2.81. test_nat module

class test_nat.Event(*args: Any, **kwargs: Any)

Bases: scapy.all.Packet

extract_padding(s)
fields_desc = [scapy.all.ByteEnumField, scapy.all.ByteEnumField, scapy.all.ShortField, scapy.all.IPField, scapy.all.IPField, scapy.all.ShortField, scapy.all.ShortField, scapy.all.IPField, scapy.all.IPField, scapy.all.ShortField, scapy.all.ShortField, scapy.all.IntField, scapy.all.IntField, scapy.all.LongField]
name = 'Event'
class test_nat.HANATStateSync(*args: Any, **kwargs: Any)

Bases: scapy.all.Packet

fields_desc = [scapy.all.XByteField, scapy.all.FlagsField, scapy.all.FieldLenField, scapy.all.IntField, scapy.all.IntField, scapy.all.PacketListField]
name = 'HA NAT state sync'
class test_nat.MethodHolder(methodName='runTest')

Bases: framework.VppTestCase

NAT create capture and verify method holder

property SYSLOG_SEVERITY
clear_nat44()

Clear NAT44 configuration.

compose_ip6(ip4, pref, plen)

Compose IPv4-embedded IPv6 addresses

Parameters

  • ip4 – IPv4 address

  • pref – IPv6 prefix

  • plen – IPv6 prefix length

Returns

IPv4-embedded IPv6 addresses

property config_flags
create_stream_frag(src_if, dst, sport, dport, data, proto=scapy.data.IP_PROTOS.tcp, echo_reply=False)

Create fragmented packet stream

Parameters

  • src_if – Source interface

  • dst – Destination IPv4 address

  • sport – Source port

  • dport – Destination port

  • data – Payload data

  • proto – protocol (TCP, UDP, ICMP)

  • echo_reply – use echo_reply if protocol is ICMP

Returns

Fragments

create_stream_frag_ip6(src_if, dst, sport, dport, data, pref=None, plen=0, frag_size=128)

Create fragmented packet stream

Parameters

  • src_if – Source interface

  • dst – Destination IPv4 address

  • sport – Source TCP port

  • dport – Destination TCP port

  • data – Payload data

  • pref – NAT64 prefix

  • plen – NAT64 prefix length

  • fragsize – size of fragments

Returns

Fragments

create_stream_in(in_if, out_if, dst_ip=None, ttl=64)

Create packet stream for inside network

Parameters

  • in_if – Inside interface

  • out_if – Outside interface

  • dst_ip – Destination address

  • ttl – TTL of generated packets

create_stream_in_ip6(in_if, out_if, hlim=64, pref=None, plen=0)

Create IPv6 packet stream for inside network

Parameters

  • in_if – Inside interface

  • out_if – Outside interface

  • ttl – Hop Limit of generated packets

  • pref – NAT64 prefix

  • plen – NAT64 prefix length

create_stream_out(out_if, dst_ip=None, ttl=64, use_inside_ports=False)

Create packet stream for outside network

Parameters

  • out_if – Outside interface

  • dst_ip – Destination IP address (Default use global NAT address)

  • ttl – TTL of generated packets

  • use_inside_ports – Use inside NAT ports as destination ports instead of outside ports

create_stream_out_ip6(out_if, src_ip, dst_ip, hl=64)

Create packet stream for outside network

Parameters

  • out_if – Outside interface

  • dst_ip – Destination IP address (Default use global NAT address)

  • hl – HL of generated packets

extract_ip4(ip6, plen)

Extract IPv4 address embedded in IPv6 addresses

Parameters

  • ip6 – IPv6 address

  • plen – IPv6 prefix length

Returns

extracted IPv4 address

frag_in_order(proto=scapy.data.IP_PROTOS.tcp, dont_translate=False)
frag_in_order_in_plus_out(proto=scapy.data.IP_PROTOS.tcp)
frag_out_of_order(proto=scapy.data.IP_PROTOS.tcp, dont_translate=False)
frag_out_of_order_in_plus_out(proto=scapy.data.IP_PROTOS.tcp)
initiate_tcp_session(in_if, out_if)

Initiates TCP session

Parameters

  • in_if – Inside interface

  • out_if – Outside interface

nat44_add_address(ip, is_add=1, vrf_id=4294967295, twice_nat=0)

Add/delete NAT44 address

Parameters

  • ip – IP address

  • is_add – 1 if add, 0 if delete (Default add)

  • twice_nat – twice NAT address for external hosts

nat44_add_static_mapping(local_ip, external_ip='0.0.0.0', local_port=0, external_port=0, vrf_id=0, is_add=1, external_sw_if_index=4294967295, proto=0, tag='', flags=0)

Add/delete NAT44 static mapping

Parameters

  • local_ip – Local IP address

  • external_ip – External IP address

  • local_port – Local port number (Optional)

  • external_port – External port number (Optional)

  • vrf_id – VRF ID (Default 0)

  • is_add – 1 if add, 0 if delete (Default add)

  • external_sw_if_index – External interface instead of IP address

  • proto – IP protocol (Mandatory if port specified)

  • tag – Opaque string tag

  • flags – NAT configuration flags

static proto2layer(proto)
reass_frags_and_verify(frags, src, dst)

Reassemble and verify fragmented packet

Parameters

  • frags – Captured fragments

  • src – Source IPv4 address to verify

  • dst – Destination IPv4 address to verify

Returns

Reassembled IPv4 packet

reass_frags_and_verify_ip6(frags, src, dst)

Reassemble and verify fragmented packet

Parameters

  • frags – Captured fragments

  • src – Source IPv6 address to verify

  • dst – Destination IPv6 address to verify

Returns

Reassembled IPv6 packet

reass_hairpinning(proto=scapy.data.IP_PROTOS.tcp)
verify_capture_in(capture, in_if)

Verify captured packets on inside network

Parameters

  • capture – Captured packets

  • in_if – Inside interface

verify_capture_in_ip6(capture, src_ip, dst_ip)

Verify captured IPv6 packets on inside network

Parameters

  • capture – Captured packets

  • src_ip – Source IP

  • dst_ip – Destination IP address

verify_capture_in_with_icmp_errors(capture, in_if, icmp_type=11)

Verify captured packets with ICMP errors on inside network

Parameters

  • capture – Captured packets

  • in_if – Inside interface

  • icmp_type – Type of error ICMP packet we are expecting (Default 11)

verify_capture_no_translation(capture, ingress_if, egress_if)

Verify captured packet that don’t have to be translated

Parameters

  • capture – Captured packets

  • ingress_if – Ingress interface

  • egress_if – Egress interface

verify_capture_out(capture, nat_ip=None, same_port=False, dst_ip=None, is_ip6=False)

Verify captured packets on outside network

Parameters

  • capture – Captured packets

  • nat_ip – Translated IP address (Default use global NAT address)

  • same_port – Source port number is not translated (Default False)

  • dst_ip – Destination IP address (Default do not verify)

  • is_ip6 – If L3 protocol is IPv6 (Default False)

verify_capture_out_ip6(capture, nat_ip, same_port=False, dst_ip=None)

Verify captured packets on outside network

Parameters

  • capture – Captured packets

  • nat_ip – Translated IP address

  • same_port – Source port number is not translated (Default False)

  • dst_ip – Destination IP address (Default do not verify)

verify_capture_out_with_icmp_errors(capture, src_ip=None, icmp_type=11)

Verify captured packets with ICMP errors on outside network

Parameters

  • capture – Captured packets

  • src_ip – Translated IP address or IP address of VPP (Default use global NAT address)

  • icmp_type – Type of error ICMP packet we are expecting (Default 11)

verify_ipfix_addr_exhausted(data)

Verify IPFIX NAT addresses event

Parameters

data – Decoded IPFIX data records

verify_ipfix_bib(data, is_create, src_addr)

Verify IPFIX NAT64 BIB create and delete events

Parameters

  • data – Decoded IPFIX data records

  • is_create – Create event if nonzero value otherwise delete event

  • src_addr – IPv6 source address

verify_ipfix_max_bibs(data, limit)

Verify IPFIX maximum BIB entries exceeded event

Parameters

  • data – Decoded IPFIX data records

  • limit – Number of maximum BIB entries that can be created.

verify_ipfix_max_entries_per_user(data, limit, src_addr)

Verify IPFIX maximum entries per user exceeded event

Parameters

  • data – Decoded IPFIX data records

  • limit – Number of maximum entries per user

  • src_addr – IPv4 source address

verify_ipfix_max_sessions(data, limit)

Verify IPFIX maximum session entries exceeded event

Parameters

  • data – Decoded IPFIX data records

  • limit – Number of maximum session entries that can be created.

verify_ipfix_nat44_ses(data)

Verify IPFIX NAT44 session create/delete event

Parameters

data – Decoded IPFIX data records

verify_ipfix_nat64_ses(data, is_create, src_addr, dst_addr, dst_port)

Verify IPFIX NAT64 session create and delete events

Parameters

  • data – Decoded IPFIX data records

  • is_create – Create event if nonzero value otherwise delete event

  • src_addr – IPv6 source address

  • dst_addr – IPv4 destination address

  • dst_port – destination TCP port

verify_mss_value(pkt, mss)

Verify TCP MSS value

Parameters

  • pkt

  • mss

verify_no_nat44_user()

Verify that there is no NAT44 user

verify_syslog_apmap(data, is_add=True)
verify_syslog_sess(data, is_add=True, is_ip6=False)
class test_nat.TestDeterministicNAT(methodName='runTest')

Bases: test_nat.MethodHolder

Deterministic NAT Test Cases

clear_nat_det()

Clear deterministic NAT configuration.

create_stream_in(in_if, out_if, ttl=64)

Create packet stream for inside network

Parameters

  • in_if – Inside interface

  • out_if – Outside interface

  • ttl – TTL of generated packets

create_stream_out(out_if, dst_ip=None, ttl=64)

Create packet stream for outside network

Parameters

  • out_if – Outside interface

  • dst_ip – Destination IP address (Default use global NAT address)

  • ttl – TTL of generated packets

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

classmethod setUpConstants()

Set-up the test case class based on environment variables

show_commands_at_teardown()

Allow subclass specific teardown logging additions.

tearDown()

Show various debug prints after each test

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_det_in()

Deterministic NAT translation test (TCP, UDP, ICMP)

test_deterministic_mode()

NAT plugin run deterministic mode

test_multiple_users()

Deterministic NAT multiple users

test_session_limit_per_user()

Deterministic NAT maximum sessions per user limit

test_session_timeout()

Deterministic NAT session timeouts

test_set_timeouts()

Set deterministic NAT timeouts

test_tcp_session_close_detection_in()

Deterministic NAT TCP session close from inside network

test_tcp_session_close_detection_out()

Deterministic NAT TCP session close from outside network

verify_capture_out(capture, nat_ip=None)

Verify captured packets on outside network

Parameters

  • capture – Captured packets

  • nat_ip – Translated IP address (Default use global NAT address)

  • same_port – Source port number is not translated (Default False)

class test_nat.TestNAT44(methodName='runTest')

Bases: test_nat.MethodHolder

NAT44 Test Cases

create_routes_and_neigbors()
classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

show_commands_at_teardown()

Allow subclass specific teardown logging additions.

tearDown()

Show various debug prints after each test

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_clear_sessions()

NAT44 session clearing test

test_del_session()

Delete NAT44 session

test_dynamic()

NAT44 dynamic translation test

test_dynamic_icmp_errors_in2out_ttl_1()

NAT44 handling of client packets with TTL=1

test_dynamic_icmp_errors_in2out_ttl_2()

NAT44 handling of error responses to client packets with TTL=2

test_dynamic_icmp_errors_out2in_ttl_1()

NAT44 handling of server packets with TTL=1

test_dynamic_icmp_errors_out2in_ttl_2()

NAT44 handling of error responses to server packets with TTL=2

test_dynamic_ipless_interfaces()

NAT44 interfaces without configured IP address

test_dynamic_to_static()

Switch from dynamic translation to 1:1NAT

test_forwarding()

NAT44 forwarding test

test_frag_forwarding()

NAT44 forwarding fragment test

test_frag_in_order()

NAT44 translate fragments arriving in order

test_frag_out_of_order()

NAT44 translate fragments arriving out of order

test_ha_recv()

Receive HA session synchronization events (passive)

test_ha_send()

Send HA session synchronization events (active)

test_hairpinning()

NAT44 hairpinning - 1:1 NAPT

test_hairpinning2()

NAT44 hairpinning - 1:1 NAT

test_hairpinning_static_unknown_proto()

1:1 NAT translate packet with unknown protocol - hairpinning

test_identity_nat()

Identity NAT

test_inside_overlapping_interfaces()

NAT44 multiple inside interfaces with overlapping address space

test_interface_addr()

Acquire NAT44 addresses from interface

test_interface_addr_identity_nat()

Identity NAT with addresses from interface

test_interface_addr_static_mapping()

Static mapping with addresses from interface

test_ipfix_addr_exhausted()

IPFIX logging NAT addresses exhausted

test_ipfix_max_sessions()

IPFIX logging maximum session entries exceeded

test_ipfix_nat44_sess()

IPFIX logging NAT44 session created/deleted

test_mss_clamping()

TCP MSS clamping

test_multiple_inside_interfaces()

NAT44 multiple non-overlapping address space inside interfaces

test_multiple_outside_vrf()

Multiple outside VRF

test_one_armed_nat44()

One armed NAT44

test_output_feature()

NAT44 interface output feature (in2out postrouting)

test_output_feature_hairpinning()

NAT44 interface output feature hairpinning (in2out postrouting)

test_output_feature_vrf_aware()

NAT44 interface output feature VRF aware (in2out postrouting)

test_ping_internal_host_from_outside()

Ping internal host from outside network

test_ping_out_interface_from_outside()

Ping NAT44 out interface from outside network

test_pool_addr_fib()

NAT44 add pool addresses to FIB

test_port_range()

External address port range

test_port_restricted()

Port restricted NAT44 (MAP-E CE)

test_reass_hairpinning()

NAT44 fragments hairpinning

test_session_timeout()

NAT44 session timeouts

test_static_in()

1:1 NAT initialized from inside network

test_static_ipless_interfaces()

NAT44 interfaces without configured IP address - 1:1 NAT

test_static_out()

1:1 NAT initialized from outside network

test_static_unknown_proto()

1:1 NAT translate packet with unknown protocol

test_static_vrf_aware()

1:1 NAT VRF awareness

test_static_with_port_in()

1:1 NAPT initialized from inside network

test_static_with_port_ipless_interfaces()

NAT44 interfaces without configured IP address - 1:1 NAPT

test_static_with_port_out()

1:1 NAPT initialized from outside network

test_syslog_apmap()

Test syslog address and port mapping creation and deletion

test_vrf_feature_independent()

NAT44 tenant VRF independent address pool mode

test_vrf_mode()

NAT44 tenant VRF aware address pool mode

class test_nat.TestNAT44EndpointDependent(methodName='runTest')

Bases: test_nat.MethodHolder

Endpoint-Dependent mapping and filtering test cases

setUp()

Clear trace before running each test

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

classmethod setUpConstants()

Set-up the test case class based on environment variables

show_commands_at_teardown()

Allow subclass specific teardown logging additions.

tearDown()

Show various debug prints after each test

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_clear_sessions()

NAT44 ED session clearing test

test_dynamic()

NAT44 dynamic translation test

test_dynamic_out_of_ports()

NAT44 dynamic translation test: out of ports

test_dynamic_output_feature_vrf()

NAT44 dynamic translation test: output-feature, VRF

test_forwarding()

NAT44 forwarding test

test_frag_in_order()

NAT44 translate fragments arriving in order

test_frag_in_order_dont_translate()

NAT44 don’t translate fragments arriving in order

test_frag_in_order_in_plus_out()

in+out interface fragments in order

test_frag_out_of_order()

NAT44 translate fragments arriving out of order

test_frag_out_of_order_dont_translate()

NAT44 don’t translate fragments arriving out of order

test_frag_out_of_order_in_plus_out()

in+out interface fragments out of order

test_hairpinning_unknown_proto()

NAT44 translate packet with unknown protocol - hairpinning

test_lb_affinity()

NAT44 local service load balancing affinity

test_multiple_vrf()

Multiple VRF setup

test_next_src_nat()

On way back forward packet to nat44-in2out node.

test_one_armed_nat44_static()

One armed NAT44 and 1:1 NAPT asymmetrical rule

test_output_feature()

NAT44 interface output feature (in2out postrouting)

test_output_feature_and_service()

NAT44 interface output feature and services

test_output_feature_and_service2()

NAT44 interface output feature and service host direct access

test_output_feature_and_service3()

NAT44 interface output feature and DST NAT

test_output_feature_stateful_acl()

NAT44 endpoint-dependent output feature works with stateful ACL

test_reass_hairpinning()

NAT44 fragments hairpinning

test_self_twice_nat_lb_negative()

Self Twice NAT44 local service load balancing (negative test)

test_self_twice_nat_lb_positive()

Self Twice NAT44 local service load balancing (positive test)

test_self_twice_nat_negative()

Self Twice NAT44 (negative test)

test_self_twice_nat_positive()

Self Twice NAT44 (positive test)

test_session_rst_timeout()

NAT44 session RST timeouts

test_session_timeout()

NAT44 session timeouts

test_static_lb()

NAT44 local service load balancing

test_static_lb_2()

NAT44 local service load balancing (asymmetrical rule)

test_static_lb_multi_clients()

NAT44 local service load balancing - multiple clients

test_static_with_port_out2()

1:1 NAPT asymmetrical rule

test_syslog_sess()

Test syslog session creation and deletion

test_tcp_close()

Close TCP session from inside network - output feature

test_tcp_session_close_in()

Close TCP session from inside network

test_tcp_session_close_out()

Close TCP session from outside network

test_tcp_session_close_simultaneous()

Close TCP session from inside network

test_twice_nat()

Twice NAT44

test_twice_nat_interface_addr()

Acquire twice NAT44 addresses from interface

test_twice_nat_lb()

Twice NAT44 local service load balancing

test_unknown_proto()

NAT44 translate packet with unknown protocol

twice_nat_common(self_twice_nat=False, same_pg=False, lb=False, client_id=None)
class test_nat.TestNAT44EndpointDependent2(methodName='runTest')

Bases: test_nat.MethodHolder

Endpoint-Dependent mapping and filtering extra test cases

init_tcp_session(in_if, out_if, sport, ext_dport)
setUp()

Clear trace before running each test

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

classmethod setUpConstants()

Set-up the test case class based on environment variables

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_lru_cleanup()

LRU cleanup algorithm

translation_buckets = 5
class test_nat.TestNAT44Out2InDPO(methodName='runTest')

Bases: test_nat.MethodHolder

NAT44 Test Cases using out2in DPO

configure_xlat()
classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

classmethod setUpConstants()

Set-up the test case class based on environment variables

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_464xlat_ce()

Test 464XLAT CE with NAT44

test_464xlat_ce_no_nat()

Test 464XLAT CE without NAT44

class test_nat.TestNAT64(methodName='runTest')

Bases: test_nat.MethodHolder

NAT64 Test Cases

clear_nat64()

Clear NAT64 configuration.

nat64_get_ses_num()

Return number of active NAT64 sessions.

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

classmethod setUpConstants()

Set-up the test case class based on environment variables

show_commands_at_teardown()

Allow subclass specific teardown logging additions.

tearDown()

Show various debug prints after each test

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_dynamic()

NAT64 dynamic translation test

test_frag_in_order()

NAT64 translate fragments arriving in order

test_frag_out_of_order()

NAT64 translate fragments arriving out of order

test_hairpinning()

NAT64 hairpinning

test_hairpinning_unknown_proto()

NAT64 translate packet with unknown protocol - hairpinning

test_icmp_error()

NAT64 ICMP Error message translation

test_interface()

Enable/disable NAT64 feature on the interface

test_interface_addr()

Acquire NAT64 pool addresses from interface

test_ipfix_bib_ses()

IPFIX logging NAT64 BIB/session create and delete events

test_ipfix_max_bibs_sessions()

IPFIX logging maximum session and BIB entries exceeded

test_nat64_inside_interface_handles_neighbor_advertisement()

NAT64 inside interface handles Neighbor Advertisement

test_one_armed_nat64()

One armed NAT64

test_pool()

Add/delete address to NAT64 pool

test_prefix()

NAT64 Network-Specific Prefix

test_reass_hairpinning()

NAT64 fragments hairpinning

test_session_timeout()

NAT64 session timeout

test_set_timeouts()

Set NAT64 timeouts

test_static()

NAT64 static translation test

test_static_bib()

Add/delete static BIB entry

test_syslog_sess()

Test syslog session creation and deletion

test_unknown_proto()

NAT64 translate packet with unknown protocol

class test_nat.TestNAT66(methodName='runTest')

Bases: test_nat.MethodHolder

NAT66 Test Cases

clear_nat66()

Clear NAT66 configuration.

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

show_commands_at_teardown()

Allow subclass specific teardown logging additions.

tearDown()

Show various debug prints after each test

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_check_no_translate()

NAT66 translate only when egress interface is outside interface

test_static()

1:1 NAT66 test