052_firewall_samples/controlplane.conf @@ -0,0 +1,43 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "firewall": "firewall.txt", + "nextModules": [ + "vrf0" + ], + "storeSamples": true + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipv6Prefix": "fe80::2/64", + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipv4Prefix": "200.0.0.2/24", + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/052_firewall_samples/firewall.txt b/autotest/units/001_one_port/052_firewall_samples/firewall.txt new file mode 100644 index 00000000..d9986a09 --- /dev/null +++ b/autotest/units/001_one_port/052_firewall_samples/firewall.txt @@ -0,0 +1,7 @@ +:BEGIN +add skipto :IN ip from any to any in + +:IN +add allow tcp from 11.0.0.0/24 to any 53 keep-state +add allow tcp from any to 2111:aaa:ff1c:2030::/60 53 keep-state +add deny ip from any to any diff --git a/autotest/units/001_one_port/052_firewall_samples/gen.py b/autotest/units/001_one_port/052_firewall_samples/gen.py new file mode 100755 index 00000000..f324f12b --- /dev/null +++ b/autotest/units/001_one_port/052_firewall_samples/gen.py @@ -0,0 +1,68 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +from typing import List + +from scapy.layers.inet import TCP, IP +from scapy.layers.inet6 import IPv6 +from scapy.layers.l2 import Ether, Dot1Q +from scapy.packet import Packet +from scapy.utils import PcapWriter + + +def write_pcap(path: str, packets: List[Packet]) -> None: + with PcapWriter(path) as fh: + for p in packets: + fh.write(p) + + +def ipv4_send(src: str, dst: str) -> Packet: + return Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11") / Dot1Q(vlan=100) / IP(src=src, dst=dst, ttl=64) + + +def ipv4_recv(src: str, dst: str) -> Packet: + return Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55") / Dot1Q(vlan=200) / IP(src=src, dst=dst, ttl=63) + + +def ipv6_send(src: str, dst: str) -> Packet: + return Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22") / \ + Dot1Q(vlan=200) / \ + IPv6(src=src, dst=dst, hlim=64, fl=0) + + +def ipv6_recv(src: str, dst: str) -> Packet: + return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55") / \ + Dot1Q(vlan=100) / \ + IPv6(src=src, dst=dst, hlim=63, fl=0) + + +write_pcap("001-send.pcap", [ + # Direct ... + ipv6_send("1111:2222::1", "2111:aaa:ff1c:2030::1") / TCP(sport=(1024, 1025), dport=53), + # ... and reverse. + ipv6_send("2111:aaa:ff1c:2030::1", "1111:2222::1") / TCP(sport=53, dport=(1024, 1025)), + # Drop: different dst port. + ipv6_send("1111:2222::1", "2111:aaa:ff1c:2030::1") / TCP(sport=10000, dport=54), + # Drop: different dst addr. + ipv6_send("1111:2222::1", "2111:aaa:ff1c:2040::ff") / TCP(sport=10000, dport=53), +]) + +write_pcap("001-expect.pcap", [ + ipv6_recv("1111:2222::1", "2111:aaa:ff1c:2030::1") / TCP(sport=(1024, 1025), dport=53), + ipv6_recv("2111:aaa:ff1c:2030::1", "1111:2222::1") / TCP(sport=53, dport=(1024, 1025)), +]) + +write_pcap("002-send.pcap", [ + # Direct ... + ipv4_send("11.0.0.1", "1.1.1.1") / TCP(sport=(1024, 1025), dport=53), + # ... and reverse. + ipv4_send("1.1.1.1", "11.0.0.1") / TCP(sport=53, dport=(1024, 1025)), + # Drop: different dst port. + ipv4_send("11.0.0.1", "1.1.1.1") / TCP(sport=10000, dport=54), + # Drop: different src addr. + ipv4_send("11.0.1.1", "1.1.1.1") / TCP(sport=10000, dport=53), +]) + +write_pcap("002-expect.pcap", [ + ipv4_recv("11.0.0.1", "1.1.1.1") / TCP(sport=(1024, 1025), dport=53), + ipv4_recv("1.1.1.1", "11.0.0.1") / TCP(sport=53, dport=(1024, 1025)), +]) diff --git a/autotest/units/001_one_port/052_firewall_samples/samples.json b/autotest/units/001_one_port/052_firewall_samples/samples.json new file mode 100644 index 00000000..397cf2d9 --- /dev/null +++ b/autotest/units/001_one_port/052_firewall_samples/samples.json @@ -0,0 +1,7 @@ +[ +{"in_iface":"lp0.100","out_iface":"lp0.200","proto":6,"src_addr":"1.1.1.1","src_port":53,"dst_addr":"11.0.0.1","dst_port":1024}, +{"in_iface":"lp0.100","out_iface":"lp0.200","proto":6,"src_addr":"11.0.0.1","src_port":1024,"dst_addr":"1.1.1.1","dst_port":53}, +{"in_iface":"lp0.100","out_iface":"lp0.200","proto":6,"src_addr":"11.0.0.1","src_port":1025,"dst_addr":"1.1.1.1","dst_port":53}, +{"in_iface":"lp0.200","out_iface":"lp0.100","proto":6,"src_addr":"2111:aaa:ff1c:2030::1","src_port":53,"dst_addr":"1111:2222::1","dst_port":1024}, +{"in_iface":"lp0.200","out_iface":"lp0.100","proto":6,"src_addr":"1111:2222::1","src_port":1024,"dst_addr":"2111:aaa:ff1c:2030::1","dst_port":53}, +{"in_iface":"lp0.200","out_iface":"lp0.100","proto":6,"src_addr":"1111:2222::1","src_port":1025,"dst_addr":"2111:aaa:ff1c:2030::1","dst_port":53}] diff --git a/autotest/units/001_one_port/053_firewall_defaults/001-expect.pcap b/autotest/units/001_one_port/053_firewall_defaults/001-expect.pcap new file mode 100644 index 00000000..f43bf27d Binary files /dev/null and b/autotest/units/001_one_port/053_firewall_defaults/001-expect.pcap differ diff --git a/autotest/units/001_one_port/053_firewall_defaults/001-send.pcap b/autotest/units/001_one_port/053_firewall_defaults/001-send.pcap new file mode 100644 index 00000000..98eddf20 Binary files /dev/null and b/autotest/units/001_one_port/053_firewall_defaults/001-send.pcap differ diff --git a/autotest/units/001_one_port/053_firewall_defaults/autotest.yaml b/autotest/units/001_one_port/053_firewall_defaults/autotest.yaml new file mode 100644 index 00000000..10647965 --- /dev/null +++ b/autotest/units/001_one_port/053_firewall_defaults/autotest.yaml @@ -0,0 +1,7 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap diff --git a/autotest/units/001_one_port/053_firewall_defaults/controlplane.conf b/autotest/units/001_one_port/053_firewall_defaults/controlplane.conf new file mode 100644 index 00000000..3c0da4fd --- /dev/null +++ b/autotest/units/001_one_port/053_firewall_defaults/controlplane.conf @@ -0,0 +1,42 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "firewall": "firewall.txt", + "nextModules": [ + "vrf0" + ] + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipv6Prefix": "fe80::2/64", + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipv4Prefix": "200.0.0.2/24", + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/053_firewall_defaults/firewall.txt b/autotest/units/001_one_port/053_firewall_defaults/firewall.txt new file mode 100644 index 00000000..fd422545 --- /dev/null +++ b/autotest/units/001_one_port/053_firewall_defaults/firewall.txt @@ -0,0 +1,2 @@ +:BEGIN +add allow udp from any to 2020:ddd:ff1c:2030::/60 53 diff --git a/autotest/units/001_one_port/053_firewall_defaults/gen.py b/autotest/units/001_one_port/053_firewall_defaults/gen.py new file mode 100755 index 00000000..3f105d80 --- /dev/null +++ b/autotest/units/001_one_port/053_firewall_defaults/gen.py @@ -0,0 +1,44 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +from typing import List + +from scapy.layers.inet import UDP, IP, TCP +from scapy.layers.inet6 import IPv6 +from scapy.layers.l2 import Ether, Dot1Q +from scapy.packet import Packet +from scapy.utils import PcapWriter + + +def write_pcap(path: str, packets: List[Packet]) -> None: + with PcapWriter(path) as fh: + for p in packets: + fh.write(p) + + +def ipv6_send(src: str, dst: str) -> Packet: + return Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22") / \ + Dot1Q(vlan=200) / \ + IPv6(src=src, dst=dst, hlim=64, fl=0) + + +def ipv6_recv(src: str, dst: str) -> Packet: + return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55") / \ + Dot1Q(vlan=100) / \ + IPv6(src=src, dst=dst, hlim=63, fl=0) + + +write_pcap("001-send.pcap", [ + # Allow. + ipv6_send("1111:2222::1", "2020:ddd:ff1c:2030::1") / UDP(sport=10000, dport=53), + + ipv6_send("1111:2222::1", "2020:ddd:ff1c:2030::1") / UDP(sport=(1024), dport=54), + + ipv6_send("1111:2222::33", "2020:1111:ff1c:2030::33") / TCP(sport=(1024), dport=54), +]) + +write_pcap("001-expect.pcap", [ + ipv6_recv("1111:2222::1", "2020:ddd:ff1c:2030::1") / UDP(sport=10000, dport=53), + ipv6_recv("1111:2222::1", "2020:ddd:ff1c:2030::1") / UDP(sport=1024, dport=54), + ipv6_recv("1111:2222::33", "2020:1111:ff1c:2030::33") / TCP(sport=(1024), dport=54), + +]) diff --git a/autotest/units/001_one_port/054_gapped_masks_112/001-expect.pcap b/autotest/units/001_one_port/054_gapped_masks_112/001-expect.pcap new file mode 100644 index 00000000..164af950 Binary files /dev/null and b/autotest/units/001_one_port/054_gapped_masks_112/001-expect.pcap differ diff --git a/autotest/units/001_one_port/054_gapped_masks_112/001-send.pcap b/autotest/units/001_one_port/054_gapped_masks_112/001-send.pcap new file mode 100644 index 00000000..7df4bdb6 Binary files /dev/null and b/autotest/units/001_one_port/054_gapped_masks_112/001-send.pcap differ diff --git a/autotest/units/001_one_port/054_gapped_masks_112/autotest.yaml b/autotest/units/001_one_port/054_gapped_masks_112/autotest.yaml new file mode 100644 index 00000000..10647965 --- /dev/null +++ b/autotest/units/001_one_port/054_gapped_masks_112/autotest.yaml @@ -0,0 +1,7 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap diff --git a/autotest/units/001_one_port/054_gapped_masks_112/controlplane.conf b/autotest/units/001_one_port/054_gapped_masks_112/controlplane.conf new file mode 100644 index 00000000..957964d2 --- /dev/null +++ b/autotest/units/001_one_port/054_gapped_masks_112/controlplane.conf @@ -0,0 +1,46 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "firewall": "firewall.txt", + "nextModules": [ + "vrf0" + ] + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipAddresses": [ + "fe80::2" + ], + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipAddresses": [ + "200.0.0.2" + ], + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/054_gapped_masks_112/firewall.txt b/autotest/units/001_one_port/054_gapped_masks_112/firewall.txt new file mode 100644 index 00000000..c3757db2 --- /dev/null +++ b/autotest/units/001_one_port/054_gapped_masks_112/firewall.txt @@ -0,0 +1,7 @@ +:BEGIN +add skipto :IN ip from any to any in + +:IN +add allow tcp from 2020:ddd:c0e:1003:0:675:fff4::/112 to 2020:ddd:0:3400:0:853a:0:3 80 +add allow tcp from 2020:ddd:c00:0:0:675::/ffff:ffff:ff00:0000:ffff:ffff:: to 2020:ddd:0:3400:0:1234:: 80 +add deny ip from any to any diff --git a/autotest/units/001_one_port/054_gapped_masks_112/gen.py b/autotest/units/001_one_port/054_gapped_masks_112/gen.py new file mode 100755 index 00000000..05cc23d0 --- /dev/null +++ b/autotest/units/001_one_port/054_gapped_masks_112/gen.py @@ -0,0 +1,39 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + + +def ipv6_send(_src, _dst): + return Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22")/Dot1Q(vlan=200)/IPv6(src=_src, dst=_dst, hlim=64, fl=0) + + +def ipv6_recv(_src, _dst): + return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(src=_src, dst=_dst, hlim=63, fl=0) + + +write_pcap("001-send.pcap", *[ + ipv6_send("2020:ddd:c0e:1003:0:675:fff4:1", "2020:ddd:0:3400:0:853a:0:3")/TCP(sport=50000, dport=80, flags="S") +]) + + +write_pcap("001-expect.pcap", *[ + ipv6_recv("2020:ddd:c0e:1003:0:675:fff4:1", "2020:ddd:0:3400:0:853a:0:3")/TCP(sport=50000, dport=80, flags="S") +]) diff --git a/autotest/units/001_one_port/055_balancer_wlc/001-expect.pcap b/autotest/units/001_one_port/055_balancer_wlc/001-expect.pcap new file mode 100644 index 00000000..85cd0cb8 Binary files /dev/null and b/autotest/units/001_one_port/055_balancer_wlc/001-expect.pcap differ diff --git a/autotest/units/001_one_port/055_balancer_wlc/001-send.pcap b/autotest/units/001_one_port/055_balancer_wlc/001-send.pcap new file mode 100644 index 00000000..16492d1a Binary files /dev/null and b/autotest/units/001_one_port/055_balancer_wlc/001-send.pcap differ diff --git a/autotest/units/001_one_port/055_balancer_wlc/002-expect.pcap b/autotest/units/001_one_port/055_balancer_wlc/002-expect.pcap new file mode 100644 index 00000000..61fbaec3 Binary files /dev/null and b/autotest/units/001_one_port/055_balancer_wlc/002-expect.pcap differ diff --git a/autotest/units/001_one_port/055_balancer_wlc/002-send.pcap b/autotest/units/001_one_port/055_balancer_wlc/002-send.pcap new file mode 100644 index 00000000..45e26a17 Binary files /dev/null and b/autotest/units/001_one_port/055_balancer_wlc/002-send.pcap differ diff --git a/autotest/units/001_one_port/055_balancer_wlc/003-expect.pcap b/autotest/units/001_one_port/055_balancer_wlc/003-expect.pcap new file mode 100644 index 00000000..553d1483 Binary files /dev/null and b/autotest/units/001_one_port/055_balancer_wlc/003-expect.pcap differ diff --git a/autotest/units/001_one_port/055_balancer_wlc/003-send.pcap b/autotest/units/001_one_port/055_balancer_wlc/003-send.pcap new file mode 100644 index 00000000..986a2356 Binary files /dev/null and b/autotest/units/001_one_port/055_balancer_wlc/003-send.pcap differ diff --git a/autotest/units/001_one_port/055_balancer_wlc/autotest.yaml b/autotest/units/001_one_port/055_balancer_wlc/autotest.yaml new file mode 100644 index 00000000..15ae3176 --- /dev/null +++ b/autotest/units/001_one_port/055_balancer_wlc/autotest.yaml @@ -0,0 +1,50 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- cli: + - balancer real enable balancer0 10.1.0.55 tcp 443 2443::1 443 + - balancer real enable balancer0 10.1.0.55 tcp 443 2443::2 443 + - balancer real enable balancer0 10.1.0.55 tcp 443 2443::3 443 + - balancer real flush +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap +- cli_check: | + YANET_FORMAT_COLUMNS=module,virtual_ip,proto,virtual_port,scheduler,real_ip,real_port,enabled,weight,connections,packets,bytes balancer real any + module virtual_ip proto virtual_port scheduler real_ip real_port enabled weight connections packets bytes + --------- ---------- ----- ------------ --------- ------- --------- ------- ------ ----------- ------- ----- + balancer0 10.1.0.55 tcp 443 wlc 2443::1 443 true 2 16 16 1568 + balancer0 10.1.0.55 tcp 443 wlc 2443::2 443 true 1 8 8 784 + balancer0 10.1.0.55 tcp 443 wlc 2443::3 443 true 1 8 8 784 + balancer0 10.1.0.55 tcp 443 wlc 2443::4 443 false 4 0 0 0 + +- cli: + - balancer real enable balancer0 10.1.0.55 tcp 443 2443::4 443 + - balancer real flush +- sendPackets: + - port: kni0 + send: 002-send.pcap + expect: 002-expect.pcap +- cli_check: | + YANET_FORMAT_COLUMNS=module,virtual_ip,proto,virtual_port,scheduler,real_ip,real_port,enabled,weight,connections,packets,bytes balancer real any + module virtual_ip proto virtual_port scheduler real_ip real_port enabled weight connections packets bytes + --------- ---------- ----- ------------ --------- ------- --------- ------- ------ ----------- ------- ----- + balancer0 10.1.0.55 tcp 443 wlc 2443::1 443 true 2 17 17 1666 + balancer0 10.1.0.55 tcp 443 wlc 2443::2 443 true 1 10 10 980 + balancer0 10.1.0.55 tcp 443 wlc 2443::3 443 true 1 9 9 882 + balancer0 10.1.0.55 tcp 443 wlc 2443::4 443 true 4 28 28 2744 + +- sleep: 2 +- sendPackets: + - port: kni0 + send: 003-send.pcap + expect: 003-expect.pcap +- cli_check: | + YANET_FORMAT_COLUMNS=module,virtual_ip,proto,virtual_port,scheduler,real_ip,real_port,enabled,weight,connections,packets,bytes balancer real any + module virtual_ip proto virtual_port scheduler real_ip real_port enabled weight connections packets bytes + --------- ---------- ----- ------------ --------- ------- --------- ------- ------ ----------- ------- ----- + balancer0 10.1.0.55 tcp 443 wlc 2443::1 443 true 2 24 24 2352 + balancer0 10.1.0.55 tcp 443 wlc 2443::2 443 true 1 11 11 1078 + balancer0 10.1.0.55 tcp 443 wlc 2443::3 443 true 1 12 12 1176 + balancer0 10.1.0.55 tcp 443 wlc 2443::4 443 true 4 49 49 4802 diff --git a/autotest/units/001_one_port/055_balancer_wlc/controlplane.conf b/autotest/units/001_one_port/055_balancer_wlc/controlplane.conf new file mode 100644 index 00000000..6c5d8a6b --- /dev/null +++ b/autotest/units/001_one_port/055_balancer_wlc/controlplane.conf @@ -0,0 +1,47 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "nextModules": [ + "balancer0", + "route0" + ] + }, + "balancer0": { + "type": "balancer", + "source": "2000:51b::1", + "services": "services.conf", + "default_wlc_power": 10, + "nextModule": "route0" + }, + "route0": { + "type": "route", + "interfaces": { + "kni0.100": { + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:00:00:01", + "nextModule": "lp0.100" + }, + "kni0.200": { + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:00:00:02", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/055_balancer_wlc/gen.py b/autotest/units/001_one_port/055_balancer_wlc/gen.py new file mode 100755 index 00000000..16d642ef --- /dev/null +++ b/autotest/units/001_one_port/055_balancer_wlc/gen.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + + +packages1 = [Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02") / Dot1Q(vlan=200) / IP(dst="10.1.0.55", src=f"1.{a_h}.{a_m}.{a_l}", ttl=64) / TCP(dport=443, sport=sport) + for sport in (12443, 12444) for a_h in range(2) for a_m in range(2) for a_l in range(4)] +packages2 = [Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02") / Dot1Q(vlan=200) / IP(dst="10.1.0.55", src=f"1.{a_h}.{a_m}.{a_l}", ttl=64) / TCP(dport=443, sport=sport) + for sport in (11443, 11444) for a_h in range(2) for a_m in range(0, 2) for a_l in range(4)] +packages3 = [Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02") / Dot1Q(vlan=200) / IP(dst="10.1.0.55", src=f"1.{a_h}.{a_m}.{a_l}", ttl=64) / TCP(dport=443, sport=sport) + for sport in (11443, 11444) for a_h in range(2) for a_m in range(2, 4) for a_l in range(4)] + +write_pcap("001-send.pcap", *packages1) +write_pcap("002-send.pcap", *packages2) +write_pcap("003-send.pcap", *packages3) diff --git a/autotest/units/001_one_port/055_balancer_wlc/services.conf b/autotest/units/001_one_port/055_balancer_wlc/services.conf new file mode 100644 index 00000000..b0821458 --- /dev/null +++ b/autotest/units/001_one_port/055_balancer_wlc/services.conf @@ -0,0 +1,30 @@ +[ + { + "vip": "10.1.0.55", + "proto": "tcp", + "vport": "443", + "scheduler": "wlc", + "reals": [ + { + "ip": "2443::1", + "port": "443", + "weight": "2" + }, + { + "ip": "2443::2", + "port": "443", + "weight": "1" + }, + { + "ip": "2443::3", + "port": "443", + "weight": "1" + }, + { + "ip": "2443::4", + "port": "443", + "weight": "4" + } + ] + } +] diff --git a/autotest/units/001_one_port/055_two_rule_three_ids/001-expect.pcap b/autotest/units/001_one_port/055_two_rule_three_ids/001-expect.pcap new file mode 100644 index 00000000..e7c11fe3 Binary files /dev/null and b/autotest/units/001_one_port/055_two_rule_three_ids/001-expect.pcap differ diff --git a/autotest/units/001_one_port/055_two_rule_three_ids/001-send.pcap b/autotest/units/001_one_port/055_two_rule_three_ids/001-send.pcap new file mode 100644 index 00000000..3086ca64 Binary files /dev/null and b/autotest/units/001_one_port/055_two_rule_three_ids/001-send.pcap differ diff --git a/autotest/units/001_one_port/055_two_rule_three_ids/autotest.yaml b/autotest/units/001_one_port/055_two_rule_three_ids/autotest.yaml new file mode 100644 index 00000000..10647965 --- /dev/null +++ b/autotest/units/001_one_port/055_two_rule_three_ids/autotest.yaml @@ -0,0 +1,7 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap diff --git a/autotest/units/001_one_port/055_two_rule_three_ids/controlplane.conf b/autotest/units/001_one_port/055_two_rule_three_ids/controlplane.conf new file mode 100644 index 00000000..957964d2 --- /dev/null +++ b/autotest/units/001_one_port/055_two_rule_three_ids/controlplane.conf @@ -0,0 +1,46 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "firewall": "firewall.txt", + "nextModules": [ + "vrf0" + ] + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipAddresses": [ + "fe80::2" + ], + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipAddresses": [ + "200.0.0.2" + ], + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/055_two_rule_three_ids/firewall.txt b/autotest/units/001_one_port/055_two_rule_three_ids/firewall.txt new file mode 100644 index 00000000..dd098f76 --- /dev/null +++ b/autotest/units/001_one_port/055_two_rule_three_ids/firewall.txt @@ -0,0 +1,7 @@ +:BEGIN +add skipto :IN ip from any to any in + +:IN +add allow tcp from 2020:ddd:c00:0:abcd::/ffff:ffff:ff00:0:ffff:: to any 80 +add allow tcp from 2020:ddd:c00::/48 to any 22 +add deny ip from any to any diff --git a/autotest/units/001_one_port/055_two_rule_three_ids/gen.py b/autotest/units/001_one_port/055_two_rule_three_ids/gen.py new file mode 100755 index 00000000..8790bfc7 --- /dev/null +++ b/autotest/units/001_one_port/055_two_rule_three_ids/gen.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + + +def ipv6_send(_src, _dst): + return Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22")/Dot1Q(vlan=200)/IPv6(src=_src, dst=_dst, hlim=64, fl=0) + + +def ipv6_recv(_src, _dst): + return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(src=_src, dst=_dst, hlim=63, fl=0) + + +write_pcap("001-send.pcap", *[ + ipv6_send("2020:ddd:c00:0:abcd::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_send("2020:ddd:cff:0:abcd::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_send("2020:ddd:c00:0:abcd::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=22, flags="S"), + ipv6_send("2020:ddd:cff:0:abcd::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=22, flags="S"), + ipv6_send("2020:ddd:c00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_send("2020:ddd:cff:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_send("2020:ddd:c00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=22, flags="S"), + ipv6_send("2020:ddd:cff:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=22, flags="S") +]) + + +write_pcap("001-expect.pcap", *[ + ipv6_recv("2020:ddd:c00:0:abcd::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_recv("2020:ddd:cff:0:abcd::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_recv("2020:ddd:c00:0:abcd::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=22, flags="S"), +# ipv6_recv("2020:ddd:cff:0:abcd::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=22, flags="S"), +# ipv6_recv("2020:ddd:c00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), +# ipv6_recv("2020:ddd:cff:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_recv("2020:ddd:c00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=22, flags="S"), +# ipv6_recv("2020:ddd:cff:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=22, flags="S") +]) diff --git a/autotest/units/001_one_port/056_balancer_icmp_rate_limit/001-expect.pcap b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/001-expect.pcap new file mode 100644 index 00000000..7041da81 Binary files /dev/null and b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/001-expect.pcap differ diff --git a/autotest/units/001_one_port/056_balancer_icmp_rate_limit/001-send.pcap b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/001-send.pcap new file mode 100644 index 00000000..aaa46ba3 Binary files /dev/null and b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/001-send.pcap differ diff --git a/autotest/units/001_one_port/056_balancer_icmp_rate_limit/autotest.yaml b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/autotest.yaml new file mode 100644 index 00000000..9309c67b --- /dev/null +++ b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/autotest.yaml @@ -0,0 +1,24 @@ +## uncomment to try Slow Worker Normal Priority Ring rate limiter with ICMPs which should be processed by slow worker (no real state existing on this balancer) +## most probably ring will be full prior to rate limiter actually being triggered + +# steps: +# - ipv4Update: +# - "0.0.0.0/0 -> 202.0.0.1" +# - "102.0.0.0/8 -> 102.0.0.5" +# - ipv6Update: +# - "2020:ddd:3333::/64 -> 2202::1" +# - "::/0 -> fe80::1" +# - cli: +# - balancer real enable balancer0 10.0.0.34 tcp 80 2013::1 80 +# - balancer real flush + +# - cli_check: | +# balancer real balancer0 10.0.0.34 +# module virtual_ip proto virtual_port scheduler real_ip real_port enabled weight connections packets bytes +# --------- ---------- ----- ------------ --------- ------- --------- ------- ------ ----------- ------- ----- +# balancer0 10.0.0.34 tcp 80 rr 2013::1 80 true 1 0 0 0 + +# - sendPackets: +# - port: kni0 +# send: 001-send.pcap +# expect: 001-expect.pcap diff --git a/autotest/units/001_one_port/056_balancer_icmp_rate_limit/controlplane.conf b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/controlplane.conf new file mode 100644 index 00000000..1f3b3b51 --- /dev/null +++ b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/controlplane.conf @@ -0,0 +1,53 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "nextModules": [ + "balancer0", + "route0" + ] + }, + "balancer0": { + "type": "balancer", + "source": "2020:ddd:3333::a", + "source_ipv4": "102.0.0.22", + "services": "services.conf", + "unrdup": "unrdup.cfg", + "nextModule": "route0" + }, + "route0": { + "type": "route", + "interfaces": { + "kni0.100": { + "neighborIPv4Address": "102.0.0.5", + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:00:00:01", + "nextModule": "lp0.100" + }, + "kni0.200": { + "neighborIPv4Address": "202.0.0.1", + "neighborIPv6Address": "2202::1", + "neighborMacAddress": "00:00:00:00:00:02", + "nextModule": "lp0.200" + }, + "lo": { + "nextModule": "controlPlane" + } + } + } + } +} diff --git a/autotest/units/001_one_port/056_balancer_icmp_rate_limit/gen.py b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/gen.py new file mode 100755 index 00000000..33986f66 --- /dev/null +++ b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/gen.py @@ -0,0 +1,34 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + + +# real is NOT found, packet should be cloned and distributed among neighbor balancers (according to unrdup config) - all of them have ipv4 addresses +# icmp dest unreach +write_pcap("001-send.pcap", + # network unreachable + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IP(dst="10.0.0.34", src="1.101.9.9", ttl=64)/ICMP(type=3, code=0)/IP(src="10.0.0.34", dst="1.1.0.99", ttl=50)/TCP(dport=(1,10500), sport=80) + ) + +write_pcap("001-expect.pcap", + # network unreachable + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="123.1.231.151", src="102.0.0.22", ttl=63)/IP(dst="10.0.0.34", src="1.101.9.9", ttl=64)/ICMP(type=3, code=0)/IP(src="10.0.0.34", dst="1.1.0.99", ttl=50)/TCP(dport=(1,10500), sport=80), + ) diff --git a/autotest/units/001_one_port/056_balancer_icmp_rate_limit/services.conf b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/services.conf new file mode 100644 index 00000000..6f8a3719 --- /dev/null +++ b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/services.conf @@ -0,0 +1,14 @@ +[ + { + "vip": "10.0.0.34", + "proto": "tcp", + "vport": "80", + "scheduler": "rr", + "reals": [ + { + "ip": "2013::1", + "port": "80" + } + ] + } +] diff --git a/autotest/units/001_one_port/056_balancer_icmp_rate_limit/unrdup.cfg b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/unrdup.cfg new file mode 100644 index 00000000..7344f81a --- /dev/null +++ b/autotest/units/001_one_port/056_balancer_icmp_rate_limit/unrdup.cfg @@ -0,0 +1 @@ +10.0.0.34 123.1.231.151 diff --git a/autotest/units/001_one_port/056_balancer_vs_ping_reply/001-expect.pcap b/autotest/units/001_one_port/056_balancer_vs_ping_reply/001-expect.pcap new file mode 100644 index 00000000..f2d26a20 Binary files /dev/null and b/autotest/units/001_one_port/056_balancer_vs_ping_reply/001-expect.pcap differ diff --git a/autotest/units/001_one_port/056_balancer_vs_ping_reply/001-send.pcap b/autotest/units/001_one_port/056_balancer_vs_ping_reply/001-send.pcap new file mode 100644 index 00000000..87809a9f Binary files /dev/null and b/autotest/units/001_one_port/056_balancer_vs_ping_reply/001-send.pcap differ diff --git a/autotest/units/001_one_port/056_balancer_vs_ping_reply/002-expect.pcap b/autotest/units/001_one_port/056_balancer_vs_ping_reply/002-expect.pcap new file mode 100644 index 00000000..d3249dd0 Binary files /dev/null and b/autotest/units/001_one_port/056_balancer_vs_ping_reply/002-expect.pcap differ diff --git a/autotest/units/001_one_port/056_balancer_vs_ping_reply/002-send.pcap b/autotest/units/001_one_port/056_balancer_vs_ping_reply/002-send.pcap new file mode 100644 index 00000000..e81820da Binary files /dev/null and b/autotest/units/001_one_port/056_balancer_vs_ping_reply/002-send.pcap differ diff --git a/autotest/units/001_one_port/056_balancer_vs_ping_reply/003-expect.pcap b/autotest/units/001_one_port/056_balancer_vs_ping_reply/003-expect.pcap new file mode 100644 index 00000000..1d982c49 Binary files /dev/null and b/autotest/units/001_one_port/056_balancer_vs_ping_reply/003-expect.pcap differ diff --git a/autotest/units/001_one_port/056_balancer_vs_ping_reply/003-send.pcap b/autotest/units/001_one_port/056_balancer_vs_ping_reply/003-send.pcap new file mode 100644 index 00000000..5418fd2f Binary files /dev/null and b/autotest/units/001_one_port/056_balancer_vs_ping_reply/003-send.pcap differ diff --git a/autotest/units/001_one_port/056_balancer_vs_ping_reply/autotest.yaml b/autotest/units/001_one_port/056_balancer_vs_ping_reply/autotest.yaml new file mode 100644 index 00000000..f1339298 --- /dev/null +++ b/autotest/units/001_one_port/056_balancer_vs_ping_reply/autotest.yaml @@ -0,0 +1,57 @@ +steps: +- ipv4Update: + - "0.0.0.0/0 -> 201.0.0.1" + - "101.0.0.0/8 -> 101.0.0.3" +- ipv6Update: + - "2000:51b::/32 -> 2202::1" + - "::/0 -> fe80::1" +- cli: + - balancer real enable balancer0 10.0.0.20 tcp 80 101.0.0.1 80 + - balancer real enable balancer0 10.0.0.20 udp 80 101.0.0.1 80 + + - balancer real enable balancer0 10.0.0.21 tcp 80 2010::1 80 + + - balancer real enable balancer0 2005:dead:beef::1 tcp 80 2010::2 80 + - balancer real enable balancer0 2005:dead:beef::1 udp 80 2010::2 80 + - balancer real flush + +- cli_check: | + YANET_FORMAT_COLUMNS=module,virtual_ip,proto,virtual_port,scheduler,real_ip,real_port,enabled,weight,connections,packets,bytes balancer real balancer0 10.0.0.20 + module virtual_ip proto virtual_port scheduler real_ip real_port enabled weight connections packets bytes + --------- ---------- ----- ------------ --------- --------- --------- ------- ------ ----------- ------- ----- + balancer0 10.0.0.20 tcp 80 rr 101.0.0.1 80 true 1 0 0 0 + balancer0 10.0.0.20 udp 80 rr 101.0.0.1 80 true 1 0 0 0 + +- cli_check: | + YANET_FORMAT_COLUMNS=module,virtual_ip,proto,virtual_port,scheduler,real_ip,real_port,enabled,weight,connections,packets,bytes balancer real balancer0 10.0.0.21 + module virtual_ip proto virtual_port scheduler real_ip real_port enabled weight connections packets bytes + --------- ---------- ----- ------------ --------- ------- --------- ------- ------ ----------- ------- ----- + balancer0 10.0.0.21 tcp 80 rr 2010::1 80 true 1 0 0 0 + +# ipv4 and icmpv4 +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap + +# ipv6 and icmpv6 +- sendPackets: + - port: kni0 + send: 002-send.pcap + expect: 002-expect.pcap + +# reply even if all reals of a service are disabled +- cli: + - balancer real disable balancer0 10.0.0.21 tcp 80 2010::1 80 + - balancer real flush + +- cli_check: | + YANET_FORMAT_COLUMNS=module,virtual_ip,proto,virtual_port,scheduler,real_ip,real_port,enabled,weight,connections,packets,bytes balancer real balancer0 10.0.0.21 + module virtual_ip proto virtual_port scheduler real_ip real_port enabled weight connections packets bytes + --------- ---------- ----- ------------ --------- ------- --------- ------- ------ ----------- ------- ----- + balancer0 10.0.0.21 tcp 80 rr 2010::1 80 false 1 0 0 0 + +- sendPackets: + - port: kni0 + send: 003-send.pcap + expect: 003-expect.pcap \ No newline at end of file diff --git a/autotest/units/001_one_port/056_balancer_vs_ping_reply/controlplane.conf b/autotest/units/001_one_port/056_balancer_vs_ping_reply/controlplane.conf new file mode 100644 index 00000000..23562586 --- /dev/null +++ b/autotest/units/001_one_port/056_balancer_vs_ping_reply/controlplane.conf @@ -0,0 +1,49 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "nextModules": [ + "balancer0", + "route0" + ] + }, + "balancer0": { + "type": "balancer", + "source": "2000:51b::1", + "source_ipv4": "100.0.0.22", + "services": "services.conf", + "nextModule": "route0" + }, + "route0": { + "type": "route", + "interfaces": { + "kni0.100": { + "neighborIPv4Address": "101.0.0.3", + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:00:00:01", + "nextModule": "lp0.100" + }, + "kni0.200": { + "neighborIPv4Address": "201.0.0.1", + "neighborIPv6Address": "2202::1", + "neighborMacAddress": "00:00:00:00:00:02", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/056_balancer_vs_ping_reply/gen.py b/autotest/units/001_one_port/056_balancer_vs_ping_reply/gen.py new file mode 100755 index 00000000..26a4937d --- /dev/null +++ b/autotest/units/001_one_port/056_balancer_vs_ping_reply/gen.py @@ -0,0 +1,43 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + +write_pcap("001-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IP(dst="10.0.0.20", src="1.1.0.1", ttl=64)/ICMP(type=8, code=0, id=1, seq=0x0001)/"", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IP(dst="10.0.0.20", src="1.1.0.1", ttl=64)/ICMP(type=8, code=0, id=2, seq=0x0002)/"abcdefghijklmnopqrstuvwxyz0123456789") + +write_pcap("001-expect.pcap", + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="1.1.0.1", src="10.0.0.20", ttl=64)/ICMP(type=0, code=0, id=1, seq=0x0001)/"", + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="1.1.0.1", src="10.0.0.20", ttl=64)/ICMP(type=0, code=0, id=2, seq=0x0002)/"abcdefghijklmnopqrstuvwxyz0123456789") + +write_pcap("002-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2005:dead:beef::1", src="2000:51b::1", hlim=64)/ICMPv6EchoRequest(id=1, seq=0x0001)/"", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2005:dead:beef::1", src="2000:51b::1", hlim=64)/ICMPv6EchoRequest(id=2, seq=0x0002)/"0123456789abcdefghijklmnopqrstuvwxyz") + +write_pcap("002-expect.pcap", + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IPv6(dst="2000:51b::1", src="2005:dead:beef::1", hlim=64)/ICMPv6EchoReply(id=1, seq=0x0001)/"", + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IPv6(dst="2000:51b::1", src="2005:dead:beef::1", hlim=64)/ICMPv6EchoReply(id=2, seq=0x0002)/"0123456789abcdefghijklmnopqrstuvwxyz") + +write_pcap("003-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IP(dst="10.0.0.21", src="1.1.0.2", ttl=64)/ICMP(type=8, code=0, id=1, seq=0x0001)/"abcdefghijklmnopqrstuvwxyz0123456789") + +write_pcap("003-expect.pcap", + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="1.1.0.2", src="10.0.0.21", ttl=64)/ICMP(type=0, code=0, id=1, seq=0x0001)/"abcdefghijklmnopqrstuvwxyz0123456789") diff --git a/autotest/units/001_one_port/056_balancer_vs_ping_reply/services.conf b/autotest/units/001_one_port/056_balancer_vs_ping_reply/services.conf new file mode 100644 index 00000000..b68b2101 --- /dev/null +++ b/autotest/units/001_one_port/056_balancer_vs_ping_reply/services.conf @@ -0,0 +1,62 @@ +[ + { + "vip": "10.0.0.20", + "proto": "tcp", + "vport": "80", + "scheduler": "rr", + "reals": [ + { + "ip": "101.0.0.1", + "port": "80" + } + ] + }, + { + "vip": "10.0.0.20", + "proto": "udp", + "vport": "80", + "scheduler": "rr", + "reals": [ + { + "ip": "101.0.0.1", + "port": "80" + } + ] + }, + { + "vip": "10.0.0.21", + "proto": "tcp", + "vport": "80", + "scheduler": "rr", + "reals": [ + { + "ip": "2010::1", + "port": "80" + } + ] + }, + { + "vip": "2005:dead:beef::1", + "proto": "tcp", + "vport": "80", + "scheduler": "rr", + "reals": [ + { + "ip": "2010::2", + "port": "80" + } + ] + }, + { + "vip": "2005:dead:beef::1", + "proto": "udp", + "vport": "80", + "scheduler": "rr", + "reals": [ + { + "ip": "2010::2", + "port": "80" + } + ] + } +] diff --git a/autotest/units/001_one_port/056_multi_cross_rules/001-expect.pcap b/autotest/units/001_one_port/056_multi_cross_rules/001-expect.pcap new file mode 100644 index 00000000..604b62b0 Binary files /dev/null and b/autotest/units/001_one_port/056_multi_cross_rules/001-expect.pcap differ diff --git a/autotest/units/001_one_port/056_multi_cross_rules/001-send.pcap b/autotest/units/001_one_port/056_multi_cross_rules/001-send.pcap new file mode 100644 index 00000000..f8a73070 Binary files /dev/null and b/autotest/units/001_one_port/056_multi_cross_rules/001-send.pcap differ diff --git a/autotest/units/001_one_port/056_multi_cross_rules/autotest.yaml b/autotest/units/001_one_port/056_multi_cross_rules/autotest.yaml new file mode 100644 index 00000000..10647965 --- /dev/null +++ b/autotest/units/001_one_port/056_multi_cross_rules/autotest.yaml @@ -0,0 +1,7 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap diff --git a/autotest/units/001_one_port/056_multi_cross_rules/controlplane.conf b/autotest/units/001_one_port/056_multi_cross_rules/controlplane.conf new file mode 100644 index 00000000..957964d2 --- /dev/null +++ b/autotest/units/001_one_port/056_multi_cross_rules/controlplane.conf @@ -0,0 +1,46 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "firewall": "firewall.txt", + "nextModules": [ + "vrf0" + ] + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipAddresses": [ + "fe80::2" + ], + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipAddresses": [ + "200.0.0.2" + ], + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/056_multi_cross_rules/firewall.txt b/autotest/units/001_one_port/056_multi_cross_rules/firewall.txt new file mode 100644 index 00000000..85471783 --- /dev/null +++ b/autotest/units/001_one_port/056_multi_cross_rules/firewall.txt @@ -0,0 +1,12 @@ +:BEGIN +add skipto :IN ip from any to any in + +:IN +add allow tcp from 2020:ddd:c00::/48 to any 48 +add allow tcp from 2020:ddd:c00:0:aaaa::/ffff:ffff:ff00:0:ffff:: to any 80 +add allow tcp from 2020:ddd:c00::/56 to any 56 +add allow tcp from 2020:ddd:c00:0:cccc::/ffff:ffff:ff00:0:ffff:: to any 443 +add allow tcp from 2020:ddd:c00::/40 to any 40 +add allow tcp from 2020:ddd::/32 to any 32 +add allow tcp from 2020:ddd:c00::/64 to any 64 +add deny ip from any to any diff --git a/autotest/units/001_one_port/056_multi_cross_rules/gen.py b/autotest/units/001_one_port/056_multi_cross_rules/gen.py new file mode 100755 index 00000000..735d7d0d --- /dev/null +++ b/autotest/units/001_one_port/056_multi_cross_rules/gen.py @@ -0,0 +1,128 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + + +def ipv6_send(_src, _dst): + return Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22")/Dot1Q(vlan=200)/IPv6(src=_src, dst=_dst, hlim=64, fl=0) + + +def ipv6_recv(_src, _dst): + return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(src=_src, dst=_dst, hlim=63, fl=0) + +def block(_func, _tcp_port): + return [ + _func("2020:ddd:c00:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c00:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c00:f:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c00:f:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c00:f:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c00:f00:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c00:f00:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c00:f00:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c0f:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c0f:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c0f:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:f00:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:f00:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:f00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddf:c00:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddf:c00:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddf:c00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + ] + +def block_send(_tcp_port): + return block(ipv6_send, _tcp_port) + + +write_pcap("001-send.pcap", *[ + block_send(16), + block_send(32), + block_send(40), + block_send(48), + block_send(56), + block_send(64), + block_send(80), + block_send(443), +]) + +write_pcap("001-expect.pcap", *[ + ipv6_recv("2020:ddd:c00:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:c00:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:c00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:c00:f:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:c00:f:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:c00:f:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:c00:f00:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:c00:f00:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:c00:f00:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:c0f:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:c0f:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:c0f:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:f00:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:f00:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + ipv6_recv("2020:ddd:f00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=32, flags="S"), + + ipv6_recv("2020:ddd:c00:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=40, flags="S"), + ipv6_recv("2020:ddd:c00:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=40, flags="S"), + ipv6_recv("2020:ddd:c00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=40, flags="S"), + ipv6_recv("2020:ddd:c00:f:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=40, flags="S"), + ipv6_recv("2020:ddd:c00:f:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=40, flags="S"), + ipv6_recv("2020:ddd:c00:f:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=40, flags="S"), + ipv6_recv("2020:ddd:c00:f00:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=40, flags="S"), + ipv6_recv("2020:ddd:c00:f00:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=40, flags="S"), + ipv6_recv("2020:ddd:c00:f00:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=40, flags="S"), + ipv6_recv("2020:ddd:c0f:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=40, flags="S"), + ipv6_recv("2020:ddd:c0f:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=40, flags="S"), + ipv6_recv("2020:ddd:c0f:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=40, flags="S"), + + ipv6_recv("2020:ddd:c00:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=48, flags="S"), + ipv6_recv("2020:ddd:c00:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=48, flags="S"), + ipv6_recv("2020:ddd:c00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=48, flags="S"), + ipv6_recv("2020:ddd:c00:f:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=48, flags="S"), + ipv6_recv("2020:ddd:c00:f:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=48, flags="S"), + ipv6_recv("2020:ddd:c00:f:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=48, flags="S"), + ipv6_recv("2020:ddd:c00:f00:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=48, flags="S"), + ipv6_recv("2020:ddd:c00:f00:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=48, flags="S"), + ipv6_recv("2020:ddd:c00:f00:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=48, flags="S"), + + ipv6_recv("2020:ddd:c00:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=56, flags="S"), + ipv6_recv("2020:ddd:c00:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=56, flags="S"), + ipv6_recv("2020:ddd:c00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=56, flags="S"), + ipv6_recv("2020:ddd:c00:f:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=56, flags="S"), + ipv6_recv("2020:ddd:c00:f:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=56, flags="S"), + ipv6_recv("2020:ddd:c00:f:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=56, flags="S"), + + ipv6_recv("2020:ddd:c00:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=64, flags="S"), + ipv6_recv("2020:ddd:c00:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=64, flags="S"), + ipv6_recv("2020:ddd:c00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=64, flags="S"), + + ipv6_recv("2020:ddd:c00:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_recv("2020:ddd:c00:f:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_recv("2020:ddd:c00:f00:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_recv("2020:ddd:c0f:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + + ipv6_recv("2020:ddd:c00:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=443, flags="S"), + ipv6_recv("2020:ddd:c00:f:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=443, flags="S"), + ipv6_recv("2020:ddd:c00:f00:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=443, flags="S"), + ipv6_recv("2020:ddd:c0f:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=443, flags="S"), +]) diff --git a/autotest/units/001_one_port/057_self_cross_rules/001-expect.pcap b/autotest/units/001_one_port/057_self_cross_rules/001-expect.pcap new file mode 100644 index 00000000..f86cc6de Binary files /dev/null and b/autotest/units/001_one_port/057_self_cross_rules/001-expect.pcap differ diff --git a/autotest/units/001_one_port/057_self_cross_rules/001-send.pcap b/autotest/units/001_one_port/057_self_cross_rules/001-send.pcap new file mode 100644 index 00000000..9a8df6cf Binary files /dev/null and b/autotest/units/001_one_port/057_self_cross_rules/001-send.pcap differ diff --git a/autotest/units/001_one_port/057_self_cross_rules/autotest.yaml b/autotest/units/001_one_port/057_self_cross_rules/autotest.yaml new file mode 100644 index 00000000..10647965 --- /dev/null +++ b/autotest/units/001_one_port/057_self_cross_rules/autotest.yaml @@ -0,0 +1,7 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap diff --git a/autotest/units/001_one_port/057_self_cross_rules/controlplane.conf b/autotest/units/001_one_port/057_self_cross_rules/controlplane.conf new file mode 100644 index 00000000..957964d2 --- /dev/null +++ b/autotest/units/001_one_port/057_self_cross_rules/controlplane.conf @@ -0,0 +1,46 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "firewall": "firewall.txt", + "nextModules": [ + "vrf0" + ] + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipAddresses": [ + "fe80::2" + ], + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipAddresses": [ + "200.0.0.2" + ], + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/057_self_cross_rules/firewall.txt b/autotest/units/001_one_port/057_self_cross_rules/firewall.txt new file mode 100644 index 00000000..59e15fa2 --- /dev/null +++ b/autotest/units/001_one_port/057_self_cross_rules/firewall.txt @@ -0,0 +1,7 @@ +:BEGIN +add skipto :IN ip from any to any in + +:IN +add allow tcp from { 2020:ddd:c00::/48 or 2020:ddd:c00:0:aaaa::/ffff:ffff:ff00:0:ffff:: } to any 80 +add allow tcp from { 2020:ddd:c0f::/48 or 2020:ddd:c00:0:cccc::/ffff:ffff:ff00:0:ffff:: } to any 443 +add deny ip from any to any diff --git a/autotest/units/001_one_port/057_self_cross_rules/gen.py b/autotest/units/001_one_port/057_self_cross_rules/gen.py new file mode 100755 index 00000000..126ef290 --- /dev/null +++ b/autotest/units/001_one_port/057_self_cross_rules/gen.py @@ -0,0 +1,69 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + + +def ipv6_send(_src, _dst): + return Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22")/Dot1Q(vlan=200)/IPv6(src=_src, dst=_dst, hlim=64, fl=0) + + +def ipv6_recv(_src, _dst): + return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(src=_src, dst=_dst, hlim=63, fl=0) + +def block(_func, _tcp_port): + return [ + _func("2020:ddd:c00:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c00:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c0f:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c0f:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:c0f:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:cff:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:cff:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:cff:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:ffff:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:ffff:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + _func("2020:ddd:ffff:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=_tcp_port, flags="S"), + ] + +def block_send(_tcp_port): + return block(ipv6_send, _tcp_port) + + +write_pcap("001-send.pcap", *[ + block_send(22), + block_send(80), + block_send(443), +]) + +write_pcap("001-expect.pcap", *[ + ipv6_recv("2020:ddd:c00:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_recv("2020:ddd:c00:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_recv("2020:ddd:c00:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_recv("2020:ddd:c0f:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + ipv6_recv("2020:ddd:cff:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=80, flags="S"), + + ipv6_recv("2020:ddd:c00:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=443, flags="S"), + ipv6_recv("2020:ddd:c0f:0:aaaa::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=443, flags="S"), + ipv6_recv("2020:ddd:c0f:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=443, flags="S"), + ipv6_recv("2020:ddd:c0f:0:ffff::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=443, flags="S"), + ipv6_recv("2020:ddd:cff:0:cccc::", "2020:ddd:0:3400::1")/TCP(sport=50000, dport=443, flags="S"), +]) diff --git a/autotest/units/001_one_port/058_network_intersect_extended/001-expect.pcap b/autotest/units/001_one_port/058_network_intersect_extended/001-expect.pcap new file mode 100644 index 00000000..75d8fc7c Binary files /dev/null and b/autotest/units/001_one_port/058_network_intersect_extended/001-expect.pcap differ diff --git a/autotest/units/001_one_port/058_network_intersect_extended/001-send.pcap b/autotest/units/001_one_port/058_network_intersect_extended/001-send.pcap new file mode 100644 index 00000000..f02b4f66 Binary files /dev/null and b/autotest/units/001_one_port/058_network_intersect_extended/001-send.pcap differ diff --git a/autotest/units/001_one_port/058_network_intersect_extended/autotest.yaml b/autotest/units/001_one_port/058_network_intersect_extended/autotest.yaml new file mode 100644 index 00000000..10647965 --- /dev/null +++ b/autotest/units/001_one_port/058_network_intersect_extended/autotest.yaml @@ -0,0 +1,7 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap diff --git a/autotest/units/001_one_port/058_network_intersect_extended/controlplane.conf b/autotest/units/001_one_port/058_network_intersect_extended/controlplane.conf new file mode 100644 index 00000000..957964d2 --- /dev/null +++ b/autotest/units/001_one_port/058_network_intersect_extended/controlplane.conf @@ -0,0 +1,46 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "firewall": "firewall.txt", + "nextModules": [ + "vrf0" + ] + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipAddresses": [ + "fe80::2" + ], + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipAddresses": [ + "200.0.0.2" + ], + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/058_network_intersect_extended/firewall.txt b/autotest/units/001_one_port/058_network_intersect_extended/firewall.txt new file mode 100644 index 00000000..cfd7d537 --- /dev/null +++ b/autotest/units/001_one_port/058_network_intersect_extended/firewall.txt @@ -0,0 +1,27 @@ +:BEGIN +add skipto :IN ip from any to any in + +:IN +add skipto :SEC_GAP1 ip from any to 2020:ddd:1000::/ffff:ffff:ffff:ffff:: +add skipto :SEC_GAP2 ip from any to 2020:ddd:2000::/ffff:ffff:ffff:: +add skipto :SEC_GAP3 ip from any to 2020:ddd::/ffff:ffff:: +add skipto :SEC_SIM ip from any to 2020:cccc:0:0:1111::/ffff:ffff:0000:0000:ffff:: +add deny ip from any to any + +:SEC_GAP1 +add allow ip from any to 2020:ddd:0:0:5555::/ffff:ffff:0000:0000:ffff:: +add deny ip from any to any + +:SEC_GAP2 +add allow ip from any to 2020:ddd:0:0:6666::/ffff:ffff:0000:0000:ffff:: +add deny ip from any to any + +:SEC_GAP3 +add allow ip from any to 2020:ddd:0:0:7777::/ffff:ffff:0000:0000:ffff:: +add deny ip from any to any + +:SEC_SIM +add allow ip from any to 2020:cccc:4000::/ffff:ffff:ffff:ffff:: +add allow ip from any to 2020:cccc:5000::/ffff:ffff:ffff:: +add allow tcp from any to 2020:cccc::/ffff:ffff:: dst-port 22 +add deny ip from any to any diff --git a/autotest/units/001_one_port/058_network_intersect_extended/gen.py b/autotest/units/001_one_port/058_network_intersect_extended/gen.py new file mode 100755 index 00000000..b557742d --- /dev/null +++ b/autotest/units/001_one_port/058_network_intersect_extended/gen.py @@ -0,0 +1,89 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + + +def ipv6_send(_src, _dst): + return Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22")/Dot1Q(vlan=200)/IPv6(src=_src, dst=_dst, hlim=64, fl=0) + + +def ipv6_recv(_src, _dst): + return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(src=_src, dst=_dst, hlim=63, fl=0) + + +write_pcap("001-send.pcap", [ + # SEC_GAP1 + ipv6_send("1111:2222::1", "2020:ddd:1000::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::1", "2020:ddd:0000:0000:5555::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::1", "2020:ddd:1000:0000:5555::1")/UDP(sport=1024, dport=53), + + # SEC_GAP2 + ipv6_send("1111:2222::2", "2020:ddd:2000::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::2", "2020:ddd:0000:0000:6666::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::2", "2020:ddd:2000:0000:6666::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::2", "2020:ddd:2000:ffff:6666::1")/UDP(sport=1024, dport=53), + + # SEC_GAP3 + ipv6_send("1111:2222::3", "2020:ddd::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::3", "2020:ddd:0000:0000:7777::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::3", "2020:ddd:ffff:ffff:7777::1")/UDP(sport=1024, dport=53), + + # SEC_SIM + ipv6_send("1111:2222::4", "2020:cccc:0:0:1111::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::4", "2020:cccc:4000:0:1111::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::4", "2020:cccc:4000:ffff:1111::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::4", "2020:cccc:5000:0:1111::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::4", "2020:cccc:5000:ffff:1111::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::4", "2020:cccc:0:0:1111::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::4", "2020:cccc:ffff:ffff:1111::1")/UDP(sport=1024, dport=53), + ipv6_send("1111:2222::4", "2020:cccc:0:0:1111::1")/TCP(sport=1024, dport=22), + ipv6_send("1111:2222::4", "2020:cccc:ffff:ffff:1111::1")/TCP(sport=1024, dport=22), +]) + + +write_pcap("001-expect.pcap", *[ + # SEC_GAP1 +# ipv6_recv("1111:2222::1", "2020:ddd:1000::1")/UDP(sport=1024, dport=53), +# ipv6_recv("1111:2222::1", "2020:ddd:0000:0000:5555::1")/UDP(sport=1024, dport=53), + ipv6_recv("1111:2222::1", "2020:ddd:1000:0000:5555::1")/UDP(sport=1024, dport=53), + + # SEC_GAP2 +# ipv6_recv("1111:2222::2", "2020:ddd:2000::1")/UDP(sport=1024, dport=53), +# ipv6_recv("1111:2222::2", "2020:ddd:0000:0000:6666::1")/UDP(sport=1024, dport=53), + ipv6_recv("1111:2222::2", "2020:ddd:2000:0000:6666::1")/UDP(sport=1024, dport=53), + ipv6_recv("1111:2222::2", "2020:ddd:2000:ffff:6666::1")/UDP(sport=1024, dport=53), + + # SEC_GAP3 +# ipv6_recv("1111:2222::3", "2020:ddd::1")/UDP(sport=1024, dport=53), + ipv6_recv("1111:2222::3", "2020:ddd:0000:0000:7777::1")/UDP(sport=1024, dport=53), + ipv6_recv("1111:2222::3", "2020:ddd:ffff:ffff:7777::1")/UDP(sport=1024, dport=53), + + # SEC_SIM +# ipv6_recv("1111:2222::4", "2020:cccc:0:0:1111::1")/UDP(sport=1024, dport=53), + ipv6_recv("1111:2222::4", "2020:cccc:4000:0:1111::1")/UDP(sport=1024, dport=53), +# ipv6_recv("1111:2222::4", "2020:cccc:4000:ffff:1111::1")/UDP(sport=1024, dport=53), + ipv6_recv("1111:2222::4", "2020:cccc:5000:0:1111::1")/UDP(sport=1024, dport=53), + ipv6_recv("1111:2222::4", "2020:cccc:5000:ffff:1111::1")/UDP(sport=1024, dport=53), +# ipv6_recv("1111:2222::4", "2020:cccc:0:0:1111::1")/UDP(sport=1024, dport=53), +# ipv6_recv("1111:2222::4", "2020:cccc:ffff:ffff:1111::1")/UDP(sport=1024, dport=53), + ipv6_recv("1111:2222::4", "2020:cccc:0:0:1111::1")/TCP(sport=1024, dport=22), + ipv6_recv("1111:2222::4", "2020:cccc:ffff:ffff:1111::1")/TCP(sport=1024, dport=22), +]) diff --git a/autotest/units/001_one_port/059_firewall_tablearg/001-expect.pcap b/autotest/units/001_one_port/059_firewall_tablearg/001-expect.pcap new file mode 100644 index 00000000..45887860 Binary files /dev/null and b/autotest/units/001_one_port/059_firewall_tablearg/001-expect.pcap differ diff --git a/autotest/units/001_one_port/059_firewall_tablearg/001-send.pcap b/autotest/units/001_one_port/059_firewall_tablearg/001-send.pcap new file mode 100644 index 00000000..8b65a25f Binary files /dev/null and b/autotest/units/001_one_port/059_firewall_tablearg/001-send.pcap differ diff --git a/autotest/units/001_one_port/059_firewall_tablearg/autotest.yaml b/autotest/units/001_one_port/059_firewall_tablearg/autotest.yaml new file mode 100644 index 00000000..41862999 --- /dev/null +++ b/autotest/units/001_one_port/059_firewall_tablearg/autotest.yaml @@ -0,0 +1,7 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 200.0.0.1" +- clearFWState: +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap diff --git a/autotest/units/001_one_port/059_firewall_tablearg/controlplane.conf b/autotest/units/001_one_port/059_firewall_tablearg/controlplane.conf new file mode 100644 index 00000000..ea6f2a23 --- /dev/null +++ b/autotest/units/001_one_port/059_firewall_tablearg/controlplane.conf @@ -0,0 +1,43 @@ +{ + "modules": { + "lp.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "firewall": "firewall.conf.txt", + "nextModules": [ + "route0" + ] + }, + "route0": { + "type": "route", + "vrf": "default", + "interfaces": { + "kni0.100": { + "ipv4Prefix": "200.0.10.2/24", + "neighborIPv4Address": "200.0.10.1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp.100" + }, + "kni0.200": { + "ipv4Prefix": "200.0.0.2/24", + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/059_firewall_tablearg/firewall.conf.txt b/autotest/units/001_one_port/059_firewall_tablearg/firewall.conf.txt new file mode 100644 index 00000000..e8c2346d --- /dev/null +++ b/autotest/units/001_one_port/059_firewall_tablearg/firewall.conf.txt @@ -0,0 +1,39 @@ +:BEGIN +table _SKIPTO_DST_PREFIX_ add 213.180.192.0/19 :TUN64_SKP1 +table _SKIPTO_DST_PREFIX_ add 213.180.200.0/25 :TUN64_SKP2 +table _SKIPTO_DST_PREFIX_ add 213.180.207.112/28 :TUN64_SKP3 +table _SKIPTO_DST_PREFIX_ add 213.180.207.64/27 :TUN64_SKP4 +table _SKIPTO_DST_PREFIX_ add 77.88.56.64/26 :TUN64_SKP5 +table _SKIPTO_DST_PREFIX_ add 77.88.46.0/25 :TUN64_SKP2 + +add skipto tablearg ip from any to table(_SKIPTO_DST_PREFIX_) +add deny ip from any to any + +:TUN64_SKP1 +add deny tcp from any to any setup +add allow tcp from any to any +add deny log logamount 500 all from any to any + +:TUN64_SKP2 +add allow tcp from any to any http,https +add deny tcp from any to any setup +add allow tcp from any to any +add deny log logamount 500 all from any to any + +:TUN64_SKP3 +add allow tcp from any to any dst-port 1024-65535 +add allow udp from any to any dst-port 1024-65535 +add deny log logamount 500 all from any to any + +:TUN64_SKP4 +add allow udp from any 500,4500 to any +add allow esp from any to any +add deny tcp from any to any setup +add allow tcp from any to any +add deny log logamount 500 all from any to any + +:TUN64_SKP5 +add deny tcp from any to any setup +add allow udp from any src-port 53 to any dst-port 1025-65535 +add allow ip from any to any keep-state in +add deny log logamount 500 all from any to any diff --git a/autotest/units/001_one_port/059_firewall_tablearg/gen.py b/autotest/units/001_one_port/059_firewall_tablearg/gen.py new file mode 100755 index 00000000..90fa086a --- /dev/null +++ b/autotest/units/001_one_port/059_firewall_tablearg/gen.py @@ -0,0 +1,45 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + + +def ipv4_send(_src, _dst): + return Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(src=_src, dst=_dst, ttl=64) + +def ipv4_recv(_src, _dst): + return Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(src=_src, dst=_dst, ttl=63) + +write_pcap("001-send.pcap", + # :TUN64_SKP1 + ipv4_send("10.0.0.3", "213.180.192.1")/TCP(dport=443, sport=(1024,1030), flags="S"), # drop by rule 6 + ipv4_send("10.1.0.5", "213.180.223.1")/TCP(dport=80, sport=1024, flags="A"), # allow by rule 8 + # :TUN64_SKP2 + ipv4_send("10.1.1.1", "77.88.46.1")/UDP(dport=123, sport=1024), # drop by rule 18 + # :TUN64_SKP3 + ipv4_send("10.1.1.1", "213.180.207.65")/UDP(dport=(1024,1030), sport=4500), # allow by rule 26 + ipv4_send("10.0.0.3", "213.180.207.65")/TCP(dport=443, sport=1024, flags="S"), # drop by rule 30 + # :TUN64_SKP4 + ipv4_send("33.33.33.33", "213.180.207.113")/TCP(dport=8080, sport=1024, flags="R")) # allow by rule 20 + +write_pcap("001-expect.pcap", + ipv4_recv("10.1.0.5", "213.180.223.1")/TCP(dport=80, sport=1024, flags="A"), + ipv4_recv("10.1.1.1", "213.180.207.65")/UDP(dport=(1024,1030), sport=4500), + ipv4_recv("33.33.33.33", "213.180.207.113")/TCP(dport=8080, sport=1024, flags="R")) diff --git a/autotest/units/001_one_port/059_firewall_via_tablearg/001-expect.pcap b/autotest/units/001_one_port/059_firewall_via_tablearg/001-expect.pcap new file mode 100644 index 00000000..cab8522f Binary files /dev/null and b/autotest/units/001_one_port/059_firewall_via_tablearg/001-expect.pcap differ diff --git a/autotest/units/001_one_port/059_firewall_via_tablearg/001-send.pcap b/autotest/units/001_one_port/059_firewall_via_tablearg/001-send.pcap new file mode 100644 index 00000000..1f3fcfdf Binary files /dev/null and b/autotest/units/001_one_port/059_firewall_via_tablearg/001-send.pcap differ diff --git a/autotest/units/001_one_port/059_firewall_via_tablearg/autotest.yaml b/autotest/units/001_one_port/059_firewall_via_tablearg/autotest.yaml new file mode 100644 index 00000000..ef7be247 --- /dev/null +++ b/autotest/units/001_one_port/059_firewall_via_tablearg/autotest.yaml @@ -0,0 +1,10 @@ +steps: +- ipv4Update: "200.0.10.0/24 -> 200.0.10.1" +- ipv4Update: "200.0.20.0/24 -> 200.0.20.1" +- ipv4Update: "200.0.30.0/24 -> 200.0.30.1" +- ipv4Update: "200.0.40.0/24 -> 200.0.40.1" +- clearFWState: +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap diff --git a/autotest/units/001_one_port/059_firewall_via_tablearg/controlplane.conf b/autotest/units/001_one_port/059_firewall_via_tablearg/controlplane.conf new file mode 100644 index 00000000..43ba25b3 --- /dev/null +++ b/autotest/units/001_one_port/059_firewall_via_tablearg/controlplane.conf @@ -0,0 +1,69 @@ +{ + "modules": { + "lp.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp.300": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "300", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp.400": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "400", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "firewall": "firewall.conf.txt", + "nextModules": [ + "route0" + ] + }, + "route0": { + "type": "route", + "vrf": "default", + "interfaces": { + "kni0.100": { + "ipv4Prefix": "200.0.10.2/24", + "neighborIPv4Address": "200.0.10.1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp.100" + }, + "kni0.200": { + "ipv4Prefix": "200.0.20.2/24", + "neighborIPv4Address": "200.0.20.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp.200" + }, + "kni0.300": { + "ipv4Prefix": "200.0.30.2/24", + "neighborIPv4Address": "200.0.30.1", + "neighborMacAddress": "00:00:00:33:33:33", + "nextModule": "lp.300" + }, + "kni0.400": { + "ipv4Prefix": "200.0.40.2/24", + "neighborIPv4Address": "200.0.40.1", + "neighborMacAddress": "00:00:00:44:44:44", + "nextModule": "lp.400" + } + } + } + } +} diff --git a/autotest/units/001_one_port/059_firewall_via_tablearg/firewall.conf.txt b/autotest/units/001_one_port/059_firewall_via_tablearg/firewall.conf.txt new file mode 100644 index 00000000..76624d24 --- /dev/null +++ b/autotest/units/001_one_port/059_firewall_via_tablearg/firewall.conf.txt @@ -0,0 +1,24 @@ +:BEGIN +table _SKIPTO_EARLY_IN_ create type iface +table _SKIPTO_EARLY_IN_ add lp.100 :VLAN100 +table _SKIPTO_EARLY_IN_ add lp.200 :VLAN200 +table _SKIPTO_EARLY_IN_ add lp.300 :VLAN300 +table _SKIPTO_EARLY_IN_ add lp.400 :VLAN400 +add skipto tablearg ip from any to any via table(_SKIPTO_EARLY_IN_) in +add deny ip from any to any + +:VLAN100 +add allow udp from any to any 53 +add allow tcp from any to any 443 +add deny ip from any to any + +:VLAN200 +add allow icmp from any to any icmptypes 0,8 +add deny ip from any to any + +:VLAN300 +add allow ip from any to any + +:VLAN400 +add deny tcp from any to any setup +add allow ip from any to any diff --git a/autotest/units/001_one_port/059_firewall_via_tablearg/gen.py b/autotest/units/001_one_port/059_firewall_via_tablearg/gen.py new file mode 100755 index 00000000..a2eb89aa --- /dev/null +++ b/autotest/units/001_one_port/059_firewall_via_tablearg/gen.py @@ -0,0 +1,52 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + +def fill_ether(vlan) -> str: + if vlan == 100: + return "00:00:00:11:11:11" + if vlan == 200: + return "00:00:00:22:22:22" + if vlan == 300: + return "00:00:00:33:33:33" + if vlan == 400: + return "00:00:00:44:44:44" + + +def ipv4_send(_vlan, _src, _dst): + return Ether(dst="00:11:22:33:44:55", src=fill_ether(_vlan))/Dot1Q(vlan=_vlan)/IP(src=_src, dst=_dst, ttl=64) + +def ipv4_recv(_vlan, _src, _dst): + return Ether(dst=fill_ether(_vlan), src="00:11:22:33:44:55")/Dot1Q(vlan=_vlan)/IP(src=_src, dst=_dst, ttl=63) + +write_pcap("001-send.pcap", + ipv4_send(100, "10.0.0.3", "200.0.20.123")/TCP(dport=443, sport=(1024,1030), flags="S"), # allow by rule 8 + ipv4_send(200, "10.1.0.5", "200.0.40.123")/ICMP(type=8, code=0, id=1, seq=0x0001), # allow by rule 12 + ipv4_send(100, "10.0.0.5", "200.0.20.123")/ICMP(type=8, code=0, id=1, seq=0x0001), # drop by rule 10 + ipv4_send(300, "10.1.1.1", "200.0.10.123")/UDP(dport=123, sport=1024), # allow by rule 16 + ipv4_send(400, "10.0.0.3", "200.0.30.123")/TCP(dport=443, sport=1024, flags="S"), # drop by rule 18 + ipv4_send(400, "10.1.1.1", "200.0.30.123")/UDP(dport=(1024,1030), sport=4500)) # allow by rule 20 + +write_pcap("001-expect.pcap", + ipv4_recv(200, "10.0.0.3", "200.0.20.123")/TCP(dport=443, sport=(1024,1030), flags="S"), + ipv4_recv(400, "10.1.0.5", "200.0.40.123")/ICMP(type=8, code=0, id=1, seq=0x0001), + ipv4_recv(100, "10.1.1.1", "200.0.10.123")/UDP(dport=123, sport=1024), + ipv4_recv(300, "10.1.1.1", "200.0.30.123")/UDP(dport=(1024,1030), sport=4500)) diff --git a/autotest/units/001_one_port/059_rib/001-expect.pcap b/autotest/units/001_one_port/059_rib/001-expect.pcap new file mode 100644 index 00000000..66fdd62c Binary files /dev/null and b/autotest/units/001_one_port/059_rib/001-expect.pcap differ diff --git a/autotest/units/001_one_port/059_rib/001-send.pcap b/autotest/units/001_one_port/059_rib/001-send.pcap new file mode 100644 index 00000000..4104e66c Binary files /dev/null and b/autotest/units/001_one_port/059_rib/001-send.pcap differ diff --git a/autotest/units/001_one_port/059_rib/002-expect.pcap b/autotest/units/001_one_port/059_rib/002-expect.pcap new file mode 100644 index 00000000..79218ffa Binary files /dev/null and b/autotest/units/001_one_port/059_rib/002-expect.pcap differ diff --git a/autotest/units/001_one_port/059_rib/002-send.pcap b/autotest/units/001_one_port/059_rib/002-send.pcap new file mode 100644 index 00000000..4104e66c Binary files /dev/null and b/autotest/units/001_one_port/059_rib/002-send.pcap differ diff --git a/autotest/units/001_one_port/059_rib/autotest.yaml b/autotest/units/001_one_port/059_rib/autotest.yaml new file mode 100644 index 00000000..3cd6ad80 --- /dev/null +++ b/autotest/units/001_one_port/059_rib/autotest.yaml @@ -0,0 +1,2265 @@ +steps: + +# default (see neighbor in controlplane.conf) +- cli: | + rib static insert default 0.0.0.0/0 200.0.0.1 + +################################################################################################################# +# 1 rib_insert new nexthop_stuff, new prefix, new peer-proto-table_name +################################################################################################################# +- echo: "1 rib_insert() test: new nexthop_stuff, new prefix, new \"peer-proto-table_name\" - START" + +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 1.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +# checking whether prefix was indeed flushed +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- echo: "1 rib_insert() test: new nexthop_stuff, new prefix, new \"peer-proto-table_name\" - DONE" + +################################################################################################################# +# 2 rib_insert new nexthop_stuff, existing prefix, existing peer-proto-table_name +################################################################################################################# +- echo: "2 rib_insert() test: new nexthop_stuff, existing prefix, existing \"peer-proto-table_name\" - START" + +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 1.0.0.0/24 + path_information: 192.168.0.2:10001 # in old nexthop_t table path_info is in the key, while nexthop ip is not! there can't be two different nexthop ips for the same path_info + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 1 2 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- echo: "2 rib_insert() test: new nexthop_stuff, existing prefix, existing \"peer-proto-table_name\" - DONE" + +################################################################################################################# +# 3 rib_insert new nexthop_stuff, existing prefix, new peer-proto-table_name +################################################################################################################# +- echo: "3 rib_insert() test: new nexthop_stuff, existing prefix, new \"peer-proto-table_name\" - START" + +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.2 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 1.0.0.0/24 + path_information: 192.168.0.3:10001 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 1 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- echo: "3 rib_insert() test: new nexthop_stuff, existing prefix, new \"peer-proto-table_name\" - DONE" + +################################################################################################################# +# 4 rib_insert new nexthop_stuff, new prefix, existing peer-proto-table_name +################################################################################################################# +- echo: "4 rib_insert() test: new nexthop_stuff, new prefix, existing \"peer-proto-table_name\" - START" + +- cli_check: | + route tunnel get route0 2.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ------- ----- ---------------- ---- ---------- + +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 2.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 3 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- cli_check: | + route tunnel get route0 2.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- echo: "4 rib_insert() test: new nexthop_stuff, new prefix, existing \"peer-proto-table_name\" - DONE" + +################################################################################################################# +# 5 rib_insert existing nexthop_stuff, new prefix, new peer-proto-table_name +################################################################################################################# +- echo: "5 rib_insert() test: existing nexthop_stuff, new prefix, new \"peer-proto-table_name\" - START" + +- cli_check: | + route tunnel get route0 3.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ------- ----- ---------------- ---- ---------- + +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.3 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 3.0.0.0/24 + path_information: 192.168.0.3:10001 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 3 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- cli_check: | + route tunnel get route0 3.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- echo: "5 rib_insert() test: existing nexthop_stuff, new prefix, new \"peer-proto-table_name\" - DONE" + +################################################################################################################# +# 6 rib_insert existing nexthop_stuff, existing prefix, new peer-proto-table_name +################################################################################################################# +- echo: "6 rib_insert() test: existing nexthop_stuff, existing prefix, new \"peer-proto-table_name\" - START" + +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.4 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 3.0.0.0/24 + path_information: 192.168.0.3:10001 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 3 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.4 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.4 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- echo: "6 rib_insert() test: existing nexthop_stuff, existing prefix, new \"peer-proto-table_name\" - DONE" + +################################################################################################################# +# 7 rib_insert existing nexthop_stuff, new prefix, existing peer-proto-table_name +################################################################################################################# +- echo: "7 rib_insert() test: existing nexthop_stuff, new prefix, existing \"peer-proto-table_name\" - START" + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ------- ----- ---------------- ---- ---------- + +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 4.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 3 4 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.4 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.4 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- echo: "7 rib_insert() test: existing nexthop_stuff, new prefix, existing \"peer-proto-table_name\" - DONE" + +################################################################################################################# +# 8 rib_insert existing nexthop_stuff, existing prefix, existing peer-proto-table_name +################################################################################################################# +- echo: "8 rib_insert() test: existing nexthop_stuff, existing prefix, existing \"peer-proto-table_name\" - START" + +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 1.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 3 4 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.4 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.4 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- echo: "8 rib_insert() test: existing nexthop_stuff, existing prefix, existing \"peer-proto-table_name\" - DONE" + +################################################################################################################# +# 9 rib_insert existing nexthop_stuff, existing prefix, existing peer-proto-table_name - new vrf-priority +################################################################################################################# +- echo: "9 rib_insert() test: existing nexthop_stuff, existing prefix, existing \"peer-proto-table_name\" - new vrf_priority - START" + +- rib_insert: + attribute: + vrf: tluafed + priority: 5000 + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 1.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 3 4 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.4 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + tluafed 5000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.4 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 5000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- echo: "9 rib_insert() test: existing nexthop_stuff, existing prefix, existing \"peer-proto-table_name\" - new vrf_priority - DONE" + +################################################################################################################# +# 10 rib_remove prefix for unexisting vrf-priority +################################################################################################################# +- echo: "10 rib_remove() test: trying to remove prefix for unexisting vrf-priority - START" + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- rib_remove: + attribute: + vrf: unknown + priority: 10000 + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + prefixes: + - prefix: 1.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + +# expected result: nothing changed since previous step +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 3 4 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.4 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + tluafed 5000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.4 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 5000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- echo: "10 rib_remove() test: trying to remove prefix for unexisting vrf-priority - DONE" + +################################################################################################################# +# 11 rib_remove prefix for existing vrf-priority but unexisting protocol-peer-table_name +################################################################################################################# +- echo: "11 rib_remove() test: trying to remove prefix for existing vrf-priority but unexisting protocol-peer-table_name - START" + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- rib_remove: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 100.100.100.10 + prefixes: + - prefix: 1.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + +# expected result: nothing changed since previous step +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 3 4 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.4 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + tluafed 5000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.4 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 5000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- echo: "11 rib_remove() test: trying to remove prefix for existing vrf-priority but unexisting protocol-peer-table_name - DONE" + +################################################################################################################# +# 12 rib_remove unexisting prefix +################################################################################################################# +- echo: "12 rib_remove() test: trying to remove unexisting prefix - START" + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 1.0.0.0/32 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ------- ----- ---------------- ---- ---------- + +- rib_remove: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + prefixes: + - prefix: 1.0.0.0/32 + path_information: 192.168.0.1:10001 + labels: + - 1100 + +# expected result: nothing changed since previous step +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 3 4 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.4 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + tluafed 5000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.4 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 5000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 1.0.0.0/32 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ------- ----- ---------------- ---- ---------- + +- echo: "12 rib_remove() test: trying to remove unexisting prefix - DONE" + +################################################################################################################# +# 13 rib_remove prefix which has multiple path_info related to it +################################################################################################################# +- echo: "13 rib_remove() test: trying to remove prefix which has multiple path_info related to it - START" + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- rib_remove: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + prefixes: + - prefix: 1.0.0.0/24 + path_information: 192.168.0.2:10001 + labels: + - 1100 + +# expected result: +# one less path for peer 10.10.10.1 in rib summary, amount of prefixes remains the same +# line for path_info 192.168.0.2:10001 +# 'default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1' +# is removed from rib prefixes + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 3 3 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.4 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + tluafed 5000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.4 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 5000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- echo: "13 rib_remove() test: trying to remove prefix which has multiple path_info related to it - DONE" + +################################################################################################################# +# 14 rib_remove prefix of peer, which has other prefixes +################################################################################################################# +- echo: "14 rib_remove() test: trying to remove prefix for peer, which has some other prefixes - START" + +- cli_check: | + route tunnel get route0 2.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- rib_remove: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + prefixes: + - prefix: 2.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + +# expected result: +# one less path and one less prefix for peer 10.10.10.1 in rib summary - prefixes record remains +# line for prefix 2.0.0.0/24 +# 'default 10000 2.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0. 1100 0 incomplete 0 n/s 13238:1:1' +# is removed from rib prefixes + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.4 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + tluafed 5000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.4 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 5000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + route tunnel get route0 2.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ------- ----- ---------------- ---- ---------- + +- echo: "14 rib_remove() test: trying to remove prefix for peer, which has some other prefixes - DONE" + +################################################################################################################# +# 15 rib_remove the last (for this peer) prefix which has the last path_info related to it +################################################################################################################# +- echo: "15 rib_remove() test: trying to remove the last (for this peer) prefix which has the last path_info related to it - START" + +- cli_check: | + route tunnel get route0 3.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- rib_remove: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.4 + prefixes: + - prefix: 3.0.0.0/24 + path_information: 192.168.0.3:10001 + labels: + - 1100 + +# expected result: +# there was only one path and one prefix for peer 10.10.10.4 - its record in rib summary +# 'default 10000 autotest 10.10.10.4 ipv4 mpls-vpn 1 1 false' +# should disappear, +# line for peer 10.10.10.4 +# 'default 10000 3.0.0.0/24 autotest 10.10.10.4 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1' +# is removed from rib prefixes + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + tluafed 5000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 5000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +# this prefix is still known because of other peer +- cli_check: | + route tunnel get route0 3.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- echo: "15 rib_remove() test: trying to remove the last (for this peer) prefix which has the last path_info related to it - DONE" + +################################################################################################################# +# 16 rib_insert multiple prefixes insertion +################################################################################################################# +- echo: "16 rib_insert() test: multiple prefixes insertion - START" + +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 5.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + - nexthop: 192.168.0.2 + prefix: 5.0.0.0/24 + path_information: 192.168.0.2:10001 + labels: + - 1100 + - nexthop: 192.168.0.2 + prefix: 6.0.0.0/24 + path_information: 192.168.0.2:10001 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 4 5 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + tluafed 5000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 5.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 5.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.2 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 6.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.2:10001 192.168.0.2 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 5000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + route tunnel get route0 5.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 50.00 + kni0 192.168.0.2 1100 kni0.200 50.00 + +- cli_check: | + route tunnel get route0 6.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.2 1100 kni0.200 100.00 + +- echo: "16 rib_insert() test: multiple prefixes insertion - DONE" + +################################################################################################################# +# 17 rib_remove multiple prefixes removal +################################################################################################################# +- echo: "17 rib_remove() test: multiple prefixes removal - START" + +- rib_remove: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + prefixes: + - prefix: 5.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + - prefix: 5.0.0.0/24 + path_information: 192.168.0.2:10001 + labels: + - 1100 + - prefix: 6.0.0.0/24 + path_information: 192.168.0.2:10001 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + tluafed 5000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 5000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + route tunnel get route0 5.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ------- ----- ---------------- ---- ---------- + +- cli_check: | + route tunnel get route0 6.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ------- ----- ---------------- ---- ---------- + +- echo: "17 rib_remove() test: multiple prefixes removal - DONE" + +################################################################################################################# +# 18 rib_remove all parts of request exist separately, however the whole combination does not - no remove +################################################################################################################# +- echo: "18 rib_remove() test: all parts of request exist separately, however the whole combination does not - START" + +- cli_check: | + route tunnel get route0 3.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- rib_remove: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.2 + prefixes: + - prefix: 4.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + prefixes: + - prefix: 3.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + prefixes: + - prefix: 4.0.0.0/24 + path_information: 192.168.0.3:10001 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + tluafed 5000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 5000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + route tunnel get route0 3.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- echo: "18 rib_remove() test: all parts of request exist separately, however the whole combination does not - DONE" + +################################################################################################################# +# 19 rib_clear request contains only protocol +################################################################################################################# +- echo: "19 rib_clear() test: request contains only protocol - START" + +## add some prefixes for new protocol +- rib_insert: + attribute: + protocol: 2_b_rmvd + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 1.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + - nexthop: 192.168.0.1 + prefix: 5.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + - table_name: ipv4 mpls-vpn + peer: 10.10.10.3 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 3.0.0.0/24 + path_information: 192.168.0.1:10001 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 2_b_rmvd 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 2_b_rmvd 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + tluafed 5000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 2_b_rmvd 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 2_b_rmvd 10.10.10.3 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 5.0.0.0/24 2_b_rmvd 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 5000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 3.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 5.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +## remove prefixes for new protocol +- rib_clear: + attribute: + protocol: 2_b_rmvd + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 autotest 10.10.10.3 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + tluafed 5000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 3.0.0.0/24 autotest 10.10.10.3 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 5000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 3.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 5.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ------- ----- ---------------- ---- ---------- + +- echo: "19 rib_clear() test: request contains only protocol - DONE" + +################################################################################################################# +# 20 rib_clear request contains protocol, peer, vrf, priority +################################################################################################################# +- echo: "20 rib_clear() test: request contains protocol, peer, vrf, priority - START" + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- rib_clear: + attribute: + protocol: autotest + peer: 10.10.10.3 + vrf: default + priority: 10000 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + tluafed 5000 autotest 10.10.10.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 5000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- rib_clear: + attribute: + protocol: autotest + peer: 10.10.10.1 + vrf: tluafed + priority: 5000 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- echo: "20 rib_clear() test: request contains protocol, peer, vrf, priority - DONE" + +################################################################################################################# +# 21 rib_clear combination of protocol, peer, vrf, priority from request does not exist - nothing to clear +################################################################################################################# +- echo: "21 rib_clear() test: combination of protocol, peer, vrf, priority from request does not exist (though they exist separately) - nothing to clear - START" + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- rib_clear: + attribute: + protocol: static + peer: 10.10.10.1 + vrf: default + priority: 10000 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- echo: "21 rib_clear() test: combination of protocol, peer, vrf, priority from request does not exist (though they exist separately) - nothing to clear - DONE" + +################################################################################################################# +# 22 rib_clear - nothing to clear +################################################################################################################# +- echo: "22 rib_clear() test: protocol/peer/vrf/priority from request do not exist - nothing to clear - START" + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +# unexisting peer +- rib_clear: + attribute: + protocol: autotest + peer: 10.10.10.3 + vrf: default + priority: 10000 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +# unexisting protocol +- rib_clear: + attribute: + protocol: 2_b_rmvd + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +# unexisting vrf +- rib_clear: + attribute: + protocol: autotest + peer: 10.10.10.1 + vrf: tluafed + priority: 10000 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +# unexisting priority +- rib_clear: + attribute: + protocol: autotest + peer: 10.10.10.1 + vrf: default + priority: 99999 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 2 2 false + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- cli_check: | + route tunnel get route0 4.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- ----------- ----- ---------------- ---- ---------- + kni0 192.168.0.1 1100 kni0.200 100.00 + +- echo: "22 rib_clear() test: protocol/peer/vrf/priority from request do not exist - nothing to clear - DONE" + +################################################################################################################# +# won't need it anymore, no more 'route tunnel' checks +- cli: | + rib static remove default 0.0.0.0/0 200.0.0.1 + +################################################################################################################# +# 23 rib_lookup existing prefix for existing vrf +################################################################################################################# +- echo: "23 rib_lookup() test: existing prefix for existing vrf - START" + +- cli_check: | + rib lookup default 4.0.0.0 + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + rib lookup default 4.0.0.255 + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 4.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + rib lookup default 1.0.0.1 + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + rib lookup default 1.0.0.255 + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +# this is treated as update, not another insert! path_info for this prefix, this vrf-priority and protocol-peer-table_name has alreadu been existing, only labels have changed +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.2 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 1.0.0.0/24 + path_information: 192.168.0.3:10001 + labels: + - 1200 + +- cli_check: | + rib lookup default 1.0.0.255 + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1200 0 incomplete 0 n/s 13238:1:1 + +# rollback previous update +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 10.10.10.2 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 192.168.0.1 + prefix: 1.0.0.0/24 + path_information: 192.168.0.3:10001 + labels: + - 1100 + +- cli_check: | + rib lookup default 1.0.0.255 + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + + +- echo: "23 rib_lookup() test: existing prefix for existing vrf - DONE" + +################################################################################################################# +# 24 rib_lookup unexisting prefix for existing vrf +################################################################################################################# +- echo: "24 rib_lookup() test: unexisting prefix for existing vrf - START" + +- cli_check: | + rib lookup default 4.0.1.0 + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + --- -------- ------ -------- ---- ---------- ---------------- ------- ------ ---------------- ------ ------ --- ----------- ----------------- + +- cli_check: | + rib lookup default 1.0.1.255 + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + --- -------- ------ -------- ---- ---------- ---------------- ------- ------ ---------------- ------ ------ --- ----------- ----------------- + +- echo: "24 rib_lookup() test: unexisting prefix for existing vrf - DONE" + +################################################################################################################# +# 25 rib_lookup unexisting vrf +################################################################################################################# +- echo: "25 rib_lookup() test: unexisting vrf - START" + +- cli_check: | + rib lookup tluafed 4.0.0.0 + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + --- -------- ------ -------- ---- ---------- ---------------- ------- ------ ---------------- ------ ------ --- ----------- ----------------- + +- cli_check: | + rib lookup tluafed 1.0.0.1 + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + --- -------- ------ -------- ---- ---------- ---------------- ------- ------ ---------------- ------ ------ --- ----------- ----------------- + +- echo: "25 rib_lookup() test: unexisting vrf - DONE" + +################################################################################################################# +# 26 rib_get unexisting prefix for existing vrf +################################################################################################################# +- echo: "26 rib_get() test: unexisting prefix for existing vrf - START" + +- cli_check: | + rib get default 4.0.0.0/32 + vrf priority protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + --- -------- -------- ---- ---------- ---------------- ------- ------ ---------------- ------ ------ --- ----------- ----------------- + +- cli_check: | + rib get default 1.0.0.0/8 + vrf priority protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + --- -------- -------- ---- ---------- ---------------- ------- ------ ---------------- ------ ------ --- ----------- ----------------- + +- echo: "26 rib_get() test: unexisting prefix for existing vrf - DONE" + +################################################################################################################# +# 27 rib_get unexisting vrf +################################################################################################################# +- echo: "27 rib_get() test: unexisting vrf - START" + +- cli_check: | + rib get tluafed 4.0.0.0/24 + vrf priority protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + --- -------- -------- ---- ---------- ---------------- ------- ------ ---------------- ------ ------ --- ----------- ----------------- + +- cli_check: | + rib get tluafed 1.0.0.0/24 + vrf priority protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + --- -------- -------- ---- ---------- ---------------- ------- ------ ---------------- ------ ------ --- ----------- ----------------- + +- echo: "27 rib_get() test: unexisting vrf - DONE" + +################################################################################################################# +# 28 rib_get existing prefix for existing vrf +################################################################################################################# +- echo: "28 rib_get() test: existing prefix for existing vrf - START" + +- cli_check: | + rib get default 4.0.0.0/24 + vrf priority protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- cli_check: | + rib get default 1.0.0.0/24 + vrf priority protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- -------- ---------- ------------- ----------------- ----------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 autotest 10.10.10.1 ipv4 mpls-vpn 192.168.0.1:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 autotest 10.10.10.2 ipv4 mpls-vpn 192.168.0.3:10001 192.168.0.1 1100 0 incomplete 0 n/s 13238:1:1 + +- echo: "28 rib_get() test: existing prefix for existing vrf - DONE" + +################################################################################################################# +# 29 rib_save/rib_load test +################################################################################################################# +- echo: "29 rib_save()/rib_load() test: rib tables are restored after they were saved to file, cleared and loaded from file - START" + +## remove ALL prefixes, we will fill tables from scratch +- rib_clear: + attribute: + protocol: autotest + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---- ---------- -------- ----- ---- + default 10000 static :: 1 1 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- --------- -------- ---- ---------- ---------------- ------- ------ ---------------- ------ ------ --- ----------- ----------------- + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +# trying to have as many combinations with the same nexthop_stuff_t as possible (different prefixes, different peers, different vrfs, different path_infos, ...) +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 11.11.11.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 5.5.5.5 + prefix: 1.0.0.0/24 + path_information: 5.5.5.5:5555 + labels: + - 1100 + +# same nexthop_stuff_t, different peer +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 22.22.22.2 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 5.5.5.5 + prefix: 1.0.0.0/24 + path_information: 5.5.5.5:5555 + labels: + - 1100 + +# same nexthop_stuff_t, different path_info +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 11.11.11.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 5.5.5.5 + prefix: 1.0.0.0/24 + path_information: 5.5.5.5:9999 + labels: + - 1100 + +# same nexthop_stuff_t, different prefix +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 11.11.11.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 5.5.5.5 + prefix: 2.0.0.0/24 + path_information: 5.5.5.5:5555 + labels: + - 1100 + +# same nexthop_stuff_t, different prefix, different path_info +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 11.11.11.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 5.5.5.5 + prefix: 2.0.0.0/24 + path_information: 5.5.5.5:9999 + labels: + - 1100 + +# same nexthop_stuff_t, different vrf +- rib_insert: + attribute: + vrf: tluafed + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 11.11.11.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 5.5.5.5 + prefix: 1.0.0.0/24 + path_information: 5.5.5.5:5555 + labels: + - 1100 + +# different nexthop_stuff_t (labels) +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 11.11.11.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 5.5.5.5 + prefix: 1.0.0.0/24 + path_information: 5.5.5.5:5555 + labels: + - 2200 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 11.11.11.1 ipv4 mpls-vpn 2 4 false + default 10000 autotest 22.22.22.2 ipv4 mpls-vpn 1 1 false + default 10000 static :: 1 1 true + tluafed 10000 autotest 11.11.11.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ---------------- ------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 1.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 2200 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:9999 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 22.22.22.2 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:9999 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 10000 1.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + +# rib_save() +- cli: + dontdoit podumoi controlplane rib save > rib_saved.dmp + +## remove ALL prefixes, we will load rib tables from rib_saved.dmp +- rib_clear: + attribute: + protocol: autotest + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---- ---------- -------- ----- ---- + default 10000 static :: 1 1 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- --------- -------- ---- ---------- ---------------- ------- ------ ---------------- ------ ------ --- ----------- ----------------- + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +# rib_load() +- cli: + dontdoit podumoi controlplane rib load < rib_saved.dmp + +# loaded tables are the same as those we had saved +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 11.11.11.1 ipv4 mpls-vpn 2 4 false + default 10000 autotest 22.22.22.2 ipv4 mpls-vpn 1 1 false + default 10000 static :: 1 1 true + tluafed 10000 autotest 11.11.11.1 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ---------------- ------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 1.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 2200 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:9999 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 22.22.22.2 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:9999 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 10000 1.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + +- echo: "29 rib_save()/rib_load() test: rib tables are restored after they were saved to file, cleared and loaded from file - DONE" + +################################################################################################################# +# 30 rib_insert() -> rib_save() -> rib_clear() -> rib_insert() SOME OTHER_PREFIXES!! -> rib_load() - only loaded prefixes are present +################################################################################################################# +- echo: "30 rib_insert() -> rib_save() -> rib_clear() -> rib_insert() SOME OTHER_PREFIXES!! -> rib_load() - only loaded prefixes are present - START" + +## remove ALL prefixes, we will fill tables from scratch +- rib_clear: + attribute: + protocol: autotest + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---- ---------- -------- ----- ---- + default 10000 static :: 1 1 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- --------- -------- ---- ---------- ---------------- ------- ------ ---------------- ------ ------ --- ----------- ----------------- + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 11.11.11.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 5.5.5.5 + prefix: 1.0.0.0/24 + path_information: 5.5.5.5:5555 + labels: + - 1100 + +# same nexthop_stuff_t, different peer +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 22.22.22.2 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 5.5.5.5 + prefix: 1.0.0.0/24 + path_information: 5.5.5.5:5555 + labels: + - 1100 + +# same nexthop_stuff_t, different prefix +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 11.11.11.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 5.5.5.5 + prefix: 2.0.0.0/24 + path_information: 5.5.5.5:5555 + labels: + - 1100 + +# different path_info and nexthop_stuff_t +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 11.11.11.1 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 6.6.6.6 + prefix: 1.0.0.0/24 + path_information: 6.6.6.6:6666 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 11.11.11.1 ipv4 mpls-vpn 2 3 false + default 10000 autotest 22.22.22.2 ipv4 mpls-vpn 1 1 false + default 10000 static :: 1 1 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ---------------- ------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 1.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 6.6.6.6:6666 6.6.6.6 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 22.22.22.2 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +# rib_save() +- cli: + dontdoit podumoi controlplane rib save > rib_saved.dmp + +## remove ALL prefixes +- rib_clear: + attribute: + protocol: autotest + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---- ---------- -------- ----- ---- + default 10000 static :: 1 1 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- --------- -------- ---- ---------- ---------------- ------- ------ ---------------- ------ ------ --- ----------- ----------------- + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +# insert different prefixes for different peers and vrfs - all will be rewritten after rib_load() +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 33.33.33.33 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 8.8.8.8 + prefix: 7.7.7.7/24 + path_information: 8.8.8.8:8888 + labels: + - 1100 + +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 33.33.33.33 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 8.8.8.8 + prefix: 9.9.9.9/24 + path_information: 8.8.8.8:8888 + labels: + - 1100 + +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 44.44.44.44 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 8.8.8.8 + prefix: 7.7.7.7/24 + path_information: 8.8.8.8:8888 + labels: + - 1100 + +- rib_insert: + attribute: + protocol: autotest + vrf: tluafed + tables: + - table_name: ipv4 mpls-vpn + peer: 33.33.33.33 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 8.8.8.8 + prefix: 7.7.7.7/24 + path_information: 8.8.8.8:8888 + labels: + - 1100 + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ----------- ------------- -------- ----- ----- + default 10000 autotest 33.33.33.33 ipv4 mpls-vpn 2 2 false + default 10000 autotest 44.44.44.44 ipv4 mpls-vpn 1 1 false + default 10000 static :: 1 1 true + tluafed 10000 autotest 33.33.33.33 ipv4 mpls-vpn 1 1 false + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ----------- ------------- ---------------- ------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 7.7.7.7/24 autotest 33.33.33.33 ipv4 mpls-vpn 8.8.8.8:8888 8.8.8.8 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 7.7.7.7/24 autotest 44.44.44.44 ipv4 mpls-vpn 8.8.8.8:8888 8.8.8.8 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 9.9.9.9/24 autotest 33.33.33.33 ipv4 mpls-vpn 8.8.8.8:8888 8.8.8.8 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + tluafed 10000 7.7.7.7/24 autotest 33.33.33.33 ipv4 mpls-vpn 8.8.8.8:8888 8.8.8.8 1100 0 incomplete 0 n/s 13238:1:1 + +# rib_load() +- cli: + dontdoit podumoi controlplane rib load < rib_saved.dmp + +# loaded tables are the same as those we had saved +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ------------- -------- ----- ----- + default 10000 autotest 11.11.11.1 ipv4 mpls-vpn 2 3 false + default 10000 autotest 22.22.22.2 ipv4 mpls-vpn 1 1 false + default 10000 static :: 1 1 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ------------- ---------------- ------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 1.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 6.6.6.6:6666 6.6.6.6 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 22.22.22.2 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 2.0.0.0/24 autotest 11.11.11.1 ipv4 mpls-vpn 5.5.5.5:5555 5.5.5.5 1100 0 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +#TODO: would be interesting to check what was in prefixes_rebuild table on every step of tests with rib_save()/rib_load() + +- echo: "30 rib_insert() -> rib_save() -> rib_clear() -> rib_insert() SOME OTHER_PREFIXES!! -> rib_load() - only loaded prefixes are present - DONE" + +################################################################################################################# +# 31 fib rebuild +################################################################################################################# +- echo: "31 fib rebuild - START" + +## remove ALL prefixes, we will fill tables from scratch +- rib_clear: + attribute: + protocol: autotest + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---- ---------- -------- ----- ---- + default 10000 static :: 1 1 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- --------- -------- ---- ---------- ---------------- ------- ------ ---------------- ------ ------ --- ----------- ----------------- + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +# default (see neighbor in controlplane.conf) +- cli: | + rib static insert default 0.0.0.0/0 200.0.0.1 + +# original prefix with local_pref = 100 +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls + peer: 10.10.10.1 + med: 0 + large_communities: + - 13238:1:1 + local_pref: 100 + prefixes: + - nexthop: 200.0.0.1 + prefix: 1.0.0.0/24 + path_information: 200.0.0.1:10001 + labels: + - 1100 + +- echo: "insert prefix 1.0.0.0/24 from peer 10.10.10.1 with local_pref 100" + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ---------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ---------- ---------------- --------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls 200.0.0.1:10001 200.0.0.1 1100 100 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- --------- ----- ---------------- ---- ---------- + kni0 200.0.0.1 1100 kni0.200 100.00 + +# same prefix, different peer, different label but same med +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls + peer: 20.20.20.1 + med: 0 + large_communities: + - 13238:1:1 + local_pref: 100 + prefixes: + - nexthop: 200.0.0.1 + prefix: 1.0.0.0/24 + path_information: 200.0.0.1:10001 + labels: + - 1200 + +- echo: "insert same prefix 1.0.0.0/24 from another peer 20.20.20.1 with local_pref 100" + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ---------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls 1 1 false + default 10000 autotest 20.20.20.1 ipv4 mpls 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ---------- ---------------- --------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls 200.0.0.1:10001 200.0.0.1 1100 100 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 20.20.20.1 ipv4 mpls 200.0.0.1:10001 200.0.0.1 1200 100 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- --------- ----- ---------------- ---- ---------- + kni0 200.0.0.1 1100 kni0.200 50.00 + kni0 200.0.0.1 1200 kni0.200 50.00 + +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap + +# original prefix, but local_pref was changed +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls + peer: 10.10.10.1 + med: 0 + large_communities: + - 13238:1:1 + local_pref: 10 + prefixes: + - nexthop: 200.0.0.1 + prefix: 1.0.0.0/24 + path_information: 200.0.0.1:10001 + labels: + - 1100 + +- echo: "update prefix 1.0.0.0/24 from peer 10.10.10.1 with new local_pref 10 (this route (with label 1100)) must be gone from fib)" + +- cli_check: | + rib + vrf priority protocol peer table_name prefixes paths eor + ------- -------- -------- ---------- ---------- -------- ----- ----- + default 10000 autotest 10.10.10.1 ipv4 mpls 1 1 false + default 10000 autotest 20.20.20.1 ipv4 mpls 1 1 false + default 10000 static :: 2 2 true + +- cli_check: | + rib prefixes + vrf priority prefix protocol peer table_name path_information nexthop labels local_preference aspath origin med communities large_communities + ------- -------- ---------- -------- ---------- ---------- ---------------- --------- ------ ---------------- ------ ---------- --- ----------- ----------------- + default 10000 0.0.0.0/0 static :: 200.0.0.1 200.0.0.1 0 0 n/s n/s + default 10000 1.0.0.0/24 autotest 10.10.10.1 ipv4 mpls 200.0.0.1:10001 200.0.0.1 1100 10 incomplete 0 n/s 13238:1:1 + default 10000 1.0.0.0/24 autotest 20.20.20.1 ipv4 mpls 200.0.0.1:10001 200.0.0.1 1200 100 incomplete 0 n/s 13238:1:1 + default 10000 fe80::/64 static :: :: 0 0 n/s n/s + +# only one route should survive in fib +- cli_check: | + route tunnel get route0 1.0.0.0/24 + ingress_physical_ports nexthop label egress_interface peer weight (%) + ---------------------- --------- ----- ---------------- ---- ---------- + kni0 200.0.0.1 1200 kni0.200 100.00 + +- sendPackets: + - port: kni0 + send: 002-send.pcap + expect: 002-expect.pcap + +# without manual interference, this one messes with the next autottest +- cli: | + rib static remove default 0.0.0.0/0 200.0.0.1 + +- echo: "31 fib rebuild - DONE" \ No newline at end of file diff --git a/autotest/units/001_one_port/059_rib/controlplane.conf b/autotest/units/001_one_port/059_rib/controlplane.conf new file mode 100644 index 00000000..8d8bbb1c --- /dev/null +++ b/autotest/units/001_one_port/059_rib/controlplane.conf @@ -0,0 +1,32 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "route0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "route0" + }, + "route0": { + "type": "route", + "interfaces": { + "kni0.100": { + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipv4Prefix": "200.0.0.0/24", + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/059_rib/gen.py b/autotest/units/001_one_port/059_rib/gen.py new file mode 100644 index 00000000..42917bfd --- /dev/null +++ b/autotest/units/001_one_port/059_rib/gen.py @@ -0,0 +1,48 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * +from scapy.contrib.mpls import MPLS + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + +# two routes with same local preference - equal possibility to be sent with either label +write_pcap("001-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="1.0.0.1", src="111.222.111.222", ttl=64)/TCP(), + Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="1.0.0.1", src="222.222.222.222", ttl=64)/TCP(), + Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="1.0.0.1", src="111.2.111.1", ttl=64)/TCP(), + Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="1.0.0.1", src="222.1.222.1", ttl=64)/TCP()) + +write_pcap("001-expect.pcap", + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="111.222.111.222", ttl=63)/TCP(), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="222.222.222.222", ttl=63)/TCP(), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="111.2.111.1", ttl=63)/TCP(), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="222.1.222.1", ttl=63)/TCP()) + +# only one best route left in fib - always label 1200 +write_pcap("002-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="1.0.0.1", src="111.222.111.222", ttl=64)/TCP(), + Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="1.0.0.1", src="222.222.222.222", ttl=64)/TCP(), + Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="1.0.0.1", src="111.2.111.1", ttl=64)/TCP(), + Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="1.0.0.1", src="222.1.222.1", ttl=64)/TCP()) + +write_pcap("002-expect.pcap", + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="111.222.111.222", ttl=63)/TCP(), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="222.222.222.222", ttl=63)/TCP(), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="111.2.111.1", ttl=63)/TCP(), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="222.1.222.1", ttl=63)/TCP()) diff --git a/autotest/units/001_one_port/060_firewall_inplace_rules/001-expect.pcap b/autotest/units/001_one_port/060_firewall_inplace_rules/001-expect.pcap new file mode 100644 index 00000000..ba2dd468 Binary files /dev/null and b/autotest/units/001_one_port/060_firewall_inplace_rules/001-expect.pcap differ diff --git a/autotest/units/001_one_port/060_firewall_inplace_rules/001-send.pcap b/autotest/units/001_one_port/060_firewall_inplace_rules/001-send.pcap new file mode 100644 index 00000000..d8bd4e1c Binary files /dev/null and b/autotest/units/001_one_port/060_firewall_inplace_rules/001-send.pcap differ diff --git a/autotest/units/001_one_port/060_firewall_inplace_rules/autotest.yaml b/autotest/units/001_one_port/060_firewall_inplace_rules/autotest.yaml new file mode 100644 index 00000000..383459c9 --- /dev/null +++ b/autotest/units/001_one_port/060_firewall_inplace_rules/autotest.yaml @@ -0,0 +1,7 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 10.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap diff --git a/autotest/units/001_one_port/060_firewall_inplace_rules/controlplane.conf b/autotest/units/001_one_port/060_firewall_inplace_rules/controlplane.conf new file mode 100644 index 00000000..e5cad0e9 --- /dev/null +++ b/autotest/units/001_one_port/060_firewall_inplace_rules/controlplane.conf @@ -0,0 +1,47 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "firewall": [ + ":BEGIN", + "add allow ip from any to { 10.0.0.5 or 1234::5 }", + "add allow ip from { 10.0.0.5 or 1234::5 } to any", + "add deny ip from any to any" + ], + "nextModules": [ + "vrf0" + ] + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipv6Prefix": "1234::5/64", + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipv4Prefix": "10.0.0.5/24", + "neighborIPv4Address": "10.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/060_firewall_inplace_rules/gen.py b/autotest/units/001_one_port/060_firewall_inplace_rules/gen.py new file mode 100755 index 00000000..cd842236 --- /dev/null +++ b/autotest/units/001_one_port/060_firewall_inplace_rules/gen.py @@ -0,0 +1,47 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * +from scapy.contrib.mpls import MPLS + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + +def ipv4_send(_src, _dst): + return Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22")/Dot1Q(vlan=100)/IP(src=_src, dst=_dst, ttl=64) + +def ipv4_recv(_src, _dst): + return Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(src=_src, dst=_dst, ttl=63) + +def ipv6_send(_src, _dst): + return Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=200)/IPv6(src=_src, dst=_dst, hlim=64, fl=0) + +def ipv6_recv(_src, _dst): + return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(src=_src, dst=_dst, hlim=63, fl=0) + +write_pcap("001-send.pcap", + ipv4_send("10.0.0.3", "10.0.0.5")/TCP(dport=80, sport=(1024,1030), flags="S"), + ipv4_send("10.1.0.5", "21.0.0.18")/TCP(dport=80, sport=1024, flags="S"), + fragment(ipv4_send("10.0.0.5", "21.0.0.18")/TCP(dport=80, sport=1024, flags="S")/("QQQ"*400), fragsize=256), + ipv6_send("2000::1:b", "1234::5")/UDP(dport=53, sport=(1024,1030)), + ipv6_send("2000::cafe", "2200::beef")/TCP(dport=443, sport=1024, flags="S"), + ipv4_send("33.33.33.33", "33.33.33.34")/TCP(flags="R")) + +write_pcap("001-expect.pcap", + ipv4_recv("10.0.0.3", "10.0.0.5")/TCP(dport=80, sport=(1024,1030), flags="S"), + fragment(ipv4_recv("10.0.0.5", "21.0.0.18")/TCP(dport=80, sport=1024, flags="S")/("QQQ"*400), fragsize=256), + ipv6_recv("2000::1:b", "1234::5")/UDP(dport=53, sport=(1024,1030))) diff --git a/autotest/units/001_one_port/061_nat64stateful/001-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/001-expect.pcap new file mode 100644 index 00000000..0774458e Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/001-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/001-send.pcap b/autotest/units/001_one_port/061_nat64stateful/001-send.pcap new file mode 100644 index 00000000..9500d69b Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/001-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/002-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/002-expect.pcap new file mode 100644 index 00000000..df85c498 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/002-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/002-send.pcap b/autotest/units/001_one_port/061_nat64stateful/002-send.pcap new file mode 100644 index 00000000..e6bd958e Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/002-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/003-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/003-expect.pcap new file mode 100644 index 00000000..2be06fdd Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/003-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/003-send.pcap b/autotest/units/001_one_port/061_nat64stateful/003-send.pcap new file mode 100644 index 00000000..6fef1705 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/003-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/004-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/004-expect.pcap new file mode 100644 index 00000000..67a45e10 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/004-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/004-send.pcap b/autotest/units/001_one_port/061_nat64stateful/004-send.pcap new file mode 100644 index 00000000..882375b5 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/004-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/005-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/005-expect.pcap new file mode 100644 index 00000000..677bc64d Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/005-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/005-send.pcap b/autotest/units/001_one_port/061_nat64stateful/005-send.pcap new file mode 100644 index 00000000..4dd1595b Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/005-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/006-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/006-expect.pcap new file mode 100644 index 00000000..a3243045 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/006-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/006-send.pcap b/autotest/units/001_one_port/061_nat64stateful/006-send.pcap new file mode 100644 index 00000000..e45d3e8b Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/006-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/007-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/007-expect.pcap new file mode 100644 index 00000000..c40e3296 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/007-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/007-send.pcap b/autotest/units/001_one_port/061_nat64stateful/007-send.pcap new file mode 100644 index 00000000..9516fb49 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/007-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/008-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/008-expect.pcap new file mode 100644 index 00000000..fb688a13 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/008-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/008-send.pcap b/autotest/units/001_one_port/061_nat64stateful/008-send.pcap new file mode 100644 index 00000000..a5e3c865 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/008-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/009-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/009-expect.pcap new file mode 100644 index 00000000..a3243045 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/009-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/009-send.pcap b/autotest/units/001_one_port/061_nat64stateful/009-send.pcap new file mode 100644 index 00000000..c33208e0 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/009-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/010-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/010-expect.pcap new file mode 100644 index 00000000..c24c2283 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/010-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/010-send.pcap b/autotest/units/001_one_port/061_nat64stateful/010-send.pcap new file mode 100644 index 00000000..9336fabb Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/010-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/011-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/011-expect.pcap new file mode 100644 index 00000000..a3243045 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/011-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/011-send.pcap b/autotest/units/001_one_port/061_nat64stateful/011-send.pcap new file mode 100644 index 00000000..9587cbab Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/011-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/012-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/012-expect.pcap new file mode 100644 index 00000000..957cc4c4 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/012-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/012-send.pcap b/autotest/units/001_one_port/061_nat64stateful/012-send.pcap new file mode 100644 index 00000000..e97e7713 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/012-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/013-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/013-expect.pcap new file mode 100644 index 00000000..3eb11b32 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/013-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/013-send.pcap b/autotest/units/001_one_port/061_nat64stateful/013-send.pcap new file mode 100644 index 00000000..9587cbab Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/013-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/014-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/014-expect.pcap new file mode 100644 index 00000000..f232a852 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/014-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/014-send.pcap b/autotest/units/001_one_port/061_nat64stateful/014-send.pcap new file mode 100644 index 00000000..3edf4e23 Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/014-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/015-expect.pcap b/autotest/units/001_one_port/061_nat64stateful/015-expect.pcap new file mode 100644 index 00000000..9674015b Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/015-expect.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/015-send.pcap b/autotest/units/001_one_port/061_nat64stateful/015-send.pcap new file mode 100644 index 00000000..38ef557e Binary files /dev/null and b/autotest/units/001_one_port/061_nat64stateful/015-send.pcap differ diff --git a/autotest/units/001_one_port/061_nat64stateful/autotest.yaml b/autotest/units/001_one_port/061_nat64stateful/autotest.yaml new file mode 100644 index 00000000..23e87935 --- /dev/null +++ b/autotest/units/001_one_port/061_nat64stateful/autotest.yaml @@ -0,0 +1,117 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap +- sendPackets: + - port: kni0 + send: 002-send.pcap + expect: 002-expect.pcap +- sendPackets: + - port: kni0 + send: 003-send.pcap + expect: 003-expect.pcap +- sendPackets: + - port: kni0 + send: 004-send.pcap + expect: 004-expect.pcap +- sendPackets: + - port: kni0 + send: 005-send.pcap + expect: 005-expect.pcap +- sendPackets: + - port: kni0 + send: 006-send.pcap + expect: 006-expect.pcap +- sendPackets: + - port: kni0 + send: 007-send.pcap + expect: 007-expect.pcap +- sendPackets: + - port: kni0 + send: 008-send.pcap + expect: 008-expect.pcap +- sendPackets: + - port: kni0 + send: 009-send.pcap + expect: 009-expect.pcap +- sendPackets: + - port: kni0 + send: 010-send.pcap + expect: 010-expect.pcap +- sendPackets: + - port: kni0 + send: 011-send.pcap + expect: 011-expect.pcap +- sendPackets: + - port: kni0 + send: 012-send.pcap + expect: 012-expect.pcap +- sendPackets: + - port: kni0 + send: 013-send.pcap + expect: 013-expect.pcap +- cli_check: | + YANET_FORMAT_COLUMNS=module,ipv6_source,ipv4_source,ipv4_destination,proto,origin_port_source,port_source,port_destination,lan_flags,wan_flags nat64stateful state + module ipv6_source ipv4_source ipv4_destination proto origin_port_source port_source port_destination lan_flags wan_flags + ------ --------------------------------------- --------------- ---------------- ------ ------------------ ----------- ---------------- --------- ----------- + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.103 udp 2048 2048 80 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 icmpv6 4660 4660 0 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 tcp 2048 2048 80 syn syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.103 tcp 2048 2048 80 syn syn,ack,fin + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 udp 2048 2048 80 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.103 udp 2048 2048 443 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.104 tcp 8000 8000 8000 syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 tcp 2048 2048 443 syn syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.103 tcp 2048 2048 443 syn syn,ack + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 udp 2048 2048 443 +- sendPackets: + - port: kni0 + send: 014-send.pcap + expect: 014-expect.pcap +- cli_check: | + YANET_FORMAT_COLUMNS=module,ipv6_source,ipv4_source,ipv4_destination,proto,origin_port_source,port_source,port_destination,lan_flags,wan_flags nat64stateful state + module ipv6_source ipv4_source ipv4_destination proto origin_port_source port_source port_destination lan_flags wan_flags + ------ --------------------------------------- --------------- ---------------- ------ ------------------ ----------- ---------------- --------- ----------- + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.103 udp 2048 2048 80 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 icmpv6 4660 4660 0 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 tcp 2048 2048 80 syn syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb 153.153.153.153 102.102.102.103 tcp 2048 6070 443 syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb 153.153.153.153 102.102.102.102 icmpv6 4660 8682 0 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.103 tcp 2048 2048 80 syn syn,ack,fin + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb 153.153.153.153 102.102.102.102 tcp 2048 6070 443 syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb 153.153.153.153 102.102.102.104 tcp 8000 12022 8000 syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 udp 2048 2048 80 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.103 udp 2048 2048 443 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.104 tcp 8000 8000 8000 syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb 153.153.153.153 102.102.102.103 tcp 2048 6070 80 syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 tcp 2048 2048 443 syn syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb 153.153.153.153 102.102.102.102 tcp 2048 6070 80 syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.103 tcp 2048 2048 443 syn syn,ack + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 udp 2048 2048 443 +- sendPackets: + - port: kni0 + send: 015-send.pcap + expect: 015-expect.pcap +- cli_check: | + YANET_FORMAT_COLUMNS=module,ipv6_source,ipv4_source,ipv4_destination,proto,origin_port_source,port_source,port_destination,lan_flags,wan_flags nat64stateful state + module ipv6_source ipv4_source ipv4_destination proto origin_port_source port_source port_destination lan_flags wan_flags + ------ --------------------------------------- --------------- ---------------- ------ ------------------ ----------- ---------------- --------- ----------- + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.103 udp 2048 2048 80 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 icmpv6 4660 4660 0 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 tcp 2048 2048 80 syn syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb 153.153.153.153 102.102.102.103 tcp 2048 6070 443 syn syn,ack + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb 153.153.153.153 102.102.102.102 icmpv6 4660 8682 0 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.103 tcp 2048 2048 80 syn syn,ack,fin + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb 153.153.153.153 102.102.102.102 tcp 2048 6070 443 syn syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb 153.153.153.153 102.102.102.104 tcp 8000 12022 8000 syn syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 udp 2048 2048 80 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.103 udp 2048 2048 443 + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.104 tcp 8000 8000 8000 syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb 153.153.153.153 102.102.102.103 tcp 2048 6070 80 syn syn,ack,fin + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 tcp 2048 2048 443 syn syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb 153.153.153.153 102.102.102.102 tcp 2048 6070 80 syn syn + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.103 tcp 2048 2048 443 syn syn,ack + nat0 aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa 153.153.153.153 102.102.102.102 udp 2048 2048 443 diff --git a/autotest/units/001_one_port/061_nat64stateful/controlplane.conf b/autotest/units/001_one_port/061_nat64stateful/controlplane.conf new file mode 100644 index 00000000..735309ab --- /dev/null +++ b/autotest/units/001_one_port/061_nat64stateful/controlplane.conf @@ -0,0 +1,55 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "nextModules": [ + "nat0" + ] + }, + "nat0": { + "type": "nat64stateful", + "ipv6_prefixes": [ + "64:ff9b::/96" + ], + "ipv4_prefixes": [ + "153.153.153.153/32" + ], + "announces" : [ + "64:ff9b::/96", + "153.153.153.153/32" + ], + "nextModule": "vrf0" + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipv6Prefix": "fe80::2/64", + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipv4Prefix": "200.0.0.2/24", + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/061_nat64stateful/gen.py b/autotest/units/001_one_port/061_nat64stateful/gen.py new file mode 100755 index 00000000..998c1016 --- /dev/null +++ b/autotest/units/001_one_port/061_nat64stateful/gen.py @@ -0,0 +1,325 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + + +# check lan (ipv6 -> ipv4). create state, use state +write_pcap("001-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.103", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.103", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.103", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.103", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.104", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/TCP(dport=8000, sport=8000)) + +write_pcap("001-expect.pcap", + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.103", src="153.153.153.153", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.103", src="153.153.153.153", ttl=63, id=0)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.103", src="153.153.153.153", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.103", src="153.153.153.153", ttl=63, id=0)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.104", src="153.153.153.153", ttl=63, id=0)/TCP(dport=8000, sport=8000)) + + +# check wan (ipv4 -> ipv6). use state or drop +write_pcap("002-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/TCP(dport=2048, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/TCP(dport=2048, sport=80, flags="SA"), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/TCP(dport=2048, sport=443, flags="F"), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/TCP(dport=2048, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/TCP(dport=2048, sport=80, flags="AF"), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/TCP(dport=2048, sport=443, flags="SA"), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/TCP(dport=2948, sport=80), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/TCP(dport=2948, sport=443), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/TCP(dport=2048, sport=81), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/TCP(dport=2048, sport=444), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.199", src="102.102.102.102", ttl=64)/TCP(dport=2048, sport=80), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.199", src="102.102.102.102", ttl=64)/TCP(dport=2048, sport=443), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.199", ttl=64)/TCP(dport=2048, sport=80), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.199", ttl=64)/TCP(dport=2048, sport=443)) # dropped + +write_pcap("002-expect.pcap", + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/TCP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/TCP(dport=2048, sport=443), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.103", hlim=63, fl=0)/TCP(dport=2048, sport=80, flags="SA"), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.103", hlim=63, fl=0)/TCP(dport=2048, sport=443, flags="F"), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/TCP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/TCP(dport=2048, sport=443), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.103", hlim=63, fl=0)/TCP(dport=2048, sport=80, flags="AF"), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.103", hlim=63, fl=0)/TCP(dport=2048, sport=443, flags="SA")) + + +# check tc +write_pcap("003-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64, tc=0x01)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64, tc=0x02)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64, tc=0x04)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64, tc=0x80)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64, tc=0xFF)/TCP(dport=80, sport=2048)) + +write_pcap("003-expect.pcap", + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0, tos=0x01)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0, tos=0x02)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0, tos=0x04)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0, tos=0x80)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0, tos=0xFF)/TCP(dport=80, sport=2048)) + + +# check tos +write_pcap("004-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, tos=0x01)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, tos=0x02)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, tos=0x04)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, tos=0x80)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, tos=0xFF)/TCP(dport=2048, sport=80)) + +write_pcap("004-expect.pcap", + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0, tc=0x01)/TCP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0, tc=0x02)/TCP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0, tc=0x04)/TCP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0, tc=0x80)/TCP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0, tc=0xFF)/TCP(dport=2048, sport=80)) + + +# fragment not allowed yet. pass "atomic" fragment +write_pcap("005-send.pcap", + fragment6(Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/IPv6ExtHdrFragment(id=0x12345678)/TCP(dport=80, sport=2048)/("ABCDEFGH123456789012"*128), fragSize=1280), + fragment6(Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/IPv6ExtHdrFragment(id=0x12345678)/UDP(dport=80, sport=2048)/("ABCDEFGH123456789012"*128), fragSize=1280), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/IPv6ExtHdrFragment(id=0x87654321, m=0, offset=0)/TCP(dport=80, sport=2048), + fragment6(Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/IPv6ExtHdrFragment(id=0xABCDEF12)/ICMPv6EchoRequest(id=0x1234, seq=0x8765)/("ABCDEFGH123456789012"*128), fragSize=1280)) + +write_pcap("005-expect.pcap", + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/TCP(dport=80, sport=2048)) + + +# fragment not allowed yet +write_pcap("006-send.pcap", + fragment(Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, id=0x1234)/TCP(dport=2048, sport=80)/("ABCDEFGH123456789012"*128), fragsize=1208), + fragment(Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, id=0x1234)/UDP(dport=2048, sport=80)/("ABCDEFGH123456789012"*128), fragsize=1208), + fragment(Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, id=0x1234)/ICMP(type=8, id=0x1234, seq=0x8765)/("ABCDEFGH123456789012"*128), fragsize=1208)) + +write_pcap("006-expect.pcap") + + +# icmpv6 -> icmpv4. ping only yet +write_pcap("007-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/ICMPv6EchoRequest(id=0x1234, seq=0x8765)/"du hast vyacheslavich", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/ICMPv6EchoReply(id=0x5678, seq=0x4321)/"vitalya 2") + +write_pcap("007-expect.pcap", + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/ICMP(type=8, id=0x1234, seq=0x8765)/"du hast vyacheslavich") + + +# icmpv4 -> icmpv6. pong only yet +write_pcap("008-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/ICMP(type=0, id=0x1234, seq=0x8765)/"du hast vyacheslavich", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/ICMP(type=0, id=0x8765, seq=0x8765)/"du hast vyacheslavich", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.199", ttl=64)/ICMP(type=0, id=0x1234, seq=0x8765)/"du hast vyacheslavich", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.199", src="102.102.102.102", ttl=64)/ICMP(type=0, id=0x1234, seq=0x8765)/"du hast vyacheslavich", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/ICMP(type=8, id=0x5678, seq=0x4321)/"vitalya 2") + +write_pcap("008-expect.pcap", + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/ICMPv6EchoReply(id=0x1234, seq=0x8765)/"du hast vyacheslavich") + + +# unsupported proto and broken packets +write_pcap("009-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64, nh=0x1B), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64, nh=0x1B, plen=1), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64, nh=0x1B, plen=123), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/IPv6ExtHdrDestOpt(nh=0x1B), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64, plen=0)/IPv6ExtHdrDestOpt(nh=0x1B), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64, plen=1)/IPv6ExtHdrDestOpt(nh=0x1B), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64, plen=7)/IPv6ExtHdrDestOpt(nh=0x1B), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64, plen=9)/IPv6ExtHdrDestOpt(nh=0x1B), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64, plen=300)/IPv6ExtHdrDestOpt(nh=0x1B)) + +write_pcap("009-expect.pcap") + + +# broken packets +write_pcap("010-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, len=0)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, len=1)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, len=19)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, len=21)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, len=300)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*20))/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*20), len=0)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*20), len=1)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*20), len=19)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*20), len=20)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*20), len=21)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*20), len=39)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*20), len=41)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*20), len=300)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*40))/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*40), len=0)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*40), len=1)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*40), len=19)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*40), len=20)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*40), len=21)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*40), len=39)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*40), len=40)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*40), len=41)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*40), len=59)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*40), len=61)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64, options=("\x02"*40), len=300)/TCP(dport=2048, sport=80)) + +write_pcap("010-expect.pcap", + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/TCP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/TCP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/TCP(dport=2048, sport=80)) + + +# UDP. check wan (ipv4 -> ipv6). no state. drop +write_pcap("011-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/UDP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/UDP(dport=2048, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/UDP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/UDP(dport=2048, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/UDP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/UDP(dport=2048, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/UDP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/UDP(dport=2048, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/UDP(dport=2948, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/UDP(dport=2948, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/UDP(dport=2048, sport=81), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/UDP(dport=2048, sport=444), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.199", src="102.102.102.102", ttl=64)/UDP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.199", src="102.102.102.102", ttl=64)/UDP(dport=2048, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.199", ttl=64)/UDP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.199", ttl=64)/UDP(dport=2048, sport=443)) + +write_pcap("011-expect.pcap") + + +# UDP. check lan (ipv6 -> ipv4). create state, use state +write_pcap("012-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/UDP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/UDP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.103", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/UDP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.103", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/UDP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/UDP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/UDP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.103", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/UDP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.103", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/UDP(dport=443, sport=2048)) + +write_pcap("012-expect.pcap", + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/UDP(dport=80, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/UDP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.103", src="153.153.153.153", ttl=63, id=0)/UDP(dport=80, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.103", src="153.153.153.153", ttl=63, id=0)/UDP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/UDP(dport=80, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/UDP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.103", src="153.153.153.153", ttl=63, id=0)/UDP(dport=80, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.103", src="153.153.153.153", ttl=63, id=0)/UDP(dport=443, sport=2048)) + + +# UDP. check wan (ipv4 -> ipv6). use state or drop +write_pcap("013-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/UDP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/UDP(dport=2048, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/UDP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/UDP(dport=2048, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/UDP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/UDP(dport=2048, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/UDP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/UDP(dport=2048, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/UDP(dport=2948, sport=80), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/UDP(dport=2948, sport=443), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/UDP(dport=2048, sport=81), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/UDP(dport=2048, sport=444), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.199", src="102.102.102.102", ttl=64)/UDP(dport=2048, sport=80), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.199", src="102.102.102.102", ttl=64)/UDP(dport=2048, sport=443), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.199", ttl=64)/UDP(dport=2048, sport=80), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.199", ttl=64)/UDP(dport=2048, sport=443)) # dropped + +write_pcap("013-expect.pcap", + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/UDP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/UDP(dport=2048, sport=443), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.103", hlim=63, fl=0)/UDP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.103", hlim=63, fl=0)/UDP(dport=2048, sport=443), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/UDP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/UDP(dport=2048, sport=443), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.103", hlim=63, fl=0)/UDP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.102.103", hlim=63, fl=0)/UDP(dport=2048, sport=443)) + + +# check collisions (tries) +write_pcap("014-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.103", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.103", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.103", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.103", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.104", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", hlim=64)/TCP(dport=8000, sport=8000), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.102.102", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", hlim=64)/ICMPv6EchoRequest(id=0x1234, seq=0x8888)/"du hast vyacheslavich") + +write_pcap("014-expect.pcap", + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/TCP(dport=80, sport=6070), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/TCP(dport=443, sport=6070), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.103", src="153.153.153.153", ttl=63, id=0)/TCP(dport=80, sport=6070), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.103", src="153.153.153.153", ttl=63, id=0)/TCP(dport=443, sport=6070), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/TCP(dport=80, sport=6070), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/TCP(dport=443, sport=6070), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.103", src="153.153.153.153", ttl=63, id=0)/TCP(dport=80, sport=6070), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.103", src="153.153.153.153", ttl=63, id=0)/TCP(dport=443, sport=6070), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.104", src="153.153.153.153", ttl=63, id=0)/TCP(dport=8000, sport=12022), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.102.102", src="153.153.153.153", ttl=63, id=0)/ICMP(type=8, id=0x21ea, seq=0x8888)/"du hast vyacheslavich") + + +# check collisions (ipv4 -> ipv6) +write_pcap("015-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/TCP(dport=6070, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/TCP(dport=6070, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/TCP(dport=6070, sport=80, flags="SA"), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/TCP(dport=6070, sport=443, flags="F"), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/TCP(dport=6070, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/TCP(dport=6070, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/TCP(dport=6070, sport=80, flags="AF"), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.103", ttl=64)/TCP(dport=6070, sport=443, flags="SA"), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.104", ttl=64)/TCP(dport=12022, sport=8000), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.153.153", src="102.102.102.102", ttl=64)/ICMP(type=0, id=0x21ea, seq=0x8888)/"du hast vyacheslavich") + +write_pcap("015-expect.pcap", + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/TCP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/TCP(dport=2048, sport=443), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", src="64:ff9b::102.102.102.103", hlim=63, fl=0)/TCP(dport=2048, sport=80, flags="SA"), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", src="64:ff9b::102.102.102.103", hlim=63, fl=0)/TCP(dport=2048, sport=443, flags="F"), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/TCP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/TCP(dport=2048, sport=443), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", src="64:ff9b::102.102.102.103", hlim=63, fl=0)/TCP(dport=2048, sport=80, flags="AF"), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", src="64:ff9b::102.102.102.103", hlim=63, fl=0)/TCP(dport=2048, sport=443, flags="SA"), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", src="64:ff9b::102.102.102.104", hlim=63, fl=0)/TCP(dport=8000, sport=8000), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:bbbb", src="64:ff9b::102.102.102.102", hlim=63, fl=0)/ICMPv6EchoReply(id=0x1234, seq=0x8888)/"du hast vyacheslavich") diff --git a/autotest/units/001_one_port/062_nat64stateful_multipool/001-expect.pcap b/autotest/units/001_one_port/062_nat64stateful_multipool/001-expect.pcap new file mode 100644 index 00000000..e39b2975 Binary files /dev/null and b/autotest/units/001_one_port/062_nat64stateful_multipool/001-expect.pcap differ diff --git a/autotest/units/001_one_port/062_nat64stateful_multipool/001-send.pcap b/autotest/units/001_one_port/062_nat64stateful_multipool/001-send.pcap new file mode 100644 index 00000000..5f89337b Binary files /dev/null and b/autotest/units/001_one_port/062_nat64stateful_multipool/001-send.pcap differ diff --git a/autotest/units/001_one_port/062_nat64stateful_multipool/002-expect.pcap b/autotest/units/001_one_port/062_nat64stateful_multipool/002-expect.pcap new file mode 100644 index 00000000..ca8dc918 Binary files /dev/null and b/autotest/units/001_one_port/062_nat64stateful_multipool/002-expect.pcap differ diff --git a/autotest/units/001_one_port/062_nat64stateful_multipool/002-send.pcap b/autotest/units/001_one_port/062_nat64stateful_multipool/002-send.pcap new file mode 100644 index 00000000..fb2f96ea Binary files /dev/null and b/autotest/units/001_one_port/062_nat64stateful_multipool/002-send.pcap differ diff --git a/autotest/units/001_one_port/062_nat64stateful_multipool/003-expect.pcap b/autotest/units/001_one_port/062_nat64stateful_multipool/003-expect.pcap new file mode 100644 index 00000000..9c43fdba Binary files /dev/null and b/autotest/units/001_one_port/062_nat64stateful_multipool/003-expect.pcap differ diff --git a/autotest/units/001_one_port/062_nat64stateful_multipool/003-send.pcap b/autotest/units/001_one_port/062_nat64stateful_multipool/003-send.pcap new file mode 100644 index 00000000..f0c7567f Binary files /dev/null and b/autotest/units/001_one_port/062_nat64stateful_multipool/003-send.pcap differ diff --git a/autotest/units/001_one_port/062_nat64stateful_multipool/004-expect.pcap b/autotest/units/001_one_port/062_nat64stateful_multipool/004-expect.pcap new file mode 100644 index 00000000..040af78d Binary files /dev/null and b/autotest/units/001_one_port/062_nat64stateful_multipool/004-expect.pcap differ diff --git a/autotest/units/001_one_port/062_nat64stateful_multipool/004-send.pcap b/autotest/units/001_one_port/062_nat64stateful_multipool/004-send.pcap new file mode 100644 index 00000000..ae2d9b98 Binary files /dev/null and b/autotest/units/001_one_port/062_nat64stateful_multipool/004-send.pcap differ diff --git a/autotest/units/001_one_port/062_nat64stateful_multipool/005-expect.pcap b/autotest/units/001_one_port/062_nat64stateful_multipool/005-expect.pcap new file mode 100644 index 00000000..e1e4f250 Binary files /dev/null and b/autotest/units/001_one_port/062_nat64stateful_multipool/005-expect.pcap differ diff --git a/autotest/units/001_one_port/062_nat64stateful_multipool/005-send.pcap b/autotest/units/001_one_port/062_nat64stateful_multipool/005-send.pcap new file mode 100644 index 00000000..15390071 Binary files /dev/null and b/autotest/units/001_one_port/062_nat64stateful_multipool/005-send.pcap differ diff --git a/autotest/units/001_one_port/062_nat64stateful_multipool/autotest.yaml b/autotest/units/001_one_port/062_nat64stateful_multipool/autotest.yaml new file mode 100644 index 00000000..2289197c --- /dev/null +++ b/autotest/units/001_one_port/062_nat64stateful_multipool/autotest.yaml @@ -0,0 +1,23 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap +- sendPackets: + - port: kni0 + send: 002-send.pcap + expect: 002-expect.pcap +- sendPackets: + - port: kni0 + send: 003-send.pcap + expect: 003-expect.pcap +- sendPackets: + - port: kni0 + send: 004-send.pcap + expect: 004-expect.pcap +- sendPackets: + - port: kni0 + send: 005-send.pcap + expect: 005-expect.pcap diff --git a/autotest/units/001_one_port/062_nat64stateful_multipool/controlplane.conf b/autotest/units/001_one_port/062_nat64stateful_multipool/controlplane.conf new file mode 100644 index 00000000..f0f2716f --- /dev/null +++ b/autotest/units/001_one_port/062_nat64stateful_multipool/controlplane.conf @@ -0,0 +1,61 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "nextModules": [ + "nat0" + ] + }, + "nat0": { + "type": "nat64stateful", + "ipv6_prefixes": [ + "64:ff9b::/96", + "61:2345::/96" + ], + "ipv4_prefixes": [ + "153.153.153.100", + "153.153.154.0/24", + "153.153.155.0/25" + ], + "announces" : [ + "64:ff9b::/96", + "61:2345::/96", + "153.153.153.100", + "153.153.154.0/24", + "153.153.155.0/25" + ], + "nextModule": "vrf0" + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipv6Prefix": "fe80::2/64", + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipv4Prefix": "200.0.0.2/24", + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/062_nat64stateful_multipool/gen.py b/autotest/units/001_one_port/062_nat64stateful_multipool/gen.py new file mode 100755 index 00000000..9c233be8 --- /dev/null +++ b/autotest/units/001_one_port/062_nat64stateful_multipool/gen.py @@ -0,0 +1,68 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + + +# check lan (ipv6 -> ipv4). create state, check source ip +write_pcap("001-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.102.0.0/120", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="61:2345::102.102.0.0/120", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="61:2345:6::102.102.0.6", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", hlim=64)/TCP(dport=80, sport=2048)) # dropped + +write_pcap("001-expect.pcap", + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.0.0/24", src="153.153.154.102", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.102.0.0/24", src="153.153.154.102", ttl=63, id=0)/TCP(dport=80, sport=3923)) + + +# check wan (ipv4 -> ipv6) +write_pcap("002-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.154.102", src="102.102.0.0/24", ttl=64)/TCP(dport=2048, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.154.102", src="102.102.0.0/24", ttl=64)/TCP(dport=3923, sport=80), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.154.103", src="102.102.0.0/24", ttl=64)/TCP(dport=2048, sport=80), # dropped + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.154.103", src="102.102.0.0/24", ttl=64)/TCP(dport=3923, sport=80)) # dropped + +write_pcap("002-expect.pcap", + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="64:ff9b::102.102.0.0/120", hlim=63, fl=0)/TCP(dport=2048, sport=80), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", src="61:2345::102.102.0.0/120", hlim=63, fl=0)/TCP(dport=2048, sport=80)) + + +# check lan (ipv6 -> ipv4). create state, check source ip, check source port (1024 .. 65535) +write_pcap("003-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.199.99.99", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa/118", hlim=64)/TCP(dport=80, sport=4444), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="61:2345::102.199.99.99", src="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa/118", hlim=64)/TCP(dport=80, sport=4444)) + +# 003-expect.pcap - dumped + + +# check source port +write_pcap("004-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::102.234.123.45", src="aaaa:aaaa:aaaa:aaaa:bbbb:bbbb:bbbb:bbbb", hlim=64)/TCP(dport=80, sport=[80, 1023, 0, 1, 2, 3, 4, 5])) + +write_pcap("004-expect.pcap", + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.234.123.45", src="153.153.154.64", ttl=63, id=0)/TCP(dport=80, sport=[80 + 1024, 1023 + 1024, 0 + 1024, 1 + 1024, 2 + 1024, 3 + 1024, 4 + 1024, 5 + 1024])) + + +# check wan (ipv4 -> ipv6) +write_pcap("005-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="153.153.154.64", src="102.234.123.45", ttl=64)/TCP(dport=[80 + 1024, 1023 + 1024, 0 + 1024, 1 + 1024, 2 + 1024, 3 + 1024, 4 + 1024, 5 + 1024], sport=80)) + +write_pcap("005-expect.pcap", + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="aaaa:aaaa:aaaa:aaaa:bbbb:bbbb:bbbb:bbbb", src="64:ff9b::102.234.123.45", hlim=63, fl=0)/TCP(dport=[80, 1023, 0, 1, 2, 3, 4, 5], sport=80)) diff --git a/autotest/units/001_one_port/063_nat64stateful_multimodule/001-expect.pcap b/autotest/units/001_one_port/063_nat64stateful_multimodule/001-expect.pcap new file mode 100644 index 00000000..b0de9d1d Binary files /dev/null and b/autotest/units/001_one_port/063_nat64stateful_multimodule/001-expect.pcap differ diff --git a/autotest/units/001_one_port/063_nat64stateful_multimodule/001-send.pcap b/autotest/units/001_one_port/063_nat64stateful_multimodule/001-send.pcap new file mode 100644 index 00000000..5246ebc6 Binary files /dev/null and b/autotest/units/001_one_port/063_nat64stateful_multimodule/001-send.pcap differ diff --git a/autotest/units/001_one_port/063_nat64stateful_multimodule/002-expect.pcap b/autotest/units/001_one_port/063_nat64stateful_multimodule/002-expect.pcap new file mode 100644 index 00000000..76766fff Binary files /dev/null and b/autotest/units/001_one_port/063_nat64stateful_multimodule/002-expect.pcap differ diff --git a/autotest/units/001_one_port/063_nat64stateful_multimodule/002-send.pcap b/autotest/units/001_one_port/063_nat64stateful_multimodule/002-send.pcap new file mode 100644 index 00000000..9aad3bcc Binary files /dev/null and b/autotest/units/001_one_port/063_nat64stateful_multimodule/002-send.pcap differ diff --git a/autotest/units/001_one_port/063_nat64stateful_multimodule/003-expect.pcap b/autotest/units/001_one_port/063_nat64stateful_multimodule/003-expect.pcap new file mode 100644 index 00000000..456db472 Binary files /dev/null and b/autotest/units/001_one_port/063_nat64stateful_multimodule/003-expect.pcap differ diff --git a/autotest/units/001_one_port/063_nat64stateful_multimodule/003-send.pcap b/autotest/units/001_one_port/063_nat64stateful_multimodule/003-send.pcap new file mode 100644 index 00000000..6431f2f2 Binary files /dev/null and b/autotest/units/001_one_port/063_nat64stateful_multimodule/003-send.pcap differ diff --git a/autotest/units/001_one_port/063_nat64stateful_multimodule/autotest.yaml b/autotest/units/001_one_port/063_nat64stateful_multimodule/autotest.yaml new file mode 100644 index 00000000..516a8242 --- /dev/null +++ b/autotest/units/001_one_port/063_nat64stateful_multimodule/autotest.yaml @@ -0,0 +1,15 @@ +steps: +- ipv4Update: "0.0.0.0/0 -> 200.0.0.1" +- ipv6Update: "::/0 -> fe80::1" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap +- sendPackets: + - port: kni0 + send: 002-send.pcap + expect: 002-expect.pcap +- sendPackets: + - port: kni0 + send: 003-send.pcap + expect: 003-expect.pcap diff --git a/autotest/units/001_one_port/063_nat64stateful_multimodule/controlplane.conf b/autotest/units/001_one_port/063_nat64stateful_multimodule/controlplane.conf new file mode 100644 index 00000000..bff96eb2 --- /dev/null +++ b/autotest/units/001_one_port/063_nat64stateful_multimodule/controlplane.conf @@ -0,0 +1,78 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "nextModules": [ + "nat0", + "nat1", + "nat2" + ] + }, + "nat0": { + "type": "nat64stateful", + "ipv6_prefixes": [ + "2000:9999::/96" + ], + "ipv4_prefixes": [ + "122.122.122.122" + ], + "dscpMarkType": "never", + "nextModule": "vrf0" + }, + "nat1": { + "type": "nat64stateful", + "ipv6_prefixes": [ + "2000:2345::/96" + ], + "ipv4_prefixes": [ + "122.122.154.0/24" + ], + "dscpMarkType": "onlyDefault", + "dscp": 10, + "nextModule": "vrf0" + }, + "nat2": { + "type": "nat64stateful", + "ipv6_prefixes": [ + "2000:abcd::/96" + ], + "ipv4_prefixes": [ + "122.122.155.0/25" + ], + "dscpMarkType": "always", + "dscp": 20, + "nextModule": "vrf0" + }, + "vrf0": { + "type": "route", + "interfaces": { + "kni0.100": { + "ipv6Prefix": "fe80::2/64", + "neighborIPv6Address": "fe80::1", + "neighborMacAddress": "00:00:00:11:11:11", + "nextModule": "lp0.100" + }, + "kni0.200": { + "ipv4Prefix": "200.0.0.2/24", + "neighborIPv4Address": "200.0.0.1", + "neighborMacAddress": "00:00:00:22:22:22", + "nextModule": "lp0.200" + } + } + } + } +} diff --git a/autotest/units/001_one_port/063_nat64stateful_multimodule/gen.py b/autotest/units/001_one_port/063_nat64stateful_multimodule/gen.py new file mode 100755 index 00000000..13a4f646 --- /dev/null +++ b/autotest/units/001_one_port/063_nat64stateful_multimodule/gen.py @@ -0,0 +1,78 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + + +# check lan (ipv6 -> ipv4). create state, check source ip +write_pcap("001-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:9999::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:9999::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0x4, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:9999::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0x80, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:9999::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0xfc, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:9999::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0xff, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:2345::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:2345::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0x4, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:2345::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0x80, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:2345::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0xfc, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:2345::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0xff, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:abcd::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:abcd::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0x4, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:abcd::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0x80, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:abcd::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0xfc, hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:abcd::102.124.0.0/120", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", tc=0xff, hlim=64)/TCP(dport=443, sport=2048)) + +write_pcap("001-expect.pcap", + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.122.122", ttl=63, id=0, tos=0)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.122.122", ttl=63, id=0, tos=0x4)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.122.122", ttl=63, id=0, tos=0x80)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.122.122", ttl=63, id=0, tos=0xfc)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.122.122", ttl=63, id=0, tos=0xff)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.154.171", ttl=63, id=0, tos=0x28)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.154.171", ttl=63, id=0, tos=0x4)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.154.171", ttl=63, id=0, tos=0x80)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.154.171", ttl=63, id=0, tos=0xfc)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.154.171", ttl=63, id=0, tos=0xff)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.155.43", ttl=63, id=0, tos=0x50)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.155.43", ttl=63, id=0, tos=0x50)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.155.43", ttl=63, id=0, tos=0x50)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.155.43", ttl=63, id=0, tos=0x50)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="102.124.0.0/24", src="122.122.155.43", ttl=63, id=0, tos=0x53)/TCP(dport=443, sport=2048)) + + +# check wan (ipv4 -> ipv6) +write_pcap("002-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="122.122.122.122", src="102.124.0.0/24", ttl=64)/TCP(dport=2048, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="122.122.154.171", src="102.124.0.0/24", ttl=64)/TCP(dport=2048, sport=443), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:02")/Dot1Q(vlan=200)/IP(dst="122.122.155.43", src="102.124.0.0/24", ttl=64)/TCP(dport=2048, sport=443)) + +write_pcap("002-expect.pcap", + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", src="2000:9999::102.124.0.0/120", hlim=63, fl=0)/TCP(dport=2048, sport=443), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", src="2000:2345::102.124.0.0/120", hlim=63, fl=0)/TCP(dport=2048, sport=443), + Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IPv6(dst="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb", src="2000:abcd::102.124.0.0/120", hlim=63, fl=0)/TCP(dport=2048, sport=443)) + + +# check lan (ipv6 -> ipv4). create state, check source ip, check source port (1024 .. 65535) +write_pcap("003-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:9999::142.199.99.99", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb/118", tc=0x50, hlim=64)/TCP(dport=443, sport=4444), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:2345::142.199.99.99", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb/118", tc=0x50, hlim=64)/TCP(dport=443, sport=4444), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2000:abcd::142.199.99.99", src="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb/118", tc=0x50, hlim=64)/TCP(dport=443, sport=4444)) + +# 003-expect.pcap - dumped diff --git a/autotest/units/001_one_port/064_nat64stateful_egresstunnel/001-expect.pcap b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/001-expect.pcap new file mode 100644 index 00000000..184f6e5b Binary files /dev/null and b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/001-expect.pcap differ diff --git a/autotest/units/001_one_port/064_nat64stateful_egresstunnel/001-send.pcap b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/001-send.pcap new file mode 100644 index 00000000..c54cbf38 Binary files /dev/null and b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/001-send.pcap differ diff --git a/autotest/units/001_one_port/064_nat64stateful_egresstunnel/002-expect.pcap b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/002-expect.pcap new file mode 100644 index 00000000..c0fded8a Binary files /dev/null and b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/002-expect.pcap differ diff --git a/autotest/units/001_one_port/064_nat64stateful_egresstunnel/002-send.pcap b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/002-send.pcap new file mode 100644 index 00000000..174fd0b4 Binary files /dev/null and b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/002-send.pcap differ diff --git a/autotest/units/001_one_port/064_nat64stateful_egresstunnel/autotest.yaml b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/autotest.yaml new file mode 100644 index 00000000..624901cd --- /dev/null +++ b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/autotest.yaml @@ -0,0 +1,127 @@ +steps: +- rib_insert: + attribute: + protocol: autotest + tables: + - table_name: ipv4 mpls-vpn + peer: 0.0.0.0 + med: 0 + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 88.88.88.1 + prefix: 1.0.0.0/24 + path_information: 88.88.88.1:10001 + labels: + - 1100 + - nexthop: 88.88.88.2 + prefix: 1.0.0.0/24 + path_information: 88.88.88.2:10001 + labels: + - 1200 + - table_name: ipv4 mpls-vpn + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 88.88.88.1 + prefix: 1.0.0.254/32 + path_information: 88.88.88.1:11000 + labels: + - 1100 + - nexthop: 88.88.88.2 + prefix: 1.0.0.254/32 + path_information: 88.88.88.2:11001 + labels: + - 1200 + - table_name: ipv6 mpls-vpn + large_communities: + - 13238:1:1 + prefixes: + - nexthop: 8888::1 + prefix: 7e57::/64 + path_information: 88.88.88.1:10001 + labels: + - 1100 + - nexthop: 8888::2 + prefix: 7e57::/64 + path_information: 88.88.88.2:10001 + labels: + - 1200 + - nexthop: 8888::1 + prefix: 7e57::fffe/128 + path_information: 88.88.88.1:9999 + labels: + - 1100 + - nexthop: 8888::2 + prefix: 7e57::fffe/128 + path_information: 88.88.88.2:15000 + labels: + - 1200 + - table_name: ipv4 mpls-vpn + peer: 0.0.0.0 + med: 0 + large_communities: + - 13238:1:0 + prefixes: + - nexthop: 88.88.88.1 + prefix: 1.0.0.253/32 + path_information: 88.88.88.1:10001 + labels: + - 1100 + - nexthop: 88.88.88.2 + prefix: 1.0.0.253/32 + path_information: 88.88.88.2:10001 + labels: + - 1200 + - table_name: ipv4 mpls-vpn + peer: 0.0.0.0 + med: 0 + prefixes: + - nexthop: 88.88.88.1 + prefix: 1.0.0.252/32 + path_information: 88.88.88.1:10001 + labels: + - 1100 + - nexthop: 88.88.88.2 + prefix: 1.0.0.252/32 + path_information: 88.88.88.2:10001 + labels: + - 1200 + - table_name: ipv6 mpls-vpn + large_communities: + - 13238:1:0 + prefixes: + - nexthop: 8888::1 + prefix: 7e57::fffd/128 + path_information: 88.88.88.1:10001 + labels: + - 1100 + - nexthop: 8888::2 + prefix: 7e57::fffd/128 + path_information: 88.88.88.2:10001 + labels: + - 1200 + - table_name: ipv6 mpls-vpn + prefixes: + - nexthop: 8888::1 + prefix: 7e57::fffc/128 + path_information: 88.88.88.1:10001 + labels: + - 1100 + - nexthop: 8888::2 + prefix: 7e57::fffc/128 + path_information: 88.88.88.2:10001 + labels: + - 1200 +- ipv4Update: + - "0.0.0.0/0 -> 100.0.0.1 200.0.0.1" +- ipv6Update: + - "::/0 -> c0de::100:1 c0de::200:1" +- sendPackets: + - port: kni0 + send: 001-send.pcap + expect: 001-expect.pcap +- sendPackets: + - port: kni0 + send: 002-send.pcap + expect: 002-expect.pcap diff --git a/autotest/units/001_one_port/064_nat64stateful_egresstunnel/controlplane.conf b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/controlplane.conf new file mode 100644 index 00000000..42699fef --- /dev/null +++ b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/controlplane.conf @@ -0,0 +1,67 @@ +{ + "modules": { + "lp0.100": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "100", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "lp0.200": { + "type": "logicalPort", + "physicalPort": "kni0", + "vlanId": "200", + "macAddress": "00:11:22:33:44:55", + "nextModule": "acl0" + }, + "acl0": { + "type": "acl", + "nextModules": [ + "nat0" + ] + }, + "nat0": { + "type": "nat64stateful", + "ipv6_prefixes": [ + "64:ff9b::/96" + ], + "ipv4_prefixes": [ + "153.153.153.200" + ], + "announces" : [ + "64:ff9b::/96", + "153.153.153.200" + ], + "nextModule": "route0:tunnel" + }, + "route0": { + "type": "route", + "ipv4SourceAddress": "10.50.0.1", + "ipv6SourceAddress": "2222:ddd:0:2266:aeae:ffff:feb0:abcd", + "udpDestinationPort": 6635, + "interfaces": { + "kni0.100": { + "neighborIPv4Address": "100.0.0.1", + "neighborIPv6Address": "c0de::100:1", + "neighborMacAddress": "00:00:00:00:00:01", + "nextModule": "lp0.100" + }, + "kni0.200": { + "neighborIPv4Address": "200.0.0.1", + "neighborIPv6Address": "c0de::200:1", + "neighborMacAddress": "00:00:00:00:00:02", + "nextModule": "lp0.200" + } + }, + "localPrefixes": [ + "1.0.0.255/32", + "7e57::ffff/128" + ], + "peers": { + "1": "A", + "2": "B", + "3": "C" + } + } + } +} diff --git a/autotest/units/001_one_port/064_nat64stateful_egresstunnel/gen.py b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/gen.py new file mode 100755 index 00000000..091c482a --- /dev/null +++ b/autotest/units/001_one_port/064_nat64stateful_egresstunnel/gen.py @@ -0,0 +1,75 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from scapy.all import * +from scapy.contrib.mpls import MPLS + + +def write_pcap(filename, *packetsList): + if len(packetsList) == 0: + PcapWriter(filename)._write_header(Ether()) + return + + PcapWriter(filename) + + for packets in packetsList: + if type(packets) == list: + for packet in packets: + packet.time = 0 + wrpcap(filename, [p for p in packet], append=True) + else: + packets.time = 0 + wrpcap(filename, [p for p in packets], append=True) + + +# check lan (ipv6 -> ipv4). local prefixes +write_pcap("001-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::4.4.4.1", src="::100", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::4.4.4.2", src="::100", hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::4.4.4.3", src="::100", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::4.4.4.4", src="::100", hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::4.4.4.1", src="::100", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::4.4.4.2", src="::100", hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::4.4.4.3", src="::100", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::4.4.4.4", src="::100", hlim=64)/TCP(dport=443, sport=2048)) + +write_pcap("001-expect.pcap", + Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="4.4.4.1", src="153.153.153.200", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="4.4.4.2", src="153.153.153.200", ttl=63, id=0)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="4.4.4.3", src="153.153.153.200", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="4.4.4.4", src="153.153.153.200", ttl=63, id=0)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="4.4.4.1", src="153.153.153.200", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="4.4.4.2", src="153.153.153.200", ttl=63, id=0)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="4.4.4.3", src="153.153.153.200", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="4.4.4.4", src="153.153.153.200", ttl=63, id=0)/TCP(dport=443, sport=2048)) + + +# check lan (ipv6 -> ipv4). tunnel +write_pcap("002-send.pcap", + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::1.0.0.1", src="::1", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::1.0.0.2", src="::2", hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::1.0.0.3", src="::3", hlim=64)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::1.0.0.4", src="::4", hlim=64)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::1.0.0.1", src="::1", hlim=64, fl=1)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::1.0.0.2", src="::2", hlim=64, fl=1)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::1.0.0.3", src="::3", hlim=64, fl=1)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::1.0.0.4", src="::4", hlim=64, fl=1)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::1.0.0.5", src="::5", hlim=64, fl=1)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::1.0.0.6", src="::6", hlim=64, fl=1)/TCP(dport=443, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::1.0.0.7", src="::7", hlim=64, fl=1)/TCP(dport=80, sport=2048), + Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="64:ff9b::1.0.0.8", src="::8", hlim=64, fl=1)/TCP(dport=443, sport=2048)) + + +write_pcap("002-expect.pcap", + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64, id=0)/UDP(dport=6635, sport=0xd9bb | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="153.153.153.200", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64, id=0)/UDP(dport=6635, sport=0xcf4b | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.2", src="153.153.153.200", ttl=63, id=0)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64, id=0)/UDP(dport=6635, sport=0xc3da | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.3", src="153.153.153.200", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64, id=0)/UDP(dport=6635, sport=0xd719 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.4", src="153.153.153.200", ttl=63, id=0)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64, id=0)/UDP(dport=6635, sport=0xd9bb | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="153.153.153.200", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64, id=0)/UDP(dport=6635, sport=0xcf4b | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.2", src="153.153.153.200", ttl=63, id=0)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64, id=0)/UDP(dport=6635, sport=0xc3da | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.3", src="153.153.153.200", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64, id=0)/UDP(dport=6635, sport=0xd719 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.4", src="153.153.153.200", ttl=63, id=0)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64, id=0)/UDP(dport=6635, sport=0xdb88 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.5", src="153.153.153.200", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64, id=0)/UDP(dport=6635, sport=0xcd78 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.6", src="153.153.153.200", ttl=63, id=0)/TCP(dport=443, sport=2048), + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64, id=0)/UDP(dport=6635, sport=0xc1e9 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.7", src="153.153.153.200", ttl=63, id=0)/TCP(dport=80, sport=2048), + Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64, id=0)/UDP(dport=6635, sport=0xe7bd | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.8", src="153.153.153.200", ttl=63, id=0)/TCP(dport=443, sport=2048))