From: Tibor Frank Date: Fri, 14 Jun 2019 07:26:38 +0000 (+0200) Subject: VAT-to-PAPI: Classify X-Git-Url: https://gerrit.fd.io/r/gitweb?p=csit.git;a=commitdiff_plain;h=10e0393fde6d919cf0e5848bc5e506d981642ef8 VAT-to-PAPI: Classify Change-Id: Ic06a0a65429680e6ecdc3f5288d091c2c2630921 Signed-off-by: Tibor Frank --- diff --git a/resources/libraries/python/Classify.py b/resources/libraries/python/Classify.py index a59acad5c7..1938688900 100644 --- a/resources/libraries/python/Classify.py +++ b/resources/libraries/python/Classify.py @@ -1,4 +1,4 @@ -# Copyright (c) 2018 Cisco and/or its affiliates. +# Copyright (c) 2019 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -13,79 +13,463 @@ """Classify utilities library.""" +import binascii +import re + +from socket import AF_INET, AF_INET6, inet_aton, inet_pton + from robot.api import logger -from resources.libraries.python.VatExecutor import VatExecutor, VatTerminal from resources.libraries.python.topology import Topology +from resources.libraries.python.PapiExecutor import PapiExecutor class Classify(object): """Classify utilities.""" @staticmethod - def vpp_creates_classify_table_l3(node, ip_version, direction): + def _build_mac_mask(dst_mac='', src_mac='', ether_type=''): + """Build MAC ACL mask data in hexstring format. + + :param dst_mac: Source MAC address <0-ffffffffffff>. + :param src_mac: Destination MAC address <0-ffffffffffff>. + :param ether_type: Ethernet type <0-ffff>. + :type dst_mac: str + :type src_mac: str + :type ether_type: str + :returns MAC ACL mask in hexstring format. + :rtype: str + """ + return ('{!s:0>12}{!s:0>12}{!s:0>4}'.format( + dst_mac.replace(':', ''), src_mac.replace(':', ''), ether_type)).\ + rstrip('0') + + @staticmethod + def _build_ip_mask(proto='', src_ip='', dst_ip='', src_port='', + dst_port=''): + """Build IP ACL mask data in hexstring format. + + :param proto: Protocol number <0-ff>. + :param src_ip: Source ip address <0-ffffffff>. + :param dst_ip: Destination ip address <0-ffffffff>. + :param src_port: Source port number <0-ffff>. + :param str dst_port: Destination port number <0-ffff>. + :type proto: str + :type src_ip: str + :type dst_ip: str + :type src_port: str + :type dst_port:src + :returns: IP mask in hexstring format. + :rtype: str + """ + return ('{!s:0>20}{!s:0>12}{!s:0>8}{!s:0>4}{!s:0>4}'.format( + proto, src_ip, dst_ip, src_port, dst_port)).rstrip('0') + + @staticmethod + def _build_ip6_mask(next_hdr='', src_ip='', dst_ip='', src_port='', + dst_port=''): + """Build IPv6 ACL mask data in hexstring format. + + :param next_hdr: Next header number <0-ff>. + :param src_ip: Source ip address <0-ffffffff>. + :param dst_ip: Destination ip address <0-ffffffff>. + :param src_port: Source port number <0-ffff>. + :param dst_port: Destination port number <0-ffff>. + :type next_hdr: str + :type src_ip: str + :type dst_ip: str + :type src_port: str + :type dst_port: str + :returns: IPv6 ACL mask in hexstring format. + :rtype: str + """ + return ('{!s:0>14}{!s:0>34}{!s:0>32}{!s:0>4}{!s:0>4}'.format( + next_hdr, src_ip, dst_ip, src_port, dst_port)).rstrip('0') + + @staticmethod + def _build_mac_match(dst_mac='', src_mac='', ether_type=''): + """Build MAC ACL match data in hexstring format. + + :param dst_mac: Source MAC address . + :param src_mac: Destination MAC address . + :param ether_type: Ethernet type <0-ffff>. + :type dst_mac: str + :type src_mac: str + :type ether_type: str + :returns: MAC ACL match data in hexstring format. + :rtype: str + """ + if dst_mac: + dst_mac = dst_mac.replace(':', '') + if src_mac: + src_mac = src_mac.replace(':', '') + + return ('{!s:0>12}{!s:0>12}{!s:0>4}'.format( + dst_mac, src_mac, ether_type)).rstrip('0') + + @staticmethod + def _build_ip_match(proto=0, src_ip='', dst_ip='', src_port=0, dst_port=0): + """Build IP ACL match data in hexstring format. + + :param proto: Protocol number with valid option "x". + :param src_ip: Source ip address with format of "x.x.x.x". + :param dst_ip: Destination ip address with format of "x.x.x.x". + :param src_port: Source port number "x". + :param dst_port: Destination port number "x". + :type proto: int + :type src_ip: str + :type dst_ip: str + :type src_port: int + :type dst_port: int + :returns: IP ACL match data in hexstring format. + :rtype: str + """ + if src_ip: + src_ip = binascii.hexlify(inet_aton(src_ip)) + if dst_ip: + dst_ip = binascii.hexlify(inet_aton(dst_ip)) + + return ('{!s:0>20}{!s:0>12}{!s:0>8}{!s:0>4}{!s:0>4}'.format( + hex(proto)[2:], src_ip, dst_ip, hex(src_port)[2:], + hex(dst_port)[2:])).rstrip('0') + + @staticmethod + def _build_ip6_match(next_hdr=0, src_ip='', dst_ip='', src_port=0, + dst_port=0): + """Build IPv6 ACL match data in hexstring format. + + :param next_hdr: Next header number with valid option "x". + :param src_ip: Source ip6 address with format of "xxx:xxxx::xxxx". + :param dst_ip: Destination ip6 address with format of + "xxx:xxxx::xxxx". + :param src_port: Source port number "x". + :param dst_port: Destination port number "x". + :type next_hdr: int + :type src_ip: str + :type dst_ip: str + :type src_port: int + :type dst_port: int + :returns: IPv6 ACL match data in hexstring format. + :rtype: str + """ + if src_ip: + src_ip = binascii.hexlify(inet_pton(AF_INET6, src_ip)) + if dst_ip: + dst_ip = binascii.hexlify(inet_pton(AF_INET6, dst_ip)) + + return ('{!s:0>14}{!s:0>34}{!s:0>32}{!s:0>4}{!s:0>4}'.format( + hex(next_hdr)[2:], src_ip, dst_ip, hex(src_port)[2:], + hex(dst_port)[2:])).rstrip('0') + + @staticmethod + def _classify_add_del_table(node, is_add, mask, match_n_vectors=1, + table_index=0xFFFFFFFF, nbuckets=2, + memory_size=2097152, skip_n_vectors=0, + next_table_index=0xFFFFFFFF, + miss_next_index=0xFFFFFFFF, current_data_flag=0, + current_data_offset=0): + """Add or delete a classify table. + + :param node: VPP node to create classify table. + :param is_add: If 1 the table is added, if 0 the table is deleted. + :param mask: ACL mask in hexstring format. + :param match_n_vectors: Number of vectors to match (Default value = 1). + :param table_index: Index of the classify table. + (Default value = 0xFFFFFFFF) + :param nbuckets: Number of buckets when adding a table. + (Default value = 2) + :param memory_size: Memory size when adding a table. + (Default value = 2097152) + :param skip_n_vectors: Number of skip vectors (Default value = 0). + :param next_table_index: Index of next table. + (Default value = 0xFFFFFFFF) + :param miss_next_index: Index of miss table. + (Default value = 0xFFFFFFFF) + :param current_data_flag: Option to use current node's packet payload + as the starting point from where packets are classified. + This option is only valid for L2/L3 input ACL for now. + 0: by default, classify data from the buffer's start location + 1: classify packets from VPP node's current data pointer. + :param current_data_offset: A signed value to shift the start location + of the packet to be classified. + For example, if input IP ACL node is used, L2 header's first byte + can be accessible by configuring current_data_offset to -14 + if there is no vlan tag. + This is valid only if current_data_flag is set to 1. + (Default value = 0) + :type node: dict + :type is_add: int + :type mask: str + :type match_n_vectors: int + :type table_index: int + :type nbuckets: int + :type memory_size: int + :type skip_n_vectors: int + :type next_table_index: int + :type miss_next_index: int + :type current_data_flag: int + :type current_data_offset: int + :returns: (table_index, skip_n, match_n) + table_index: Classify table index. + skip_n: Number of skip vectors. + match_n: Number of match vectors. + :rtype: tuple(int, int, int) + """ + mask_len = ((len(mask) - 1) / 16 + 1) * 16 + mask = mask + '\0' * (mask_len - len(mask)) + + args = dict( + is_add=is_add, + table_index=table_index, + nbuckets=nbuckets, + memory_size=memory_size, + skip_n_vectors=skip_n_vectors, + match_n_vectors=match_n_vectors, + next_table_index=next_table_index, + miss_next_index=miss_next_index, + current_data_flag=current_data_flag, + current_data_offset=current_data_offset, + mask_len=mask_len, + mask=mask + ) + + cmd = 'classify_add_del_table' + err_msg = "Failed to create a classify table on host {host}".format( + host=node['host']) + + with PapiExecutor(node) as papi_exec: + data = papi_exec.add(cmd, **args).get_replies(err_msg).\ + verify_reply(err_msg=err_msg) + + return int(data["new_table_index"]), int(data["skip_n_vectors"]),\ + int(data["match_n_vectors"]) + + @staticmethod + def _classify_add_del_session(node, is_add, table_index, match, + opaque_index=0xFFFFFFFF, + hit_next_index=0xFFFFFFFF, advance=0, + action=0, metadata=0): + """Add or delete a classify session. + + :param node: VPP node to create classify session. + :param is_add: If 1 the session is added, if 0 the session is deleted. + :param table_index: Index of the table to add/del the session. + :param match: For add, match value for session, required, needs to + include bytes in front with length of skip_n_vectors of target table + times sizeof (u32x4) (values of those bytes will be ignored). + :param opaque_index: For add, opaque_index of new session. + (Default value = 0xFFFFFFFF) + :param hit_next_index: For add, hit_next_index of new session. + (Default value = 0xFFFFFFFF) + :param advance: For add, advance value for session. (Default value = 0) + :param action: 0: No action (by default) metadata is not used. + 1: Classified IP packets will be looked up from the specified ipv4 + fib table (configured by metadata as VRF id). + Only valid for L3 input ACL node + 2: Classified IP packets will be looked up from the specified ipv6 + fib table (configured by metadata as VRF id). + Only valid for L3 input ACL node + 3: Classified packet will be steered to source routig policy of + given index (in metadata). + This is only valid for IPv6 packets redirected to a source + routing node. + :param metadata: Valid only if action != 0 + VRF id if action is 1 or 2. SR policy index if action is 3. + (Default value = 0) + :type node: dict + :type is_add: int + :type table_index: int + :type match: str + :type opaque_index: int + :type hit_next_index: int + :type advance: int + :type action: int + :type metadata: int + """ + + match_len = ((len(match) - 1) / 16 + 1) * 16 + match = match + '\0' * (match_len - len(match)) + args = dict( + is_add=is_add, + table_index=table_index, + hit_next_index=hit_next_index, + opaque_index=opaque_index, + advance=advance, + action=action, + metadata=metadata, + match_len=match_len, + match=match + ) + cmd = 'classify_add_del_session' + err_msg = "Failed to create a classify session on host {host}".format( + host=node['host']) + + with PapiExecutor(node) as papi_exec: + papi_exec.add(cmd, **args).get_replies(err_msg). \ + verify_reply(err_msg=err_msg) + + @staticmethod + def _macip_acl_add(node, rules, tag=""): + """Add MACIP ACL. + + :param node: VPP node to add MACIP ACL. + :param rules: List of rules for given ACL. + :param tag: ACL tag. + :type node: dict + :type rules: list + :type tag: str + """ + cmd = "macip_acl_add" + args = dict( + r=rules, + count=len(rules), + tag=tag + ) + + err_msg = "Failed to create a classify session on host {host}".format( + host=node['host']) + + with PapiExecutor(node) as papi_exec: + papi_exec.add(cmd, **args).get_replies(err_msg). \ + verify_reply(err_msg=err_msg) + + @staticmethod + def _acl_interface_set_acl_list(node, sw_if_index, acl_type, acls): + """Set ACL list for interface. + + :param node: VPP node to set ACL list for interface. + :param sw_if_index: sw_if_index of the used interface. + :param acl_type: Type of ACL(s) - input or output. + :param acls: List of ACLs. + :type node: dict + :type sw_if_index: int + :type acl_type: str + :type acls: list + """ + cmd = "acl_interface_set_acl_list" + n_input = len(acls) if acl_type == "input" else 0 + args = dict( + sw_if_index=sw_if_index, + acls=acls, + n_input=n_input, + count=len(acls) + ) + + err_msg = "Failed to set acl list for interface {idx} on host {host}".\ + format(idx=sw_if_index, host=node['host']) + + with PapiExecutor(node) as papi_exec: + papi_exec.add(cmd, **args).get_replies(err_msg). \ + verify_reply(err_msg=err_msg) + + @staticmethod + def _acl_add_replace(node, acl_idx, rules, tag=""): + """ Add/replace ACLs. + + :param node: VPP node to add MACIP ACL. + :param acl_idx: ACL index. + :param rules: List of rules for given ACL. + :param tag: ACL tag. + :type node: dict + :type acl_idx: int + :type rules: list + :type tag: str + """ + cmd = "acl_add_replace" + args = dict( + tag=tag, + acl_index=4294967295 if acl_idx is None else acl_idx, + count=len(rules), + r=rules + ) + + err_msg = "Failed to add/replace acls on host {host}".format( + host=node['host']) + + with PapiExecutor(node) as papi_exec: + papi_exec.add(cmd, **args).get_replies(err_msg). \ + verify_reply(err_msg=err_msg) + + @staticmethod + def vpp_creates_classify_table_l3(node, ip_version, direction, ip_addr): """Create classify table for IP address filtering. :param node: VPP node to create classify table. :param ip_version: Version of IP protocol. :param direction: Direction of traffic - src/dst. + :param ip_addr: IPv4 or Ipv6 (depending on the parameter 'ip_version') + address. :type node: dict :type ip_version: str :type direction: str + :type ip_addr: str :returns: (table_index, skip_n, match_n) table_index: Classify table index. skip_n: Number of skip vectors. match_n: Number of match vectors. :rtype: tuple(int, int, int) - :raises RuntimeError: If VPP can't create table. + :raises ValueError: If the parameters 'ip_version' or 'direction' have + incorrect values. """ + mask_f = dict( + ip4=Classify._build_ip_mask, + ip6=Classify._build_ip6_mask + ) + if ip_version == "ip4": + ip_addr = binascii.hexlify(inet_aton(ip_addr)) + elif ip_version == "ip6": + ip_addr = binascii.hexlify(inet_pton(AF_INET6, ip_addr)) + else: + raise ValueError("IP version {ver} is not supported.". + format(ver=ip_version)) - output = VatExecutor.cmd_from_template(node, "classify_add_table.vat", - ip_version=ip_version, - direction=direction) - - if output[0]["retval"] == 0: - table_index = output[0]["new_table_index"] - skip_n = output[0]["skip_n_vectors"] - match_n = output[0]["match_n_vectors"] - logger.trace('Classify table with table_index {} created on node {}' - .format(table_index, node['host'])) + if direction == "src": + mask = mask_f[ip_version](src_ip=ip_addr) + elif direction == "dst": + mask = mask_f[ip_version](dst_ip=ip_addr) else: - raise RuntimeError('Unable to create classify table on node {}' - .format(node['host'])) + raise ValueError("Direction {dir} is not supported.". + format(dir=direction)) - return table_index, skip_n, match_n + return Classify._classify_add_del_table( + node, + is_add=1, + mask=binascii.unhexlify(mask), + match_n_vectors=(len(mask) - 1) // 32 + 1 + ) @staticmethod - def vpp_creates_classify_table_l2(node, direction): + def vpp_creates_classify_table_l2(node, direction, mac=""): """Create classify table for MAC address filtering. :param node: VPP node to create classify table. :param direction: Direction of traffic - src/dst. + :param mac: Source or destination (depending on the parameter + 'direction') MAC address. :type node: dict :type direction: str + :type mac: str :returns: (table_index, skip_n, match_n) table_index: Classify table index. skip_n: Number of skip vectors. match_n: Number of match vectors. :rtype: tuple(int, int, int) - :raises RuntimeError: If VPP can't create table. + :raises ValueError: If the parameter 'direction' has incorrect value. """ - output = VatExecutor.cmd_from_template(node, - "classify_add_table_l2.vat", - direction=direction) - - if output[0]["retval"] == 0: - table_index = output[0]["new_table_index"] - skip_n = output[0]["skip_n_vectors"] - match_n = output[0]["match_n_vectors"] - logger.trace('Classify table with table_index {} created on node {}' - .format(table_index, node['host'])) + if direction == "src": + mask = Classify._build_mac_mask(src_mac=mac) + elif direction == "dst": + mask = Classify._build_mac_mask(dst_mac=mac) else: - raise RuntimeError('Unable to create classify table on node {}' - .format(node['host'])) + raise ValueError("Direction {dir} is not supported.". + format(dir=direction)) - return table_index, skip_n, match_n + return Classify._classify_add_del_table( + node, + is_add=1, + mask=binascii.unhexlify(mask), + match_n_vectors=(len(mask) - 1) // 32 + 1 + ) @staticmethod def vpp_creates_classify_table_hex(node, hex_mask): @@ -100,150 +484,114 @@ class Classify(object): skip_n: Number of skip vectors. match_n: Number of match vectors. :rtype: tuple(int, int, int) - :raises RuntimeError: If VPP can't create table. """ - output = VatExecutor.cmd_from_template(node, - "classify_add_table_hex.vat", - hex_mask=hex_mask) - - if output[0]["retval"] == 0: - table_index = output[0]["new_table_index"] - skip_n = output[0]["skip_n_vectors"] - match_n = output[0]["match_n_vectors"] - logger.trace('Classify table with table_index {} created on node {}' - .format(table_index, node['host'])) - else: - raise RuntimeError('Unable to create classify table on node {}' - .format(node['host'])) - - return table_index, skip_n, match_n + return Classify._classify_add_del_table( + node, + is_add=1, + mask=binascii.unhexlify(hex_mask), + match_n_vectors=(len(hex_mask) - 1) // 32 + 1 + ) @staticmethod def vpp_configures_classify_session_l3(node, acl_method, table_index, - skip_n, match_n, ip_version, - direction, address): + ip_version, direction, address): """Configuration of classify session for IP address filtering. :param node: VPP node to setup classify session. :param acl_method: ACL method - deny/permit. :param table_index: Classify table index. - :param skip_n: Number of skip vectors based on mask. - :param match_n: Number of match vectors based on mask. :param ip_version: Version of IP protocol. :param direction: Direction of traffic - src/dst. :param address: IPv4 or IPv6 address. :type node: dict :type acl_method: str :type table_index: int - :type skip_n: int - :type match_n: int :type ip_version: str :type direction: str :type address: str + :raises ValueError: If the parameter 'direction' has incorrect value. """ - with VatTerminal(node) as vat: - vat.vat_terminal_exec_cmd_from_template("classify_add_session.vat", - acl_method=acl_method, - table_index=table_index, - skip_n=skip_n, - match_n=match_n, - ip_version=ip_version, - direction=direction, - address=address) + match_f = dict( + ip4=Classify._build_ip_match, + ip6=Classify._build_ip6_match + ) + if direction == "src": + match = match_f[ip_version](src_ip=address) + elif direction == "dst": + match = match_f[ip_version](dst_ip=address) + else: + raise ValueError("Direction {dir} is not supported.". + format(dir=direction)) + action = dict( + permit=0, + deny=1 + ) + Classify._classify_add_del_session( + node, + is_add=1, + table_index=table_index, + match=binascii.unhexlify(match), + action=action[acl_method]) @staticmethod def vpp_configures_classify_session_l2(node, acl_method, table_index, - skip_n, match_n, direction, address): + direction, address): """Configuration of classify session for MAC address filtering. :param node: VPP node to setup classify session. :param acl_method: ACL method - deny/permit. :param table_index: Classify table index. - :param skip_n: Number of skip vectors based on mask. - :param match_n: Number of match vectors based on mask. :param direction: Direction of traffic - src/dst. - :param address: IPv4 or IPv6 address. + :param address: MAC address. :type node: dict :type acl_method: str :type table_index: int - :type skip_n: int - :type match_n: int :type direction: str :type address: str + :raises ValueError: If the parameter 'direction' has incorrect value. """ - with VatTerminal(node) as vat: - vat.vat_terminal_exec_cmd_from_template( - "classify_add_session_l2.vat", - acl_method=acl_method, - table_index=table_index, - skip_n=skip_n, - match_n=match_n, - direction=direction, - address=address) + if direction == "src": + match = Classify._build_mac_match(src_mac=address) + elif direction == "dst": + match = Classify._build_mac_match(dst_mac=address) + else: + raise ValueError("Direction {dir} is not supported.". + format(dir=direction)) + action = dict( + permit=0, + deny=1 + ) + Classify._classify_add_del_session( + node, + is_add=1, + table_index=table_index, + match=binascii.unhexlify(match), + action=action[acl_method]) @staticmethod def vpp_configures_classify_session_hex(node, acl_method, table_index, - skip_n, match_n, hex_value): + hex_value): """Configuration of classify session with hex value. :param node: VPP node to setup classify session. :param acl_method: ACL method - deny/permit. :param table_index: Classify table index. - :param skip_n: Number of skip vectors based on mask. - :param match_n: Number of match vectors based on mask. :param hex_value: Classify hex value. :type node: dict :type acl_method: str :type table_index: int - :type skip_n: int - :type match_n: int :type hex_value: str """ - with VatTerminal(node) as vat: - vat.vat_terminal_exec_cmd_from_template( - "classify_add_session_hex.vat", - acl_method=acl_method, - table_index=table_index, - skip_n=skip_n, - match_n=match_n, - hex_value=hex_value) - - @staticmethod - def vpp_configures_classify_session_generic(node, session_type, table_index, - skip_n, match_n, match, - match2=''): - """Configuration of classify session. - - :param node: VPP node to setup classify session. - :param session_type: Session type - hit-next, l2-hit-next, acl-hit-next - or policer-hit-next, and their respective parameters. - :param table_index: Classify table index. - :param skip_n: Number of skip vectors based on mask. - :param match_n: Number of match vectors based on mask. - :param match: Match value - l2, l3, l4 or hex, and their - respective parameters. - :param match2: Additional match values, to avoid using overly long - variables in RobotFramework. - :type node: dict - :type session_type: str - :type table_index: int - :type skip_n: int - :type match_n: int - :type match: str - :type match2: str - """ - - match = ' '.join((match, match2)) - - with VatTerminal(node) as vat: - vat.vat_terminal_exec_cmd_from_template( - "classify_add_session_generic.vat", - type=session_type, - table_index=table_index, - skip_n=skip_n, - match_n=match_n, - match=match, - ) + action = dict( + permit=0, + deny=1 + ) + Classify._classify_add_del_session( + node, + is_add=1, + table_index=table_index, + match=binascii.unhexlify(hex_value), + action=action[acl_method]) @staticmethod def compute_classify_hex_mask(ip_version, protocol, direction): @@ -259,9 +607,9 @@ class Classify(object): :rtype: str :raises ValueError: If protocol is not TCP or UDP. :raises ValueError: If direction is not source or destination or - source + destination. + source + destination. """ - if protocol == 'TCP' or protocol == 'UDP': + if protocol in ('TCP', 'UDP'): base_mask = Classify._compute_base_mask(ip_version) if direction == 'source': @@ -333,66 +681,57 @@ class Classify(object): :returns: Classify table settings. :rtype: dict """ - with VatTerminal(node) as vat: - data = vat.vat_terminal_exec_cmd_from_template( - "classify_table_info.vat", - table_id=table_index - ) - return data[0] + cmd = 'classify_table_info' + err_msg = "Failed to get 'classify_table_info' on host {host}".format( + host=node['host']) + args = dict( + table_id=int(table_index) + ) + with PapiExecutor(node) as papi_exec: + data = papi_exec.add(cmd, **args).get_replies(err_msg).\ + verify_reply(err_msg=err_msg) + + return data @staticmethod - def get_classify_session_data(node, table_index, session_index=None): - """Retrieve settings for all classify sessions in a table, - or for a specific classify session. + def get_classify_session_data(node, table_index): + """Retrieve settings for all classify sessions in a table. :param node: VPP node to retrieve classify data from. :param table_index: Index of a classify table. - :param session_index: Index of a specific classify session. (Optional) :type node: dict :type table_index: int - :type session_index: int - :returns: List of classify session settings, or a dictionary of settings - for a specific classify session. + :returns: List of classify session settings. :rtype: list or dict """ - with VatTerminal(node) as vat: - data = vat.vat_terminal_exec_cmd_from_template( - "classify_session_dump.vat", - table_id=table_index - ) - if session_index is not None: - return data[0][session_index] - return data[0] + args = dict( + table_id=int(table_index) + ) + with PapiExecutor(node) as papi_exec: + dump = papi_exec.add("classify_session_dump", **args).\ + get_dump().reply[0]["api_reply"]["classify_session_details"] + + return dump @staticmethod def vpp_log_plugin_acl_settings(node): - """Retrieve configured settings from the ACL plugin - and write to robot log. + """Retrieve configured settings from the ACL plugin and write to robot + log. :param node: VPP node. :type node: dict """ - try: - VatExecutor.cmd_from_template( - node, "acl_plugin/acl_dump.vat") - except (ValueError, RuntimeError): - # Fails to parse JSON data in response, but it is still logged - pass + PapiExecutor.dump_and_log(node, ["acl_dump", ]) @staticmethod def vpp_log_plugin_acl_interface_assignment(node): - """Retrieve interface assignment from the ACL plugin - and write to robot log. + """Retrieve interface assignment from the ACL plugin and write to robot + log. :param node: VPP node. :type node: dict """ - try: - VatExecutor.cmd_from_template( - node, "acl_plugin/acl_interface_dump.vat", json_out=False) - except RuntimeError: - # Fails to parse response, but it is still logged - pass + PapiExecutor.dump_and_log(node, ["acl_interface_list_dump", ]) @staticmethod def set_acl_list_for_interface(node, interface, acl_type, acl_idx=None): @@ -407,83 +746,18 @@ class Classify(object): :type interface: str or int :type acl_type: str :type acl_idx: list - :raises RuntimeError: If unable to set ACL list for the interface. """ if isinstance(interface, basestring): sw_if_index = Topology.get_interface_sw_index(node, interface) else: - sw_if_index = interface - - acl_list = acl_type + ' ' + ' '.join(str(idx) for idx in acl_idx) \ - if acl_idx else acl_type - - try: - with VatTerminal(node, json_param=False) as vat: - vat.vat_terminal_exec_cmd_from_template( - "acl_plugin/acl_interface_set_acl_list.vat", - interface=sw_if_index, acl_list=acl_list) - except RuntimeError: - raise RuntimeError("Setting of ACL list for interface {0} failed " - "on node {1}".format(interface, node['host'])) - - @staticmethod - def add_replace_acl(node, acl_idx=None, ip_ver="ipv4", action="permit", - src=None, dst=None, sport=None, dport=None, proto=None, - tcpflg_val=None, tcpflg_mask=None): - """Add a new ACL or replace the existing one. To replace an existing - ACL, pass the ID of this ACL. - - :param node: VPP node to set ACL on. - :param acl_idx: ID of ACL. (Optional) - :param ip_ver: IP version. (Optional) - :param action: ACL action. (Optional) - :param src: Source IP in format IP/plen. (Optional) - :param dst: Destination IP in format IP/plen. (Optional) - :param sport: Source port or ICMP4/6 type - range format X-Y allowed. - (Optional) - :param dport: Destination port or ICMP4/6 code - range format X-Y - allowed. (Optional) - :param proto: L4 protocol (http://www.iana.org/assignments/protocol- - numbers/protocol-numbers.xhtml). (Optional) - :param tcpflg_val: TCP flags value. (Optional) - :param tcpflg_mask: TCP flags mask. (Optional) - :type node: dict - :type acl_idx: int - :type ip_ver: str - :type action: str - :type src: str - :type dst: str - :type sport: str or int - :type dport: str or int - :type proto: int - :type tcpflg_val: int - :type tcpflg_mask: int - :raises RuntimeError: If unable to add or replace ACL. - """ - acl_idx = '{0}'.format(acl_idx) if acl_idx else '' - - src = 'src {0}'.format(src) if src else '' - - dst = 'dst {0}'.format(dst) if dst else '' + sw_if_index = int(interface) - sport = 'sport {0}'.format(sport) if sport else '' + acls = acl_idx if isinstance(acl_idx, list) else list() - dport = 'dport {0}'.format(dport) if dport else '' - - proto = 'proto {0}'.format(proto) if proto else '' - - tcpflags = 'tcpflags {0} {1}'.format(tcpflg_val, tcpflg_mask) \ - if tcpflg_val and tcpflg_mask else '' - - try: - with VatTerminal(node, json_param=False) as vat: - vat.vat_terminal_exec_cmd_from_template( - "acl_plugin/acl_add_replace.vat", acl_idx=acl_idx, - ip_ver=ip_ver, action=action, src=src, dst=dst, sport=sport, - dport=dport, proto=proto, tcpflags=tcpflags) - except RuntimeError: - raise RuntimeError("Adding or replacing of ACL failed on " - "node {0}".format(node['host'])) + Classify._acl_interface_set_acl_list(node=node, + sw_if_index=sw_if_index, + acl_type=acl_type, + acls=acls) @staticmethod def add_replace_acl_multi_entries(node, acl_idx=None, rules=None): @@ -496,149 +770,99 @@ class Classify(object): :type node: dict :type acl_idx: int :type rules: str - :raises RuntimeError: If unable to add or replace ACL. """ - acl_idx = '{0}'.format(acl_idx) if acl_idx else '' - - rules = '{0}'.format(rules) if rules else '' - - try: - with VatTerminal(node, json_param=False) as vat: - vat.vat_terminal_exec_cmd_from_template( - "acl_plugin/acl_add_replace.vat", acl_idx=acl_idx, - ip_ver=rules, action='', src='', dst='', sport='', - dport='', proto='', tcpflags='') - except RuntimeError: - raise RuntimeError("Adding or replacing of ACL failed on " - "node {0}".format(node['host'])) + reg_ex_src_ip = re.compile(r'(src [0-9a-fA-F.:/\d{1,2}]*)') + reg_ex_dst_ip = re.compile(r'(dst [0-9a-fA-F.:/\d{1,2}]*)') + reg_ex_sport = re.compile(r'(sport \d{1,5})') + reg_ex_dport = re.compile(r'(dport \d{1,5})') + + acl_rules = list() + for rule in rules.split(", "): + acl_rule = dict() + acl_rule["is_permit"] = 1 if "permit" in rule else 0 + acl_rule["is_ipv6"] = 1 if "ipv6" in rule else 0 + + groups = re.search(reg_ex_src_ip, rule) + if groups: + grp = groups.group(1).split(' ')[1].split('/') + acl_rule["src_ip_addr"] = str(inet_pton( + AF_INET6 if acl_rule["is_ipv6"] else AF_INET, grp[0])) + acl_rule["src_ip_prefix_len"] = int(grp[1]) + + groups = re.search(reg_ex_dst_ip, rule) + if groups: + grp = groups.group(1).split(' ')[1].split('/') + acl_rule["dst_ip_addr"] = str(inet_pton( + AF_INET6 if acl_rule["is_ipv6"] else AF_INET, grp[0])) + acl_rule["dst_ip_prefix_len"] = int(grp[1]) + + groups = re.search(reg_ex_sport, rule) + if groups: + port = int(groups.group(1).split(' ')[1]) + acl_rule["srcport_or_icmptype_first"] = port + acl_rule["srcport_or_icmptype_last"] = port + + groups = re.search(reg_ex_dport, rule) + if groups: + port = int(groups.group(1).split(' ')[1]) + acl_rule["dstport_or_icmpcode_first"] = port + acl_rule["dstport_or_icmpcode_last"] = port + + acl_rule["proto"] = 0 + + acl_rules.append(acl_rule) + + Classify._acl_add_replace(node, acl_idx=acl_idx, rules=acl_rules) @staticmethod - def delete_acl(node, idx): - """Delete required ACL. - - :param node: VPP node to delete ACL on. - :param idx: Index of ACL to be deleted. - :type node: dict - :type idx: int or str - :raises RuntimeError: If unable to delete ACL. - """ - try: - with VatTerminal(node, json_param=False) as vat: - vat.vat_terminal_exec_cmd_from_template( - "acl_plugin/acl_delete.vat", idx=idx) - except RuntimeError: - raise RuntimeError("Deletion of ACL failed on node {0}". - format(node['host'])) - - @staticmethod - def cli_show_acl(node, acl_idx=None): - """Show ACLs. - - :param node: VPP node to show ACL on. - :param acl_idx: Index of ACL to be shown. - :type node: dict - :type acl_idx: int or str - :raises RuntimeError: If unable to delete ACL. - """ - acl_idx = '{0}'.format(acl_idx) if acl_idx else '' - - try: - with VatTerminal(node, json_param=False) as vat: - vat.vat_terminal_exec_cmd_from_template( - "acl_plugin/show_acl.vat", idx=acl_idx) - except RuntimeError: - raise RuntimeError("Failed to show ACL on node {0}". - format(node['host'])) - - @staticmethod - def add_macip_acl(node, ip_ver="ipv4", action="permit", src_ip=None, - src_mac=None, src_mac_mask=None): + def add_macip_acl_multi_entries(node, rules=""): """Add a new MACIP ACL. :param node: VPP node to set MACIP ACL on. - :param ip_ver: IP version. (Optional) - :param action: ACL action. (Optional) - :param src_ip: Source IP in format IP/plen. (Optional) - :param src_mac: Source MAC address in format with colons. (Optional) - :param src_mac_mask: Source MAC address mask in format with colons. - 00:00:00:00:00:00 is a wildcard mask. (Optional) + :param rules: Required MACIP rules. :type node: dict - :type ip_ver: str - :type action: str - :type src_ip: str - :type src_mac: str - :type src_mac_mask: str - :raises RuntimeError: If unable to add MACIP ACL. + :type rules: str """ - src_ip = 'ip {0}'.format(src_ip) if src_ip else '' - - src_mac = 'mac {0}'.format(src_mac) if src_mac else '' + reg_ex_ip = re.compile(r'(ip [0-9a-fA-F.:/\d{1,2}]*)') + reg_ex_mac = re.compile(r'(mac \S\S:\S\S:\S\S:\S\S:\S\S:\S\S)') + reg_ex_mask = re.compile(r'(mask \S\S:\S\S:\S\S:\S\S:\S\S:\S\S)') - src_mac_mask = 'mask {0}'.format(src_mac_mask) if src_mac_mask else '' + acl_rules = list() + for rule in rules.split(", "): + acl_rule = dict() + acl_rule["is_permit"] = 1 if "permit" in rule else 0 + acl_rule["is_ipv6"] = 1 if "ipv6" in rule else 0 - try: - with VatTerminal(node, json_param=False) as vat: - vat.vat_terminal_exec_cmd_from_template( - "acl_plugin/macip_acl_add.vat", ip_ver=ip_ver, - action=action, src_ip=src_ip, src_mac=src_mac, - src_mac_mask=src_mac_mask) - except RuntimeError: - raise RuntimeError("Adding of MACIP ACL failed on node {0}". - format(node['host'])) - - @staticmethod - def add_macip_acl_multi_entries(node, rules=None): - """Add a new MACIP ACL. + groups = re.search(reg_ex_mac, rule) + if groups: + mac = groups.group(1).split(' ')[1].replace(':', '') + acl_rule["src_mac"] = unicode(mac) - :param node: VPP node to set MACIP ACL on. - :param rules: Required MACIP rules. (Optional) - :type node: dict - :type rules: str - :raises RuntimeError: If unable to add MACIP ACL. - """ - rules = '{0}'.format(rules) if rules else '' + groups = re.search(reg_ex_mask, rule) + if groups: + mask = groups.group(1).split(' ')[1].replace(':', '') + acl_rule["src_mac_mask"] = unicode(mask) - try: - with VatTerminal(node, json_param=False) as vat: - vat.vat_terminal_exec_cmd_from_template( - "acl_plugin/macip_acl_add.vat", ip_ver=rules, action='', - src_ip='', src_mac='', src_mac_mask='') - except RuntimeError: - raise RuntimeError("Adding of MACIP ACL failed on node {0}". - format(node['host'])) + groups = re.search(reg_ex_ip, rule) + if groups: + grp = groups.group(1).split(' ')[1].split('/') + acl_rule["src_ip_addr"] = str(inet_pton( + AF_INET6 if acl_rule["is_ipv6"] else AF_INET, grp[0])) + acl_rule["src_ip_prefix_len"] = int(grp[1]) - @staticmethod - def delete_macip_acl(node, idx): - """Delete required MACIP ACL. + acl_rules.append(acl_rule) - :param node: VPP node to delete MACIP ACL on. - :param idx: Index of ACL to be deleted. - :type node: dict - :type idx: int or str - :raises RuntimeError: If unable to delete MACIP ACL. - """ - try: - with VatTerminal(node, json_param=False) as vat: - vat.vat_terminal_exec_cmd_from_template( - "acl_plugin/macip_acl_delete.vat", idx=idx) - except RuntimeError: - raise RuntimeError("Deletion of MACIP ACL failed on node {0}". - format(node['host'])) + Classify._macip_acl_add(node=node, rules=acl_rules) @staticmethod def vpp_log_macip_acl_settings(node): - """Retrieve configured MACIP settings from the ACL plugin - and write to robot log. + """Retrieve configured MACIP settings from the ACL plugin and write to + robot log. :param node: VPP node. :type node: dict """ - try: - VatExecutor.cmd_from_template( - node, "acl_plugin/macip_acl_dump.vat") - except (ValueError, RuntimeError): - # Fails to parse JSON data in response, but it is still logged - pass + PapiExecutor.dump_and_log(node, ["macip_acl_dump", ]) @staticmethod def add_del_macip_acl_interface(node, interface, action, acl_idx): @@ -659,15 +883,19 @@ class Classify(object): else: sw_if_index = interface - try: - with VatTerminal(node, json_param=False) as vat: - vat.vat_terminal_exec_cmd_from_template( - "acl_plugin/macip_acl_interface_add_del.vat", - sw_if_index=sw_if_index, action=action, acl_idx=acl_idx) - except RuntimeError: - raise RuntimeError("Setting of MACIP ACL index for interface {0} " - "failed on node {1}". - format(interface, node['host'])) + is_add = 1 if action == "add" else 0 + + cmd = 'macip_acl_interface_add_del' + err_msg = "Failed to get 'macip_acl_interface' on host {host}".format( + host=node['host']) + args = dict( + is_add=is_add, + sw_if_index=int(sw_if_index), + acl_index=int(acl_idx) + ) + with PapiExecutor(node) as papi_exec: + papi_exec.add(cmd, **args).get_replies(err_msg).\ + verify_reply(err_msg=err_msg) @staticmethod def vpp_log_macip_acl_interface_assignment(node): @@ -676,9 +904,9 @@ class Classify(object): :param node: VPP node. :type node: dict """ - try: - VatExecutor.cmd_from_template( - node, "acl_plugin/macip_acl_interface_get.vat", json_out=False) - except RuntimeError: - # Fails to parse response, but it is still logged - pass + cmd = 'macip_acl_interface_get' + err_msg = "Failed to get 'macip_acl_interface' on host {host}".format( + host=node['host']) + with PapiExecutor(node) as papi_exec: + rpl = papi_exec.add(cmd).get_replies(err_msg).reply[0]["api_reply"] + logger.info(rpl["macip_acl_interface_get_reply"]) diff --git a/resources/libraries/robot/honeycomb/access_control_lists.robot b/resources/libraries/robot/honeycomb/access_control_lists.robot index e30b48e733..57016f9a1a 100644 --- a/resources/libraries/robot/honeycomb/access_control_lists.robot +++ b/resources/libraries/robot/honeycomb/access_control_lists.robot @@ -136,7 +136,7 @@ | | ... | | ... | *Example:* | | ... -| | ... | \| ACL session from VAT should be \| ${nodes['DUT1']} \ +| | ... | \| ACL session from PAPI should be \| ${nodes['DUT1']} \ | | ... | \| ${0} \| ${settings} \| | | [Arguments] | ${node} | ${table_index} | ${settings} | | ${data}= | Get classify table data | ${node} | ${table_index} @@ -192,23 +192,21 @@ | | ... | ${node} | ${table_name} | ${settings['match']} | | Compare data structures | ${data} | ${settings} -| ACL session from VAT should be -| | [Documentation] | Retrieves ACL session information from VAT\ +| ACL session from PAPI should be +| | [Documentation] | Retrieves ACL session information from PAPI\ | | ... | and compares with expected settings. | | ... | | ... | *Arguments:* | | ... | - node - information about a DUT node. Type: dictionary | | ... | - table_index - VPP internal index of an ACL table. Type: integer -| | ... | - session_index - VPP internal index of an ACL session. Type: integer | | ... | - settings - expected ACL session settings. Type: dictionary | | ... | | ... | *Example:* | | ... -| | ... | \| ACL session from VAT should be \| ${nodes['DUT1']} \ -| | ... | \| ${0} \| ${0} \| ${settings} \| +| | ... | \| ACL session from PAPI should be \| ${nodes['DUT1']} \ +| | ... | \| ${0} \| ${settings} \| | | [Arguments] | ${node} | ${table_index} | ${session_index} | ${settings} -| | ${data}= | Get classify session data -| | ... | ${node} | ${table_index} | ${session_index} +| | ${data}= | Get classify session data | ${node} | ${table_index} | | Compare data structures | ${data} | ${settings} | ACL session from Honeycomb should not exist @@ -229,8 +227,8 @@ | | ... | Get classify session oper data | | ... | ${node} | ${table_name} | ${session_match} -| ACL session from VAT should not exist -| | [Documentation] | Retrieves ACL session information from VAT\ +| ACL session from PAPI should not exist +| | [Documentation] | Retrieves ACL session information from PAPI\ | | ... | and compares with expected settings. | | ... | | ... | *Arguments:* @@ -240,19 +238,17 @@ | | ... | | ... | *Example:* | | ... -| | ... | \| ACL session from VAT should not exist \| ${nodes['DUT1']} \ -| | ... | \| ${0} \| ${0} \| -| | [Arguments] | ${node} | ${table_index} | ${session_index} +| | ... | \| ACL session from PAPI should not exist \| ${nodes['DUT1']} \ +| | ... | \| ${0} \| +| | [Arguments] | ${node} | ${table_index} | | Run keyword if | ${session_index} == 0 | | ... | Run keyword and expect error | | ... | ValueError: No JSON object could be decoded -| | ... | Get classify session data -| | ... | ${node} | ${table_index} | ${session_index} +| | ... | Get classify session data | ${node} | ${table_index} | | Run keyword if | ${session_index} > 0 | | ... | Run keyword and expect error | | ... | IndexError: list index out of range -| | ... | Get classify session data -| | ... | ${node} | ${table_index} | ${session_index} +| | ... | Get classify session data | ${node} | ${table_index} | Interface ACL configuration from Honeycomb should be | | [Documentation] | Retrieves ACL interface settings from Honeycomb\ diff --git a/resources/libraries/robot/performance/performance_configuration.robot b/resources/libraries/robot/performance/performance_configuration.robot index 32320788f3..2fb82ab47e 100644 --- a/resources/libraries/robot/performance/performance_configuration.robot +++ b/resources/libraries/robot/performance/performance_configuration.robot @@ -784,15 +784,13 @@ | | ${table_idx} | ${skip_n} | ${match_n}= | And Vpp Creates Classify Table L3 | | ... | ${dut1} | ip6 | dst | | And Vpp Configures Classify Session L3 -| | ... | ${dut1} | permit | ${table_idx} | ${skip_n} | ${match_n} -| | ... | ip6 | dst | 2001:2::2 +| | ... | ${dut1} | permit | ${table_idx} | ip6 | dst | 2001:2::2 | | And Vpp Enable Input Acl Interface | | ... | ${dut1} | ${dut1_if1} | ip6 | ${table_idx} | | ${table_idx} | ${skip_n} | ${match_n}= | And Vpp Creates Classify Table L3 | | ... | ${dut2} | ip6 | dst | | And Vpp Configures Classify Session L3 -| | ... | ${dut2} | permit | ${table_idx} | ${skip_n} | ${match_n} -| | ... | ip6 | dst | 2001:1::2 +| | ... | ${dut2} | permit | ${table_idx} | ip6 | dst | 2001:1::2 | | And Vpp Enable Input Acl Interface | | ... | ${dut2} | ${dut2_if2} | ip6 | ${table_idx} diff --git a/resources/templates/vat/acl_plugin/acl_add_replace.vat b/resources/templates/vat/acl_plugin/acl_add_replace.vat deleted file mode 100644 index b00cf874b6..0000000000 --- a/resources/templates/vat/acl_plugin/acl_add_replace.vat +++ /dev/null @@ -1 +0,0 @@ -acl_add_replace {acl_idx} {ip_ver} {action} {src} {dst} {sport} {dport} {proto} {tcpflags} diff --git a/resources/templates/vat/acl_plugin/acl_delete.vat b/resources/templates/vat/acl_plugin/acl_delete.vat deleted file mode 100644 index a353eda424..0000000000 --- a/resources/templates/vat/acl_plugin/acl_delete.vat +++ /dev/null @@ -1 +0,0 @@ -acl_del {idx} diff --git a/resources/templates/vat/acl_plugin/acl_dump.vat b/resources/templates/vat/acl_plugin/acl_dump.vat deleted file mode 100644 index f24fc99005..0000000000 --- a/resources/templates/vat/acl_plugin/acl_dump.vat +++ /dev/null @@ -1 +0,0 @@ -acl_dump \ No newline at end of file diff --git a/resources/templates/vat/acl_plugin/acl_interface_dump.vat b/resources/templates/vat/acl_plugin/acl_interface_dump.vat deleted file mode 100644 index 83da2e86dd..0000000000 --- a/resources/templates/vat/acl_plugin/acl_interface_dump.vat +++ /dev/null @@ -1 +0,0 @@ -acl_interface_list_dump \ No newline at end of file diff --git a/resources/templates/vat/acl_plugin/acl_interface_set_acl_list.vat b/resources/templates/vat/acl_plugin/acl_interface_set_acl_list.vat deleted file mode 100644 index cff21ff8c9..0000000000 --- a/resources/templates/vat/acl_plugin/acl_interface_set_acl_list.vat +++ /dev/null @@ -1 +0,0 @@ -acl_interface_set_acl_list sw_if_index {interface} {acl_list} diff --git a/resources/templates/vat/acl_plugin/macip_acl_add.vat b/resources/templates/vat/acl_plugin/macip_acl_add.vat deleted file mode 100644 index 25677ce13a..0000000000 --- a/resources/templates/vat/acl_plugin/macip_acl_add.vat +++ /dev/null @@ -1 +0,0 @@ -macip_acl_add {ip_ver} {action} {src_ip} {src_mac} {src_mac_mask} diff --git a/resources/templates/vat/acl_plugin/macip_acl_delete.vat b/resources/templates/vat/acl_plugin/macip_acl_delete.vat deleted file mode 100644 index b26214f04c..0000000000 --- a/resources/templates/vat/acl_plugin/macip_acl_delete.vat +++ /dev/null @@ -1 +0,0 @@ -macip_acl_del {idx} diff --git a/resources/templates/vat/acl_plugin/macip_acl_interface_add_del.vat b/resources/templates/vat/acl_plugin/macip_acl_interface_add_del.vat deleted file mode 100644 index ffd0cdeb99..0000000000 --- a/resources/templates/vat/acl_plugin/macip_acl_interface_add_del.vat +++ /dev/null @@ -1 +0,0 @@ -macip_acl_interface_add_del sw_if_index {sw_if_index} {action} acl {acl_idx} \ No newline at end of file diff --git a/resources/templates/vat/acl_plugin/macip_acl_interface_get.vat b/resources/templates/vat/acl_plugin/macip_acl_interface_get.vat deleted file mode 100644 index 4ccbb79cb5..0000000000 --- a/resources/templates/vat/acl_plugin/macip_acl_interface_get.vat +++ /dev/null @@ -1 +0,0 @@ -macip_acl_interface_get \ No newline at end of file diff --git a/resources/templates/vat/acl_plugin/show_acl.vat b/resources/templates/vat/acl_plugin/show_acl.vat deleted file mode 100644 index e96c2aa926..0000000000 --- a/resources/templates/vat/acl_plugin/show_acl.vat +++ /dev/null @@ -1 +0,0 @@ -exec show acl-plugin {idx} \ No newline at end of file diff --git a/resources/templates/vat/classify_add_session.vat b/resources/templates/vat/classify_add_session.vat deleted file mode 100644 index e68b46f965..0000000000 --- a/resources/templates/vat/classify_add_session.vat +++ /dev/null @@ -1 +0,0 @@ -classify_add_del_session acl-hit-next {acl_method} table-index {table_index} skip_n {skip_n} match_n {match_n} match l3 {ip_version} {direction} {address} \ No newline at end of file diff --git a/resources/templates/vat/classify_add_session_generic.vat b/resources/templates/vat/classify_add_session_generic.vat deleted file mode 100644 index b100629c4e..0000000000 --- a/resources/templates/vat/classify_add_session_generic.vat +++ /dev/null @@ -1 +0,0 @@ -classify_add_del_session {type} table-index {table_index} skip_n {skip_n} match_n {match_n} match {match} \ No newline at end of file diff --git a/resources/templates/vat/classify_add_session_hex.vat b/resources/templates/vat/classify_add_session_hex.vat deleted file mode 100644 index c9c072927c..0000000000 --- a/resources/templates/vat/classify_add_session_hex.vat +++ /dev/null @@ -1 +0,0 @@ -classify_add_del_session acl-hit-next {acl_method} table-index {table_index} skip_n {skip_n} match_n {match_n} match hex {hex_value} \ No newline at end of file diff --git a/resources/templates/vat/classify_add_session_l2.vat b/resources/templates/vat/classify_add_session_l2.vat deleted file mode 100644 index 7aa6660d6d..0000000000 --- a/resources/templates/vat/classify_add_session_l2.vat +++ /dev/null @@ -1 +0,0 @@ -classify_add_del_session acl-hit-next {acl_method} table-index {table_index} skip_n {skip_n} match_n {match_n} match l2 {direction} {address} \ No newline at end of file diff --git a/resources/templates/vat/classify_add_table_hex.vat b/resources/templates/vat/classify_add_table_hex.vat deleted file mode 100644 index 8d5365585d..0000000000 --- a/resources/templates/vat/classify_add_table_hex.vat +++ /dev/null @@ -1 +0,0 @@ -classify_add_del_table mask hex {hex_mask} \ No newline at end of file diff --git a/resources/templates/vat/classify_add_table_l2.vat b/resources/templates/vat/classify_add_table_l2.vat deleted file mode 100644 index 8851613141..0000000000 --- a/resources/templates/vat/classify_add_table_l2.vat +++ /dev/null @@ -1 +0,0 @@ -classify_add_del_table mask l2 {direction} \ No newline at end of file diff --git a/resources/templates/vat/classify_interface_table.vat b/resources/templates/vat/classify_interface_table.vat deleted file mode 100644 index f12af78e1c..0000000000 --- a/resources/templates/vat/classify_interface_table.vat +++ /dev/null @@ -1 +0,0 @@ -classify_table_by_interface sw_if_index {sw_if_index} \ No newline at end of file diff --git a/resources/templates/vat/classify_session_dump.vat b/resources/templates/vat/classify_session_dump.vat deleted file mode 100644 index f76ecbbb4b..0000000000 --- a/resources/templates/vat/classify_session_dump.vat +++ /dev/null @@ -1 +0,0 @@ -classify_session_dump table_id {table_id} \ No newline at end of file diff --git a/resources/templates/vat/classify_table_info.vat b/resources/templates/vat/classify_table_info.vat deleted file mode 100644 index 2e8fe5ae72..0000000000 --- a/resources/templates/vat/classify_table_info.vat +++ /dev/null @@ -1 +0,0 @@ -classify_table_info table_id {table_id} \ No newline at end of file diff --git a/resources/templates/vat/clear_trace.vat b/resources/templates/vat/clear_trace.vat deleted file mode 100644 index 66f2dfb165..0000000000 --- a/resources/templates/vat/clear_trace.vat +++ /dev/null @@ -1 +0,0 @@ -exec clear trace diff --git a/resources/templates/vat/show_trace.vat b/resources/templates/vat/show_trace.vat deleted file mode 100644 index 453315c1d5..0000000000 --- a/resources/templates/vat/show_trace.vat +++ /dev/null @@ -1 +0,0 @@ -exec show trace {maximum} diff --git a/tests/honeycomb/func/mgmt-cfg-acl-apihc-apivat-func.robot b/tests/honeycomb/func/mgmt-cfg-acl-apihc-apivat-func.robot index 3f209e3562..86e8788044 100644 --- a/tests/honeycomb/func/mgmt-cfg-acl-apihc-apivat-func.robot +++ b/tests/honeycomb/func/mgmt-cfg-acl-apihc-apivat-func.robot @@ -1,4 +1,4 @@ -# Copyright (c) 2017 Cisco and/or its affiliates. +# Copyright (c) 2019 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -81,22 +81,22 @@ | | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session} | | Then ACL session from Honeycomb should be | | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session} -| | And ACL session from VAT should be -| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session} +| | And ACL session from PAPI should be +| | ... | ${node} | ${table_index} | ${vat_acl_session} | TC05: Honeycomb can remove ACL session | | [Documentation] | Check if Honeycomb API can remove an ACL session. | | ... | | Given ACL session from Honeycomb should be | | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session} -| | And ACL session from VAT should be -| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session} +| | And ACL session from PAPI should be +| | ... | ${node} | ${table_index} | ${vat_acl_session} | | When Honeycomb removes ACL session | | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session['match']} | | Then ACL session from Honeycomb should not exist | | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session['match']} -| | And ACL session from VAT should not exist -| | ... | ${node} | ${table_index} | ${session_index} +| | And ACL session from PAPI should not exist +| | ... | ${node} | ${table_index} | TC06: Honeycomb manages more than one ACL session on one table | | [Documentation] | Check if Honeycomb API can add another ACL session\ @@ -104,20 +104,20 @@ | | ... | | Given ACL session from Honeycomb should not exist | | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session['match']} -| | And ACL session from VAT should not exist -| | ... | ${node} | ${table_index} | ${session_index} +| | And ACL session from PAPI should not exist +| | ... | ${node} | ${table_index} | | When Honeycomb adds ACL session | | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session} | | And Honeycomb adds ACL session | | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2} | | Then ACL session from Honeycomb should be | | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session} -| | And ACL session from VAT should be -| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session} +| | And ACL session from PAPI should be +| | ... | ${node} | ${table_index} | ${vat_acl_session} | | And ACL session from Honeycomb should be | | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2} -| | And ACL session from VAT should be -| | ... | ${node} | ${table_index} | ${session_index2} | ${vat_acl_session2} +| | And ACL session from PAPI should be +| | ... | ${node} | ${table_index} | ${vat_acl_session2} | TC07: Honeycomb enables ACL on interface | | [Documentation] | Check if Honeycomb API can enable ACL on an interface. @@ -127,8 +127,8 @@ | | ... | ${node} | ${table_index} | ${vat_acl_table} | | And ACL session from Honeycomb should be | | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session} -| | And ACL session from VAT should be -| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session} +| | And ACL session from PAPI should be +| | ... | ${node} | ${table_index} | ${vat_acl_session} | | When Honeycomb enables ACL on interface | | ... | ${node} | ${interface} | ${hc_acl_table['name']} | | Then Interface ACL configuration from Honeycomb should be diff --git a/tests/vpp/func/ip4/eth2p-ethip4-ip4base-iaclbase-func.robot b/tests/vpp/func/ip4/eth2p-ethip4-ip4base-iaclbase-func.robot index edc9480260..b8528f36d1 100644 --- a/tests/vpp/func/ip4/eth2p-ethip4-ip4base-iaclbase-func.robot +++ b/tests/vpp/func/ip4/eth2p-ethip4-ip4base-iaclbase-func.robot @@ -36,10 +36,10 @@ | ... | ingress ACL (iACL) tests use 3-node topology TG - DUT1 - DUT2 - TG with | ... | one link between the nodes. DUT1 and DUT2 are configured with IPv4 | ... | routing and static routes. DUT1 is configured with iACL on link to TG, -| ... | iACL classification and permit/deny action are configured on a per test +| ... | iACL classification and permit action are configured on a per test | ... | case basis. Test ICMPv4 Echo Request packets are sent in one direction | ... | by TG on link to DUT1 and received on TG link to DUT2. On receive TG -| ... | verifies if packets are dropped, or if received verifies packet IPv4 +| ... | verifies if packets are accepted, or if received verifies packet IPv4 | ... | src-addr, dst-addr and MAC addresses. *** Variables *** @@ -55,101 +55,10 @@ | ${l2_table}= | l2 *** Test Cases *** -| TC01: DUT with iACL IPv4 src-addr drops matching pkts -| | [Documentation] -| | ... | On DUT1 add source IPv4 address to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send packet and verify headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} -| | ... | ${ip_version} | src -| | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${ip_version} | src | ${test_src_ip} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then Packet transmission from port to port should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} - -| TC02: DUT with iACL IPv4 dst-addr drops matching pkts -| | [Documentation] -| | ... | On DUT1 add destination IPv4 address to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${non_drop_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} -| | ... | ${ip_version} | dst -| | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${ip_version} | dst | ${test_dst_ip} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then Packet transmission from port to port should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} - -| TC03: DUT with iACL IPv4 src-addr and dst-addr drops matching pkts +| TC01: DUT with iACL IPv4 src-addr and dst-addr accepts matching pkts | | [Documentation] | | ... | On DUT1 add source and destination IPv4 addresses to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. +| | ... | with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -178,20 +87,21 @@ | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | ${table_index_1} | ${skip_n_1} | ${match_n_1}= | | ... | When Vpp Creates Classify Table L3 | ${dut1_node} -| | ... | ${ip_version} | src +| | ... | ${ip_version} | src | ${test_src_ip} | | ${table_index_2} | ${skip_n_2} | ${match_n_2}= -| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} | dst +| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} +| | ... | dst | ${test_dst_ip} | | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_1} +| | ... | ${dut1_node} | permit | ${table_index_1} | | ... | ${ip_version} | src | ${test_src_ip} | | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} +| | ... | ${dut1_node} | permit | ${table_index_2} | | ... | ${ip_version} | dst | ${test_dst_ip} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index_1} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index_2} -| | Then Packet transmission from port to port should fail | ${tg_node} +| | Then Send packet and verify headers | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} @@ -200,172 +110,10 @@ | | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| TC04: DUT with iACL IPv4 protocol set to TCP drops matching pkts -| | [Documentation] -| | ... | On DUT1 add protocol mask and TCP protocol (0x06) to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex -| | ... | ${dut1_node} | 0000000000000000000000000000000000000000000000FF -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | 000000000000000000000000000000000000000000000006 -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 - -| TC05: DUT with iACL IPv4 protocol set to UDP drops matching pkts -| | [Documentation] -| | ... | On DUT1 add protocol mask and UDP protocol (0x11) to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex -| | ... | ${dut1_node} | 0000000000000000000000000000000000000000000000FF -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | 000000000000000000000000000000000000000000000011 -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 - -| TC06: DUT with iACL IPv4 TCP src-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add TCP source ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | source -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 20 - -| TC07: DUT with iACL IPv4 TCP dst-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add TCP destination ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 110 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | destination -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 110 - -| TC08: DUT with iACL IPv4 TCP src-ports and dst-ports drops matching pkts +| TC02: DUT with iACL IPv4 TCP src-ports and dst-ports accepts matching pkts | | [Documentation] | | ... | On DUT1 add TCP source and destination ports to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. +| | ... | with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -393,103 +141,20 @@ | | ${table_index} | ${skip_n} | ${match_n}= | | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} | | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} +| | ... | ${dut1_node} | permit | ${table_index} | ${hex_value} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} +| | Then Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 | | And Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 25 -| TC09: DUT with iACL IPv4 UDP src-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add UDP source ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | source -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 20 - -| TC10: DUT with iACL IPv4 UDP dst-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add TCP destination ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 110 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | destination -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 110 - -| TC11: DUT with iACL IPv4 UDP src-ports and dst-ports drops matching pkts +| TC03: DUT with iACL IPv4 UDP src-ports and dst-ports accepts matching pkts | | [Documentation] | | ... | On DUT1 add UDP source and destination ports to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. +| | ... | with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -517,11 +182,10 @@ | | ${table_index} | ${skip_n} | ${match_n}= | | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} | | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} +| | ... | ${dut1_node} | permit | ${table_index} | ${hex_value} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} +| | Then Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 | | And Send TCP or UDP packet and verify received packet | ${tg_node} diff --git a/tests/vpp/func/ip6/eth2p-ethip6-ip6base-iaclbase-func.robot b/tests/vpp/func/ip6/eth2p-ethip6-ip6base-iaclbase-func.robot index 74a92d26ed..ad0d322948 100644 --- a/tests/vpp/func/ip6/eth2p-ethip6-ip6base-iaclbase-func.robot +++ b/tests/vpp/func/ip6/eth2p-ethip6-ip6base-iaclbase-func.robot @@ -36,10 +36,10 @@ | ... | ingress ACL (iACL) tests use 3-node topology TG - DUT1 - DUT2 - TG with | ... | one link between the nodes. DUT1 and DUT2 are configured with IPv6 | ... | routing and static routes. DUT1 is configured with iACL on link to TG, -| ... | iACL classification and permit/deny action are configured on a per test +| ... | iACL classification and permit action are configured on a per test | ... | case basis. Test ICMPv6 Echo Request packets are sent in one direction | ... | by TG on link to DUT1 and received on TG link to DUT2. On receive TG -| ... | verifies if packets are dropped, or if received verifies packet IPv6 +| ... | verifies if packets are accepted, or if received verifies packet IPv6 | ... | src-addr, dst-addr and MAC addresses. *** Variables *** @@ -57,103 +57,10 @@ | ${l2_table}= | l2 *** Test Cases *** -| TC01: DUT with iACL IPv6 src-addr drops matching pkts -| | [Documentation] -| | ... | On DUT1 add source IPv6 address to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send packet and verify headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} -| | ... | ${ip_version} | src -| | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${ip_version} | src | ${test_src_ip} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then Packet transmission from port to port should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} - -| TC02: DUT with iACL IPv6 dst-addr drops matching pkts -| | [Documentation] -| | ... | On DUT1 add destination IPv6 address to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${non_drop_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} -| | ... | ${ip_version} | dst -| | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${ip_version} | dst | ${test_dst_ip} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then Packet transmission from port to port should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} - -| TC03: DUT with iACL IPv6 src-addr and dst-addr drops matching pkts +| TC01: DUT with iACL IPv6 src-addr and dst-addr accepts matching pkts | | [Documentation] | | ... | On DUT1 add source and destination IPv6 addresses to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. +| | ... | with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -183,20 +90,21 @@ | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | ${table_index_1} | ${skip_n_1} | ${match_n_1}= | | ... | When Vpp Creates Classify Table L3 | ${dut1_node} -| | ... | ${ip_version} | src +| | ... | ${ip_version} | src | ${test_src_ip} | | ${table_index_2} | ${skip_n_2} | ${match_n_2}= -| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} | dst +| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} +| | ... | dst | ${test_dst_ip} | | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_1} +| | ... | ${dut1_node} | permit | ${table_index_1} | | ... | ${ip_version} | src | ${test_src_ip} | | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} +| | ... | ${dut1_node} | permit | ${table_index_2} | | ... | ${ip_version} | dst | ${test_dst_ip} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index_1} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index_2} -| | Then Packet transmission from port to port should fail | ${tg_node} +| | Then Send packet and verify headers | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} @@ -205,183 +113,18 @@ | | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| TC04: DUT with iACL IPv6 protocol set to TCP drops matching pkts -| | [Documentation] -| | ... | On DUT1 add protocol mask and TCP protocol (0x06) to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex -| | ... | ${dut1_node} | 0000000000000000000000000000000000000000FF -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | 000000000000000000000000000000000000000006 -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 - -| TC05: DUT with iACL IPv6 protocol set to UDP drops matching pkts -| | [Documentation] -| | ... | On DUT1 add protocol mask and UDP protocol (0x11) to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex -| | ... | ${dut1_node} | 0000000000000000000000000000000000000000FF -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | 000000000000000000000000000000000000000011 -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 - -| TC06: DUT with iACL IPv6 TCP src-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add TCP source ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | source -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 20 - -| TC07: DUT with iACL IPv6 TCP dst-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add TCP destination ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 110 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | destination -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 110 - -| TC08: DUT with iACL IPv6 TCP src-ports and dst-ports drops matching pkts +| TC02: DUT with iACL IPv6 TCP src-ports and dst-ports accepts matching pkts | | [Documentation] | | ... | On DUT1 add TCP source and destination ports to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. +| | ... | with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up | | And VPP Interface Set IP Address | | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} | | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} +| | ... | ${prefix_length} | | And VPP Add IP Neighbor | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} | | ... | ${tg_to_dut2_mac} @@ -403,112 +146,28 @@ | | ${table_index} | ${skip_n} | ${match_n}= | | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} | | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} +| | ... | ${dut1_node} | permit | ${table_index} | ${hex_value} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} +| | Then Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 | | And Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 25 -| TC09: DUT with iACL IPv6 UDP src-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add UDP source ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | source -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 20 - -| TC10: DUT with iACL IPv6 UDP dst-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add TCP destination ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 110 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | destination -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 110 - -| TC11: DUT with iACL IPv6 UDP src-ports and dst-ports drops matching pkts +| TC03: DUT with iACL IPv6 UDP src-ports and dst-ports accepts matching pkts | | [Documentation] | | ... | On DUT1 add UDP source and destination ports to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. +| | ... | with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up | | And VPP Interface Set IP Address | | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} | | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} +| | ... | ${prefix_length} | | And VPP Add IP Neighbor | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} | | ... | ${tg_to_dut2_mac} @@ -530,54 +189,12 @@ | | ${table_index} | ${skip_n} | ${match_n}= | | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} | | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} +| | ... | ${dut1_node} | permit | ${table_index} | ${hex_value} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 - -| TC12: DUT with iACL MAC src-addr and iACL IPv6 UDP src-ports and dst-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add source MAC address to classify (L2) table and add UDP\ -| | ... | source and destination ports to classify (hex) table with 'deny'. -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And Configure L2XC -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} | | Then Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src -| | And Vpp Configures Classify Session L2 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | src | ${tg_to_dut1_mac} -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP -| | ... | source + destination -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} +| | And Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 -| | And TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 diff --git a/tests/vpp/func/l2xc/eth2p-eth-l2xcbase-iaclbase-func.robot b/tests/vpp/func/l2xc/eth2p-eth-l2xcbase-iaclbase-func.robot index b62f0f8731..c12a6100f4 100644 --- a/tests/vpp/func/l2xc/eth2p-eth-l2xcbase-iaclbase-func.robot +++ b/tests/vpp/func/l2xc/eth2p-eth-l2xcbase-iaclbase-func.robot @@ -1,4 +1,4 @@ -# Copyright (c) 2016 Cisco and/or its affiliates. +# Copyright (c) 2019 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -31,17 +31,16 @@ | ... | DUT1 is configured with iACL classification on link to TG, | ... | *[Ver] TG verification:* Test ICMPv4 Echo Request packets are sent | ... | in one direction by TG on link to DUT1 and received on TG link -| ... | to DUT2. On receive TG verifies if packets are dropped. +| ... | to DUT2. On receive TG verifies if packets are accepted. *** Variables *** | ${l2_table}= | l2 *** Test Cases *** -| TC01: DUT with iACL MAC src-addr drops matching pkts +| TC01: DUT with iACL MAC src-addr accepts matching pkts | | [Documentation] | | ... | [Top] TG-DUT1-DUT2-TG. -| | ... | [Cfg] On DUT1 add source MAC address to classify table with 'deny'. -| | ... | [Ver] Make TG verify matching packets are dropped. +| | ... | [Cfg] On DUT1 add source MAC address to classify table with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -52,21 +51,21 @@ | | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} | | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src -| | And Vpp Configures Classify Session L2 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | | ... | src | ${tg_to_dut1_mac} +| | And Vpp Configures Classify Session L2 +| | ... | ${dut1_node} | permit | ${table_index} | src | ${tg_to_dut1_mac} | | And Vpp Enable Input ACL Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index} -| | Then ICMP packet transmission should fail +| | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} -| TC02: DUT with iACL MAC dst-addr drops matching pkts +| TC02: DUT with iACL MAC dst-addr accepts matching pkts | | [Documentation] | | ... | [Top] TG-DUT1-DUT2-TG. | | ... | [Cfg] On DUT1 add destination MAC address to classify -| | ... | table with 'deny'. -| | ... | [Ver] Make TG verify matching packets are dropped. +| | ... | table with 'permit'. +| | ... | [Ver] Make TG verify matching packets are accepted. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -77,21 +76,21 @@ | | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} | | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | dst -| | And Vpp Configures Classify Session L2 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | | ... | dst | ${tg_to_dut2_mac} +| | And Vpp Configures Classify Session L2 +| | ... | ${dut1_node} | permit | ${table_index} | dst | ${tg_to_dut2_mac} | | And Vpp Enable Input ACL Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index} -| | Then ICMP packet transmission should fail +| | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} -| TC03: DUT with iACL MAC src-addr and dst-addr drops matching pkts +| TC03: DUT with iACL MAC src-addr and dst-addr accepts matching pkts | | [Documentation] | | ... | [Top] TG-DUT1-DUT2-TG. | | ... | [Cfg] On DUT1 add source and destination MAC address to classify -| | ... | table with 'deny'. -| | ... | [Ver] Make TG verify matching packets are dropped. +| | ... | table with 'permit'. +| | ... | [Ver] Make TG verify matching packets are accepted. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -102,27 +101,28 @@ | | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} | | ${table_index_1} | ${skip_n_1} | ${match_n_1}= -| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src -| | And Vpp Configures Classify Session L2 -| | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_1} +| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | | ... | src | ${tg_to_dut1_mac} -| | ${table_index_2} | ${skip_n_2} | ${match_n_2}= -| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | dst | | And Vpp Configures Classify Session L2 -| | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} +| | ... | ${dut1_node} | permit | ${table_index_1} | src | ${tg_to_dut1_mac} +| | ${table_index_2} | ${skip_n_2} | ${match_n_2}= +| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | | ... | dst | ${tg_to_dut1_mac} +| | And Vpp Configures Classify Session L2 +| | ... | ${dut1_node} | permit | ${table_index_2} | dst | ${tg_to_dut1_mac} | | And Vpp Enable Input ACL Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index_1} | | And Vpp Enable Input ACL Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index_2} -| | Then ICMP packet transmission should fail +| | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} -| TC04: DUT with iACL EtherType drops matching pkts +| TC04: DUT with iACL EtherType accepts matching pkts | | [Documentation] | | ... | [Top] TG-DUT1-DUT2-TG. -| | ... | [Cfg] On DUT1 add EtherType IPv4(0x0800) to classify table with 'deny'. -| | ... | [Ver] Make TG verify matching packets are dropped. +| | ... | [Cfg] On DUT1 add EtherType IPv4(0x0800) to classify table with +| | ... | 'permit'. +| | ... | [Ver] Make TG verify matching packets are accepted. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -136,9 +136,8 @@ | | ... | When Vpp Creates Classify Table Hex | | ... | ${dut1_node} | 000000000000000000000000ffff | | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | 0000000000000000000000000800 +| | ... | ${dut1_node} | permit | ${table_index} | 0000000000000000000000000800 | | And Vpp Enable Input ACL Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index} -| | Then ICMP packet transmission should fail +| | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} diff --git a/tests/vpp/perf/ip4/10ge2p1x710-ethip4-ip4base-iacldstbase-ndrpdr.robot b/tests/vpp/perf/ip4/10ge2p1x710-ethip4-ip4base-iacldstbase-ndrpdr.robot index a4a3fcaa4b..4a97f0f885 100644 --- a/tests/vpp/perf/ip4/10ge2p1x710-ethip4-ip4base-iacldstbase-ndrpdr.robot +++ b/tests/vpp/perf/ip4/10ge2p1x710-ethip4-ip4base-iacldstbase-ndrpdr.robot @@ -77,17 +77,15 @@ | | And Apply startup configuration on all VPP DUTs | | When Initialize IPv4 forwarding in circular topology | | ${table_idx} | ${skip_n} | ${match_n}= | And Vpp Creates Classify Table L3 -| | ... | ${dut1} | ip4 | dst +| | ... | ${dut1} | ip4 | dst | 20.20.20.2 | | And Vpp Configures Classify Session L3 -| | ... | ${dut1} | permit | ${table_idx} | ${skip_n} | ${match_n} -| | ... | ip4 | dst | 20.20.20.2 +| | ... | ${dut1} | permit | ${table_idx} | ip4 | dst | 20.20.20.2 | | And Vpp Enable Input Acl Interface | | ... | ${dut1} | ${dut1_if1} | ip4 | ${table_idx} | | ${table_idx} | ${skip_n} | ${match_n}= | And Vpp Creates Classify Table L3 -| | ... | ${dut2} | ip4 | dst +| | ... | ${dut2} | ip4 | dst | 10.10.10.2 | | And Vpp Configures Classify Session L3 -| | ... | ${dut2} | permit | ${table_idx} | ${skip_n} | ${match_n} -| | ... | ip4 | dst | 10.10.10.2 +| | ... | ${dut2} | permit | ${table_idx} | ip4 | dst | 10.10.10.2 | | And Vpp Enable Input Acl Interface | | ... | ${dut2} | ${dut2_if2} | ip4 | ${table_idx} | | Then Find NDR and PDR intervals using optimized search