1 # Copyright (c) 2017 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
6 # http://www.apache.org/licenses/LICENSE-2.0
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
14 """Test variables for ACL-plugin test suite."""
17 def get_variables(test_case, name):
18 """Create and return a dictionary of test variables for the specified
21 :param test_case: Determines which test variables to return.
22 :param name: Name for the classify chain used in test.
26 :returns: Dictionary of test variables - settings for Honeycomb's
27 ietf-acl node and packet fields to use in verification.
29 :raises KeyError: If the test_case parameter is incorrect.
32 test_case = test_case.lower()
34 # Variables for control packet
37 "src_net": "16.0.0.0",
38 "dst_net": "16.0.1.0",
41 "src_mac": "01:02:03:04:05:06",
42 "dst_mac": "10:20:30:40:50:60"}
46 # MACs classified directly
47 "classify_src": "12:23:34:45:56:67",
48 "classify_dst": "89:9A:AB:BC:CD:DE",
49 # MACs classified through mask
50 "classify_src2": "01:02:03:04:56:67",
51 "classify_dst2": "89:9A:AB:BC:50:60",
52 "src_mask": "00:00:00:00:FF:FF",
53 "dst_mask": "FF:FF:FF:FF:00:00"
56 # IPs for DUT interface setup
57 "dut_to_tg_if1_ip": "16.0.0.2",
58 "dut_to_tg_if2_ip": "192.168.0.2",
60 "gateway": "192.168.0.1",
62 "classify_src_net": "16.0.2.0",
63 "classify_dst_net": "16.0.3.0",
64 # IPs in classified networks
65 "classify_src": "16.0.2.1",
66 "classify_dst": "16.0.3.1",
69 # Override control packet addresses with IPv6
73 # IPs for DUT interface setup
74 "dut_to_tg_if1_ip": "10::2",
75 "dut_to_tg_if2_ip": "20::2",
79 "classify_src_net": "12::",
80 "classify_dst_net": "13::",
81 # IPs in classified networks
82 "classify_src": "12::1",
83 "classify_dst": "13::1",
86 # IPs for DUT interface and route setup
87 "dut_to_tg_if1_ip": "16.0.0.2",
88 "dut_to_tg_if2_ip": "192.168.0.2",
90 "gateway": "192.168.0.1",
91 "classify_dst_net": "16.0.3.0",
92 # Ports in classified ranges
93 "classify_src": 60000,
94 "classify_dst": 61000,
97 # IPs for DUT interface and route setup
98 "dut_to_tg_if1_ip": "16.0.0.2",
99 "dut_to_tg_if2_ip": "192.168.0.2",
101 "gateway": "192.168.0.1",
102 "classify_dst_net": "16.0.3.0",
103 # IPs in classified networks
104 "classify_src_ip": "16.0.2.1",
105 "classify_dst_ip": "16.0.3.1",
106 # Ports in classified ranges
107 "classify_src_port": 60000,
108 "classify_dst_port": 61000,
111 # ICMP code and type for control packet
114 # classified ICMP code and type
120 # Override control packet addresses with IPv6
124 # IPs for DUT interface setup
125 "dut_to_tg_if1_ip": "10::2",
126 "dut_to_tg_if2_ip": "20::2",
129 # classified networks
130 "classify_src_net": "12::",
131 "classify_dst_net": "13::",
132 # ICMP code and type for control packet
135 # classified ICMP code and type
141 # IPs for DUT interface setup
142 "dut_to_tg_if1_ip": "16.0.0.2",
143 "dut_to_tg_if2_ip": "192.168.0.2",
145 "gateway": "192.168.0.1",
146 "gateway2": "192.168.0.1",
147 # classified networks
148 "classify_src_net": "16.0.2.0",
149 "classify_dst_net": "16.0.3.0",
150 # IPs in classified networks
151 "classify_src": "16.0.2.1",
152 "classify_dst": "16.0.3.1",
157 # ACL configuration for L2 tests
162 "type": "vpp-acl:vpp-macip-acl",
170 "source-mac-address": test_vars["macip"]["classify_src"],
171 "source-mac-address-mask": test_vars["macip"]["src_mask"]
175 "source-ipv4-network": "16.0.0.0/24"
180 "forwarding": "ietf-access-control-list:drop"
188 "source-mac-address": test_vars["macip"]["classify_src"],
189 "source-mac-address-mask": "00:00:00:00:00:00"
193 "source-ipv4-network": "0.0.0.0/0"
197 "forwarding": "ietf-access-control-list:accept"
204 # ACL configuration for L3 IPv4 tests
209 "type": "vpp-acl:vpp-acl",
216 "destination-ipv4-network": "{0}/{1}".format(
217 test_vars["l3_ip4"]["classify_dst_net"],
218 test_vars["l3_ip4"]["prefix_length"]),
219 "source-ipv4-network": "{0}/{1}".format(
220 test_vars["l3_ip4"]["classify_src_net"],
221 test_vars["l3_ip4"]["prefix_length"])
226 "upper-port": "65535"
228 "destination-port": {
230 "upper-port": "65535"
235 "forwarding": "ietf-access-control-list:drop"
242 "destination-ipv4-network": "0.0.0.0/0",
243 "source-ipv4-network": "0.0.0.0/0"
247 "forwarding": "ietf-access-control-list:accept"
255 # ACL settings for L3 IPv6 tests
260 "type": "vpp-acl:vpp-acl",
267 "destination-ipv6-network": "{0}/{1}".format(
268 test_vars["l3_ip6"]["classify_dst_net"],
269 test_vars["l3_ip6"]["prefix_length"]),
270 "source-ipv6-network": "{0}/{1}".format(
271 test_vars["l3_ip6"]["classify_src_net"],
272 test_vars["l3_ip6"]["prefix_length"])
277 "upper-port": "65535"
279 "destination-port": {
281 "upper-port": "65535"
286 "forwarding": "ietf-access-control-list:drop"
293 "destination-ipv6-network": "0::0/0",
294 "source-ipv6-network": "0::0/0"
298 "forwarding": "ietf-access-control-list:accept"
306 # ACL configuration for L4 tests
311 "type": "vpp-acl:vpp-acl",
318 "source-ipv4-network": "0.0.0.0/0"
322 "lower-port": test_vars["l4"]["classify_src"],
323 "upper-port": test_vars["l4"]["classify_src"] + 10
326 "lower-port": test_vars["l4"]["classify_dst"],
327 "upper-port": test_vars["l4"]["classify_dst"] + 10
332 "forwarding": "ietf-access-control-list:drop"
339 "source-ipv4-network": "0.0.0.0/0",
340 "destination-ipv4-network": "0.0.0.0/0"
344 "forwarding": "ietf-access-control-list:accept"
356 "type": "vpp-acl:vpp-acl",
363 "source-ipv4-network": "0.0.0.0/0"
367 "lower-port": test_vars["l4"]["classify_src"],
368 "upper-port": test_vars["l4"]["classify_src"] + 10
371 "lower-port": test_vars["l4"]["classify_dst"],
372 "upper-port": test_vars["l4"]["classify_dst"] + 10
377 "forwarding": "ietf-access-control-list:drop"
384 "destination-ipv4-network": "0.0.0.0/0",
385 "source-ipv4-network": "0.0.0.0/0"
389 "forwarding": "ietf-access-control-list:accept"
401 "type": "vpp-acl:vpp-acl",
408 "source-ipv4-network": "0.0.0.0/0"
411 "vpp-acl:vpp-icmp-ace": {
412 "vpp-acl:icmp-type-range": {
416 "vpp-acl:icmp-code-range": {
424 "forwarding": "ietf-access-control-list:drop"
431 "source-ipv4-network": "0.0.0.0/0",
432 "destination-ipv4-network": "0.0.0.0/0"
436 "forwarding": "ietf-access-control-list:accept"
448 "type": "vpp-acl:vpp-acl",
455 "source-ipv6-network": "::/0",
458 "vpp-acl:vpp-icmp-ace": {
459 "vpp-acl:icmp-type-range": {
463 "vpp-acl:icmp-code-range": {
471 "forwarding": "ietf-access-control-list:drop"
478 "destination-ipv6-network": "0::0/0",
479 "source-ipv6-network": "::/0",
483 "forwarding": "ietf-access-control-list:accept"
495 "type": "vpp-acl:vpp-acl",
502 "destination-ipv4-network": "{0}/{1}".format(
503 test_vars["reflex"]["classify_src_net"],
504 test_vars["reflex"]["prefix_length"]),
505 "source-ipv4-network": "{0}/{1}".format(
506 test_vars["reflex"]["classify_dst_net"],
507 test_vars["reflex"]["prefix_length"])
511 "forwarding": "vpp-acl:accept-and-reflect"
523 "type": "vpp-acl:vpp-acl",
530 "destination-ipv4-network": "0.0.0.0/0",
531 "source-ipv4-network": "0.0.0.0/0"
535 "forwarding": "ietf-access-control-list:drop"
547 ret_vars.update(variables)
548 ret_vars.update(test_vars[test_case])
550 {"acl_settings": acl_data[test_case]}
554 "Unrecognized test case {0}. Valid options are: {1}".format(
555 test_case, acl_data.keys()))