1 # Copyright (c) 2017 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
6 # http://www.apache.org/licenses/LICENSE-2.0
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
14 """Test variables for ACL-plugin test suite."""
17 def get_variables(test_case, name):
18 """Create and return a dictionary of test variables for the specified
21 :param test_case: Determines which test variables to return.
22 :param name: Name for the classify chain used in test.
26 :returns: Dictionary of test variables - settings for Honeycomb's
27 ietf-acl node and packet fields to use in verification.
29 :raises KeyError: If the test_case parameter is incorrect.
32 test_case = test_case.lower()
34 # Variables for control packet
37 "src_net": "16.0.0.0",
38 "dst_net": "16.0.1.0",
41 "src_mac": "01:02:03:04:05:06",
42 "dst_mac": "10:20:30:40:50:60"}
46 # MACs classified directly
47 "classify_src": "12:23:34:45:56:67",
48 "classify_dst": "89:9A:AB:BC:CD:DE",
49 # MACs classified through mask
50 "classify_src2": "01:02:03:04:56:67",
51 "classify_dst2": "89:9A:AB:BC:50:60",
52 "src_mask": "00:00:00:00:FF:FF",
53 "dst_mask": "FF:FF:FF:FF:00:00"
56 # IPs for DUT interface setup
57 "dut_to_tg_if1_ip": "16.0.0.2",
58 "dut_to_tg_if2_ip": "192.168.0.2",
60 "gateway": "192.168.0.1",
62 "classify_src_net": "16.0.2.0",
63 "classify_dst_net": "16.0.3.0",
64 # IPs in classified networks
65 "classify_src": "16.0.2.1",
66 "classify_dst": "16.0.3.1",
69 # Override control packet addresses with IPv6
73 # IPs for DUT interface setup
74 "dut_to_tg_if1_ip": "10::2",
75 "dut_to_tg_if2_ip": "20::2",
79 "classify_src_net": "12::",
80 "classify_dst_net": "13::",
81 # IPs in classified networks
82 "classify_src": "12::1",
83 "classify_dst": "13::1",
86 # IPs for DUT interface and route setup
87 "dut_to_tg_if1_ip": "16.0.0.2",
88 "dut_to_tg_if2_ip": "192.168.0.2",
90 "gateway": "192.168.0.1",
91 "classify_dst_net": "16.0.3.0",
92 # Ports in classified ranges
93 "classify_src": 60000,
94 "classify_dst": 61000,
97 # IPs for DUT interface and route setup
98 "dut_to_tg_if1_ip": "16.0.0.2",
99 "dut_to_tg_if2_ip": "192.168.0.2",
101 "gateway": "192.168.0.1",
102 "classify_dst_net": "16.0.3.0",
103 # IPs in classified networks
104 "classify_src_ip": "16.0.2.1",
105 "classify_dst_ip": "16.0.3.1",
106 # Ports in classified ranges
107 "classify_src_port": 60000,
108 "classify_dst_port": 61000,
111 # ICMP code and type for control packet
114 # classified ICMP code and type
120 # Override control packet addresses with IPv6
124 # IPs for DUT interface setup
125 "dut_to_tg_if1_ip": "10::2",
126 "dut_to_tg_if2_ip": "20::2",
129 # ICMP code and type for control packet
132 # classified ICMP code and type
138 # IPs for DUT interface setup
139 "dut_to_tg_if1_ip": "16.0.0.2",
140 "dut_to_tg_if2_ip": "192.168.0.2",
142 "gateway": "192.168.0.1",
143 "gateway2": "192.168.0.1",
144 # classified networks
145 "classify_src_net": "16.0.2.0",
146 "classify_dst_net": "16.0.3.0",
147 # IPs in classified networks
148 "classify_src": "16.0.2.1",
149 "classify_dst": "16.0.3.1",
154 # ACL configuration for L2 tests
158 "vpp-acl:vpp-macip-acl",
160 "access-list-entries": {"ace": [
162 "rule-name": "rule1",
164 "vpp-macip-ace-nodes": {
165 "source-mac-address":
166 test_vars["macip"]["classify_src"],
167 "source-mac-address-mask":
168 test_vars["macip"]["src_mask"],
169 "source-ipv4-network": "16.0.0.0/24"
177 "rule-name": "rule_all",
179 "vpp-macip-ace-nodes": {
180 "source-mac-address":
181 test_vars["macip"]["classify_src"],
182 "source-mac-address-mask": "00:00:00:00:00:00",
183 "source-ipv4-network": "0.0.0.0/0"
193 # ACL configuration for L3 IPv4 tests
199 "access-list-entries": {"ace": [
201 "rule-name": "rule1",
204 "source-ipv4-network":
206 test_vars["l3_ip4"]["classify_src_net"],
207 test_vars["l3_ip4"]["prefix_length"]),
208 "destination-ipv4-network":
210 test_vars["l3_ip4"]["classify_dst_net"],
211 test_vars["l3_ip4"]["prefix_length"]),
213 "source-port-range": {
215 "upper-port": "65535"
217 "destination-port-range": {
219 "upper-port": "65535"
229 "rule-name": "rule_all",
232 "source-ipv4-network": "0.0.0.0/0",
233 "destination-ipv4-network": "0.0.0.0/0",
243 # ACL settings for L3 IPv6 tests
249 "access-list-entries": {"ace": [
251 "rule-name": "rule1",
254 "source-ipv6-network":
256 test_vars["l3_ip6"]["classify_src_net"],
257 test_vars["l3_ip6"]["prefix_length"]),
258 "destination-ipv6-network":
260 test_vars["l3_ip6"]["classify_dst_net"],
261 test_vars["l3_ip6"]["prefix_length"]),
263 "source-port-range": {
265 "upper-port": "65535"
267 "destination-port-range": {
269 "upper-port": "65535"
279 "rule-name": "rule_all",
282 "source-ipv6-network": "0::0/0",
283 "destination-ipv6-network": "0::0/0",
293 # ACL configuration for L4 tests
299 "access-list-entries": {"ace": [{
300 "rule-name": "rule1",
303 "source-ipv4-network": "0.0.0.0/0",
305 "destination-port-range": {
307 test_vars["l4"]["classify_dst"],
309 test_vars["l4"]["classify_dst"] + 10
311 "source-port-range": {
313 test_vars["l4"]["classify_src"],
315 test_vars["l4"]["classify_src"] + 10
325 "rule-name": "rule_all",
328 "source-ipv4-network": "0.0.0.0/0",
329 "destination-ipv4-network": "0.0.0.0/0",
344 "access-list-entries": {"ace": [{
345 "rule-name": "ports",
348 "source-ipv4-network": "0.0.0.0/0",
350 "destination-port-range": {
352 test_vars["l4"]["classify_dst"],
354 test_vars["l4"]["classify_dst"] + 10
356 "source-port-range": {
358 test_vars["l4"]["classify_src"],
360 test_vars["l4"]["classify_src"] + 10
370 "rule-name": "rule_all",
373 "source-ipv4-network": "0.0.0.0/0",
374 "destination-ipv4-network": "0.0.0.0/0",
389 "access-list-entries": {"ace": [
391 "rule-name": "rule1",
394 "source-ipv4-network": "0.0.0.0/0",
412 "rule-name": "rule_all",
415 "source-ipv4-network": "0.0.0.0/0",
416 "destination-ipv4-network": "0.0.0.0/0",
431 "access-list-entries": {"ace": [
433 "rule-name": "rule1",
436 "source-ipv6-network": "::/0",
454 "rule-name": "rule_all",
457 "source-ipv6-network": "0::0/0",
458 "destination-ipv6-network": "0::0/0",
473 "access-list-entries": {"ace": [
475 "rule-name": "rule1",
478 "source-ipv4-network":
480 test_vars["reflex"]["classify_dst_net"],
481 test_vars["reflex"]["prefix_length"]),
482 "destination-ipv4-network":
484 test_vars["reflex"]["classify_src_net"],
485 test_vars["reflex"]["prefix_length"]),
489 "vpp-acl:permit-and-reflect": ["null"]
500 "access-list-entries": {"ace": [
502 "rule-name": "rule_all",
505 "source-ipv4-network": "0.0.0.0/0",
506 "destination-ipv4-network": "0.0.0.0/0",
520 ret_vars.update(variables)
521 ret_vars.update(test_vars[test_case])
523 {"acl_settings": acl_data[test_case]}
527 "Unrecognized test case {0}. Valid options are: {1}".format(
528 test_case, acl_data.keys()))