acl-plugin: CLI to clear all sessions

[vpp.git] / test / test_acl_plugin_conns.py

diff --git a/test/test_acl_plugin_conns.py b/test/test_acl_plugin_conns.py
index be016d9..1a9100c 100644 (file)
--- a/test/test_acl_plugin_conns.py
+++ b/test/test_acl_plugin_conns.py
@@ -185,6 +185,18 @@ class ACLPluginConnTestCase(VppTestCase):
             i.resolve_arp()
             i.resolve_ndp()
 
+    def tearDown(self):
+        """Run standard test teardown and log various show commands
+        """
+        super(ACLPluginConnTestCase, self).tearDown()
+        if not self.vpp_dead:
+            self.logger.info(self.vapi.cli("show ip arp"))
+            self.logger.info(self.vapi.cli("show ip6 neighbors"))
+            self.logger.info(self.vapi.cli("show acl-plugin sessions"))
+            self.logger.info(self.vapi.cli("show acl-plugin acl"))
+            self.logger.info(self.vapi.cli("show acl-plugin interface"))
+            self.logger.info(self.vapi.cli("show acl-plugin tables"))
+
     def api_acl_add_replace(self, acl_index, r, count=-1, tag="",
                             expected_retval=0):
         """Add/replace an ACL
@@ -267,6 +279,27 @@ class ACLPluginConnTestCase(VppTestCase):
         # If it didn't - it is a problem
         self.assert_equal(p2, None, "packet on long-idle conn")
 
+    def run_clear_conn_test(self, af, acl_side):
+        """ Clear the connections via CLI """
+        conn1 = Conn(self, self.pg0, self.pg1, af, UDP, 42001, 4242)
+        conn1.apply_acls(0, acl_side)
+        conn1.send_through(0)
+        # the return packets should pass
+        conn1.send_through(1)
+        # send some packets on conn1, ensure it doesn't go away
+        for i in IterateWithSleep(self, 20, "Keep conn active", 0.3):
+            conn1.send_through(1)
+        # clear all connections
+        self.vapi.ppcli("clear acl-plugin sessions")
+        # now try to send a packet on the reflected side
+        try:
+            p2 = conn1.send_through(1).command()
+        except:
+            # If we asserted while waiting, it's good.
+            # the conn should have timed out.
+            p2 = None
+        self.assert_equal(p2, None, "packet on supposedly deleted conn")
+
     def test_0000_conn_prepare_test(self):
         """ Prepare the settings """
         self.vapi.ppcli("set acl-plugin session timeout udp idle 1")
@@ -279,6 +312,14 @@ class ACLPluginConnTestCase(VppTestCase):
         """ IPv4: Basic conn timeout test reflect on egress """
         self.run_basic_conn_test(AF_INET, 1)
 
+    def test_0005_clear_conn_test(self):
+        """ IPv4: reflect egress, clear conn """
+        self.run_clear_conn_test(AF_INET, 1)
+
+    def test_0006_clear_conn_test(self):
+        """ IPv4: reflect ingress, clear conn """
+        self.run_clear_conn_test(AF_INET, 0)
+
     def test_0011_active_conn_test(self):
         """ IPv4: Idle conn behind active conn, reflect on ingress """
         self.run_active_conn_test(AF_INET, 0)
@@ -295,6 +336,14 @@ class ACLPluginConnTestCase(VppTestCase):
         """ IPv6: Basic conn timeout test reflect on egress """
         self.run_basic_conn_test(AF_INET6, 1)
 
+    def test_1005_clear_conn_test(self):
+        """ IPv6: reflect egress, clear conn """
+        self.run_clear_conn_test(AF_INET6, 1)
+
+    def test_1006_clear_conn_test(self):
+        """ IPv6: reflect ingress, clear conn """
+        self.run_clear_conn_test(AF_INET6, 0)
+
     def test_1011_active_conn_test(self):
         """ IPv6: Idle conn behind active conn, reflect on ingress """
         self.run_active_conn_test(AF_INET6, 0)