From: Zdeno Date: Mon, 18 Apr 2016 14:17:26 +0000 (+0200) Subject: CSIT-9: COP Whitelist/blacklist X-Git-Url: https://gerrit.fd.io/r/gitweb?p=csit.git;a=commitdiff_plain;h=395ed47437010c9852d9d620f491f660a085dbfd CSIT-9: COP Whitelist/blacklist - Included are also IPv6 tests - JIRA: CSIT-17 Change-Id: I89ae6c38cdc6742a597c0dc24ed1c033c1b5d155 Signed-off-by: Zdeno --- diff --git a/resources/libraries/python/Cop.py b/resources/libraries/python/Cop.py new file mode 100644 index 0000000000..1ff9a992d9 --- /dev/null +++ b/resources/libraries/python/Cop.py @@ -0,0 +1,68 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""COP utilities library.""" + +from resources.libraries.python.VatExecutor import VatTerminal +from resources.libraries.python.topology import Topology + + +class Cop(object): + """COP utilities.""" + + @staticmethod + def cop_add_whitelist_entry(node, interface, ip_format, fib_id): + """Add cop whitelisted entry. + + :param node: Node to add COP whitelist on. + :param interface: Interface of the node where the COP is added. + :param ip_format: IP format : ip4 or ip6 are valid formats. + :param fib_id: Specify the fib table ID. + :type node: dict + :type interface: str + :type ip_format: str + :type fib_id: int + """ + if ip_format not in ('ip4', 'ip6'): + raise ValueError("Ip not in correct format!") + sw_if_index = Topology.get_interface_sw_index(node, interface) + with VatTerminal(node) as vat: + vat.vat_terminal_exec_cmd_from_template('cop_whitelist.vat', + sw_if_index=sw_if_index, + ip=ip_format, + fib_id=fib_id) + + @staticmethod + def cop_interface_enable_or_disable(node, interface, state): + """Enable or disable COP on the interface. + + :param node: Node to add COP whitelist on. + :param interface: Interface of the node where the COP is added. + :param state: disable/enable COP on the interface. + :type node: dict + :type interface: str + :type state: str + """ + state = state.lower() + if state in ('enable', 'disable'): + if state == 'enable': + state = '' + sw_if_index = Topology.get_interface_sw_index(node, interface) + with VatTerminal(node) as vat: + vat.vat_terminal_exec_cmd_from_template('cop_interface.vat', + sw_if_index=sw_if_index, + state=state) + else: + raise ValueError( + "Possible values are 'enable' or 'disable'!" + ) diff --git a/resources/libraries/python/IPv4Setup.py b/resources/libraries/python/IPv4Setup.py index 14179c3105..50154103ec 100644 --- a/resources/libraries/python/IPv4Setup.py +++ b/resources/libraries/python/IPv4Setup.py @@ -314,3 +314,18 @@ class IPv4Setup(object): nodes_addr) mac_address = adj_int['mac_address'] get_node(node).set_arp(interface_name, ip_address, mac_address) + + @staticmethod + def add_arp_on_dut(node, interface, ip_address, mac_address): + """Set ARP cache entree on DUT node. + + :param node: Node in the topology. + :param interface: Interface name of the node. + :param ip_address: IP address of the interface. + :param mac_address: MAC address of the interface. + :type node: dict + :type interface: str + :type ip_address: str + :type mac_address: str + """ + get_node(node).set_arp(interface, ip_address, mac_address) diff --git a/resources/libraries/python/IPv4Util.py b/resources/libraries/python/IPv4Util.py index 31e6bf13f6..5ee73c08fc 100644 --- a/resources/libraries/python/IPv4Util.py +++ b/resources/libraries/python/IPv4Util.py @@ -51,9 +51,6 @@ class IPv4Util(object): get_node(node).set_ip(interface, address, int(prefix_length)) @staticmethod - @keyword('Node "${node}" routes to IPv4 network "${network}" with prefix ' - 'length "${prefix_length}" using interface "${interface}" via ' - '"${gateway}"') def set_route(node, network, prefix_length, interface, gateway): """See IPv4Node.set_route for more information. diff --git a/resources/libraries/python/Routing.py b/resources/libraries/python/Routing.py index 1cbbf6b822..7bb41cbfad 100644 --- a/resources/libraries/python/Routing.py +++ b/resources/libraries/python/Routing.py @@ -42,3 +42,25 @@ class Routing(object): prefix_length=prefix_len, gateway=gateway, sw_if_index=sw_if_index) + + @staticmethod + def add_fib_table(node, network, prefix_len, fib_id, place): + """Create new FIB table according to ID. + + :param node: Node to add FIB on. + :param network: IP address to add to the FIB table. + :param prefix_len: IP address prefix length. + :param fib_id: FIB table ID. + :param place: Possible variants are local, drop. + :type node: dict + :type network: str + :type prefix_len: int + :type fib_id: int + :type place: str + """ + with VatTerminal(node) as vat: + vat.vat_terminal_exec_cmd_from_template('add_fib_table.vat', + network=network, + prefix_length=prefix_len, + fib_number=fib_id, + where=place) diff --git a/resources/libraries/robot/cop.robot b/resources/libraries/robot/cop.robot new file mode 100644 index 0000000000..c958b3e211 --- /dev/null +++ b/resources/libraries/robot/cop.robot @@ -0,0 +1,85 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Resource | resources/libraries/robot/default.robot +| Resource | resources/libraries/robot/counters.robot +| Library | resources.libraries.python.NodePath +| Library | resources.libraries.python.Cop +| Library | resources.libraries.python.Routing +| Library | resources.libraries.python.TrafficScriptExecutor +| Library | resources.libraries.python.InterfaceUtil + +*** Keywords *** +| Setup Nodes And Variables +| | [Documentation] | Setup of test variables and bring interfaces up. +| | ... +| | ... | *Arguments:* +| | ... +| | ... | - {tg_node} : Node where to start/end. Type: dictionary +| | ... | - {dut1_node} - Next node from start. Type: dictionary +| | ... | - {dut2_node} - Third node. Type: dictionary +| | ... +| | ... | *Return:* +| | ... +| | ... | - No value returned +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Setup Nodes And Variables \| ${nodes['TG']} \ +| | ... | \| ${nodes['DUT1']} \| ${nodes['DUT2']} \| +| | ... +| | ... | _NOTE:_ This KW sets following test case variables: +| | ... +| | ... | - ${tg_if1} - Iterface of TG towards DUT (1st). +| | ... | - ${tg_if2} - Interface of TG towards DUT (2nd). +| | ... | - ${dut1_if1} - Interface of DUT towards TG (1st). +| | ... | - ${dut1_if2} - Interface of DUT towards TG (2nd). +| | ... | - ${dut2_if1} - Interface of DUT2 towards DUT (1st). +| | ... | - ${dut2_if2} - Interface of DUT2 towards TG (2nd). +| | ... | - ${tg_if1_mac} - MAC address of TG interface (1st). +| | ... | - ${tg_if2_mac} - MAC address of TG interface (2nd). +| | ... | - ${dut1_if1_mac} - MAC address of DUT1 interface (1st). +| | ... | - ${dut1_if2_mac} - MAC address of DUT1 interface (2nd). +| | ... +| | [Arguments] | ${tg_node} | ${dut1_node} | ${dut2_node} +| | Append Nodes | ${tg_node} | ${dut1_node} | ${dut2_node} | +| | ... | ${tg_node} +| | Compute Path +| | ${tg_if1} | ${tg}= | Next Interface +| | ${dut1_if1} | ${dut1}= | Next Interface +| | ${dut1_if2} | ${dut1}= | Next Interface +| | ${dut2_if1} | ${dut2}= | Next Interface +| | ${dut2_if2} | ${dut2}= | Next Interface +| | ${tg_if2} | ${tg}= | Next Interface +| | ${tg_if1_mac}= | Get interface mac | ${tg} | ${tg_if1} +| | ${tg_if2_mac}= | Get interface mac | ${tg} | ${tg_if2} +| | ${dut1_if1_mac}= | Get interface mac | ${dut1} | ${dut1_if1} +| | ${dut1_if2_mac}= | Get interface mac | ${dut1} | ${dut1_if2} +| | Set Test Variable | ${tg_if1} +| | Set Test Variable | ${tg_if2} +| | Set Test Variable | ${dut1_if1} +| | Set Test Variable | ${dut1_if2} +| | Set Test Variable | ${dut2_if1} +| | Set Test Variable | ${dut2_if2} +| | Set Test Variable | ${tg_if1_mac} +| | Set Test Variable | ${tg_if2_mac} +| | Set Test Variable | ${dut1_if1_mac} +| | Set Test Variable | ${dut1_if2_mac} +| | Set Interface State | ${tg_node} | ${tg_if1} | up +| | Set Interface State | ${tg_node} | ${tg_if2} | up +| | Set Interface State | ${dut1_node} | ${dut1_if1} | up +| | Set Interface State | ${dut1_node} | ${dut1_if2} | up +| | Set Interface State | ${dut2_node} | ${dut2_if1} | up +| | Set Interface State | ${dut2_node} | ${dut2_if2} | up +| | All Vpp Interfaces Ready Wait | ${nodes} diff --git a/resources/libraries/robot/traffic.robot b/resources/libraries/robot/traffic.robot new file mode 100644 index 0000000000..b97a6d4360 --- /dev/null +++ b/resources/libraries/robot/traffic.robot @@ -0,0 +1,108 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Traffic keywords""" + +*** Settings *** +| Library | resources.libraries.python.IPv6Util +| Library | resources.libraries.python.IPv6Setup +| Library | resources.libraries.python.TrafficScriptExecutor +| Library | resources.libraries.python.NodePath +| Library | resources.libraries.python.Routing +| Library | resources.libraries.python.InterfaceUtil +| Library | resources.libraries.python.topology.Topology +| Resource | resources/libraries/robot/default.robot +| Resource | resources/libraries/robot/counters.robot +| Documentation | Traffic keywords + +*** Keywords *** +| Send Packet And Check Headers +| | [Documentation] | Sends packet from IP (with source mac) to IP +| | ... | (with dest mac). There has to be 4 MAC addresses +| | ... | when using 2 node + +| | ... | xconnect (one for each eth). +| | ... +| | ... | *Arguments:* +| | ... +| | ... | _NOTE:_ Arguments are based on example: +| | ... | TG(if1)->(if1)DUT(if2)->TG(if2) +| | ... +| | ... | - {tg_node} : Node to execute scripts on (TG). Type: dictionary +| | ... | - {src_ip} - IP of source interface (TG-if1). Type: int +| | ... | - {dst_ip} - IP of destination interface (TG-if2). Type: int +| | ... | - {tx_src_port} - Interface of TG-if1. Type: string +| | ... | - {tx_src_mac} - MAC address of TG-if1. Type: string +| | ... | - {tx_dst_mac} - MAC address of DUT-if1. Type: string +| | ... | - {rx_port} - Interface of TG-if1. Type: string +| | ... | - {rx_src_mac} - MAC address of DUT1-if2. Type: string +| | ... | - {rx_dst_mac} - MAC address of TG-if2. Type: string +| | ... +| | ... | *Return:* +| | ... | - No value returned +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Send Packet And Check Headers \| ${nodes['TG']} \| 10.0.0.1 \ +| | ... | \| 32.0.0.1 \| eth2 \| 08:00:27:ee:fd:b3 \| 08:00:27:a2:52:5b \ +| | ... | \| eth3 \| 08:00:27:4d:ca:7a \| 08:00:27:7d:fd:10 \| +| | ... +| | [Arguments] | ${tg_node} | ${src_ip} | ${dst_ip} | ${tx_src_port} | +| | ... | ${tx_src_mac} | ${tx_dst_mac} | ${rx_port} | ${rx_src_mac} +| | ... | ${rx_dst_mac} +| | ${args}= | Catenate | --tg_src_mac | ${tx_src_mac} | --tg_dst_mac | +| | ... | ${rx_dst_mac} | --dut_if1_mac | ${tx_dst_mac} | --dut_if2_mac | +| | ... | ${rx_src_mac} | --src_ip | ${src_ip} | --dst_ip | ${dst_ip} | +| | ... | --tx_if | ${tx_src_port} | --rx_if | ${rx_port} +| | Run Traffic Script On Node | send_icmp_check_headers.py | ${tg_node} | +| | ... | ${args} + +| Send packet from Port to Port should failed +| | [Documentation] | Sends packet from ip (with specified mac) to ip +| | ... | (with dest mac). Using keyword : Send packet And Check +| | ... | Headers and subsequently checks the return value +| | ... +| | ... | *Arguments:* +| | ... +| | ... | _NOTE:_ Arguments are based on example: +| | ... | TG(if1)->(if1)DUT(if2)->TG(if2) +| | ... +| | ... | - {tg_node} : Node to execute scripts on (TG). Type: dictionary +| | ... | - {src_ip} - IP of source interface (TG-if1). Type: int +| | ... | - {dst_ip} - IP of destination interface (TG-if2). Type: int +| | ... | - {tx_src_port} - Interface of TG-if1. Type: string +| | ... | - {tx_src_mac} - MAC address of TG-if1. Type: string +| | ... | - {tx_dst_mac} - MAC address of DUT-if1. Type: string +| | ... | - {rx_port} - Interface of TG-if1. Type: string +| | ... | - {rx_src_mac} - MAC address of DUT1-if2. Type: string +| | ... | - {rx_dst_mac} - MAC address of TG-if2. Type: string +| | ... +| | ... | *Return:* +| | ... | - No value returned +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Send packet from Port to Port should failed \| ${nodes['TG']} \ +| | ... | \| 10.0.0.1 \ \| 32.0.0.1 \| eth2 \| 08:00:27:ee:fd:b3 \ +| | ... | \| 08:00:27:a2:52:5b \| eth3 \| 08:00:27:4d:ca:7a \ +| | ... | \| 08:00:27:7d:fd:10 \| +| | [Arguments] | ${tg_node} | ${src_ip} | ${dst_ip} | ${tx_src_port} | +| | ... | ${tx_src_mac} | ${tx_dst_mac} | ${rx_port} | ${rx_src_mac} | +| | ... | ${rx_dst_mac} +| | ${args}= | Catenate | --tg_src_mac | ${tx_src_mac} | --tg_dst_mac | +| | ... | ${rx_dst_mac} | --dut_if1_mac | ${tx_dst_mac} | --dut_if2_mac | +| | ... | ${rx_src_mac} | --src_ip | ${src_ip} | --dst_ip | ${dst_ip} | +| | ... | --tx_if | ${tx_src_port} | --rx_if | ${rx_port} +| | Run Keyword And Expect Error | ICMP echo Rx timeout | +| | ... | Run Traffic Script On Node | send_icmp_check_headers.py +| | ... | ${tg_node} | ${args} +l \ No newline at end of file diff --git a/resources/templates/vat/add_fib_table.vat b/resources/templates/vat/add_fib_table.vat new file mode 100644 index 0000000000..5adedd740d --- /dev/null +++ b/resources/templates/vat/add_fib_table.vat @@ -0,0 +1 @@ +ip_add_del_route {network}/{prefix_length} {where} vrf {fib_number} create-vrf \ No newline at end of file diff --git a/resources/templates/vat/cop_interface.vat b/resources/templates/vat/cop_interface.vat new file mode 100644 index 0000000000..1912fa2307 --- /dev/null +++ b/resources/templates/vat/cop_interface.vat @@ -0,0 +1 @@ +cop_interface_enable_disable sw_if_index {sw_if_index} {state} \ No newline at end of file diff --git a/resources/templates/vat/cop_whitelist.vat b/resources/templates/vat/cop_whitelist.vat new file mode 100644 index 0000000000..487d55310c --- /dev/null +++ b/resources/templates/vat/cop_whitelist.vat @@ -0,0 +1 @@ +cop_whitelist_enable_disable sw_if_index {sw_if_index} {ip} fib-id {fib_id} \ No newline at end of file diff --git a/resources/traffic_scripts/send_icmp_check_headers.py b/resources/traffic_scripts/send_icmp_check_headers.py new file mode 100755 index 0000000000..f8f5309764 --- /dev/null +++ b/resources/traffic_scripts/send_icmp_check_headers.py @@ -0,0 +1,107 @@ +#!/usr/bin/env python +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Traffic script that sends an ip icmp packet +from one interface to the other. +""" + +import sys +import ipaddress + +from scapy.layers.inet import ICMP, IP +from scapy.layers.inet6 import IPv6 +from scapy.all import Ether +from scapy.layers.inet6 import ICMPv6EchoRequest +from robot.api import logger + +from resources.libraries.python.PacketVerifier import RxQueue, TxQueue +from resources.libraries.python.TrafficScriptArg import TrafficScriptArg + + +def valid_ipv4(ip): + try: + ipaddress.IPv4Address(unicode(ip)) + return True + except (AttributeError, ipaddress.AddressValueError): + return False + + +def valid_ipv6(ip): + try: + ipaddress.IPv6Address(unicode(ip)) + return True + except (AttributeError, ipaddress.AddressValueError): + return False + + +def main(): + """Send IP ICMP packet from one traffic generator interface to the other.""" + args = TrafficScriptArg( + ['tg_src_mac', 'tg_dst_mac', 'src_ip', 'dst_ip', 'dut_if1_mac', + 'dut_if2_mac']) + + src_mac = args.get_arg('tg_src_mac') + dst_mac = args.get_arg('tg_dst_mac') + dut1_if1_mac = args.get_arg('dut_if1_mac') + dut1_if2_mac = args.get_arg('dut_if2_mac') + src_ip = args.get_arg('src_ip') + dst_ip = args.get_arg('dst_ip') + tx_if = args.get_arg('tx_if') + rx_if = args.get_arg('rx_if') + + rxq = RxQueue(rx_if) + txq = TxQueue(tx_if) + sent_packets = [] + ip_format = '' + pkt_raw = '' + if valid_ipv4(src_ip) and valid_ipv4(dst_ip): + pkt_raw = (Ether(src=src_mac, dst=dut1_if1_mac) / + IP(src=src_ip, dst=dst_ip) / + ICMP()) + ip_format = 'IP' + elif valid_ipv6(src_ip) and valid_ipv6(dst_ip): + pkt_raw = (Ether(src=src_mac, dst=dut1_if1_mac) / + IPv6(src=src_ip, dst=dst_ip) / + ICMPv6EchoRequest()) + ip_format = 'IPv6' + else: + raise ValueError("IP not in correct format") + + sent_packets.append(pkt_raw) + txq.send(pkt_raw) + ether = rxq.recv(2) + + if ether is None: + raise RuntimeError("ICMP echo Rx timeout") + if not ether.haslayer(ip_format): + raise RuntimeError("Not an IP packet received {0}" + .format(ether.__repr__())) + + # Compare data from packets + if src_ip == ether[ip_format].src and dst_ip == ether[ip_format].dst: + logger.trace("IP matched") + if dst_mac == ether['Ethernet'].dst and \ + dut1_if2_mac == ether['Ethernet'].src: + logger.trace("MAC matched") + else: + raise RuntimeError("Matching packet unsuccessful: {0}" + .format(ether.__repr__())) + else: + raise RuntimeError("Matching packet unsuccessful: {0}" + .format(ether.__repr__())) + sys.exit(0) + + +if __name__ == "__main__": + main() diff --git a/tests/suites/cop/cop_whitelist_blacklist.robot b/tests/suites/cop/cop_whitelist_blacklist.robot new file mode 100644 index 0000000000..ad02b4c499 --- /dev/null +++ b/tests/suites/cop/cop_whitelist_blacklist.robot @@ -0,0 +1,105 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Library | resources.libraries.python.topology.Topology +| Library | resources.libraries.python.NodePath +| Library | resources.libraries.python.Trace +| Resource | resources/libraries/robot/default.robot +| Resource | resources/libraries/robot/interfaces.robot +| Resource | resources/libraries/robot/ipv4.robot +| Resource | resources/libraries/robot/traffic.robot +| Resource | resources/libraries/robot/cop.robot +| Resource | resources/libraries/robot/l2_xconnect.robot +| Variables | resources/libraries/python/IPv4NodeAddress.py | ${nodes} +| Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO +| Suite Setup | Run Keywords | Setup all DUTs before test +| ... | AND | Setup all TGs before traffic script +| ... | AND | Update All Interface Data On All Nodes | ${nodes} +| Test Setup | Clear interface counters on all vpp nodes in topology | ${nodes} +| Test Teardown | Show packet trace on all DUTs | ${nodes} +| Documentation | *COP Blacklist and Whitelist Tests* +| ... +| ... | Test suite uses 3-node topology TG - DUT1 - DUT2 - TG +| ... | with one link between nodes where DUT2 has xconnect. +| ... | Test packets are sent only in one direction with COP set either as +| ... | whitelist or blacklist. Subsequently, packet's IP src/dst and +| ... | MAC addresses are checked. + +*** Variables *** +| ${tg_node}= | ${nodes['TG']} +| ${dut1_node}= | ${nodes['DUT1']} +| ${dut2_node}= | ${nodes['DUT2']} + +| ${dut1_if1_ip}= | 192.168.1.1 +| ${dut1_if2_ip}= | 192.168.2.1 +| ${dut1_if1_ip_GW}= | 192.168.1.2 +| ${dut1_if2_ip_GW}= | 192.168.2.2 + +| ${test_dst_ip}= | 32.0.0.1 +| ${test_src_ip}= | 16.0.0.1 + +| ${cop_dut_ip}= | 16.0.0.0 + +| ${ip_prefix}= | 24 +| ${nodes_ipv4_addresses}= | ${nodes_ipv4_addr} + +| ${fib_table_number}= | 1 + +*** Test Cases *** +| VPP permits packets based on IPv4 src addr +| | [Documentation] | COP Whitelist test with basic setup. +| | Given Setup Nodes And Variables | ${tg_node} | ${dut1_node} | ${dut2_node} +| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2} +| | And Set Interface Address +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${ip_prefix} +| | And Set Interface Address +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip} | ${ip_prefix} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip_GW} | ${tg_if1_mac} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac} +| | And Vpp Route Add | ${dut1_node} +| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_if2} +| | And Add fib table | ${dut1_node} +| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | local +| | When COP Add whitelist Entry +| | ... | ${dut1_node} | ${dut1_if1} | ip4 | ${fib_table_number} +| | And COP interface enable or disable | ${dut1_node} | ${dut1_if1} | enable +| | Then Send Packet And Check Headers | ${tg_node} | +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} | +| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac} + + +| VPP drops packets based on IPv4 src addr +| | [Documentation] | COP blacklist test with basic setup. +| | Given Setup Nodes And Variables | ${tg_node} | ${dut1_node} | ${dut2_node} +| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2} +| | And Set Interface Address +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${ip_prefix} +| | And Set Interface Address +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip} | ${ip_prefix} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip_GW} | ${tg_if1_mac} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac} +| | And Vpp Route Add | ${dut1_node} +| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_if2} +| | And Add fib table | ${dut1_node} +| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | drop +| | When COP Add whitelist Entry +| | ... | ${dut1_node} | ${dut1_if1} | ip4 | ${fib_table_number} +| | And COP interface enable or disable | ${dut1_node} | ${dut1_if1} | enable +| | Then Send packet from Port to Port should failed | ${tg_node} | +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} | +| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac} diff --git a/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot b/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot new file mode 100644 index 0000000000..a48ae01475 --- /dev/null +++ b/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot @@ -0,0 +1,120 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Library | resources.libraries.python.topology.Topology +| Library | resources.libraries.python.NodePath +| Library | resources.libraries.python.Trace +| Resource | resources/libraries/robot/default.robot +| Resource | resources/libraries/robot/interfaces.robot +| Resource | resources/libraries/robot/ipv6.robot +| Resource | resources/libraries/robot/ipv4.robot +| Resource | resources/libraries/robot/traffic.robot +| Resource | resources/libraries/robot/cop.robot +| Resource | resources/libraries/robot/l2_xconnect.robot +| Variables | resources/libraries/python/IPv6NodesAddr.py | ${nodes} +| Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO +| Suite Setup | Run Keywords | Setup all DUTs before test +| ... | AND | Setup all TGs before traffic script +| ... | AND | Update All Interface Data On All Nodes | ${nodes} +| Test Setup | Clear interface counters on all vpp nodes in topology | ${nodes} +| Test Teardown | Show packet trace on all DUTs | ${nodes} +| Documentation | *COP Blacklist and Whitelist Tests* +| ... +| ... | Test suite uses 3-node topology TG - DUT1 - DUT2 - TG +| ... | with one link between nodes where DUT2 has xconnect. +| ... | Test packets are sent only in one direction with COP set either as +| ... | whitelist or blacklist. Subsequently, packet's IP src/dst and +| ... | MAC addresses are checked. + +*** Variables *** +| ${tg_node}= | ${nodes['TG']} +| ${dut1_node}= | ${nodes['DUT1']} +| ${dut2_node}= | ${nodes['DUT2']} + +| ${dut1_if1_ip}= | 3ffe:62::1 +| ${dut1_if2_ip}= | 3ffe:63::1 +| ${dut1_if1_ip_GW}= | 3ffe:62::2 +| ${dut1_if2_ip_GW}= | 3ffe:63::2 + +| ${dut2_if1_ip}= | 3ffe:72::1 +| ${dut2_if2_ip}= | 3ffe:73::1 + +| ${test_dst_ip}= | 3ffe:64::1 +| ${test_src_ip}= | 3ffe:61::1 + +| ${cop_dut_ip}= | 3ffe:61:: + +| ${ip_prefix}= | 64 + +| ${nodes_ipv6_addresses}= | ${nodes_ipv6_addr} + +| ${fib_table_number}= | 1 + +*** Test Cases *** +| VPP permits packets based on IPv6 src addr +| | [Documentation] | COP Whitelist test with basic setup. +| | Given Setup Nodes And Variables | ${tg_node} | ${dut1_node} | ${dut2_node} +| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2} +| | And VPP Set IF IPv6 Addr +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${ip_prefix} +| | And VPP Set IF IPv6 Addr +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip} | ${ip_prefix} +| | And VPP Set IF IPv6 Addr +| | ... | ${dut2_node} | ${dut2_if1} | ${dut2_if1_ip} | ${ip_prefix} +| | And VPP Set IF IPv6 Addr +| | ... | ${dut2_node} | ${dut2_if2} | ${dut2_if2_ip} | ${ip_prefix} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip_GW} | ${tg_if1_mac} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac} +| | And Vpp Route Add | ${dut1_node} +| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_if2} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | And Add fib table | ${dut1_node} | ${cop_dut_ip} | ${ip_prefix} | +| | ... | ${fib_table_number} | local +| | When COP Add whitelist Entry | ${dut1_node} | ${dut1_if1} | ip6 | +| | ... | ${fib_table_number} +| | And COP interface enable or disable | ${dut1_node} | ${dut1_if1} | enable +| | Then Send Packet And Check Headers | ${tg_node} | +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} | +| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac} + + +| VPP drops packets based on IPv6 src addr +| | [Documentation] | COP blacklist test with basic setup. +| | Given Setup Nodes And Variables | ${tg_node} | ${dut1_node} | ${dut2_node} +| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2} +| | And VPP Set IF IPv6 Addr +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${ip_prefix} +| | And VPP Set IF IPv6 Addr +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip} | ${ip_prefix} +| | And VPP Set IF IPv6 Addr +| | ... | ${dut2_node} | ${dut2_if1} | ${dut2_if1_ip} | ${ip_prefix} +| | And VPP Set IF IPv6 Addr +| | ... | ${dut2_node} | ${dut2_if2} | ${dut2_if2_ip} | ${ip_prefix} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip_GW} | ${tg_if1_mac} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac} +| | And Vpp Route Add | ${dut1_node} +| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_if2} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | And Add fib table | ${dut1_node} +| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | drop +| | When COP Add whitelist Entry +| | ... | ${dut1_node} | ${dut1_if1} | ip6 | ${fib_table_number} +| | And COP interface enable or disable | ${dut1_node} | ${dut1_if1} | enable +| | Then Send packet from Port to Port should failed | ${tg_node} | +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} | +| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac}