blob: de57f6bb82bcdffa2b16664a0a662743d304a9a4 [file] [log] [blame]
Pavel Kotucek932f7412017-09-07 14:44:52 +02001#!/usr/bin/env python
2"""ACL plugin - MACIP tests
3"""
4import random
5import re
6import unittest
7
8from socket import inet_ntop, inet_pton, AF_INET, AF_INET6
9from struct import *
10from scapy.packet import Raw
11from scapy.layers.l2 import Ether
12from scapy.layers.inet import IP, UDP, TCP
13from scapy.layers.inet6 import IPv6
14
15from framework import VppTestCase, VppTestRunner, running_extended_tests
16from vpp_lo_interface import VppLoInterface
17
18
19class TestMACIP(VppTestCase):
20 """MACIP Test Case"""
21
22 DEBUG = False
23
24 BRIDGED = True
25 ROUTED = False
26
27 IS_IP4 = False
28 IS_IP6 = True
29
30 # rule types
31 DENY = 0
32 PERMIT = 1
33
34 # ACL types
35 EXACT_IP = 1
36 SUBNET_IP = 2
37 WILD_IP = 3
38
39 EXACT_MAC = 1
40 WILD_MAC = 2
41 OUI_MAC = 3
42
43 ACLS = []
44
45 @classmethod
46 def setUpClass(cls):
47 """
48 Perform standard class setup (defined by class method setUpClass in
49 class VppTestCase) before running the test case, set test case related
50 variables and configure VPP.
51 """
52 super(TestMACIP, cls).setUpClass()
53
54 cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes
55 cls.bd_id = 10
56 cls.remote_hosts_count = 250
57
58 try:
59 # create 3 pg interfaces, 1 loopback interface
60 cls.create_pg_interfaces(range(3))
61 cls.create_loopback_interfaces(range(1))
62
63 cls.interfaces = list(cls.pg_interfaces)
64 cls.interfaces.extend(cls.lo_interfaces)
65
66 for i in cls.interfaces:
67 i.admin_up()
68
69 # Create BD with MAC learning enabled and put interfaces to this BD
70 cls.vapi.sw_interface_set_l2_bridge(
71 cls.loop0.sw_if_index, bd_id=cls.bd_id, bvi=1)
72 cls.vapi.sw_interface_set_l2_bridge(
73 cls.pg0.sw_if_index, bd_id=cls.bd_id)
74 cls.vapi.sw_interface_set_l2_bridge(
75 cls.pg1.sw_if_index, bd_id=cls.bd_id)
76
77 # Configure IPv4 addresses on loop interface and routed interface
78 cls.loop0.config_ip4()
79 cls.loop0.config_ip6()
80 cls.pg2.config_ip4()
81 cls.pg2.config_ip6()
82
83 # Configure MAC address binding to IPv4 neighbors on loop0
84 cls.loop0.generate_remote_hosts(cls.remote_hosts_count)
85 # Modify host mac addresses to have different OUI parts
86 for i in range(2, cls.remote_hosts_count + 2):
87 mac = cls.loop0.remote_hosts[i-2]._mac.split(':')
88 mac[2] = format(int(mac[2], 16) + i, "02x")
89 cls.loop0.remote_hosts[i - 2]._mac = ":".join(mac)
90
91 cls.loop0.configure_ipv4_neighbors()
92 cls.loop0.configure_ipv6_neighbors()
93 # configure MAC address on pg2
94 cls.pg2.resolve_arp()
95 cls.pg2.resolve_ndp()
96
97 # Loopback BVI interface has remote hosts
98 # one half of hosts are behind pg0 second behind pg1
99 half = cls.remote_hosts_count // 2
100 cls.pg0.remote_hosts = cls.loop0.remote_hosts[:half]
101 cls.pg1.remote_hosts = cls.loop0.remote_hosts[half:]
102
103 except Exception:
104 super(TestMACIP, cls).tearDownClass()
105 raise
106
107 def setUp(self):
108 super(TestMACIP, self).setUp()
109 self.reset_packet_infos()
110 del self.ACLS[:]
111
112 def tearDown(self):
113 """
114 Show various debug prints after each test.
115 """
116 super(TestMACIP, self).tearDown()
117 if not self.vpp_dead:
118 self.logger.info(self.vapi.ppcli("show interface address"))
119 self.logger.info(self.vapi.ppcli("show hardware"))
120 self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl"))
121 self.logger.info(self.vapi.ppcli("sh acl-plugin macip interface"))
122 self.logger.info(self.vapi.ppcli("sh classify tables verbose"))
123 # print self.vapi.ppcli("show interface address")
124 # print self.vapi.ppcli("show hardware")
125 # print self.vapi.ppcli("sh acl-plugin macip interface")
126 # print self.vapi.ppcli("sh acl-plugin macip acl")
127 self.delete_acls()
128
129 def macip_acl_dump_debug(self):
130 acls = self.vapi.macip_acl_dump()
131 if self.DEBUG:
132 for acl in acls:
133 for r in acl.r:
134 rule = "ACTION"
135 if r.is_permit == 1:
136 rule = "PERMIT"
137 elif r.is_permit == 0:
138 rule = "DENY "
139 print "IP6" if r.is_ipv6 else "IP4", \
140 rule, \
141 r.src_mac.encode('hex'), \
142 r.src_mac_mask.encode('hex'),\
143 unpack('<16B', r.src_ip_addr), \
144 r.src_ip_prefix_len
145 return acls
146
147 def create_acls(self, mac_type, ip_type, acl_count, rules_count):
148 rules = []
149 src_mac = int("220000dead00", 16)
150 for acl in range(2, (acl_count+1) * 2):
151 host = random.choice(self.loop0.remote_hosts)
152 is_ip6 = acl % 2
153 ip4 = host.ip4.split('.')
154 ip6 = list(unpack('<16B', inet_pton(AF_INET6, host.ip6)))
155
156 if ip_type == self.EXACT_IP:
157 prefix_len4 = 32
158 prefix_len6 = 128
159 elif ip_type == self.WILD_IP:
160 ip4 = [0, 0, 0, 0]
161 ip6 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
162 prefix_len4 = 0
163 prefix_len6 = 0
164 rules_count[(acl / 2) - 1] = 1
165 else:
166 prefix_len4 = 24
167 prefix_len6 = 64
168
169 if mac_type == self.EXACT_MAC:
170 mask = "ff:ff:ff:ff:ff:ff"
171 elif mac_type == self.WILD_MAC:
172 mask = "00:00:00:00:00:00"
173 elif mac_type == self.OUI_MAC:
174 mask = "ff:ff:ff:00:00:00"
175 else:
176 mask = "ff:ff:ff:ff:ff:00"
177
178 ip = ip6 if is_ip6 else ip4
179 ip_len = prefix_len6 if is_ip6 else prefix_len4
180
181 for i in range(0, rules_count[(acl / 2) - 1]):
182 src_mac += 16777217
183 if mac_type == self.WILD_MAC:
184 mac = "00:00:00:00:00:00"
185 elif mac_type == self.OUI_MAC:
186 mac = ':'.join(re.findall('..', '{:02x}'.format(
187 src_mac))[:3])+":00:00:00"
188 else:
189 mac = ':'.join(re.findall('..', '{:02x}'.format(src_mac)))
190
191 if ip_type == self.EXACT_IP:
192 ip4[3] = random.randint(100, 200)
193 ip6[15] = random.randint(100, 200)
194 elif ip_type == self.SUBNET_IP:
195 ip4[2] = random.randint(100, 200)
196 ip4[3] = 0
197 ip6[8] = random.randint(100, 200)
198 ip6[15] = 0
199 ip_pack = ''
200 for j in range(0, len(ip)):
201 ip_pack += pack('<B', int(ip[j]))
202
203 rule = ({'is_permit': self.PERMIT,
204 'is_ipv6': is_ip6,
205 'src_ip_addr': ip_pack,
206 'src_ip_prefix_len': ip_len,
207 'src_mac': mac.replace(':', '').decode('hex'),
208 'src_mac_mask': mask.replace(':', '').decode('hex')})
209 rules.append(rule)
210 if ip_type == self.WILD_IP:
211 break
212
213 reply = self.vapi.macip_acl_add_replace(rules)
214 self.assertEqual(reply.retval, 0)
215 self.ACLS.append(reply.acl_index)
216 del rules[:]
217
218 src_mac += 1099511627776
219
220 def verify_acls(self, acl_count, rules_count, expected_count=2):
221 reply = self.macip_acl_dump_debug()
222 for acl in range(2, (acl_count+1) * 2):
223 self.assertEqual(reply[acl - 2].count, rules_count[acl/2-1])
224
225 self.vapi.macip_acl_interface_get()
226
227 self.vapi.macip_acl_interface_add_del(sw_if_index=0, acl_index=0)
228 self.vapi.macip_acl_interface_add_del(sw_if_index=1, acl_index=1)
229
230 reply = self.vapi.macip_acl_interface_get()
231 self.assertEqual(reply.count, expected_count)
232
233 def delete_acls(self):
234 for acl in range(len(self.ACLS)-1, -1, -1):
235 self.vapi.macip_acl_del(self.ACLS[acl])
236
237 reply = self.vapi.macip_acl_dump()
238 self.assertEqual(len(reply), 0)
239
240 def create_stream(self, mac_type, ip_type, packet_count,
241 src_ip_if, dst_ip_if, bridged_routed, is_ip6):
242 # exact MAC and exact IP
243 # exact MAC and subnet of IPs
244 # exact MAC and wildcard IP
245 # wildcard MAC and exact IP
246 # wildcard MAC and subnet of IPs
247 # wildcard MAC and wildcard IP
248 # OUI restricted MAC and exact IP
249 # OUI restricted MAC and subnet of IPs
250 # OUI restricted MAC and wildcard IP
251
252 packets = []
253 rules = []
254 ip_permit = ""
255 mac_permit = ""
256 dst_mac = ""
257 mac_rule = "00:00:00:00:00:00"
258 mac_mask = "00:00:00:00:00:00"
259 for p in range(0, packet_count):
260 remote_dst_index = p % len(dst_ip_if.remote_hosts)
261 remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index]
262
263 dst_port = 1234 + p
264 src_port = 4321 + p
265 is_permit = self.PERMIT if p % 3 == 0 else self.DENY
266 denyMAC = True if not is_permit and p % 3 == 1 else False
267 denyIP = True if not is_permit and p % 3 == 2 else False
268 if not is_permit and ip_type == self.WILD_IP:
269 denyMAC = True
270 if not is_permit and mac_type == self.WILD_MAC:
271 denyIP = True
272 if bridged_routed:
273 if is_permit:
274 src_mac = remote_dst_host._mac
275 dst_mac = 'de:ad:00:00:00:00'
276 dst_ip6 = src_ip_if.remote_ip6
277 src_ip6 = remote_dst_host.ip6
278 dst_ip4 = src_ip_if.remote_ip4
279 src_ip4 = remote_dst_host.ip4
280 ip_permit = src_ip6 if is_ip6 else src_ip4
281 mac_permit = src_mac
282
283 if denyMAC:
284 mac = src_mac.split(':')
285 mac[0] = format(int(mac[0], 16)+1, "02x")
286 src_mac = ":".join(mac)
287 if is_ip6:
288 src_ip6 = ip_permit
289 else:
290 src_ip4 = ip_permit
291 if denyIP:
292 if ip_type != self.WILD_IP:
293 src_mac = mac_permit
294 dst_ip6 = src_ip_if.remote_ip6
295 src_ip6 = remote_dst_host.ip6
296 dst_ip4 = src_ip_if.remote_ip4
297 src_ip4 = remote_dst_host.ip4
298 else: # TODO
299 src_mac = src_ip_if.remote_mac
300 dst_mac = src_ip_if.local_mac
301 src_ip6 = src_ip_if.remote_ip6
302 dst_ip6 = remote_dst_host.ip6
303 src_ip4 = src_ip_if.remote_ip4
304 dst_ip4 = remote_dst_host.ip4
305
306 if is_permit:
307 info = self.create_packet_info(src_ip_if, dst_ip_if)
308 payload = self.info_to_payload(info)
309 else:
310 payload = "to be blocked"
311
312 if mac_type == self.WILD_MAC:
313 mac = src_mac.split(':')
314 for i in range(1, 5):
315 mac[i] = format(random.randint(0, 255), "02x")
316 src_mac = ":".join(mac)
317
318 # create packet
319 packet = Ether(src=src_mac, dst=dst_mac)
320 if bridged_routed:
321 ip_rule = src_ip6 if is_ip6 else src_ip4
322 else:
323 ip_rule = dst_ip6 if is_ip6 else dst_ip4
324 if is_ip6:
325 if ip_type != self.EXACT_IP:
326 sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip_rule)))
327 if ip_type == self.WILD_IP:
328 sub_ip[0] = random.randint(240, 254)
329 sub_ip[1] = random.randint(230, 239)
330 sub_ip[14] = random.randint(100, 199)
331 sub_ip[15] = random.randint(200, 255)
332 elif ip_type == self.SUBNET_IP:
333 if denyIP:
334 sub_ip[2] = str(int(sub_ip[2]) + 1)
335 sub_ip[14] = random.randint(100, 199)
336 sub_ip[15] = random.randint(200, 255)
337 if bridged_routed:
338 src_ip6 = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
339 else:
340 dst_ip6 = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
341 packet /= IPv6(src=src_ip6, dst=dst_ip6)
342 else:
343 if ip_type != self.EXACT_IP:
344 sub_ip = ip_rule.split('.')
345 if ip_type == self.WILD_IP:
346 sub_ip[0] = str(random.randint(1, 49))
347 sub_ip[1] = str(random.randint(50, 99))
348 sub_ip[2] = str(random.randint(100, 199))
349 sub_ip[3] = str(random.randint(200, 255))
350 elif ip_type == self.SUBNET_IP:
351 if denyIP:
352 sub_ip[1] = str(int(sub_ip[1])+1)
353 sub_ip[2] = str(random.randint(100, 199))
354 sub_ip[3] = str(random.randint(200, 255))
355 if bridged_routed:
356 src_ip4 = ".".join(sub_ip)
357 else:
358 # TODO
359 dst_ip4 = ".".join(sub_ip)
360 packet /= IP(src=src_ip4, dst=dst_ip4, frag=0, flags=0)
361
362 packet /= UDP(sport=src_port, dport=dst_port)/Raw(payload)
363
364 packet[Raw].load += " mac:"+src_mac
365
366 size = self.pg_if_packet_sizes[p % len(self.pg_if_packet_sizes)]
367 self.extend_packet(packet, size)
368 packets.append(packet)
369
370 # create suitable rule
371 if mac_type == self.EXACT_MAC:
372 mac_rule = src_mac
373 mac_mask = "ff:ff:ff:ff:ff:ff"
374 elif mac_type == self.WILD_MAC:
375 mac_rule = "00:00:00:00:00:00"
376 mac_mask = "00:00:00:00:00:00"
377 elif mac_type == self.OUI_MAC:
378 mac = src_mac.split(':')
379 mac[3] = mac[4] = mac[5] = '00'
380 mac_rule = ":".join(mac)
381 mac_mask = "ff:ff:ff:00:00:00"
382
383 if is_ip6:
384 if ip_type == self.WILD_IP:
385 ip = "0::0"
386 else:
387 if bridged_routed:
388 ip = src_ip6
389 else:
390 ip = dst_ip6
391 if ip_type == self.SUBNET_IP:
392 sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip)))
393 for i in range(8, 16):
394 sub_ip[i] = 0
395 ip = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
396 else:
397 if ip_type == self.WILD_IP:
398 ip = "0.0.0.0"
399 else:
400 if bridged_routed:
401 ip = src_ip4
402 else:
403 ip = dst_ip4
404 if ip_type == self.SUBNET_IP:
405 sub_ip = ip.split('.')
406 sub_ip[2] = sub_ip[3] = '0'
407 ip = ".".join(sub_ip)
408
409 prefix_len = 128 if is_ip6 else 32
410 if ip_type == self.WILD_IP:
411 prefix_len = 0
412 elif ip_type == self.SUBNET_IP:
413 prefix_len = 64 if is_ip6 else 16
414 ip_rule = inet_pton(AF_INET6 if is_ip6 else AF_INET, ip)
415
416 if mac_type == self.WILD_MAC and ip_type == self.WILD_IP and p > 0:
417 continue
418
419 if is_permit:
420 rule = ({'is_permit': is_permit,
421 'is_ipv6': is_ip6,
422 'src_ip_addr': ip_rule,
423 'src_ip_prefix_len': prefix_len,
424 'src_mac': mac_rule.replace(':', '').decode('hex'),
425 'src_mac_mask': mac_mask.replace(':', '').decode(
426 'hex')})
427 rules.append(rule)
428
429 # deny all other packets
430 if not (mac_type == self.WILD_MAC and ip_type == self.WILD_IP):
431 rule = ({'is_permit': 0,
432 'is_ipv6': is_ip6,
433 'src_ip_addr': "",
434 'src_ip_prefix_len': 0,
435 'src_mac': "",
436 'src_mac_mask': ""})
437 rules.append(rule)
438
439 return {'stream': packets, 'rules': rules}
440
441 def verify_capture(self, stream, capture, is_ip6):
442 p_l3 = IPv6 if is_ip6 else IP
443 if self.DEBUG:
444 for p in stream:
445 print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
446
447 acls = self.macip_acl_dump_debug()
448
449 # TODO : verify
450 # for acl in acls:
451 # for r in acl.r:
452 # print r.src_mac.encode('hex'), \
453 # r.src_mac_mask.encode('hex'),\
454 # unpack('<16B', r.src_ip_addr), \
455 # r.src_ip_prefix_len
456 #
457 # for p in capture:
458 # print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
459 # data = p[Raw].load.split(':',1)[1]
460 # print p[p_l3].src, data
461
462 def run_traffic(self, mac_type, ip_type, bridged_routed, is_ip6, packets):
463 self.reset_packet_infos()
464
465 tx_if = self.pg0 if bridged_routed else self.pg2
466 rx_if = self.pg2 if bridged_routed else self.pg0
467
468 test_dict = self.create_stream(mac_type, ip_type, packets,
469 self.pg2, self.loop0,
470 bridged_routed, is_ip6)
471
472 reply = self.vapi.macip_acl_add_replace(test_dict['rules'])
473 self.assertEqual(reply.retval, 0)
474 acl_index = reply.acl_index
475
476 self.vapi.macip_acl_interface_add_del(sw_if_index=tx_if.sw_if_index,
477 acl_index=acl_index)
478 reply = self.vapi.macip_acl_interface_get()
479 self.assertEqual(reply.acls[tx_if.sw_if_index], acl_index)
480 self.ACLS.append(reply.acls[tx_if.sw_if_index])
481
482 tx_if.add_stream(test_dict['stream'])
483 self.pg_enable_capture(self.pg_interfaces)
484 self.pg_start()
485
486 packet_count = self.get_packet_count_for_if_idx(self.loop0.sw_if_index)
487 if mac_type == self.WILD_MAC and ip_type == self.WILD_IP:
488 packet_count = packets
489 capture = rx_if.get_capture(packet_count)
490 self.verify_capture(test_dict['stream'], capture, is_ip6)
491
492 def run_test_acls(self, mac_type, ip_type, acl_count,
493 rules_count, traffic=None, ip=None):
494 self.create_acls(mac_type, ip_type, acl_count, rules_count)
495 self.verify_acls(acl_count, rules_count)
496
497 if traffic is not None:
498 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, traffic, ip, 9)
499
500 def test_acl_ip4_exactMAC_exactIP(self):
501 """ IP4 MACIP exactMAC|exactIP ACL
502 """
503 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
504 self.BRIDGED, self.IS_IP4, 9)
505
506 def test_acl_ip6_exactMAC_exactIP(self):
507 """ IP6 MACIP exactMAC|exactIP ACL
508 """
509
510 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
511 self.BRIDGED, self.IS_IP6, 9)
512
513 def test_acl_ip4_exactMAC_subnetIP(self):
514 """ IP4 MACIP exactMAC|subnetIP ACL
515 """
516
517 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
518 self.BRIDGED, self.IS_IP4, 9)
519
520 def test_acl_ip6_exactMAC_subnetIP(self):
521 """ IP6 MACIP exactMAC|subnetIP ACL
522 """
523
524 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
525 self.BRIDGED, self.IS_IP6, 9)
526
527 def test_acl_ip4_exactMAC_wildIP(self):
528 """ IP4 MACIP exactMAC|wildIP ACL
529 """
530
531 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
532 self.BRIDGED, self.IS_IP4, 9)
533
534 def test_acl_ip6_exactMAC_wildIP(self):
535 """ IP6 MACIP exactMAC|wildIP ACL
536 """
537
538 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
539 self.BRIDGED, self.IS_IP6, 9)
540
541 def test_acl_ip4_ouiMAC_exactIP(self):
542 """ IP4 MACIP ouiMAC|exactIP ACL
543 """
544
545 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
546 self.BRIDGED, self.IS_IP4, 3)
547
548 def test_acl_ip6_ouiMAC_exactIP(self):
549 """ IP6 MACIP oui_MAC|exactIP ACL
550 """
551
552 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
553 self.BRIDGED, self.IS_IP6, 9)
554
555 def test_acl_ip4_ouiMAC_subnetIP(self):
556 """ IP4 MACIP ouiMAC|subnetIP ACL
557 """
558
559 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
560 self.BRIDGED, self.IS_IP4, 9)
561
562 def test_acl_ip6_ouiMAC_subnetIP(self):
563 """ IP6 MACIP ouiMAC|subnetIP ACL
564 """
565
566 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
567 self.BRIDGED, self.IS_IP6, 9)
568
569 def test_acl_ip4_ouiMAC_wildIP(self):
570 """ IP4 MACIP ouiMAC|wildIP ACL
571 """
572
573 self.run_traffic(self.OUI_MAC, self.WILD_IP,
574 self.BRIDGED, self.IS_IP4, 9)
575
576 def test_acl_ip6_ouiMAC_wildIP(self):
577 """ IP6 MACIP ouiMAC|wildIP ACL
578 """
579
580 self.run_traffic(self.OUI_MAC, self.WILD_IP,
581 self.BRIDGED, self.IS_IP6, 9)
582
583 def test_acl_ip4_wildMAC_exactIP(self):
584 """ IP4 MACIP wildcardMAC|exactIP ACL
585 """
586
587 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
588 self.BRIDGED, self.IS_IP4, 9)
589
590 def test_acl_ip6_wildMAC_exactIP(self):
591 """ IP6 MACIP wildcardMAC|exactIP ACL
592 """
593
594 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
595 self.BRIDGED, self.IS_IP6, 9)
596
597 def test_acl_ip4_wildMAC_subnetIP(self):
598 """ IP4 MACIP wildcardMAC|subnetIP ACL
599 """
600
601 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
602 self.BRIDGED, self.IS_IP4, 9)
603
604 def test_acl_ip6_wildMAC_subnetIP(self):
605 """ IP6 MACIP wildcardMAC|subnetIP ACL
606 """
607
608 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
609 self.BRIDGED, self.IS_IP6, 9)
610
611 def test_acl_ip4_wildMAC_wildIP(self):
612 """ IP4 MACIP wildcardMAC|wildIP ACL
613 """
614
615 self.run_traffic(self.WILD_MAC, self.WILD_IP,
616 self.BRIDGED, self.IS_IP4, 9)
617
618 def test_acl_ip6_wildMAC_wildIP(self):
619 """ IP6 MACIP wildcardMAC|wildIP ACL
620 """
621
622 self.run_traffic(self.WILD_MAC, self.WILD_IP,
623 self.BRIDGED, self.IS_IP6, 9)
624
625 def test_acl_1_2(self):
626 """ MACIP ACL with 2 entries
627 """
628
629 self.run_test_acls(self.EXACT_MAC, self.WILD_IP, 1, [2])
630
631 def test_acl_1_5(self):
632 """ MACIP ACL with 5 entries
633 """
634
635 self.run_test_acls(self.EXACT_MAC, self.SUBNET_IP, 1, [5])
636
637 def test_acl_1_10(self):
638 """ MACIP ACL with 10 entries
639 """
640
641 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 1, [10])
642
643 def test_acl_1_20(self):
644 """ MACIP ACL with 20 entries
645 """
646
647 self.run_test_acls(self.OUI_MAC, self.WILD_IP, 1, [20])
648
649 def test_acl_1_50(self):
650 """ MACIP ACL with 50 entries
651 """
652
653 self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 1, [50])
654
655 def test_acl_1_100(self):
656 """ MACIP ACL with 100 entries
657 """
658
659 self.run_test_acls(self.OUI_MAC, self.EXACT_IP, 1, [100])
660
661 def test_acl_2_X(self):
662 """ MACIP 2 ACLs each with 100+ entries
663 """
664
665 self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 2, [100, 200])
666
667 def test_acl_10_X(self):
668 """ MACIP 10 ACLs each with 100+ entries
669 """
670
671 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
672 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240])
673
674 def test_acl_10_X_traffic_ip4(self):
675 """ MACIP 10 ACLs each with 100+ entries with IP4 traffic
676 """
677
678 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
679 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
680 self.BRIDGED, self.IS_IP4)
681
682 def test_acl_10_X_traffic_ip6(self):
683 """ MACIP 10 ACLs each with 100+ entries with IP6 traffic
684 """
685
686 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
687 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
688 self.BRIDGED, self.IS_IP6)
689
690 def test_delete_intf(self):
691 """ MACIP ACL delete intf with acl
692 """
693
694 intf_count = len(self.interfaces)+1
695 rules_count = [3, 5, 4]
696 intf = []
697 self.create_acls(self.EXACT_IP, self.EXACT_MAC, 3, rules_count)
698
699 intf.append(VppLoInterface(self, 0))
700 intf.append(VppLoInterface(self, 1))
701
702 sw_if_index0 = intf[0].sw_if_index
703 self.vapi.macip_acl_interface_add_del(sw_if_index0, 1)
704
705 reply = self.vapi.macip_acl_interface_get()
706 self.assertEqual(reply.count, intf_count+1)
707 self.assertEqual(reply.acls[sw_if_index0], 1)
708
709 sw_if_index1 = intf[1].sw_if_index
710 self.vapi.macip_acl_interface_add_del(sw_if_index1, 0)
711
712 reply = self.vapi.macip_acl_interface_get()
713 self.assertEqual(reply.count, intf_count+2)
714 self.assertEqual(reply.acls[sw_if_index1], 0)
715
716 intf[0].remove_vpp_config()
717 reply = self.vapi.macip_acl_interface_get()
718 self.assertEqual(reply.count, intf_count+2)
719 self.assertEqual(reply.acls[sw_if_index0], 4294967295)
720 self.assertEqual(reply.acls[sw_if_index1], 0)
721
722 intf.append(VppLoInterface(self, 2))
723 intf.append(VppLoInterface(self, 3))
724 sw_if_index2 = intf[2].sw_if_index
725 sw_if_index3 = intf[3].sw_if_index
726 self.vapi.macip_acl_interface_add_del(sw_if_index2, 1)
727 self.vapi.macip_acl_interface_add_del(sw_if_index3, 1)
728
729 reply = self.vapi.macip_acl_interface_get()
730 self.assertEqual(reply.count, intf_count+3)
731 self.assertEqual(reply.acls[sw_if_index1], 0)
732 self.assertEqual(reply.acls[sw_if_index2], 1)
733 self.assertEqual(reply.acls[sw_if_index3], 1)
734
735 intf[2].remove_vpp_config()
736 intf[1].remove_vpp_config()
737
738 reply = self.vapi.macip_acl_interface_get()
739 self.assertEqual(reply.count, intf_count+3)
740 self.assertEqual(reply.acls[sw_if_index0], 4294967295)
741 self.assertEqual(reply.acls[sw_if_index1], 4294967295)
742 self.assertEqual(reply.acls[sw_if_index2], 4294967295)
743 self.assertEqual(reply.acls[sw_if_index3], 1)
744
745 intf[3].remove_vpp_config()
746 reply = self.vapi.macip_acl_interface_get()
747
748 self.assertEqual(len([x for x in reply.acls if x != 4294967295]), 0)
749
750 @unittest.skipUnless(running_extended_tests(), "part of extended tests")
751 def test_check(self):
752 """ MACIP with routed traffic
753 """
754 # TODO: routed do not work yet !!!
755 # self.run_traffic(self.EXACT_IP, self.EXACT_MAC, False, False, 9)
756 # self.run_traffic(self.EXACT_IP, self.EXACT_MAC, False, True, 9)
757
758
759if __name__ == '__main__':
760 unittest.main(testRunner=VppTestRunner)