2 """ACL IRB Test Case HLD:
5 - L2 MAC learning enabled in l2bd
6 - 2 routed interfaces untagged, bvi (Bridge Virtual Interface)
7 - 2 bridged interfaces in l2bd with bvi
10 - sending ip4 eth pkts between routed interfaces
12 - 2 bridged interfaces
14 - 64B, 512B, 1518B, 9200B (ether_size)
16 - burst of pkts per interface
18 - routed pkts hitting different FIB entries
19 - bridged pkts hitting different MAC entries
22 - all packets received correctly
27 from socket import inet_pton, AF_INET, AF_INET6
28 from random import choice
29 from pprint import pprint
31 from scapy.packet import Raw
32 from scapy.layers.l2 import Ether
33 from scapy.layers.inet import IP, UDP, ICMP, TCP
34 from scapy.layers.inet6 import IPv6, ICMPv6Unknown, ICMPv6EchoRequest
35 from scapy.layers.inet6 import ICMPv6EchoReply, IPv6ExtHdrRouting
36 from scapy.layers.inet6 import IPv6ExtHdrFragment
38 from framework import VppTestCase, VppTestRunner
42 class TestIpIrb(VppTestCase):
48 #. Create BD with MAC learning enabled and put interfaces to this BD.
49 #. Configure IPv4 addresses on loopback interface and routed interface.
50 #. Configure MAC address binding to IPv4 neighbors on loop0.
51 #. Configure MAC address on pg2.
52 #. Loopback BVI interface has remote hosts, one half of hosts are
53 behind pg0 second behind pg1.
55 super(TestIpIrb, cls).setUpClass()
57 cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes
59 cls.remote_hosts_count = 250
61 # create 3 pg interfaces, 1 loopback interface
62 cls.create_pg_interfaces(range(3))
63 cls.create_loopback_interfaces(range(1))
65 cls.interfaces = list(cls.pg_interfaces)
66 cls.interfaces.extend(cls.lo_interfaces)
68 for i in cls.interfaces:
71 # Create BD with MAC learning enabled and put interfaces to this BD
72 cls.vapi.sw_interface_set_l2_bridge(
73 cls.loop0.sw_if_index, bd_id=cls.bd_id, bvi=1)
74 cls.vapi.sw_interface_set_l2_bridge(
75 cls.pg0.sw_if_index, bd_id=cls.bd_id)
76 cls.vapi.sw_interface_set_l2_bridge(
77 cls.pg1.sw_if_index, bd_id=cls.bd_id)
79 # Configure IPv4 addresses on loopback interface and routed interface
80 cls.loop0.config_ip4()
81 cls.loop0.config_ip6()
85 # Configure MAC address binding to IPv4 neighbors on loop0
86 cls.loop0.generate_remote_hosts(cls.remote_hosts_count)
87 cls.loop0.configure_ipv4_neighbors()
88 cls.loop0.configure_ipv6_neighbors()
89 # configure MAC address on pg2
93 cls.WITHOUT_EH = False
96 # Loopback BVI interface has remote hosts, one half of hosts are behind
97 # pg0 second behind pg1
98 half = cls.remote_hosts_count // 2
99 cls.pg0.remote_hosts = cls.loop0.remote_hosts[:half]
100 cls.pg1.remote_hosts = cls.loop0.remote_hosts[half:]
103 """Run standard test teardown and log ``show l2patch``,
104 ``show l2fib verbose``,``show bridge-domain <bd_id> detail``,
107 super(TestIpIrb, self).tearDown()
108 if not self.vpp_dead:
109 self.logger.info(self.vapi.cli("show l2patch"))
110 self.logger.info(self.vapi.cli("show classify tables"))
111 self.logger.info(self.vapi.cli("show vlib graph"))
112 self.logger.info(self.vapi.cli("show l2fib verbose"))
113 self.logger.info(self.vapi.cli("show bridge-domain %s detail" %
115 self.logger.info(self.vapi.cli("show ip arp"))
116 self.logger.info(self.vapi.cli("show ip6 neighbors"))
117 self.logger.info(self.vapi.cli("show acl-plugin sessions"))
118 self.logger.info(self.vapi.cli("show acl-plugin acl"))
119 self.logger.info(self.vapi.cli("show acl-plugin interface"))
120 self.logger.info(self.vapi.cli("show acl-plugin tables"))
122 def api_acl_add_replace(self, acl_index, r, count, tag="",
124 """Add/replace an ACL
126 :param int acl_index: ACL index to replace, 4294967295 to create new.
127 :param acl_rule r: ACL rules array.
128 :param str tag: symbolic tag (description) for this ACL.
129 :param int count: number of rules.
131 return self.vapi.api(self.vapi.papi.acl_add_replace,
132 {'acl_index': acl_index,
136 }, expected_retval=expected_retval)
138 def api_acl_interface_set_acl_list(self, sw_if_index, count, n_input, acls,
140 return self.vapi.api(self.vapi.papi.acl_interface_set_acl_list,
141 {'sw_if_index': sw_if_index,
145 }, expected_retval=expected_retval)
147 def api_acl_dump(self, acl_index, expected_retval=0):
148 return self.vapi.api(self.vapi.papi.acl_dump,
149 {'acl_index': acl_index},
150 expected_retval=expected_retval)
152 def create_stream(self, src_ip_if, dst_ip_if, reverse, packet_sizes,
153 is_ip6, expect_blocked, expect_established,
154 add_extension_header):
158 permit_and_reflect_rules = []
159 total_packet_count = 8
160 for i in range(0, total_packet_count):
162 can_reflect_this_packet = (modulo == 0)
164 remote_dst_index = i % len(dst_ip_if.remote_hosts)
165 remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index]
167 info = self.create_packet_info(src_ip_if, dst_ip_if)
168 payload = self.info_to_payload(info)
170 to_be_blocked = False
171 if (expect_blocked and not expect_established):
173 if (not can_reflect_this_packet):
176 payload = "to be blocked"
178 info = self.create_packet_info(src_ip_if, dst_ip_if)
179 payload = self.info_to_payload(info)
181 dst_mac = 'de:ad:00:00:00:00'
182 src_mac = remote_dst_host._mac
183 dst_ip6 = src_ip_if.remote_ip6
184 src_ip6 = remote_dst_host.ip6
185 dst_ip4 = src_ip_if.remote_ip4
186 src_ip4 = remote_dst_host.ip4
190 dst_mac = src_ip_if.local_mac
191 src_mac = src_ip_if.remote_mac
192 src_ip6 = src_ip_if.remote_ip6
193 dst_ip6 = remote_dst_host.ip6
194 src_ip4 = src_ip_if.remote_ip4
195 dst_ip4 = remote_dst_host.ip4
199 # default ULP should be something we do not use in tests
200 ulp_l4 = TCP(sport=src_l4, dport=dst_l4)
201 # potentially a chain of protocols leading to ULP
204 if can_reflect_this_packet:
206 ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
207 if add_extension_header:
208 # prepend some extension headers
209 ulp = (IPv6ExtHdrRouting() / IPv6ExtHdrRouting() /
210 IPv6ExtHdrFragment(offset=0, m=1) / ulp_l4)
211 # uncomment below to test invalid ones
212 # ulp = IPv6ExtHdrRouting(len = 200) / ulp_l4
215 p = (Ether(dst=dst_mac, src=src_mac) /
216 IPv6(src=src_ip6, dst=dst_ip6) /
220 ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
221 # IPv4 does not allow extension headers,
222 # but we rather make it a first fragment
223 flags = 1 if add_extension_header else 0
225 p = (Ether(dst=dst_mac, src=src_mac) /
226 IP(src=src_ip4, dst=dst_ip4, frag=0, flags=flags) /
231 ulp_l4 = ICMPv6Unknown(type=128 + (i % 2), code=i % 2)
233 p = (Ether(dst=dst_mac, src=src_mac) /
234 IPv6(src=src_ip6, dst=dst_ip6) /
238 ulp_l4 = ICMP(type=8 + (i % 2), code=i % 2)
240 p = (Ether(dst=dst_mac, src=src_mac) /
241 IP(src=src_ip4, dst=dst_ip4) /
247 size = packet_sizes[(i // 2) % len(packet_sizes)]
248 self.extend_packet(p, size)
251 rule_family = AF_INET6 if p.haslayer(IPv6) else AF_INET
252 rule_prefix_len = 128 if p.haslayer(IPv6) else 32
253 rule_l3_layer = IPv6 if p.haslayer(IPv6) else IP
256 rule_l4_sport = p[UDP].sport
257 rule_l4_dport = p[UDP].dport
260 rule_l4_sport = p[ICMP].type
261 rule_l4_dport = p[ICMP].code
263 rule_l4_sport = p[ICMPv6Unknown].type
264 rule_l4_dport = p[ICMPv6Unknown].code
266 rule_l4_proto = ulp_l4.overload_fields[IPv6]['nh']
268 rule_l4_proto = p[IP].proto
271 'is_permit': is_permit,
272 'is_ipv6': p.haslayer(IPv6),
273 'src_ip_addr': inet_pton(rule_family,
274 p[rule_l3_layer].src),
275 'src_ip_prefix_len': rule_prefix_len,
276 'dst_ip_addr': inet_pton(rule_family,
277 p[rule_l3_layer].dst),
278 'dst_ip_prefix_len': rule_prefix_len,
279 'srcport_or_icmptype_first': rule_l4_sport,
280 'srcport_or_icmptype_last': rule_l4_sport,
281 'dstport_or_icmpcode_first': rule_l4_dport,
282 'dstport_or_icmpcode_last': rule_l4_dport,
283 'proto': rule_l4_proto,
285 rules.append(new_rule)
286 new_rule_permit = new_rule.copy()
287 new_rule_permit['is_permit'] = 1
288 permit_rules.append(new_rule_permit)
290 new_rule_permit_and_reflect = new_rule.copy()
291 if can_reflect_this_packet:
292 new_rule_permit_and_reflect['is_permit'] = 2
294 new_rule_permit_and_reflect['is_permit'] = is_permit
295 permit_and_reflect_rules.append(new_rule_permit_and_reflect)
297 return {'stream': pkts,
299 'permit_rules': permit_rules,
300 'permit_and_reflect_rules': permit_and_reflect_rules}
302 def verify_capture(self, dst_ip_if, src_ip_if, capture, reverse):
304 for i in self.interfaces:
305 last_info[i.sw_if_index] = None
307 dst_ip_sw_if_index = dst_ip_if.sw_if_index
310 for packet in capture:
311 l3 = IP if packet.haslayer(IP) else IPv6
313 if packet.haslayer(UDP):
316 if packet.haslayer(ICMP):
321 # Scapy IPv6 stuff is too smart for its own good.
322 # So we do this and coerce the ICMP into unknown type
323 if packet.haslayer(UDP):
324 data = str(packet[UDP][Raw])
327 data = str(ICMP(str(packet[l3].payload))[Raw])
329 data = str(ICMPv6Unknown(str(packet[l3].payload)).msgbody)
330 udp_or_icmp = packet[l3].payload
331 payload_info = self.payload_to_info(data)
332 packet_index = payload_info.index
334 self.assertEqual(payload_info.dst, dst_ip_sw_if_index)
336 next_info = self.get_next_packet_info_for_interface2(
337 payload_info.src, dst_ip_sw_if_index,
338 last_info[payload_info.src])
339 last_info[payload_info.src] = next_info
340 self.assertTrue(next_info is not None)
341 self.assertEqual(packet_index, next_info.index)
342 saved_packet = next_info.data
343 self.assertTrue(next_info is not None)
347 self.assertEqual(packet.src, dst_ip_if.local_mac)
348 host = dst_ip_if.host_by_mac(packet.dst)
351 # self.assertEqual(ip.src, src_ip_if.remote_ip4)
352 if saved_packet is not None:
353 self.assertEqual(ip.src, saved_packet[l3].src)
354 self.assertEqual(ip.dst, saved_packet[l3].dst)
356 self.assertEqual(udp_or_icmp.sport, saved_packet[l4].sport)
357 self.assertEqual(udp_or_icmp.dport, saved_packet[l4].dport)
359 print("Saved packet is none")
360 # self.assertEqual(ip.dst, host.ip4)
364 def create_acls_for_a_stream(self, stream_dict,
365 test_l2_action, is_reflect):
366 r = stream_dict['rules']
367 r_permit = stream_dict['permit_rules']
368 r_permit_reflect = stream_dict['permit_and_reflect_rules']
369 r_action = r_permit_reflect if is_reflect else r
370 reply = self.api_acl_add_replace(acl_index=4294967295, r=r_action,
371 count=len(r_action), tag="action acl")
372 action_acl_index = reply.acl_index
373 reply = self.api_acl_add_replace(acl_index=4294967295, r=r_permit,
374 count=len(r_permit), tag="permit acl")
375 permit_acl_index = reply.acl_index
376 return {'L2': action_acl_index if test_l2_action else permit_acl_index,
377 'L3': permit_acl_index if test_l2_action else action_acl_index,
378 'permit': permit_acl_index, 'action': action_acl_index}
380 def apply_acl_ip46_x_to_y(self, bridged_to_routed, test_l2_deny,
381 is_ip6, is_reflect, add_eh):
384 self.reset_packet_infos()
385 stream_dict = self.create_stream(
386 self.pg2, self.loop0,
388 self.pg_if_packet_sizes, is_ip6,
389 not is_reflect, False, add_eh)
390 stream = stream_dict['stream']
391 acl_idx = self.create_acls_for_a_stream(stream_dict, test_l2_deny,
393 n_input_l3 = 0 if bridged_to_routed else 1
394 n_input_l2 = 1 if bridged_to_routed else 0
395 self.api_acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
398 acls=[acl_idx['L3']])
399 self.api_acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
402 acls=[acl_idx['L2']])
403 self.api_acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
406 acls=[acl_idx['L2']])
408 def apply_acl_ip46_both_directions_reflect(self,
409 primary_is_bridged_to_routed,
410 reflect_on_l2, is_ip6, add_eh):
411 primary_is_routed_to_bridged = not primary_is_bridged_to_routed
412 self.reset_packet_infos()
413 stream_dict_fwd = self.create_stream(self.pg2, self.loop0,
414 primary_is_bridged_to_routed,
415 self.pg_if_packet_sizes, is_ip6,
416 False, False, add_eh)
417 acl_idx_fwd = self.create_acls_for_a_stream(stream_dict_fwd,
420 stream_dict_rev = self.create_stream(self.pg2, self.loop0,
421 not primary_is_bridged_to_routed,
422 self.pg_if_packet_sizes, is_ip6,
424 # We want the primary action to be "deny" rather than reflect
425 acl_idx_rev = self.create_acls_for_a_stream(stream_dict_rev,
426 reflect_on_l2, False)
428 if primary_is_bridged_to_routed:
429 inbound_l2_acl = acl_idx_fwd['L2']
431 inbound_l2_acl = acl_idx_rev['L2']
433 if primary_is_routed_to_bridged:
434 outbound_l2_acl = acl_idx_fwd['L2']
436 outbound_l2_acl = acl_idx_rev['L2']
438 if primary_is_routed_to_bridged:
439 inbound_l3_acl = acl_idx_fwd['L3']
441 inbound_l3_acl = acl_idx_rev['L3']
443 if primary_is_bridged_to_routed:
444 outbound_l3_acl = acl_idx_fwd['L3']
446 outbound_l3_acl = acl_idx_rev['L3']
448 self.api_acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
451 acls=[inbound_l3_acl,
453 self.api_acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
456 acls=[inbound_l2_acl,
458 self.api_acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
461 acls=[inbound_l2_acl,
464 def apply_acl_ip46_routed_to_bridged(self, test_l2_deny, is_ip6,
466 self.apply_acl_ip46_x_to_y(False, test_l2_deny, is_ip6,
469 def apply_acl_ip46_bridged_to_routed(self, test_l2_deny, is_ip6,
471 self.apply_acl_ip46_x_to_y(True, test_l2_deny, is_ip6,
474 def run_traffic_ip46_x_to_y(self, bridged_to_routed,
475 test_l2_deny, is_ip6,
476 is_reflect, is_established, add_eh):
477 self.reset_packet_infos()
478 stream_dict = self.create_stream(self.pg2, self.loop0,
480 self.pg_if_packet_sizes, is_ip6,
481 not is_reflect, is_established,
483 stream = stream_dict['stream']
485 tx_if = self.pg0 if bridged_to_routed else self.pg2
486 rx_if = self.pg2 if bridged_to_routed else self.pg0
488 tx_if.add_stream(stream)
489 self.pg_enable_capture(self.pg_interfaces)
491 packet_count = self.get_packet_count_for_if_idx(self.loop0.sw_if_index)
492 rcvd1 = rx_if.get_capture(packet_count)
493 self.verify_capture(self.loop0, self.pg2, rcvd1, bridged_to_routed)
495 def run_traffic_ip46_routed_to_bridged(self, test_l2_deny, is_ip6,
496 is_reflect, is_established, add_eh):
497 self.run_traffic_ip46_x_to_y(False, test_l2_deny, is_ip6,
498 is_reflect, is_established, add_eh)
500 def run_traffic_ip46_bridged_to_routed(self, test_l2_deny, is_ip6,
501 is_reflect, is_established, add_eh):
502 self.run_traffic_ip46_x_to_y(True, test_l2_deny, is_ip6,
503 is_reflect, is_established, add_eh)
505 def run_test_ip46_routed_to_bridged(self, test_l2_deny,
506 is_ip6, is_reflect, add_eh):
507 self.apply_acl_ip46_routed_to_bridged(test_l2_deny,
508 is_ip6, is_reflect, add_eh)
509 self.run_traffic_ip46_routed_to_bridged(test_l2_deny, is_ip6,
510 is_reflect, False, add_eh)
512 def run_test_ip46_bridged_to_routed(self, test_l2_deny,
513 is_ip6, is_reflect, add_eh):
514 self.apply_acl_ip46_bridged_to_routed(test_l2_deny,
515 is_ip6, is_reflect, add_eh)
516 self.run_traffic_ip46_bridged_to_routed(test_l2_deny, is_ip6,
517 is_reflect, False, add_eh)
519 def run_test_ip46_routed_to_bridged_and_back(self, test_l2_action,
521 self.apply_acl_ip46_both_directions_reflect(False, test_l2_action,
523 self.run_traffic_ip46_routed_to_bridged(test_l2_action, is_ip6,
525 self.run_traffic_ip46_bridged_to_routed(test_l2_action, is_ip6,
528 def run_test_ip46_bridged_to_routed_and_back(self, test_l2_action,
530 self.apply_acl_ip46_both_directions_reflect(True, test_l2_action,
532 self.run_traffic_ip46_bridged_to_routed(test_l2_action, is_ip6,
534 self.run_traffic_ip46_routed_to_bridged(test_l2_action, is_ip6,
537 def test_0000_ip6_irb_1(self):
538 """ ACL plugin prepare"""
539 if not self.vpp_dead:
540 cmd = "set acl-plugin session timeout udp idle 2000"
541 self.logger.info(self.vapi.ppcli(cmd))
542 # uncomment to not skip past the routing header
543 # and watch the EH tests fail
544 # self.logger.info(self.vapi.ppcli(
545 # "set acl-plugin skip-ipv6-extension-header 43 0"))
546 # uncomment to test the session limit (stateful tests will fail)
547 # self.logger.info(self.vapi.ppcli(
548 # "set acl-plugin session table max-entries 1"))
549 # new datapath is the default, but just in case
550 # self.logger.info(self.vapi.ppcli(
551 # "set acl-plugin l2-datapath new"))
552 # If you want to see some tests fail, uncomment the next line
553 # self.logger.info(self.vapi.ppcli(
554 # "set acl-plugin l2-datapath old"))
556 def test_0001_ip6_irb_1(self):
557 """ ACL IPv6 routed -> bridged, L2 ACL deny"""
558 self.run_test_ip46_routed_to_bridged(True, True, False,
561 def test_0002_ip6_irb_1(self):
562 """ ACL IPv6 routed -> bridged, L3 ACL deny"""
563 self.run_test_ip46_routed_to_bridged(False, True, False,
566 def test_0003_ip4_irb_1(self):
567 """ ACL IPv4 routed -> bridged, L2 ACL deny"""
568 self.run_test_ip46_routed_to_bridged(True, False, False,
571 def test_0004_ip4_irb_1(self):
572 """ ACL IPv4 routed -> bridged, L3 ACL deny"""
573 self.run_test_ip46_routed_to_bridged(False, False, False,
576 def test_0005_ip6_irb_1(self):
577 """ ACL IPv6 bridged -> routed, L2 ACL deny """
578 self.run_test_ip46_bridged_to_routed(True, True, False,
581 def test_0006_ip6_irb_1(self):
582 """ ACL IPv6 bridged -> routed, L3 ACL deny """
583 self.run_test_ip46_bridged_to_routed(False, True, False,
586 def test_0007_ip6_irb_1(self):
587 """ ACL IPv4 bridged -> routed, L2 ACL deny """
588 self.run_test_ip46_bridged_to_routed(True, False, False,
591 def test_0008_ip6_irb_1(self):
592 """ ACL IPv4 bridged -> routed, L3 ACL deny """
593 self.run_test_ip46_bridged_to_routed(False, False, False,
597 def test_0101_ip6_irb_1(self):
598 """ ACL IPv6 routed -> bridged, L2 ACL permit+reflect"""
599 self.run_test_ip46_routed_to_bridged_and_back(True, True,
602 def test_0102_ip6_irb_1(self):
603 """ ACL IPv6 bridged -> routed, L2 ACL permit+reflect"""
604 self.run_test_ip46_bridged_to_routed_and_back(True, True,
607 def test_0103_ip6_irb_1(self):
608 """ ACL IPv4 routed -> bridged, L2 ACL permit+reflect"""
609 self.run_test_ip46_routed_to_bridged_and_back(True, False,
612 def test_0104_ip6_irb_1(self):
613 """ ACL IPv4 bridged -> routed, L2 ACL permit+reflect"""
614 self.run_test_ip46_bridged_to_routed_and_back(True, False,
617 def test_0111_ip6_irb_1(self):
618 """ ACL IPv6 routed -> bridged, L3 ACL permit+reflect"""
619 self.run_test_ip46_routed_to_bridged_and_back(False, True,
622 def test_0112_ip6_irb_1(self):
623 """ ACL IPv6 bridged -> routed, L3 ACL permit+reflect"""
624 self.run_test_ip46_bridged_to_routed_and_back(False, True,
627 def test_0113_ip6_irb_1(self):
628 """ ACL IPv4 routed -> bridged, L3 ACL permit+reflect"""
629 self.run_test_ip46_routed_to_bridged_and_back(False, False,
632 def test_0114_ip6_irb_1(self):
633 """ ACL IPv4 bridged -> routed, L3 ACL permit+reflect"""
634 self.run_test_ip46_bridged_to_routed_and_back(False, False,
637 # A block of tests with extension headers
639 def test_1001_ip6_irb_1(self):
640 """ ACL IPv6+EH routed -> bridged, L2 ACL deny"""
641 self.run_test_ip46_routed_to_bridged(True, True, False,
644 def test_1002_ip6_irb_1(self):
645 """ ACL IPv6+EH routed -> bridged, L3 ACL deny"""
646 self.run_test_ip46_routed_to_bridged(False, True, False,
649 def test_1005_ip6_irb_1(self):
650 """ ACL IPv6+EH bridged -> routed, L2 ACL deny """
651 self.run_test_ip46_bridged_to_routed(True, True, False,
654 def test_1006_ip6_irb_1(self):
655 """ ACL IPv6+EH bridged -> routed, L3 ACL deny """
656 self.run_test_ip46_bridged_to_routed(False, True, False,
659 def test_1101_ip6_irb_1(self):
660 """ ACL IPv6+EH routed -> bridged, L2 ACL permit+reflect"""
661 self.run_test_ip46_routed_to_bridged_and_back(True, True,
664 def test_1102_ip6_irb_1(self):
665 """ ACL IPv6+EH bridged -> routed, L2 ACL permit+reflect"""
666 self.run_test_ip46_bridged_to_routed_and_back(True, True,
669 def test_1111_ip6_irb_1(self):
670 """ ACL IPv6+EH routed -> bridged, L3 ACL permit+reflect"""
671 self.run_test_ip46_routed_to_bridged_and_back(False, True,
674 def test_1112_ip6_irb_1(self):
675 """ ACL IPv6+EH bridged -> routed, L3 ACL permit+reflect"""
676 self.run_test_ip46_bridged_to_routed_and_back(False, True,
679 # IPv4 with "MF" bit set
681 def test_1201_ip6_irb_1(self):
682 """ ACL IPv4+MF routed -> bridged, L2 ACL deny"""
683 self.run_test_ip46_routed_to_bridged(True, False, False,
686 def test_1202_ip6_irb_1(self):
687 """ ACL IPv4+MF routed -> bridged, L3 ACL deny"""
688 self.run_test_ip46_routed_to_bridged(False, False, False,
691 def test_1205_ip6_irb_1(self):
692 """ ACL IPv4+MF bridged -> routed, L2 ACL deny """
693 self.run_test_ip46_bridged_to_routed(True, False, False,
696 def test_1206_ip6_irb_1(self):
697 """ ACL IPv4+MF bridged -> routed, L3 ACL deny """
698 self.run_test_ip46_bridged_to_routed(False, False, False,
701 def test_1301_ip6_irb_1(self):
702 """ ACL IPv4+MF routed -> bridged, L2 ACL permit+reflect"""
703 self.run_test_ip46_routed_to_bridged_and_back(True, False,
706 def test_1302_ip6_irb_1(self):
707 """ ACL IPv4+MF bridged -> routed, L2 ACL permit+reflect"""
708 self.run_test_ip46_bridged_to_routed_and_back(True, False,
711 def test_1311_ip6_irb_1(self):
712 """ ACL IPv4+MF routed -> bridged, L3 ACL permit+reflect"""
713 self.run_test_ip46_routed_to_bridged_and_back(False, False,
716 def test_1312_ip6_irb_1(self):
717 """ ACL IPv4+MF bridged -> routed, L3 ACL permit+reflect"""
718 self.run_test_ip46_bridged_to_routed_and_back(False, False,
721 if __name__ == '__main__':
722 unittest.main(testRunner=VppTestRunner)