1 # Copyright (c) 2017 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
6 # http://www.apache.org/licenses/LICENSE-2.0
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
14 """Test variables for ACL-plugin test suite."""
17 def get_variables(test_case, name):
18 """Create and return a dictionary of test variables for the specified
21 :param test_case: Determines which test variables to return.
22 :param name: Name for the classify chain used in test.
26 :returns: Dictionary of test variables - settings for Honeycomb's
27 ietf-acl node and packet fields to use in verification.
29 :raises KeyError: If the test_case parameter is incorrect.
32 test_case = test_case.lower()
34 # Variables for control packet
37 "src_net": "16.0.0.0",
38 "dst_net": "16.0.1.0",
41 "src_mac": "01:02:03:04:05:06",
42 "dst_mac": "10:20:30:40:50:60"}
46 # MACs classified directly
47 "classify_src": "12:23:34:45:56:67",
48 "classify_dst": "89:9A:AB:BC:CD:DE",
49 # MACs classified through mask
50 "classify_src2": "01:02:03:04:56:67",
51 "classify_dst2": "89:9A:AB:BC:50:60",
52 "src_mask": "00:00:00:00:FF:FF",
53 "dst_mask": "FF:FF:FF:FF:00:00"
56 # IPs for DUT interface setup
57 "dut_to_tg_if1_ip": "16.0.0.2",
58 "dut_to_tg_if2_ip": "192.168.0.2",
60 "gateway": "192.168.0.1",
62 "classify_src_net": "16.0.2.0",
63 "classify_dst_net": "16.0.3.0",
64 # IPs in classified networks
65 "classify_src": "16.0.2.1",
66 "classify_dst": "16.0.3.1",
69 # Override control packet addresses with IPv6
73 # IPs for DUT interface setup
74 "dut_to_tg_if1_ip": "10::2",
75 "dut_to_tg_if2_ip": "20::2",
79 "classify_src_net": "12::",
80 "classify_dst_net": "13::",
81 # IPs in classified networks
82 "classify_src": "12::1",
83 "classify_dst": "13::1",
86 # IPs for DUT interface and route setup
87 "dut_to_tg_if1_ip": "16.0.0.2",
88 "dut_to_tg_if2_ip": "192.168.0.2",
90 "gateway": "192.168.0.1",
91 "classify_dst_net": "16.0.3.0",
92 # Ports in classified ranges
93 "classify_src": 60000,
94 "classify_dst": 61000,
97 # IPs for DUT interface and route setup
98 "dut_to_tg_if1_ip": "16.0.0.2",
99 "dut_to_tg_if2_ip": "192.168.0.2",
101 "gateway": "192.168.0.1",
102 "classify_dst_net": "16.0.3.0",
103 # IPs in classified networks
104 "classify_src_ip": "16.0.2.1",
105 "classify_dst_ip": "16.0.3.1",
106 # Ports in classified ranges
107 "classify_src_port": 60000,
108 "classify_dst_port": 61000,
111 # ICMP code and type for control packet
114 # classified ICMP code and type
120 # Override control packet addresses with IPv6
124 # ICMP code and type for control packet
127 # classified ICMP code and type
133 # IPs for DUT interface setup
134 "dut_to_tg_if1_ip": "16.0.0.2",
135 "dut_to_tg_if2_ip": "192.168.0.2",
137 "gateway": "192.168.0.1",
138 "gateway2": "192.168.0.1",
139 # classified networks
140 "classify_src_net": "16.0.2.0",
141 "classify_dst_net": "16.0.3.0",
142 # IPs in classified networks
143 "classify_src": "16.0.2.1",
144 "classify_dst": "16.0.3.1",
149 # ACL configuration for L2 tests
153 "vpp-acl:vpp-macip-acl",
155 "access-list-entries": {"ace": [
157 "rule-name": "rule1",
159 "vpp-macip-ace-nodes": {
160 "source-mac-address":
161 test_vars["macip"]["classify_src"],
162 "source-mac-address-mask":
163 test_vars["macip"]["src_mask"],
164 "source-ipv4-network": "16.0.0.0/24"
172 "rule-name": "rule_all",
174 "vpp-macip-ace-nodes": {
175 "source-mac-address":
176 test_vars["macip"]["classify_src"],
177 "source-mac-address-mask": "00:00:00:00:00:00",
178 "source-ipv4-network": "0.0.0.0/0"
188 # ACL configuration for L3 IPv4 tests
194 "access-list-entries": {"ace": [
196 "rule-name": "rule1",
199 "source-ipv4-network":
201 test_vars["l3_ip4"]["classify_src_net"],
202 test_vars["l3_ip4"]["prefix_length"]),
203 "destination-ipv4-network":
205 test_vars["l3_ip4"]["classify_dst_net"],
206 test_vars["l3_ip4"]["prefix_length"]),
208 "source-port-range": {
210 "upper-port": "65535"
212 "destination-port-range": {
214 "upper-port": "65535"
224 "rule-name": "rule_all",
227 "source-ipv4-network": "0.0.0.0/0",
228 "destination-ipv4-network": "0.0.0.0/0",
238 # ACL settings for L3 IPv6 tests
244 "access-list-entries": {"ace": [
246 "rule-name": "rule1",
249 "source-ipv6-network":
251 test_vars["l3_ip6"]["classify_src_net"],
252 test_vars["l3_ip6"]["prefix_length"]),
253 "destination-ipv6-network":
255 test_vars["l3_ip6"]["classify_dst_net"],
256 test_vars["l3_ip6"]["prefix_length"]),
258 "source-port-range": {
260 "upper-port": "65535"
262 "destination-port-range": {
264 "upper-port": "65535"
274 "rule-name": "rule_all",
277 "source-ipv6-network": "0::0/0",
278 "destination-ipv6-network": "0::0/0",
288 # ACL configuration for L4 tests
294 "access-list-entries": {"ace": [{
295 "rule-name": "rule1",
299 "destination-port-range": {
301 test_vars["l4"]["classify_dst"],
303 test_vars["l4"]["classify_dst"] + 10
305 "source-port-range": {
307 test_vars["l4"]["classify_src"],
309 test_vars["l4"]["classify_src"] + 10
319 "rule-name": "rule_all",
322 "source-ipv4-network": "0.0.0.0/0",
323 "destination-ipv4-network": "0.0.0.0/0",
338 "access-list-entries": {"ace": [{
339 "rule-name": "ports",
343 "destination-port-range": {
345 test_vars["l4"]["classify_dst"],
347 test_vars["l4"]["classify_dst"] + 10
349 "source-port-range": {
351 test_vars["l4"]["classify_src"],
353 test_vars["l4"]["classify_src"] + 10
363 "rule-name": "rule_all",
366 "source-ipv4-network": "0.0.0.0/0",
367 "destination-ipv4-network": "0.0.0.0/0",
382 "access-list-entries": {"ace": [
384 "rule-name": "rule1",
404 "rule-name": "rule_all",
407 "source-ipv4-network": "0.0.0.0/0",
408 "destination-ipv4-network": "0.0.0.0/0",
423 "access-list-entries": {"ace": [
425 "rule-name": "rule1",
445 "rule-name": "rule_all",
448 "source-ipv6-network": "0::0/0",
449 "destination-ipv6-network": "0::0/0",
464 "access-list-entries": {"ace": [
466 "rule-name": "rule1",
469 "source-ipv4-network":
471 test_vars["reflex"]["classify_dst_net"],
472 test_vars["reflex"]["prefix_length"]),
473 "destination-ipv4-network":
475 test_vars["reflex"]["classify_src_net"],
476 test_vars["reflex"]["prefix_length"]),
480 # TODO: will be renamed in HC2VPP-57
492 "access-list-entries": {"ace": [
494 "rule-name": "rule_all",
497 "source-ipv4-network": "0.0.0.0/0",
498 "destination-ipv4-network": "0.0.0.0/0",
512 ret_vars.update(variables)
513 ret_vars.update(test_vars[test_case])
515 {"acl_settings": acl_data[test_case]}
519 "Unrecognized test case {0}. Valid options are: {1}".format(
520 test_case, acl_data.keys()))