Pavel Kotucek | 932f741 | 2017-09-07 14:44:52 +0200 | [diff] [blame] | 1 | #!/usr/bin/env python |
| 2 | """ACL plugin - MACIP tests |
| 3 | """ |
| 4 | import random |
| 5 | import re |
| 6 | import unittest |
| 7 | |
| 8 | from socket import inet_ntop, inet_pton, AF_INET, AF_INET6 |
| 9 | from struct import * |
| 10 | from scapy.packet import Raw |
| 11 | from scapy.layers.l2 import Ether |
| 12 | from scapy.layers.inet import IP, UDP, TCP |
| 13 | from scapy.layers.inet6 import IPv6 |
| 14 | |
| 15 | from framework import VppTestCase, VppTestRunner, running_extended_tests |
| 16 | from vpp_lo_interface import VppLoInterface |
| 17 | |
| 18 | |
| 19 | class TestMACIP(VppTestCase): |
| 20 | """MACIP Test Case""" |
| 21 | |
| 22 | DEBUG = False |
| 23 | |
| 24 | BRIDGED = True |
| 25 | ROUTED = False |
| 26 | |
| 27 | IS_IP4 = False |
| 28 | IS_IP6 = True |
| 29 | |
| 30 | # rule types |
| 31 | DENY = 0 |
| 32 | PERMIT = 1 |
| 33 | |
| 34 | # ACL types |
| 35 | EXACT_IP = 1 |
| 36 | SUBNET_IP = 2 |
| 37 | WILD_IP = 3 |
| 38 | |
| 39 | EXACT_MAC = 1 |
| 40 | WILD_MAC = 2 |
| 41 | OUI_MAC = 3 |
| 42 | |
| 43 | ACLS = [] |
| 44 | |
| 45 | @classmethod |
| 46 | def setUpClass(cls): |
| 47 | """ |
| 48 | Perform standard class setup (defined by class method setUpClass in |
| 49 | class VppTestCase) before running the test case, set test case related |
| 50 | variables and configure VPP. |
| 51 | """ |
| 52 | super(TestMACIP, cls).setUpClass() |
| 53 | |
| 54 | cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes |
| 55 | cls.bd_id = 10 |
| 56 | cls.remote_hosts_count = 250 |
| 57 | |
| 58 | try: |
| 59 | # create 3 pg interfaces, 1 loopback interface |
| 60 | cls.create_pg_interfaces(range(3)) |
| 61 | cls.create_loopback_interfaces(range(1)) |
| 62 | |
| 63 | cls.interfaces = list(cls.pg_interfaces) |
| 64 | cls.interfaces.extend(cls.lo_interfaces) |
| 65 | |
| 66 | for i in cls.interfaces: |
| 67 | i.admin_up() |
| 68 | |
| 69 | # Create BD with MAC learning enabled and put interfaces to this BD |
| 70 | cls.vapi.sw_interface_set_l2_bridge( |
| 71 | cls.loop0.sw_if_index, bd_id=cls.bd_id, bvi=1) |
| 72 | cls.vapi.sw_interface_set_l2_bridge( |
| 73 | cls.pg0.sw_if_index, bd_id=cls.bd_id) |
| 74 | cls.vapi.sw_interface_set_l2_bridge( |
| 75 | cls.pg1.sw_if_index, bd_id=cls.bd_id) |
| 76 | |
| 77 | # Configure IPv4 addresses on loop interface and routed interface |
| 78 | cls.loop0.config_ip4() |
| 79 | cls.loop0.config_ip6() |
| 80 | cls.pg2.config_ip4() |
| 81 | cls.pg2.config_ip6() |
| 82 | |
| 83 | # Configure MAC address binding to IPv4 neighbors on loop0 |
| 84 | cls.loop0.generate_remote_hosts(cls.remote_hosts_count) |
| 85 | # Modify host mac addresses to have different OUI parts |
| 86 | for i in range(2, cls.remote_hosts_count + 2): |
| 87 | mac = cls.loop0.remote_hosts[i-2]._mac.split(':') |
| 88 | mac[2] = format(int(mac[2], 16) + i, "02x") |
| 89 | cls.loop0.remote_hosts[i - 2]._mac = ":".join(mac) |
| 90 | |
| 91 | cls.loop0.configure_ipv4_neighbors() |
| 92 | cls.loop0.configure_ipv6_neighbors() |
| 93 | # configure MAC address on pg2 |
| 94 | cls.pg2.resolve_arp() |
| 95 | cls.pg2.resolve_ndp() |
| 96 | |
| 97 | # Loopback BVI interface has remote hosts |
| 98 | # one half of hosts are behind pg0 second behind pg1 |
| 99 | half = cls.remote_hosts_count // 2 |
| 100 | cls.pg0.remote_hosts = cls.loop0.remote_hosts[:half] |
| 101 | cls.pg1.remote_hosts = cls.loop0.remote_hosts[half:] |
| 102 | |
| 103 | except Exception: |
| 104 | super(TestMACIP, cls).tearDownClass() |
| 105 | raise |
| 106 | |
| 107 | def setUp(self): |
| 108 | super(TestMACIP, self).setUp() |
| 109 | self.reset_packet_infos() |
| 110 | del self.ACLS[:] |
| 111 | |
| 112 | def tearDown(self): |
| 113 | """ |
| 114 | Show various debug prints after each test. |
| 115 | """ |
| 116 | super(TestMACIP, self).tearDown() |
| 117 | if not self.vpp_dead: |
| 118 | self.logger.info(self.vapi.ppcli("show interface address")) |
| 119 | self.logger.info(self.vapi.ppcli("show hardware")) |
| 120 | self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl")) |
| 121 | self.logger.info(self.vapi.ppcli("sh acl-plugin macip interface")) |
| 122 | self.logger.info(self.vapi.ppcli("sh classify tables verbose")) |
| 123 | # print self.vapi.ppcli("show interface address") |
| 124 | # print self.vapi.ppcli("show hardware") |
| 125 | # print self.vapi.ppcli("sh acl-plugin macip interface") |
| 126 | # print self.vapi.ppcli("sh acl-plugin macip acl") |
| 127 | self.delete_acls() |
| 128 | |
| 129 | def macip_acl_dump_debug(self): |
| 130 | acls = self.vapi.macip_acl_dump() |
| 131 | if self.DEBUG: |
| 132 | for acl in acls: |
| 133 | for r in acl.r: |
| 134 | rule = "ACTION" |
| 135 | if r.is_permit == 1: |
| 136 | rule = "PERMIT" |
| 137 | elif r.is_permit == 0: |
| 138 | rule = "DENY " |
| 139 | print "IP6" if r.is_ipv6 else "IP4", \ |
| 140 | rule, \ |
| 141 | r.src_mac.encode('hex'), \ |
| 142 | r.src_mac_mask.encode('hex'),\ |
| 143 | unpack('<16B', r.src_ip_addr), \ |
| 144 | r.src_ip_prefix_len |
| 145 | return acls |
| 146 | |
| 147 | def create_acls(self, mac_type, ip_type, acl_count, rules_count): |
| 148 | rules = [] |
| 149 | src_mac = int("220000dead00", 16) |
| 150 | for acl in range(2, (acl_count+1) * 2): |
| 151 | host = random.choice(self.loop0.remote_hosts) |
| 152 | is_ip6 = acl % 2 |
| 153 | ip4 = host.ip4.split('.') |
| 154 | ip6 = list(unpack('<16B', inet_pton(AF_INET6, host.ip6))) |
| 155 | |
| 156 | if ip_type == self.EXACT_IP: |
| 157 | prefix_len4 = 32 |
| 158 | prefix_len6 = 128 |
| 159 | elif ip_type == self.WILD_IP: |
| 160 | ip4 = [0, 0, 0, 0] |
| 161 | ip6 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] |
| 162 | prefix_len4 = 0 |
| 163 | prefix_len6 = 0 |
| 164 | rules_count[(acl / 2) - 1] = 1 |
| 165 | else: |
| 166 | prefix_len4 = 24 |
| 167 | prefix_len6 = 64 |
| 168 | |
| 169 | if mac_type == self.EXACT_MAC: |
| 170 | mask = "ff:ff:ff:ff:ff:ff" |
| 171 | elif mac_type == self.WILD_MAC: |
| 172 | mask = "00:00:00:00:00:00" |
| 173 | elif mac_type == self.OUI_MAC: |
| 174 | mask = "ff:ff:ff:00:00:00" |
| 175 | else: |
| 176 | mask = "ff:ff:ff:ff:ff:00" |
| 177 | |
| 178 | ip = ip6 if is_ip6 else ip4 |
| 179 | ip_len = prefix_len6 if is_ip6 else prefix_len4 |
| 180 | |
| 181 | for i in range(0, rules_count[(acl / 2) - 1]): |
| 182 | src_mac += 16777217 |
| 183 | if mac_type == self.WILD_MAC: |
| 184 | mac = "00:00:00:00:00:00" |
| 185 | elif mac_type == self.OUI_MAC: |
| 186 | mac = ':'.join(re.findall('..', '{:02x}'.format( |
| 187 | src_mac))[:3])+":00:00:00" |
| 188 | else: |
| 189 | mac = ':'.join(re.findall('..', '{:02x}'.format(src_mac))) |
| 190 | |
| 191 | if ip_type == self.EXACT_IP: |
| 192 | ip4[3] = random.randint(100, 200) |
| 193 | ip6[15] = random.randint(100, 200) |
| 194 | elif ip_type == self.SUBNET_IP: |
| 195 | ip4[2] = random.randint(100, 200) |
| 196 | ip4[3] = 0 |
| 197 | ip6[8] = random.randint(100, 200) |
| 198 | ip6[15] = 0 |
| 199 | ip_pack = '' |
| 200 | for j in range(0, len(ip)): |
| 201 | ip_pack += pack('<B', int(ip[j])) |
| 202 | |
| 203 | rule = ({'is_permit': self.PERMIT, |
| 204 | 'is_ipv6': is_ip6, |
| 205 | 'src_ip_addr': ip_pack, |
| 206 | 'src_ip_prefix_len': ip_len, |
| 207 | 'src_mac': mac.replace(':', '').decode('hex'), |
| 208 | 'src_mac_mask': mask.replace(':', '').decode('hex')}) |
| 209 | rules.append(rule) |
| 210 | if ip_type == self.WILD_IP: |
| 211 | break |
| 212 | |
| 213 | reply = self.vapi.macip_acl_add_replace(rules) |
| 214 | self.assertEqual(reply.retval, 0) |
| 215 | self.ACLS.append(reply.acl_index) |
| 216 | del rules[:] |
| 217 | |
| 218 | src_mac += 1099511627776 |
| 219 | |
| 220 | def verify_acls(self, acl_count, rules_count, expected_count=2): |
| 221 | reply = self.macip_acl_dump_debug() |
| 222 | for acl in range(2, (acl_count+1) * 2): |
| 223 | self.assertEqual(reply[acl - 2].count, rules_count[acl/2-1]) |
| 224 | |
| 225 | self.vapi.macip_acl_interface_get() |
| 226 | |
| 227 | self.vapi.macip_acl_interface_add_del(sw_if_index=0, acl_index=0) |
| 228 | self.vapi.macip_acl_interface_add_del(sw_if_index=1, acl_index=1) |
| 229 | |
| 230 | reply = self.vapi.macip_acl_interface_get() |
| 231 | self.assertEqual(reply.count, expected_count) |
| 232 | |
| 233 | def delete_acls(self): |
| 234 | for acl in range(len(self.ACLS)-1, -1, -1): |
| 235 | self.vapi.macip_acl_del(self.ACLS[acl]) |
| 236 | |
| 237 | reply = self.vapi.macip_acl_dump() |
| 238 | self.assertEqual(len(reply), 0) |
| 239 | |
| 240 | def create_stream(self, mac_type, ip_type, packet_count, |
| 241 | src_ip_if, dst_ip_if, bridged_routed, is_ip6): |
| 242 | # exact MAC and exact IP |
| 243 | # exact MAC and subnet of IPs |
| 244 | # exact MAC and wildcard IP |
| 245 | # wildcard MAC and exact IP |
| 246 | # wildcard MAC and subnet of IPs |
| 247 | # wildcard MAC and wildcard IP |
| 248 | # OUI restricted MAC and exact IP |
| 249 | # OUI restricted MAC and subnet of IPs |
| 250 | # OUI restricted MAC and wildcard IP |
| 251 | |
| 252 | packets = [] |
| 253 | rules = [] |
| 254 | ip_permit = "" |
| 255 | mac_permit = "" |
| 256 | dst_mac = "" |
| 257 | mac_rule = "00:00:00:00:00:00" |
| 258 | mac_mask = "00:00:00:00:00:00" |
| 259 | for p in range(0, packet_count): |
| 260 | remote_dst_index = p % len(dst_ip_if.remote_hosts) |
| 261 | remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index] |
| 262 | |
| 263 | dst_port = 1234 + p |
| 264 | src_port = 4321 + p |
| 265 | is_permit = self.PERMIT if p % 3 == 0 else self.DENY |
| 266 | denyMAC = True if not is_permit and p % 3 == 1 else False |
| 267 | denyIP = True if not is_permit and p % 3 == 2 else False |
| 268 | if not is_permit and ip_type == self.WILD_IP: |
| 269 | denyMAC = True |
| 270 | if not is_permit and mac_type == self.WILD_MAC: |
| 271 | denyIP = True |
| 272 | if bridged_routed: |
| 273 | if is_permit: |
| 274 | src_mac = remote_dst_host._mac |
| 275 | dst_mac = 'de:ad:00:00:00:00' |
| 276 | dst_ip6 = src_ip_if.remote_ip6 |
| 277 | src_ip6 = remote_dst_host.ip6 |
| 278 | dst_ip4 = src_ip_if.remote_ip4 |
| 279 | src_ip4 = remote_dst_host.ip4 |
| 280 | ip_permit = src_ip6 if is_ip6 else src_ip4 |
| 281 | mac_permit = src_mac |
| 282 | |
| 283 | if denyMAC: |
| 284 | mac = src_mac.split(':') |
| 285 | mac[0] = format(int(mac[0], 16)+1, "02x") |
| 286 | src_mac = ":".join(mac) |
| 287 | if is_ip6: |
| 288 | src_ip6 = ip_permit |
| 289 | else: |
| 290 | src_ip4 = ip_permit |
| 291 | if denyIP: |
| 292 | if ip_type != self.WILD_IP: |
| 293 | src_mac = mac_permit |
| 294 | dst_ip6 = src_ip_if.remote_ip6 |
| 295 | src_ip6 = remote_dst_host.ip6 |
| 296 | dst_ip4 = src_ip_if.remote_ip4 |
| 297 | src_ip4 = remote_dst_host.ip4 |
| 298 | else: # TODO |
| 299 | src_mac = src_ip_if.remote_mac |
| 300 | dst_mac = src_ip_if.local_mac |
| 301 | src_ip6 = src_ip_if.remote_ip6 |
| 302 | dst_ip6 = remote_dst_host.ip6 |
| 303 | src_ip4 = src_ip_if.remote_ip4 |
| 304 | dst_ip4 = remote_dst_host.ip4 |
| 305 | |
| 306 | if is_permit: |
| 307 | info = self.create_packet_info(src_ip_if, dst_ip_if) |
| 308 | payload = self.info_to_payload(info) |
| 309 | else: |
| 310 | payload = "to be blocked" |
| 311 | |
| 312 | if mac_type == self.WILD_MAC: |
| 313 | mac = src_mac.split(':') |
| 314 | for i in range(1, 5): |
| 315 | mac[i] = format(random.randint(0, 255), "02x") |
| 316 | src_mac = ":".join(mac) |
| 317 | |
| 318 | # create packet |
| 319 | packet = Ether(src=src_mac, dst=dst_mac) |
| 320 | if bridged_routed: |
| 321 | ip_rule = src_ip6 if is_ip6 else src_ip4 |
| 322 | else: |
| 323 | ip_rule = dst_ip6 if is_ip6 else dst_ip4 |
| 324 | if is_ip6: |
| 325 | if ip_type != self.EXACT_IP: |
| 326 | sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip_rule))) |
| 327 | if ip_type == self.WILD_IP: |
| 328 | sub_ip[0] = random.randint(240, 254) |
| 329 | sub_ip[1] = random.randint(230, 239) |
| 330 | sub_ip[14] = random.randint(100, 199) |
| 331 | sub_ip[15] = random.randint(200, 255) |
| 332 | elif ip_type == self.SUBNET_IP: |
| 333 | if denyIP: |
| 334 | sub_ip[2] = str(int(sub_ip[2]) + 1) |
| 335 | sub_ip[14] = random.randint(100, 199) |
| 336 | sub_ip[15] = random.randint(200, 255) |
| 337 | if bridged_routed: |
| 338 | src_ip6 = inet_ntop(AF_INET6, str(bytearray(sub_ip))) |
| 339 | else: |
| 340 | dst_ip6 = inet_ntop(AF_INET6, str(bytearray(sub_ip))) |
| 341 | packet /= IPv6(src=src_ip6, dst=dst_ip6) |
| 342 | else: |
| 343 | if ip_type != self.EXACT_IP: |
| 344 | sub_ip = ip_rule.split('.') |
| 345 | if ip_type == self.WILD_IP: |
| 346 | sub_ip[0] = str(random.randint(1, 49)) |
| 347 | sub_ip[1] = str(random.randint(50, 99)) |
| 348 | sub_ip[2] = str(random.randint(100, 199)) |
| 349 | sub_ip[3] = str(random.randint(200, 255)) |
| 350 | elif ip_type == self.SUBNET_IP: |
| 351 | if denyIP: |
| 352 | sub_ip[1] = str(int(sub_ip[1])+1) |
| 353 | sub_ip[2] = str(random.randint(100, 199)) |
| 354 | sub_ip[3] = str(random.randint(200, 255)) |
| 355 | if bridged_routed: |
| 356 | src_ip4 = ".".join(sub_ip) |
| 357 | else: |
| 358 | # TODO |
| 359 | dst_ip4 = ".".join(sub_ip) |
| 360 | packet /= IP(src=src_ip4, dst=dst_ip4, frag=0, flags=0) |
| 361 | |
| 362 | packet /= UDP(sport=src_port, dport=dst_port)/Raw(payload) |
| 363 | |
| 364 | packet[Raw].load += " mac:"+src_mac |
| 365 | |
| 366 | size = self.pg_if_packet_sizes[p % len(self.pg_if_packet_sizes)] |
| 367 | self.extend_packet(packet, size) |
| 368 | packets.append(packet) |
| 369 | |
| 370 | # create suitable rule |
| 371 | if mac_type == self.EXACT_MAC: |
| 372 | mac_rule = src_mac |
| 373 | mac_mask = "ff:ff:ff:ff:ff:ff" |
| 374 | elif mac_type == self.WILD_MAC: |
| 375 | mac_rule = "00:00:00:00:00:00" |
| 376 | mac_mask = "00:00:00:00:00:00" |
| 377 | elif mac_type == self.OUI_MAC: |
| 378 | mac = src_mac.split(':') |
| 379 | mac[3] = mac[4] = mac[5] = '00' |
| 380 | mac_rule = ":".join(mac) |
| 381 | mac_mask = "ff:ff:ff:00:00:00" |
| 382 | |
| 383 | if is_ip6: |
| 384 | if ip_type == self.WILD_IP: |
| 385 | ip = "0::0" |
| 386 | else: |
| 387 | if bridged_routed: |
| 388 | ip = src_ip6 |
| 389 | else: |
| 390 | ip = dst_ip6 |
| 391 | if ip_type == self.SUBNET_IP: |
| 392 | sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip))) |
| 393 | for i in range(8, 16): |
| 394 | sub_ip[i] = 0 |
| 395 | ip = inet_ntop(AF_INET6, str(bytearray(sub_ip))) |
| 396 | else: |
| 397 | if ip_type == self.WILD_IP: |
| 398 | ip = "0.0.0.0" |
| 399 | else: |
| 400 | if bridged_routed: |
| 401 | ip = src_ip4 |
| 402 | else: |
| 403 | ip = dst_ip4 |
| 404 | if ip_type == self.SUBNET_IP: |
| 405 | sub_ip = ip.split('.') |
| 406 | sub_ip[2] = sub_ip[3] = '0' |
| 407 | ip = ".".join(sub_ip) |
| 408 | |
| 409 | prefix_len = 128 if is_ip6 else 32 |
| 410 | if ip_type == self.WILD_IP: |
| 411 | prefix_len = 0 |
| 412 | elif ip_type == self.SUBNET_IP: |
| 413 | prefix_len = 64 if is_ip6 else 16 |
| 414 | ip_rule = inet_pton(AF_INET6 if is_ip6 else AF_INET, ip) |
| 415 | |
| 416 | if mac_type == self.WILD_MAC and ip_type == self.WILD_IP and p > 0: |
| 417 | continue |
| 418 | |
| 419 | if is_permit: |
| 420 | rule = ({'is_permit': is_permit, |
| 421 | 'is_ipv6': is_ip6, |
| 422 | 'src_ip_addr': ip_rule, |
| 423 | 'src_ip_prefix_len': prefix_len, |
| 424 | 'src_mac': mac_rule.replace(':', '').decode('hex'), |
| 425 | 'src_mac_mask': mac_mask.replace(':', '').decode( |
| 426 | 'hex')}) |
| 427 | rules.append(rule) |
| 428 | |
| 429 | # deny all other packets |
| 430 | if not (mac_type == self.WILD_MAC and ip_type == self.WILD_IP): |
| 431 | rule = ({'is_permit': 0, |
| 432 | 'is_ipv6': is_ip6, |
| 433 | 'src_ip_addr': "", |
| 434 | 'src_ip_prefix_len': 0, |
| 435 | 'src_mac': "", |
| 436 | 'src_mac_mask': ""}) |
| 437 | rules.append(rule) |
| 438 | |
| 439 | return {'stream': packets, 'rules': rules} |
| 440 | |
| 441 | def verify_capture(self, stream, capture, is_ip6): |
| 442 | p_l3 = IPv6 if is_ip6 else IP |
| 443 | if self.DEBUG: |
| 444 | for p in stream: |
| 445 | print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst |
| 446 | |
| 447 | acls = self.macip_acl_dump_debug() |
| 448 | |
| 449 | # TODO : verify |
| 450 | # for acl in acls: |
| 451 | # for r in acl.r: |
| 452 | # print r.src_mac.encode('hex'), \ |
| 453 | # r.src_mac_mask.encode('hex'),\ |
| 454 | # unpack('<16B', r.src_ip_addr), \ |
| 455 | # r.src_ip_prefix_len |
| 456 | # |
| 457 | # for p in capture: |
| 458 | # print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst |
| 459 | # data = p[Raw].load.split(':',1)[1] |
| 460 | # print p[p_l3].src, data |
| 461 | |
| 462 | def run_traffic(self, mac_type, ip_type, bridged_routed, is_ip6, packets): |
| 463 | self.reset_packet_infos() |
| 464 | |
| 465 | tx_if = self.pg0 if bridged_routed else self.pg2 |
| 466 | rx_if = self.pg2 if bridged_routed else self.pg0 |
| 467 | |
| 468 | test_dict = self.create_stream(mac_type, ip_type, packets, |
| 469 | self.pg2, self.loop0, |
| 470 | bridged_routed, is_ip6) |
| 471 | |
| 472 | reply = self.vapi.macip_acl_add_replace(test_dict['rules']) |
| 473 | self.assertEqual(reply.retval, 0) |
| 474 | acl_index = reply.acl_index |
| 475 | |
| 476 | self.vapi.macip_acl_interface_add_del(sw_if_index=tx_if.sw_if_index, |
| 477 | acl_index=acl_index) |
| 478 | reply = self.vapi.macip_acl_interface_get() |
| 479 | self.assertEqual(reply.acls[tx_if.sw_if_index], acl_index) |
| 480 | self.ACLS.append(reply.acls[tx_if.sw_if_index]) |
| 481 | |
| 482 | tx_if.add_stream(test_dict['stream']) |
| 483 | self.pg_enable_capture(self.pg_interfaces) |
| 484 | self.pg_start() |
| 485 | |
| 486 | packet_count = self.get_packet_count_for_if_idx(self.loop0.sw_if_index) |
| 487 | if mac_type == self.WILD_MAC and ip_type == self.WILD_IP: |
| 488 | packet_count = packets |
| 489 | capture = rx_if.get_capture(packet_count) |
| 490 | self.verify_capture(test_dict['stream'], capture, is_ip6) |
| 491 | |
| 492 | def run_test_acls(self, mac_type, ip_type, acl_count, |
| 493 | rules_count, traffic=None, ip=None): |
| 494 | self.create_acls(mac_type, ip_type, acl_count, rules_count) |
| 495 | self.verify_acls(acl_count, rules_count) |
| 496 | |
| 497 | if traffic is not None: |
| 498 | self.run_traffic(self.EXACT_MAC, self.EXACT_IP, traffic, ip, 9) |
| 499 | |
| 500 | def test_acl_ip4_exactMAC_exactIP(self): |
| 501 | """ IP4 MACIP exactMAC|exactIP ACL |
| 502 | """ |
| 503 | self.run_traffic(self.EXACT_MAC, self.EXACT_IP, |
| 504 | self.BRIDGED, self.IS_IP4, 9) |
| 505 | |
| 506 | def test_acl_ip6_exactMAC_exactIP(self): |
| 507 | """ IP6 MACIP exactMAC|exactIP ACL |
| 508 | """ |
| 509 | |
| 510 | self.run_traffic(self.EXACT_MAC, self.EXACT_IP, |
| 511 | self.BRIDGED, self.IS_IP6, 9) |
| 512 | |
| 513 | def test_acl_ip4_exactMAC_subnetIP(self): |
| 514 | """ IP4 MACIP exactMAC|subnetIP ACL |
| 515 | """ |
| 516 | |
| 517 | self.run_traffic(self.EXACT_MAC, self.SUBNET_IP, |
| 518 | self.BRIDGED, self.IS_IP4, 9) |
| 519 | |
| 520 | def test_acl_ip6_exactMAC_subnetIP(self): |
| 521 | """ IP6 MACIP exactMAC|subnetIP ACL |
| 522 | """ |
| 523 | |
| 524 | self.run_traffic(self.EXACT_MAC, self.SUBNET_IP, |
| 525 | self.BRIDGED, self.IS_IP6, 9) |
| 526 | |
| 527 | def test_acl_ip4_exactMAC_wildIP(self): |
| 528 | """ IP4 MACIP exactMAC|wildIP ACL |
| 529 | """ |
| 530 | |
| 531 | self.run_traffic(self.EXACT_MAC, self.WILD_IP, |
| 532 | self.BRIDGED, self.IS_IP4, 9) |
| 533 | |
| 534 | def test_acl_ip6_exactMAC_wildIP(self): |
| 535 | """ IP6 MACIP exactMAC|wildIP ACL |
| 536 | """ |
| 537 | |
| 538 | self.run_traffic(self.EXACT_MAC, self.WILD_IP, |
| 539 | self.BRIDGED, self.IS_IP6, 9) |
| 540 | |
| 541 | def test_acl_ip4_ouiMAC_exactIP(self): |
| 542 | """ IP4 MACIP ouiMAC|exactIP ACL |
| 543 | """ |
| 544 | |
| 545 | self.run_traffic(self.OUI_MAC, self.EXACT_IP, |
| 546 | self.BRIDGED, self.IS_IP4, 3) |
| 547 | |
| 548 | def test_acl_ip6_ouiMAC_exactIP(self): |
| 549 | """ IP6 MACIP oui_MAC|exactIP ACL |
| 550 | """ |
| 551 | |
| 552 | self.run_traffic(self.OUI_MAC, self.EXACT_IP, |
| 553 | self.BRIDGED, self.IS_IP6, 9) |
| 554 | |
| 555 | def test_acl_ip4_ouiMAC_subnetIP(self): |
| 556 | """ IP4 MACIP ouiMAC|subnetIP ACL |
| 557 | """ |
| 558 | |
| 559 | self.run_traffic(self.OUI_MAC, self.SUBNET_IP, |
| 560 | self.BRIDGED, self.IS_IP4, 9) |
| 561 | |
| 562 | def test_acl_ip6_ouiMAC_subnetIP(self): |
| 563 | """ IP6 MACIP ouiMAC|subnetIP ACL |
| 564 | """ |
| 565 | |
| 566 | self.run_traffic(self.OUI_MAC, self.SUBNET_IP, |
| 567 | self.BRIDGED, self.IS_IP6, 9) |
| 568 | |
| 569 | def test_acl_ip4_ouiMAC_wildIP(self): |
| 570 | """ IP4 MACIP ouiMAC|wildIP ACL |
| 571 | """ |
| 572 | |
| 573 | self.run_traffic(self.OUI_MAC, self.WILD_IP, |
| 574 | self.BRIDGED, self.IS_IP4, 9) |
| 575 | |
| 576 | def test_acl_ip6_ouiMAC_wildIP(self): |
| 577 | """ IP6 MACIP ouiMAC|wildIP ACL |
| 578 | """ |
| 579 | |
| 580 | self.run_traffic(self.OUI_MAC, self.WILD_IP, |
| 581 | self.BRIDGED, self.IS_IP6, 9) |
| 582 | |
| 583 | def test_acl_ip4_wildMAC_exactIP(self): |
| 584 | """ IP4 MACIP wildcardMAC|exactIP ACL |
| 585 | """ |
| 586 | |
| 587 | self.run_traffic(self.WILD_MAC, self.EXACT_IP, |
| 588 | self.BRIDGED, self.IS_IP4, 9) |
| 589 | |
| 590 | def test_acl_ip6_wildMAC_exactIP(self): |
| 591 | """ IP6 MACIP wildcardMAC|exactIP ACL |
| 592 | """ |
| 593 | |
| 594 | self.run_traffic(self.WILD_MAC, self.EXACT_IP, |
| 595 | self.BRIDGED, self.IS_IP6, 9) |
| 596 | |
| 597 | def test_acl_ip4_wildMAC_subnetIP(self): |
| 598 | """ IP4 MACIP wildcardMAC|subnetIP ACL |
| 599 | """ |
| 600 | |
| 601 | self.run_traffic(self.WILD_MAC, self.SUBNET_IP, |
| 602 | self.BRIDGED, self.IS_IP4, 9) |
| 603 | |
| 604 | def test_acl_ip6_wildMAC_subnetIP(self): |
| 605 | """ IP6 MACIP wildcardMAC|subnetIP ACL |
| 606 | """ |
| 607 | |
| 608 | self.run_traffic(self.WILD_MAC, self.SUBNET_IP, |
| 609 | self.BRIDGED, self.IS_IP6, 9) |
| 610 | |
| 611 | def test_acl_ip4_wildMAC_wildIP(self): |
| 612 | """ IP4 MACIP wildcardMAC|wildIP ACL |
| 613 | """ |
| 614 | |
| 615 | self.run_traffic(self.WILD_MAC, self.WILD_IP, |
| 616 | self.BRIDGED, self.IS_IP4, 9) |
| 617 | |
| 618 | def test_acl_ip6_wildMAC_wildIP(self): |
| 619 | """ IP6 MACIP wildcardMAC|wildIP ACL |
| 620 | """ |
| 621 | |
| 622 | self.run_traffic(self.WILD_MAC, self.WILD_IP, |
| 623 | self.BRIDGED, self.IS_IP6, 9) |
| 624 | |
| 625 | def test_acl_1_2(self): |
| 626 | """ MACIP ACL with 2 entries |
| 627 | """ |
| 628 | |
| 629 | self.run_test_acls(self.EXACT_MAC, self.WILD_IP, 1, [2]) |
| 630 | |
| 631 | def test_acl_1_5(self): |
| 632 | """ MACIP ACL with 5 entries |
| 633 | """ |
| 634 | |
| 635 | self.run_test_acls(self.EXACT_MAC, self.SUBNET_IP, 1, [5]) |
| 636 | |
| 637 | def test_acl_1_10(self): |
| 638 | """ MACIP ACL with 10 entries |
| 639 | """ |
| 640 | |
| 641 | self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 1, [10]) |
| 642 | |
| 643 | def test_acl_1_20(self): |
| 644 | """ MACIP ACL with 20 entries |
| 645 | """ |
| 646 | |
| 647 | self.run_test_acls(self.OUI_MAC, self.WILD_IP, 1, [20]) |
| 648 | |
| 649 | def test_acl_1_50(self): |
| 650 | """ MACIP ACL with 50 entries |
| 651 | """ |
| 652 | |
| 653 | self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 1, [50]) |
| 654 | |
| 655 | def test_acl_1_100(self): |
| 656 | """ MACIP ACL with 100 entries |
| 657 | """ |
| 658 | |
| 659 | self.run_test_acls(self.OUI_MAC, self.EXACT_IP, 1, [100]) |
| 660 | |
| 661 | def test_acl_2_X(self): |
| 662 | """ MACIP 2 ACLs each with 100+ entries |
| 663 | """ |
| 664 | |
| 665 | self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 2, [100, 200]) |
| 666 | |
| 667 | def test_acl_10_X(self): |
| 668 | """ MACIP 10 ACLs each with 100+ entries |
| 669 | """ |
| 670 | |
| 671 | self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10, |
| 672 | [100, 120, 140, 160, 180, 200, 210, 220, 230, 240]) |
| 673 | |
| 674 | def test_acl_10_X_traffic_ip4(self): |
| 675 | """ MACIP 10 ACLs each with 100+ entries with IP4 traffic |
| 676 | """ |
| 677 | |
| 678 | self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10, |
| 679 | [100, 120, 140, 160, 180, 200, 210, 220, 230, 240], |
| 680 | self.BRIDGED, self.IS_IP4) |
| 681 | |
| 682 | def test_acl_10_X_traffic_ip6(self): |
| 683 | """ MACIP 10 ACLs each with 100+ entries with IP6 traffic |
| 684 | """ |
| 685 | |
| 686 | self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10, |
| 687 | [100, 120, 140, 160, 180, 200, 210, 220, 230, 240], |
| 688 | self.BRIDGED, self.IS_IP6) |
| 689 | |
| 690 | def test_delete_intf(self): |
| 691 | """ MACIP ACL delete intf with acl |
| 692 | """ |
| 693 | |
| 694 | intf_count = len(self.interfaces)+1 |
| 695 | rules_count = [3, 5, 4] |
| 696 | intf = [] |
| 697 | self.create_acls(self.EXACT_IP, self.EXACT_MAC, 3, rules_count) |
| 698 | |
| 699 | intf.append(VppLoInterface(self, 0)) |
| 700 | intf.append(VppLoInterface(self, 1)) |
| 701 | |
| 702 | sw_if_index0 = intf[0].sw_if_index |
| 703 | self.vapi.macip_acl_interface_add_del(sw_if_index0, 1) |
| 704 | |
| 705 | reply = self.vapi.macip_acl_interface_get() |
| 706 | self.assertEqual(reply.count, intf_count+1) |
| 707 | self.assertEqual(reply.acls[sw_if_index0], 1) |
| 708 | |
| 709 | sw_if_index1 = intf[1].sw_if_index |
| 710 | self.vapi.macip_acl_interface_add_del(sw_if_index1, 0) |
| 711 | |
| 712 | reply = self.vapi.macip_acl_interface_get() |
| 713 | self.assertEqual(reply.count, intf_count+2) |
| 714 | self.assertEqual(reply.acls[sw_if_index1], 0) |
| 715 | |
| 716 | intf[0].remove_vpp_config() |
| 717 | reply = self.vapi.macip_acl_interface_get() |
| 718 | self.assertEqual(reply.count, intf_count+2) |
| 719 | self.assertEqual(reply.acls[sw_if_index0], 4294967295) |
| 720 | self.assertEqual(reply.acls[sw_if_index1], 0) |
| 721 | |
| 722 | intf.append(VppLoInterface(self, 2)) |
| 723 | intf.append(VppLoInterface(self, 3)) |
| 724 | sw_if_index2 = intf[2].sw_if_index |
| 725 | sw_if_index3 = intf[3].sw_if_index |
| 726 | self.vapi.macip_acl_interface_add_del(sw_if_index2, 1) |
| 727 | self.vapi.macip_acl_interface_add_del(sw_if_index3, 1) |
| 728 | |
| 729 | reply = self.vapi.macip_acl_interface_get() |
| 730 | self.assertEqual(reply.count, intf_count+3) |
| 731 | self.assertEqual(reply.acls[sw_if_index1], 0) |
| 732 | self.assertEqual(reply.acls[sw_if_index2], 1) |
| 733 | self.assertEqual(reply.acls[sw_if_index3], 1) |
| 734 | |
| 735 | intf[2].remove_vpp_config() |
| 736 | intf[1].remove_vpp_config() |
| 737 | |
| 738 | reply = self.vapi.macip_acl_interface_get() |
| 739 | self.assertEqual(reply.count, intf_count+3) |
| 740 | self.assertEqual(reply.acls[sw_if_index0], 4294967295) |
| 741 | self.assertEqual(reply.acls[sw_if_index1], 4294967295) |
| 742 | self.assertEqual(reply.acls[sw_if_index2], 4294967295) |
| 743 | self.assertEqual(reply.acls[sw_if_index3], 1) |
| 744 | |
| 745 | intf[3].remove_vpp_config() |
| 746 | reply = self.vapi.macip_acl_interface_get() |
| 747 | |
| 748 | self.assertEqual(len([x for x in reply.acls if x != 4294967295]), 0) |
| 749 | |
| 750 | @unittest.skipUnless(running_extended_tests(), "part of extended tests") |
| 751 | def test_check(self): |
| 752 | """ MACIP with routed traffic |
| 753 | """ |
| 754 | # TODO: routed do not work yet !!! |
| 755 | # self.run_traffic(self.EXACT_IP, self.EXACT_MAC, False, False, 9) |
| 756 | # self.run_traffic(self.EXACT_IP, self.EXACT_MAC, False, True, 9) |
| 757 | |
| 758 | |
| 759 | if __name__ == '__main__': |
| 760 | unittest.main(testRunner=VppTestRunner) |