2 """ACL plugin - MACIP tests
8 from socket import inet_ntop, inet_pton, AF_INET, AF_INET6
10 from scapy.packet import Raw
11 from scapy.layers.l2 import Ether
12 from scapy.layers.inet import IP, UDP, TCP
13 from scapy.layers.inet6 import IPv6
15 from framework import VppTestCase, VppTestRunner, running_extended_tests
16 from vpp_lo_interface import VppLoInterface
19 class TestMACIP(VppTestCase):
48 Perform standard class setup (defined by class method setUpClass in
49 class VppTestCase) before running the test case, set test case related
50 variables and configure VPP.
52 super(TestMACIP, cls).setUpClass()
54 cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes
56 cls.remote_hosts_count = 250
59 # create 3 pg interfaces, 1 loopback interface
60 cls.create_pg_interfaces(range(3))
61 cls.create_loopback_interfaces(range(1))
63 cls.interfaces = list(cls.pg_interfaces)
64 cls.interfaces.extend(cls.lo_interfaces)
66 for i in cls.interfaces:
69 # Create BD with MAC learning enabled and put interfaces to this BD
70 cls.vapi.sw_interface_set_l2_bridge(
71 cls.loop0.sw_if_index, bd_id=cls.bd_id, bvi=1)
72 cls.vapi.sw_interface_set_l2_bridge(
73 cls.pg0.sw_if_index, bd_id=cls.bd_id)
74 cls.vapi.sw_interface_set_l2_bridge(
75 cls.pg1.sw_if_index, bd_id=cls.bd_id)
77 # Configure IPv4 addresses on loop interface and routed interface
78 cls.loop0.config_ip4()
79 cls.loop0.config_ip6()
83 # Configure MAC address binding to IPv4 neighbors on loop0
84 cls.loop0.generate_remote_hosts(cls.remote_hosts_count)
85 # Modify host mac addresses to have different OUI parts
86 for i in range(2, cls.remote_hosts_count + 2):
87 mac = cls.loop0.remote_hosts[i-2]._mac.split(':')
88 mac[2] = format(int(mac[2], 16) + i, "02x")
89 cls.loop0.remote_hosts[i - 2]._mac = ":".join(mac)
91 cls.loop0.configure_ipv4_neighbors()
92 cls.loop0.configure_ipv6_neighbors()
93 # configure MAC address on pg2
97 # Loopback BVI interface has remote hosts
98 # one half of hosts are behind pg0 second behind pg1
99 half = cls.remote_hosts_count // 2
100 cls.pg0.remote_hosts = cls.loop0.remote_hosts[:half]
101 cls.pg1.remote_hosts = cls.loop0.remote_hosts[half:]
104 super(TestMACIP, cls).tearDownClass()
108 super(TestMACIP, self).setUp()
109 self.reset_packet_infos()
114 Show various debug prints after each test.
116 super(TestMACIP, self).tearDown()
117 if not self.vpp_dead:
118 self.logger.info(self.vapi.ppcli("show interface address"))
119 self.logger.info(self.vapi.ppcli("show hardware"))
120 self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl"))
121 self.logger.info(self.vapi.ppcli("sh acl-plugin macip interface"))
122 self.logger.info(self.vapi.ppcli("sh classify tables verbose"))
123 # print self.vapi.ppcli("show interface address")
124 # print self.vapi.ppcli("show hardware")
125 # print self.vapi.ppcli("sh acl-plugin macip interface")
126 # print self.vapi.ppcli("sh acl-plugin macip acl")
129 def macip_acl_dump_debug(self):
130 acls = self.vapi.macip_acl_dump()
133 print "ACL #"+str(acl.acl_index)
138 elif r.is_permit == 0:
140 print " IP6" if r.is_ipv6 else " IP4", \
142 r.src_mac.encode('hex'), \
143 r.src_mac_mask.encode('hex'),\
144 unpack('<16B', r.src_ip_addr), \
148 def create_rules(self, mac_type=EXACT_MAC, ip_type=EXACT_IP,
149 acl_count=1, rules_count=[1]):
151 src_mac = int("220000dead00", 16)
152 for acl in range(2, (acl_count+1) * 2):
154 host = random.choice(self.loop0.remote_hosts)
156 ip4 = host.ip4.split('.')
157 ip6 = list(unpack('<16B', inet_pton(AF_INET6, host.ip6)))
159 if ip_type == self.EXACT_IP:
162 elif ip_type == self.WILD_IP:
164 ip6 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
167 rules_count[(acl / 2) - 1] = 1
172 if mac_type == self.EXACT_MAC:
173 mask = "ff:ff:ff:ff:ff:ff"
174 elif mac_type == self.WILD_MAC:
175 mask = "00:00:00:00:00:00"
176 elif mac_type == self.OUI_MAC:
177 mask = "ff:ff:ff:00:00:00"
179 mask = "ff:ff:ff:ff:ff:00"
181 ip = ip6 if is_ip6 else ip4
182 ip_len = prefix_len6 if is_ip6 else prefix_len4
184 for i in range(0, rules_count[(acl / 2) - 1]):
186 if mac_type == self.WILD_MAC:
187 mac = "00:00:00:00:00:00"
188 elif mac_type == self.OUI_MAC:
189 mac = ':'.join(re.findall('..', '{:02x}'.format(
190 src_mac))[:3])+":00:00:00"
192 mac = ':'.join(re.findall('..', '{:02x}'.format(src_mac)))
194 if ip_type == self.EXACT_IP:
195 ip4[3] = random.randint(100, 200)
196 ip6[15] = random.randint(100, 200)
197 elif ip_type == self.SUBNET_IP:
198 ip4[2] = random.randint(100, 200)
200 ip6[8] = random.randint(100, 200)
203 for j in range(0, len(ip)):
204 ip_pack += pack('<B', int(ip[j]))
206 rule = ({'is_permit': self.PERMIT,
208 'src_ip_addr': ip_pack,
209 'src_ip_prefix_len': ip_len,
210 'src_mac': mac.replace(':', '').decode('hex'),
211 'src_mac_mask': mask.replace(':', '').decode('hex')})
213 if ip_type == self.WILD_IP:
217 src_mac += 1099511627776
220 def apply_rules(self, acls):
222 reply = self.vapi.macip_acl_add(acl)
223 self.assertEqual(reply.retval, 0)
224 self.ACLS.append(reply.acl_index)
226 def verify_acls(self, acl_count, rules_count, expected_count=2):
227 reply = self.macip_acl_dump_debug()
228 for acl in range(2, (acl_count+1) * 2):
229 self.assertEqual(reply[acl - 2].count, rules_count[acl/2-1])
231 self.vapi.macip_acl_interface_get()
233 self.vapi.macip_acl_interface_add_del(sw_if_index=0, acl_index=0)
234 self.vapi.macip_acl_interface_add_del(sw_if_index=1, acl_index=1)
236 reply = self.vapi.macip_acl_interface_get()
237 self.assertEqual(reply.count, expected_count)
239 def delete_acls(self):
240 for acl in range(len(self.ACLS)-1, -1, -1):
241 self.vapi.macip_acl_del(self.ACLS[acl])
243 reply = self.vapi.macip_acl_dump()
244 self.assertEqual(len(reply), 0)
246 def create_stream(self, mac_type, ip_type, packet_count,
247 src_ip_if, dst_ip_if, bridged_routed, is_ip6):
248 # exact MAC and exact IP
249 # exact MAC and subnet of IPs
250 # exact MAC and wildcard IP
251 # wildcard MAC and exact IP
252 # wildcard MAC and subnet of IPs
253 # wildcard MAC and wildcard IP
254 # OUI restricted MAC and exact IP
255 # OUI restricted MAC and subnet of IPs
256 # OUI restricted MAC and wildcard IP
263 mac_rule = "00:00:00:00:00:00"
264 mac_mask = "00:00:00:00:00:00"
265 for p in range(0, packet_count):
266 remote_dst_index = p % len(dst_ip_if.remote_hosts)
267 remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index]
271 is_permit = self.PERMIT if p % 3 == 0 else self.DENY
272 denyMAC = True if not is_permit and p % 3 == 1 else False
273 denyIP = True if not is_permit and p % 3 == 2 else False
274 if not is_permit and ip_type == self.WILD_IP:
276 if not is_permit and mac_type == self.WILD_MAC:
279 if bridged_routed == self.BRIDGED:
281 src_mac = remote_dst_host._mac
282 dst_mac = 'de:ad:00:00:00:00'
283 src_ip4 = remote_dst_host.ip4
284 dst_ip4 = src_ip_if.remote_ip4
285 src_ip6 = remote_dst_host.ip6
286 dst_ip6 = src_ip_if.remote_ip6
287 ip_permit = src_ip6 if is_ip6 else src_ip4
290 mac = src_mac.split(':')
291 mac[0] = format(int(mac[0], 16)+1, "02x")
292 src_mac = ":".join(mac)
298 if ip_type != self.WILD_IP:
300 src_ip4 = remote_dst_host.ip4
301 dst_ip4 = src_ip_if.remote_ip4
302 src_ip6 = remote_dst_host.ip6
303 dst_ip6 = src_ip_if.remote_ip6
306 src_mac = remote_dst_host._mac
307 dst_mac = src_ip_if.local_mac
308 src_ip4 = src_ip_if.remote_ip4
309 dst_ip4 = remote_dst_host.ip4
310 src_ip6 = src_ip_if.remote_ip6
311 dst_ip6 = remote_dst_host.ip6
312 ip_permit = src_ip6 if is_ip6 else src_ip4
315 mac = src_mac.split(':')
316 mac[0] = format(int(mac[0], 16) + 1, "02x")
317 src_mac = ":".join(mac)
323 src_mac = remote_dst_host._mac
324 if ip_type != self.WILD_IP:
326 src_ip4 = remote_dst_host.ip4
327 dst_ip4 = src_ip_if.remote_ip4
328 src_ip6 = remote_dst_host.ip6
329 dst_ip6 = src_ip_if.remote_ip6
332 info = self.create_packet_info(src_ip_if, dst_ip_if)
333 payload = self.info_to_payload(info)
335 payload = "to be blocked"
337 if mac_type == self.WILD_MAC:
338 mac = src_mac.split(':')
339 for i in range(1, 5):
340 mac[i] = format(random.randint(0, 255), "02x")
341 src_mac = ":".join(mac)
344 packet = Ether(src=src_mac, dst=dst_mac)
345 ip_rule = src_ip6 if is_ip6 else src_ip4
347 if ip_type != self.EXACT_IP:
348 sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip_rule)))
349 if ip_type == self.WILD_IP:
350 sub_ip[0] = random.randint(240, 254)
351 sub_ip[1] = random.randint(230, 239)
352 sub_ip[14] = random.randint(100, 199)
353 sub_ip[15] = random.randint(200, 255)
354 elif ip_type == self.SUBNET_IP:
356 sub_ip[2] = str(int(sub_ip[2]) + 1)
357 sub_ip[14] = random.randint(100, 199)
358 sub_ip[15] = random.randint(200, 255)
359 src_ip6 = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
360 packet /= IPv6(src=src_ip6, dst=dst_ip6)
362 if ip_type != self.EXACT_IP:
363 sub_ip = ip_rule.split('.')
364 if ip_type == self.WILD_IP:
365 sub_ip[0] = str(random.randint(1, 49))
366 sub_ip[1] = str(random.randint(50, 99))
367 sub_ip[2] = str(random.randint(100, 199))
368 sub_ip[3] = str(random.randint(200, 255))
369 elif ip_type == self.SUBNET_IP:
371 sub_ip[1] = str(int(sub_ip[1])+1)
372 sub_ip[2] = str(random.randint(100, 199))
373 sub_ip[3] = str(random.randint(200, 255))
374 src_ip4 = ".".join(sub_ip)
375 packet /= IP(src=src_ip4, dst=dst_ip4, frag=0, flags=0)
377 packet /= UDP(sport=src_port, dport=dst_port)/Raw(payload)
379 packet[Raw].load += " mac:"+src_mac
381 size = self.pg_if_packet_sizes[p % len(self.pg_if_packet_sizes)]
382 self.extend_packet(packet, size)
383 packets.append(packet)
385 # create suitable rule
386 if mac_type == self.EXACT_MAC:
388 mac_mask = "ff:ff:ff:ff:ff:ff"
389 elif mac_type == self.WILD_MAC:
390 mac_rule = "00:00:00:00:00:00"
391 mac_mask = "00:00:00:00:00:00"
392 elif mac_type == self.OUI_MAC:
393 mac = src_mac.split(':')
394 mac[3] = mac[4] = mac[5] = '00'
395 mac_rule = ":".join(mac)
396 mac_mask = "ff:ff:ff:00:00:00"
399 if ip_type == self.WILD_IP:
403 if ip_type == self.SUBNET_IP:
404 sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip)))
405 for i in range(8, 16):
407 ip = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
409 if ip_type == self.WILD_IP:
413 if ip_type == self.SUBNET_IP:
414 sub_ip = ip.split('.')
415 sub_ip[2] = sub_ip[3] = '0'
416 ip = ".".join(sub_ip)
418 prefix_len = 128 if is_ip6 else 32
419 if ip_type == self.WILD_IP:
421 elif ip_type == self.SUBNET_IP:
422 prefix_len = 64 if is_ip6 else 16
423 ip_rule = inet_pton(AF_INET6 if is_ip6 else AF_INET, ip)
425 if mac_type == self.WILD_MAC and ip_type == self.WILD_IP and p > 0:
429 rule = ({'is_permit': is_permit,
431 'src_ip_addr': ip_rule,
432 'src_ip_prefix_len': prefix_len,
433 'src_mac': mac_rule.replace(':', '').decode('hex'),
434 'src_mac_mask': mac_mask.replace(':', '').decode(
438 # deny all other packets
439 if not (mac_type == self.WILD_MAC and ip_type == self.WILD_IP):
440 rule = ({'is_permit': 0,
443 'src_ip_prefix_len': 0,
448 return {'stream': packets, 'rules': rules}
450 def verify_capture(self, stream, capture, is_ip6):
451 p_l3 = IPv6 if is_ip6 else IP
454 print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
456 acls = self.macip_acl_dump_debug()
461 # print r.src_mac.encode('hex'), \
462 # r.src_mac_mask.encode('hex'),\
463 # unpack('<16B', r.src_ip_addr), \
464 # r.src_ip_prefix_len
467 # print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
468 # data = p[Raw].load.split(':',1)[1]
469 # print p[p_l3].src, data
471 def run_traffic(self, mac_type, ip_type, bridged_routed, is_ip6, packets,
472 do_not_expected_capture=False):
473 self.reset_packet_infos()
475 tx_if = self.pg0 if bridged_routed == self.BRIDGED else self.pg2
476 rx_if = self.pg2 if bridged_routed == self.BRIDGED else self.pg0
478 test_dict = self.create_stream(mac_type, ip_type, packets,
479 self.pg2, self.loop0,
483 reply = self.vapi.macip_acl_add(test_dict['rules'])
484 self.assertEqual(reply.retval, 0)
485 acl_index = reply.acl_index
487 self.vapi.macip_acl_interface_add_del(sw_if_index=tx_if.sw_if_index,
489 reply = self.vapi.macip_acl_interface_get()
490 self.assertEqual(reply.acls[tx_if.sw_if_index], acl_index)
491 self.ACLS.append(reply.acls[tx_if.sw_if_index])
493 tx_if.add_stream(test_dict['stream'])
494 self.pg_enable_capture(self.pg_interfaces)
497 if do_not_expected_capture:
500 packet_count = self.get_packet_count_for_if_idx(
501 self.loop0.sw_if_index)
502 if mac_type == self.WILD_MAC and ip_type == self.WILD_IP:
503 packet_count = packets if bridged_routed else packet_count
504 capture = rx_if.get_capture(packet_count)
505 self.verify_capture(test_dict['stream'], capture, is_ip6)
507 def run_test_acls(self, mac_type, ip_type, acl_count,
508 rules_count, traffic=None, ip=None):
509 self.apply_rules(self.create_rules(mac_type, ip_type, acl_count,
511 self.verify_acls(acl_count, rules_count)
513 if traffic is not None:
514 self.run_traffic(self.EXACT_MAC, self.EXACT_IP, traffic, ip, 9)
516 def test_acl_bridged_ip4_exactMAC_exactIP(self):
517 """ IP4 MACIP exactMAC|exactIP ACL bridged traffic
519 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
520 self.BRIDGED, self.IS_IP4, 9)
522 def test_acl_bridged_ip6_exactMAC_exactIP(self):
523 """ IP6 MACIP exactMAC|exactIP ACL bridged traffic
526 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
527 self.BRIDGED, self.IS_IP6, 9)
529 def test_acl_bridged_ip4_exactMAC_subnetIP(self):
530 """ IP4 MACIP exactMAC|subnetIP ACL bridged traffic
533 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
534 self.BRIDGED, self.IS_IP4, 9)
536 def test_acl_bridged_ip6_exactMAC_subnetIP(self):
537 """ IP6 MACIP exactMAC|subnetIP ACL bridged traffic
540 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
541 self.BRIDGED, self.IS_IP6, 9)
543 def test_acl_bridged_ip4_exactMAC_wildIP(self):
544 """ IP4 MACIP exactMAC|wildIP ACL bridged traffic
547 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
548 self.BRIDGED, self.IS_IP4, 9)
550 def test_acl_bridged_ip6_exactMAC_wildIP(self):
551 """ IP6 MACIP exactMAC|wildIP ACL bridged traffic
554 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
555 self.BRIDGED, self.IS_IP6, 9)
557 def test_acl_bridged_ip4_ouiMAC_exactIP(self):
558 """ IP4 MACIP ouiMAC|exactIP ACL bridged traffic
561 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
562 self.BRIDGED, self.IS_IP4, 3)
564 def test_acl_bridged_ip6_ouiMAC_exactIP(self):
565 """ IP6 MACIP oui_MAC|exactIP ACL bridged traffic
568 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
569 self.BRIDGED, self.IS_IP6, 9)
571 def test_acl_bridged_ip4_ouiMAC_subnetIP(self):
572 """ IP4 MACIP ouiMAC|subnetIP ACL bridged traffic
575 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
576 self.BRIDGED, self.IS_IP4, 9)
578 def test_acl_bridged_ip6_ouiMAC_subnetIP(self):
579 """ IP6 MACIP ouiMAC|subnetIP ACL bridged traffic
582 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
583 self.BRIDGED, self.IS_IP6, 9)
585 def test_acl_bridged_ip4_ouiMAC_wildIP(self):
586 """ IP4 MACIP ouiMAC|wildIP ACL bridged traffic
589 self.run_traffic(self.OUI_MAC, self.WILD_IP,
590 self.BRIDGED, self.IS_IP4, 9)
592 def test_acl_bridged_ip6_ouiMAC_wildIP(self):
593 """ IP6 MACIP ouiMAC|wildIP ACL bridged traffic
596 self.run_traffic(self.OUI_MAC, self.WILD_IP,
597 self.BRIDGED, self.IS_IP6, 9)
599 def test_ac_bridgedl_ip4_wildMAC_exactIP(self):
600 """ IP4 MACIP wildcardMAC|exactIP ACL bridged traffic
603 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
604 self.BRIDGED, self.IS_IP4, 9)
606 def test_acl_bridged_ip6_wildMAC_exactIP(self):
607 """ IP6 MACIP wildcardMAC|exactIP ACL bridged traffic
610 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
611 self.BRIDGED, self.IS_IP6, 9)
613 def test_acl_bridged_ip4_wildMAC_subnetIP(self):
614 """ IP4 MACIP wildcardMAC|subnetIP ACL bridged traffic
617 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
618 self.BRIDGED, self.IS_IP4, 9)
620 def test_acl_bridged_ip6_wildMAC_subnetIP(self):
621 """ IP6 MACIP wildcardMAC|subnetIP ACL bridged traffic
624 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
625 self.BRIDGED, self.IS_IP6, 9)
627 def test_acl_bridged_ip4_wildMAC_wildIP(self):
628 """ IP4 MACIP wildcardMAC|wildIP ACL bridged traffic
631 self.run_traffic(self.WILD_MAC, self.WILD_IP,
632 self.BRIDGED, self.IS_IP4, 9)
634 def test_acl_bridged_ip6_wildMAC_wildIP(self):
635 """ IP6 MACIP wildcardMAC|wildIP ACL bridged traffic
638 self.run_traffic(self.WILD_MAC, self.WILD_IP,
639 self.BRIDGED, self.IS_IP6, 9)
641 def test_acl_routed_ip4_exactMAC_exactIP(self):
642 """ IP4 MACIP exactMAC|exactIP ACL routed traffic
644 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
645 self.ROUTED, self.IS_IP4, 9)
647 def test_acl_routed_ip6_exactMAC_exactIP(self):
648 """ IP6 MACIP exactMAC|exactIP ACL routed traffic
651 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
652 self.ROUTED, self.IS_IP6, 9)
654 def test_acl_routed_ip4_exactMAC_subnetIP(self):
655 """ IP4 MACIP exactMAC|subnetIP ACL routed traffic
657 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
658 self.ROUTED, self.IS_IP4, 9)
660 def test_acl_routed_ip6_exactMAC_subnetIP(self):
661 """ IP6 MACIP exactMAC|subnetIP ACL routed traffic
664 self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
665 self.ROUTED, self.IS_IP6, 9)
667 def test_acl_routed_ip4_exactMAC_wildIP(self):
668 """ IP4 MACIP exactMAC|wildIP ACL routed traffic
670 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
671 self.ROUTED, self.IS_IP4, 9)
673 def test_acl_routed_ip6_exactMAC_wildIP(self):
674 """ IP6 MACIP exactMAC|wildIP ACL routed traffic
677 self.run_traffic(self.EXACT_MAC, self.WILD_IP,
678 self.ROUTED, self.IS_IP6, 9)
680 def test_acl_routed_ip4_ouiMAC_exactIP(self):
681 """ IP4 MACIP ouiMAC|exactIP ACL routed traffic
684 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
685 self.ROUTED, self.IS_IP4, 9)
687 def test_acl_routed_ip6_ouiMAC_exactIP(self):
688 """ IP6 MACIP ouiMAC|exactIP ACL routed traffic
691 self.run_traffic(self.OUI_MAC, self.EXACT_IP,
692 self.ROUTED, self.IS_IP6, 9)
694 def test_acl_routed_ip4_ouiMAC_subnetIP(self):
695 """ IP4 MACIP ouiMAC|subnetIP ACL routed traffic
698 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
699 self.ROUTED, self.IS_IP4, 9)
701 def test_acl_routed_ip6_ouiMAC_subnetIP(self):
702 """ IP6 MACIP ouiMAC|subnetIP ACL routed traffic
705 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
706 self.ROUTED, self.IS_IP6, 9)
708 def test_acl_routed_ip4_ouiMAC_wildIP(self):
709 """ IP4 MACIP ouiMAC|wildIP ACL routed traffic
712 self.run_traffic(self.OUI_MAC, self.WILD_IP,
713 self.ROUTED, self.IS_IP4, 9)
715 def test_acl_routed_ip6_ouiMAC_wildIP(self):
716 """ IP6 MACIP ouiMAC|wildIP ACL routed traffic
719 self.run_traffic(self.OUI_MAC, self.WILD_IP,
720 self.ROUTED, self.IS_IP6, 9)
722 def test_acl_routed_ip4_wildMAC_exactIP(self):
723 """ IP4 MACIP wildcardMAC|exactIP ACL routed traffic
726 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
727 self.ROUTED, self.IS_IP4, 9)
729 def test_acl_routed_ip6_wildMAC_exactIP(self):
730 """ IP6 MACIP wildcardMAC|exactIP ACL routed traffic
733 self.run_traffic(self.WILD_MAC, self.EXACT_IP,
734 self.ROUTED, self.IS_IP6, 9)
736 def test_acl_routed_ip4_wildMAC_subnetIP(self):
737 """ IP4 MACIP wildcardMAC|subnetIP ACL routed traffic
740 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
741 self.ROUTED, self.IS_IP4, 9)
743 def test_acl_routed_ip6_wildMAC_subnetIP(self):
744 """ IP6 MACIP wildcardMAC|subnetIP ACL routed traffic
747 self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
748 self.ROUTED, self.IS_IP6, 9)
750 def test_acl_1_2(self):
751 """ MACIP ACL with 2 entries
754 self.run_test_acls(self.EXACT_MAC, self.WILD_IP, 1, [2])
756 def test_acl_1_5(self):
757 """ MACIP ACL with 5 entries
760 self.run_test_acls(self.EXACT_MAC, self.SUBNET_IP, 1, [5])
762 def test_acl_1_10(self):
763 """ MACIP ACL with 10 entries
766 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 1, [10])
768 def test_acl_1_20(self):
769 """ MACIP ACL with 20 entries
772 self.run_test_acls(self.OUI_MAC, self.WILD_IP, 1, [20])
774 def test_acl_1_50(self):
775 """ MACIP ACL with 50 entries
778 self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 1, [50])
780 def test_acl_1_100(self):
781 """ MACIP ACL with 100 entries
784 self.run_test_acls(self.OUI_MAC, self.EXACT_IP, 1, [100])
786 def test_acl_2_X(self):
787 """ MACIP 2 ACLs each with 100+ entries
790 self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 2, [100, 200])
792 def test_acl_10_X(self):
793 """ MACIP 10 ACLs each with 100+ entries
796 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
797 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240])
799 def test_acl_10_X_traffic_ip4(self):
800 """ MACIP 10 ACLs each with 100+ entries with IP4 traffic
803 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
804 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
805 self.BRIDGED, self.IS_IP4)
807 def test_acl_10_X_traffic_ip6(self):
808 """ MACIP 10 ACLs each with 100+ entries with IP6 traffic
811 self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
812 [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
813 self.BRIDGED, self.IS_IP6)
815 def test_acl_replace(self):
816 """ MACIP replace ACL
819 r1 = self.create_rules(acl_count=3, rules_count=[2, 2, 2])
820 r2 = self.create_rules(mac_type=self.OUI_MAC, ip_type=self.SUBNET_IP)
823 acls_before = self.macip_acl_dump_debug()
825 # replace acls #2, #3 with new
826 reply = self.vapi.macip_acl_add_replace(r2[0], 2)
827 self.assertEqual(reply.retval, 0)
828 self.assertEqual(reply.acl_index, 2)
829 reply = self.vapi.macip_acl_add_replace(r2[1], 3)
830 self.assertEqual(reply.retval, 0)
831 self.assertEqual(reply.acl_index, 3)
833 acls_after = self.macip_acl_dump_debug()
836 self.assertEqual(len(acls_before), len(acls_after))
837 for acl1, acl2 in zip(
838 acls_before[:2]+acls_before[4:],
839 acls_after[:2]+acls_after[4:]):
840 self.assertEqual(len(acl1), len(acl2))
842 self.assertEqual(len(acl1.r), len(acl2.r))
843 for r1, r2 in zip(acl1.r, acl2.r):
844 self.assertEqual(len(acl1.r), len(acl2.r))
845 self.assertEqual(acl1.r, acl2.r)
846 for acl1, acl2 in zip(
849 self.assertEqual(len(acl1), len(acl2))
851 self.assertNotEqual(len(acl1.r), len(acl2.r))
852 for r1, r2 in zip(acl1.r, acl2.r):
853 self.assertNotEqual(len(acl1.r), len(acl2.r))
854 self.assertNotEqual(acl1.r, acl2.r)
856 def test_acl_replace_traffic_ip4(self):
857 """ MACIP replace ACL with IP4 traffic
859 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
860 self.BRIDGED, self.IS_IP4, 9)
862 r = self.create_rules()
863 # replace acls #2, #3 with new
864 reply = self.vapi.macip_acl_add_replace(r[0], 0)
865 self.assertEqual(reply.retval, 0)
866 self.assertEqual(reply.acl_index, 0)
868 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
869 self.BRIDGED, self.IS_IP4, 9, True)
871 def test_acl_replace_traffic_ip6(self):
872 """ MACIP replace ACL with IP6 traffic
874 self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
875 self.BRIDGED, self.IS_IP6, 9)
877 r = self.create_rules()
878 # replace acls #2, #3 with new
879 reply = self.vapi.macip_acl_add_replace(r[0], 0)
880 self.assertEqual(reply.retval, 0)
881 self.assertEqual(reply.acl_index, 0)
883 self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
884 self.BRIDGED, self.IS_IP6, 9, True)
886 def test_delete_intf(self):
887 """ MACIP ACL delete intf with acl
890 intf_count = len(self.interfaces)+1
892 self.apply_rules(self.create_rules(acl_count=3, rules_count=[3, 5, 4]))
894 intf.append(VppLoInterface(self, 0))
895 intf.append(VppLoInterface(self, 1))
897 sw_if_index0 = intf[0].sw_if_index
898 self.vapi.macip_acl_interface_add_del(sw_if_index0, 1)
900 reply = self.vapi.macip_acl_interface_get()
901 self.assertEqual(reply.count, intf_count+1)
902 self.assertEqual(reply.acls[sw_if_index0], 1)
904 sw_if_index1 = intf[1].sw_if_index
905 self.vapi.macip_acl_interface_add_del(sw_if_index1, 0)
907 reply = self.vapi.macip_acl_interface_get()
908 self.assertEqual(reply.count, intf_count+2)
909 self.assertEqual(reply.acls[sw_if_index1], 0)
911 intf[0].remove_vpp_config()
912 reply = self.vapi.macip_acl_interface_get()
913 self.assertEqual(reply.count, intf_count+2)
914 self.assertEqual(reply.acls[sw_if_index0], 4294967295)
915 self.assertEqual(reply.acls[sw_if_index1], 0)
917 intf.append(VppLoInterface(self, 2))
918 intf.append(VppLoInterface(self, 3))
919 sw_if_index2 = intf[2].sw_if_index
920 sw_if_index3 = intf[3].sw_if_index
921 self.vapi.macip_acl_interface_add_del(sw_if_index2, 1)
922 self.vapi.macip_acl_interface_add_del(sw_if_index3, 1)
924 reply = self.vapi.macip_acl_interface_get()
925 self.assertEqual(reply.count, intf_count+3)
926 self.assertEqual(reply.acls[sw_if_index1], 0)
927 self.assertEqual(reply.acls[sw_if_index2], 1)
928 self.assertEqual(reply.acls[sw_if_index3], 1)
930 intf[2].remove_vpp_config()
931 intf[1].remove_vpp_config()
933 reply = self.vapi.macip_acl_interface_get()
934 self.assertEqual(reply.count, intf_count+3)
935 self.assertEqual(reply.acls[sw_if_index0], 4294967295)
936 self.assertEqual(reply.acls[sw_if_index1], 4294967295)
937 self.assertEqual(reply.acls[sw_if_index2], 4294967295)
938 self.assertEqual(reply.acls[sw_if_index3], 1)
940 intf[3].remove_vpp_config()
941 reply = self.vapi.macip_acl_interface_get()
943 self.assertEqual(len([x for x in reply.acls if x != 4294967295]), 0)
945 def test_acl_routed_ip4_wildMAC_wildIP(self):
946 """ IP4 MACIP wildcardMAC|wildIP ACL
949 self.run_traffic(self.WILD_MAC, self.WILD_IP,
950 self.ROUTED, self.IS_IP4, 9)
952 def test_acl_routed_ip6_wildMAC_wildIP(self):
953 """ IP6 MACIP wildcardMAC|wildIP ACL
956 self.run_traffic(self.WILD_MAC, self.WILD_IP,
957 self.ROUTED, self.IS_IP6, 9)
960 if __name__ == '__main__':
961 unittest.main(testRunner=VppTestRunner)