cls.vapi.bridge_domain_add_del(bd_id=cls.bd_id, uu_flood=1,
learn=1)
for pg_if in cls.pg_interfaces:
- cls.vapi.sw_interface_set_l2_bridge(pg_if.sw_if_index,
- bd_id=cls.bd_id)
+ cls.vapi.sw_interface_set_l2_bridge(
+ rx_sw_if_index=pg_if.sw_if_index, bd_id=cls.bd_id)
# Set up all interfaces
for i in cls.pg_interfaces:
super(TestACLplugin, cls).tearDownClass()
raise
+ @classmethod
+ def tearDownClass(cls):
+ super(TestACLplugin, cls).tearDownClass()
+
def setUp(self):
super(TestACLplugin, self).setUp()
self.reset_packet_infos()
Show various debug prints after each test.
"""
super(TestACLplugin, self).tearDown()
- if not self.vpp_dead:
- cli = "show vlib graph l2-input-feat-arc"
- self.logger.info(self.vapi.ppcli(cli))
- cli = "show vlib graph l2-input-feat-arc-end"
- self.logger.info(self.vapi.ppcli(cli))
- cli = "show vlib graph l2-output-feat-arc"
- self.logger.info(self.vapi.ppcli(cli))
- cli = "show vlib graph l2-output-feat-arc-end"
- self.logger.info(self.vapi.ppcli(cli))
- self.logger.info(self.vapi.ppcli("show l2fib verbose"))
- self.logger.info(self.vapi.ppcli("show acl-plugin acl"))
- self.logger.info(self.vapi.ppcli("show acl-plugin interface"))
- self.logger.info(self.vapi.ppcli("show acl-plugin tables"))
- self.logger.info(self.vapi.ppcli("show bridge-domain %s detail"
- % self.bd_id))
+
+ def show_commands_at_teardown(self):
+ cli = "show vlib graph l2-input-feat-arc"
+ self.logger.info(self.vapi.ppcli(cli))
+ cli = "show vlib graph l2-input-feat-arc-end"
+ self.logger.info(self.vapi.ppcli(cli))
+ cli = "show vlib graph l2-output-feat-arc"
+ self.logger.info(self.vapi.ppcli(cli))
+ cli = "show vlib graph l2-output-feat-arc-end"
+ self.logger.info(self.vapi.ppcli(cli))
+ self.logger.info(self.vapi.ppcli("show l2fib verbose"))
+ self.logger.info(self.vapi.ppcli("show acl-plugin acl"))
+ self.logger.info(self.vapi.ppcli("show acl-plugin interface"))
+ self.logger.info(self.vapi.ppcli("show acl-plugin tables"))
+ self.logger.info(self.vapi.ppcli("show bridge-domain %s detail"
+ % self.bd_id))
def create_rule(self, ip=0, permit_deny=0, ports=PORTS_ALL, proto=-1,
s_prefix=0, s_ip='\x00\x00\x00\x00',
self.vapi.acl_interface_set_acl_list(sw_if_index=i.sw_if_index,
n_input=1,
acls=[reply.acl_index])
- return
+ return reply.acl_index
def apply_rules_to(self, rules, tag=b'', sw_if_index=0xFFFFFFFF):
reply = self.vapi.acl_add_replace(acl_index=4294967295, r=rules,
self.vapi.acl_interface_set_acl_list(sw_if_index=sw_if_index,
n_input=1,
acls=[reply.acl_index])
- return
+ return reply.acl_index
def etype_whitelist(self, whitelist, n_input):
# Apply whitelists on all the interfaces
# Raw data for ICMPv6 are stored in ICMPv6EchoRequest.data
if traffic_type == self.ICMP and ip_type == self.IPV6:
payload_info = self.payload_to_info(
- packet[ICMPv6EchoRequest].data)
+ packet[ICMPv6EchoRequest], 'data')
payload = packet[ICMPv6EchoRequest]
else:
- payload_info = self.payload_to_info(str(packet[Raw]))
+ payload_info = self.payload_to_info(packet[Raw])
payload = packet[self.proto_map[payload_info.proto]]
except:
self.logger.error(ppp("Unexpected or invalid packet "
0, self.proto[self.IP][self.TCP]))
# Apply rules
- self.apply_rules(rules, b"permit per-flow")
+ acl_idx = self.apply_rules(rules, b"permit per-flow")
+
+ # enable counters
+ reply = self.vapi.papi.acl_stats_intf_counters_enable(enable=1)
# Traffic should still pass
self.run_verify_test(self.IP, self.IPV4, -1)
+
+ matches = self.statistics.get_counter('/acl/%d/matches' % acl_idx)
+ self.logger.info("stat segment counters: %s" % repr(matches))
+ cli = "show acl-plugin acl"
+ self.logger.info(self.vapi.ppcli(cli))
+ cli = "show acl-plugin tables"
+ self.logger.info(self.vapi.ppcli(cli))
+
+ total_hits = matches[0][0]['packets'] + matches[0][1]['packets']
+ self.assertEqual(total_hits, 64)
+
+ # disable counters
+ reply = self.vapi.papi.acl_stats_intf_counters_enable(enable=0)
+
self.logger.info("ACLP_TEST_FINISH_0002")
def test_0003_acl_deny_apply(self):
self.PORTS_ALL, 0))
# Apply rules
- self.apply_rules(rules, b"deny per-flow;permit all")
+ acl_idx = self.apply_rules(rules, b"deny per-flow;permit all")
+
+ # enable counters
+ reply = self.vapi.papi.acl_stats_intf_counters_enable(enable=1)
# Traffic should not pass
self.run_verify_negat_test(self.IP, self.IPV4,
self.proto[self.IP][self.UDP])
+
+ matches = self.statistics.get_counter('/acl/%d/matches' % acl_idx)
+ self.logger.info("stat segment counters: %s" % repr(matches))
+ cli = "show acl-plugin acl"
+ self.logger.info(self.vapi.ppcli(cli))
+ cli = "show acl-plugin tables"
+ self.logger.info(self.vapi.ppcli(cli))
+ self.assertEqual(matches[0][0]['packets'], 64)
+ # disable counters
+ reply = self.vapi.papi.acl_stats_intf_counters_enable(enable=0)
self.logger.info("ACLP_TEST_FINISH_0003")
- # self.assertEqual(1, 0)
+ # self.assertEqual(, 0)
def test_0004_vpp624_permit_icmpv4(self):
""" VPP_624 permit ICMPv4