Code Review / vpp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
DVR: run L3 output features
[vpp.git] / test / test_dvr.py
diff --git a/test/test_dvr.py b/test/test_dvr.py
index e8a9c04..e2e9605 100644 (file)
--- a/test/test_dvr.py
+++ b/test/test_dvr.py
@@ -13,6 +13,7 @@ from scapy.packet import Raw
 from scapy.layers.l2 import Ether, Dot1Q, ARP
 from scapy.layers.inet import IP, UDP
 from util import ppp
 from scapy.layers.l2 import Ether, Dot1Q, ARP
 from scapy.layers.inet import IP, UDP
 from util import ppp
+from socket import AF_INET, inet_pton
 
 
 class TestDVR(VppTestCase):
 
 
 class TestDVR(VppTestCase):
@@ -36,23 +37,6 @@ class TestDVR(VppTestCase):
 
         super(TestDVR, self).tearDown()
 
 
         super(TestDVR, self).tearDown()
 
-    def send_and_assert_no_replies(self, intf, pkts):
-        self.vapi.cli("clear trace")
-        intf.add_stream(pkts)
-        self.pg_enable_capture(self.pg_interfaces)
-        self.pg_start()
-        for i in self.pg_interfaces:
-            i.get_capture(0)
-            i.assert_nothing_captured()
-
-    def send_and_expect(self, input, pkts, output):
-        self.vapi.cli("clear trace")
-        input.add_stream(pkts)
-        self.pg_enable_capture(self.pg_interfaces)
-        self.pg_start()
-        rx = output.get_capture(len(pkts))
-        return rx
-
     def assert_same_mac_addr(self, tx, rx):
         t_eth = tx[Ether]
         for p in rx:
     def assert_same_mac_addr(self, tx, rx):
         t_eth = tx[Ether]
         for p in rx:
@@ -124,22 +108,16 @@ class TestDVR(VppTestCase):
             self, ip_non_tag_bridged, 32,
             [VppRoutePath("0.0.0.0",
                           self.pg1.sw_if_index,
             self, ip_non_tag_bridged, 32,
             [VppRoutePath("0.0.0.0",
                           self.pg1.sw_if_index,
-                          proto=DpoProto.DPO_PROTO_ETHERNET)])
+                          is_dvr=1)])
         route_no_tag.add_vpp_config()
 
         #
         # Inject the packet that arrives and leaves on a non-tagged interface
         # Since it's 'bridged' expect that the MAC headed is unchanged.
         #
         route_no_tag.add_vpp_config()
 
         #
         # Inject the packet that arrives and leaves on a non-tagged interface
         # Since it's 'bridged' expect that the MAC headed is unchanged.
         #
-        self.pg0.add_stream(pkt_no_tag)
-
-        self.pg_enable_capture(self.pg_interfaces)
-        self.pg_start()
-
-        rx = self.pg1.get_capture(1)
-
-        self.assertEqual(rx[0][Ether].dst, pkt_no_tag[Ether].dst)
-        self.assertEqual(rx[0][Ether].src, pkt_no_tag[Ether].src)
+        rx = self.send_and_expect(self.pg0, pkt_no_tag * 65, self.pg1)
+        self.assert_same_mac_addr(pkt_no_tag, rx)
+        self.assert_has_no_tag(rx)
 
         #
         # Add routes to bridge the traffic via a tagged interface
 
         #
         # Add routes to bridge the traffic via a tagged interface
@@ -148,12 +126,12 @@ class TestDVR(VppTestCase):
             self, ip_tag_bridged, 32,
             [VppRoutePath("0.0.0.0",
                           sub_if_on_pg3.sw_if_index,
             self, ip_tag_bridged, 32,
             [VppRoutePath("0.0.0.0",
                           sub_if_on_pg3.sw_if_index,
-                          proto=DpoProto.DPO_PROTO_ETHERNET)])
+                          is_dvr=1)])
         route_with_tag.add_vpp_config()
 
         #
         route_with_tag.add_vpp_config()
 
         #
-        # Inject the packet that arrives and leaves on a non-tagged interface
-        # Since it's 'bridged' expect that the MAC headed is unchanged.
+        # Inject the packet that arrives non-tag and leaves on a tagged
+        # interface
         #
         rx = self.send_and_expect(self.pg0, pkt_tag * 65, self.pg3)
         self.assert_same_mac_addr(pkt_tag, rx)
         #
         rx = self.send_and_expect(self.pg0, pkt_tag * 65, self.pg3)
         self.assert_same_mac_addr(pkt_tag, rx)
@@ -189,9 +167,42 @@ class TestDVR(VppTestCase):
         self.assert_same_mac_addr(pkt_tag_to_tag, rx)
         self.assert_has_no_tag(rx)
 
         self.assert_same_mac_addr(pkt_tag_to_tag, rx)
         self.assert_has_no_tag(rx)
 
+        #
+        # Add an output L3 ACL that will block the traffic
+        #
+        rule_1 = ({'is_permit': 0,
+                   'is_ipv6': 0,
+                   'proto': 17,
+                   'srcport_or_icmptype_first': 1234,
+                   'srcport_or_icmptype_last': 1234,
+                   'src_ip_prefix_len': 32,
+                   'src_ip_addr': inet_pton(AF_INET, any_src_addr),
+                   'dstport_or_icmpcode_first': 1234,
+                   'dstport_or_icmpcode_last': 1234,
+                   'dst_ip_prefix_len': 32,
+                   'dst_ip_addr': inet_pton(AF_INET, ip_non_tag_bridged)})
+        acl = self.vapi.acl_add_replace(acl_index=4294967295,
+                                        r=[rule_1])
+
+        #
+        # Apply the ACL on the output interface
+        #
+        self.vapi.acl_interface_set_acl_list(self.pg1.sw_if_index,
+                                             0,
+                                             [acl.acl_index])
+
+        #
+        # Send packet's that should match the ACL and be dropped
+        #
+        rx = self.send_and_assert_no_replies(self.pg2, pkt_tag_to_non_tag * 65)
+
         #
         # cleanup
         #
         #
         # cleanup
         #
+        self.vapi.acl_interface_set_acl_list(self.pg1.sw_if_index,
+                                             0, [])
+        self.vapi.acl_del(acl.acl_index)
+
         self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, 1,
                                              enable=0)
         self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, 1,
         self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, 1,
                                              enable=0)
         self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, 1,
@@ -275,7 +286,7 @@ class TestDVR(VppTestCase):
                                                   93)
 
         #
                                                   93)
 
         #
-        # Disable UU flooding, learning and ARM terminaation. makes this test
+        # Disable UU flooding, learning and ARP terminaation. makes this test
         # easier as unicast packets are dropped if not extracted.
         #
         self.vapi.bridge_flags(1, 0, (1 << 0) | (1 << 3) | (1 << 4))
         # easier as unicast packets are dropped if not extracted.
         #
         self.vapi.bridge_flags(1, 0, (1 << 0) | (1 << 3) | (1 << 4))
@@ -286,11 +297,11 @@ class TestDVR(VppTestCase):
         route_1 = VppIpRoute(self, "1.1.1.1", 32,
                              [VppRoutePath("0.0.0.0",
                                            self.pg1.sw_if_index,
         route_1 = VppIpRoute(self, "1.1.1.1", 32,
                              [VppRoutePath("0.0.0.0",
                                            self.pg1.sw_if_index,
-                                           proto=DpoProto.DPO_PROTO_ETHERNET)])
+                                           is_dvr=1)])
         route_2 = VppIpRoute(self, "1.1.1.2", 32,
                              [VppRoutePath("0.0.0.0",
                                            sub_if_on_pg2.sw_if_index,
         route_2 = VppIpRoute(self, "1.1.1.2", 32,
                              [VppRoutePath("0.0.0.0",
                                            sub_if_on_pg2.sw_if_index,
-                                           proto=DpoProto.DPO_PROTO_ETHERNET)])
+                                           is_dvr=1)])
         route_1.add_vpp_config()
         route_2.add_vpp_config()
 
         route_1.add_vpp_config()
         route_2.add_vpp_config()
 
Vector Packet Processing