Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 3491d7f1d05ee5e05ebf0f6129d54c5ca85e22cf / . / test / test_acl_plugin_macip.py
blob: f10d6cc60d5e249ec163cb36ad1daa5e76cc9aa5 [file] [log] [blame]
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]1#!/usr/bin/env python
2"""ACL plugin - MACIP tests
3"""
4import random
5import re
6import unittest
7
8from socket import inet_ntop, inet_pton, AF_INET, AF_INET6
9from struct import *
10from scapy.packet import Raw
11from scapy.layers.l2 import Ether
12from scapy.layers.inet import IP, UDP, TCP
13from scapy.layers.inet6 import IPv6
14
15from framework import VppTestCase, VppTestRunner, running_extended_tests
16from vpp_lo_interface import VppLoInterface
17
18
19class TestMACIP(VppTestCase):
20 """MACIP Test Case"""
21
22 DEBUG = False
23
24 BRIDGED = True
25 ROUTED = False
26
27 IS_IP4 = False
28 IS_IP6 = True
29
30 # rule types
31 DENY = 0
32 PERMIT = 1
33
34 # ACL types
35 EXACT_IP = 1
36 SUBNET_IP = 2
37 WILD_IP = 3
38
39 EXACT_MAC = 1
40 WILD_MAC = 2
41 OUI_MAC = 3
42
43 ACLS = []
44
45 @classmethod
46 def setUpClass(cls):
47 """
48 Perform standard class setup (defined by class method setUpClass in
49 class VppTestCase) before running the test case, set test case related
50 variables and configure VPP.
51 """
52 super(TestMACIP, cls).setUpClass()
53
54 cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes
55 cls.bd_id = 10
56 cls.remote_hosts_count = 250
57
58 try:
59 # create 3 pg interfaces, 1 loopback interface
60 cls.create_pg_interfaces(range(3))
61 cls.create_loopback_interfaces(range(1))
62
63 cls.interfaces = list(cls.pg_interfaces)
64 cls.interfaces.extend(cls.lo_interfaces)
65
66 for i in cls.interfaces:
67 i.admin_up()
68
69 # Create BD with MAC learning enabled and put interfaces to this BD
70 cls.vapi.sw_interface_set_l2_bridge(
71 cls.loop0.sw_if_index, bd_id=cls.bd_id, bvi=1)
72 cls.vapi.sw_interface_set_l2_bridge(
73 cls.pg0.sw_if_index, bd_id=cls.bd_id)
74 cls.vapi.sw_interface_set_l2_bridge(
75 cls.pg1.sw_if_index, bd_id=cls.bd_id)
76
77 # Configure IPv4 addresses on loop interface and routed interface
78 cls.loop0.config_ip4()
79 cls.loop0.config_ip6()
80 cls.pg2.config_ip4()
81 cls.pg2.config_ip6()
82
83 # Configure MAC address binding to IPv4 neighbors on loop0
84 cls.loop0.generate_remote_hosts(cls.remote_hosts_count)
85 # Modify host mac addresses to have different OUI parts
86 for i in range(2, cls.remote_hosts_count + 2):
87 mac = cls.loop0.remote_hosts[i-2]._mac.split(':')
88 mac[2] = format(int(mac[2], 16) + i, "02x")
89 cls.loop0.remote_hosts[i - 2]._mac = ":".join(mac)
90
91 cls.loop0.configure_ipv4_neighbors()
92 cls.loop0.configure_ipv6_neighbors()
93 # configure MAC address on pg2
94 cls.pg2.resolve_arp()
95 cls.pg2.resolve_ndp()
96
97 # Loopback BVI interface has remote hosts
98 # one half of hosts are behind pg0 second behind pg1
99 half = cls.remote_hosts_count // 2
100 cls.pg0.remote_hosts = cls.loop0.remote_hosts[:half]
101 cls.pg1.remote_hosts = cls.loop0.remote_hosts[half:]
102
103 except Exception:
104 super(TestMACIP, cls).tearDownClass()
105 raise
106
107 def setUp(self):
108 super(TestMACIP, self).setUp()
109 self.reset_packet_infos()
110 del self.ACLS[:]
111
112 def tearDown(self):
113 """
114 Show various debug prints after each test.
115 """
116 super(TestMACIP, self).tearDown()
117 if not self.vpp_dead:
118 self.logger.info(self.vapi.ppcli("show interface address"))
119 self.logger.info(self.vapi.ppcli("show hardware"))
120 self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl"))
121 self.logger.info(self.vapi.ppcli("sh acl-plugin macip interface"))
122 self.logger.info(self.vapi.ppcli("sh classify tables verbose"))
123 # print self.vapi.ppcli("show interface address")
124 # print self.vapi.ppcli("show hardware")
125 # print self.vapi.ppcli("sh acl-plugin macip interface")
126 # print self.vapi.ppcli("sh acl-plugin macip acl")
127 self.delete_acls()
128
129 def macip_acl_dump_debug(self):
130 acls = self.vapi.macip_acl_dump()
131 if self.DEBUG:
132 for acl in acls:
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]133 print "ACL #"+str(acl.acl_index)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]134 for r in acl.r:
135 rule = "ACTION"
136 if r.is_permit == 1:
137 rule = "PERMIT"
138 elif r.is_permit == 0:
139 rule = "DENY "
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]140 print " IP6" if r.is_ipv6 else " IP4", \
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]141 rule, \
142 r.src_mac.encode('hex'), \
143 r.src_mac_mask.encode('hex'),\
144 unpack('<16B', r.src_ip_addr), \
145 r.src_ip_prefix_len
146 return acls
147
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]148 def create_rules(self, mac_type=EXACT_MAC, ip_type=EXACT_IP,
149 acl_count=1, rules_count=[1]):
150 acls = []
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]151 src_mac = int("220000dead00", 16)
152 for acl in range(2, (acl_count+1) * 2):
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]153 rules = []
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]154 host = random.choice(self.loop0.remote_hosts)
155 is_ip6 = acl % 2
156 ip4 = host.ip4.split('.')
157 ip6 = list(unpack('<16B', inet_pton(AF_INET6, host.ip6)))
158
159 if ip_type == self.EXACT_IP:
160 prefix_len4 = 32
161 prefix_len6 = 128
162 elif ip_type == self.WILD_IP:
163 ip4 = [0, 0, 0, 0]
164 ip6 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
165 prefix_len4 = 0
166 prefix_len6 = 0
167 rules_count[(acl / 2) - 1] = 1
168 else:
169 prefix_len4 = 24
170 prefix_len6 = 64
171
172 if mac_type == self.EXACT_MAC:
173 mask = "ff:ff:ff:ff:ff:ff"
174 elif mac_type == self.WILD_MAC:
175 mask = "00:00:00:00:00:00"
176 elif mac_type == self.OUI_MAC:
177 mask = "ff:ff:ff:00:00:00"
178 else:
179 mask = "ff:ff:ff:ff:ff:00"
180
181 ip = ip6 if is_ip6 else ip4
182 ip_len = prefix_len6 if is_ip6 else prefix_len4
183
184 for i in range(0, rules_count[(acl / 2) - 1]):
185 src_mac += 16777217
186 if mac_type == self.WILD_MAC:
187 mac = "00:00:00:00:00:00"
188 elif mac_type == self.OUI_MAC:
189 mac = ':'.join(re.findall('..', '{:02x}'.format(
190 src_mac))[:3])+":00:00:00"
191 else:
192 mac = ':'.join(re.findall('..', '{:02x}'.format(src_mac)))
193
194 if ip_type == self.EXACT_IP:
195 ip4[3] = random.randint(100, 200)
196 ip6[15] = random.randint(100, 200)
197 elif ip_type == self.SUBNET_IP:
198 ip4[2] = random.randint(100, 200)
199 ip4[3] = 0
200 ip6[8] = random.randint(100, 200)
201 ip6[15] = 0
202 ip_pack = ''
203 for j in range(0, len(ip)):
204 ip_pack += pack('<B', int(ip[j]))
205
206 rule = ({'is_permit': self.PERMIT,
207 'is_ipv6': is_ip6,
208 'src_ip_addr': ip_pack,
209 'src_ip_prefix_len': ip_len,
210 'src_mac': mac.replace(':', '').decode('hex'),
211 'src_mac_mask': mask.replace(':', '').decode('hex')})
212 rules.append(rule)
213 if ip_type == self.WILD_IP:
214 break
215
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]216 acls.append(rules)
217 src_mac += 1099511627776
218 return acls
219
220 def apply_rules(self, acls):
221 for acl in acls:
222 reply = self.vapi.macip_acl_add(acl)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]223 self.assertEqual(reply.retval, 0)
224 self.ACLS.append(reply.acl_index)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]225
226 def verify_acls(self, acl_count, rules_count, expected_count=2):
227 reply = self.macip_acl_dump_debug()
228 for acl in range(2, (acl_count+1) * 2):
229 self.assertEqual(reply[acl - 2].count, rules_count[acl/2-1])
230
231 self.vapi.macip_acl_interface_get()
232
233 self.vapi.macip_acl_interface_add_del(sw_if_index=0, acl_index=0)
234 self.vapi.macip_acl_interface_add_del(sw_if_index=1, acl_index=1)
235
236 reply = self.vapi.macip_acl_interface_get()
237 self.assertEqual(reply.count, expected_count)
238
239 def delete_acls(self):
240 for acl in range(len(self.ACLS)-1, -1, -1):
241 self.vapi.macip_acl_del(self.ACLS[acl])
242
243 reply = self.vapi.macip_acl_dump()
244 self.assertEqual(len(reply), 0)
245
246 def create_stream(self, mac_type, ip_type, packet_count,
247 src_ip_if, dst_ip_if, bridged_routed, is_ip6):
248 # exact MAC and exact IP
249 # exact MAC and subnet of IPs
250 # exact MAC and wildcard IP
251 # wildcard MAC and exact IP
252 # wildcard MAC and subnet of IPs
253 # wildcard MAC and wildcard IP
254 # OUI restricted MAC and exact IP
255 # OUI restricted MAC and subnet of IPs
256 # OUI restricted MAC and wildcard IP
257
258 packets = []
259 rules = []
260 ip_permit = ""
261 mac_permit = ""
262 dst_mac = ""
263 mac_rule = "00:00:00:00:00:00"
264 mac_mask = "00:00:00:00:00:00"
265 for p in range(0, packet_count):
266 remote_dst_index = p % len(dst_ip_if.remote_hosts)
267 remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index]
268
269 dst_port = 1234 + p
270 src_port = 4321 + p
271 is_permit = self.PERMIT if p % 3 == 0 else self.DENY
272 denyMAC = True if not is_permit and p % 3 == 1 else False
273 denyIP = True if not is_permit and p % 3 == 2 else False
274 if not is_permit and ip_type == self.WILD_IP:
275 denyMAC = True
276 if not is_permit and mac_type == self.WILD_MAC:
277 denyIP = True
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]278
279 if bridged_routed == self.BRIDGED:
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]280 if is_permit:
281 src_mac = remote_dst_host._mac
282 dst_mac = 'de:ad:00:00:00:00'
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]283 src_ip4 = remote_dst_host.ip4
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]284 dst_ip4 = src_ip_if.remote_ip4
285 src_ip6 = remote_dst_host.ip6
286 dst_ip6 = src_ip_if.remote_ip6
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]287 ip_permit = src_ip6 if is_ip6 else src_ip4
288 mac_permit = src_mac
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]289 if denyMAC:
290 mac = src_mac.split(':')
291 mac[0] = format(int(mac[0], 16)+1, "02x")
292 src_mac = ":".join(mac)
293 if is_ip6:
294 src_ip6 = ip_permit
295 else:
296 src_ip4 = ip_permit
297 if denyIP:
298 if ip_type != self.WILD_IP:
299 src_mac = mac_permit
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]300 src_ip4 = remote_dst_host.ip4
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]301 dst_ip4 = src_ip_if.remote_ip4
302 src_ip6 = remote_dst_host.ip6
303 dst_ip6 = src_ip_if.remote_ip6
304 else:
305 if is_permit:
306 src_mac = remote_dst_host._mac
307 dst_mac = src_ip_if.local_mac
308 src_ip4 = src_ip_if.remote_ip4
309 dst_ip4 = remote_dst_host.ip4
310 src_ip6 = src_ip_if.remote_ip6
311 dst_ip6 = remote_dst_host.ip6
312 ip_permit = src_ip6 if is_ip6 else src_ip4
313 mac_permit = src_mac
314 if denyMAC:
315 mac = src_mac.split(':')
316 mac[0] = format(int(mac[0], 16) + 1, "02x")
317 src_mac = ":".join(mac)
318 if is_ip6:
319 src_ip6 = ip_permit
320 else:
321 src_ip4 = ip_permit
322 if denyIP:
323 src_mac = remote_dst_host._mac
324 if ip_type != self.WILD_IP:
325 src_mac = mac_permit
326 src_ip4 = remote_dst_host.ip4
327 dst_ip4 = src_ip_if.remote_ip4
328 src_ip6 = remote_dst_host.ip6
329 dst_ip6 = src_ip_if.remote_ip6
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]330
331 if is_permit:
332 info = self.create_packet_info(src_ip_if, dst_ip_if)
333 payload = self.info_to_payload(info)
334 else:
335 payload = "to be blocked"
336
337 if mac_type == self.WILD_MAC:
338 mac = src_mac.split(':')
339 for i in range(1, 5):
340 mac[i] = format(random.randint(0, 255), "02x")
341 src_mac = ":".join(mac)
342
343 # create packet
344 packet = Ether(src=src_mac, dst=dst_mac)
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]345 ip_rule = src_ip6 if is_ip6 else src_ip4
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]346 if is_ip6:
347 if ip_type != self.EXACT_IP:
348 sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip_rule)))
349 if ip_type == self.WILD_IP:
350 sub_ip[0] = random.randint(240, 254)
351 sub_ip[1] = random.randint(230, 239)
352 sub_ip[14] = random.randint(100, 199)
353 sub_ip[15] = random.randint(200, 255)
354 elif ip_type == self.SUBNET_IP:
355 if denyIP:
356 sub_ip[2] = str(int(sub_ip[2]) + 1)
357 sub_ip[14] = random.randint(100, 199)
358 sub_ip[15] = random.randint(200, 255)
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]359 src_ip6 = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]360 packet /= IPv6(src=src_ip6, dst=dst_ip6)
361 else:
362 if ip_type != self.EXACT_IP:
363 sub_ip = ip_rule.split('.')
364 if ip_type == self.WILD_IP:
365 sub_ip[0] = str(random.randint(1, 49))
366 sub_ip[1] = str(random.randint(50, 99))
367 sub_ip[2] = str(random.randint(100, 199))
368 sub_ip[3] = str(random.randint(200, 255))
369 elif ip_type == self.SUBNET_IP:
370 if denyIP:
371 sub_ip[1] = str(int(sub_ip[1])+1)
372 sub_ip[2] = str(random.randint(100, 199))
373 sub_ip[3] = str(random.randint(200, 255))
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]374 src_ip4 = ".".join(sub_ip)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]375 packet /= IP(src=src_ip4, dst=dst_ip4, frag=0, flags=0)
376
377 packet /= UDP(sport=src_port, dport=dst_port)/Raw(payload)
378
379 packet[Raw].load += " mac:"+src_mac
380
381 size = self.pg_if_packet_sizes[p % len(self.pg_if_packet_sizes)]
382 self.extend_packet(packet, size)
383 packets.append(packet)
384
385 # create suitable rule
386 if mac_type == self.EXACT_MAC:
387 mac_rule = src_mac
388 mac_mask = "ff:ff:ff:ff:ff:ff"
389 elif mac_type == self.WILD_MAC:
390 mac_rule = "00:00:00:00:00:00"
391 mac_mask = "00:00:00:00:00:00"
392 elif mac_type == self.OUI_MAC:
393 mac = src_mac.split(':')
394 mac[3] = mac[4] = mac[5] = '00'
395 mac_rule = ":".join(mac)
396 mac_mask = "ff:ff:ff:00:00:00"
397
398 if is_ip6:
399 if ip_type == self.WILD_IP:
400 ip = "0::0"
401 else:
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]402 ip = src_ip6
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]403 if ip_type == self.SUBNET_IP:
404 sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip)))
405 for i in range(8, 16):
406 sub_ip[i] = 0
407 ip = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
408 else:
409 if ip_type == self.WILD_IP:
410 ip = "0.0.0.0"
411 else:
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]412 ip = src_ip4
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]413 if ip_type == self.SUBNET_IP:
414 sub_ip = ip.split('.')
415 sub_ip[2] = sub_ip[3] = '0'
416 ip = ".".join(sub_ip)
417
418 prefix_len = 128 if is_ip6 else 32
419 if ip_type == self.WILD_IP:
420 prefix_len = 0
421 elif ip_type == self.SUBNET_IP:
422 prefix_len = 64 if is_ip6 else 16
423 ip_rule = inet_pton(AF_INET6 if is_ip6 else AF_INET, ip)
424
425 if mac_type == self.WILD_MAC and ip_type == self.WILD_IP and p > 0:
426 continue
427
428 if is_permit:
429 rule = ({'is_permit': is_permit,
430 'is_ipv6': is_ip6,
431 'src_ip_addr': ip_rule,
432 'src_ip_prefix_len': prefix_len,
433 'src_mac': mac_rule.replace(':', '').decode('hex'),
434 'src_mac_mask': mac_mask.replace(':', '').decode(
435 'hex')})
436 rules.append(rule)
437
438 # deny all other packets
439 if not (mac_type == self.WILD_MAC and ip_type == self.WILD_IP):
440 rule = ({'is_permit': 0,
441 'is_ipv6': is_ip6,
442 'src_ip_addr': "",
443 'src_ip_prefix_len': 0,
444 'src_mac': "",
445 'src_mac_mask': ""})
446 rules.append(rule)
447
448 return {'stream': packets, 'rules': rules}
449
450 def verify_capture(self, stream, capture, is_ip6):
451 p_l3 = IPv6 if is_ip6 else IP
452 if self.DEBUG:
453 for p in stream:
454 print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
455
456 acls = self.macip_acl_dump_debug()
457
458 # TODO : verify
459 # for acl in acls:
460 # for r in acl.r:
461 # print r.src_mac.encode('hex'), \
462 # r.src_mac_mask.encode('hex'),\
463 # unpack('<16B', r.src_ip_addr), \
464 # r.src_ip_prefix_len
465 #
466 # for p in capture:
467 # print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
468 # data = p[Raw].load.split(':',1)[1]
469 # print p[p_l3].src, data
470
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]471 def run_traffic(self, mac_type, ip_type, bridged_routed, is_ip6, packets,
472 do_not_expected_capture=False):
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]473 self.reset_packet_infos()
474
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]475 tx_if = self.pg0 if bridged_routed == self.BRIDGED else self.pg2
476 rx_if = self.pg2 if bridged_routed == self.BRIDGED else self.pg0
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]477
478 test_dict = self.create_stream(mac_type, ip_type, packets,
479 self.pg2, self.loop0,
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]480 bridged_routed,
481 is_ip6)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]482
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]483 reply = self.vapi.macip_acl_add(test_dict['rules'])
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]484 self.assertEqual(reply.retval, 0)
485 acl_index = reply.acl_index
486
487 self.vapi.macip_acl_interface_add_del(sw_if_index=tx_if.sw_if_index,
488 acl_index=acl_index)
489 reply = self.vapi.macip_acl_interface_get()
490 self.assertEqual(reply.acls[tx_if.sw_if_index], acl_index)
491 self.ACLS.append(reply.acls[tx_if.sw_if_index])
492
493 tx_if.add_stream(test_dict['stream'])
494 self.pg_enable_capture(self.pg_interfaces)
495 self.pg_start()
496
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]497 if do_not_expected_capture:
498 rx_if.get_capture(0)
499 else:
500 packet_count = self.get_packet_count_for_if_idx(
501 self.loop0.sw_if_index)
502 if mac_type == self.WILD_MAC and ip_type == self.WILD_IP:
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]503 packet_count = packets if bridged_routed else packet_count
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]504 capture = rx_if.get_capture(packet_count)
505 self.verify_capture(test_dict['stream'], capture, is_ip6)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]506
507 def run_test_acls(self, mac_type, ip_type, acl_count,
508 rules_count, traffic=None, ip=None):
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]509 self.apply_rules(self.create_rules(mac_type, ip_type, acl_count,
510 rules_count))
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]511 self.verify_acls(acl_count, rules_count)
512
513 if traffic is not None:
514 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, traffic, ip, 9)
515
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]516 def test_acl_bridged_ip4_exactMAC_exactIP(self):
517 """ IP4 MACIP exactMAC|exactIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]518 """
519 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
520 self.BRIDGED, self.IS_IP4, 9)
521
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]522 def test_acl_bridged_ip6_exactMAC_exactIP(self):
523 """ IP6 MACIP exactMAC|exactIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]524 """
525
526 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
527 self.BRIDGED, self.IS_IP6, 9)
528
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]529 def test_acl_bridged_ip4_exactMAC_subnetIP(self):
530 """ IP4 MACIP exactMAC|subnetIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]531 """
532
533 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
534 self.BRIDGED, self.IS_IP4, 9)
535
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]536 def test_acl_bridged_ip6_exactMAC_subnetIP(self):
537 """ IP6 MACIP exactMAC|subnetIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]538 """
539
540 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
541 self.BRIDGED, self.IS_IP6, 9)
542
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]543 def test_acl_bridged_ip4_exactMAC_wildIP(self):
544 """ IP4 MACIP exactMAC|wildIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]545 """
546
547 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
548 self.BRIDGED, self.IS_IP4, 9)
549
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]550 def test_acl_bridged_ip6_exactMAC_wildIP(self):
551 """ IP6 MACIP exactMAC|wildIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]552 """
553
554 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
555 self.BRIDGED, self.IS_IP6, 9)
556
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]557 def test_acl_bridged_ip4_ouiMAC_exactIP(self):
558 """ IP4 MACIP ouiMAC|exactIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]559 """
560
561 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
562 self.BRIDGED, self.IS_IP4, 3)
563
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]564 def test_acl_bridged_ip6_ouiMAC_exactIP(self):
565 """ IP6 MACIP oui_MAC|exactIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]566 """
567
568 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
569 self.BRIDGED, self.IS_IP6, 9)
570
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]571 def test_acl_bridged_ip4_ouiMAC_subnetIP(self):
572 """ IP4 MACIP ouiMAC|subnetIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]573 """
574
575 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
576 self.BRIDGED, self.IS_IP4, 9)
577
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]578 def test_acl_bridged_ip6_ouiMAC_subnetIP(self):
579 """ IP6 MACIP ouiMAC|subnetIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]580 """
581
582 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
583 self.BRIDGED, self.IS_IP6, 9)
584
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]585 def test_acl_bridged_ip4_ouiMAC_wildIP(self):
586 """ IP4 MACIP ouiMAC|wildIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]587 """
588
589 self.run_traffic(self.OUI_MAC, self.WILD_IP,
590 self.BRIDGED, self.IS_IP4, 9)
591
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]592 def test_acl_bridged_ip6_ouiMAC_wildIP(self):
593 """ IP6 MACIP ouiMAC|wildIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]594 """
595
596 self.run_traffic(self.OUI_MAC, self.WILD_IP,
597 self.BRIDGED, self.IS_IP6, 9)
598
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]599 def test_ac_bridgedl_ip4_wildMAC_exactIP(self):
600 """ IP4 MACIP wildcardMAC|exactIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]601 """
602
603 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
604 self.BRIDGED, self.IS_IP4, 9)
605
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]606 def test_acl_bridged_ip6_wildMAC_exactIP(self):
607 """ IP6 MACIP wildcardMAC|exactIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]608 """
609
610 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
611 self.BRIDGED, self.IS_IP6, 9)
612
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]613 def test_acl_bridged_ip4_wildMAC_subnetIP(self):
614 """ IP4 MACIP wildcardMAC|subnetIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]615 """
616
617 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
618 self.BRIDGED, self.IS_IP4, 9)
619
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]620 def test_acl_bridged_ip6_wildMAC_subnetIP(self):
621 """ IP6 MACIP wildcardMAC|subnetIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]622 """
623
624 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
625 self.BRIDGED, self.IS_IP6, 9)
626
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]627 def test_acl_bridged_ip4_wildMAC_wildIP(self):
628 """ IP4 MACIP wildcardMAC|wildIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]629 """
630
631 self.run_traffic(self.WILD_MAC, self.WILD_IP,
632 self.BRIDGED, self.IS_IP4, 9)
633
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]634 def test_acl_bridged_ip6_wildMAC_wildIP(self):
635 """ IP6 MACIP wildcardMAC|wildIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]636 """
637
638 self.run_traffic(self.WILD_MAC, self.WILD_IP,
639 self.BRIDGED, self.IS_IP6, 9)
640
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]641 def test_acl_routed_ip4_exactMAC_exactIP(self):
642 """ IP4 MACIP exactMAC|exactIP ACL routed traffic
643 """
644 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
645 self.ROUTED, self.IS_IP4, 9)
646
647 def test_acl_routed_ip6_exactMAC_exactIP(self):
648 """ IP6 MACIP exactMAC|exactIP ACL routed traffic
649 """
650
651 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
652 self.ROUTED, self.IS_IP6, 9)
653
654 def test_acl_routed_ip4_exactMAC_subnetIP(self):
655 """ IP4 MACIP exactMAC|subnetIP ACL routed traffic
656 """
657 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
658 self.ROUTED, self.IS_IP4, 9)
659
660 def test_acl_routed_ip6_exactMAC_subnetIP(self):
661 """ IP6 MACIP exactMAC|subnetIP ACL routed traffic
662 """
663
664 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
665 self.ROUTED, self.IS_IP6, 9)
666
667 def test_acl_routed_ip4_exactMAC_wildIP(self):
668 """ IP4 MACIP exactMAC|wildIP ACL routed traffic
669 """
670 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
671 self.ROUTED, self.IS_IP4, 9)
672
673 def test_acl_routed_ip6_exactMAC_wildIP(self):
674 """ IP6 MACIP exactMAC|wildIP ACL routed traffic
675 """
676
677 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
678 self.ROUTED, self.IS_IP6, 9)
679
680 def test_acl_routed_ip4_ouiMAC_exactIP(self):
681 """ IP4 MACIP ouiMAC|exactIP ACL routed traffic
682 """
683
684 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
685 self.ROUTED, self.IS_IP4, 9)
686
687 def test_acl_routed_ip6_ouiMAC_exactIP(self):
688 """ IP6 MACIP ouiMAC|exactIP ACL routed traffic
689 """
690
691 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
692 self.ROUTED, self.IS_IP6, 9)
693
694 def test_acl_routed_ip4_ouiMAC_subnetIP(self):
695 """ IP4 MACIP ouiMAC|subnetIP ACL routed traffic
696 """
697
698 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
699 self.ROUTED, self.IS_IP4, 9)
700
701 def test_acl_routed_ip6_ouiMAC_subnetIP(self):
702 """ IP6 MACIP ouiMAC|subnetIP ACL routed traffic
703 """
704
705 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
706 self.ROUTED, self.IS_IP6, 9)
707
708 def test_acl_routed_ip4_ouiMAC_wildIP(self):
709 """ IP4 MACIP ouiMAC|wildIP ACL routed traffic
710 """
711
712 self.run_traffic(self.OUI_MAC, self.WILD_IP,
713 self.ROUTED, self.IS_IP4, 9)
714
715 def test_acl_routed_ip6_ouiMAC_wildIP(self):
716 """ IP6 MACIP ouiMAC|wildIP ACL routed traffic
717 """
718
719 self.run_traffic(self.OUI_MAC, self.WILD_IP,
720 self.ROUTED, self.IS_IP6, 9)
721
722 def test_acl_routed_ip4_wildMAC_exactIP(self):
723 """ IP4 MACIP wildcardMAC|exactIP ACL routed traffic
724 """
725
726 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
727 self.ROUTED, self.IS_IP4, 9)
728
729 def test_acl_routed_ip6_wildMAC_exactIP(self):
730 """ IP6 MACIP wildcardMAC|exactIP ACL routed traffic
731 """
732
733 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
734 self.ROUTED, self.IS_IP6, 9)
735
736 def test_acl_routed_ip4_wildMAC_subnetIP(self):
737 """ IP4 MACIP wildcardMAC|subnetIP ACL routed traffic
738 """
739
740 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
741 self.ROUTED, self.IS_IP4, 9)
742
743 def test_acl_routed_ip6_wildMAC_subnetIP(self):
744 """ IP6 MACIP wildcardMAC|subnetIP ACL routed traffic
745 """
746
747 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
748 self.ROUTED, self.IS_IP6, 9)
749
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]750 def test_acl_1_2(self):
751 """ MACIP ACL with 2 entries
752 """
753
754 self.run_test_acls(self.EXACT_MAC, self.WILD_IP, 1, [2])
755
756 def test_acl_1_5(self):
757 """ MACIP ACL with 5 entries
758 """
759
760 self.run_test_acls(self.EXACT_MAC, self.SUBNET_IP, 1, [5])
761
762 def test_acl_1_10(self):
763 """ MACIP ACL with 10 entries
764 """
765
766 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 1, [10])
767
768 def test_acl_1_20(self):
769 """ MACIP ACL with 20 entries
770 """
771
772 self.run_test_acls(self.OUI_MAC, self.WILD_IP, 1, [20])
773
774 def test_acl_1_50(self):
775 """ MACIP ACL with 50 entries
776 """
777
778 self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 1, [50])
779
780 def test_acl_1_100(self):
781 """ MACIP ACL with 100 entries
782 """
783
784 self.run_test_acls(self.OUI_MAC, self.EXACT_IP, 1, [100])
785
786 def test_acl_2_X(self):
787 """ MACIP 2 ACLs each with 100+ entries
788 """
789
790 self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 2, [100, 200])
791
792 def test_acl_10_X(self):
793 """ MACIP 10 ACLs each with 100+ entries
794 """
795
796 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
797 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240])
798
799 def test_acl_10_X_traffic_ip4(self):
800 """ MACIP 10 ACLs each with 100+ entries with IP4 traffic
801 """
802
803 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
804 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
805 self.BRIDGED, self.IS_IP4)
806
807 def test_acl_10_X_traffic_ip6(self):
808 """ MACIP 10 ACLs each with 100+ entries with IP6 traffic
809 """
810
811 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
812 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
813 self.BRIDGED, self.IS_IP6)
814
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]815 def test_acl_replace(self):
816 """ MACIP replace ACL
817 """
818
819 r1 = self.create_rules(acl_count=3, rules_count=[2, 2, 2])
820 r2 = self.create_rules(mac_type=self.OUI_MAC, ip_type=self.SUBNET_IP)
821 self.apply_rules(r1)
822
823 acls_before = self.macip_acl_dump_debug()
824
825 # replace acls #2, #3 with new
826 reply = self.vapi.macip_acl_add_replace(r2[0], 2)
827 self.assertEqual(reply.retval, 0)
828 self.assertEqual(reply.acl_index, 2)
829 reply = self.vapi.macip_acl_add_replace(r2[1], 3)
830 self.assertEqual(reply.retval, 0)
831 self.assertEqual(reply.acl_index, 3)
832
833 acls_after = self.macip_acl_dump_debug()
834
835 # verify changes
836 self.assertEqual(len(acls_before), len(acls_after))
837 for acl1, acl2 in zip(
838 acls_before[:2]+acls_before[4:],
839 acls_after[:2]+acls_after[4:]):
840 self.assertEqual(len(acl1), len(acl2))
841
842 self.assertEqual(len(acl1.r), len(acl2.r))
843 for r1, r2 in zip(acl1.r, acl2.r):
844 self.assertEqual(len(acl1.r), len(acl2.r))
845 self.assertEqual(acl1.r, acl2.r)
846 for acl1, acl2 in zip(
847 acls_before[2:4],
848 acls_after[2:4]):
849 self.assertEqual(len(acl1), len(acl2))
850
851 self.assertNotEqual(len(acl1.r), len(acl2.r))
852 for r1, r2 in zip(acl1.r, acl2.r):
853 self.assertNotEqual(len(acl1.r), len(acl2.r))
854 self.assertNotEqual(acl1.r, acl2.r)
855
856 def test_acl_replace_traffic_ip4(self):
857 """ MACIP replace ACL with IP4 traffic
858 """
859 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
860 self.BRIDGED, self.IS_IP4, 9)
861
862 r = self.create_rules()
863 # replace acls #2, #3 with new
864 reply = self.vapi.macip_acl_add_replace(r[0], 0)
865 self.assertEqual(reply.retval, 0)
866 self.assertEqual(reply.acl_index, 0)
867
868 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
869 self.BRIDGED, self.IS_IP4, 9, True)
870
871 def test_acl_replace_traffic_ip6(self):
872 """ MACIP replace ACL with IP6 traffic
873 """
874 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
875 self.BRIDGED, self.IS_IP6, 9)
876
877 r = self.create_rules()
878 # replace acls #2, #3 with new
879 reply = self.vapi.macip_acl_add_replace(r[0], 0)
880 self.assertEqual(reply.retval, 0)
881 self.assertEqual(reply.acl_index, 0)
882
883 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
884 self.BRIDGED, self.IS_IP6, 9, True)
885
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]886 def test_delete_intf(self):
887 """ MACIP ACL delete intf with acl
888 """
889
890 intf_count = len(self.interfaces)+1
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]891 intf = []
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]892 self.apply_rules(self.create_rules(acl_count=3, rules_count=[3, 5, 4]))
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]893
894 intf.append(VppLoInterface(self, 0))
895 intf.append(VppLoInterface(self, 1))
896
897 sw_if_index0 = intf[0].sw_if_index
898 self.vapi.macip_acl_interface_add_del(sw_if_index0, 1)
899
900 reply = self.vapi.macip_acl_interface_get()
901 self.assertEqual(reply.count, intf_count+1)
902 self.assertEqual(reply.acls[sw_if_index0], 1)
903
904 sw_if_index1 = intf[1].sw_if_index
905 self.vapi.macip_acl_interface_add_del(sw_if_index1, 0)
906
907 reply = self.vapi.macip_acl_interface_get()
908 self.assertEqual(reply.count, intf_count+2)
909 self.assertEqual(reply.acls[sw_if_index1], 0)
910
911 intf[0].remove_vpp_config()
912 reply = self.vapi.macip_acl_interface_get()
913 self.assertEqual(reply.count, intf_count+2)
914 self.assertEqual(reply.acls[sw_if_index0], 4294967295)
915 self.assertEqual(reply.acls[sw_if_index1], 0)
916
917 intf.append(VppLoInterface(self, 2))
918 intf.append(VppLoInterface(self, 3))
919 sw_if_index2 = intf[2].sw_if_index
920 sw_if_index3 = intf[3].sw_if_index
921 self.vapi.macip_acl_interface_add_del(sw_if_index2, 1)
922 self.vapi.macip_acl_interface_add_del(sw_if_index3, 1)
923
924 reply = self.vapi.macip_acl_interface_get()
925 self.assertEqual(reply.count, intf_count+3)
926 self.assertEqual(reply.acls[sw_if_index1], 0)
927 self.assertEqual(reply.acls[sw_if_index2], 1)
928 self.assertEqual(reply.acls[sw_if_index3], 1)
929
930 intf[2].remove_vpp_config()
931 intf[1].remove_vpp_config()
932
933 reply = self.vapi.macip_acl_interface_get()
934 self.assertEqual(reply.count, intf_count+3)
935 self.assertEqual(reply.acls[sw_if_index0], 4294967295)
936 self.assertEqual(reply.acls[sw_if_index1], 4294967295)
937 self.assertEqual(reply.acls[sw_if_index2], 4294967295)
938 self.assertEqual(reply.acls[sw_if_index3], 1)
939
940 intf[3].remove_vpp_config()
941 reply = self.vapi.macip_acl_interface_get()
942
943 self.assertEqual(len([x for x in reply.acls if x != 4294967295]), 0)
944
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]945 def test_acl_routed_ip4_wildMAC_wildIP(self):
946 """ IP4 MACIP wildcardMAC|wildIP ACL
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]947 """
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]948
949 self.run_traffic(self.WILD_MAC, self.WILD_IP,
950 self.ROUTED, self.IS_IP4, 9)
951
952 def test_acl_routed_ip6_wildMAC_wildIP(self):
953 """ IP6 MACIP wildcardMAC|wildIP ACL
954 """
955
956 self.run_traffic(self.WILD_MAC, self.WILD_IP,
957 self.ROUTED, self.IS_IP6, 9)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]958
959
960if __name__ == '__main__':
961 unittest.main(testRunner=VppTestRunner)