1 # Copyright (c) 2017 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
6 # http://www.apache.org/licenses/LICENSE-2.0
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
14 """Test variables for ACL-plugin test suite."""
17 def get_variables(test_case, name):
18 """Create and return a dictionary of test variables for the specified
21 :param test_case: Determines which test variables to return.
22 :param name: Name for the classify chain used in test.
26 :returns: Dictionary of test variables - settings for Honeycomb's
27 ietf-acl node and packet fields to use in verification.
29 :raises KeyError: If the test_case parameter is incorrect.
32 test_case = test_case.lower()
34 # Variables for control packet
37 "dst_net": "16.0.1.0",
40 "src_mac": "01:02:03:04:05:06",
41 "dst_mac": "10:20:30:40:50:60"}
45 # MACs classified directly
46 "classify_src": "12:23:34:45:56:67",
47 "classify_dst": "89:9A:AB:BC:CD:DE",
48 # MACs classified through mask
49 "classify_src2": "01:02:03:04:56:67",
50 "classify_dst2": "89:9A:AB:BC:50:60",
51 "src_mask": "00:00:00:00:FF:FF",
52 "dst_mask": "FF:FF:FF:FF:00:00"
55 # IPs for DUT interface setup
56 "dut_to_tg_if1_ip": "16.0.0.2",
57 "dut_to_tg_if2_ip": "192.168.0.2",
59 "gateway": "192.168.0.1",
61 "classify_src_net": "16.0.2.0",
62 "classify_dst_net": "16.0.3.0",
63 # IPs in classified networks
64 "classify_src": "16.0.2.1",
65 "classify_dst": "16.0.3.1",
68 # Override control packet addresses with IPv6
72 # IPs for DUT interface setup
73 "dut_to_tg_if1_ip": "10::2",
74 "dut_to_tg_if2_ip": "20::2",
78 "classify_src_net": "12::",
79 "classify_dst_net": "13::",
80 # IPs in classified networks
81 "classify_src": "12::1",
82 "classify_dst": "13::1",
85 # IPs for DUT interface and route setup
86 "dut_to_tg_if1_ip": "16.0.0.2",
87 "dut_to_tg_if2_ip": "192.168.0.2",
89 "gateway": "192.168.0.1",
90 "classify_dst_net": "16.0.3.0",
91 # Ports in classified ranges
92 "classify_src": 60000,
93 "classify_dst": 61000,
96 # IPs for DUT interface and route setup
97 "dut_to_tg_if1_ip": "16.0.0.2",
98 "dut_to_tg_if2_ip": "192.168.0.2",
100 "gateway": "192.168.0.1",
101 "classify_dst_net": "16.0.3.0",
102 # IPs in classified networks
103 "classify_src_ip": "16.0.2.1",
104 "classify_dst_ip": "16.0.3.1",
105 # Ports in classified ranges
106 "classify_src_port": 60000,
107 "classify_dst_port": 61000,
110 # ICMP code and type for control packet
113 # classified ICMP code and type
119 # Override control packet addresses with IPv6
123 # ICMP code and type for control packet
126 # classified ICMP code and type
132 # IPs for DUT interface setup
133 "dut_to_tg_if1_ip": "16.0.0.2",
134 "dut_to_tg_if2_ip": "192.168.0.2",
136 "gateway": "192.168.0.1",
137 "gateway2": "192.168.0.1",
138 # classified networks
139 "classify_src_net": "16.0.2.0",
140 "classify_dst_net": "16.0.3.0",
141 # IPs in classified networks
142 "classify_src": "16.0.2.1",
143 "classify_dst": "16.0.3.1",
148 # ACL configuration for L2 tests
152 "vpp-acl:vpp-macip-acl",
154 "access-list-entries": {"ace": [
156 "rule-name": "rule1",
158 "vpp-macip-ace-nodes": {
159 "source-mac-address":
160 test_vars["macip"]["classify_src"],
161 "source-mac-address-mask":
162 test_vars["macip"]["src_mask"],
163 "source-ipv4-network": "16.0.0.0/24"
171 "rule-name": "rule_all",
173 "vpp-macip-ace-nodes": {
174 "source-mac-address":
175 test_vars["macip"]["classify_src"],
176 "source-mac-address-mask": "00:00:00:00:00:00",
177 "source-ipv4-network": "0.0.0.0/0"
187 # ACL configuration for L3 IPv4 tests
193 "access-list-entries": {"ace": [
195 "rule-name": "rule1",
198 "source-ipv4-network":
200 test_vars["l3_ip4"]["classify_src_net"],
201 test_vars["l3_ip4"]["prefix_length"]),
202 "destination-ipv4-network":
204 test_vars["l3_ip4"]["classify_dst_net"],
205 test_vars["l3_ip4"]["prefix_length"]),
207 "source-port-range": {
209 "upper-port": "65535"
211 "destination-port-range": {
213 "upper-port": "65535"
223 "rule-name": "rule_all",
226 "source-ipv4-network": "0.0.0.0/0",
227 "destination-ipv4-network": "0.0.0.0/0",
237 # ACL settings for L3 IPv6 tests
243 "access-list-entries": {"ace": [
245 "rule-name": "rule1",
248 "source-ipv6-network":
250 test_vars["l3_ip6"]["classify_src_net"],
251 test_vars["l3_ip6"]["prefix_length"]),
252 "destination-ipv6-network":
254 test_vars["l3_ip6"]["classify_dst_net"],
255 test_vars["l3_ip6"]["prefix_length"]),
257 "source-port-range": {
259 "upper-port": "65535"
261 "destination-port-range": {
263 "upper-port": "65535"
273 "rule-name": "rule_all",
276 "source-ipv6-network": "0::0/0",
277 "destination-ipv6-network": "0::0/0",
287 # ACL configuration for L4 tests
293 "access-list-entries": {"ace": [{
294 "rule-name": "rule1",
298 "destination-port-range": {
300 test_vars["l4"]["classify_dst"],
302 test_vars["l4"]["classify_dst"] + 10
304 "source-port-range": {
306 test_vars["l4"]["classify_src"],
308 test_vars["l4"]["classify_src"] + 10
318 "rule-name": "rule_all",
321 "source-ipv4-network": "0.0.0.0/0",
322 "destination-ipv4-network": "0.0.0.0/0",
337 "access-list-entries": {"ace": [{
338 "rule-name": "ports",
342 "destination-port-range": {
344 test_vars["l4"]["classify_dst"],
346 test_vars["l4"]["classify_dst"] + 10
348 "source-port-range": {
350 test_vars["l4"]["classify_src"],
352 test_vars["l4"]["classify_src"] + 10
362 "rule-name": "rule_all",
365 "source-ipv4-network": "0.0.0.0/0",
366 "destination-ipv4-network": "0.0.0.0/0",
381 "access-list-entries": {"ace": [
383 "rule-name": "rule1",
403 "rule-name": "rule_all",
406 "source-ipv4-network": "0.0.0.0/0",
407 "destination-ipv4-network": "0.0.0.0/0",
422 "access-list-entries": {"ace": [
424 "rule-name": "rule1",
444 "rule-name": "rule_all",
447 "source-ipv6-network": "0::0/0",
448 "destination-ipv6-network": "0::0/0",
463 "access-list-entries": {"ace": [
465 "rule-name": "rule1",
468 "source-ipv4-network":
470 test_vars["reflex"]["classify_dst_net"],
471 test_vars["reflex"]["prefix_length"]),
472 "destination-ipv4-network":
474 test_vars["reflex"]["classify_src_net"],
475 test_vars["reflex"]["prefix_length"]),
479 # TODO: will be renamed in HC2VPP-57
491 "access-list-entries": {"ace": [
493 "rule-name": "rule_all",
496 "source-ipv4-network": "0.0.0.0/0",
497 "destination-ipv4-network": "0.0.0.0/0",
511 ret_vars.update(variables)
512 ret_vars.update(test_vars[test_case])
514 {"acl_settings": acl_data[test_case]}
518 "Unrecognized test case {0}. Valid options are: {1}".format(
519 test_case, acl_data.keys()))