CSIT-9: COP Whitelist/blacklist 04/804/15
authorZdeno <zolsovsk@cisco.com>
Mon, 18 Apr 2016 14:17:26 +0000 (16:17 +0200)
committerZdeno Olsovsky <zolsovsk@cisco.com>
Mon, 9 May 2016 13:11:56 +0000 (15:11 +0200)
- Included are also IPv6 tests
- JIRA: CSIT-17

Change-Id: I89ae6c38cdc6742a597c0dc24ed1c033c1b5d155
Signed-off-by: Zdeno <zolsovsk@cisco.com>
12 files changed:
resources/libraries/python/Cop.py [new file with mode: 0644]
resources/libraries/python/IPv4Setup.py
resources/libraries/python/IPv4Util.py
resources/libraries/python/Routing.py
resources/libraries/robot/cop.robot [new file with mode: 0644]
resources/libraries/robot/traffic.robot [new file with mode: 0644]
resources/templates/vat/add_fib_table.vat [new file with mode: 0644]
resources/templates/vat/cop_interface.vat [new file with mode: 0644]
resources/templates/vat/cop_whitelist.vat [new file with mode: 0644]
resources/traffic_scripts/send_icmp_check_headers.py [new file with mode: 0755]
tests/suites/cop/cop_whitelist_blacklist.robot [new file with mode: 0644]
tests/suites/cop/cop_whitelist_blacklist_IPv6.robot [new file with mode: 0644]

diff --git a/resources/libraries/python/Cop.py b/resources/libraries/python/Cop.py
new file mode 100644 (file)
index 0000000..1ff9a99
--- /dev/null
@@ -0,0 +1,68 @@
+# Copyright (c) 2016 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""COP utilities library."""
+
+from resources.libraries.python.VatExecutor import VatTerminal
+from resources.libraries.python.topology import Topology
+
+
+class Cop(object):
+    """COP utilities."""
+
+    @staticmethod
+    def cop_add_whitelist_entry(node, interface, ip_format, fib_id):
+        """Add cop whitelisted entry.
+
+        :param node: Node to add COP whitelist on.
+        :param interface: Interface of the node where the COP is added.
+        :param ip_format: IP format : ip4 or ip6 are valid formats.
+        :param fib_id: Specify the fib table ID.
+        :type node: dict
+        :type interface: str
+        :type ip_format: str
+        :type fib_id: int
+        """
+        if ip_format not in ('ip4', 'ip6'):
+            raise ValueError("Ip not in correct format!")
+        sw_if_index = Topology.get_interface_sw_index(node, interface)
+        with VatTerminal(node) as vat:
+            vat.vat_terminal_exec_cmd_from_template('cop_whitelist.vat',
+                                                    sw_if_index=sw_if_index,
+                                                    ip=ip_format,
+                                                    fib_id=fib_id)
+
+    @staticmethod
+    def cop_interface_enable_or_disable(node, interface, state):
+        """Enable or disable COP on the interface.
+
+        :param node: Node to add COP whitelist on.
+        :param interface: Interface of the node where the COP is added.
+        :param state: disable/enable COP on the interface.
+        :type node: dict
+        :type interface: str
+        :type state: str
+        """
+        state = state.lower()
+        if state in ('enable', 'disable'):
+            if state == 'enable':
+                state = ''
+            sw_if_index = Topology.get_interface_sw_index(node, interface)
+            with VatTerminal(node) as vat:
+                vat.vat_terminal_exec_cmd_from_template('cop_interface.vat',
+                                                        sw_if_index=sw_if_index,
+                                                        state=state)
+        else:
+            raise ValueError(
+                "Possible values are 'enable' or 'disable'!"
+            )
index 14179c3..5015410 100644 (file)
@@ -314,3 +314,18 @@ class IPv4Setup(object):
                                                    nodes_addr)
                 mac_address = adj_int['mac_address']
                 get_node(node).set_arp(interface_name, ip_address, mac_address)
+
+    @staticmethod
+    def add_arp_on_dut(node, interface, ip_address, mac_address):
+        """Set ARP cache entree on DUT node.
+
+        :param node: Node in the topology.
+        :param interface: Interface name of the node.
+        :param ip_address: IP address of the interface.
+        :param mac_address: MAC address of the interface.
+        :type node: dict
+        :type interface: str
+        :type ip_address: str
+        :type mac_address: str
+        """
+        get_node(node).set_arp(interface, ip_address, mac_address)
index 31e6bf1..5ee73c0 100644 (file)
@@ -51,9 +51,6 @@ class IPv4Util(object):
         get_node(node).set_ip(interface, address, int(prefix_length))
 
     @staticmethod
-    @keyword('Node "${node}" routes to IPv4 network "${network}" with prefix '
-             'length "${prefix_length}" using interface "${interface}" via '
-             '"${gateway}"')
     def set_route(node, network, prefix_length, interface, gateway):
         """See IPv4Node.set_route for more information.
 
index 1cbbf6b..7bb41cb 100644 (file)
@@ -42,3 +42,25 @@ class Routing(object):
                                                     prefix_length=prefix_len,
                                                     gateway=gateway,
                                                     sw_if_index=sw_if_index)
+
+    @staticmethod
+    def add_fib_table(node, network, prefix_len, fib_id, place):
+        """Create new FIB table according to ID.
+
+        :param node: Node to add FIB on.
+        :param network: IP address to add to the FIB table.
+        :param prefix_len: IP address prefix length.
+        :param fib_id: FIB table ID.
+        :param place: Possible variants are local, drop.
+        :type node: dict
+        :type network: str
+        :type prefix_len: int
+        :type fib_id: int
+        :type place: str
+        """
+        with VatTerminal(node) as vat:
+            vat.vat_terminal_exec_cmd_from_template('add_fib_table.vat',
+                                                    network=network,
+                                                    prefix_length=prefix_len,
+                                                    fib_number=fib_id,
+                                                    where=place)
diff --git a/resources/libraries/robot/cop.robot b/resources/libraries/robot/cop.robot
new file mode 100644 (file)
index 0000000..c958b3e
--- /dev/null
@@ -0,0 +1,85 @@
+# Copyright (c) 2016 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*** Settings ***
+| Resource | resources/libraries/robot/default.robot
+| Resource | resources/libraries/robot/counters.robot
+| Library | resources.libraries.python.NodePath
+| Library | resources.libraries.python.Cop
+| Library | resources.libraries.python.Routing
+| Library | resources.libraries.python.TrafficScriptExecutor
+| Library | resources.libraries.python.InterfaceUtil
+
+*** Keywords ***
+| Setup Nodes And Variables
+| | [Documentation] | Setup of test variables and bring interfaces up.
+| | ...
+| | ... | *Arguments:*
+| | ...
+| | ... | - {tg_node} : Node where to start/end. Type: dictionary
+| | ... | - {dut1_node} - Next node from start. Type: dictionary
+| | ... | - {dut2_node} - Third node. Type: dictionary
+| | ...
+| | ... | *Return:*
+| | ...
+| | ... | - No value returned
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Setup Nodes And Variables \| ${nodes['TG']} \
+| | ... | \| ${nodes['DUT1']} \| ${nodes['DUT2']} \|
+| | ...
+| | ... | _NOTE:_ This KW sets following test case variables:
+| | ...
+| | ... | - ${tg_if1} - Iterface of TG towards DUT (1st).
+| | ... | - ${tg_if2} - Interface of TG towards DUT (2nd).
+| | ... | - ${dut1_if1} - Interface of DUT towards TG (1st).
+| | ... | - ${dut1_if2} - Interface of DUT towards TG (2nd).
+| | ... | - ${dut2_if1} - Interface of DUT2 towards DUT (1st).
+| | ... | - ${dut2_if2} - Interface of DUT2 towards TG (2nd).
+| | ... | - ${tg_if1_mac} - MAC address of TG interface (1st).
+| | ... | - ${tg_if2_mac} - MAC address of TG interface (2nd).
+| | ... | - ${dut1_if1_mac} - MAC address of DUT1 interface (1st).
+| | ... | - ${dut1_if2_mac} - MAC address of DUT1 interface (2nd).
+| | ...
+| | [Arguments] | ${tg_node} | ${dut1_node} | ${dut2_node}
+| | Append Nodes | ${tg_node} | ${dut1_node} | ${dut2_node} |
+| | ... | ${tg_node}
+| | Compute Path
+| | ${tg_if1} | ${tg}= | Next Interface
+| | ${dut1_if1} | ${dut1}= | Next Interface
+| | ${dut1_if2} | ${dut1}= | Next Interface
+| | ${dut2_if1} | ${dut2}= | Next Interface
+| | ${dut2_if2} | ${dut2}= | Next Interface
+| | ${tg_if2} | ${tg}= | Next Interface
+| | ${tg_if1_mac}= | Get interface mac | ${tg} | ${tg_if1}
+| | ${tg_if2_mac}= | Get interface mac | ${tg} | ${tg_if2}
+| | ${dut1_if1_mac}= | Get interface mac | ${dut1} | ${dut1_if1}
+| | ${dut1_if2_mac}= | Get interface mac | ${dut1} | ${dut1_if2}
+| | Set Test Variable | ${tg_if1}
+| | Set Test Variable | ${tg_if2}
+| | Set Test Variable | ${dut1_if1}
+| | Set Test Variable | ${dut1_if2}
+| | Set Test Variable | ${dut2_if1}
+| | Set Test Variable | ${dut2_if2}
+| | Set Test Variable | ${tg_if1_mac}
+| | Set Test Variable | ${tg_if2_mac}
+| | Set Test Variable | ${dut1_if1_mac}
+| | Set Test Variable | ${dut1_if2_mac}
+| | Set Interface State | ${tg_node} | ${tg_if1} | up
+| | Set Interface State | ${tg_node} | ${tg_if2} | up
+| | Set Interface State | ${dut1_node} | ${dut1_if1} | up
+| | Set Interface State | ${dut1_node} | ${dut1_if2} | up
+| | Set Interface State | ${dut2_node} | ${dut2_if1} | up
+| | Set Interface State | ${dut2_node} | ${dut2_if2} | up
+| | All Vpp Interfaces Ready Wait | ${nodes}
diff --git a/resources/libraries/robot/traffic.robot b/resources/libraries/robot/traffic.robot
new file mode 100644 (file)
index 0000000..b97a6d4
--- /dev/null
@@ -0,0 +1,108 @@
+# Copyright (c) 2016 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Traffic keywords"""
+
+*** Settings ***
+| Library | resources.libraries.python.IPv6Util
+| Library | resources.libraries.python.IPv6Setup
+| Library | resources.libraries.python.TrafficScriptExecutor
+| Library | resources.libraries.python.NodePath
+| Library | resources.libraries.python.Routing
+| Library | resources.libraries.python.InterfaceUtil
+| Library | resources.libraries.python.topology.Topology
+| Resource | resources/libraries/robot/default.robot
+| Resource | resources/libraries/robot/counters.robot
+| Documentation | Traffic keywords
+
+*** Keywords ***
+| Send Packet And Check Headers
+| | [Documentation] | Sends packet from IP (with source mac) to IP
+| | ...             | (with dest mac). There has to be 4 MAC addresses
+| | ...             | when using 2 node +
+| | ...             | xconnect (one for each eth).
+| | ...
+| | ... | *Arguments:*
+| | ...
+| | ... | _NOTE:_ Arguments are based on example:
+| | ...             | TG(if1)->(if1)DUT(if2)->TG(if2)
+| | ...
+| | ... | - {tg_node} : Node to execute scripts on (TG). Type: dictionary
+| | ... | - {src_ip} - IP of source interface (TG-if1). Type: int
+| | ... | - {dst_ip} - IP of destination interface (TG-if2). Type: int
+| | ... | - {tx_src_port} - Interface of TG-if1. Type: string
+| | ... | - {tx_src_mac} - MAC address of TG-if1. Type: string
+| | ... | - {tx_dst_mac} - MAC address of DUT-if1. Type: string
+| | ... | - {rx_port} - Interface of TG-if1. Type: string
+| | ... | - {rx_src_mac} - MAC address of DUT1-if2. Type: string
+| | ... | - {rx_dst_mac} - MAC address of TG-if2. Type: string
+| | ...
+| | ... | *Return:*
+| | ... | - No value returned
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Send Packet And Check Headers \| ${nodes['TG']} \| 10.0.0.1 \
+| | ... | \| 32.0.0.1 \| eth2 \| 08:00:27:ee:fd:b3 \| 08:00:27:a2:52:5b \
+| | ... | \| eth3 \| 08:00:27:4d:ca:7a \| 08:00:27:7d:fd:10 \|
+| | ...
+| | [Arguments] | ${tg_node} | ${src_ip} | ${dst_ip} | ${tx_src_port} |
+| | ... | ${tx_src_mac} | ${tx_dst_mac} | ${rx_port} | ${rx_src_mac}
+| | ... | ${rx_dst_mac}
+| | ${args}= | Catenate | --tg_src_mac | ${tx_src_mac} | --tg_dst_mac |
+| | ... | ${rx_dst_mac} | --dut_if1_mac | ${tx_dst_mac} | --dut_if2_mac |
+| | ... | ${rx_src_mac} | --src_ip | ${src_ip} | --dst_ip | ${dst_ip} |
+| | ... | --tx_if | ${tx_src_port} | --rx_if | ${rx_port}
+| | Run Traffic Script On Node | send_icmp_check_headers.py | ${tg_node} |
+| | ... | ${args}
+
+| Send packet from Port to Port should failed
+| | [Documentation] | Sends packet from ip (with specified mac) to ip
+| | ...             | (with dest mac). Using keyword : Send packet And Check
+| | ...             | Headers and subsequently checks the return value
+| | ...
+| | ... | *Arguments:*
+| | ...
+| | ... | _NOTE:_ Arguments are based on example:
+| | ...             | TG(if1)->(if1)DUT(if2)->TG(if2)
+| | ...
+| | ... | - {tg_node} : Node to execute scripts on (TG). Type: dictionary
+| | ... | - {src_ip} - IP of source interface (TG-if1). Type: int
+| | ... | - {dst_ip} - IP of destination interface (TG-if2). Type: int
+| | ... | - {tx_src_port} - Interface of TG-if1. Type: string
+| | ... | - {tx_src_mac} - MAC address of TG-if1. Type: string
+| | ... | - {tx_dst_mac} - MAC address of DUT-if1. Type: string
+| | ... | - {rx_port} - Interface of TG-if1. Type: string
+| | ... | - {rx_src_mac} - MAC address of DUT1-if2. Type: string
+| | ... | - {rx_dst_mac} - MAC address of TG-if2. Type: string
+| | ...
+| | ... | *Return:*
+| | ... | - No value returned
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Send packet from Port to Port should failed \| ${nodes['TG']} \
+| | ... | \| 10.0.0.1 \ \| 32.0.0.1 \| eth2 \| 08:00:27:ee:fd:b3 \
+| | ... | \| 08:00:27:a2:52:5b \| eth3 \| 08:00:27:4d:ca:7a \
+| | ... | \| 08:00:27:7d:fd:10 \|
+| | [Arguments] | ${tg_node} | ${src_ip} | ${dst_ip} | ${tx_src_port} |
+| | ... | ${tx_src_mac} | ${tx_dst_mac} | ${rx_port} | ${rx_src_mac} |
+| | ... | ${rx_dst_mac}
+| | ${args}= | Catenate | --tg_src_mac | ${tx_src_mac} | --tg_dst_mac |
+| | ... | ${rx_dst_mac} | --dut_if1_mac | ${tx_dst_mac} | --dut_if2_mac |
+| | ... | ${rx_src_mac} | --src_ip | ${src_ip} | --dst_ip | ${dst_ip} |
+| | ... | --tx_if | ${tx_src_port} | --rx_if | ${rx_port}
+| | Run Keyword And Expect Error | ICMP echo Rx timeout |
+| | ... | Run Traffic Script On Node | send_icmp_check_headers.py
+| | ... | ${tg_node} | ${args}
+l
\ No newline at end of file
diff --git a/resources/templates/vat/add_fib_table.vat b/resources/templates/vat/add_fib_table.vat
new file mode 100644 (file)
index 0000000..5adedd7
--- /dev/null
@@ -0,0 +1 @@
+ip_add_del_route {network}/{prefix_length} {where} vrf {fib_number} create-vrf
\ No newline at end of file
diff --git a/resources/templates/vat/cop_interface.vat b/resources/templates/vat/cop_interface.vat
new file mode 100644 (file)
index 0000000..1912fa2
--- /dev/null
@@ -0,0 +1 @@
+cop_interface_enable_disable sw_if_index {sw_if_index} {state}
\ No newline at end of file
diff --git a/resources/templates/vat/cop_whitelist.vat b/resources/templates/vat/cop_whitelist.vat
new file mode 100644 (file)
index 0000000..487d553
--- /dev/null
@@ -0,0 +1 @@
+cop_whitelist_enable_disable sw_if_index {sw_if_index} {ip} fib-id {fib_id}
\ No newline at end of file
diff --git a/resources/traffic_scripts/send_icmp_check_headers.py b/resources/traffic_scripts/send_icmp_check_headers.py
new file mode 100755 (executable)
index 0000000..f8f5309
--- /dev/null
@@ -0,0 +1,107 @@
+#!/usr/bin/env python
+# Copyright (c) 2016 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Traffic script that sends an ip icmp packet
+from one interface to the other.
+"""
+
+import sys
+import ipaddress
+
+from scapy.layers.inet import ICMP, IP
+from scapy.layers.inet6 import IPv6
+from scapy.all import Ether
+from scapy.layers.inet6 import ICMPv6EchoRequest
+from robot.api import logger
+
+from resources.libraries.python.PacketVerifier import RxQueue, TxQueue
+from resources.libraries.python.TrafficScriptArg import TrafficScriptArg
+
+
+def valid_ipv4(ip):
+    try:
+        ipaddress.IPv4Address(unicode(ip))
+        return True
+    except (AttributeError, ipaddress.AddressValueError):
+        return False
+
+
+def valid_ipv6(ip):
+    try:
+        ipaddress.IPv6Address(unicode(ip))
+        return True
+    except (AttributeError, ipaddress.AddressValueError):
+        return False
+
+
+def main():
+    """Send IP ICMP packet from one traffic generator interface to the other."""
+    args = TrafficScriptArg(
+        ['tg_src_mac', 'tg_dst_mac', 'src_ip', 'dst_ip', 'dut_if1_mac',
+         'dut_if2_mac'])
+
+    src_mac = args.get_arg('tg_src_mac')
+    dst_mac = args.get_arg('tg_dst_mac')
+    dut1_if1_mac = args.get_arg('dut_if1_mac')
+    dut1_if2_mac = args.get_arg('dut_if2_mac')
+    src_ip = args.get_arg('src_ip')
+    dst_ip = args.get_arg('dst_ip')
+    tx_if = args.get_arg('tx_if')
+    rx_if = args.get_arg('rx_if')
+
+    rxq = RxQueue(rx_if)
+    txq = TxQueue(tx_if)
+    sent_packets = []
+    ip_format = ''
+    pkt_raw = ''
+    if valid_ipv4(src_ip) and valid_ipv4(dst_ip):
+        pkt_raw = (Ether(src=src_mac, dst=dut1_if1_mac) /
+                   IP(src=src_ip, dst=dst_ip) /
+                   ICMP())
+        ip_format = 'IP'
+    elif valid_ipv6(src_ip) and valid_ipv6(dst_ip):
+        pkt_raw = (Ether(src=src_mac, dst=dut1_if1_mac) /
+                   IPv6(src=src_ip, dst=dst_ip) /
+                   ICMPv6EchoRequest())
+        ip_format = 'IPv6'
+    else:
+        raise ValueError("IP not in correct format")
+
+    sent_packets.append(pkt_raw)
+    txq.send(pkt_raw)
+    ether = rxq.recv(2)
+
+    if ether is None:
+        raise RuntimeError("ICMP echo Rx timeout")
+    if not ether.haslayer(ip_format):
+        raise RuntimeError("Not an IP packet received {0}"
+                           .format(ether.__repr__()))
+
+    # Compare data from packets
+    if src_ip == ether[ip_format].src and dst_ip == ether[ip_format].dst:
+        logger.trace("IP matched")
+        if dst_mac == ether['Ethernet'].dst and \
+                dut1_if2_mac == ether['Ethernet'].src:
+            logger.trace("MAC matched")
+        else:
+            raise RuntimeError("Matching packet unsuccessful: {0}"
+                               .format(ether.__repr__()))
+    else:
+        raise RuntimeError("Matching packet unsuccessful: {0}"
+                           .format(ether.__repr__()))
+    sys.exit(0)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/tests/suites/cop/cop_whitelist_blacklist.robot b/tests/suites/cop/cop_whitelist_blacklist.robot
new file mode 100644 (file)
index 0000000..ad02b4c
--- /dev/null
@@ -0,0 +1,105 @@
+# Copyright (c) 2016 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*** Settings ***
+| Library | resources.libraries.python.topology.Topology
+| Library | resources.libraries.python.NodePath
+| Library | resources.libraries.python.Trace
+| Resource | resources/libraries/robot/default.robot
+| Resource | resources/libraries/robot/interfaces.robot
+| Resource | resources/libraries/robot/ipv4.robot
+| Resource | resources/libraries/robot/traffic.robot
+| Resource | resources/libraries/robot/cop.robot
+| Resource | resources/libraries/robot/l2_xconnect.robot
+| Variables  | resources/libraries/python/IPv4NodeAddress.py | ${nodes}
+| Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO
+| Suite Setup | Run Keywords | Setup all DUTs before test
+| ...         | AND          | Setup all TGs before traffic script
+| ...         | AND          | Update All Interface Data On All Nodes | ${nodes}
+| Test Setup | Clear interface counters on all vpp nodes in topology | ${nodes}
+| Test Teardown | Show packet trace on all DUTs | ${nodes}
+| Documentation | *COP Blacklist and Whitelist Tests*
+| ...
+| ... | Test suite uses 3-node topology TG - DUT1 - DUT2 - TG
+| ... | with one link between nodes where DUT2 has xconnect.
+| ... | Test packets are sent only in one direction with COP set either as
+| ... | whitelist or blacklist. Subsequently, packet's IP src/dst and
+| ... | MAC addresses are checked.
+
+*** Variables ***
+| ${tg_node}= | ${nodes['TG']}
+| ${dut1_node}= | ${nodes['DUT1']}
+| ${dut2_node}= | ${nodes['DUT2']}
+
+| ${dut1_if1_ip}= | 192.168.1.1
+| ${dut1_if2_ip}= | 192.168.2.1
+| ${dut1_if1_ip_GW}= | 192.168.1.2
+| ${dut1_if2_ip_GW}= | 192.168.2.2
+
+| ${test_dst_ip}= | 32.0.0.1
+| ${test_src_ip}= | 16.0.0.1
+
+| ${cop_dut_ip}= | 16.0.0.0
+
+| ${ip_prefix}= | 24
+| ${nodes_ipv4_addresses}= | ${nodes_ipv4_addr}
+
+| ${fib_table_number}= | 1
+
+*** Test Cases ***
+| VPP permits packets based on IPv4 src addr
+| | [Documentation] | COP Whitelist test with basic setup.
+| | Given Setup Nodes And Variables | ${tg_node} | ${dut1_node} | ${dut2_node}
+| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2}
+| | And Set Interface Address
+| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${ip_prefix}
+| | And Set Interface Address
+| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip} | ${ip_prefix}
+| | And Add Arp On Dut
+| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip_GW} | ${tg_if1_mac}
+| | And Add Arp On Dut
+| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac}
+| | And Vpp Route Add | ${dut1_node}
+| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_if2}
+| | And Add fib table | ${dut1_node}
+| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | local
+| | When COP Add whitelist Entry
+| | ... | ${dut1_node} | ${dut1_if1} | ip4 | ${fib_table_number}
+| | And COP interface enable or disable | ${dut1_node} | ${dut1_if1} | enable
+| | Then Send Packet And Check Headers | ${tg_node} |
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} |
+| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac}
+
+
+| VPP drops packets based on IPv4 src addr
+| | [Documentation] | COP blacklist test with basic setup.
+| | Given Setup Nodes And Variables | ${tg_node} | ${dut1_node} | ${dut2_node}
+| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2}
+| | And Set Interface Address
+| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${ip_prefix}
+| | And Set Interface Address
+| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip} | ${ip_prefix}
+| | And Add Arp On Dut
+| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip_GW} | ${tg_if1_mac}
+| | And Add Arp On Dut
+| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac}
+| | And Vpp Route Add | ${dut1_node}
+| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_if2}
+| | And Add fib table | ${dut1_node}
+| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | drop
+| | When COP Add whitelist Entry
+| | ... | ${dut1_node} | ${dut1_if1} | ip4 | ${fib_table_number}
+| | And COP interface enable or disable | ${dut1_node} | ${dut1_if1} | enable
+| | Then Send packet from Port to Port should failed | ${tg_node} |
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} |
+| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac}
diff --git a/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot b/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot
new file mode 100644 (file)
index 0000000..a48ae01
--- /dev/null
@@ -0,0 +1,120 @@
+# Copyright (c) 2016 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*** Settings ***
+| Library | resources.libraries.python.topology.Topology
+| Library | resources.libraries.python.NodePath
+| Library | resources.libraries.python.Trace
+| Resource | resources/libraries/robot/default.robot
+| Resource | resources/libraries/robot/interfaces.robot
+| Resource | resources/libraries/robot/ipv6.robot
+| Resource | resources/libraries/robot/ipv4.robot
+| Resource | resources/libraries/robot/traffic.robot
+| Resource | resources/libraries/robot/cop.robot
+| Resource | resources/libraries/robot/l2_xconnect.robot
+| Variables  | resources/libraries/python/IPv6NodesAddr.py | ${nodes}
+| Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO
+| Suite Setup | Run Keywords | Setup all DUTs before test
+| ...         | AND          | Setup all TGs before traffic script
+| ...         | AND          | Update All Interface Data On All Nodes | ${nodes}
+| Test Setup | Clear interface counters on all vpp nodes in topology | ${nodes}
+| Test Teardown | Show packet trace on all DUTs | ${nodes}
+| Documentation | *COP Blacklist and Whitelist Tests*
+| ...
+| ... | Test suite uses 3-node topology TG - DUT1 - DUT2 - TG
+| ... | with one link between nodes where DUT2 has xconnect.
+| ... | Test packets are sent only in one direction with COP set either as
+| ... | whitelist or blacklist. Subsequently, packet's IP src/dst and
+| ... | MAC addresses are checked.
+
+*** Variables ***
+| ${tg_node}= | ${nodes['TG']}
+| ${dut1_node}= | ${nodes['DUT1']}
+| ${dut2_node}= | ${nodes['DUT2']}
+
+| ${dut1_if1_ip}= | 3ffe:62::1
+| ${dut1_if2_ip}= | 3ffe:63::1
+| ${dut1_if1_ip_GW}= | 3ffe:62::2
+| ${dut1_if2_ip_GW}= | 3ffe:63::2
+
+| ${dut2_if1_ip}= | 3ffe:72::1
+| ${dut2_if2_ip}= | 3ffe:73::1
+
+| ${test_dst_ip}= | 3ffe:64::1
+| ${test_src_ip}= | 3ffe:61::1
+
+| ${cop_dut_ip}= | 3ffe:61::
+
+| ${ip_prefix}= | 64
+
+| ${nodes_ipv6_addresses}= | ${nodes_ipv6_addr}
+
+| ${fib_table_number}= | 1
+
+*** Test Cases ***
+| VPP permits packets based on IPv6 src addr
+| | [Documentation] | COP Whitelist test with basic setup.
+| | Given Setup Nodes And Variables | ${tg_node} | ${dut1_node} | ${dut2_node}
+| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2}
+| | And VPP Set IF IPv6 Addr
+| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${ip_prefix}
+| | And VPP Set IF IPv6 Addr
+| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip} | ${ip_prefix}
+| | And VPP Set IF IPv6 Addr
+| | ... | ${dut2_node} | ${dut2_if1} | ${dut2_if1_ip} | ${ip_prefix}
+| | And VPP Set IF IPv6 Addr
+| | ... | ${dut2_node} | ${dut2_if2} | ${dut2_if2_ip} | ${ip_prefix}
+| | And Add Arp On Dut
+| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip_GW} | ${tg_if1_mac}
+| | And Add Arp On Dut
+| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac}
+| | And Vpp Route Add | ${dut1_node}
+| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_if2}
+| | And Vpp All Ra Suppress Link Layer | ${nodes}
+| | And Add fib table | ${dut1_node} | ${cop_dut_ip} | ${ip_prefix} |
+| | ... | ${fib_table_number} | local
+| | When COP Add whitelist Entry | ${dut1_node} | ${dut1_if1} | ip6 |
+| | ... | ${fib_table_number}
+| | And COP interface enable or disable | ${dut1_node} | ${dut1_if1} | enable
+| | Then Send Packet And Check Headers | ${tg_node} |
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} |
+| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac}
+
+
+| VPP drops packets based on IPv6 src addr
+| | [Documentation] | COP blacklist test with basic setup.
+| | Given Setup Nodes And Variables | ${tg_node} | ${dut1_node} | ${dut2_node}
+| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2}
+| | And VPP Set IF IPv6 Addr
+| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${ip_prefix}
+| | And VPP Set IF IPv6 Addr
+| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip} | ${ip_prefix}
+| | And VPP Set IF IPv6 Addr
+| | ... | ${dut2_node} | ${dut2_if1} | ${dut2_if1_ip} | ${ip_prefix}
+| | And VPP Set IF IPv6 Addr
+| | ... | ${dut2_node} | ${dut2_if2} | ${dut2_if2_ip} | ${ip_prefix}
+| | And Add Arp On Dut
+| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip_GW} | ${tg_if1_mac}
+| | And Add Arp On Dut
+| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac}
+| | And Vpp Route Add | ${dut1_node}
+| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_if2}
+| | And Vpp All Ra Suppress Link Layer | ${nodes}
+| | And Add fib table | ${dut1_node}
+| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | drop
+| | When COP Add whitelist Entry
+| | ... | ${dut1_node} | ${dut1_if1} | ip6 | ${fib_table_number}
+| | And COP interface enable or disable | ${dut1_node} | ${dut1_if1} | enable
+| | Then Send packet from Port to Port should failed | ${tg_node} |
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} |
+| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac}

©2016 FD.io a Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation. Linux is a registered trademark of Linus Torvalds.
Please see our privacy policy and terms of use.