2.68. test_nat module

class test_nat.Event(*args, **kwargs)

Bases: scapy.all.Packet

extract_padding(s)
fields_desc = [scapy.all.ByteEnumField, scapy.all.ByteEnumField, scapy.all.ShortField, scapy.all.IPField, scapy.all.IPField, scapy.all.ShortField, scapy.all.ShortField, scapy.all.IPField, scapy.all.IPField, scapy.all.ShortField, scapy.all.ShortField, scapy.all.IntField, scapy.all.IntField, scapy.all.LongField]
name = 'Event'
class test_nat.HANATStateSync(*args, **kwargs)

Bases: scapy.all.Packet

fields_desc = [scapy.all.XByteField, scapy.all.FlagsField, scapy.all.FieldLenField, scapy.all.IntField, scapy.all.IntField, scapy.all.PacketListField]
name = 'HA NAT state sync'
class test_nat.MethodHolder(methodName='runTest')

Bases: framework.VppTestCase

NAT create capture and verify method holder

clear_nat44()

Clear NAT44 configuration.

compose_ip6(ip4, pref, plen)

Compose IPv4-embedded IPv6 addresses

Parameters

  • ip4 – IPv4 address

  • pref – IPv6 prefix

  • plen – IPv6 prefix length

Returns

IPv4-embedded IPv6 addresses

create_stream_frag(src_if, dst, sport, dport, data, proto=scapy.data.IP_PROTOS.tcp, echo_reply=False)

Create fragmented packet stream

Parameters

  • src_if – Source interface

  • dst – Destination IPv4 address

  • sport – Source port

  • dport – Destination port

  • data – Payload data

  • proto – protocol (TCP, UDP, ICMP)

  • echo_reply – use echo_reply if protocol is ICMP

Returns

Fragments

create_stream_frag_ip6(src_if, dst, sport, dport, data, pref=None, plen=0, frag_size=128)

Create fragmented packet stream

Parameters

  • src_if – Source interface

  • dst – Destination IPv4 address

  • sport – Source TCP port

  • dport – Destination TCP port

  • data – Payload data

  • pref – NAT64 prefix

  • plen – NAT64 prefix length

  • fragsize – size of fragments

Returns

Fragments

create_stream_in(in_if, out_if, dst_ip=None, ttl=64)

Create packet stream for inside network

Parameters

  • in_if – Inside interface

  • out_if – Outside interface

  • dst_ip – Destination address

  • ttl – TTL of generated packets

create_stream_in_ip6(in_if, out_if, hlim=64, pref=None, plen=0)

Create IPv6 packet stream for inside network

Parameters

  • in_if – Inside interface

  • out_if – Outside interface

  • ttl – Hop Limit of generated packets

  • pref – NAT64 prefix

  • plen – NAT64 prefix length

create_stream_out(out_if, dst_ip=None, ttl=64, use_inside_ports=False)

Create packet stream for outside network

Parameters

  • out_if – Outside interface

  • dst_ip – Destination IP address (Default use global NAT address)

  • ttl – TTL of generated packets

  • use_inside_ports – Use inside NAT ports as destination ports instead of outside ports

create_stream_out_ip6(out_if, src_ip, dst_ip, hl=64)

Create packet stream for outside network

Parameters

  • out_if – Outside interface

  • dst_ip – Destination IP address (Default use global NAT address)

  • hl – HL of generated packets

extract_ip4(ip6, plen)

Extract IPv4 address embedded in IPv6 addresses

Parameters

  • ip6 – IPv6 address

  • plen – IPv6 prefix length

Returns

extracted IPv4 address

frag_in_order(proto=scapy.data.IP_PROTOS.tcp, dont_translate=False)
frag_in_order_in_plus_out(proto=scapy.data.IP_PROTOS.tcp)
frag_out_of_order(proto=scapy.data.IP_PROTOS.tcp, dont_translate=False)
frag_out_of_order_in_plus_out(proto=scapy.data.IP_PROTOS.tcp)
initiate_tcp_session(in_if, out_if)

Initiates TCP session

Parameters

  • in_if – Inside interface

  • out_if – Outside interface

nat44_add_address(ip, is_add=1, vrf_id=4294967295, twice_nat=0)

Add/delete NAT44 address

Parameters

  • ip – IP address

  • is_add – 1 if add, 0 if delete (Default add)

  • twice_nat – twice NAT address for external hosts

nat44_add_static_mapping(local_ip, external_ip='0.0.0.0', local_port=0, external_port=0, vrf_id=0, is_add=1, external_sw_if_index=4294967295, proto=0, twice_nat=0, self_twice_nat=0, out2in_only=0, tag='')

Add/delete NAT44 static mapping

Parameters

  • local_ip – Local IP address

  • external_ip – External IP address

  • local_port – Local port number (Optional)

  • external_port – External port number (Optional)

  • vrf_id – VRF ID (Default 0)

  • is_add – 1 if add, 0 if delete (Default add)

  • external_sw_if_index – External interface instead of IP address

  • proto – IP protocol (Mandatory if port specified)

  • twice_nat – 1 if translate external host address and port

  • self_twice_nat – 1 if translate external host address and port whenever external host address equals local address of internal host

  • out2in_only – if 1 rule is matching only out2in direction

  • tag – Opaque string tag

static proto2layer(proto)
reass_frags_and_verify(frags, src, dst)

Reassemble and verify fragmented packet

Parameters

  • frags – Captured fragments

  • src – Source IPv4 address to verify

  • dst – Destination IPv4 address to verify

Returns

Reassembled IPv4 packet

reass_frags_and_verify_ip6(frags, src, dst)

Reassemble and verify fragmented packet

Parameters

  • frags – Captured fragments

  • src – Source IPv6 address to verify

  • dst – Destination IPv6 address to verify

Returns

Reassembled IPv6 packet

reass_hairpinning(proto=scapy.data.IP_PROTOS.tcp)
verify_capture_in(capture, in_if)

Verify captured packets on inside network

Parameters

  • capture – Captured packets

  • in_if – Inside interface

verify_capture_in_ip6(capture, src_ip, dst_ip)

Verify captured IPv6 packets on inside network

Parameters

  • capture – Captured packets

  • src_ip – Source IP

  • dst_ip – Destination IP address

verify_capture_in_with_icmp_errors(capture, in_if, icmp_type=11)

Verify captured packets with ICMP errors on inside network

Parameters

  • capture – Captured packets

  • in_if – Inside interface

  • icmp_type – Type of error ICMP packet we are expecting (Default 11)

verify_capture_no_translation(capture, ingress_if, egress_if)

Verify captured packet that don’t have to be translated

Parameters

  • capture – Captured packets

  • ingress_if – Ingress interface

  • egress_if – Egress interface

verify_capture_out(capture, nat_ip=None, same_port=False, dst_ip=None, is_ip6=False)

Verify captured packets on outside network

Parameters

  • capture – Captured packets

  • nat_ip – Translated IP address (Default use global NAT address)

  • same_port – Source port number is not translated (Default False)

  • dst_ip – Destination IP address (Default do not verify)

  • is_ip6 – If L3 protocol is IPv6 (Default False)

verify_capture_out_ip6(capture, nat_ip, same_port=False, dst_ip=None)

Verify captured packets on outside network

Parameters

  • capture – Captured packets

  • nat_ip – Translated IP address

  • same_port – Source port number is not translated (Default False)

  • dst_ip – Destination IP address (Default do not verify)

verify_capture_out_with_icmp_errors(capture, src_ip=None, icmp_type=11)

Verify captured packets with ICMP errors on outside network

Parameters

  • capture – Captured packets

  • src_ip – Translated IP address or IP address of VPP (Default use global NAT address)

  • icmp_type – Type of error ICMP packet we are expecting (Default 11)

verify_ipfix_addr_exhausted(data)

Verify IPFIX NAT addresses event

Parameters

data – Decoded IPFIX data records

verify_ipfix_bib(data, is_create, src_addr)

Verify IPFIX NAT64 BIB create and delete events

Parameters

  • data – Decoded IPFIX data records

  • is_create – Create event if nonzero value otherwise delete event

  • src_addr – IPv6 source address

verify_ipfix_max_bibs(data, limit)

Verify IPFIX maximum BIB entries exceeded event

Parameters

  • data – Decoded IPFIX data records

  • limit – Number of maximum BIB entries that can be created.

verify_ipfix_max_entries_per_user(data, limit, src_addr)

Verify IPFIX maximum entries per user exceeded event

Parameters

  • data – Decoded IPFIX data records

  • limit – Number of maximum entries per user

  • src_addr – IPv4 source address

verify_ipfix_max_fragments_ip4(data, limit, src_addr)

Verify IPFIX maximum IPv4 fragments pending reassembly exceeded event

Parameters

  • data – Decoded IPFIX data records

  • limit – Number of maximum fragments pending reassembly

  • src_addr – IPv4 source address

verify_ipfix_max_fragments_ip6(data, limit, src_addr)

Verify IPFIX maximum IPv6 fragments pending reassembly exceeded event

Parameters

  • data – Decoded IPFIX data records

  • limit – Number of maximum fragments pending reassembly

  • src_addr – IPv6 source address

verify_ipfix_max_sessions(data, limit)

Verify IPFIX maximum session entries exceeded event

Parameters

  • data – Decoded IPFIX data records

  • limit – Number of maximum session entries that can be created.

verify_ipfix_nat44_ses(data)

Verify IPFIX NAT44 session create/delete event

Parameters

data – Decoded IPFIX data records

verify_ipfix_nat64_ses(data, is_create, src_addr, dst_addr, dst_port)

Verify IPFIX NAT64 session create and delete events

Parameters

  • data – Decoded IPFIX data records

  • is_create – Create event if nonzero value otherwise delete event

  • src_addr – IPv6 source address

  • dst_addr – IPv4 destination address

  • dst_port – destination TCP port

verify_mss_value(pkt, mss)

Verify TCP MSS value

Parameters

  • pkt

  • mss

verify_no_nat44_user()

Verify that there is no NAT44 user

verify_syslog_apmap(data, is_add=True)
verify_syslog_sess(data, is_add=True, is_ip6=False)
class test_nat.TestDSlite(methodName='runTest')

Bases: test_nat.MethodHolder

DS-Lite Test Cases

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

tearDown()

Show various debug prints after each test

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_dslite()

Test DS-Lite

verify_syslog_apmadd(data, isaddr, isport, xsaddr, xsport, sv6enc, proto)
class test_nat.TestDSliteCE(methodName='runTest')

Bases: test_nat.MethodHolder

DS-Lite CE Test Cases

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

classmethod setUpConstants()

Set-up the test case class based on environment variables

tearDown()

Show various debug prints after each test

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_dslite_ce()

Test DS-Lite CE

class test_nat.TestDeterministicNAT(methodName='runTest')

Bases: test_nat.MethodHolder

Deterministic NAT Test Cases

clear_nat_det()

Clear deterministic NAT configuration.

create_stream_in(in_if, out_if, ttl=64)

Create packet stream for inside network

Parameters

  • in_if – Inside interface

  • out_if – Outside interface

  • ttl – TTL of generated packets

create_stream_out(out_if, dst_ip=None, ttl=64)

Create packet stream for outside network

Parameters

  • out_if – Outside interface

  • dst_ip – Destination IP address (Default use global NAT address)

  • ttl – TTL of generated packets

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

classmethod setUpConstants()

Set-up the test case class based on environment variables

tearDown()

Show various debug prints after each test

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_det_in()

Deterministic NAT translation test (TCP, UDP, ICMP)

test_deterministic_mode()

NAT plugin run deterministic mode

test_multiple_users()

Deterministic NAT multiple users

test_session_limit_per_user()

Deterministic NAT maximum sessions per user limit

test_session_timeout()

Deterministic NAT session timeouts

test_set_timeouts()

Set deterministic NAT timeouts

test_tcp_session_close_detection_in()

Deterministic NAT TCP session close from inside network

test_tcp_session_close_detection_out()

Deterministic NAT TCP session close from outside network

verify_capture_out(capture, nat_ip=None)

Verify captured packets on outside network

Parameters

  • capture – Captured packets

  • nat_ip – Translated IP address (Default use global NAT address)

  • same_port – Source port number is not translated (Default False)

class test_nat.TestNAT44(methodName='runTest')

Bases: test_nat.MethodHolder

NAT44 Test Cases

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

tearDown()

Show various debug prints after each test

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_del_session()

Delete NAT44 session

test_dynamic()

NAT44 dynamic translation test

test_dynamic_icmp_errors_in2out_ttl_1()

NAT44 handling of client packets with TTL=1

test_dynamic_icmp_errors_in2out_ttl_2()

NAT44 handling of error responses to client packets with TTL=2

test_dynamic_icmp_errors_out2in_ttl_1()

NAT44 handling of server packets with TTL=1

test_dynamic_icmp_errors_out2in_ttl_2()

NAT44 handling of error responses to server packets with TTL=2

test_dynamic_ipless_interfaces()

NAT44 interfaces without configured IP address

test_dynamic_to_static()

Switch from dynamic translation to 1:1NAT

test_forwarding()

NAT44 forwarding test

test_frag_forwarding()

NAT44 forwarding fragment test

test_frag_in_order()

NAT44 translate fragments arriving in order

test_frag_out_of_order()

NAT44 translate fragments arriving out of order

test_ha_recv()

Receive HA session synchronization events (passive)

test_ha_send()

Send HA session synchronization events (active)

test_hairpinning()

NAT44 hairpinning - 1:1 NAPT

test_hairpinning2()

NAT44 hairpinning - 1:1 NAT

test_hairpinning_static_unknown_proto()

1:1 NAT translate packet with unknown protocol - hairpinning

test_identity_nat()

Identity NAT

test_inside_overlapping_interfaces()

NAT44 multiple inside interfaces with overlapping address space

test_interface_addr()

Acquire NAT44 addresses from interface

test_interface_addr_identity_nat()

Identity NAT with addresses from interface

test_interface_addr_static_mapping()

Static mapping with addresses from interface

test_ipfix_addr_exhausted()

IPFIX logging NAT addresses exhausted

test_ipfix_max_frags()

IPFIX logging maximum fragments pending reassembly exceeded

test_ipfix_max_sessions()

IPFIX logging maximum session entries exceeded

test_ipfix_nat44_sess()

IPFIX logging NAT44 session created/deleted

test_max_translations_per_user()

MAX translations per user - recycle the least recently used

test_mss_clamping()

TCP MSS clamping

test_multiple_inside_interfaces()

NAT44 multiple non-overlapping address space inside interfaces

test_multiple_outside_vrf()

Multiple outside VRF

test_one_armed_nat44()

One armed NAT44

test_output_feature()

NAT44 interface output feature (in2out postrouting)

test_output_feature_hairpinning()

NAT44 interface output feature hairpinning (in2out postrouting)

test_output_feature_vrf_aware()

NAT44 interface output feature VRF aware (in2out postrouting)

test_ping_internal_host_from_outside()

Ping internal host from outside network

test_ping_out_interface_from_outside()

Ping NAT44 out interface from outside network

test_pool_addr_fib()

NAT44 add pool addresses to FIB

test_port_range()

External address port range

test_port_restricted()

Port restricted NAT44 (MAP-E CE)

test_reass_hairpinning()

NAT44 fragments hairpinning

test_session_timeout()

NAT44 session timeouts

test_set_get_reass()

NAT44 set/get virtual fragmentation reassembly

test_static_in()

1:1 NAT initialized from inside network

test_static_ipless_interfaces()

NAT44 interfaces without configured IP address - 1:1 NAT

test_static_out()

1:1 NAT initialized from outside network

test_static_unknown_proto()

1:1 NAT translate packet with unknown protocol

test_static_vrf_aware()

1:1 NAT VRF awareness

test_static_with_port_in()

1:1 NAPT initialized from inside network

test_static_with_port_ipless_interfaces()

NAT44 interfaces without configured IP address - 1:1 NAPT

test_static_with_port_out()

1:1 NAPT initialized from outside network

test_syslog_apmap()

Test syslog address and port mapping creation and deletion

test_vrf_feature_independent()

NAT44 tenant VRF independent address pool mode

test_vrf_mode()

NAT44 tenant VRF aware address pool mode

class test_nat.TestNAT44EndpointDependent(methodName='runTest')

Bases: test_nat.MethodHolder

Endpoint-Dependent mapping and filtering test cases

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

classmethod setUpConstants()

Set-up the test case class based on environment variables

tearDown()

Show various debug prints after each test

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_dynamic()

NAT44 dynamic translation test

test_forwarding()

NAT44 forwarding test

test_frag_in_order()

NAT44 translate fragments arriving in order

test_frag_in_order_dont_translate()

NAT44 don’t translate fragments arriving in order

test_frag_in_order_in_plus_out()

in+out interface fragments in order

test_frag_out_of_order()

NAT44 translate fragments arriving out of order

test_frag_out_of_order_dont_translate()

NAT44 don’t translate fragments arriving out of order

test_frag_out_of_order_in_plus_out()

in+out interface fragments out of order

test_hairpinning_unknown_proto()

NAT44 translate packet with unknown protocol - hairpinning

test_lb_affinity()

NAT44 local service load balancing affinity

test_multiple_vrf()

Multiple VRF setup

test_next_src_nat()

On way back forward packet to nat44-in2out node.

test_one_armed_nat44_static()

One armed NAT44 and 1:1 NAPT asymmetrical rule

test_output_feature()

NAT44 interface output feature (in2out postrouting)

test_output_feature_and_service()

NAT44 interface output feature and services

test_output_feature_and_service2()

NAT44 interface output feature and service host direct access

test_output_feature_and_service3()

NAT44 interface output feature and DST NAT

test_reass_hairpinning()

NAT44 fragments hairpinning

test_self_twice_nat_lb_negative()

Self Twice NAT44 local service load balancing (negative test)

test_self_twice_nat_lb_positive()

Self Twice NAT44 local service load balancing (positive test)

test_self_twice_nat_negative()

Self Twice NAT44 (negative test)

test_self_twice_nat_positive()

Self Twice NAT44 (positive test)

test_session_limit_per_user()

Maximum sessions per user limit

test_session_rst_timeout()

NAT44 session RST timeouts

test_session_timeout()

NAT44 session timeouts

test_static_lb()

NAT44 local service load balancing

test_static_lb_2()

NAT44 local service load balancing (asymmetrical rule)

test_static_lb_multi_clients()

NAT44 local service load balancing - multiple clients

test_static_with_port_out2()

1:1 NAPT asymmetrical rule

test_syslog_sess()

Test syslog session creation and deletion

test_tcp_close()

Close TCP session from inside network - output feature

test_tcp_session_close_in()

Close TCP session from inside network

test_tcp_session_close_out()

Close TCP session from outside network

test_tcp_session_close_simultaneous()

Close TCP session from inside network

test_twice_nat()

Twice NAT44

test_twice_nat_interface_addr()

Acquire twice NAT44 addresses from interface

test_twice_nat_lb()

Twice NAT44 local service load balancing

test_unknown_proto()

NAT44 translate packet with unknown protocol

twice_nat_common(self_twice_nat=False, same_pg=False, lb=False, client_id=None)
class test_nat.TestNAT44Out2InDPO(methodName='runTest')

Bases: test_nat.MethodHolder

NAT44 Test Cases using out2in DPO

configure_xlat()
classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

classmethod setUpConstants()

Set-up the test case class based on environment variables

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_464xlat_ce()

Test 464XLAT CE with NAT44

test_464xlat_ce_no_nat()

Test 464XLAT CE without NAT44

class test_nat.TestNAT64(methodName='runTest')

Bases: test_nat.MethodHolder

NAT64 Test Cases

clear_nat64()

Clear NAT64 configuration.

nat64_get_ses_num()

Return number of active NAT64 sessions.

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

classmethod setUpConstants()

Set-up the test case class based on environment variables

tearDown()

Show various debug prints after each test

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_dynamic()

NAT64 dynamic translation test

test_frag_in_order()

NAT64 translate fragments arriving in order

test_frag_out_of_order()

NAT64 translate fragments arriving out of order

test_hairpinning()

NAT64 hairpinning

test_hairpinning_unknown_proto()

NAT64 translate packet with unknown protocol - hairpinning

test_icmp_error()

NAT64 ICMP Error message translation

test_interface()

Enable/disable NAT64 feature on the interface

test_interface_addr()

Acquire NAT64 pool addresses from interface

test_ipfix_bib_ses()

IPFIX logging NAT64 BIB/session create and delete events

test_ipfix_max_bibs_sessions()

IPFIX logging maximum session and BIB entries exceeded

test_ipfix_max_frags()

IPFIX logging maximum fragments pending reassembly exceeded

test_nat64_inside_interface_handles_neighbor_advertisement()

NAT64 inside interface handles Neighbor Advertisement

test_one_armed_nat64()

One armed NAT64

test_pool()

Add/delete address to NAT64 pool

test_prefix()

NAT64 Network-Specific Prefix

test_reass_hairpinning()

NAT64 fragments hairpinning

test_session_timeout()

NAT64 session timeout

test_set_timeouts()

Set NAT64 timeouts

test_static()

NAT64 static translation test

test_static_bib()

Add/delete static BIB entry

test_syslog_sess()

Test syslog session creation and deletion

test_unknown_proto()

NAT64 translate packet with unknown protocol

class test_nat.TestNAT66(methodName='runTest')

Bases: test_nat.MethodHolder

NAT66 Test Cases

clear_nat66()

Clear NAT66 configuration.

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

tearDown()

Show various debug prints after each test

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_check_no_translate()

NAT66 translate only when egress interface is outside interface

test_static()

1:1 NAT66 test