Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 7f9b7f9f492d1748d8ba025b3a713058fdb1943d / . / test / test_acl_plugin_macip.py
blob: fe34cd06312b7760a9b3f8fab566f72e551022c9 [file] [log] [blame]
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]1#!/usr/bin/env python
Paul Vinciguerra661f91f2018-11-28 19:06:41 -0800[diff] [blame]2from __future__ import print_function
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]3"""ACL plugin - MACIP tests
4"""
Paul Vinciguerra6e4c6ad2018-11-25 10:35:29 -0800[diff] [blame]5import binascii
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]6import ipaddress
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]7import random
Paul Vinciguerraa279d9c2019-02-28 09:00:09 -0800[diff] [blame]8from socket import inet_ntop, inet_pton, AF_INET, AF_INET6
9from struct import pack, unpack
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]10import re
11import unittest
12
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]13import scapy.compat
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]14from scapy.packet import Raw
15from scapy.layers.l2 import Ether
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]16from scapy.layers.inet import IP, UDP
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]17from scapy.layers.inet6 import IPv6
18
19from framework import VppTestCase, VppTestRunner, running_extended_tests
20from vpp_lo_interface import VppLoInterface
Paul Vinciguerra95c0ca42019-03-28 13:07:00 -0700[diff] [blame]21from vpp_l2 import L2_PORT_TYPE
22from vpp_sub_interface import L2_VTR_OP, VppSubInterface, VppDot1QSubint, \
23 VppDot1ADSubint
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]24
25
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]26class MethodHolder(VppTestCase):
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]27 DEBUG = False
28
29 BRIDGED = True
30 ROUTED = False
31
32 IS_IP4 = False
33 IS_IP6 = True
34
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]35 DOT1AD = "dot1ad"
36 DOT1Q = "dot1q"
37 PERMIT_TAGS = True
38 DENY_TAGS = False
39
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]40 # rule types
41 DENY = 0
42 PERMIT = 1
43
44 # ACL types
45 EXACT_IP = 1
46 SUBNET_IP = 2
47 WILD_IP = 3
48
49 EXACT_MAC = 1
50 WILD_MAC = 2
51 OUI_MAC = 3
52
53 ACLS = []
54
55 @classmethod
56 def setUpClass(cls):
57 """
58 Perform standard class setup (defined by class method setUpClass in
59 class VppTestCase) before running the test case, set test case related
60 variables and configure VPP.
61 """
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]62 super(MethodHolder, cls).setUpClass()
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]63
64 cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]65 cls.bd_id = 111
66 cls.remote_hosts_count = 200
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]67
68 try:
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]69 # create 4 pg interfaces, 1 loopback interface
70 cls.create_pg_interfaces(range(4))
Klement Sekerab9ef2732018-06-24 22:49:33 +0200[diff] [blame]71 cls.create_loopback_interfaces(1)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]72
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]73 # create 2 subinterfaces
74 cls.subifs = [
75 VppDot1QSubint(cls, cls.pg1, 10),
76 VppDot1ADSubint(cls, cls.pg2, 20, 300, 400),
77 VppDot1QSubint(cls, cls.pg3, 30),
78 VppDot1ADSubint(cls, cls.pg3, 40, 600, 700)]
79
80 cls.subifs[0].set_vtr(L2_VTR_OP.L2_POP_1,
81 inner=10, push1q=1)
82 cls.subifs[1].set_vtr(L2_VTR_OP.L2_POP_2,
83 outer=300, inner=400, push1q=1)
84 cls.subifs[2].set_vtr(L2_VTR_OP.L2_POP_1,
85 inner=30, push1q=1)
86 cls.subifs[3].set_vtr(L2_VTR_OP.L2_POP_2,
87 outer=600, inner=700, push1q=1)
88
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]89 cls.interfaces = list(cls.pg_interfaces)
90 cls.interfaces.extend(cls.lo_interfaces)
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]91 cls.interfaces.extend(cls.subifs)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]92
93 for i in cls.interfaces:
94 i.admin_up()
95
96 # Create BD with MAC learning enabled and put interfaces to this BD
97 cls.vapi.sw_interface_set_l2_bridge(
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]98 rx_sw_if_index=cls.loop0.sw_if_index, bd_id=cls.bd_id,
Neale Rannsb4743802018-09-05 09:13:57 -0700[diff] [blame]99 port_type=L2_PORT_TYPE.BVI)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]100 cls.vapi.sw_interface_set_l2_bridge(
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]101 rx_sw_if_index=cls.pg0.sw_if_index, bd_id=cls.bd_id)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]102 cls.vapi.sw_interface_set_l2_bridge(
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]103 rx_sw_if_index=cls.pg1.sw_if_index, bd_id=cls.bd_id)
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]104 cls.vapi.sw_interface_set_l2_bridge(
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]105 rx_sw_if_index=cls.subifs[0].sw_if_index, bd_id=cls.bd_id)
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]106 cls.vapi.sw_interface_set_l2_bridge(
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]107 rx_sw_if_index=cls.subifs[1].sw_if_index, bd_id=cls.bd_id)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]108
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]109 # Configure IPv4/6 addresses on loop interface and routed interface
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]110 cls.loop0.config_ip4()
111 cls.loop0.config_ip6()
112 cls.pg2.config_ip4()
113 cls.pg2.config_ip6()
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]114 cls.pg3.config_ip4()
115 cls.pg3.config_ip6()
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]116
117 # Configure MAC address binding to IPv4 neighbors on loop0
118 cls.loop0.generate_remote_hosts(cls.remote_hosts_count)
119 # Modify host mac addresses to have different OUI parts
120 for i in range(2, cls.remote_hosts_count + 2):
121 mac = cls.loop0.remote_hosts[i-2]._mac.split(':')
122 mac[2] = format(int(mac[2], 16) + i, "02x")
123 cls.loop0.remote_hosts[i - 2]._mac = ":".join(mac)
124
125 cls.loop0.configure_ipv4_neighbors()
126 cls.loop0.configure_ipv6_neighbors()
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]127
128 # configure MAC address on pg3
129 cls.pg3.resolve_arp()
130 cls.pg3.resolve_ndp()
131
132 # configure MAC address on subifs
133 for i in cls.subifs:
134 i.config_ip4()
135 i.resolve_arp()
136 i.config_ip6()
137
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]138 # configure MAC address on pg2
139 cls.pg2.resolve_arp()
140 cls.pg2.resolve_ndp()
141
142 # Loopback BVI interface has remote hosts
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]143 # one half of hosts are behind pg0 second behind pg1,pg2,pg3 subifs
144 cls.pg0.remote_hosts = cls.loop0.remote_hosts[:100]
145 cls.subifs[0].remote_hosts = cls.loop0.remote_hosts[100:125]
146 cls.subifs[1].remote_hosts = cls.loop0.remote_hosts[125:150]
147 cls.subifs[2].remote_hosts = cls.loop0.remote_hosts[150:175]
148 cls.subifs[3].remote_hosts = cls.loop0.remote_hosts[175:]
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]149
150 except Exception:
juraj.linkes8e26f6d2018-09-19 14:59:43 +0200[diff] [blame]151 super(MethodHolder, cls).tearDownClass()
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]152 raise
153
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame^]154 @classmethod
155 def tearDownClass(cls):
156 super(MethodHolder, cls).tearDownClass()
157
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]158 def setUp(self):
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]159 super(MethodHolder, self).setUp()
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]160 self.reset_packet_infos()
161 del self.ACLS[:]
162
163 def tearDown(self):
164 """
165 Show various debug prints after each test.
166 """
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]167 super(MethodHolder, self).tearDown()
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]168 if not self.vpp_dead:
169 self.logger.info(self.vapi.ppcli("show interface address"))
170 self.logger.info(self.vapi.ppcli("show hardware"))
171 self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl"))
172 self.logger.info(self.vapi.ppcli("sh acl-plugin macip interface"))
173 self.logger.info(self.vapi.ppcli("sh classify tables verbose"))
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]174 self.logger.info(self.vapi.ppcli("sh acl-plugin acl"))
175 self.logger.info(self.vapi.ppcli("sh acl-plugin interface"))
176 self.logger.info(self.vapi.ppcli("sh acl-plugin tables"))
Paul Vinciguerra661f91f2018-11-28 19:06:41 -0800[diff] [blame]177 # print(self.vapi.ppcli("show interface address"))
178 # print(self.vapi.ppcli("show hardware"))
179 # print(self.vapi.ppcli("sh acl-plugin macip interface"))
180 # print(self.vapi.ppcli("sh acl-plugin macip acl"))
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]181 self.delete_acls()
182
183 def macip_acl_dump_debug(self):
184 acls = self.vapi.macip_acl_dump()
185 if self.DEBUG:
186 for acl in acls:
Paul Vinciguerra661f91f2018-11-28 19:06:41 -0800[diff] [blame]187 print("ACL #"+str(acl.acl_index))
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]188 for r in acl.r:
189 rule = "ACTION"
190 if r.is_permit == 1:
191 rule = "PERMIT"
192 elif r.is_permit == 0:
193 rule = "DENY "
Paul Vinciguerra661f91f2018-11-28 19:06:41 -0800[diff] [blame]194 print(" IP6" if r.is_ipv6 else " IP4",
195 rule,
196 binascii.hexlify(r.src_mac),
197 binascii.hexlify(r.src_mac_mask),
198 unpack('<16B', r.src_ip_addr),
199 r.src_ip_prefix_len)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]200 return acls
201
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]202 def create_rules(self, mac_type=EXACT_MAC, ip_type=EXACT_IP,
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]203 acl_count=1, rules_count=None):
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]204 acls = []
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]205 if rules_count is None:
206 rules_count = [1]
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]207 src_mac = int("220000dead00", 16)
208 for acl in range(2, (acl_count+1) * 2):
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]209 rules = []
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]210 host = random.choice(self.loop0.remote_hosts)
211 is_ip6 = acl % 2
212 ip4 = host.ip4.split('.')
213 ip6 = list(unpack('<16B', inet_pton(AF_INET6, host.ip6)))
214
215 if ip_type == self.EXACT_IP:
216 prefix_len4 = 32
217 prefix_len6 = 128
218 elif ip_type == self.WILD_IP:
219 ip4 = [0, 0, 0, 0]
220 ip6 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
221 prefix_len4 = 0
222 prefix_len6 = 0
223 rules_count[(acl / 2) - 1] = 1
224 else:
225 prefix_len4 = 24
226 prefix_len6 = 64
227
228 if mac_type == self.EXACT_MAC:
229 mask = "ff:ff:ff:ff:ff:ff"
230 elif mac_type == self.WILD_MAC:
231 mask = "00:00:00:00:00:00"
232 elif mac_type == self.OUI_MAC:
233 mask = "ff:ff:ff:00:00:00"
234 else:
235 mask = "ff:ff:ff:ff:ff:00"
236
237 ip = ip6 if is_ip6 else ip4
238 ip_len = prefix_len6 if is_ip6 else prefix_len4
239
240 for i in range(0, rules_count[(acl / 2) - 1]):
241 src_mac += 16777217
242 if mac_type == self.WILD_MAC:
243 mac = "00:00:00:00:00:00"
244 elif mac_type == self.OUI_MAC:
245 mac = ':'.join(re.findall('..', '{:02x}'.format(
246 src_mac))[:3])+":00:00:00"
247 else:
Paul Vinciguerraea2450f2019-03-06 08:23:58 -0800[diff] [blame]248 mac = ':'.join(re.findall(
249 '..', '{:02x}'.format(src_mac)))
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]250
251 if ip_type == self.EXACT_IP:
252 ip4[3] = random.randint(100, 200)
253 ip6[15] = random.randint(100, 200)
254 elif ip_type == self.SUBNET_IP:
255 ip4[2] = random.randint(100, 200)
256 ip4[3] = 0
257 ip6[8] = random.randint(100, 200)
258 ip6[15] = 0
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]259 ip_pack = b''
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]260 for j in range(0, len(ip)):
261 ip_pack += pack('<B', int(ip[j]))
262
263 rule = ({'is_permit': self.PERMIT,
264 'is_ipv6': is_ip6,
265 'src_ip_addr': ip_pack,
266 'src_ip_prefix_len': ip_len,
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]267 'src_mac': binascii.unhexlify(mac.replace(':', '')),
268 'src_mac_mask': binascii.unhexlify(
269 mask.replace(':', ''))})
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]270 rules.append(rule)
271 if ip_type == self.WILD_IP:
272 break
273
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]274 acls.append(rules)
275 src_mac += 1099511627776
276 return acls
277
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]278 def apply_macip_rules(self, acls):
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]279 for acl in acls:
280 reply = self.vapi.macip_acl_add(acl)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]281 self.assertEqual(reply.retval, 0)
282 self.ACLS.append(reply.acl_index)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]283
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]284 def verify_macip_acls(self, acl_count, rules_count, expected_count=2):
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]285 reply = self.macip_acl_dump_debug()
286 for acl in range(2, (acl_count+1) * 2):
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]287 self.assertEqual(reply[acl - 2].count, rules_count[acl//2-1])
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]288
289 self.vapi.macip_acl_interface_get()
290
291 self.vapi.macip_acl_interface_add_del(sw_if_index=0, acl_index=0)
292 self.vapi.macip_acl_interface_add_del(sw_if_index=1, acl_index=1)
293
294 reply = self.vapi.macip_acl_interface_get()
295 self.assertEqual(reply.count, expected_count)
296
297 def delete_acls(self):
298 for acl in range(len(self.ACLS)-1, -1, -1):
299 self.vapi.macip_acl_del(self.ACLS[acl])
300
301 reply = self.vapi.macip_acl_dump()
302 self.assertEqual(len(reply), 0)
303
Andrew Yourtchenkobeca2662018-03-23 12:20:56 +0100[diff] [blame]304 intf_acls = self.vapi.acl_interface_list_dump()
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]305 for i_a in intf_acls:
Andrew Yourtchenkobeca2662018-03-23 12:20:56 +0100[diff] [blame]306 sw_if_index = i_a.sw_if_index
307 for acl_index in i_a.acls:
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]308 self.vapi.acl_interface_add_del(sw_if_index, acl_index, 0)
309 self.vapi.acl_del(acl_index)
310
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]311 def create_stream(self, mac_type, ip_type, packet_count,
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]312 src_if, dst_if, traffic, is_ip6, tags=PERMIT_TAGS):
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]313 # exact MAC and exact IP
314 # exact MAC and subnet of IPs
315 # exact MAC and wildcard IP
316 # wildcard MAC and exact IP
317 # wildcard MAC and subnet of IPs
318 # wildcard MAC and wildcard IP
319 # OUI restricted MAC and exact IP
320 # OUI restricted MAC and subnet of IPs
321 # OUI restricted MAC and wildcard IP
322
323 packets = []
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]324 macip_rules = []
325 acl_rules = []
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]326 ip_permit = ""
327 mac_permit = ""
328 dst_mac = ""
329 mac_rule = "00:00:00:00:00:00"
330 mac_mask = "00:00:00:00:00:00"
331 for p in range(0, packet_count):
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]332 remote_dst_index = p % len(dst_if.remote_hosts)
333 remote_dst_host = dst_if.remote_hosts[remote_dst_index]
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]334
335 dst_port = 1234 + p
336 src_port = 4321 + p
337 is_permit = self.PERMIT if p % 3 == 0 else self.DENY
338 denyMAC = True if not is_permit and p % 3 == 1 else False
339 denyIP = True if not is_permit and p % 3 == 2 else False
340 if not is_permit and ip_type == self.WILD_IP:
341 denyMAC = True
342 if not is_permit and mac_type == self.WILD_MAC:
343 denyIP = True
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]344
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]345 if traffic == self.BRIDGED:
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]346 if is_permit:
347 src_mac = remote_dst_host._mac
348 dst_mac = 'de:ad:00:00:00:00'
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]349 src_ip4 = remote_dst_host.ip4
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]350 dst_ip4 = src_if.remote_ip4
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]351 src_ip6 = remote_dst_host.ip6
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]352 dst_ip6 = src_if.remote_ip6
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]353 ip_permit = src_ip6 if is_ip6 else src_ip4
354 mac_permit = src_mac
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]355 if denyMAC:
356 mac = src_mac.split(':')
357 mac[0] = format(int(mac[0], 16)+1, "02x")
358 src_mac = ":".join(mac)
359 if is_ip6:
360 src_ip6 = ip_permit
361 else:
362 src_ip4 = ip_permit
363 if denyIP:
364 if ip_type != self.WILD_IP:
365 src_mac = mac_permit
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]366 src_ip4 = remote_dst_host.ip4
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]367 dst_ip4 = src_if.remote_ip4
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]368 src_ip6 = remote_dst_host.ip6
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]369 dst_ip6 = src_if.remote_ip6
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]370 else:
371 if is_permit:
372 src_mac = remote_dst_host._mac
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]373 dst_mac = src_if.local_mac
374 src_ip4 = src_if.remote_ip4
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]375 dst_ip4 = remote_dst_host.ip4
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]376 src_ip6 = src_if.remote_ip6
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]377 dst_ip6 = remote_dst_host.ip6
378 ip_permit = src_ip6 if is_ip6 else src_ip4
379 mac_permit = src_mac
380 if denyMAC:
381 mac = src_mac.split(':')
382 mac[0] = format(int(mac[0], 16) + 1, "02x")
383 src_mac = ":".join(mac)
384 if is_ip6:
385 src_ip6 = ip_permit
386 else:
387 src_ip4 = ip_permit
388 if denyIP:
389 src_mac = remote_dst_host._mac
390 if ip_type != self.WILD_IP:
391 src_mac = mac_permit
392 src_ip4 = remote_dst_host.ip4
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]393 dst_ip4 = src_if.remote_ip4
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]394 src_ip6 = remote_dst_host.ip6
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]395 dst_ip6 = src_if.remote_ip6
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]396
397 if is_permit:
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]398 info = self.create_packet_info(src_if, dst_if)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]399 payload = self.info_to_payload(info)
400 else:
401 payload = "to be blocked"
402
403 if mac_type == self.WILD_MAC:
404 mac = src_mac.split(':')
405 for i in range(1, 5):
406 mac[i] = format(random.randint(0, 255), "02x")
407 src_mac = ":".join(mac)
408
409 # create packet
410 packet = Ether(src=src_mac, dst=dst_mac)
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]411 ip_rule = src_ip6 if is_ip6 else src_ip4
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]412 if is_ip6:
413 if ip_type != self.EXACT_IP:
414 sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip_rule)))
415 if ip_type == self.WILD_IP:
416 sub_ip[0] = random.randint(240, 254)
417 sub_ip[1] = random.randint(230, 239)
418 sub_ip[14] = random.randint(100, 199)
419 sub_ip[15] = random.randint(200, 255)
420 elif ip_type == self.SUBNET_IP:
421 if denyIP:
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]422 sub_ip[2] = int(sub_ip[2]) + 1
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]423 sub_ip[14] = random.randint(100, 199)
424 sub_ip[15] = random.randint(200, 255)
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]425 packed_src_ip6 = b''.join(
426 [scapy.compat.chb(x) for x in sub_ip])
427 src_ip6 = inet_ntop(AF_INET6, packed_src_ip6)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]428 packet /= IPv6(src=src_ip6, dst=dst_ip6)
429 else:
430 if ip_type != self.EXACT_IP:
431 sub_ip = ip_rule.split('.')
432 if ip_type == self.WILD_IP:
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]433 sub_ip[0] = random.randint(1, 49)
434 sub_ip[1] = random.randint(50, 99)
435 sub_ip[2] = random.randint(100, 199)
436 sub_ip[3] = random.randint(200, 255)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]437 elif ip_type == self.SUBNET_IP:
438 if denyIP:
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]439 sub_ip[1] = int(sub_ip[1])+1
440 sub_ip[2] = random.randint(100, 199)
441 sub_ip[3] = random.randint(200, 255)
442 src_ip4 = '.'.join(['{!s}'.format(x) for x in sub_ip])
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]443 packet /= IP(src=src_ip4, dst=dst_ip4, frag=0, flags=0)
444
445 packet /= UDP(sport=src_port, dport=dst_port)/Raw(payload)
446
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]447 packet[Raw].load += b" mac:%s" % scapy.compat.raw(src_mac)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]448
449 size = self.pg_if_packet_sizes[p % len(self.pg_if_packet_sizes)]
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]450 if isinstance(src_if, VppSubInterface):
451 size = size + 4
452 if isinstance(src_if, VppDot1QSubint):
453 if src_if is self.subifs[0]:
454 if tags == self.PERMIT_TAGS:
455 packet = src_if.add_dot1q_layer(packet, 10)
456 else:
457 packet = src_if.add_dot1q_layer(packet, 11)
458 else:
459 if tags == self.PERMIT_TAGS:
460 packet = src_if.add_dot1q_layer(packet, 30)
461 else:
462 packet = src_if.add_dot1q_layer(packet, 33)
463 elif isinstance(src_if, VppDot1ADSubint):
464 if src_if is self.subifs[1]:
465 if tags == self.PERMIT_TAGS:
466 packet = src_if.add_dot1ad_layer(packet, 300, 400)
467 else:
468 packet = src_if.add_dot1ad_layer(packet, 333, 444)
469 else:
470 if tags == self.PERMIT_TAGS:
471 packet = src_if.add_dot1ad_layer(packet, 600, 700)
472 else:
473 packet = src_if.add_dot1ad_layer(packet, 666, 777)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]474 self.extend_packet(packet, size)
475 packets.append(packet)
476
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]477 # create suitable MACIP rule
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]478 if mac_type == self.EXACT_MAC:
479 mac_rule = src_mac
480 mac_mask = "ff:ff:ff:ff:ff:ff"
481 elif mac_type == self.WILD_MAC:
482 mac_rule = "00:00:00:00:00:00"
483 mac_mask = "00:00:00:00:00:00"
484 elif mac_type == self.OUI_MAC:
485 mac = src_mac.split(':')
486 mac[3] = mac[4] = mac[5] = '00'
487 mac_rule = ":".join(mac)
488 mac_mask = "ff:ff:ff:00:00:00"
489
490 if is_ip6:
491 if ip_type == self.WILD_IP:
492 ip = "0::0"
493 else:
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]494 ip = src_ip6
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]495 if ip_type == self.SUBNET_IP:
496 sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip)))
497 for i in range(8, 16):
498 sub_ip[i] = 0
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]499 packed_ip = b''.join(
500 [scapy.compat.chb(x) for x in sub_ip])
501 ip = inet_ntop(AF_INET6, packed_ip)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]502 else:
503 if ip_type == self.WILD_IP:
504 ip = "0.0.0.0"
505 else:
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]506 ip = src_ip4
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]507 if ip_type == self.SUBNET_IP:
508 sub_ip = ip.split('.')
509 sub_ip[2] = sub_ip[3] = '0'
510 ip = ".".join(sub_ip)
511
512 prefix_len = 128 if is_ip6 else 32
513 if ip_type == self.WILD_IP:
514 prefix_len = 0
515 elif ip_type == self.SUBNET_IP:
516 prefix_len = 64 if is_ip6 else 16
517 ip_rule = inet_pton(AF_INET6 if is_ip6 else AF_INET, ip)
518
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]519 # create suitable ACL rule
520 if is_permit:
521 rule_l4_sport = packet[UDP].sport
522 rule_l4_dport = packet[UDP].dport
523 rule_family = AF_INET6 if packet.haslayer(IPv6) else AF_INET
524 rule_prefix_len = 128 if packet.haslayer(IPv6) else 32
525 rule_l3_layer = IPv6 if packet.haslayer(IPv6) else IP
526 if packet.haslayer(IPv6):
527 rule_l4_proto = packet[UDP].overload_fields[IPv6]['nh']
528 else:
529 rule_l4_proto = packet[IP].proto
530
531 acl_rule = {
532 'is_permit': is_permit,
533 'is_ipv6': is_ip6,
534 'src_ip_addr': inet_pton(rule_family,
535 packet[rule_l3_layer].src),
536 'src_ip_prefix_len': rule_prefix_len,
537 'dst_ip_addr': inet_pton(rule_family,
538 packet[rule_l3_layer].dst),
539 'dst_ip_prefix_len': rule_prefix_len,
540 'srcport_or_icmptype_first': rule_l4_sport,
541 'srcport_or_icmptype_last': rule_l4_sport,
542 'dstport_or_icmpcode_first': rule_l4_dport,
543 'dstport_or_icmpcode_last': rule_l4_dport,
544 'proto': rule_l4_proto}
545 acl_rules.append(acl_rule)
546
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]547 if mac_type == self.WILD_MAC and ip_type == self.WILD_IP and p > 0:
548 continue
549
550 if is_permit:
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]551 macip_rule = ({
552 'is_permit': is_permit,
553 'is_ipv6': is_ip6,
554 'src_ip_addr': ip_rule,
555 'src_ip_prefix_len': prefix_len,
Paul Vinciguerraa7427ec2019-03-10 10:04:23 -0700[diff] [blame]556 'src_mac': binascii.unhexlify(mac_rule.replace(':', '')),
557 'src_mac_mask': binascii.unhexlify(
558 mac_mask.replace(':', ''))})
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]559 macip_rules.append(macip_rule)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]560
561 # deny all other packets
562 if not (mac_type == self.WILD_MAC and ip_type == self.WILD_IP):
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]563 macip_rule = ({'is_permit': 0,
564 'is_ipv6': is_ip6,
565 'src_ip_addr': "",
566 'src_ip_prefix_len': 0,
567 'src_mac': "",
568 'src_mac_mask': ""})
569 macip_rules.append(macip_rule)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]570
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]571 acl_rule = {'is_permit': 0,
572 'is_ipv6': is_ip6}
573 acl_rules.append(acl_rule)
574 return {'stream': packets,
575 'macip_rules': macip_rules,
576 'acl_rules': acl_rules}
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]577
578 def verify_capture(self, stream, capture, is_ip6):
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]579 """
580 :param stream:
581 :param capture:
582 :param is_ip6:
583 :return:
584 """
585 # p_l3 = IPv6 if is_ip6 else IP
586 # if self.DEBUG:
587 # for p in stream:
Paul Vinciguerra661f91f2018-11-28 19:06:41 -0800[diff] [blame]588 # print(p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst)
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]589 #
590 # acls = self.macip_acl_dump_debug()
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]591
592 # TODO : verify
593 # for acl in acls:
594 # for r in acl.r:
Paul Vinciguerra661f91f2018-11-28 19:06:41 -0800[diff] [blame]595 # print(binascii.hexlify(r.src_mac), \
Paul Vinciguerra6e4c6ad2018-11-25 10:35:29 -0800[diff] [blame]596 # binascii.hexlify(r.src_mac_mask),\
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]597 # unpack('<16B', r.src_ip_addr), \
Paul Vinciguerra661f91f2018-11-28 19:06:41 -0800[diff] [blame]598 # r.src_ip_prefix_len)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]599 #
600 # for p in capture:
Paul Vinciguerra661f91f2018-11-28 19:06:41 -0800[diff] [blame]601 # print(p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
602 # data = p[Raw].load.split(':',1)[1])
603 # print(p[p_l3].src, data)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]604
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]605 def run_traffic(self, mac_type, ip_type, traffic, is_ip6, packets,
606 do_not_expected_capture=False, tags=None,
Andrew Yourtchenkod7834912017-12-09 14:55:52 +0100[diff] [blame]607 apply_rules=True, isMACIP=True, permit_tags=PERMIT_TAGS,
608 try_replace=False):
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]609 self.reset_packet_infos()
610
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]611 if tags is None:
612 tx_if = self.pg0 if traffic == self.BRIDGED else self.pg3
613 rx_if = self.pg3 if traffic == self.BRIDGED else self.pg0
614 src_if = self.pg3
615 dst_if = self.loop0
616 else:
617 if tags == self.DOT1Q:
618 if traffic == self.BRIDGED:
619 tx_if = self.subifs[0]
620 rx_if = self.pg0
621 src_if = self.subifs[0]
622 dst_if = self.loop0
623 else:
624 tx_if = self.subifs[2]
625 rx_if = self.pg0
626 src_if = self.subifs[2]
627 dst_if = self.loop0
628 elif tags == self.DOT1AD:
629 if traffic == self.BRIDGED:
630 tx_if = self.subifs[1]
631 rx_if = self.pg0
632 src_if = self.subifs[1]
633 dst_if = self.loop0
634 else:
635 tx_if = self.subifs[3]
636 rx_if = self.pg0
637 src_if = self.subifs[3]
638 dst_if = self.loop0
639 else:
640 return
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]641
642 test_dict = self.create_stream(mac_type, ip_type, packets,
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]643 src_if, dst_if,
644 traffic, is_ip6,
645 tags=permit_tags)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]646
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]647 if apply_rules:
648 if isMACIP:
649 reply = self.vapi.macip_acl_add(test_dict['macip_rules'])
650 else:
651 reply = self.vapi.acl_add_replace(acl_index=4294967295,
652 r=test_dict['acl_rules'])
653 self.assertEqual(reply.retval, 0)
654 acl_index = reply.acl_index
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]655
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]656 if isMACIP:
657 self.vapi.macip_acl_interface_add_del(
658 sw_if_index=tx_if.sw_if_index,
659 acl_index=acl_index)
660 reply = self.vapi.macip_acl_interface_get()
661 self.assertEqual(reply.acls[tx_if.sw_if_index], acl_index)
662 self.ACLS.append(reply.acls[tx_if.sw_if_index])
663 else:
664 self.vapi.acl_interface_add_del(
665 sw_if_index=tx_if.sw_if_index, acl_index=acl_index)
666 else:
667 self.vapi.macip_acl_interface_add_del(
668 sw_if_index=tx_if.sw_if_index,
669 acl_index=0)
Andrew Yourtchenkod7834912017-12-09 14:55:52 +0100[diff] [blame]670 if try_replace:
671 if isMACIP:
672 reply = self.vapi.macip_acl_add_replace(
673 test_dict['macip_rules'],
674 acl_index)
675 else:
676 reply = self.vapi.acl_add_replace(acl_index=acl_index,
677 r=test_dict['acl_rules'])
678 self.assertEqual(reply.retval, 0)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]679
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]680 if not isinstance(src_if, VppSubInterface):
681 tx_if.add_stream(test_dict['stream'])
682 else:
683 tx_if.parent.add_stream(test_dict['stream'])
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]684 self.pg_enable_capture(self.pg_interfaces)
685 self.pg_start()
686
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]687 if do_not_expected_capture:
688 rx_if.get_capture(0)
689 else:
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]690 if traffic == self.BRIDGED and mac_type == self.WILD_MAC and \
691 ip_type == self.WILD_IP:
692 capture = rx_if.get_capture(packets)
693 else:
694 capture = rx_if.get_capture(
695 self.get_packet_count_for_if_idx(dst_if.sw_if_index))
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]696 self.verify_capture(test_dict['stream'], capture, is_ip6)
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]697 if not isMACIP:
698 self.vapi.acl_interface_add_del(sw_if_index=tx_if.sw_if_index,
699 acl_index=acl_index, is_add=0)
700 self.vapi.acl_del(acl_index)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]701
702 def run_test_acls(self, mac_type, ip_type, acl_count,
703 rules_count, traffic=None, ip=None):
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]704 self.apply_macip_rules(self.create_rules(mac_type, ip_type, acl_count,
705 rules_count))
706 self.verify_macip_acls(acl_count, rules_count)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]707
708 if traffic is not None:
709 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, traffic, ip, 9)
710
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]711
712class TestMACIP_IP4(MethodHolder):
713 """MACIP with IP4 traffic"""
714
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame^]715 @classmethod
716 def setUpClass(cls):
717 super(TestMACIP_IP4, cls).setUpClass()
718
719 @classmethod
720 def tearDownClass(cls):
721 super(TestMACIP_IP4, cls).tearDownClass()
722
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]723 def test_acl_bridged_ip4_exactMAC_exactIP(self):
724 """ IP4 MACIP exactMAC|exactIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]725 """
726 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
727 self.BRIDGED, self.IS_IP4, 9)
728
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]729 def test_acl_bridged_ip4_exactMAC_subnetIP(self):
730 """ IP4 MACIP exactMAC|subnetIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]731 """
732
733 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
734 self.BRIDGED, self.IS_IP4, 9)
735
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]736 def test_acl_bridged_ip4_exactMAC_wildIP(self):
737 """ IP4 MACIP exactMAC|wildIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]738 """
739
740 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
741 self.BRIDGED, self.IS_IP4, 9)
742
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]743 def test_acl_bridged_ip4_ouiMAC_exactIP(self):
744 """ IP4 MACIP ouiMAC|exactIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]745 """
746
747 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
748 self.BRIDGED, self.IS_IP4, 3)
749
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]750 def test_acl_bridged_ip4_ouiMAC_subnetIP(self):
751 """ IP4 MACIP ouiMAC|subnetIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]752 """
753
754 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
755 self.BRIDGED, self.IS_IP4, 9)
756
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]757 def test_acl_bridged_ip4_ouiMAC_wildIP(self):
758 """ IP4 MACIP ouiMAC|wildIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]759 """
760
761 self.run_traffic(self.OUI_MAC, self.WILD_IP,
762 self.BRIDGED, self.IS_IP4, 9)
763
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]764 def test_ac_bridgedl_ip4_wildMAC_exactIP(self):
765 """ IP4 MACIP wildcardMAC|exactIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]766 """
767
768 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
769 self.BRIDGED, self.IS_IP4, 9)
770
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]771 def test_acl_bridged_ip4_wildMAC_subnetIP(self):
772 """ IP4 MACIP wildcardMAC|subnetIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]773 """
774
775 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
776 self.BRIDGED, self.IS_IP4, 9)
777
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]778 def test_acl_bridged_ip4_wildMAC_wildIP(self):
779 """ IP4 MACIP wildcardMAC|wildIP ACL bridged traffic
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]780 """
781
782 self.run_traffic(self.WILD_MAC, self.WILD_IP,
783 self.BRIDGED, self.IS_IP4, 9)
784
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]785 def test_acl_routed_ip4_exactMAC_exactIP(self):
786 """ IP4 MACIP exactMAC|exactIP ACL routed traffic
787 """
788 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
789 self.ROUTED, self.IS_IP4, 9)
790
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]791 def test_acl_routed_ip4_exactMAC_subnetIP(self):
792 """ IP4 MACIP exactMAC|subnetIP ACL routed traffic
793 """
794 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
795 self.ROUTED, self.IS_IP4, 9)
796
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]797 def test_acl_routed_ip4_exactMAC_wildIP(self):
798 """ IP4 MACIP exactMAC|wildIP ACL routed traffic
799 """
800 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
801 self.ROUTED, self.IS_IP4, 9)
802
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]803 def test_acl_routed_ip4_ouiMAC_exactIP(self):
804 """ IP4 MACIP ouiMAC|exactIP ACL routed traffic
805 """
806
807 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
808 self.ROUTED, self.IS_IP4, 9)
809
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]810 def test_acl_routed_ip4_ouiMAC_subnetIP(self):
811 """ IP4 MACIP ouiMAC|subnetIP ACL routed traffic
812 """
813
814 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
815 self.ROUTED, self.IS_IP4, 9)
816
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]817 def test_acl_routed_ip4_ouiMAC_wildIP(self):
818 """ IP4 MACIP ouiMAC|wildIP ACL routed traffic
819 """
820
821 self.run_traffic(self.OUI_MAC, self.WILD_IP,
822 self.ROUTED, self.IS_IP4, 9)
823
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]824 def test_acl_routed_ip4_wildMAC_exactIP(self):
825 """ IP4 MACIP wildcardMAC|exactIP ACL routed traffic
826 """
827
828 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
829 self.ROUTED, self.IS_IP4, 9)
830
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]831 def test_acl_routed_ip4_wildMAC_subnetIP(self):
832 """ IP4 MACIP wildcardMAC|subnetIP ACL routed traffic
833 """
834
835 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
836 self.ROUTED, self.IS_IP4, 9)
837
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]838 def test_acl_routed_ip4_wildMAC_wildIP(self):
839 """ IP4 MACIP wildcardMAC|wildIP ACL
840 """
841
842 self.run_traffic(self.WILD_MAC, self.WILD_IP,
843 self.ROUTED, self.IS_IP4, 9)
844
845 def test_acl_replace_traffic_ip4(self):
846 """ MACIP replace ACL with IP4 traffic
847 """
848 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
Andrew Yourtchenkod7834912017-12-09 14:55:52 +0100[diff] [blame]849 self.BRIDGED, self.IS_IP4, 9, try_replace=True)
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]850 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
Andrew Yourtchenkod7834912017-12-09 14:55:52 +0100[diff] [blame]851 self.BRIDGED, self.IS_IP4, 9, try_replace=True)
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]852
853
854class TestMACIP_IP6(MethodHolder):
855 """MACIP with IP6 traffic"""
856
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame^]857 @classmethod
858 def setUpClass(cls):
859 super(TestMACIP_IP6, cls).setUpClass()
860
861 @classmethod
862 def tearDownClass(cls):
863 super(TestMACIP_IP6, cls).tearDownClass()
864
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]865 def test_acl_bridged_ip6_exactMAC_exactIP(self):
866 """ IP6 MACIP exactMAC|exactIP ACL bridged traffic
867 """
868
869 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
870 self.BRIDGED, self.IS_IP6, 9)
871
872 def test_acl_bridged_ip6_exactMAC_subnetIP(self):
873 """ IP6 MACIP exactMAC|subnetIP ACL bridged traffic
874 """
875
876 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
877 self.BRIDGED, self.IS_IP6, 9)
878
879 def test_acl_bridged_ip6_exactMAC_wildIP(self):
880 """ IP6 MACIP exactMAC|wildIP ACL bridged traffic
881 """
882
883 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
884 self.BRIDGED, self.IS_IP6, 9)
885
886 def test_acl_bridged_ip6_ouiMAC_exactIP(self):
887 """ IP6 MACIP oui_MAC|exactIP ACL bridged traffic
888 """
889
890 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
891 self.BRIDGED, self.IS_IP6, 9)
892
893 def test_acl_bridged_ip6_ouiMAC_subnetIP(self):
894 """ IP6 MACIP ouiMAC|subnetIP ACL bridged traffic
895 """
896
897 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
898 self.BRIDGED, self.IS_IP6, 9)
899
900 def test_acl_bridged_ip6_ouiMAC_wildIP(self):
901 """ IP6 MACIP ouiMAC|wildIP ACL bridged traffic
902 """
903
904 self.run_traffic(self.OUI_MAC, self.WILD_IP,
905 self.BRIDGED, self.IS_IP6, 9)
906
907 def test_acl_bridged_ip6_wildMAC_exactIP(self):
908 """ IP6 MACIP wildcardMAC|exactIP ACL bridged traffic
909 """
910
911 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
912 self.BRIDGED, self.IS_IP6, 9)
913
914 def test_acl_bridged_ip6_wildMAC_subnetIP(self):
915 """ IP6 MACIP wildcardMAC|subnetIP ACL bridged traffic
916 """
917
918 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
919 self.BRIDGED, self.IS_IP6, 9)
920
921 def test_acl_bridged_ip6_wildMAC_wildIP(self):
922 """ IP6 MACIP wildcardMAC|wildIP ACL bridged traffic
923 """
924
925 self.run_traffic(self.WILD_MAC, self.WILD_IP,
926 self.BRIDGED, self.IS_IP6, 9)
927
928 def test_acl_routed_ip6_exactMAC_exactIP(self):
929 """ IP6 MACIP exactMAC|exactIP ACL routed traffic
930 """
931
932 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
933 self.ROUTED, self.IS_IP6, 9)
934
935 def test_acl_routed_ip6_exactMAC_subnetIP(self):
936 """ IP6 MACIP exactMAC|subnetIP ACL routed traffic
937 """
938
939 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
940 self.ROUTED, self.IS_IP6, 9)
941
942 def test_acl_routed_ip6_exactMAC_wildIP(self):
943 """ IP6 MACIP exactMAC|wildIP ACL routed traffic
944 """
945
946 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
947 self.ROUTED, self.IS_IP6, 9)
948
949 def test_acl_routed_ip6_ouiMAC_exactIP(self):
950 """ IP6 MACIP ouiMAC|exactIP ACL routed traffic
951 """
952
953 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
954 self.ROUTED, self.IS_IP6, 9)
955
956 def test_acl_routed_ip6_ouiMAC_subnetIP(self):
957 """ IP6 MACIP ouiMAC|subnetIP ACL routed traffic
958 """
959
960 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
961 self.ROUTED, self.IS_IP6, 9)
962
963 def test_acl_routed_ip6_ouiMAC_wildIP(self):
964 """ IP6 MACIP ouiMAC|wildIP ACL routed traffic
965 """
966
967 self.run_traffic(self.OUI_MAC, self.WILD_IP,
968 self.ROUTED, self.IS_IP6, 9)
969
970 def test_acl_routed_ip6_wildMAC_exactIP(self):
971 """ IP6 MACIP wildcardMAC|exactIP ACL routed traffic
972 """
973
974 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
975 self.ROUTED, self.IS_IP6, 9)
976
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]977 def test_acl_routed_ip6_wildMAC_subnetIP(self):
978 """ IP6 MACIP wildcardMAC|subnetIP ACL routed traffic
979 """
980
981 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
982 self.ROUTED, self.IS_IP6, 9)
983
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]984 def test_acl_routed_ip6_wildMAC_wildIP(self):
985 """ IP6 MACIP wildcardMAC|wildIP ACL
986 """
987
988 self.run_traffic(self.WILD_MAC, self.WILD_IP,
989 self.ROUTED, self.IS_IP6, 9)
990
991 def test_acl_replace_traffic_ip6(self):
992 """ MACIP replace ACL with IP6 traffic
993 """
994 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
Andrew Yourtchenkod7834912017-12-09 14:55:52 +0100[diff] [blame]995 self.BRIDGED, self.IS_IP6, 9, try_replace=True)
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]996 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
Andrew Yourtchenkod7834912017-12-09 14:55:52 +0100[diff] [blame]997 self.BRIDGED, self.IS_IP6, 9, try_replace=True)
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]998
999
1000class TestMACIP(MethodHolder):
1001 """MACIP Tests"""
1002
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame^]1003 @classmethod
1004 def setUpClass(cls):
1005 super(TestMACIP, cls).setUpClass()
1006
1007 @classmethod
1008 def tearDownClass(cls):
1009 super(TestMACIP, cls).tearDownClass()
1010
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]1011 def test_acl_1_2(self):
1012 """ MACIP ACL with 2 entries
1013 """
1014
1015 self.run_test_acls(self.EXACT_MAC, self.WILD_IP, 1, [2])
1016
1017 def test_acl_1_5(self):
1018 """ MACIP ACL with 5 entries
1019 """
1020
1021 self.run_test_acls(self.EXACT_MAC, self.SUBNET_IP, 1, [5])
1022
1023 def test_acl_1_10(self):
1024 """ MACIP ACL with 10 entries
1025 """
1026
1027 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 1, [10])
1028
1029 def test_acl_1_20(self):
1030 """ MACIP ACL with 20 entries
1031 """
1032
1033 self.run_test_acls(self.OUI_MAC, self.WILD_IP, 1, [20])
1034
1035 def test_acl_1_50(self):
1036 """ MACIP ACL with 50 entries
1037 """
1038
1039 self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 1, [50])
1040
1041 def test_acl_1_100(self):
1042 """ MACIP ACL with 100 entries
1043 """
1044
1045 self.run_test_acls(self.OUI_MAC, self.EXACT_IP, 1, [100])
1046
1047 def test_acl_2_X(self):
1048 """ MACIP 2 ACLs each with 100+ entries
1049 """
1050
1051 self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 2, [100, 200])
1052
1053 def test_acl_10_X(self):
1054 """ MACIP 10 ACLs each with 100+ entries
1055 """
1056
1057 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
1058 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240])
1059
1060 def test_acl_10_X_traffic_ip4(self):
1061 """ MACIP 10 ACLs each with 100+ entries with IP4 traffic
1062 """
1063
1064 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
1065 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
1066 self.BRIDGED, self.IS_IP4)
1067
1068 def test_acl_10_X_traffic_ip6(self):
1069 """ MACIP 10 ACLs each with 100+ entries with IP6 traffic
1070 """
1071
1072 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
1073 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
1074 self.BRIDGED, self.IS_IP6)
1075
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]1076 def test_acl_replace(self):
1077 """ MACIP replace ACL
1078 """
1079
1080 r1 = self.create_rules(acl_count=3, rules_count=[2, 2, 2])
1081 r2 = self.create_rules(mac_type=self.OUI_MAC, ip_type=self.SUBNET_IP)
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]1082 self.apply_macip_rules(r1)
Pavel Kotucekc29940c2017-09-07 08:17:31 +0200[diff] [blame]1083
1084 acls_before = self.macip_acl_dump_debug()
1085
1086 # replace acls #2, #3 with new
1087 reply = self.vapi.macip_acl_add_replace(r2[0], 2)
1088 self.assertEqual(reply.retval, 0)
1089 self.assertEqual(reply.acl_index, 2)
1090 reply = self.vapi.macip_acl_add_replace(r2[1], 3)
1091 self.assertEqual(reply.retval, 0)
1092 self.assertEqual(reply.acl_index, 3)
1093
1094 acls_after = self.macip_acl_dump_debug()
1095
1096 # verify changes
1097 self.assertEqual(len(acls_before), len(acls_after))
1098 for acl1, acl2 in zip(
1099 acls_before[:2]+acls_before[4:],
1100 acls_after[:2]+acls_after[4:]):
1101 self.assertEqual(len(acl1), len(acl2))
1102
1103 self.assertEqual(len(acl1.r), len(acl2.r))
1104 for r1, r2 in zip(acl1.r, acl2.r):
1105 self.assertEqual(len(acl1.r), len(acl2.r))
1106 self.assertEqual(acl1.r, acl2.r)
1107 for acl1, acl2 in zip(
1108 acls_before[2:4],
1109 acls_after[2:4]):
1110 self.assertEqual(len(acl1), len(acl2))
1111
1112 self.assertNotEqual(len(acl1.r), len(acl2.r))
1113 for r1, r2 in zip(acl1.r, acl2.r):
1114 self.assertNotEqual(len(acl1.r), len(acl2.r))
1115 self.assertNotEqual(acl1.r, acl2.r)
1116
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]1117 def test_delete_intf(self):
1118 """ MACIP ACL delete intf with acl
1119 """
1120
1121 intf_count = len(self.interfaces)+1
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]1122 intf = []
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]1123 self.apply_macip_rules(self.create_rules(acl_count=3,
1124 rules_count=[3, 5, 4]))
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]1125
Klement Sekerabeaded52018-06-24 10:30:37 +0200[diff] [blame]1126 intf.append(VppLoInterface(self))
1127 intf.append(VppLoInterface(self))
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]1128
1129 sw_if_index0 = intf[0].sw_if_index
1130 self.vapi.macip_acl_interface_add_del(sw_if_index0, 1)
1131
1132 reply = self.vapi.macip_acl_interface_get()
1133 self.assertEqual(reply.count, intf_count+1)
1134 self.assertEqual(reply.acls[sw_if_index0], 1)
1135
1136 sw_if_index1 = intf[1].sw_if_index
1137 self.vapi.macip_acl_interface_add_del(sw_if_index1, 0)
1138
1139 reply = self.vapi.macip_acl_interface_get()
1140 self.assertEqual(reply.count, intf_count+2)
1141 self.assertEqual(reply.acls[sw_if_index1], 0)
1142
1143 intf[0].remove_vpp_config()
1144 reply = self.vapi.macip_acl_interface_get()
1145 self.assertEqual(reply.count, intf_count+2)
1146 self.assertEqual(reply.acls[sw_if_index0], 4294967295)
1147 self.assertEqual(reply.acls[sw_if_index1], 0)
1148
Klement Sekerabeaded52018-06-24 10:30:37 +0200[diff] [blame]1149 intf.append(VppLoInterface(self))
1150 intf.append(VppLoInterface(self))
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]1151 sw_if_index2 = intf[2].sw_if_index
1152 sw_if_index3 = intf[3].sw_if_index
1153 self.vapi.macip_acl_interface_add_del(sw_if_index2, 1)
1154 self.vapi.macip_acl_interface_add_del(sw_if_index3, 1)
1155
1156 reply = self.vapi.macip_acl_interface_get()
1157 self.assertEqual(reply.count, intf_count+3)
1158 self.assertEqual(reply.acls[sw_if_index1], 0)
1159 self.assertEqual(reply.acls[sw_if_index2], 1)
1160 self.assertEqual(reply.acls[sw_if_index3], 1)
Andrew Yourtchenko563a8532018-03-23 15:23:15 +0100[diff] [blame]1161 self.logger.info("MACIP ACL on multiple interfaces:")
1162 self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl"))
1163 self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl index 1234"))
1164 self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl index 1"))
1165 self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl index 0"))
1166 self.logger.info(self.vapi.ppcli("sh acl-plugin macip interface"))
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]1167
1168 intf[2].remove_vpp_config()
1169 intf[1].remove_vpp_config()
1170
1171 reply = self.vapi.macip_acl_interface_get()
1172 self.assertEqual(reply.count, intf_count+3)
1173 self.assertEqual(reply.acls[sw_if_index0], 4294967295)
1174 self.assertEqual(reply.acls[sw_if_index1], 4294967295)
1175 self.assertEqual(reply.acls[sw_if_index2], 4294967295)
1176 self.assertEqual(reply.acls[sw_if_index3], 1)
1177
1178 intf[3].remove_vpp_config()
1179 reply = self.vapi.macip_acl_interface_get()
1180
1181 self.assertEqual(len([x for x in reply.acls if x != 4294967295]), 0)
1182
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]1183
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]1184class TestACL_dot1q_bridged(MethodHolder):
1185 """ACL on dot1q bridged subinterfaces Tests"""
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]1186
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame^]1187 @classmethod
1188 def setUpClass(cls):
1189 super(TestACL_dot1q_bridged, cls).setUpClass()
1190
1191 @classmethod
1192 def tearDownClass(cls):
1193 super(TestACL_dot1q_bridged, cls).tearDownClass()
1194
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]1195 def test_acl_bridged_ip4_subif_dot1q(self):
1196 """ IP4 ACL SubIf Dot1Q bridged traffic"""
1197 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED,
1198 self.IS_IP4, 9, tags=self.DOT1Q, isMACIP=False)
Pavel Kotucek057704e2017-09-14 09:50:52 +0200[diff] [blame]1199
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]1200 def test_acl_bridged_ip6_subif_dot1q(self):
1201 """ IP6 ACL SubIf Dot1Q bridged traffic"""
1202 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED,
1203 self.IS_IP6, 9, tags=self.DOT1Q, isMACIP=False)
1204
1205
1206class TestACL_dot1ad_bridged(MethodHolder):
1207 """ACL on dot1ad bridged subinterfaces Tests"""
1208
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame^]1209 @classmethod
1210 def setUpClass(cls):
1211 super(TestACL_dot1ad_bridged, cls).setUpClass()
1212
1213 @classmethod
1214 def tearDownClass(cls):
1215 super(TestACL_dot1ad_bridged, cls).tearDownClass()
1216
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]1217 def test_acl_bridged_ip4_subif_dot1ad(self):
1218 """ IP4 ACL SubIf Dot1AD bridged traffic"""
1219 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED,
1220 self.IS_IP4, 9, tags=self.DOT1AD, isMACIP=False)
1221
1222 def test_acl_bridged_ip6_subif_dot1ad(self):
1223 """ IP6 ACL SubIf Dot1AD bridged traffic"""
1224 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED,
1225 self.IS_IP6, 9, tags=self.DOT1AD, isMACIP=False)
1226
1227
1228class TestACL_dot1q_routed(MethodHolder):
1229 """ACL on dot1q routed subinterfaces Tests"""
1230
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame^]1231 @classmethod
1232 def setUpClass(cls):
1233 super(TestACL_dot1q_routed, cls).setUpClass()
1234
1235 @classmethod
1236 def tearDownClass(cls):
1237 super(TestACL_dot1q_routed, cls).tearDownClass()
1238
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]1239 def test_acl_routed_ip4_subif_dot1q(self):
1240 """ IP4 ACL SubIf Dot1Q routed traffic"""
1241 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
1242 self.IS_IP4, 9, tags=self.DOT1Q, isMACIP=False)
1243
1244 def test_acl_routed_ip6_subif_dot1q(self):
1245 """ IP6 ACL SubIf Dot1Q routed traffic"""
1246 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
1247 self.IS_IP6, 9, tags=self.DOT1Q, isMACIP=False)
1248
1249 def test_acl_routed_ip4_subif_dot1q_deny_by_tags(self):
1250 """ IP4 ACL SubIf wrong tags Dot1Q routed traffic"""
1251 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
1252 self.IS_IP4, 9, True, tags=self.DOT1Q, isMACIP=False,
1253 permit_tags=self.DENY_TAGS)
1254
1255 def test_acl_routed_ip6_subif_dot1q_deny_by_tags(self):
1256 """ IP6 ACL SubIf wrong tags Dot1Q routed traffic"""
1257 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
1258 self.IS_IP6, 9, True, tags=self.DOT1Q, isMACIP=False,
1259 permit_tags=self.DENY_TAGS)
1260
1261
1262class TestACL_dot1ad_routed(MethodHolder):
1263 """ACL on dot1ad routed subinterfaces Tests"""
1264
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame^]1265 @classmethod
1266 def setUpClass(cls):
1267 super(TestACL_dot1ad_routed, cls).setUpClass()
1268
1269 @classmethod
1270 def tearDownClass(cls):
1271 super(TestACL_dot1ad_routed, cls).tearDownClass()
1272
Pavel Kotucek8daa80a2017-09-25 09:44:05 +0200[diff] [blame]1273 def test_acl_routed_ip6_subif_dot1ad(self):
1274 """ IP6 ACL SubIf Dot1AD routed traffic"""
1275 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
1276 self.IS_IP6, 9, tags=self.DOT1AD, isMACIP=False)
1277
1278 def test_acl_routed_ip4_subif_dot1ad(self):
1279 """ IP4 ACL SubIf Dot1AD routed traffic"""
1280 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
1281 self.IS_IP4, 9, tags=self.DOT1AD, isMACIP=False)
1282
1283 def test_acl_routed_ip6_subif_dot1ad_deny_by_tags(self):
1284 """ IP6 ACL SubIf wrong tags Dot1AD routed traffic"""
1285 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
1286 self.IS_IP6, 9, True, tags=self.DOT1AD, isMACIP=False,
1287 permit_tags=self.DENY_TAGS)
1288
1289 def test_acl_routed_ip4_subif_dot1ad_deny_by_tags(self):
1290 """ IP4 ACL SubIf wrong tags Dot1AD routed traffic"""
1291 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
1292 self.IS_IP4, 9, True, tags=self.DOT1AD, isMACIP=False,
1293 permit_tags=self.DENY_TAGS)
Pavel Kotucek932f7412017-09-07 14:44:52 +0200[diff] [blame]1294
1295
1296if __name__ == '__main__':
1297 unittest.main(testRunner=VppTestRunner)