+ def test_0300_tcp_permit_v4_etype_aaaa(self):
+ """permit TCPv4, send 0xAAAA etype"""
+ self.logger.info("ACLP_TEST_START_0300")
+
+ # Add an ACL
+ rules = []
+ rules.append(
+ self.create_rule(
+ self.IPV4, self.DENY, self.PORTS_RANGE_2, self.proto[self.IP][self.TCP]
+ )
+ )
+ rules.append(
+ self.create_rule(
+ self.IPV4, self.PERMIT, self.PORTS_RANGE, self.proto[self.IP][self.TCP]
+ )
+ )
+ # deny ip any any in the end
+ rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))
+
+ # Apply rules
+ self.apply_rules(rules, "permit ipv4 tcp")
+
+ # Traffic should still pass also for an odd ethertype
+ self.run_verify_test(
+ self.IP, self.IPV4, self.proto[self.IP][self.TCP], 0, False, True, 0xAAAA
+ )
+ self.logger.info("ACLP_TEST_FINISH_0300")
+
+ def test_0305_tcp_permit_v4_etype_blacklist_aaaa(self):
+ """permit TCPv4, whitelist 0x0BBB ethertype, send 0xAAAA-blocked"""
+ self.logger.info("ACLP_TEST_START_0305")
+
+ # Add an ACL
+ rules = []
+ rules.append(
+ self.create_rule(
+ self.IPV4, self.DENY, self.PORTS_RANGE_2, self.proto[self.IP][self.TCP]
+ )
+ )
+ rules.append(
+ self.create_rule(
+ self.IPV4, self.PERMIT, self.PORTS_RANGE, self.proto[self.IP][self.TCP]
+ )
+ )
+ # deny ip any any in the end
+ rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))
+
+ # Apply rules
+ self.apply_rules(rules, "permit ipv4 tcp")
+ # whitelist the 0xbbbb etype - so the 0xaaaa should be blocked
+ self.etype_whitelist([0xBBB], 1)
+
+ # The oddball ethertype should be blocked
+ self.run_verify_negat_test(
+ self.IP, self.IPV4, self.proto[self.IP][self.TCP], 0, False, 0xAAAA
+ )
+
+ # remove the whitelist
+ self.etype_whitelist([], 0, add=False)
+
+ self.logger.info("ACLP_TEST_FINISH_0305")
+
+ def test_0306_tcp_permit_v4_etype_blacklist_aaaa(self):
+ """permit TCPv4, whitelist 0x0BBB ethertype, send 0x0BBB - pass"""
+ self.logger.info("ACLP_TEST_START_0306")
+
+ # Add an ACL
+ rules = []
+ rules.append(
+ self.create_rule(
+ self.IPV4, self.DENY, self.PORTS_RANGE_2, self.proto[self.IP][self.TCP]
+ )
+ )
+ rules.append(
+ self.create_rule(
+ self.IPV4, self.PERMIT, self.PORTS_RANGE, self.proto[self.IP][self.TCP]
+ )
+ )
+ # deny ip any any in the end
+ rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))
+
+ # Apply rules
+ self.apply_rules(rules, "permit ipv4 tcp")
+ # whitelist the 0xbbbb etype - so the 0xaaaa should be blocked
+ self.etype_whitelist([0xBBB], 1)
+
+ # The whitelisted traffic, should pass
+ self.run_verify_test(
+ self.IP, self.IPV4, self.proto[self.IP][self.TCP], 0, False, True, 0x0BBB
+ )
+
+ # remove the whitelist, the previously blocked 0xAAAA should pass now
+ self.etype_whitelist([], 0, add=False)
+
+ self.logger.info("ACLP_TEST_FINISH_0306")
+
+ def test_0307_tcp_permit_v4_etype_blacklist_aaaa(self):
+ """permit TCPv4, whitelist 0x0BBB, remove, send 0xAAAA - pass"""
+ self.logger.info("ACLP_TEST_START_0307")
+
+ # Add an ACL
+ rules = []
+ rules.append(
+ self.create_rule(
+ self.IPV4, self.DENY, self.PORTS_RANGE_2, self.proto[self.IP][self.TCP]
+ )
+ )
+ rules.append(
+ self.create_rule(
+ self.IPV4, self.PERMIT, self.PORTS_RANGE, self.proto[self.IP][self.TCP]
+ )
+ )
+ # deny ip any any in the end
+ rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))
+
+ # Apply rules
+ self.apply_rules(rules, "permit ipv4 tcp")
+
+ # whitelist the 0xbbbb etype - so the 0xaaaa should be blocked
+ self.etype_whitelist([0xBBB], 1)
+ # remove the whitelist, the previously blocked 0xAAAA should pass now
+ self.etype_whitelist([], 0, add=False)
+
+ # The whitelisted traffic, should pass
+ self.run_verify_test(
+ self.IP, self.IPV4, self.proto[self.IP][self.TCP], 0, False, True, 0xAAAA
+ )
+
+ self.logger.info("ACLP_TEST_FINISH_0306")
+
+ def test_0315_del_intf(self):
+ """apply an acl and delete the interface"""
+ self.logger.info("ACLP_TEST_START_0315")
+
+ # Add an ACL
+ rules = []
+ rules.append(
+ self.create_rule(
+ self.IPV4, self.DENY, self.PORTS_RANGE_2, self.proto[self.IP][self.TCP]
+ )
+ )
+ rules.append(
+ self.create_rule(
+ self.IPV4, self.PERMIT, self.PORTS_RANGE, self.proto[self.IP][self.TCP]
+ )
+ )
+ # deny ip any any in the end
+ rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))
+
+ # create an interface
+ intf = []
+ intf.append(VppLoInterface(self))
+
+ # Apply rules
+ self.apply_rules_to(rules, "permit ipv4 tcp", intf[0].sw_if_index)
+
+ # Remove the interface
+ intf[0].remove_vpp_config()
+
+ self.logger.info("ACLP_TEST_FINISH_0315")
+