X-Git-Url: https://gerrit.fd.io/r/gitweb?p=csit.git;a=blobdiff_plain;f=tests%2Ffunc%2Fcop%2Fcop_whitelist_blacklist.robot;fp=tests%2Ffunc%2Fcop%2Fcop_whitelist_blacklist.robot;h=c84387d34996a12aa69309357288754a91c15b5d;hp=0000000000000000000000000000000000000000;hb=70cbaaee0e6210682ce6d278ea645b8bea153b67;hpb=7c3e0cc41f55327d6eeb04fe757c6e80064ab28a

diff --git a/tests/func/cop/cop_whitelist_blacklist.robot b/tests/func/cop/cop_whitelist_blacklist.robot
new file mode 100644
index 0000000000..c84387d349
--- /dev/null
+++ b/tests/func/cop/cop_whitelist_blacklist.robot
@@ -0,0 +1,128 @@
+# Copyright (c) 2016 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*** Settings ***
+| Library | resources.libraries.python.Trace
+| Library | resources.libraries.python.Cop
+| Resource | resources/libraries/robot/default.robot
+| Resource | resources/libraries/robot/interfaces.robot
+| Resource | resources/libraries/robot/ipv4.robot
+| Resource | resources/libraries/robot/traffic.robot
+| Resource | resources/libraries/robot/testing_path.robot
+| Resource | resources/libraries/robot/l2_xconnect.robot
+| Variables  | resources/libraries/python/IPv4NodeAddress.py | ${nodes}
+| Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO
+| Test Setup | Run Keywords | Setup all DUTs before test
+| ...        | AND          | Setup all TGs before traffic script
+| ...        | AND          | Update All Interface Data On All Nodes | ${nodes}
+| Test Teardown | Run Keywords | Show packet trace on all DUTs | ${nodes}
+| ...           | AND          | Show vpp trace dump on all DUTs
+| Documentation | *COP Security IPv4 Blacklist and Whitelist Tests*
+| ...
+| ... | *[Top] Network Topologies:* TG-DUT1-DUT2-TG 3-node circular topology
+| ... | with single links between nodes.
+| ... | *[Enc] Packet Encapsulations:* Eth-IPv4-ICMPv4 on all links.
+| ... | *[Cfg] DUT configuration:* DUT1 is configured with IPv4 routing and
+| ... | static routes. COP security white-lists are applied on DUT1 ingress
+| ... | interface from TG. DUT2 is configured with L2XC.
+| ... | *[Ver] TG verification:* Test ICMPv4 Echo Request packets are sent in
+| ... | one direction by TG on link to DUT1; on receive TG verifies packets for
+| ... | correctness and drops as applicable.
+| ... | *[Ref] Applicable standard specifications:*
+
+*** Variables ***
+| ${tg_node}= | ${nodes['TG']}
+| ${dut1_node}= | ${nodes['DUT1']}
+| ${dut2_node}= | ${nodes['DUT2']}
+
+| ${dut1_if1_ip}= | 192.168.1.1
+| ${dut1_if2_ip}= | 192.168.2.1
+| ${dut1_if1_ip_GW}= | 192.168.1.2
+| ${dut1_if2_ip_GW}= | 192.168.2.2
+
+| ${test_dst_ip}= | 32.0.0.1
+| ${test_src_ip}= | 16.0.0.1
+
+| ${cop_dut_ip}= | 16.0.0.0
+
+| ${ip_prefix}= | 24
+| ${nodes_ipv4_addresses}= | ${nodes_ipv4_addr}
+
+| ${fib_table_number}= | 1
+
+*** Test Cases ***
+| TC01: DUT permits IPv4 pkts with COP whitelist set with IPv4 src-addr
+| | [Documentation]
+| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv4-ICMPv4. [Cfg] On DUT1 \
+| | ... | configure interface IPv4 addresses and routes in the main
+| | ... | routing domain, add COP whitelist on interface to TG with IPv4
+| | ... | src-addr matching packets generated by TG; on DUT2 configure L2
+| | ... | xconnect. [Ver] Make TG send ICMPv4 Echo Req on its interface to
+| | ... | DUT1; verify received ICMPv4 Echo Req pkts are correct. [Ref]
+| | Given Path for 3-node testing is set
+| | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node}
+| | And Interfaces in 3-node path are up
+| | And L2 setup xconnect on DUT
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
+| | And Set Interface Address
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip} | ${ip_prefix}
+| | And Set Interface Address
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip} | ${ip_prefix}
+| | And Add Arp On Dut
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip_GW} | ${tg_to_dut1_mac}
+| | And Add Arp On Dut
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip_GW} | ${tg_to_dut2_mac}
+| | And Vpp Route Add | ${dut1_node}
+| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_to_dut2}
+| | And Add fib table | ${dut1_node}
+| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | local
+| | When COP Add whitelist Entry
+| | ... | ${dut1_node} | ${dut1_to_tg} | ip4 | ${fib_table_number}
+| | And COP interface enable or disable | ${dut1_node} | ${dut1_to_tg} | enable
+| | Then Send Packet And Check Headers | ${tg_node}
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
+| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac}
+| | ... | ${tg_to_dut2_mac}
+
+| TC02: DUT drops IPv4 pkts with COP blacklist set with IPv4 src-addr
+| | [Documentation]
+| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv4-ICMPv4. [Cfg] On DUT1 \
+| | ... | configure interface IPv4 addresses and routes in the main
+| | ... | routing domain, add COP blacklist on interface to TG with IPv4
+| | ... | src-addr matching packets generated by TG; on DUT2 configure L2
+| | ... | xconnect. [Ver] Make TG send ICMPv4 Echo Req on its interface to
+| | ... | DUT1; verify no ICMPv4 Echo Req pkts are received. [Ref]
+| | Given Path for 3-node testing is set
+| | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node}
+| | And Interfaces in 3-node path are up
+| | And L2 setup xconnect on DUT
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
+| | And Set Interface Address
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip} | ${ip_prefix}
+| | And Set Interface Address
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip} | ${ip_prefix}
+| | And Add Arp On Dut
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip_GW} | ${tg_to_dut1_mac}
+| | And Add Arp On Dut
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip_GW} | ${tg_to_dut2_mac}
+| | And Vpp Route Add | ${dut1_node}
+| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_to_dut2}
+| | And Add fib table | ${dut1_node}
+| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | drop
+| | When COP Add whitelist Entry
+| | ... | ${dut1_node} | ${dut1_to_tg} | ip4 | ${fib_table_number}
+| | And COP interface enable or disable | ${dut1_node} | ${dut1_to_tg} | enable
+| | Then Send packet from Port to Port should failed | ${tg_node}
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
+| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac}
+| | ... | ${tg_to_dut2_mac}