1 # Copyright (c) 2016 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
6 # http://www.apache.org/licenses/LICENSE-2.0
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
14 """Test variables for ietf-ACL test suite."""
17 def get_variables(test_case, name):
18 """Create and return a dictionary of test variables for the specified
21 :param test_case: Determines which test variables to return.
22 :param name: Name for the classify chain used in test.
26 :return: Dictionary of test variables - settings for Honeycomb's
27 ietf-acl node and packet fields to use in verification.
31 test_case = test_case.lower()
33 # Variables for control packet, should always pass through DUT
36 "dst_net": "16.0.1.0",
39 "src_mac": "01:02:03:04:05:06",
40 "dst_mac": "10:20:30:40:50:60"}
44 # MACs classified directly
45 "classify_src": "12:23:34:45:56:67",
46 "classify_dst": "89:9A:AB:BC:CD:DE",
47 # MACs classified through mask
48 "classify_src2": "01:02:03:04:56:67",
49 "classify_dst2": "89:9A:AB:BC:50:60",
50 "src_mask": "00:00:00:00:FF:FF",
51 "dst_mask": "FF:FF:FF:FF:00:00"
54 # IPs for DUT interface setup
55 "dut_to_tg_if1_ip": "16.0.0.2",
56 "dut_to_tg_if2_ip": "192.168.0.2",
58 "gateway": "192.168.0.1",
60 "classify_src_net": "16.0.2.0",
61 "classify_dst_net": "16.0.3.0",
62 # IPs in classified networks
63 "classify_src": "16.0.2.1",
64 "classify_dst": "16.0.3.1",
67 # Override control packet addresses with IPv6
71 # IPs for DUT interface setup
72 "dut_to_tg_if1_ip": "10::2",
73 "dut_to_tg_if2_ip": "20::2",
77 "classify_src_net": "12::",
78 "classify_dst_net": "13::",
79 # IPs in classified networks
80 "classify_src": "12::1",
81 "classify_dst": "13::1",
84 # IPs for DUT interface and route setup
85 "dut_to_tg_if1_ip": "16.0.0.2",
86 "dut_to_tg_if2_ip": "192.168.0.2",
88 "gateway": "192.168.0.1",
89 "classify_dst_net": "16.0.3.0",
90 # Ports in classified ranges
95 # IPs for DUT interface setup
96 "dut_to_tg_if1_ip": "16.0.0.2",
97 "dut_to_tg_if2_ip": "192.168.0.2",
98 "gateway": "192.168.0.1",
100 "classify_src_net": "16.0.2.0",
101 "classify_dst_net": "16.0.3.0",
102 # IPs in classified networks
103 "classify_src_ip": "16.0.2.1",
104 "classify_dst_ip": "16.0.3.1",
106 # MACs classified through mask
107 "classify_src_mac": "01:02:03:04:56:67",
108 "classify_dst_mac": "89:9A:AB:BC:50:60",
109 "src_mask": "00:00:00:00:FF:FF",
110 "dst_mask": "FF:FF:FF:FF:00:00",
112 "classify_src_port": 1500,
113 "classify_dst_port": 2000,
116 # MACs classified by first rule
117 "classify_src": "12:23:34:45:56:67",
118 "classify_dst": "89:9A:AB:BC:CD:DE",
119 # MACs classified by second rule
120 "classify_src2": "01:02:03:04:56:67",
121 "classify_dst2": "89:9A:AB:BC:50:60",
122 # MAC rule masks - only match specific addresses
123 "src_mask": "FF:FF:FF:FF:FF:FF",
124 "dst_mask": "FF:FF:FF:FF:FF:FF",
128 # ACL configuration for L2 tests
132 "ietf-access-control-list:eth-acl",
134 "access-list-entries": {"ace": [{
135 "rule-name": "rule1",
137 "source-mac-address":
138 test_vars["l2"]["classify_src"],
139 "source-mac-address-mask":
140 test_vars["l2"]["src_mask"],
141 "destination-mac-address":
142 test_vars["l2"]["classify_dst"],
143 "destination-mac-address-mask":
144 test_vars["l2"]["dst_mask"]
152 # ACL configuration for L3 IPv4 tests
156 "ietf-access-control-list:ipv4-acl",
158 "access-list-entries": {"ace": [{
159 "rule-name": "rule1",
161 "source-ipv4-network":
163 test_vars["l3_ip4"]["classify_src_net"],
164 test_vars["l3_ip4"]["prefix_length"]),
165 "destination-ipv4-network":
167 test_vars["l3_ip4"]["classify_dst_net"],
168 test_vars["l3_ip4"]["prefix_length"]),
177 # ACL settings for L3 IPv6 tests
181 "ietf-access-control-list:ipv6-acl",
183 "access-list-entries": {"ace": [{
184 "rule-name": "rule1",
186 "source-ipv6-network":
188 test_vars["l3_ip6"]["classify_src_net"],
189 test_vars["l3_ip6"]["prefix_length"]),
190 "destination-ipv6-network":
192 test_vars["l3_ip6"]["classify_dst_net"],
193 test_vars["l3_ip6"]["prefix_length"]),
202 # ACL configuration for L4 tests
208 "access-list-entries": {"ace": [{
209 "rule-name": "rule1",
211 "destination-ipv4-network": "0.0.0.0/0",
212 "destination-port-range": {
213 "lower-port": test_vars["l4"]["classify_dst"],
214 "upper-port": test_vars["l4"]["classify_dst"] + 50
216 "source-port-range": {
217 "lower-port": test_vars["l4"]["classify_src"],
218 "upper-port": test_vars["l4"]["classify_src"] + 50
232 "access-list-entries": {"ace": [{
233 "rule-name": "rule1",
235 "vpp-acl:source-mac-address":
236 test_vars["mixed"]["classify_src_mac"],
237 "vpp-acl:source-mac-address-mask":
238 test_vars["mixed"]["src_mask"],
239 "vpp-acl:destination-mac-address":
240 test_vars["mixed"]["classify_dst_mac"],
241 "vpp-acl:destination-mac-address-mask":
242 test_vars["mixed"]["dst_mask"],
243 "vpp-acl:source-ipv4-network":
245 test_vars["mixed"]["classify_src_net"],
246 test_vars["mixed"]["prefix_length"]),
247 "vpp-acl:destination-ipv4-network":
249 test_vars["mixed"]["classify_dst_net"],
250 test_vars["mixed"]["prefix_length"]),
251 "vpp-acl:protocol": 17,
252 "vpp-acl:destination-port-range": {
253 "lower-port": test_vars["l4"]["classify_dst"],
254 "upper-port": test_vars["l4"]["classify_dst"] + 50
256 "vpp-acl:source-port-range": {
257 "lower-port": test_vars["l4"]["classify_src"],
258 "upper-port": test_vars["l4"]["classify_src"] + 50
270 "ietf-access-control-list:eth-acl",
272 "access-list-entries": {"ace": [
274 "rule-name": "rule1",
276 "source-mac-address":
277 test_vars["multirule"]["classify_src"],
278 "source-mac-address-mask":
279 test_vars["multirule"]["src_mask"],
280 "destination-mac-address":
281 test_vars["multirule"]["classify_dst"],
282 "destination-mac-address-mask":
283 test_vars["multirule"]["dst_mask"]
290 "rule-name": "rule2",
292 "source-mac-address":
293 test_vars["multirule"]["classify_src2"],
294 "source-mac-address-mask":
295 test_vars["multirule"]["src_mask"],
296 "destination-mac-address":
297 test_vars["multirule"]["classify_dst2"],
298 "destination-mac-address-mask":
299 test_vars["multirule"]["dst_mask"]
306 "rule-name": "rule3",
308 "source-mac-address":
309 variables["src_mac"],
310 "source-mac-address-mask":
311 test_vars["multirule"]["src_mask"],
312 "destination-mac-address":
313 variables["dst_mac"],
314 "destination-mac-address-mask":
315 test_vars["multirule"]["dst_mask"]
327 ret_vars.update(variables)
328 ret_vars.update(test_vars[test_case])
330 {"acl_settings": acl_data[test_case]}
333 raise Exception("Unrecognized test case {0}."
334 " Valid options are: {1}".format(
335 test_case, acl_data.keys()))