2 """ACL IRB Test Case HLD:
5 - L2 MAC learning enabled in l2bd
6 - 2 routed interfaces untagged, bvi (Bridge Virtual Interface)
7 - 2 bridged interfaces in l2bd with bvi
10 - sending ip4 eth pkts between routed interfaces
12 - 2 bridged interfaces
14 - 64B, 512B, 1518B, 9200B (ether_size)
16 - burst of pkts per interface
18 - routed pkts hitting different FIB entries
19 - bridged pkts hitting different MAC entries
22 - all packets received correctly
27 from socket import inet_pton, AF_INET, AF_INET6
28 from random import choice
29 from pprint import pprint
31 from scapy.packet import Raw
32 from scapy.layers.l2 import Ether
33 from scapy.layers.inet import IP, UDP, ICMP, TCP
34 from scapy.layers.inet6 import IPv6, ICMPv6Unknown, ICMPv6EchoRequest
35 from scapy.layers.inet6 import ICMPv6EchoReply, IPv6ExtHdrRouting
37 from framework import VppTestCase, VppTestRunner
41 class TestIpIrb(VppTestCase):
47 #. Create BD with MAC learning enabled and put interfaces to this BD.
48 #. Configure IPv4 addresses on loopback interface and routed interface.
49 #. Configure MAC address binding to IPv4 neighbors on loop0.
50 #. Configure MAC address on pg2.
51 #. Loopback BVI interface has remote hosts, one half of hosts are
52 behind pg0 second behind pg1.
54 super(TestIpIrb, cls).setUpClass()
56 cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes
58 cls.remote_hosts_count = 250
60 # create 3 pg interfaces, 1 loopback interface
61 cls.create_pg_interfaces(range(3))
62 cls.create_loopback_interfaces(range(1))
64 cls.interfaces = list(cls.pg_interfaces)
65 cls.interfaces.extend(cls.lo_interfaces)
67 for i in cls.interfaces:
70 # Create BD with MAC learning enabled and put interfaces to this BD
71 cls.vapi.sw_interface_set_l2_bridge(
72 cls.loop0.sw_if_index, bd_id=cls.bd_id, bvi=1)
73 cls.vapi.sw_interface_set_l2_bridge(
74 cls.pg0.sw_if_index, bd_id=cls.bd_id)
75 cls.vapi.sw_interface_set_l2_bridge(
76 cls.pg1.sw_if_index, bd_id=cls.bd_id)
78 # Configure IPv4 addresses on loopback interface and routed interface
79 cls.loop0.config_ip4()
80 cls.loop0.config_ip6()
84 # Configure MAC address binding to IPv4 neighbors on loop0
85 cls.loop0.generate_remote_hosts(cls.remote_hosts_count)
86 cls.loop0.configure_ipv4_neighbors()
87 cls.loop0.configure_ipv6_neighbors()
88 # configure MAC address on pg2
92 cls.WITHOUT_EH = False
95 # Loopback BVI interface has remote hosts, one half of hosts are behind
96 # pg0 second behind pg1
97 half = cls.remote_hosts_count // 2
98 cls.pg0.remote_hosts = cls.loop0.remote_hosts[:half]
99 cls.pg1.remote_hosts = cls.loop0.remote_hosts[half:]
102 """Run standard test teardown and log ``show l2patch``,
103 ``show l2fib verbose``,``show bridge-domain <bd_id> detail``,
106 super(TestIpIrb, self).tearDown()
107 if not self.vpp_dead:
108 self.logger.info(self.vapi.cli("show l2patch"))
109 self.logger.info(self.vapi.cli("show classify tables"))
110 self.logger.info(self.vapi.cli("show vlib graph"))
111 self.logger.info(self.vapi.cli("show l2fib verbose"))
112 self.logger.info(self.vapi.cli("show bridge-domain %s detail" %
114 self.logger.info(self.vapi.cli("show ip arp"))
115 self.logger.info(self.vapi.cli("show ip6 neighbors"))
116 self.logger.info(self.vapi.cli("show acl-plugin sessions"))
118 def api_acl_add_replace(self, acl_index, r, count, tag="",
120 """Add/replace an ACL
122 :param int acl_index: ACL index to replace, 4294967295 to create new.
123 :param acl_rule r: ACL rules array.
124 :param str tag: symbolic tag (description) for this ACL.
125 :param int count: number of rules.
127 return self.vapi.api(self.vapi.papi.acl_add_replace,
128 {'acl_index': acl_index,
132 }, expected_retval=expected_retval)
134 def api_acl_interface_set_acl_list(self, sw_if_index, count, n_input, acls,
136 return self.vapi.api(self.vapi.papi.acl_interface_set_acl_list,
137 {'sw_if_index': sw_if_index,
141 }, expected_retval=expected_retval)
143 def api_acl_dump(self, acl_index, expected_retval=0):
144 return self.vapi.api(self.vapi.papi.acl_dump,
145 {'acl_index': acl_index},
146 expected_retval=expected_retval)
148 def create_stream(self, src_ip_if, dst_ip_if, reverse, packet_sizes,
149 is_ip6, expect_blocked, expect_established,
150 add_extension_header):
154 permit_and_reflect_rules = []
155 total_packet_count = 8
156 for i in range(0, total_packet_count):
158 can_reflect_this_packet = (modulo == 0)
160 remote_dst_index = i % len(dst_ip_if.remote_hosts)
161 remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index]
163 info = self.create_packet_info(src_ip_if, dst_ip_if)
164 payload = self.info_to_payload(info)
166 to_be_blocked = False
167 if (expect_blocked and not expect_established):
169 if (not can_reflect_this_packet):
172 payload = "to be blocked"
174 info = self.create_packet_info(src_ip_if, dst_ip_if)
175 payload = self.info_to_payload(info)
177 dst_mac = 'de:ad:00:00:00:00'
178 src_mac = remote_dst_host._mac
179 dst_ip6 = src_ip_if.remote_ip6
180 src_ip6 = remote_dst_host.ip6
181 dst_ip4 = src_ip_if.remote_ip4
182 src_ip4 = remote_dst_host.ip4
186 dst_mac = src_ip_if.local_mac
187 src_mac = src_ip_if.remote_mac
188 src_ip6 = src_ip_if.remote_ip6
189 dst_ip6 = remote_dst_host.ip6
190 src_ip4 = src_ip_if.remote_ip4
191 dst_ip4 = remote_dst_host.ip4
195 # default ULP should be something we do not use in tests
196 ulp_l4 = TCP(sport=src_l4, dport=dst_l4)
197 # potentially a chain of protocols leading to ULP
200 if can_reflect_this_packet:
202 ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
203 if add_extension_header:
204 # prepend some extension headers
205 ulp = (IPv6ExtHdrRouting() / IPv6ExtHdrRouting() /
206 IPv6ExtHdrRouting() / ulp_l4)
207 # uncomment below to test invalid ones
208 # ulp = IPv6ExtHdrRouting(len = 200) / ulp_l4
211 p = (Ether(dst=dst_mac, src=src_mac) /
212 IPv6(src=src_ip6, dst=dst_ip6) /
216 ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
217 # IPv4 does not allow extension headers
219 p = (Ether(dst=dst_mac, src=src_mac) /
220 IP(src=src_ip4, dst=dst_ip4) /
225 ulp_l4 = ICMPv6Unknown(type=128 + (i % 2), code=i % 2)
227 p = (Ether(dst=dst_mac, src=src_mac) /
228 IPv6(src=src_ip6, dst=dst_ip6) /
232 ulp_l4 = ICMP(type=8 + (i % 2), code=i % 2)
234 p = (Ether(dst=dst_mac, src=src_mac) /
235 IP(src=src_ip4, dst=dst_ip4) /
241 size = packet_sizes[(i // 2) % len(packet_sizes)]
242 self.extend_packet(p, size)
245 rule_family = AF_INET6 if p.haslayer(IPv6) else AF_INET
246 rule_prefix_len = 128 if p.haslayer(IPv6) else 32
247 rule_l3_layer = IPv6 if p.haslayer(IPv6) else IP
250 rule_l4_sport = p[UDP].sport
251 rule_l4_dport = p[UDP].dport
254 rule_l4_sport = p[ICMP].type
255 rule_l4_dport = p[ICMP].code
257 rule_l4_sport = p[ICMPv6Unknown].type
258 rule_l4_dport = p[ICMPv6Unknown].code
260 rule_l4_proto = ulp_l4.overload_fields[IPv6]['nh']
262 rule_l4_proto = p[IP].proto
265 'is_permit': is_permit,
266 'is_ipv6': p.haslayer(IPv6),
267 'src_ip_addr': inet_pton(rule_family,
268 p[rule_l3_layer].src),
269 'src_ip_prefix_len': rule_prefix_len,
270 'dst_ip_addr': inet_pton(rule_family,
271 p[rule_l3_layer].dst),
272 'dst_ip_prefix_len': rule_prefix_len,
273 'srcport_or_icmptype_first': rule_l4_sport,
274 'srcport_or_icmptype_last': rule_l4_sport,
275 'dstport_or_icmpcode_first': rule_l4_dport,
276 'dstport_or_icmpcode_last': rule_l4_dport,
277 'proto': rule_l4_proto,
279 rules.append(new_rule)
280 new_rule_permit = new_rule.copy()
281 new_rule_permit['is_permit'] = 1
282 permit_rules.append(new_rule_permit)
284 new_rule_permit_and_reflect = new_rule.copy()
285 if can_reflect_this_packet:
286 new_rule_permit_and_reflect['is_permit'] = 2
288 new_rule_permit_and_reflect['is_permit'] = is_permit
289 permit_and_reflect_rules.append(new_rule_permit_and_reflect)
291 return {'stream': pkts,
293 'permit_rules': permit_rules,
294 'permit_and_reflect_rules': permit_and_reflect_rules}
296 def verify_capture(self, dst_ip_if, src_ip_if, capture, reverse):
298 for i in self.interfaces:
299 last_info[i.sw_if_index] = None
301 dst_ip_sw_if_index = dst_ip_if.sw_if_index
304 for packet in capture:
305 l3 = IP if packet.haslayer(IP) else IPv6
307 if packet.haslayer(UDP):
310 if packet.haslayer(ICMP):
315 # Scapy IPv6 stuff is too smart for its own good.
316 # So we do this and coerce the ICMP into unknown type
317 if packet.haslayer(UDP):
318 data = str(packet[UDP][Raw])
321 data = str(ICMP(str(packet[l3].payload))[Raw])
323 data = str(ICMPv6Unknown(str(packet[l3].payload)).msgbody)
324 udp_or_icmp = packet[l3].payload
325 payload_info = self.payload_to_info(data)
326 packet_index = payload_info.index
328 self.assertEqual(payload_info.dst, dst_ip_sw_if_index)
330 next_info = self.get_next_packet_info_for_interface2(
331 payload_info.src, dst_ip_sw_if_index,
332 last_info[payload_info.src])
333 last_info[payload_info.src] = next_info
334 self.assertTrue(next_info is not None)
335 self.assertEqual(packet_index, next_info.index)
336 saved_packet = next_info.data
337 self.assertTrue(next_info is not None)
341 self.assertEqual(packet.src, dst_ip_if.local_mac)
342 host = dst_ip_if.host_by_mac(packet.dst)
345 # self.assertEqual(ip.src, src_ip_if.remote_ip4)
346 if saved_packet is not None:
347 self.assertEqual(ip.src, saved_packet[l3].src)
348 self.assertEqual(ip.dst, saved_packet[l3].dst)
350 self.assertEqual(udp_or_icmp.sport, saved_packet[l4].sport)
351 self.assertEqual(udp_or_icmp.dport, saved_packet[l4].dport)
353 print("Saved packet is none")
354 # self.assertEqual(ip.dst, host.ip4)
358 def create_acls_for_a_stream(self, stream_dict,
359 test_l2_action, is_reflect):
360 r = stream_dict['rules']
361 r_permit = stream_dict['permit_rules']
362 r_permit_reflect = stream_dict['permit_and_reflect_rules']
363 r_action = r_permit_reflect if is_reflect else r
364 reply = self.api_acl_add_replace(acl_index=4294967295, r=r_action,
365 count=len(r_action), tag="action acl")
366 action_acl_index = reply.acl_index
367 reply = self.api_acl_add_replace(acl_index=4294967295, r=r_permit,
368 count=len(r_permit), tag="permit acl")
369 permit_acl_index = reply.acl_index
370 return {'L2': action_acl_index if test_l2_action else permit_acl_index,
371 'L3': permit_acl_index if test_l2_action else action_acl_index,
372 'permit': permit_acl_index, 'action': action_acl_index}
374 def apply_acl_ip46_x_to_y(self, bridged_to_routed, test_l2_deny,
375 is_ip6, is_reflect, add_eh):
378 self.reset_packet_infos()
379 stream_dict = self.create_stream(
380 self.pg2, self.loop0,
382 self.pg_if_packet_sizes, is_ip6,
383 not is_reflect, False, add_eh)
384 stream = stream_dict['stream']
385 acl_idx = self.create_acls_for_a_stream(stream_dict, test_l2_deny,
387 n_input_l3 = 0 if bridged_to_routed else 1
388 n_input_l2 = 1 if bridged_to_routed else 0
389 self.api_acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
392 acls=[acl_idx['L3']])
393 self.api_acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
396 acls=[acl_idx['L2']])
397 self.api_acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
400 acls=[acl_idx['L2']])
402 def apply_acl_ip46_both_directions_reflect(self,
403 primary_is_bridged_to_routed,
404 reflect_on_l2, is_ip6, add_eh):
405 primary_is_routed_to_bridged = not primary_is_bridged_to_routed
406 self.reset_packet_infos()
407 stream_dict_fwd = self.create_stream(self.pg2, self.loop0,
408 primary_is_bridged_to_routed,
409 self.pg_if_packet_sizes, is_ip6,
410 False, False, add_eh)
411 acl_idx_fwd = self.create_acls_for_a_stream(stream_dict_fwd,
414 stream_dict_rev = self.create_stream(self.pg2, self.loop0,
415 not primary_is_bridged_to_routed,
416 self.pg_if_packet_sizes, is_ip6,
418 # We want the primary action to be "deny" rather than reflect
419 acl_idx_rev = self.create_acls_for_a_stream(stream_dict_rev,
420 reflect_on_l2, False)
422 if primary_is_bridged_to_routed:
423 inbound_l2_acl = acl_idx_fwd['L2']
425 inbound_l2_acl = acl_idx_rev['L2']
427 if primary_is_routed_to_bridged:
428 outbound_l2_acl = acl_idx_fwd['L2']
430 outbound_l2_acl = acl_idx_rev['L2']
432 if primary_is_routed_to_bridged:
433 inbound_l3_acl = acl_idx_fwd['L3']
435 inbound_l3_acl = acl_idx_rev['L3']
437 if primary_is_bridged_to_routed:
438 outbound_l3_acl = acl_idx_fwd['L3']
440 outbound_l3_acl = acl_idx_rev['L3']
442 self.api_acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
445 acls=[inbound_l3_acl,
447 self.api_acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
450 acls=[inbound_l2_acl,
452 self.api_acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
455 acls=[inbound_l2_acl,
458 def apply_acl_ip46_routed_to_bridged(self, test_l2_deny, is_ip6,
460 self.apply_acl_ip46_x_to_y(False, test_l2_deny, is_ip6,
463 def apply_acl_ip46_bridged_to_routed(self, test_l2_deny, is_ip6,
465 self.apply_acl_ip46_x_to_y(True, test_l2_deny, is_ip6,
468 def run_traffic_ip46_x_to_y(self, bridged_to_routed,
469 test_l2_deny, is_ip6,
470 is_reflect, is_established, add_eh):
471 self.reset_packet_infos()
472 stream_dict = self.create_stream(self.pg2, self.loop0,
474 self.pg_if_packet_sizes, is_ip6,
475 not is_reflect, is_established,
477 stream = stream_dict['stream']
479 tx_if = self.pg0 if bridged_to_routed else self.pg2
480 rx_if = self.pg2 if bridged_to_routed else self.pg0
482 tx_if.add_stream(stream)
483 self.pg_enable_capture(self.pg_interfaces)
485 packet_count = self.get_packet_count_for_if_idx(self.loop0.sw_if_index)
486 rcvd1 = rx_if.get_capture(packet_count)
487 self.verify_capture(self.loop0, self.pg2, rcvd1, bridged_to_routed)
489 def run_traffic_ip46_routed_to_bridged(self, test_l2_deny, is_ip6,
490 is_reflect, is_established, add_eh):
491 self.run_traffic_ip46_x_to_y(False, test_l2_deny, is_ip6,
492 is_reflect, is_established, add_eh)
494 def run_traffic_ip46_bridged_to_routed(self, test_l2_deny, is_ip6,
495 is_reflect, is_established, add_eh):
496 self.run_traffic_ip46_x_to_y(True, test_l2_deny, is_ip6,
497 is_reflect, is_established, add_eh)
499 def run_test_ip46_routed_to_bridged(self, test_l2_deny,
500 is_ip6, is_reflect, add_eh):
501 self.apply_acl_ip46_routed_to_bridged(test_l2_deny,
502 is_ip6, is_reflect, add_eh)
503 self.run_traffic_ip46_routed_to_bridged(test_l2_deny, is_ip6,
504 is_reflect, False, add_eh)
506 def run_test_ip46_bridged_to_routed(self, test_l2_deny,
507 is_ip6, is_reflect, add_eh):
508 self.apply_acl_ip46_bridged_to_routed(test_l2_deny,
509 is_ip6, is_reflect, add_eh)
510 self.run_traffic_ip46_bridged_to_routed(test_l2_deny, is_ip6,
511 is_reflect, False, add_eh)
513 def run_test_ip46_routed_to_bridged_and_back(self, test_l2_action,
515 self.apply_acl_ip46_both_directions_reflect(False, test_l2_action,
517 self.run_traffic_ip46_routed_to_bridged(test_l2_action, is_ip6,
519 self.run_traffic_ip46_bridged_to_routed(test_l2_action, is_ip6,
522 def run_test_ip46_bridged_to_routed_and_back(self, test_l2_action,
524 self.apply_acl_ip46_both_directions_reflect(True, test_l2_action,
526 self.run_traffic_ip46_bridged_to_routed(test_l2_action, is_ip6,
528 self.run_traffic_ip46_routed_to_bridged(test_l2_action, is_ip6,
531 def test_0000_ip6_irb_1(self):
532 """ ACL plugin prepare"""
533 if not self.vpp_dead:
534 cmd = "set acl-plugin session timeout udp idle 2000"
535 self.logger.info(self.vapi.ppcli(cmd))
536 # uncomment to not skip past the routing header
537 # and watch the EH tests fail
538 # self.logger.info(self.vapi.ppcli(
539 # "set acl-plugin skip-ipv6-extension-header 43 0"))
540 # uncomment to test the session limit (stateful tests will fail)
541 # self.logger.info(self.vapi.ppcli(
542 # "set acl-plugin session table max-entries 1"))
543 # new datapath is the default, but just in case
544 # self.logger.info(self.vapi.ppcli(
545 # "set acl-plugin l2-datapath new"))
546 # If you want to see some tests fail, uncomment the next line
547 # self.logger.info(self.vapi.ppcli(
548 # "set acl-plugin l2-datapath old"))
550 def test_0001_ip6_irb_1(self):
551 """ ACL IPv6 routed -> bridged, L2 ACL deny"""
552 self.run_test_ip46_routed_to_bridged(True, True, False,
555 def test_0002_ip6_irb_1(self):
556 """ ACL IPv6 routed -> bridged, L3 ACL deny"""
557 self.run_test_ip46_routed_to_bridged(False, True, False,
560 def test_0003_ip4_irb_1(self):
561 """ ACL IPv4 routed -> bridged, L2 ACL deny"""
562 self.run_test_ip46_routed_to_bridged(True, False, False,
565 def test_0004_ip4_irb_1(self):
566 """ ACL IPv4 routed -> bridged, L3 ACL deny"""
567 self.run_test_ip46_routed_to_bridged(False, False, False,
570 def test_0005_ip6_irb_1(self):
571 """ ACL IPv6 bridged -> routed, L2 ACL deny """
572 self.run_test_ip46_bridged_to_routed(True, True, False,
575 def test_0006_ip6_irb_1(self):
576 """ ACL IPv6 bridged -> routed, L3 ACL deny """
577 self.run_test_ip46_bridged_to_routed(False, True, False,
580 def test_0007_ip6_irb_1(self):
581 """ ACL IPv4 bridged -> routed, L2 ACL deny """
582 self.run_test_ip46_bridged_to_routed(True, False, False,
585 def test_0008_ip6_irb_1(self):
586 """ ACL IPv4 bridged -> routed, L3 ACL deny """
587 self.run_test_ip46_bridged_to_routed(False, False, False,
591 def test_0101_ip6_irb_1(self):
592 """ ACL IPv6 routed -> bridged, L2 ACL permit+reflect"""
593 self.run_test_ip46_routed_to_bridged_and_back(True, True,
596 def test_0102_ip6_irb_1(self):
597 """ ACL IPv6 bridged -> routed, L2 ACL permit+reflect"""
598 self.run_test_ip46_bridged_to_routed_and_back(True, True,
601 def test_0103_ip6_irb_1(self):
602 """ ACL IPv4 routed -> bridged, L2 ACL permit+reflect"""
603 self.run_test_ip46_routed_to_bridged_and_back(True, False,
606 def test_0104_ip6_irb_1(self):
607 """ ACL IPv4 bridged -> routed, L2 ACL permit+reflect"""
608 self.run_test_ip46_bridged_to_routed_and_back(True, False,
611 def test_0111_ip6_irb_1(self):
612 """ ACL IPv6 routed -> bridged, L3 ACL permit+reflect"""
613 self.run_test_ip46_routed_to_bridged_and_back(False, True,
616 def test_0112_ip6_irb_1(self):
617 """ ACL IPv6 bridged -> routed, L3 ACL permit+reflect"""
618 self.run_test_ip46_bridged_to_routed_and_back(False, True,
621 def test_0113_ip6_irb_1(self):
622 """ ACL IPv4 routed -> bridged, L3 ACL permit+reflect"""
623 self.run_test_ip46_routed_to_bridged_and_back(False, False,
626 def test_0114_ip6_irb_1(self):
627 """ ACL IPv4 bridged -> routed, L3 ACL permit+reflect"""
628 self.run_test_ip46_bridged_to_routed_and_back(False, False,
631 # A block of tests with extension headers
633 def test_1001_ip6_irb_1(self):
634 """ ACL IPv6+EH routed -> bridged, L2 ACL deny"""
635 self.run_test_ip46_routed_to_bridged(True, True, False,
638 def test_1002_ip6_irb_1(self):
639 """ ACL IPv6+EH routed -> bridged, L3 ACL deny"""
640 self.run_test_ip46_routed_to_bridged(False, True, False,
643 def test_1005_ip6_irb_1(self):
644 """ ACL IPv6+EH bridged -> routed, L2 ACL deny """
645 self.run_test_ip46_bridged_to_routed(True, True, False,
648 def test_1006_ip6_irb_1(self):
649 """ ACL IPv6+EH bridged -> routed, L3 ACL deny """
650 self.run_test_ip46_bridged_to_routed(False, True, False,
653 def test_1101_ip6_irb_1(self):
654 """ ACL IPv6+EH routed -> bridged, L2 ACL permit+reflect"""
655 self.run_test_ip46_routed_to_bridged_and_back(True, True,
658 def test_1102_ip6_irb_1(self):
659 """ ACL IPv6+EH bridged -> routed, L2 ACL permit+reflect"""
660 self.run_test_ip46_bridged_to_routed_and_back(True, True,
663 def test_1111_ip6_irb_1(self):
664 """ ACL IPv6+EH routed -> bridged, L3 ACL permit+reflect"""
665 self.run_test_ip46_routed_to_bridged_and_back(False, True,
668 def test_1112_ip6_irb_1(self):
669 """ ACL IPv6+EH bridged -> routed, L3 ACL permit+reflect"""
670 self.run_test_ip46_bridged_to_routed_and_back(False, True,
674 def test_8900_ip6_irb_1(self):
675 """ ACL plugin set old L2 datapath"""
676 if not self.vpp_dead:
677 cmd = "set acl-plugin l2-datapath old"
678 self.logger.info(self.vapi.ppcli(cmd))
680 def test_8901_ip6_irb_1(self):
681 """ ACL IPv6 routed -> bridged, L2 ACL deny"""
682 self.run_test_ip46_routed_to_bridged(True, True, False,
685 def test_8902_ip6_irb_1(self):
686 """ ACL IPv6 routed -> bridged, L3 ACL deny"""
687 self.run_test_ip46_routed_to_bridged(False, True, False,
690 def test_8903_ip4_irb_1(self):
691 """ ACL IPv4 routed -> bridged, L2 ACL deny"""
692 self.run_test_ip46_routed_to_bridged(True, False, False,
695 def test_8904_ip4_irb_1(self):
696 """ ACL IPv4 routed -> bridged, L3 ACL deny"""
697 self.run_test_ip46_routed_to_bridged(False, False, False,
700 def test_8905_ip6_irb_1(self):
701 """ ACL IPv6 bridged -> routed, L2 ACL deny """
702 self.run_test_ip46_bridged_to_routed(True, True, False,
705 def test_8906_ip6_irb_1(self):
706 """ ACL IPv6 bridged -> routed, L3 ACL deny """
707 self.run_test_ip46_bridged_to_routed(False, True, False,
710 def test_8907_ip6_irb_1(self):
711 """ ACL IPv4 bridged -> routed, L2 ACL deny """
712 self.run_test_ip46_bridged_to_routed(True, False, False,
715 def test_8908_ip6_irb_1(self):
716 """ ACL IPv4 bridged -> routed, L3 ACL deny """
717 self.run_test_ip46_bridged_to_routed(False, False, False,
721 if __name__ == '__main__':
722 unittest.main(testRunner=VppTestRunner)