2 """ACL plugin - MACIP tests
8 from socket import inet_ntop, inet_pton, AF_INET, AF_INET6
10 from scapy.packet import Raw
11 from scapy.layers.l2 import Ether
12 from scapy.layers.inet import IP, UDP, TCP
13 from scapy.layers.inet6 import IPv6
15 from framework import VppTestCase, VppTestRunner, running_extended_tests
16 from vpp_lo_interface import VppLoInterface
19 class TestMACIP(VppTestCase):
48 Perform standard class setup (defined by class method setUpClass in
49 class VppTestCase) before running the test case, set test case related
50 variables and configure VPP.
52 super(TestMACIP, cls).setUpClass()
54 cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes
56 cls.remote_hosts_count = 250
59 # create 3 pg interfaces, 1 loopback interface
60 cls.create_pg_interfaces(range(3))
61 cls.create_loopback_interfaces(range(1))
63 cls.interfaces = list(cls.pg_interfaces)
64 cls.interfaces.extend(cls.lo_interfaces)
66 for i in cls.interfaces:
69 # Create BD with MAC learning enabled and put interfaces to this BD
70 cls.vapi.sw_interface_set_l2_bridge(
71 cls.loop0.sw_if_index, bd_id=cls.bd_id, bvi=1)
72 cls.vapi.sw_interface_set_l2_bridge(
73 cls.pg0.sw_if_index, bd_id=cls.bd_id)
74 cls.vapi.sw_interface_set_l2_bridge(
75 cls.pg1.sw_if_index, bd_id=cls.bd_id)
77 # Configure IPv4 addresses on loop interface and routed interface
78 cls.loop0.config_ip4()
79 cls.loop0.config_ip6()
83 # Configure MAC address binding to IPv4 neighbors on loop0
84 cls.loop0.generate_remote_hosts(cls.remote_hosts_count)
85 # Modify host mac addresses to have different OUI parts
86 for i in range(2, cls.remote_hosts_count + 2):
87 mac = cls.loop0.remote_hosts[i-2]._mac.split(':')
88 mac[2] = format(int(mac[2], 16) + i, "02x")
89 cls.loop0.remote_hosts[i - 2]._mac = ":".join(mac)
91 cls.loop0.configure_ipv4_neighbors()
92 cls.loop0.configure_ipv6_neighbors()
93 # configure MAC address on pg2
97 # Loopback BVI interface has remote hosts
98 # one half of hosts are behind pg0 second behind pg1
99 half = cls.remote_hosts_count // 2
100 cls.pg0.remote_hosts = cls.loop0.remote_hosts[:half]
101 cls.pg1.remote_hosts = cls.loop0.remote_hosts[half:]
104 super(TestMACIP, cls).tearDownClass()
108 super(TestMACIP, self).setUp()
109 self.reset_packet_infos()
114 Show various debug prints after each test.
116 super(TestMACIP, self).tearDown()
117 if not self.vpp_dead:
118 self.logger.info(self.vapi.ppcli("show interface address"))
119 self.logger.info(self.vapi.ppcli("show hardware"))
120 self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl"))
121 self.logger.info(self.vapi.ppcli("sh acl-plugin macip interface"))
122 self.logger.info(self.vapi.ppcli("sh classify tables verbose"))
123 # print self.vapi.ppcli("show interface address")
124 # print self.vapi.ppcli("show hardware")
125 # print self.vapi.ppcli("sh acl-plugin macip interface")
126 # print self.vapi.ppcli("sh acl-plugin macip acl")
129 def macip_acl_dump_debug(self):
130 acls = self.vapi.macip_acl_dump()
137 elif r.is_permit == 0:
139 print "IP6" if r.is_ipv6 else "IP4", \
141 r.src_mac.encode('hex'), \
142 r.src_mac_mask.encode('hex'),\
143 unpack('<16B', r.src_ip_addr), \
147 def create_acls(self, mac_type, ip_type, acl_count, rules_count):
149 src_mac = int("220000dead00", 16)
150 for acl in range(2, (acl_count+1) * 2):
151 host = random.choice(self.loop0.remote_hosts)
153 ip4 = host.ip4.split('.')
154 ip6 = list(unpack('<16B', inet_pton(AF_INET6, host.ip6)))
156 if ip_type == self.EXACT_IP:
159 elif ip_type == self.WILD_IP:
161 ip6 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
164 rules_count[(acl / 2) - 1] = 1
169 if mac_type == self.EXACT_MAC:
170 mask = "ff:ff:ff:ff:ff:ff"
171 elif mac_type == self.WILD_MAC:
172 mask = "00:00:00:00:00:00"
173 elif mac_type == self.OUI_MAC:
174 mask = "ff:ff:ff:00:00:00"
176 mask = "ff:ff:ff:ff:ff:00"
178 ip = ip6 if is_ip6 else ip4
179 ip_len = prefix_len6 if is_ip6 else prefix_len4
181 for i in range(0, rules_count[(acl / 2) - 1]):
183 if mac_type == self.WILD_MAC:
184 mac = "00:00:00:00:00:00"
185 elif mac_type == self.OUI_MAC:
186 mac = ':'.join(re.findall('..', '{:02x}'.format(
187 src_mac))[:3])+":00:00:00"
189 mac = ':'.join(re.findall('..', '{:02x}'.format(src_mac)))
191 if ip_type == self.EXACT_IP:
192 ip4[3] = random.randint(100, 200)
193 ip6[15] = random.randint(100, 200)
194 elif ip_type == self.SUBNET_IP:
195 ip4[2] = random.randint(100, 200)
197 ip6[8] = random.randint(100, 200)
200 for j in range(0, len(ip)):
201 ip_pack += pack('<B', int(ip[j]))
203 rule = ({'is_permit': self.PERMIT,
205 'src_ip_addr': ip_pack,
206 'src_ip_prefix_len': ip_len,
207 'src_mac': mac.replace(':', '').decode('hex'),
208 'src_mac_mask': mask.replace(':', '').decode('hex')})
210 if ip_type == self.WILD_IP:
213 reply = self.vapi.macip_acl_add_replace(rules)
214 self.assertEqual(reply.retval, 0)
215 self.ACLS.append(reply.acl_index)
218 src_mac += 1099511627776
220 def verify_acls(self, acl_count, rules_count, expected_count=2):
221 reply = self.macip_acl_dump_debug()
222 for acl in range(2, (acl_count+1) * 2):
223 self.assertEqual(reply[acl - 2].count, rules_count[acl/2-1])
225 self.vapi.macip_acl_interface_get()
227 self.vapi.macip_acl_interface_add_del(sw_if_index=0, acl_index=0)
228 self.vapi.macip_acl_interface_add_del(sw_if_index=1, acl_index=1)
230 reply = self.vapi.macip_acl_interface_get()
231 self.assertEqual(reply.count, expected_count)
233 def delete_acls(self):
234 for acl in range(len(self.ACLS)-1, -1, -1):
235 self.vapi.macip_acl_del(self.ACLS[acl])
237 reply = self.vapi.macip_acl_dump()
238 self.assertEqual(len(reply), 0)
240 def create_stream(self, mac_type, ip_type, packet_count,
241 src_ip_if, dst_ip_if, bridged_routed, is_ip6):
242 # exact MAC and exact IP
243 # exact MAC and subnet of IPs
244 # exact MAC and wildcard IP
245 # wildcard MAC and exact IP
246 # wildcard MAC and subnet of IPs
247 # wildcard MAC and wildcard IP
248 # OUI restricted MAC and exact IP
249 # OUI restricted MAC and subnet of IPs
250 # OUI restricted MAC and wildcard IP
257 mac_rule = "00:00:00:00:00:00"
258 mac_mask = "00:00:00:00:00:00"
259 for p in range(0, packet_count):
260 remote_dst_index = p % len(dst_ip_if.remote_hosts)
261 remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index]
265 is_permit = self.PERMIT if p % 3 == 0 else self.DENY
266 denyMAC = True if not is_permit and p % 3 == 1 else False
267 denyIP = True if not is_permit and p % 3 == 2 else False
268 if not is_permit and ip_type == self.WILD_IP:
270 if not is_permit and mac_type == self.WILD_MAC:
274 src_mac = remote_dst_host._mac
275 dst_mac = 'de:ad:00:00:00:00'
276 dst_ip6 = src_ip_if.remote_ip6
277 src_ip6 = remote_dst_host.ip6
278 dst_ip4 = src_ip_if.remote_ip4
279 src_ip4 = remote_dst_host.ip4
280 ip_permit = src_ip6 if is_ip6 else src_ip4
284 mac = src_mac.split(':')
285 mac[0] = format(int(mac[0], 16)+1, "02x")
286 src_mac = ":".join(mac)
292 if ip_type != self.WILD_IP:
294 dst_ip6 = src_ip_if.remote_ip6
295 src_ip6 = remote_dst_host.ip6
296 dst_ip4 = src_ip_if.remote_ip4
297 src_ip4 = remote_dst_host.ip4
299 src_mac = src_ip_if.remote_mac
300 dst_mac = src_ip_if.local_mac
301 src_ip6 = src_ip_if.remote_ip6
302 dst_ip6 = remote_dst_host.ip6
303 src_ip4 = src_ip_if.remote_ip4
304 dst_ip4 = remote_dst_host.ip4
307 info = self.create_packet_info(src_ip_if, dst_ip_if)
308 payload = self.info_to_payload(info)
310 payload = "to be blocked"
312 if mac_type == self.WILD_MAC:
313 mac = src_mac.split(':')
314 for i in range(1, 5):
315 mac[i] = format(random.randint(0, 255), "02x")
316 src_mac = ":".join(mac)
319 packet = Ether(src=src_mac, dst=dst_mac)
321 ip_rule = src_ip6 if is_ip6 else src_ip4
323 ip_rule = dst_ip6 if is_ip6 else dst_ip4
325 if ip_type != self.EXACT_IP:
326 sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip_rule)))
327 if ip_type == self.WILD_IP:
328 sub_ip[0] = random.randint(240, 254)
329 sub_ip[1] = random.randint(230, 239)
330 sub_ip[14] = random.randint(100, 199)
331 sub_ip[15] = random.randint(200, 255)
332 elif ip_type == self.SUBNET_IP:
334 sub_ip[2] = str(int(sub_ip[2]) + 1)
335 sub_ip[14] = random.randint(100, 199)
336 sub_ip[15] = random.randint(200, 255)
338 src_ip6 = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
340 dst_ip6 = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
341 packet /= IPv6(src=src_ip6, dst=dst_ip6)
343 if ip_type != self.EXACT_IP:
344 sub_ip = ip_rule.split('.')
345 if ip_type == self.WILD_IP:
346 sub_ip[0] = str(random.randint(1, 49))
347 sub_ip[1] = str(random.randint(50, 99))
348 sub_ip[2] = str(random.randint(100, 199))
349 sub_ip[3] = str(random.randint(200, 255))
350 elif ip_type == self.SUBNET_IP:
352 sub_ip[1] = str(int(sub_ip[1])+1)
353 sub_ip[2] = str(random.randint(100, 199))
354 sub_ip[3] = str(random.randint(200, 255))
356 src_ip4 = ".".join(sub_ip)
359 dst_ip4 = ".".join(sub_ip)
360 packet /= IP(src=src_ip4, dst=dst_ip4, frag=0, flags=0)
362 packet /= UDP(sport=src_port, dport=dst_port)/Raw(payload)
364 packet[Raw].load += " mac:"+src_mac
366 size = self.pg_if_packet_sizes[p % len(self.pg_if_packet_sizes)]
367 self.extend_packet(packet, size)
368 packets.append(packet)
370 # create suitable rule
371 if mac_type == self.EXACT_MAC:
373 mac_mask = "ff:ff:ff:ff:ff:ff"
374 elif mac_type == self.WILD_MAC:
375 mac_rule = "00:00:00:00:00:00"
376 mac_mask = "00:00:00:00:00:00"
377 elif mac_type == self.OUI_MAC:
378 mac = src_mac.split(':')
379 mac[3] = mac[4] = mac[5] = '00'
380 mac_rule = ":".join(mac)
381 mac_mask = "ff:ff:ff:00:00:00"
384 if ip_type == self.WILD_IP:
391 if ip_type == self.SUBNET_IP:
392 sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip)))
393 for i in range(8, 16):
395 ip = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
397 if ip_type == self.WILD_IP:
404 if ip_type == self.SUBNET_IP:
405 sub_ip = ip.split('.')
406 sub_ip[2] = sub_ip[3] = '0'
407 ip = ".".join(sub_ip)
409 prefix_len = 128 if is_ip6 else 32
410 if ip_type == self.WILD_IP:
412 elif ip_type == self.SUBNET_IP:
413 prefix_len = 64 if is_ip6 else 16
414 ip_rule = inet_pton(AF_INET6 if is_ip6 else AF_INET, ip)
416 if mac_type == self.WILD_MAC and ip_type == self.WILD_IP and p > 0:
420 rule = ({'is_permit': is_permit,
422 'src_ip_addr': ip_rule,
423 'src_ip_prefix_len': prefix_len,
424 'src_mac': mac_rule.replace(':', '').decode('hex'),
425 'src_mac_mask': mac_mask.replace(':', '').decode(
429 # deny all other packets
430 if not (mac_type == self.WILD_MAC and ip_type == self.WILD_IP):
431 rule = ({'is_permit': 0,
434 'src_ip_prefix_len': 0,
439 return {'stream': packets, 'rules': rules}
441 def verify_capture(self, stream, capture, is_ip6):
442 p_l3 = IPv6 if is_ip6 else IP
445 print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
447 acls = self.macip_acl_dump_debug()
452 # print r.src_mac.encode('hex'), \
453 # r.src_mac_mask.encode('hex'),\
454 # unpack('<16B', r.src_ip_addr), \
455 # r.src_ip_prefix_len
458 # print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
459 # data = p[Raw].load.split(':',1)[1]
460 # print p[p_l3].src, data
462 def run_traffic(self, mac_type, ip_type, bridged_routed, is_ip6, packets):
463 self.reset_packet_infos()
465 tx_if = self.pg0 if bridged_routed else self.pg2
466 rx_if = self.pg2 if bridged_routed else self.pg0
468 test_dict = self.create_stream(mac_type, ip_type, packets,
469 self.pg2, self.loop0,
470 bridged_routed, is_ip6)
472 reply = self.vapi.macip_acl_add_replace(test_dict['rules'])
473 self.assertEqual(reply.retval, 0)
474 acl_index = reply.acl_index
476 self.vapi.macip_acl_interface_add_del(sw_if_index=tx_if.sw_if_index,
478 reply = self.vapi.macip_acl_interface_get()
479 self.assertEqual(reply.acls[tx_if.sw_if_index], acl_index)
480 self.ACLS.append(reply.acls[tx_if.sw_if_index])
482 tx_if.add_stream(test_dict['stream'])
483 self.pg_enable_capture(self.pg_interfaces)
486 packet_count = self.get_packet_count_for_if_idx(self.loop0.sw_if_index)
487 if mac_type == self.WILD_MAC and ip_type == self.WILD_IP:
488 packet_count = packets
489 capture = rx_if.get_capture(packet_count)
490 self.verify_capture(test_dict['stream'], capture, is_ip6)
492 def run_test_acls(self, mac_type, ip_type, acl_count,
493 rules_count, traffic=None, ip=None):
494 self.create_acls(mac_type, ip_type, acl_count, rules_count)
495 self.verify_acls(acl_count, rules_count)
497 if traffic is not None:
498 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, traffic, ip, 9)
500 def test_acl_ip4_exactMAC_exactIP(self):
501 """ IP4 MACIP exactMAC|exactIP ACL
503 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
504 self.BRIDGED, self.IS_IP4, 9)
506 def test_acl_ip6_exactMAC_exactIP(self):
507 """ IP6 MACIP exactMAC|exactIP ACL
510 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
511 self.BRIDGED, self.IS_IP6, 9)
513 def test_acl_ip4_exactMAC_subnetIP(self):
514 """ IP4 MACIP exactMAC|subnetIP ACL
517 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
518 self.BRIDGED, self.IS_IP4, 9)
520 def test_acl_ip6_exactMAC_subnetIP(self):
521 """ IP6 MACIP exactMAC|subnetIP ACL
524 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
525 self.BRIDGED, self.IS_IP6, 9)
527 def test_acl_ip4_exactMAC_wildIP(self):
528 """ IP4 MACIP exactMAC|wildIP ACL
531 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
532 self.BRIDGED, self.IS_IP4, 9)
534 def test_acl_ip6_exactMAC_wildIP(self):
535 """ IP6 MACIP exactMAC|wildIP ACL
538 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
539 self.BRIDGED, self.IS_IP6, 9)
541 def test_acl_ip4_ouiMAC_exactIP(self):
542 """ IP4 MACIP ouiMAC|exactIP ACL
545 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
546 self.BRIDGED, self.IS_IP4, 3)
548 def test_acl_ip6_ouiMAC_exactIP(self):
549 """ IP6 MACIP oui_MAC|exactIP ACL
552 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
553 self.BRIDGED, self.IS_IP6, 9)
555 def test_acl_ip4_ouiMAC_subnetIP(self):
556 """ IP4 MACIP ouiMAC|subnetIP ACL
559 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
560 self.BRIDGED, self.IS_IP4, 9)
562 def test_acl_ip6_ouiMAC_subnetIP(self):
563 """ IP6 MACIP ouiMAC|subnetIP ACL
566 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
567 self.BRIDGED, self.IS_IP6, 9)
569 def test_acl_ip4_ouiMAC_wildIP(self):
570 """ IP4 MACIP ouiMAC|wildIP ACL
573 self.run_traffic(self.OUI_MAC, self.WILD_IP,
574 self.BRIDGED, self.IS_IP4, 9)
576 def test_acl_ip6_ouiMAC_wildIP(self):
577 """ IP6 MACIP ouiMAC|wildIP ACL
580 self.run_traffic(self.OUI_MAC, self.WILD_IP,
581 self.BRIDGED, self.IS_IP6, 9)
583 def test_acl_ip4_wildMAC_exactIP(self):
584 """ IP4 MACIP wildcardMAC|exactIP ACL
587 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
588 self.BRIDGED, self.IS_IP4, 9)
590 def test_acl_ip6_wildMAC_exactIP(self):
591 """ IP6 MACIP wildcardMAC|exactIP ACL
594 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
595 self.BRIDGED, self.IS_IP6, 9)
597 def test_acl_ip4_wildMAC_subnetIP(self):
598 """ IP4 MACIP wildcardMAC|subnetIP ACL
601 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
602 self.BRIDGED, self.IS_IP4, 9)
604 def test_acl_ip6_wildMAC_subnetIP(self):
605 """ IP6 MACIP wildcardMAC|subnetIP ACL
608 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
609 self.BRIDGED, self.IS_IP6, 9)
611 def test_acl_ip4_wildMAC_wildIP(self):
612 """ IP4 MACIP wildcardMAC|wildIP ACL
615 self.run_traffic(self.WILD_MAC, self.WILD_IP,
616 self.BRIDGED, self.IS_IP4, 9)
618 def test_acl_ip6_wildMAC_wildIP(self):
619 """ IP6 MACIP wildcardMAC|wildIP ACL
622 self.run_traffic(self.WILD_MAC, self.WILD_IP,
623 self.BRIDGED, self.IS_IP6, 9)
625 def test_acl_1_2(self):
626 """ MACIP ACL with 2 entries
629 self.run_test_acls(self.EXACT_MAC, self.WILD_IP, 1, [2])
631 def test_acl_1_5(self):
632 """ MACIP ACL with 5 entries
635 self.run_test_acls(self.EXACT_MAC, self.SUBNET_IP, 1, [5])
637 def test_acl_1_10(self):
638 """ MACIP ACL with 10 entries
641 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 1, [10])
643 def test_acl_1_20(self):
644 """ MACIP ACL with 20 entries
647 self.run_test_acls(self.OUI_MAC, self.WILD_IP, 1, [20])
649 def test_acl_1_50(self):
650 """ MACIP ACL with 50 entries
653 self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 1, [50])
655 def test_acl_1_100(self):
656 """ MACIP ACL with 100 entries
659 self.run_test_acls(self.OUI_MAC, self.EXACT_IP, 1, [100])
661 def test_acl_2_X(self):
662 """ MACIP 2 ACLs each with 100+ entries
665 self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 2, [100, 200])
667 def test_acl_10_X(self):
668 """ MACIP 10 ACLs each with 100+ entries
671 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
672 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240])
674 def test_acl_10_X_traffic_ip4(self):
675 """ MACIP 10 ACLs each with 100+ entries with IP4 traffic
678 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
679 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
680 self.BRIDGED, self.IS_IP4)
682 def test_acl_10_X_traffic_ip6(self):
683 """ MACIP 10 ACLs each with 100+ entries with IP6 traffic
686 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
687 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
688 self.BRIDGED, self.IS_IP6)
690 def test_delete_intf(self):
691 """ MACIP ACL delete intf with acl
694 intf_count = len(self.interfaces)+1
695 rules_count = [3, 5, 4]
697 self.create_acls(self.EXACT_IP, self.EXACT_MAC, 3, rules_count)
699 intf.append(VppLoInterface(self, 0))
700 intf.append(VppLoInterface(self, 1))
702 sw_if_index0 = intf[0].sw_if_index
703 self.vapi.macip_acl_interface_add_del(sw_if_index0, 1)
705 reply = self.vapi.macip_acl_interface_get()
706 self.assertEqual(reply.count, intf_count+1)
707 self.assertEqual(reply.acls[sw_if_index0], 1)
709 sw_if_index1 = intf[1].sw_if_index
710 self.vapi.macip_acl_interface_add_del(sw_if_index1, 0)
712 reply = self.vapi.macip_acl_interface_get()
713 self.assertEqual(reply.count, intf_count+2)
714 self.assertEqual(reply.acls[sw_if_index1], 0)
716 intf[0].remove_vpp_config()
717 reply = self.vapi.macip_acl_interface_get()
718 self.assertEqual(reply.count, intf_count+2)
719 self.assertEqual(reply.acls[sw_if_index0], 4294967295)
720 self.assertEqual(reply.acls[sw_if_index1], 0)
722 intf.append(VppLoInterface(self, 2))
723 intf.append(VppLoInterface(self, 3))
724 sw_if_index2 = intf[2].sw_if_index
725 sw_if_index3 = intf[3].sw_if_index
726 self.vapi.macip_acl_interface_add_del(sw_if_index2, 1)
727 self.vapi.macip_acl_interface_add_del(sw_if_index3, 1)
729 reply = self.vapi.macip_acl_interface_get()
730 self.assertEqual(reply.count, intf_count+3)
731 self.assertEqual(reply.acls[sw_if_index1], 0)
732 self.assertEqual(reply.acls[sw_if_index2], 1)
733 self.assertEqual(reply.acls[sw_if_index3], 1)
735 intf[2].remove_vpp_config()
736 intf[1].remove_vpp_config()
738 reply = self.vapi.macip_acl_interface_get()
739 self.assertEqual(reply.count, intf_count+3)
740 self.assertEqual(reply.acls[sw_if_index0], 4294967295)
741 self.assertEqual(reply.acls[sw_if_index1], 4294967295)
742 self.assertEqual(reply.acls[sw_if_index2], 4294967295)
743 self.assertEqual(reply.acls[sw_if_index3], 1)
745 intf[3].remove_vpp_config()
746 reply = self.vapi.macip_acl_interface_get()
748 self.assertEqual(len([x for x in reply.acls if x != 4294967295]), 0)
750 @unittest.skipUnless(running_extended_tests(), "part of extended tests")
751 def test_check(self):
752 """ MACIP with routed traffic
754 # TODO: routed do not work yet !!!
755 # self.run_traffic(self.EXACT_IP, self.EXACT_MAC, False, False, 9)
756 # self.run_traffic(self.EXACT_IP, self.EXACT_MAC, False, True, 9)
759 if __name__ == '__main__':
760 unittest.main(testRunner=VppTestRunner)