From: Patrik Hrnciar <phrnciar@cisco.com>
Date: Thu, 30 Jun 2016 13:09:07 +0000 (+0200)
Subject: CSIT-187 iacl with MAC classification tests
X-Git-Url: https://gerrit.fd.io/r/gitweb?p=csit.git;a=commitdiff_plain;h=227795aff6a92512777bb03504f6299efa6d5d50

CSIT-187 iacl with MAC classification tests

 Add tests for:
 - VPP can drop packets based on MAC src-addr
 - VPP can drop packets based on MAC dst-addr
 - VPP can drop packets based on MAC src-addr and dst-addr
 - VPP can drop packets based on Ethertype

Change-Id: I5888c466018e976cd93ecbc8060191622aba90ad
Signed-off-by: Patrik Hrnciar <phrnciar@cisco.com>
---

diff --git a/resources/libraries/robot/l2_traffic.robot b/resources/libraries/robot/l2_traffic.robot
index c348c116b1..2d149c612e 100644
--- a/resources/libraries/robot/l2_traffic.robot
+++ b/resources/libraries/robot/l2_traffic.robot
@@ -67,7 +67,7 @@
 | | ... | ELSE | Catenate | ${args} | ${args1} | ${args2}
 | | Run Traffic Script On Node | send_ip_icmp.py | ${tg_node} | ${args}
 
-| Send and receive ICMP Packet should failed
+| Send and receive ICMP Packet should fail
 | | [Documentation] | Send ICMPv4/ICMPv6 echo request from source interface to
 | | ...             | destination interface and expect failure with
 | | ...             | ICMP echo Rx timeout error message.
@@ -88,7 +88,7 @@
 | | ...
 | | ... | _NOTE:_ Default IP is IPv4
 | | ...
-| | ... | \| Send and receive ICMP Packet \| ${nodes['TG']} \
+| | ... | \| Send and receive ICMP Packet should fail\| ${nodes['TG']} \
 | | ... | \| ${tg_to_dut_if1} \| ${tg_to_dut_if2} \|
 | | ...
 | | [Arguments] | ${tg_node} | ${src_int} | ${dst_int} |
diff --git a/tests/suites/ipv4/ipv4_iacl_untagged.robot b/tests/suites/iacl/ipv4_iacl_untagged.robot
similarity index 96%
rename from tests/suites/ipv4/ipv4_iacl_untagged.robot
rename to tests/suites/iacl/ipv4_iacl_untagged.robot
index 5421db7315..d840f38538 100644
--- a/tests/suites/ipv4/ipv4_iacl_untagged.robot
+++ b/tests/suites/iacl/ipv4_iacl_untagged.robot
@@ -527,26 +527,3 @@
 | | And Send TCP or UDP packet | ${tg_node}
 | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
 | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25
-
-| TC12: DUT with iACL MAC src-addr drops matching pkts
-| | [Documentation]
-| | ... | On DUT1 add source MAC address to classify table with 'deny'.\
-| | ... | Make TG verify matching packets are dropped.
-| | Given Path for 3-node testing is set
-| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']}
-| | And Interfaces in 3-node path are up
-| | And L2 setup xconnect on DUT
-| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg}
-| | And L2 setup xconnect on DUT
-| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
-| | Then Send and receive ICMP Packet
-| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
-| | ${table_index} | ${skip_n} | ${match_n}=
-| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src
-| | And Vpp Configures Classify Session L2
-| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
-| | ... | src | ${tg_to_dut1_mac}
-| | And Vpp Enable Input Acl Interface
-| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index}
-| | Then Send and receive ICMP Packet should failed
-| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
diff --git a/tests/suites/ipv6/ipv6_iacl_untagged.robot b/tests/suites/iacl/ipv6_iacl_untagged.robot
similarity index 100%
rename from tests/suites/ipv6/ipv6_iacl_untagged.robot
rename to tests/suites/iacl/ipv6_iacl_untagged.robot
diff --git a/tests/suites/iacl/l2_iacl_untagged.robot b/tests/suites/iacl/l2_iacl_untagged.robot
new file mode 100644
index 0000000000..071ce1b34c
--- /dev/null
+++ b/tests/suites/iacl/l2_iacl_untagged.robot
@@ -0,0 +1,150 @@
+# Copyright (c) 2016 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*** Settings ***
+| Resource | resources/libraries/robot/default.robot
+| Resource | resources/libraries/robot/counters.robot
+| Resource | resources/libraries/robot/interfaces.robot
+| Resource | resources/libraries/robot/testing_path.robot
+| Resource | resources/libraries/robot/l2_xconnect.robot
+| Resource | resources/libraries/robot/l2_traffic.robot
+| Library | resources.libraries.python.Classify.Classify
+| Library | resources.libraries.python.Trace
+
+| Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO
+| ...        | 3_NODE_DOUBLE_LINK_TOPO
+| Suite Setup | Run Keywords | Setup all TGs before traffic script
+| ...         | AND          | Update All Interface Data On All Nodes | ${nodes}
+| Test Setup | Setup all DUTs before test
+| Test Teardown | Run Keywords | Show packet trace on all DUTs | ${nodes}
+| ...           | AND          | Vpp Show Errors | ${nodes['DUT1']}
+| ...           | AND          | Show vpp trace dump on all DUTs
+| Documentation | *Ingress ACL test cases*
+| ...
+| ... | *[Top] Network Topologies:* TG - DUT1 - DUT2 - TG
+| ... |        with one link between the nodes.
+| ... | *[Cfg] DUT configuration:* DUT2 is configured with L2 Cross connect.
+| ... |        DUT1 is configured with iACL classification on link to TG,
+| ... | *[Ver] TG verification:* Test ICMPv4 Echo Request packets are sent
+| ... |        in one direction by TG on link to DUT1 and received on TG link
+| ... |        to DUT2. On receive TG verifies if packets are dropped.
+
+*** Variables ***
+| ${l2_table}= | l2
+
+*** Test Cases ***
+| TC01: DUT with iACL MAC src-addr drops matching pkts
+| | [Documentation]
+| | ... | [Top] TG-DUT1-DUT2-TG.
+| | ... | [Cfg] On DUT1 add source MAC address to classify table with 'deny'.
+| | ... | [Ver] Make TG verify matching packets are dropped.
+| | Given Path for 3-node testing is set
+| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']}
+| | And Interfaces in 3-node path are up
+| | And L2 setup xconnect on DUT
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg}
+| | And L2 setup xconnect on DUT
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
+| | Then Send and receive ICMP Packet
+| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src
+| | And Vpp Configures Classify Session L2
+| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
+| | ... | src | ${tg_to_dut1_mac}
+| | And Vpp Enable Input ACL Interface
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index}
+| | Then Send and receive ICMP Packet should fail
+| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
+
+| TC02: DUT with iACL MAC dst-addr drops matching pkts
+| | [Documentation]
+| | ... | [Top] TG-DUT1-DUT2-TG.
+| | ... | [Cfg] On DUT1 add destination MAC address to classify
+| | ... |       table with 'deny'.
+| | ... | [Ver] Make TG verify matching packets are dropped.
+| | Given Path for 3-node testing is set
+| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']}
+| | And Interfaces in 3-node path are up
+| | And L2 setup xconnect on DUT
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg}
+| | And L2 setup xconnect on DUT
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
+| | Then Send and receive ICMP Packet
+| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | dst
+| | And Vpp Configures Classify Session L2
+| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
+| | ... | dst | ${tg_to_dut2_mac}
+| | And Vpp Enable Input ACL Interface
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index}
+| | Then Send and receive ICMP Packet should fail
+| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
+
+| TC03: DUT with iACL MAC src-addr and dst-addr drops matching pkts
+| | [Documentation]
+| | ... | [Top] TG-DUT1-DUT2-TG.
+| | ... | [Cfg] On DUT1 add source and destination MAC address to classify
+| | ... |       table with 'deny'.
+| | ... | [Ver] Make TG verify matching packets are dropped.
+| | Given Path for 3-node testing is set
+| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']}
+| | And Interfaces in 3-node path are up
+| | And L2 setup xconnect on DUT
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg}
+| | And L2 setup xconnect on DUT
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
+| | Then Send and receive ICMP Packet
+| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
+| | ${table_index_1} | ${skip_n_1} | ${match_n_1}=
+| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src
+| | And Vpp Configures Classify Session L2
+| | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_1}
+| | ... | src | ${tg_to_dut1_mac}
+| | ${table_index_2} | ${skip_n_2} | ${match_n_2}=
+| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | dst
+| | And Vpp Configures Classify Session L2
+| | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2}
+| | ... | dst | ${tg_to_dut1_mac}
+| | And Vpp Enable Input ACL Interface
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index_1}
+| | And Vpp Enable Input ACL Interface
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index_2}
+| | Then Send and receive ICMP Packet should fail
+| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
+
+| TC04: DUT with iACL EtherType drops matching pkts
+| | [Documentation]
+| | ... | [Top] TG-DUT1-DUT2-TG.
+| | ... | [Cfg] On DUT1 add EtherType IPv4(0x0800) to classify table with 'deny'.
+| | ... | [Ver] Make TG verify matching packets are dropped.
+| | Given Path for 3-node testing is set
+| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']}
+| | And Interfaces in 3-node path are up
+| | And L2 setup xconnect on DUT
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg}
+| | And L2 setup xconnect on DUT
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
+| | Then Send and receive ICMP Packet
+| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex
+| | ... | ${dut1_node} | 000000000000000000000000ffff
+| | And Vpp Configures Classify Session Hex
+| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
+| | ... | 0000000000000000000000000800
+| | And Vpp Enable Input ACL Interface
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index}
+| | Then Send and receive ICMP Packet should fail
+| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}