2 """ACL plugin - MACIP tests
8 from socket import inet_ntop, inet_pton, AF_INET, AF_INET6
10 from scapy.packet import Raw
11 from scapy.layers.l2 import Ether
12 from scapy.layers.inet import IP, UDP, TCP
13 from scapy.layers.inet6 import IPv6
15 from framework import VppTestCase, VppTestRunner, running_extended_tests
16 from vpp_lo_interface import VppLoInterface
19 class TestMACIP(VppTestCase):
48 Perform standard class setup (defined by class method setUpClass in
49 class VppTestCase) before running the test case, set test case related
50 variables and configure VPP.
52 super(TestMACIP, cls).setUpClass()
54 cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes
56 cls.remote_hosts_count = 250
59 # create 3 pg interfaces, 1 loopback interface
60 cls.create_pg_interfaces(range(3))
61 cls.create_loopback_interfaces(range(1))
63 cls.interfaces = list(cls.pg_interfaces)
64 cls.interfaces.extend(cls.lo_interfaces)
66 for i in cls.interfaces:
69 # Create BD with MAC learning enabled and put interfaces to this BD
70 cls.vapi.sw_interface_set_l2_bridge(
71 cls.loop0.sw_if_index, bd_id=cls.bd_id, bvi=1)
72 cls.vapi.sw_interface_set_l2_bridge(
73 cls.pg0.sw_if_index, bd_id=cls.bd_id)
74 cls.vapi.sw_interface_set_l2_bridge(
75 cls.pg1.sw_if_index, bd_id=cls.bd_id)
77 # Configure IPv4 addresses on loop interface and routed interface
78 cls.loop0.config_ip4()
79 cls.loop0.config_ip6()
83 # Configure MAC address binding to IPv4 neighbors on loop0
84 cls.loop0.generate_remote_hosts(cls.remote_hosts_count)
85 # Modify host mac addresses to have different OUI parts
86 for i in range(2, cls.remote_hosts_count + 2):
87 mac = cls.loop0.remote_hosts[i-2]._mac.split(':')
88 mac[2] = format(int(mac[2], 16) + i, "02x")
89 cls.loop0.remote_hosts[i - 2]._mac = ":".join(mac)
91 cls.loop0.configure_ipv4_neighbors()
92 cls.loop0.configure_ipv6_neighbors()
93 # configure MAC address on pg2
97 # Loopback BVI interface has remote hosts
98 # one half of hosts are behind pg0 second behind pg1
99 half = cls.remote_hosts_count // 2
100 cls.pg0.remote_hosts = cls.loop0.remote_hosts[:half]
101 cls.pg1.remote_hosts = cls.loop0.remote_hosts[half:]
104 super(TestMACIP, cls).tearDownClass()
108 super(TestMACIP, self).setUp()
109 self.reset_packet_infos()
114 Show various debug prints after each test.
116 super(TestMACIP, self).tearDown()
117 if not self.vpp_dead:
118 self.logger.info(self.vapi.ppcli("show interface address"))
119 self.logger.info(self.vapi.ppcli("show hardware"))
120 self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl"))
121 self.logger.info(self.vapi.ppcli("sh acl-plugin macip interface"))
122 self.logger.info(self.vapi.ppcli("sh classify tables verbose"))
123 # print self.vapi.ppcli("show interface address")
124 # print self.vapi.ppcli("show hardware")
125 # print self.vapi.ppcli("sh acl-plugin macip interface")
126 # print self.vapi.ppcli("sh acl-plugin macip acl")
129 def macip_acl_dump_debug(self):
130 acls = self.vapi.macip_acl_dump()
133 print "ACL #"+str(acl.acl_index)
138 elif r.is_permit == 0:
140 print " IP6" if r.is_ipv6 else " IP4", \
142 r.src_mac.encode('hex'), \
143 r.src_mac_mask.encode('hex'),\
144 unpack('<16B', r.src_ip_addr), \
148 def create_rules(self, mac_type=EXACT_MAC, ip_type=EXACT_IP,
149 acl_count=1, rules_count=[1]):
151 src_mac = int("220000dead00", 16)
152 for acl in range(2, (acl_count+1) * 2):
154 host = random.choice(self.loop0.remote_hosts)
156 ip4 = host.ip4.split('.')
157 ip6 = list(unpack('<16B', inet_pton(AF_INET6, host.ip6)))
159 if ip_type == self.EXACT_IP:
162 elif ip_type == self.WILD_IP:
164 ip6 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
167 rules_count[(acl / 2) - 1] = 1
172 if mac_type == self.EXACT_MAC:
173 mask = "ff:ff:ff:ff:ff:ff"
174 elif mac_type == self.WILD_MAC:
175 mask = "00:00:00:00:00:00"
176 elif mac_type == self.OUI_MAC:
177 mask = "ff:ff:ff:00:00:00"
179 mask = "ff:ff:ff:ff:ff:00"
181 ip = ip6 if is_ip6 else ip4
182 ip_len = prefix_len6 if is_ip6 else prefix_len4
184 for i in range(0, rules_count[(acl / 2) - 1]):
186 if mac_type == self.WILD_MAC:
187 mac = "00:00:00:00:00:00"
188 elif mac_type == self.OUI_MAC:
189 mac = ':'.join(re.findall('..', '{:02x}'.format(
190 src_mac))[:3])+":00:00:00"
192 mac = ':'.join(re.findall('..', '{:02x}'.format(src_mac)))
194 if ip_type == self.EXACT_IP:
195 ip4[3] = random.randint(100, 200)
196 ip6[15] = random.randint(100, 200)
197 elif ip_type == self.SUBNET_IP:
198 ip4[2] = random.randint(100, 200)
200 ip6[8] = random.randint(100, 200)
203 for j in range(0, len(ip)):
204 ip_pack += pack('<B', int(ip[j]))
206 rule = ({'is_permit': self.PERMIT,
208 'src_ip_addr': ip_pack,
209 'src_ip_prefix_len': ip_len,
210 'src_mac': mac.replace(':', '').decode('hex'),
211 'src_mac_mask': mask.replace(':', '').decode('hex')})
213 if ip_type == self.WILD_IP:
217 src_mac += 1099511627776
220 def apply_rules(self, acls):
222 reply = self.vapi.macip_acl_add(acl)
223 self.assertEqual(reply.retval, 0)
224 self.ACLS.append(reply.acl_index)
226 def verify_acls(self, acl_count, rules_count, expected_count=2):
227 reply = self.macip_acl_dump_debug()
228 for acl in range(2, (acl_count+1) * 2):
229 self.assertEqual(reply[acl - 2].count, rules_count[acl/2-1])
231 self.vapi.macip_acl_interface_get()
233 self.vapi.macip_acl_interface_add_del(sw_if_index=0, acl_index=0)
234 self.vapi.macip_acl_interface_add_del(sw_if_index=1, acl_index=1)
236 reply = self.vapi.macip_acl_interface_get()
237 self.assertEqual(reply.count, expected_count)
239 def delete_acls(self):
240 for acl in range(len(self.ACLS)-1, -1, -1):
241 self.vapi.macip_acl_del(self.ACLS[acl])
243 reply = self.vapi.macip_acl_dump()
244 self.assertEqual(len(reply), 0)
246 def create_stream(self, mac_type, ip_type, packet_count,
247 src_ip_if, dst_ip_if, bridged_routed, is_ip6):
248 # exact MAC and exact IP
249 # exact MAC and subnet of IPs
250 # exact MAC and wildcard IP
251 # wildcard MAC and exact IP
252 # wildcard MAC and subnet of IPs
253 # wildcard MAC and wildcard IP
254 # OUI restricted MAC and exact IP
255 # OUI restricted MAC and subnet of IPs
256 # OUI restricted MAC and wildcard IP
263 mac_rule = "00:00:00:00:00:00"
264 mac_mask = "00:00:00:00:00:00"
265 for p in range(0, packet_count):
266 remote_dst_index = p % len(dst_ip_if.remote_hosts)
267 remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index]
271 is_permit = self.PERMIT if p % 3 == 0 else self.DENY
272 denyMAC = True if not is_permit and p % 3 == 1 else False
273 denyIP = True if not is_permit and p % 3 == 2 else False
274 if not is_permit and ip_type == self.WILD_IP:
276 if not is_permit and mac_type == self.WILD_MAC:
280 src_mac = remote_dst_host._mac
281 dst_mac = 'de:ad:00:00:00:00'
282 dst_ip6 = src_ip_if.remote_ip6
283 src_ip6 = remote_dst_host.ip6
284 dst_ip4 = src_ip_if.remote_ip4
285 src_ip4 = remote_dst_host.ip4
286 ip_permit = src_ip6 if is_ip6 else src_ip4
290 mac = src_mac.split(':')
291 mac[0] = format(int(mac[0], 16)+1, "02x")
292 src_mac = ":".join(mac)
298 if ip_type != self.WILD_IP:
300 dst_ip6 = src_ip_if.remote_ip6
301 src_ip6 = remote_dst_host.ip6
302 dst_ip4 = src_ip_if.remote_ip4
303 src_ip4 = remote_dst_host.ip4
305 src_mac = src_ip_if.remote_mac
306 dst_mac = src_ip_if.local_mac
307 src_ip6 = src_ip_if.remote_ip6
308 dst_ip6 = remote_dst_host.ip6
309 src_ip4 = src_ip_if.remote_ip4
310 dst_ip4 = remote_dst_host.ip4
313 info = self.create_packet_info(src_ip_if, dst_ip_if)
314 payload = self.info_to_payload(info)
316 payload = "to be blocked"
318 if mac_type == self.WILD_MAC:
319 mac = src_mac.split(':')
320 for i in range(1, 5):
321 mac[i] = format(random.randint(0, 255), "02x")
322 src_mac = ":".join(mac)
325 packet = Ether(src=src_mac, dst=dst_mac)
327 ip_rule = src_ip6 if is_ip6 else src_ip4
329 ip_rule = dst_ip6 if is_ip6 else dst_ip4
331 if ip_type != self.EXACT_IP:
332 sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip_rule)))
333 if ip_type == self.WILD_IP:
334 sub_ip[0] = random.randint(240, 254)
335 sub_ip[1] = random.randint(230, 239)
336 sub_ip[14] = random.randint(100, 199)
337 sub_ip[15] = random.randint(200, 255)
338 elif ip_type == self.SUBNET_IP:
340 sub_ip[2] = str(int(sub_ip[2]) + 1)
341 sub_ip[14] = random.randint(100, 199)
342 sub_ip[15] = random.randint(200, 255)
344 src_ip6 = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
346 dst_ip6 = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
347 packet /= IPv6(src=src_ip6, dst=dst_ip6)
349 if ip_type != self.EXACT_IP:
350 sub_ip = ip_rule.split('.')
351 if ip_type == self.WILD_IP:
352 sub_ip[0] = str(random.randint(1, 49))
353 sub_ip[1] = str(random.randint(50, 99))
354 sub_ip[2] = str(random.randint(100, 199))
355 sub_ip[3] = str(random.randint(200, 255))
356 elif ip_type == self.SUBNET_IP:
358 sub_ip[1] = str(int(sub_ip[1])+1)
359 sub_ip[2] = str(random.randint(100, 199))
360 sub_ip[3] = str(random.randint(200, 255))
362 src_ip4 = ".".join(sub_ip)
365 dst_ip4 = ".".join(sub_ip)
366 packet /= IP(src=src_ip4, dst=dst_ip4, frag=0, flags=0)
368 packet /= UDP(sport=src_port, dport=dst_port)/Raw(payload)
370 packet[Raw].load += " mac:"+src_mac
372 size = self.pg_if_packet_sizes[p % len(self.pg_if_packet_sizes)]
373 self.extend_packet(packet, size)
374 packets.append(packet)
376 # create suitable rule
377 if mac_type == self.EXACT_MAC:
379 mac_mask = "ff:ff:ff:ff:ff:ff"
380 elif mac_type == self.WILD_MAC:
381 mac_rule = "00:00:00:00:00:00"
382 mac_mask = "00:00:00:00:00:00"
383 elif mac_type == self.OUI_MAC:
384 mac = src_mac.split(':')
385 mac[3] = mac[4] = mac[5] = '00'
386 mac_rule = ":".join(mac)
387 mac_mask = "ff:ff:ff:00:00:00"
390 if ip_type == self.WILD_IP:
397 if ip_type == self.SUBNET_IP:
398 sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip)))
399 for i in range(8, 16):
401 ip = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
403 if ip_type == self.WILD_IP:
410 if ip_type == self.SUBNET_IP:
411 sub_ip = ip.split('.')
412 sub_ip[2] = sub_ip[3] = '0'
413 ip = ".".join(sub_ip)
415 prefix_len = 128 if is_ip6 else 32
416 if ip_type == self.WILD_IP:
418 elif ip_type == self.SUBNET_IP:
419 prefix_len = 64 if is_ip6 else 16
420 ip_rule = inet_pton(AF_INET6 if is_ip6 else AF_INET, ip)
422 if mac_type == self.WILD_MAC and ip_type == self.WILD_IP and p > 0:
426 rule = ({'is_permit': is_permit,
428 'src_ip_addr': ip_rule,
429 'src_ip_prefix_len': prefix_len,
430 'src_mac': mac_rule.replace(':', '').decode('hex'),
431 'src_mac_mask': mac_mask.replace(':', '').decode(
435 # deny all other packets
436 if not (mac_type == self.WILD_MAC and ip_type == self.WILD_IP):
437 rule = ({'is_permit': 0,
440 'src_ip_prefix_len': 0,
445 return {'stream': packets, 'rules': rules}
447 def verify_capture(self, stream, capture, is_ip6):
448 p_l3 = IPv6 if is_ip6 else IP
451 print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
453 acls = self.macip_acl_dump_debug()
458 # print r.src_mac.encode('hex'), \
459 # r.src_mac_mask.encode('hex'),\
460 # unpack('<16B', r.src_ip_addr), \
461 # r.src_ip_prefix_len
464 # print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
465 # data = p[Raw].load.split(':',1)[1]
466 # print p[p_l3].src, data
468 def run_traffic(self, mac_type, ip_type, bridged_routed, is_ip6, packets,
469 do_not_expected_capture=False):
470 self.reset_packet_infos()
472 tx_if = self.pg0 if bridged_routed else self.pg2
473 rx_if = self.pg2 if bridged_routed else self.pg0
475 test_dict = self.create_stream(mac_type, ip_type, packets,
476 self.pg2, self.loop0,
477 bridged_routed, is_ip6)
479 reply = self.vapi.macip_acl_add(test_dict['rules'])
480 self.assertEqual(reply.retval, 0)
481 acl_index = reply.acl_index
483 self.vapi.macip_acl_interface_add_del(sw_if_index=tx_if.sw_if_index,
485 reply = self.vapi.macip_acl_interface_get()
486 self.assertEqual(reply.acls[tx_if.sw_if_index], acl_index)
487 self.ACLS.append(reply.acls[tx_if.sw_if_index])
489 tx_if.add_stream(test_dict['stream'])
490 self.pg_enable_capture(self.pg_interfaces)
493 if do_not_expected_capture:
496 packet_count = self.get_packet_count_for_if_idx(
497 self.loop0.sw_if_index)
498 if mac_type == self.WILD_MAC and ip_type == self.WILD_IP:
499 packet_count = packets
500 capture = rx_if.get_capture(packet_count)
501 self.verify_capture(test_dict['stream'], capture, is_ip6)
503 def run_test_acls(self, mac_type, ip_type, acl_count,
504 rules_count, traffic=None, ip=None):
505 self.apply_rules(self.create_rules(mac_type, ip_type, acl_count,
507 self.verify_acls(acl_count, rules_count)
509 if traffic is not None:
510 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, traffic, ip, 9)
512 def test_acl_ip4_exactMAC_exactIP(self):
513 """ IP4 MACIP exactMAC|exactIP ACL
515 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
516 self.BRIDGED, self.IS_IP4, 9)
518 def test_acl_ip6_exactMAC_exactIP(self):
519 """ IP6 MACIP exactMAC|exactIP ACL
522 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
523 self.BRIDGED, self.IS_IP6, 9)
525 def test_acl_ip4_exactMAC_subnetIP(self):
526 """ IP4 MACIP exactMAC|subnetIP ACL
529 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
530 self.BRIDGED, self.IS_IP4, 9)
532 def test_acl_ip6_exactMAC_subnetIP(self):
533 """ IP6 MACIP exactMAC|subnetIP ACL
536 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
537 self.BRIDGED, self.IS_IP6, 9)
539 def test_acl_ip4_exactMAC_wildIP(self):
540 """ IP4 MACIP exactMAC|wildIP ACL
543 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
544 self.BRIDGED, self.IS_IP4, 9)
546 def test_acl_ip6_exactMAC_wildIP(self):
547 """ IP6 MACIP exactMAC|wildIP ACL
550 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
551 self.BRIDGED, self.IS_IP6, 9)
553 def test_acl_ip4_ouiMAC_exactIP(self):
554 """ IP4 MACIP ouiMAC|exactIP ACL
557 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
558 self.BRIDGED, self.IS_IP4, 3)
560 def test_acl_ip6_ouiMAC_exactIP(self):
561 """ IP6 MACIP oui_MAC|exactIP ACL
564 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
565 self.BRIDGED, self.IS_IP6, 9)
567 def test_acl_ip4_ouiMAC_subnetIP(self):
568 """ IP4 MACIP ouiMAC|subnetIP ACL
571 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
572 self.BRIDGED, self.IS_IP4, 9)
574 def test_acl_ip6_ouiMAC_subnetIP(self):
575 """ IP6 MACIP ouiMAC|subnetIP ACL
578 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
579 self.BRIDGED, self.IS_IP6, 9)
581 def test_acl_ip4_ouiMAC_wildIP(self):
582 """ IP4 MACIP ouiMAC|wildIP ACL
585 self.run_traffic(self.OUI_MAC, self.WILD_IP,
586 self.BRIDGED, self.IS_IP4, 9)
588 def test_acl_ip6_ouiMAC_wildIP(self):
589 """ IP6 MACIP ouiMAC|wildIP ACL
592 self.run_traffic(self.OUI_MAC, self.WILD_IP,
593 self.BRIDGED, self.IS_IP6, 9)
595 def test_acl_ip4_wildMAC_exactIP(self):
596 """ IP4 MACIP wildcardMAC|exactIP ACL
599 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
600 self.BRIDGED, self.IS_IP4, 9)
602 def test_acl_ip6_wildMAC_exactIP(self):
603 """ IP6 MACIP wildcardMAC|exactIP ACL
606 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
607 self.BRIDGED, self.IS_IP6, 9)
609 def test_acl_ip4_wildMAC_subnetIP(self):
610 """ IP4 MACIP wildcardMAC|subnetIP ACL
613 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
614 self.BRIDGED, self.IS_IP4, 9)
616 def test_acl_ip6_wildMAC_subnetIP(self):
617 """ IP6 MACIP wildcardMAC|subnetIP ACL
620 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
621 self.BRIDGED, self.IS_IP6, 9)
623 def test_acl_ip4_wildMAC_wildIP(self):
624 """ IP4 MACIP wildcardMAC|wildIP ACL
627 self.run_traffic(self.WILD_MAC, self.WILD_IP,
628 self.BRIDGED, self.IS_IP4, 9)
630 def test_acl_ip6_wildMAC_wildIP(self):
631 """ IP6 MACIP wildcardMAC|wildIP ACL
634 self.run_traffic(self.WILD_MAC, self.WILD_IP,
635 self.BRIDGED, self.IS_IP6, 9)
637 def test_acl_1_2(self):
638 """ MACIP ACL with 2 entries
641 self.run_test_acls(self.EXACT_MAC, self.WILD_IP, 1, [2])
643 def test_acl_1_5(self):
644 """ MACIP ACL with 5 entries
647 self.run_test_acls(self.EXACT_MAC, self.SUBNET_IP, 1, [5])
649 def test_acl_1_10(self):
650 """ MACIP ACL with 10 entries
653 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 1, [10])
655 def test_acl_1_20(self):
656 """ MACIP ACL with 20 entries
659 self.run_test_acls(self.OUI_MAC, self.WILD_IP, 1, [20])
661 def test_acl_1_50(self):
662 """ MACIP ACL with 50 entries
665 self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 1, [50])
667 def test_acl_1_100(self):
668 """ MACIP ACL with 100 entries
671 self.run_test_acls(self.OUI_MAC, self.EXACT_IP, 1, [100])
673 def test_acl_2_X(self):
674 """ MACIP 2 ACLs each with 100+ entries
677 self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 2, [100, 200])
679 def test_acl_10_X(self):
680 """ MACIP 10 ACLs each with 100+ entries
683 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
684 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240])
686 def test_acl_10_X_traffic_ip4(self):
687 """ MACIP 10 ACLs each with 100+ entries with IP4 traffic
690 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
691 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
692 self.BRIDGED, self.IS_IP4)
694 def test_acl_10_X_traffic_ip6(self):
695 """ MACIP 10 ACLs each with 100+ entries with IP6 traffic
698 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
699 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
700 self.BRIDGED, self.IS_IP6)
702 def test_acl_replace(self):
703 """ MACIP replace ACL
706 r1 = self.create_rules(acl_count=3, rules_count=[2, 2, 2])
707 r2 = self.create_rules(mac_type=self.OUI_MAC, ip_type=self.SUBNET_IP)
710 acls_before = self.macip_acl_dump_debug()
712 # replace acls #2, #3 with new
713 reply = self.vapi.macip_acl_add_replace(r2[0], 2)
714 self.assertEqual(reply.retval, 0)
715 self.assertEqual(reply.acl_index, 2)
716 reply = self.vapi.macip_acl_add_replace(r2[1], 3)
717 self.assertEqual(reply.retval, 0)
718 self.assertEqual(reply.acl_index, 3)
720 acls_after = self.macip_acl_dump_debug()
723 self.assertEqual(len(acls_before), len(acls_after))
724 for acl1, acl2 in zip(
725 acls_before[:2]+acls_before[4:],
726 acls_after[:2]+acls_after[4:]):
727 self.assertEqual(len(acl1), len(acl2))
729 self.assertEqual(len(acl1.r), len(acl2.r))
730 for r1, r2 in zip(acl1.r, acl2.r):
731 self.assertEqual(len(acl1.r), len(acl2.r))
732 self.assertEqual(acl1.r, acl2.r)
733 for acl1, acl2 in zip(
736 self.assertEqual(len(acl1), len(acl2))
738 self.assertNotEqual(len(acl1.r), len(acl2.r))
739 for r1, r2 in zip(acl1.r, acl2.r):
740 self.assertNotEqual(len(acl1.r), len(acl2.r))
741 self.assertNotEqual(acl1.r, acl2.r)
743 def test_acl_replace_traffic_ip4(self):
744 """ MACIP replace ACL with IP4 traffic
746 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
747 self.BRIDGED, self.IS_IP4, 9)
749 r = self.create_rules()
750 # replace acls #2, #3 with new
751 reply = self.vapi.macip_acl_add_replace(r[0], 0)
752 self.assertEqual(reply.retval, 0)
753 self.assertEqual(reply.acl_index, 0)
755 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
756 self.BRIDGED, self.IS_IP4, 9, True)
758 def test_acl_replace_traffic_ip6(self):
759 """ MACIP replace ACL with IP6 traffic
761 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
762 self.BRIDGED, self.IS_IP6, 9)
764 r = self.create_rules()
765 # replace acls #2, #3 with new
766 reply = self.vapi.macip_acl_add_replace(r[0], 0)
767 self.assertEqual(reply.retval, 0)
768 self.assertEqual(reply.acl_index, 0)
770 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
771 self.BRIDGED, self.IS_IP6, 9, True)
773 def test_delete_intf(self):
774 """ MACIP ACL delete intf with acl
777 intf_count = len(self.interfaces)+1
779 self.apply_rules(self.create_rules(acl_count=3, rules_count=[3, 5, 4]))
781 intf.append(VppLoInterface(self, 0))
782 intf.append(VppLoInterface(self, 1))
784 sw_if_index0 = intf[0].sw_if_index
785 self.vapi.macip_acl_interface_add_del(sw_if_index0, 1)
787 reply = self.vapi.macip_acl_interface_get()
788 self.assertEqual(reply.count, intf_count+1)
789 self.assertEqual(reply.acls[sw_if_index0], 1)
791 sw_if_index1 = intf[1].sw_if_index
792 self.vapi.macip_acl_interface_add_del(sw_if_index1, 0)
794 reply = self.vapi.macip_acl_interface_get()
795 self.assertEqual(reply.count, intf_count+2)
796 self.assertEqual(reply.acls[sw_if_index1], 0)
798 intf[0].remove_vpp_config()
799 reply = self.vapi.macip_acl_interface_get()
800 self.assertEqual(reply.count, intf_count+2)
801 self.assertEqual(reply.acls[sw_if_index0], 4294967295)
802 self.assertEqual(reply.acls[sw_if_index1], 0)
804 intf.append(VppLoInterface(self, 2))
805 intf.append(VppLoInterface(self, 3))
806 sw_if_index2 = intf[2].sw_if_index
807 sw_if_index3 = intf[3].sw_if_index
808 self.vapi.macip_acl_interface_add_del(sw_if_index2, 1)
809 self.vapi.macip_acl_interface_add_del(sw_if_index3, 1)
811 reply = self.vapi.macip_acl_interface_get()
812 self.assertEqual(reply.count, intf_count+3)
813 self.assertEqual(reply.acls[sw_if_index1], 0)
814 self.assertEqual(reply.acls[sw_if_index2], 1)
815 self.assertEqual(reply.acls[sw_if_index3], 1)
817 intf[2].remove_vpp_config()
818 intf[1].remove_vpp_config()
820 reply = self.vapi.macip_acl_interface_get()
821 self.assertEqual(reply.count, intf_count+3)
822 self.assertEqual(reply.acls[sw_if_index0], 4294967295)
823 self.assertEqual(reply.acls[sw_if_index1], 4294967295)
824 self.assertEqual(reply.acls[sw_if_index2], 4294967295)
825 self.assertEqual(reply.acls[sw_if_index3], 1)
827 intf[3].remove_vpp_config()
828 reply = self.vapi.macip_acl_interface_get()
830 self.assertEqual(len([x for x in reply.acls if x != 4294967295]), 0)
832 @unittest.skipUnless(running_extended_tests(), "part of extended tests")
833 def test_routed(self):
834 """ MACIP with routed traffic
836 # TODO: routed do not work yet !!!
837 # self.run_traffic(self.EXACT_IP, self.EXACT_MAC, False, False, 9)
838 # self.run_traffic(self.EXACT_IP, self.EXACT_MAC, False, True, 9)
841 if __name__ == '__main__':
842 unittest.main(testRunner=VppTestRunner)