# limitations under the License.
*** Settings ***
-| Library | resources.libraries.python.topology.Topology
-| Library | resources.libraries.python.NodePath
| Library | resources.libraries.python.Trace
+| Library | resources.libraries.python.Cop
| Resource | resources/libraries/robot/default.robot
| Resource | resources/libraries/robot/interfaces.robot
| Resource | resources/libraries/robot/ipv4.robot
| Resource | resources/libraries/robot/traffic.robot
-| Resource | resources/libraries/robot/cop.robot
+| Resource | resources/libraries/robot/testing_path.robot
| Resource | resources/libraries/robot/l2_xconnect.robot
| Variables | resources/libraries/python/IPv4NodeAddress.py | ${nodes}
| Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO
-| Suite Setup | Run Keywords | Setup all DUTs before test
-| ... | AND | Setup all TGs before traffic script
-| ... | AND | Update All Interface Data On All Nodes | ${nodes}
-| Test Setup | Clear interface counters on all vpp nodes in topology | ${nodes}
-| Test Teardown | Show packet trace on all DUTs | ${nodes}
-| Documentation | *COP Blacklist and Whitelist Tests*
+| Test Setup | Run Keywords | Setup all DUTs before test
+| ... | AND | Setup all TGs before traffic script
+| ... | AND | Update All Interface Data On All Nodes | ${nodes}
+| Test Teardown | Run Keywords | Show packet trace on all DUTs | ${nodes}
+| ... | AND | Show vpp trace dump on all DUTs
+| Documentation | *COP Security IPv4 Blacklist and Whitelist Tests*
| ...
-| ... | Test suite uses 3-node topology TG - DUT1 - DUT2 - TG
-| ... | with one link between nodes where DUT2 has xconnect.
-| ... | Test packets are sent only in one direction with COP set either as
-| ... | whitelist or blacklist. Subsequently, packet's IP src/dst and
-| ... | MAC addresses are checked.
+| ... | *[Top] Network Topologies:* TG-DUT1-DUT2-TG 3-node circular topology
+| ... | with single links between nodes.
+| ... | *[Enc] Packet Encapsulations:* Eth-IPv4-ICMPv4 on all links.
+| ... | *[Cfg] DUT configuration:* DUT1 is configured with IPv4 routing and
+| ... | static routes. COP security white-lists are applied on DUT1 ingress
+| ... | interface from TG. DUT2 is configured with L2XC.
+| ... | *[Ver] TG verification:* Test ICMPv4 Echo Request packets are sent in
+| ... | one direction by TG on link to DUT1; on receive TG verifies packets for
+| ... | correctness and drops as applicable.
+| ... | *[Ref] Applicable standard specifications:*
*** Variables ***
| ${tg_node}= | ${nodes['TG']}
| ${fib_table_number}= | 1
*** Test Cases ***
-| VPP permits packets based on IPv4 src addr
-| | [Documentation] | COP Whitelist test with basic setup.
-| | Given Setup Nodes And Variables | ${tg_node} | ${dut1_node} | ${dut2_node}
-| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2}
+| TC01: DUT permits IPv4 pkts with COP whitelist set with IPv4 src-addr
+| | [Documentation]
+| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv4-ICMPv4. [Cfg] On DUT1 \
+| | ... | configure interface IPv4 addresses and routes in the main
+| | ... | routing domain, add COP whitelist on interface to TG with IPv4
+| | ... | src-addr matching packets generated by TG; on DUT2 configure L2
+| | ... | xconnect. [Ver] Make TG send ICMPv4 Echo Req on its interface to
+| | ... | DUT1; verify received ICMPv4 Echo Req pkts are correct. [Ref]
+| | Given Path for 3-node testing is set
+| | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node}
+| | And Interfaces in 3-node path are up
+| | And L2 setup xconnect on DUT
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
| | And Set Interface Address
-| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${ip_prefix}
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip} | ${ip_prefix}
| | And Set Interface Address
-| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip} | ${ip_prefix}
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip} | ${ip_prefix}
| | And Add Arp On Dut
-| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip_GW} | ${tg_if1_mac}
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip_GW} | ${tg_to_dut1_mac}
| | And Add Arp On Dut
-| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac}
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip_GW} | ${tg_to_dut2_mac}
| | And Vpp Route Add | ${dut1_node}
-| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_if2}
+| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_to_dut2}
| | And Add fib table | ${dut1_node}
| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | local
| | When COP Add whitelist Entry
-| | ... | ${dut1_node} | ${dut1_if1} | ip4 | ${fib_table_number}
-| | And COP interface enable or disable | ${dut1_node} | ${dut1_if1} | enable
-| | Then Send Packet And Check Headers | ${tg_node} |
-| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} |
-| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac}
+| | ... | ${dut1_node} | ${dut1_to_tg} | ip4 | ${fib_table_number}
+| | And COP interface enable or disable | ${dut1_node} | ${dut1_to_tg} | enable
+| | Then Send Packet And Check Headers | ${tg_node}
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
+| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac}
+| | ... | ${tg_to_dut2_mac}
-
-| VPP drops packets based on IPv4 src addr
-| | [Documentation] | COP blacklist test with basic setup.
-| | Given Setup Nodes And Variables | ${tg_node} | ${dut1_node} | ${dut2_node}
-| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2}
+| TC02: DUT drops IPv4 pkts with COP blacklist set with IPv4 src-addr
+| | [Documentation]
+| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv4-ICMPv4. [Cfg] On DUT1 \
+| | ... | configure interface IPv4 addresses and routes in the main
+| | ... | routing domain, add COP blacklist on interface to TG with IPv4
+| | ... | src-addr matching packets generated by TG; on DUT2 configure L2
+| | ... | xconnect. [Ver] Make TG send ICMPv4 Echo Req on its interface to
+| | ... | DUT1; verify no ICMPv4 Echo Req pkts are received. [Ref]
+| | Given Path for 3-node testing is set
+| | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node}
+| | And Interfaces in 3-node path are up
+| | And L2 setup xconnect on DUT
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
| | And Set Interface Address
-| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${ip_prefix}
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip} | ${ip_prefix}
| | And Set Interface Address
-| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip} | ${ip_prefix}
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip} | ${ip_prefix}
| | And Add Arp On Dut
-| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip_GW} | ${tg_if1_mac}
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip_GW} | ${tg_to_dut1_mac}
| | And Add Arp On Dut
-| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac}
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip_GW} | ${tg_to_dut2_mac}
| | And Vpp Route Add | ${dut1_node}
-| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_if2}
+| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_to_dut2}
| | And Add fib table | ${dut1_node}
| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | drop
| | When COP Add whitelist Entry
-| | ... | ${dut1_node} | ${dut1_if1} | ip4 | ${fib_table_number}
-| | And COP interface enable or disable | ${dut1_node} | ${dut1_if1} | enable
-| | Then Send packet from Port to Port should failed | ${tg_node} |
-| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} |
-| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac}
+| | ... | ${dut1_node} | ${dut1_to_tg} | ip4 | ${fib_table_number}
+| | And COP interface enable or disable | ${dut1_node} | ${dut1_to_tg} | enable
+| | Then Send packet from Port to Port should failed | ${tg_node}
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
+| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac}
+| | ... | ${tg_to_dut2_mac}
Code Review / csit.git / blobdiff