| Library | resources.libraries.python.IPv4Util
| Library | resources.libraries.python.IPv6Util
| Library | resources.libraries.python.Routing
-| Test Teardown | Run Keywords | Read plugin-ACL configuration from VAT
-| ... | ${node} | AND
-| ... | Clear plugin-acl settings | ${node} | ${dut_to_tg_if1}
-| Suite Teardown | Run Keywords | Show Packet Trace on All DUTs | ${nodes} | AND
-| ... | Run Keyword If Any Tests Failed
-| ... | Restart Honeycomb And VPP And Clear Persisted Configuration | ${node}
+| Test Setup | Clear Packet Trace on All DUTs | ${nodes}
+| Test Teardown | Run Keywords | Show Packet Trace on All DUTs | ${nodes}
+| ... | AND | Read plugin-ACL configuration from VAT | ${node}
+| ... | AND | Clear plugin-acl settings | ${node} | ${dut_to_tg_if1}
+| Suite Teardown
+| ... | Restart Honeycomb and VPP | ${node}
| Documentation | *Honeycomb access control lists test suite for ACL plugin.*
-| Force Tags | Honeycomb_sanity
+| Force Tags | honeycomb_sanity | honeycomb_odl
*** Test Cases ***
| TC01: ACL MAC filtering through plugin-acl node - bridged
| | ... | using different MACs. Receive all packets except those with\
| | ... | MACs in the filtered ranges.
| | [Teardown] | Run Keywords
+| | ... | Show Packet Trace on All DUTs | ${nodes} | AND
| | ... | Clear plugin-acl Settings | ${node} | ${dut_to_tg_if1} | AND
| | ... | Honeycomb Removes All Bridge Domains
| | ... | ${node} | ${dut_to_tg_if1} | ${dut_to_tg_if2}
| | ... | ${dut_node} | ${dut_to_tg_if1} | ${acl_name_macip}
| | ... | ingress | macip=${True}
| | When Send TCP Or UDP Packet | ${tg_node} | ${src_ip} | ${dst_ip}
-| | ... | ${tg_to_dut_if1} | ${src_mac}
-| | ... | ${tg_to_dut_if2} | ${dst_mac}
+| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if1_mac}
+| | ... | ${tg_to_dut_if2} | ${dut_to_tg_if1_mac}
| | ... | TCP | ${src_port} | ${dst_port}
| | And Run Keyword And Expect Error | TCP/UDP Rx timeout
| | ... | Send TCP Or UDP Packet | ${tg_node} | ${src_ip} | ${dst_ip}
| | ... | ${tg_to_dut_if1} | ${classify_src}
-| | ... | ${tg_to_dut_if2} | ${dst_mac}
+| | ... | ${tg_to_dut_if2} | ${dut_to_tg_if1_mac}
| | ... | TCP | ${src_port} | ${dst_port}
| | And Run Keyword And Expect Error | TCP/UDP Rx timeout
| | ... | Send TCP Or UDP Packet | ${tg_node} | ${src_ip} | ${dst_ip}
| | ... | ${tg_to_dut_if1} | ${classify_src2}
-| | ... | ${tg_to_dut_if2} | ${dst_mac}
+| | ... | ${tg_to_dut_if2} | ${dut_to_tg_if1_mac}
| | ... | TCP | ${src_port} | ${dst_port}
| TC02: ACL IPv4 filtering through plugin-acl node - bridged
| | ... | to the other, using different IPv4 IPs. Receive all packets except\
| | ... | those with IPs in the filtered ranges and UDP protocol payload.
| | [Teardown] | Run Keywords
+| | ... | Show Packet Trace on All DUTs | ${nodes} | AND
| | ... | Read plugin-ACL configuration from VAT | ${node} | AND
| | ... | Clear plugin-acl Settings | ${node} | ${dut_to_tg_if1} | AND
| | ... | Honeycomb Removes All Bridge Domains
| | ... | [Ver] Send simple TCP and UDP packets from one TG interface\
| | ... | to the other, using different IPv6 IPs. Receive all packets except\
| | ... | those with IPs in the filtered ranges and UDP protocol payload.
+| | [Tags] | EXPECTED_FAILING
+# VPP-687: IPv6 next-header does not match for UDP values
| | [Teardown] | Run Keywords
+| | ... | Show Packet Trace on All DUTs | ${nodes} | AND
| | ... | Read plugin-ACL configuration from VAT | ${node} | AND
| | ... | Clear plugin-acl Settings | ${node} | ${dut_to_tg_if1} | AND
| | ... | Honeycomb Removes All Bridge Domains
| | ... | to the other, using different ports. Receive all packets except\
| | ... | those with ports in the filtered ranges.
| | [Teardown] | Run Keywords
+| | ... | Show Packet Trace on All DUTs | ${nodes} | AND
| | ... | Read plugin-ACL configuration from VAT | ${node} | AND
| | ... | Clear plugin-acl Settings | ${node} | ${dut_to_tg_if1} | AND
| | ... | Honeycomb Removes All Bridge Domains
| | ... | using IPs and ports. Receive all packets except those with\
| | ... | both IPs and ports in the filtered ranges.
| | [Teardown] | Run Keywords
+| | ... | Show Packet Trace on All DUTs | ${nodes} | AND
| | ... | Read plugin-ACL configuration from VAT | ${node} | AND
| | ... | Clear plugin-acl Settings | ${node} | ${dut_to_tg_if1} | AND
| | ... | Honeycomb Removes All Bridge Domains
| | And Honeycomb Assigns plugin-acl Chain To Interface
| | ... | ${dut_node} | ${dut_to_tg_if1} | ${acl_name_mixed} | ingress
| | Then Send TCP Or UDP Packet | ${tg_node} | ${src_ip} | ${dst_ip}
-| | ... | ${tg_to_dut_if1} | ${src_mac}
-| | ... | ${tg_to_dut_if2} | ${dst_mac}
+| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if1_mac}
+| | ... | ${tg_to_dut_if2} | ${dut_to_tg_if1_mac}
| | ... | TCP | ${src_port} | ${dst_port}
| | Then Send TCP Or UDP Packet | ${tg_node}
| | ... | ${classify_src_ip} | ${classify_dst_ip}
-| | ... | ${tg_to_dut_if1} | ${src_mac}
-| | ... | ${tg_to_dut_if2} | ${dst_mac}
+| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if1_mac}
+| | ... | ${tg_to_dut_if2} | ${dut_to_tg_if1_mac}
| | ... | TCP | ${src_port} | ${dst_port}
| | And Run Keyword And Expect Error | TCP/UDP Rx timeout
| | ... | Send TCP Or UDP Packet | ${tg_node}
| | ... | ${classify_src_ip} | ${classify_dst_ip}
-| | ... | ${tg_to_dut_if1} | ${src_mac}
-| | ... | ${tg_to_dut_if2} | ${dst_mac}
+| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if1_mac}
+| | ... | ${tg_to_dut_if2} | ${dut_to_tg_if1_mac}
| | ... | TCP | ${classify_src_port} | ${classify_dst_port}
| TC06: ACL ICMP packet filtering - bridged
| | ... | [Ver] Send ICMP packets from one TG interface\
| | ... | to the other, using different codes and types. Receive all packets\
| | ... | except those with types and codes in the filtered ranges.
-| | [Tags] | EXPECTED_FAILING
-# Bug VPP-624, ICMP type/code values are not matched
| | [Teardown] | Run Keywords
+| | ... | Show Packet Trace on All DUTs | ${nodes} | AND
| | ... | Read plugin-ACL configuration from VAT | ${node} | AND
| | ... | Clear plugin-acl Settings | ${node} | ${dut_to_tg_if1} | AND
| | ... | Honeycomb Removes All Bridge Domains
| | ... | to the other, using different codes and types. Receive all packets\
| | ... | except those with the filtered type and code.
| | [Tags] | EXPECTED_FAILING
-# Bug VPP-624, ICMP type/code values are not matched
+# VPP-687: IPv6 next-header does not match for UDP values
| | [Teardown] | Run Keywords
+| | ... | Show Packet Trace on All DUTs | ${nodes} | AND
| | ... | Read plugin-ACL configuration from VAT | ${node} | AND
| | ... | Clear plugin-acl Settings | ${node} | ${dut_to_tg_if1} | AND
| | ... | Honeycomb Removes All Bridge Domains
| | ... | a reflexive "permit" rule) Finally, send the original packet again\
| | ... | and receive it from interface 2.
| | [Teardown] | Run Keywords
+| | ... | Show Packet Trace on All DUTs | ${nodes} | AND
| | ... | Read plugin-ACL configuration from VAT | ${node} | AND
| | ... | Clear plugin-acl Settings | ${node} | ${dut_to_tg_if1} | AND
| | ... | Honeycomb Removes All Bridge Domains
| | ... | TCP | ${src_port} | ${dst_port}
| | And Send TCP Or UDP Packet | ${tg_node}
| | ... | ${classify_dst} | ${classify_src}
-| | ... | ${tg_to_dut_if2} | ${dut_to_tg_if2_mac}
-| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if2_mac}
+| | ... | ${tg_to_dut_if2} | ${tg_to_dut_if2_mac}
+| | ... | ${tg_to_dut_if1} | ${dut_to_tg_if2_mac}
| | ... | TCP | ${dst_port} | ${src_port}
| | And Send TCP Or UDP Packet | ${tg_node}
| | ... | ${classify_src} | ${classify_dst}
| | ... | [Ver] Send simple TCP and UDP packets from one TG interface\
| | ... | to the other, using different IPv4 IPs. Receive all packets except\
| | ... | those with IPs in the filtered ranges and UDP protocol payload.
-| | [Tags] | EXPECTED_FAILING
-# routed interfaces not yet supported by ACL plugin (no Jira id available)
| | Given Setup Interface IPs And Routes For IPv4 plugin-acl Test
| | ... | l3_ip4 | ${acl_name_l3_ip4}
| | When Honeycomb Creates ACL Chain Through ACL plugin
| | ... | to the other, using different IPv6 IPs. Receive all packets except\
| | ... | those with IPs in the filtered ranges and UDP protocol payload.
| | [Tags] | EXPECTED_FAILING
-# routed interfaces not yet supported by ACL plugin (no Jira id available)
+# VPP-687: IPv6 next-header does not match for UDP values
| | Given Path for 2-node testing is set
| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['TG']}
| | And Import Variables | resources/test_data/honeycomb/plugin_acl.py
| | ... | [Ver] Send simple TCP and UDP packets from one TG interface\
| | ... | to the other, using different ports. Receive all packets except\
| | ... | those with ports in the filtered ranges.
-| | [Tags] | EXPECTED_FAILING
-# routed interfaces not yet supported by ACL plugin (no Jira id available)
| | Given Setup Interface IPs And Routes For IPv4 plugin-acl Test
| | ... | L4 | ${acl_name_l4}
| | When Honeycomb Creates ACL Chain Through ACL plugin
| | ... | [Ver] Send simple TCP packets from one TG interface to the other,\
| | ... | using IPs and ports. Receive all packets except those with\
| | ... | both IPs and ports in the filtered ranges.
-| | [Tags] | EXPECTED_FAILING
-# routed interfaces not yet supported by ACL plugin (no Jira id available)
| | Given Setup Interface IPs And Routes For IPv4 plugin-acl Test
| | ... | mixed | ${acl_name_mixed}
| | When Honeycomb Creates ACL Chain Through ACL plugin
| | And Honeycomb Assigns plugin-acl Chain To Interface
| | ... | ${dut_node} | ${dut_to_tg_if1} | ${acl_name_mixed} | ingress
| | Then Send TCP Or UDP Packet | ${tg_node} | ${src_ip} | ${dst_ip}
-| | ... | ${tg_to_dut_if1} | ${src_mac}
-| | ... | ${tg_to_dut_if2} | ${dst_mac}
+| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if1_mac}
+| | ... | ${tg_to_dut_if2} | ${dut_to_tg_if1_mac}
| | ... | TCP | ${src_port} | ${dst_port}
| | Then Send TCP Or UDP Packet | ${tg_node}
| | ... | ${classify_src_ip} | ${classify_dst_ip}
-| | ... | ${tg_to_dut_if1} | ${src_mac}
-| | ... | ${tg_to_dut_if2} | ${dst_mac}
+| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if1_mac}
+| | ... | ${tg_to_dut_if2} | ${dut_to_tg_if1_mac}
| | ... | TCP | ${src_port} | ${dst_port}
| | And Run Keyword And Expect Error | TCP/UDP Rx timeout
| | ... | Send TCP Or UDP Packet | ${tg_node}
| | ... | ${classify_src_ip} | ${classify_dst_ip}
-| | ... | ${tg_to_dut_if1} | ${src_mac}
+| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if1_mac}
| | ... | ${tg_to_dut_if2} | ${dst_mac}
| | ... | TCP | ${classify_src_port} | ${classify_dst_port}
| | ... | [Ver] Send ICMP packets from one TG interface\
| | ... | to the other, using different codes and types. Receive all packets\
| | ... | except those with the filtered type and code.
-| | [Tags] | EXPECTED_FAILING
-# Bug VPP-624, ICMP type/code values are not matched
-# routed interfaces not yet supported by ACL plugin (no Jira id available)
| | Given Setup Interface IPs And Routes For IPv4 plugin-acl Test
| | ... | icmp | ${acl_name_icmp}
| | When Honeycomb Creates ACL Chain Through ACL plugin
| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if1_mac}
| | ... | ${tg_to_dut_if2} | ${dut_to_tg_if1_mac}
| | ... | ${classify_type} | ${icmp_code}
-| | And Run Keyword And Expect Error | TCP/UDP Rx timeout
+| | And Run Keyword And Expect Error | ICMP echo Rx timeout
| | ... | Send ICMP packet with type and code | ${tg_node}
| | ... | ${src_ip} | ${dst_ip}
| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if1_mac}
| | ... | to the other, using different codes and types. Receive all packets\
| | ... | except those with the filtered type and code.
| | [Tags] | EXPECTED_FAILING
-# Bug VPP-624, ICMP type/code values are not matched
-# routed interfaces not yet supported by ACL plugin (no Jira id available)
+# VPP-687: IPv6 next-header does not match for UDP values
| | Given Path for 2-node testing is set
| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['TG']}
| | And Import Variables | resources/test_data/honeycomb/plugin_acl.py
| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if1_mac}
| | ... | ${tg_to_dut_if2} | ${dut_to_tg_if1_mac}
| | ... | ${classify_type} | ${icmp_code}
-| | And Run Keyword And Expect Error | TCP/UDP Rx timeout
+| | And Run Keyword And Expect Error | ICMP echo Rx timeout
| | ... | Send ICMP packet with type and code | ${tg_node}
| | ... | ${src_ip} | ${dst_ip}
| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if1_mac}
| | ... | ${tg_to_dut_if2} | ${dut_to_tg_if1_mac}
| | ... | ${classify_type} | ${classify_code}
-| TC15: ACL reflexive IPv4 filtering through plugin-acl node - bridged
+| TC15: ACL reflexive IPv4 filtering through plugin-acl node - routed
| | [Documentation]
| | ... | [Top] TG=DUT1=TG.
| | ... | [Enc] Eth-IPv4-TCP.
| | ... | to VPP interface 2 and receive it from interface 1(this should create\
| | ... | a reflexive "permit" rule) Finally, send the original packet again\
| | ... | and receive it from interface 2.
-| | [Tags] | EXPECTED_FAILING
-# routed interfaces not yet supported by ACL plugin (no Jira id available)
| | Given Setup Interface IPs And Routes For IPv4 plugin-acl Test
-| | ... | icmp | ${acl_name_reflex}
+| | ... | reflex | ${acl_name_reflex}
| | And Add ARP on DUT
| | ... | ${node} | ${dut_to_tg_if1} | ${gateway2} | ${tg_to_dut_if1_mac}
| | And VPP Route Add
| | ... | TCP | ${src_port} | ${dst_port}
| | And Send TCP Or UDP Packet | ${tg_node}
| | ... | ${classify_dst} | ${classify_src}
-| | ... | ${tg_to_dut_if2} | ${dut_to_tg_if2_mac}
-| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if2_mac}
+| | ... | ${tg_to_dut_if2} | ${tg_to_dut_if2_mac}
+| | ... | ${tg_to_dut_if1} | ${dut_to_tg_if2_mac}
| | ... | TCP | ${dst_port} | ${src_port}
| | And Send TCP Or UDP Packet | ${tg_node}
| | ... | ${classify_src} | ${classify_dst}