Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / edd28a4102949a6f91280dd7d2fd0d0139de8198 / . / test / test_abf.py
blob: 87e6842dc5f8554be529328a6b1ba5a16b870ed2 [file] [log] [blame]
Renato Botelho do Coutoead1e532019-10-31 13:31:07 -0500[diff] [blame]1#!/usr/bin/env python3
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]2
Paul Vinciguerraa279d9c2019-02-28 09:00:09 -0800[diff] [blame]3from socket import inet_pton, inet_ntop, AF_INET, AF_INET6
4import unittest
5
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]6from framework import VppTestCase, VppTestRunner
Neale Rannsc0a93142018-09-05 15:42:26 -0700[diff] [blame]7from vpp_ip import DpoProto
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]8from vpp_ip_route import (
9 VppIpRoute,
10 VppRoutePath,
11 VppMplsLabel,
12 VppIpTable,
13 FibPathProto,
14)
Jakub Grajciar2f8cd912020-03-27 06:55:06 +0100[diff] [blame]15from vpp_acl import AclRule, VppAcl
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]16
17from scapy.packet import Raw
Paul Vinciguerraa279d9c2019-02-28 09:00:09 -0800[diff] [blame]18from scapy.layers.l2 import Ether
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]19from scapy.layers.inet import IP, UDP
20from scapy.layers.inet6 import IPv6
Jakub Grajciar2f8cd912020-03-27 06:55:06 +0100[diff] [blame]21from ipaddress import IPv4Network, IPv6Network
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]22
Paul Vinciguerraa279d9c2019-02-28 09:00:09 -0800[diff] [blame]23from vpp_object import VppObject
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]24
Paul Vinciguerra4271c972019-05-14 13:25:49 -0400[diff] [blame]25NUM_PKTS = 67
26
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]27
28def find_abf_policy(test, id):
29 policies = test.vapi.abf_policy_dump()
30 for p in policies:
31 if id == p.policy.policy_id:
32 return True
33 return False
34
35
36def find_abf_itf_attach(test, id, sw_if_index):
37 attachs = test.vapi.abf_itf_attach_dump()
38 for a in attachs:
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]39 if id == a.attach.policy_id and sw_if_index == a.attach.sw_if_index:
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]40 return True
41 return False
42
43
44class VppAbfPolicy(VppObject):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]45 def __init__(self, test, policy_id, acl, paths):
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]46 self._test = test
47 self.policy_id = policy_id
48 self.acl = acl
49 self.paths = paths
Neale Ranns097fa662018-05-01 05:17:55 -0700[diff] [blame]50 self.encoded_paths = []
51 for path in self.paths:
52 self.encoded_paths.append(path.encode())
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]53
54 def add_vpp_config(self):
55 self._test.vapi.abf_policy_add_del(
56 1,
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]57 {
58 "policy_id": self.policy_id,
59 "acl_index": self.acl.acl_index,
60 "n_paths": len(self.paths),
61 "paths": self.encoded_paths,
62 },
63 )
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]64 self._test.registry.register(self, self._test.logger)
65
66 def remove_vpp_config(self):
67 self._test.vapi.abf_policy_add_del(
68 0,
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]69 {
70 "policy_id": self.policy_id,
71 "acl_index": self.acl.acl_index,
72 "n_paths": len(self.paths),
73 "paths": self.encoded_paths,
74 },
75 )
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]76
77 def query_vpp_config(self):
78 return find_abf_policy(self._test, self.policy_id)
79
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]80 def object_id(self):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]81 return "abf-policy-%d" % self.policy_id
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]82
83
84class VppAbfAttach(VppObject):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]85 def __init__(self, test, policy_id, sw_if_index, priority, is_ipv6=0):
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]86 self._test = test
87 self.policy_id = policy_id
88 self.sw_if_index = sw_if_index
89 self.priority = priority
90 self.is_ipv6 = is_ipv6
91
92 def add_vpp_config(self):
93 self._test.vapi.abf_itf_attach_add_del(
94 1,
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]95 {
96 "policy_id": self.policy_id,
97 "sw_if_index": self.sw_if_index,
98 "priority": self.priority,
99 "is_ipv6": self.is_ipv6,
100 },
101 )
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]102 self._test.registry.register(self, self._test.logger)
103
104 def remove_vpp_config(self):
105 self._test.vapi.abf_itf_attach_add_del(
106 0,
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]107 {
108 "policy_id": self.policy_id,
109 "sw_if_index": self.sw_if_index,
110 "priority": self.priority,
111 "is_ipv6": self.is_ipv6,
112 },
113 )
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]114
115 def query_vpp_config(self):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]116 return find_abf_itf_attach(self._test, self.policy_id, self.sw_if_index)
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]117
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]118 def object_id(self):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]119 return "abf-attach-%d-%d" % (self.policy_id, self.sw_if_index)
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]120
121
122class TestAbf(VppTestCase):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]123 """ABF Test Case"""
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]124
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame]125 @classmethod
126 def setUpClass(cls):
127 super(TestAbf, cls).setUpClass()
128
129 @classmethod
130 def tearDownClass(cls):
131 super(TestAbf, cls).tearDownClass()
132
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]133 def setUp(self):
134 super(TestAbf, self).setUp()
135
Neale Rannsf726f532019-03-11 05:34:50 -0700[diff] [blame]136 self.create_pg_interfaces(range(5))
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]137
Neale Rannsf726f532019-03-11 05:34:50 -0700[diff] [blame]138 for i in self.pg_interfaces[:4]:
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]139 i.admin_up()
140 i.config_ip4()
141 i.resolve_arp()
142 i.config_ip6()
143 i.resolve_ndp()
144
145 def tearDown(self):
146 for i in self.pg_interfaces:
147 i.unconfig_ip4()
148 i.unconfig_ip6()
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]149 i.admin_down()
150 super(TestAbf, self).tearDown()
151
152 def test_abf4(self):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]153 """IPv4 ACL Based Forwarding"""
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]154
155 #
156 # We are not testing the various matching capabilities
157 # of ACLs, that's done elsewhere. Here ware are testing
158 # the application of ACLs to a forwarding path to achieve
159 # ABF
160 # So we construct just a few ACLs to ensure the ABF policies
Paul Vinciguerra8feeaff2019-03-27 11:25:48 -0700[diff] [blame]161 # are correctly constructed and used. And a few path types
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]162 # to test the API path decoding.
163 #
164
165 #
166 # Rule 1
167 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]168 rule_1 = AclRule(
169 is_permit=1,
170 proto=17,
171 ports=1234,
172 src_prefix=IPv4Network("1.1.1.1/32"),
173 dst_prefix=IPv4Network("1.1.1.2/32"),
174 )
Jakub Grajciar2f8cd912020-03-27 06:55:06 +0100[diff] [blame]175 acl_1 = VppAcl(self, rules=[rule_1])
176 acl_1.add_vpp_config()
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]177
178 #
179 # ABF policy for ACL 1 - path via interface 1
180 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]181 abf_1 = VppAbfPolicy(
182 self, 10, acl_1, [VppRoutePath(self.pg1.remote_ip4, self.pg1.sw_if_index)]
183 )
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]184 abf_1.add_vpp_config()
185
186 #
187 # Attach the policy to input interface Pg0
188 #
189 attach_1 = VppAbfAttach(self, 10, self.pg0.sw_if_index, 50)
190 attach_1.add_vpp_config()
191
192 #
193 # fire in packet matching the ACL src,dst. If it's forwarded
194 # then the ABF was successful, since default routing will drop it
195 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]196 p_1 = (
197 Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
198 / IP(src="1.1.1.1", dst="1.1.1.2")
199 / UDP(sport=1234, dport=1234)
200 / Raw(b"\xa5" * 100)
201 )
202 self.send_and_expect(self.pg0, p_1 * NUM_PKTS, self.pg1)
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]203
204 #
205 # Attach a 'better' priority policy to the same interface
206 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]207 abf_2 = VppAbfPolicy(
208 self, 11, acl_1, [VppRoutePath(self.pg2.remote_ip4, self.pg2.sw_if_index)]
209 )
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]210 abf_2.add_vpp_config()
211 attach_2 = VppAbfAttach(self, 11, self.pg0.sw_if_index, 40)
212 attach_2.add_vpp_config()
213
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]214 self.send_and_expect(self.pg0, p_1 * NUM_PKTS, self.pg2)
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]215
216 #
217 # Attach a policy with priority in the middle
218 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]219 abf_3 = VppAbfPolicy(
220 self, 12, acl_1, [VppRoutePath(self.pg3.remote_ip4, self.pg3.sw_if_index)]
221 )
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]222 abf_3.add_vpp_config()
223 attach_3 = VppAbfAttach(self, 12, self.pg0.sw_if_index, 45)
224 attach_3.add_vpp_config()
225
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]226 self.send_and_expect(self.pg0, p_1 * NUM_PKTS, self.pg2)
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]227
228 #
229 # remove the best priority
230 #
231 attach_2.remove_vpp_config()
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]232 self.send_and_expect(self.pg0, p_1 * NUM_PKTS, self.pg3)
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]233
234 #
235 # Attach one of the same policies to Pg1
236 #
237 attach_4 = VppAbfAttach(self, 12, self.pg1.sw_if_index, 45)
238 attach_4.add_vpp_config()
239
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]240 p_2 = (
241 Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac)
242 / IP(src="1.1.1.1", dst="1.1.1.2")
243 / UDP(sport=1234, dport=1234)
244 / Raw(b"\xa5" * 100)
245 )
Paul Vinciguerra4271c972019-05-14 13:25:49 -0400[diff] [blame]246 self.send_and_expect(self.pg1, p_2 * NUM_PKTS, self.pg3)
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]247
248 #
249 # detach the policy from PG1, now expect traffic to be dropped
250 #
251 attach_4.remove_vpp_config()
252
Paul Vinciguerra4271c972019-05-14 13:25:49 -0400[diff] [blame]253 self.send_and_assert_no_replies(self.pg1, p_2 * NUM_PKTS, "Detached")
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]254
Neale Rannsf726f532019-03-11 05:34:50 -0700[diff] [blame]255 #
256 # Swap to route via a next-hop in the non-default table
257 #
258 table_20 = VppIpTable(self, 20)
259 table_20.add_vpp_config()
260
261 self.pg4.set_table_ip4(table_20.table_id)
262 self.pg4.admin_up()
263 self.pg4.config_ip4()
264 self.pg4.resolve_arp()
265
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]266 abf_13 = VppAbfPolicy(
267 self,
268 13,
269 acl_1,
270 [
271 VppRoutePath(
272 self.pg4.remote_ip4, 0xFFFFFFFF, nh_table_id=table_20.table_id
273 )
274 ],
275 )
Neale Rannsf726f532019-03-11 05:34:50 -0700[diff] [blame]276 abf_13.add_vpp_config()
277 attach_5 = VppAbfAttach(self, 13, self.pg0.sw_if_index, 30)
278 attach_5.add_vpp_config()
279
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]280 self.send_and_expect(self.pg0, p_1 * NUM_PKTS, self.pg4)
Neale Rannsf726f532019-03-11 05:34:50 -0700[diff] [blame]281
282 self.pg4.unconfig_ip4()
283 self.pg4.set_table_ip4(0)
284
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]285 def test_abf6(self):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]286 """IPv6 ACL Based Forwarding"""
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]287
288 #
289 # Simple test for matching IPv6 packets
290 #
291
292 #
293 # Rule 1
294 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]295 rule_1 = AclRule(
296 is_permit=1,
297 proto=17,
298 ports=1234,
299 src_prefix=IPv6Network("2001::2/128"),
300 dst_prefix=IPv6Network("2001::1/128"),
301 )
Jakub Grajciar2f8cd912020-03-27 06:55:06 +0100[diff] [blame]302 acl_1 = VppAcl(self, rules=[rule_1])
303 acl_1.add_vpp_config()
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]304
305 #
306 # ABF policy for ACL 1 - path via interface 1
307 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]308 abf_1 = VppAbfPolicy(self, 10, acl_1, [VppRoutePath("3001::1", 0xFFFFFFFF)])
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]309 abf_1.add_vpp_config()
310
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]311 attach_1 = VppAbfAttach(self, 10, self.pg0.sw_if_index, 45, is_ipv6=True)
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]312 attach_1.add_vpp_config()
313
314 #
315 # a packet matching the rule
316 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]317 p = (
318 Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
319 / IPv6(src="2001::2", dst="2001::1")
320 / UDP(sport=1234, dport=1234)
321 / Raw(b"\xa5" * 100)
322 )
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]323
324 #
325 # packets are dropped because there is no route to the policy's
326 # next hop
327 #
Paul Vinciguerra4271c972019-05-14 13:25:49 -0400[diff] [blame]328 self.send_and_assert_no_replies(self.pg1, p * NUM_PKTS, "no route")
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]329
330 #
331 # add a route resolving the next-hop
332 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]333 route = VppIpRoute(
334 self,
335 "3001::1",
336 32,
337 [VppRoutePath(self.pg1.remote_ip6, self.pg1.sw_if_index)],
338 )
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]339 route.add_vpp_config()
340
341 #
342 # now expect packets forwarded.
343 #
Paul Vinciguerra4271c972019-05-14 13:25:49 -0400[diff] [blame]344 self.send_and_expect(self.pg0, p * NUM_PKTS, self.pg1)
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]345
Josh Dorsey6903da22023-01-04 21:28:07 +0000[diff] [blame]346 def test_abf4_deny(self):
347 """IPv4 ACL Deny Rule"""
348 import ipaddress
349
350 #
351 # Rules 1/2
352 #
353 pg0_subnet = ipaddress.ip_network(self.pg0.local_ip4_prefix, strict=False)
354 pg2_subnet = ipaddress.ip_network(self.pg2.local_ip4_prefix, strict=False)
355 pg3_subnet = ipaddress.ip_network(self.pg3.local_ip4_prefix, strict=False)
356 rule_deny = AclRule(
357 is_permit=0,
358 proto=17,
359 ports=1234,
360 src_prefix=IPv4Network(pg0_subnet),
361 dst_prefix=IPv4Network(pg3_subnet),
362 )
363 rule_permit = AclRule(
364 is_permit=1,
365 proto=17,
366 ports=1234,
367 src_prefix=IPv4Network(pg0_subnet),
368 dst_prefix=IPv4Network(pg2_subnet),
369 )
370 acl_1 = VppAcl(self, rules=[rule_deny, rule_permit])
371 acl_1.add_vpp_config()
372
373 #
374 # ABF policy for ACL 1 - path via interface 1
375 #
376 abf_1 = VppAbfPolicy(
377 self, 10, acl_1, [VppRoutePath(self.pg1.remote_ip4, self.pg1.sw_if_index)]
378 )
379 abf_1.add_vpp_config()
380
381 #
382 # Attach the policy to input interface Pg0
383 #
384 attach_1 = VppAbfAttach(self, 10, self.pg0.sw_if_index, 50)
385 attach_1.add_vpp_config()
386
387 #
388 # a packet matching the deny rule
389 #
390 p_deny = (
391 Ether(src=self.pg0.remote_mac, dst=self.pg3.remote_mac)
392 / IP(src=self.pg0.remote_ip4, dst=self.pg3.remote_ip4)
393 / UDP(sport=1234, dport=1234)
394 / Raw(b"\xa5" * 100)
395 )
396 self.send_and_expect(self.pg0, p_deny * NUM_PKTS, self.pg3)
397
398 #
399 # a packet matching the permit rule
400 #
401 p_permit = (
402 Ether(src=self.pg0.remote_mac, dst=self.pg2.remote_mac)
403 / IP(src=self.pg0.remote_ip4, dst=self.pg2.remote_ip4)
404 / UDP(sport=1234, dport=1234)
405 / Raw(b"\xa5" * 100)
406 )
407 self.send_and_expect(self.pg0, p_permit * NUM_PKTS, self.pg1)
408
409 def test_abf6_deny(self):
410 """IPv6 ACL Deny Rule"""
411 import ipaddress
412
413 #
414 # Rules 1/2
415 #
416 pg0_subnet = ipaddress.ip_network(self.pg0.local_ip6_prefix, strict=False)
417 pg2_subnet = ipaddress.ip_network(self.pg2.local_ip6_prefix, strict=False)
418 pg3_subnet = ipaddress.ip_network(self.pg3.local_ip6_prefix, strict=False)
419 rule_deny = AclRule(
420 is_permit=0,
421 proto=17,
422 ports=1234,
423 src_prefix=IPv6Network(pg0_subnet),
424 dst_prefix=IPv6Network(pg3_subnet),
425 )
426 rule_permit = AclRule(
427 is_permit=1,
428 proto=17,
429 ports=1234,
430 src_prefix=IPv6Network(pg0_subnet),
431 dst_prefix=IPv6Network(pg2_subnet),
432 )
433 acl_1 = VppAcl(self, rules=[rule_deny, rule_permit])
434 acl_1.add_vpp_config()
435
436 #
437 # ABF policy for ACL 1 - path via interface 1
438 #
439 abf_1 = VppAbfPolicy(
440 self, 10, acl_1, [VppRoutePath(self.pg1.remote_ip6, self.pg1.sw_if_index)]
441 )
442 abf_1.add_vpp_config()
443
444 #
445 # Attach the policy to input interface Pg0
446 #
447 attach_1 = VppAbfAttach(self, 10, self.pg0.sw_if_index, 50, is_ipv6=1)
448 attach_1.add_vpp_config()
449
450 #
451 # a packet matching the deny rule
452 #
453 p_deny = (
454 Ether(src=self.pg0.remote_mac, dst=self.pg3.remote_mac)
455 / IPv6(src=self.pg0.remote_ip6, dst=self.pg3.remote_ip6)
456 / UDP(sport=1234, dport=1234)
457 / Raw(b"\xa5" * 100)
458 )
459 self.send_and_expect(self.pg0, p_deny * NUM_PKTS, self.pg3)
460
461 #
462 # a packet matching the permit rule
463 #
464 p_permit = (
465 Ether(src=self.pg0.remote_mac, dst=self.pg2.remote_mac)
466 / IPv6(src=self.pg0.remote_ip6, dst=self.pg2.remote_ip6)
467 / UDP(sport=1234, dport=1234)
468 / Raw(b"\xa5" * 100)
469 )
470 self.send_and_expect(self.pg0, p_permit * NUM_PKTS, self.pg1)
471
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]472
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]473if __name__ == "__main__":
Andrew Yourtchenko669d07d2017-11-17 14:38:18 +0100[diff] [blame]474 unittest.main(testRunner=VppTestRunner)