1 # Copyright (c) 2017 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
6 # http://www.apache.org/licenses/LICENSE-2.0
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
14 """Test variables for ACL-plugin test suite."""
17 def get_variables(test_case, name):
18 """Create and return a dictionary of test variables for the specified
21 :param test_case: Determines which test variables to return.
22 :param name: Name for the classify chain used in test.
26 :returns: Dictionary of test variables - settings for Honeycomb's
27 ietf-acl node and packet fields to use in verification.
29 :raises KeyError: If the test_case parameter is incorrect.
32 test_case = test_case.lower()
34 # Variables for control packet
37 "src_net": "16.0.0.0",
38 "dst_net": "16.0.1.0",
41 "src_mac": "01:02:03:04:05:06",
42 "dst_mac": "10:20:30:40:50:60"}
46 # MACs classified directly
47 "classify_src": "12:23:34:45:56:67",
48 "classify_dst": "89:9A:AB:BC:CD:DE",
49 # MACs classified through mask
50 "classify_src2": "01:02:03:04:56:67",
51 "classify_dst2": "89:9A:AB:BC:50:60",
52 "src_mask": "00:00:00:00:FF:FF",
53 "dst_mask": "FF:FF:FF:FF:00:00"
56 # IPs for DUT interface setup
57 "dut_to_tg_if1_ip": "16.0.0.2",
58 "dut_to_tg_if2_ip": "192.168.0.2",
60 "gateway": "192.168.0.1",
62 "classify_src_net": "16.0.2.0",
63 "classify_dst_net": "16.0.3.0",
64 # IPs in classified networks
65 "classify_src": "16.0.2.1",
66 "classify_dst": "16.0.3.1",
69 # Override control packet addresses with IPv6
73 # IPs for DUT interface setup
74 "dut_to_tg_if1_ip": "10::2",
75 "dut_to_tg_if2_ip": "20::2",
79 "classify_src_net": "12::",
80 "classify_dst_net": "13::",
81 # IPs in classified networks
82 "classify_src": "12::1",
83 "classify_dst": "13::1",
86 # IPs for DUT interface and route setup
87 "dut_to_tg_if1_ip": "16.0.0.2",
88 "dut_to_tg_if2_ip": "192.168.0.2",
90 "gateway": "192.168.0.1",
91 "classify_dst_net": "16.0.3.0",
92 # Ports in classified ranges
93 "classify_src": 60000,
94 "classify_dst": 61000,
97 # IPs for DUT interface and route setup
98 "dut_to_tg_if1_ip": "16.0.0.2",
99 "dut_to_tg_if2_ip": "192.168.0.2",
101 "gateway": "192.168.0.1",
102 "classify_dst_net": "16.0.3.0",
103 # IPs in classified networks
104 "classify_src_ip": "16.0.2.1",
105 "classify_dst_ip": "16.0.3.1",
106 # Ports in classified ranges
107 "classify_src_port": 60000,
108 "classify_dst_port": 61000,
111 # ICMP code and type for control packet
114 # classified ICMP code and type
120 # Override control packet addresses with IPv6
124 # IPs for DUT interface setup
125 "dut_to_tg_if1_ip": "10::2",
126 "dut_to_tg_if2_ip": "20::2",
129 # ICMP code and type for control packet
132 # classified ICMP code and type
138 # IPs for DUT interface setup
139 "dut_to_tg_if1_ip": "16.0.0.2",
140 "dut_to_tg_if2_ip": "192.168.0.2",
142 "gateway": "192.168.0.1",
143 "gateway2": "192.168.0.1",
144 # classified networks
145 "classify_src_net": "16.0.2.0",
146 "classify_dst_net": "16.0.3.0",
147 # IPs in classified networks
148 "classify_src": "16.0.2.1",
149 "classify_dst": "16.0.3.1",
154 # ACL configuration for L2 tests
159 "type": "vpp-acl:vpp-macip-acl",
167 "source-mac-address": test_vars["macip"]["classify_src"],
168 "source-mac-address-mask": test_vars["macip"]["src_mask"]
172 "source-ipv4-network": "16.0.0.0/24"
177 "forwarding": "ietf-access-control-list:drop"
185 "source-mac-address": test_vars["macip"]["classify_src"],
186 "source-mac-address-mask": "00:00:00:00:00:00"
190 "source-ipv4-network": "0.0.0.0/0"
194 "forwarding": "ietf-access-control-list:accept"
201 # ACL configuration for L3 IPv4 tests
206 "type": "vpp-acl:vpp-acl",
213 "destination-ipv4-network": "{0}/{1}".format(
214 test_vars["l3_ip4"]["classify_dst_net"],
215 test_vars["l3_ip4"]["prefix_length"]),
216 "source-ipv4-network": "{0}/{1}".format(
217 test_vars["l3_ip4"]["classify_src_net"],
218 test_vars["l3_ip4"]["prefix_length"])
223 "upper-port": "65535"
225 "destination-port": {
227 "upper-port": "65535"
232 "forwarding": "ietf-access-control-list:drop"
239 "destination-ipv4-network": "0.0.0.0/0",
240 "source-ipv4-network": "0.0.0.0/0"
244 "forwarding": "ietf-access-control-list:accept"
252 # ACL settings for L3 IPv6 tests
257 "type": "vpp-acl:vpp-acl",
264 "destination-ipv6-network": "{0}/{1}".format(
265 test_vars["l3_ip6"]["classify_dst_net"],
266 test_vars["l3_ip6"]["prefix_length"]),
267 "source-ipv6-network": "{0}/{1}".format(
268 test_vars["l3_ip6"]["classify_src_net"],
269 test_vars["l3_ip6"]["prefix_length"])
274 "upper-port": "65535"
276 "destination-port": {
278 "upper-port": "65535"
283 "forwarding": "ietf-access-control-list:drop"
290 "destination-ipv6-network": "0::0/0",
291 "source-ipv6-network": "0::0/0"
295 "forwarding": "ietf-access-control-list:accept"
303 # ACL configuration for L4 tests
308 "type": "vpp-acl:vpp-acl",
315 "source-ipv4-network": "0.0.0.0/0"
319 "lower-port": test_vars["l4"]["classify_src"],
320 "upper-port": test_vars["l4"]["classify_src"] + 10
323 "lower-port": test_vars["l4"]["classify_dst"],
324 "upper-port": test_vars["l4"]["classify_dst"] + 10
329 "forwarding": "ietf-access-control-list:drop"
336 "source-ipv4-network": "0.0.0.0/0",
337 "destination-ipv4-network": "0.0.0.0/0"
341 "forwarding": "ietf-access-control-list:accept"
353 "type": "vpp-acl:vpp-acl",
360 "source-ipv4-network": "0.0.0.0/0"
364 "lower-port": test_vars["l4"]["classify_src"],
365 "upper-port": test_vars["l4"]["classify_src"] + 10
368 "lower-port": test_vars["l4"]["classify_dst"],
369 "upper-port": test_vars["l4"]["classify_dst"] + 10
374 "forwarding": "ietf-access-control-list:drop"
381 "destination-ipv4-network": "0.0.0.0/0",
382 "source-ipv4-network": "0.0.0.0/0"
386 "forwarding": "ietf-access-control-list:accept"
398 "type": "vpp-acl:vpp-acl",
405 "source-ipv4-network": "0.0.0.0/0"
408 "vpp-acl:vpp-icmp-ace": {
409 "vpp-acl:icmp-type-range": {
413 "vpp-acl:icmp-code-range": {
421 "forwarding": "ietf-access-control-list:drop"
428 "source-ipv4-network": "0.0.0.0/0",
429 "destination-ipv4-network": "0.0.0.0/0"
433 "forwarding": "ietf-access-control-list:accept"
445 "type": "vpp-acl:vpp-acl",
452 "source-ipv6-network": "::/0",
455 "vpp-acl:vpp-icmp-ace": {
456 "vpp-acl:icmp-type-range": {
460 "vpp-acl:icmp-code-range": {
468 "forwarding": "ietf-access-control-list:drop"
475 "destination-ipv6-network": "0::0/0",
476 "source-ipv6-network": "::/0",
480 "forwarding": "ietf-access-control-list:accept"
492 "type": "vpp-acl:vpp-acl",
499 "destination-ipv4-network": "{0}/{1}".format(
500 test_vars["reflex"]["classify_src_net"],
501 test_vars["reflex"]["prefix_length"]),
502 "source-ipv4-network": "{0}/{1}".format(
503 test_vars["reflex"]["classify_dst_net"],
504 test_vars["reflex"]["prefix_length"])
508 "forwarding": "vpp-acl:accept-and-reflect"
520 "type": "vpp-acl:vpp-acl",
527 "destination-ipv4-network": "0.0.0.0/0",
528 "source-ipv4-network": "0.0.0.0/0"
532 "forwarding": "ietf-access-control-list:drop"
544 ret_vars.update(variables)
545 ret_vars.update(test_vars[test_case])
547 {"acl_settings": acl_data[test_case]}
551 "Unrecognized test case {0}. Valid options are: {1}".format(
552 test_case, acl_data.keys()))