2.89. test_nat44_ei module

class test_nat44_ei.Event(*args: Any, **kwargs: Any)

Bases: scapy.all.Packet

extract_padding(s)
fields_desc = [scapy.all.ByteEnumField, scapy.all.ByteEnumField, scapy.all.ShortField, scapy.all.IPField, scapy.all.IPField, scapy.all.ShortField, scapy.all.ShortField, scapy.all.IPField, scapy.all.IPField, scapy.all.ShortField, scapy.all.ShortField, scapy.all.IntField, scapy.all.IntField, scapy.all.LongField]
name = 'Event'
class test_nat44_ei.HANATStateSync(*args: Any, **kwargs: Any)

Bases: scapy.all.Packet

fields_desc = [scapy.all.XByteField, scapy.all.FlagsField, scapy.all.FieldLenField, scapy.all.IntField, scapy.all.IntField, scapy.all.PacketListField]
name = 'HA NAT state sync'
class test_nat44_ei.MethodHolder(methodName='runTest')

Bases: framework.VppTestCase

NAT create capture and verify method holder

property SYSLOG_SEVERITY
compose_ip6(ip4, pref, plen)

Compose IPv4-embedded IPv6 addresses

Parameters

  • ip4 – IPv4 address

  • pref – IPv6 prefix

  • plen – IPv6 prefix length

Returns

IPv4-embedded IPv6 addresses

property config_flags
create_routes_and_neigbors()
create_stream_frag(src_if, dst, sport, dport, data, proto=scapy.data.IP_PROTOS.tcp, echo_reply=False)

Create fragmented packet stream

Parameters

  • src_if – Source interface

  • dst – Destination IPv4 address

  • sport – Source port

  • dport – Destination port

  • data – Payload data

  • proto – protocol (TCP, UDP, ICMP)

  • echo_reply – use echo_reply if protocol is ICMP

Returns

Fragments

create_stream_in(in_if, out_if, dst_ip=None, ttl=64)

Create packet stream for inside network

Parameters

  • in_if – Inside interface

  • out_if – Outside interface

  • dst_ip – Destination address

  • ttl – TTL of generated packets

create_stream_out(out_if, dst_ip=None, ttl=64, use_inside_ports=False)

Create packet stream for outside network

Parameters

  • out_if – Outside interface

  • dst_ip – Destination IP address (Default use global NAT address)

  • ttl – TTL of generated packets

  • use_inside_ports – Use inside NAT ports as destination ports instead of outside ports

create_stream_out_ip6(out_if, src_ip, dst_ip, hl=64)

Create packet stream for outside network

Parameters

  • out_if – Outside interface

  • dst_ip – Destination IP address (Default use global NAT address)

  • hl – HL of generated packets

frag_in_order(proto=scapy.data.IP_PROTOS.tcp, dont_translate=False, ignore_port=False)
frag_out_of_order(proto=scapy.data.IP_PROTOS.tcp, dont_translate=False, ignore_port=False)
nat44_add_address(ip, is_add=1, vrf_id=4294967295, twice_nat=0)

Add/delete NAT44EI address

Parameters

  • ip – IP address

  • is_add – 1 if add, 0 if delete (Default add)

  • twice_nat – twice NAT address for external hosts

nat44_add_static_mapping(local_ip, external_ip='0.0.0.0', local_port=0, external_port=0, vrf_id=0, is_add=1, external_sw_if_index=4294967295, proto=0, tag='', flags=0)

Add/delete NAT44EI static mapping

Parameters

  • local_ip – Local IP address

  • external_ip – External IP address

  • local_port – Local port number (Optional)

  • external_port – External port number (Optional)

  • vrf_id – VRF ID (Default 0)

  • is_add – 1 if add, 0 if delete (Default add)

  • external_sw_if_index – External interface instead of IP address

  • proto – IP protocol (Mandatory if port specified)

  • tag – Opaque string tag

  • flags – NAT configuration flags

property nat44_config_flags
static proto2layer(proto)
reass_frags_and_verify(frags, src, dst)

Reassemble and verify fragmented packet

Parameters

  • frags – Captured fragments

  • src – Source IPv4 address to verify

  • dst – Destination IPv4 address to verify

Returns

Reassembled IPv4 packet

reass_hairpinning(server_addr, server_in_port, server_out_port, host_in_port, proto=scapy.data.IP_PROTOS.tcp, ignore_port=False)
verify_capture_in(capture, in_if)

Verify captured packets on inside network

Parameters

  • capture – Captured packets

  • in_if – Inside interface

verify_capture_in_with_icmp_errors(capture, in_if, icmp_type=11)

Verify captured packets with ICMP errors on inside network

Parameters

  • capture – Captured packets

  • in_if – Inside interface

  • icmp_type – Type of error ICMP packet we are expecting (Default 11)

verify_capture_no_translation(capture, ingress_if, egress_if)

Verify captured packet that don’t have to be translated

Parameters

  • capture – Captured packets

  • ingress_if – Ingress interface

  • egress_if – Egress interface

verify_capture_out(capture, nat_ip=None, same_port=False, dst_ip=None, is_ip6=False, ignore_port=False)

Verify captured packets on outside network

Parameters

  • capture – Captured packets

  • nat_ip – Translated IP address (Default use global NAT address)

  • same_port – Source port number is not translated (Default False)

  • dst_ip – Destination IP address (Default do not verify)

  • is_ip6 – If L3 protocol is IPv6 (Default False)

verify_capture_out_ip6(capture, nat_ip, same_port=False, dst_ip=None)

Verify captured packets on outside network

Parameters

  • capture – Captured packets

  • nat_ip – Translated IP address

  • same_port – Source port number is not translated (Default False)

  • dst_ip – Destination IP address (Default do not verify)

verify_capture_out_with_icmp_errors(capture, src_ip=None, icmp_type=11)

Verify captured packets with ICMP errors on outside network

Parameters

  • capture – Captured packets

  • src_ip – Translated IP address or IP address of VPP (Default use global NAT address)

  • icmp_type – Type of error ICMP packet we are expecting (Default 11)

verify_ipfix_addr_exhausted(data)
verify_ipfix_max_sessions(data, limit)
verify_ipfix_nat44_ses(data)

Verify IPFIX NAT44EI session create/delete event

Parameters

data – Decoded IPFIX data records

verify_mss_value(pkt, mss)
verify_no_nat44_user()

Verify that there is no NAT44EI user

verify_syslog_apmap(data, is_add=True)
class test_nat44_ei.TestNAT44EI(methodName='runTest')

Bases: test_nat44_ei.MethodHolder

NAT44EI Test Cases

max_translations = 10240
max_users = 10240
setUp()

Clear trace before running each test

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

show_commands_at_teardown()

Allow subclass specific teardown logging additions.

tearDown()

Show various debug prints after each test

test_clear_sessions()

NAT44EI session clearing test

test_del_session()

NAT44EI delete session

test_dynamic()

NAT44EI dynamic translation test

test_dynamic_icmp_errors_in2out_ttl_1()

NAT44EI handling of client packets with TTL=1

test_dynamic_icmp_errors_in2out_ttl_2()

NAT44EI handling of error responses to client packets with TTL=2

test_dynamic_icmp_errors_out2in_ttl_1()

NAT44EI handling of server packets with TTL=1

test_dynamic_icmp_errors_out2in_ttl_2()

NAT44EI handling of error responses to server packets with TTL=2

test_dynamic_ipless_interfaces()

NAT44EI interfaces without configured IP address

test_dynamic_to_static()

NAT44EI Switch from dynamic translation to 1:1NAT

test_forwarding()

NAT44EI forwarding test

test_frag_forwarding()

NAT44EI forwarding fragment test

test_frag_in_order()

NAT44EI translate fragments arriving in order

test_frag_out_of_order()

NAT44EI translate fragments arriving out of order

test_ha_recv()

NAT44EI Receive HA session synchronization events (passive)

test_ha_send()

NAT44EI Send HA session synchronization events (active)

test_hairpinning()

NAT44EI hairpinning - 1:1 NAPT

test_hairpinning2()

NAT44EI hairpinning - 1:1 NAT

test_hairpinning_avoid_inf_loop()

NAT44 hairpinning - 1:1 NAPT avoid infinite loop

test_hairpinning_static_unknown_proto()

NAT44EI 1:1 translate packet with unknown protocol - hairpinning

test_identity_nat()

NAT44EI Identity NAT

test_inside_overlapping_interfaces()

NAT44EI multiple inside interfaces with overlapping address space

test_interface_addr()

NAT44EI acquire addresses from interface

test_interface_addr_identity_nat()

NAT44EI Identity NAT with addresses from interface

test_interface_addr_static_mapping()

NAT44EI Static mapping with addresses from interface

test_ipfix_addr_exhausted()

NAT44EI IPFIX logging NAT addresses exhausted

test_ipfix_max_sessions()

NAT44EI IPFIX logging maximum session entries exceeded

test_ipfix_nat44_sess()

NAT44EI IPFIX logging NAT44EI session created/deleted

test_mss_clamping()

NAT44EI TCP MSS clamping

test_multiple_inside_interfaces()

NAT44EI multiple non-overlapping address space inside interfaces

test_multiple_outside_vrf()

NAT44EI Multiple outside VRF

test_one_armed_nat44()

NAT44EI One armed NAT

test_output_feature()

NAT44EI output feature (in2out postrouting)

test_output_feature_hairpinning()

NAT44EI output feature hairpinning (in2out postrouting)

test_output_feature_vrf_aware()

NAT44EI output feature VRF aware (in2out postrouting)

test_ping_internal_host_from_outside()

NAT44EI ping internal host from outside network

test_ping_out_interface_from_outside()

NAT44EI ping out interface from outside network

test_pool_addr_fib()

NAT44EI add pool addresses to FIB

test_port_range()

NAT44EI External address port range

test_port_restricted()

NAT44EI Port restricted NAT44EI (MAP-E CE)

test_reass_hairpinning()

NAT44EI fragments hairpinning

test_static_in()

NAT44EI 1:1 NAT initialized from inside network

test_static_ipless_interfaces()

NAT44EI interfaces without configured IP address - 1:1 NAT

test_static_out()

NAT44EI 1:1 NAT initialized from outside network

test_static_unknown_proto()

NAT44EI 1:1 translate packet with unknown protocol

test_static_vrf_aware()

NAT44EI 1:1 NAT VRF awareness

test_static_with_port_in()

NAT44EI 1:1 NAPT initialized from inside network

test_static_with_port_ipless_interfaces()

NAT44EI interfaces without configured IP address - 1:1 NAPT

test_static_with_port_out()

NAT44EI 1:1 NAPT initialized from outside network

test_syslog_apmap()

NAT44EI syslog address and port mapping creation and deletion

test_vrf_feature_independent()

NAT44EI tenant VRF independent address pool mode

test_vrf_mode()

NAT44EI tenant VRF aware address pool mode

class test_nat44_ei.TestNAT44Out2InDPO(methodName='runTest')

Bases: test_nat44_ei.MethodHolder

NAT44EI Test Cases using out2in DPO

configure_xlat()
setUp()

Clear trace before running each test

classmethod setUpClass()

Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

tearDown()

Show various debug prints after each test

test_464xlat_ce()

Test 464XLAT CE with NAT44EI

test_464xlat_ce_no_nat()

Test 464XLAT CE without NAT44EI