From: Patrik Hrnciar Date: Wed, 18 May 2016 09:53:52 +0000 (+0200) Subject: iACL TCP/UDP tests X-Git-Url: https://gerrit.fd.io/r/gitweb?p=csit.git;a=commitdiff_plain;h=559a2b904cf95e4a5a82726d8b3791e57e7a9f9c iACL TCP/UDP tests - IPv4 CSIT-92 - IPv6 CSIT-107 Change-Id: Ia93e96f624ce73ef08b89d4b22334a67ebb69e13 Signed-off-by: Patrik Hrnciar --- diff --git a/resources/libraries/python/Classify.py b/resources/libraries/python/Classify.py index cf93a04b2b..7d62e26a67 100644 --- a/resources/libraries/python/Classify.py +++ b/resources/libraries/python/Classify.py @@ -30,12 +30,12 @@ class Classify(object): :type node: dict :type ip_version: str :type direction: str - :return table_index: Classify table index. - :return skip_n: Number of skip vectors. - :return match_n: Number of match vectors. - :rtype table_index: int - :rtype skip_n: int - :rtype match_n: int + :return (table_index, skip_n, match_n) + table_index: Classify table index. + skip_n: Number of skip vectors. + match_n: Number of match vectors. + :rtype: tuple(int, int, int) + :raises RuntimeError: If VPP can't create table. """ output = VatExecutor.cmd_from_template(node, "classify_add_table.vat", ip_version=ip_version, @@ -53,6 +53,37 @@ class Classify(object): return table_index, skip_n, match_n + @staticmethod + def vpp_create_classify_table_hex(node, hex_mask): + """Create classify table with hex mask. + + :param node: VPP node to create classify table based on hex mask. + :param hex_mask: Classify hex mask. + :type node: dict + :type hex_mask: str + :return (table_index, skip_n, match_n) + table_index: Classify table index. + skip_n: Number of skip vectors. + match_n: Number of match vectors. + :rtype: tuple(int, int, int) + :raises RuntimeError: If VPP can't create table. + """ + output = VatExecutor.cmd_from_template(node, + "classify_add_table_hex.vat", + hex_mask=hex_mask) + + if output[0]["retval"] == 0: + table_index = output[0]["new_table_index"] + skip_n = output[0]["skip_n_vectors"] + match_n = output[0]["match_n_vectors"] + logger.trace('Classify table with table_index {} created on node {}' + .format(table_index, node['host'])) + else: + raise RuntimeError('Unable to create classify table on node {}' + .format(node['host'])) + + return table_index, skip_n, match_n + @staticmethod def vpp_configure_classify_session(node, acl_method, table_index, skip_n, match_n, ip_version, direction, address): @@ -84,3 +115,107 @@ class Classify(object): ip_version=ip_version, direction=direction, address=address) + + @staticmethod + def vpp_configure_classify_session_hex(node, acl_method, table_index, + skip_n, match_n, hex_value): + """Configuration of classify session with hex value. + + :param node: VPP node to setup classify session. + :param acl_method: ACL method - deny/permit. + :param table_index: Classify table index. + :param skip_n: Number of skip vectors based on mask. + :param match_n: Number of match vectors based on mask. + :param hex_value: Classify hex value. + :type node: dict + :type acl_method: str + :type table_index: int + :type skip_n: int + :type match_n: int + :type hex_value: str + """ + with VatTerminal(node) as vat: + vat.vat_terminal_exec_cmd_from_template( + "classify_add_session_hex.vat", + acl_method=acl_method, + table_index=table_index, + skip_n=skip_n, + match_n=match_n, + hex_value=hex_value) + + @staticmethod + def compute_classify_hex_mask(ip_version, protocol, direction): + """Compute classify hex mask for TCP or UDP packet matching. + + :param ip_version: Version of IP protocol. + :param protocol: Type of protocol. + :param direction: Traffic direction. + :type ip_version: str + :type protocol: str + :type direction: str + :return: Classify hex mask. + :rtype : str + :raises ValueError: If protocol is not TCP or UDP. + :raises ValueError: If direction is not source or destination or + source + destination. + """ + if protocol == 'TCP' or protocol == 'UDP': + base_mask = Classify._compute_base_mask(ip_version) + + if direction == 'source': + return base_mask + 'FFFF0000' + elif direction == 'destination': + return base_mask + '0000FFFF' + elif direction == 'source + destination': + return base_mask + 'FFFFFFFF' + else: + raise ValueError("Invalid direction!") + else: + raise ValueError("Invalid protocol!") + + @staticmethod + def compute_classify_hex_value(hex_mask, source_port, destination_port): + """Compute classify hex value for TCP or UDP packet matching. + + :param hex_mask: Classify hex mask. + :param source_port: Source TCP/UDP port. + :param destination_port: Destination TCP/UDP port. + :type hex_mask: str + :type source_port: str + :type destination_port: str + :return: Classify hex value. + :rtype: str + """ + source_port_hex = Classify._port_convert(source_port) + destination_port_hex = Classify._port_convert(destination_port) + + return hex_mask[:-8] + source_port_hex + destination_port_hex + + @staticmethod + def _port_convert(port): + """Convert port number for classify hex table format. + + :param port: TCP/UDP port number. + :type port: str + :return: TCP/UDP port number in 4-digit hexadecimal format. + :rtype: str + """ + return '{0:04x}'.format(int(port)) + + @staticmethod + def _compute_base_mask(ip_version): + """Compute base classify hex mask based on IP version. + + :param ip_version: Version of IP protocol. + :type ip_version: str + :return: Base hex mask. + :rtype: str + """ + if ip_version == 'ip4': + return 68 * '0' + # base value of classify hex table for IPv4 TCP/UDP ports + elif ip_version == 'ip6': + return 108 * '0' + # base value of classify hex table for IPv6 TCP/UDP ports + else: + raise ValueError("Invalid IP version!") diff --git a/resources/libraries/python/TrafficScriptExecutor.py b/resources/libraries/python/TrafficScriptExecutor.py index e7b851e733..f730d3a0e3 100644 --- a/resources/libraries/python/TrafficScriptExecutor.py +++ b/resources/libraries/python/TrafficScriptExecutor.py @@ -48,6 +48,10 @@ class TrafficScriptExecutor(object): :type node: dict :type script_args: str :type timeout: int + :raises RuntimeError: ICMP echo Rx timeout. + :raises RuntimeError: DHCP REQUEST Rx timeout. + :raises RuntimeError: TCP/UDP Rx timeout. + :raises RuntimeError: Traffic script execution failed. """ logger.trace("{}".format(timeout)) ssh = SSH() @@ -66,11 +70,13 @@ class TrafficScriptExecutor(object): logger.debug("ret_code: {}".format(ret_code)) if ret_code != 0: if "RuntimeError: ICMP echo Rx timeout" in stderr: - raise Exception("ICMP echo Rx timeout") + raise RuntimeError("ICMP echo Rx timeout") elif "RuntimeError: DHCP REQUEST Rx timeout" in stderr: raise RuntimeError("DHCP REQUEST Rx timeout") + elif "RuntimeError: TCP/UDP Rx timeout" in stderr: + raise RuntimeError("TCP/UDP Rx timeout") else: - raise Exception("Traffic script execution failed") + raise RuntimeError("Traffic script execution failed") @staticmethod def traffic_script_gen_arg(rx_if, tx_if, src_mac, dst_mac, src_ip, dst_ip): diff --git a/resources/libraries/robot/traffic.robot b/resources/libraries/robot/traffic.robot index c90067ad06..7dba5efbe3 100644 --- a/resources/libraries/robot/traffic.robot +++ b/resources/libraries/robot/traffic.robot @@ -150,3 +150,92 @@ | | ... | --tx_if | ${tx_port} | --rx_if | ${rx_port} | | ... | --rx_arp_src_ip ${rx_arp_src_ip} | --rx_arp_dst_ip ${rx_arp_dst_ip} | | Run Traffic Script On Node | send_icmp_check_arp.py | ${tg_node} | ${args} + +| Send TCP or UDP packet +| | [Documentation] | Sends TCP or UDP packet with specified source +| | ... | and destination port. +| | ... +| | ... | *Arguments:* +| | ... +| | ... | _NOTE:_ Arguments are based on topology: +| | ... | TG(if1)->(if1)DUT(if2)->TG(if2) +| | ... +| | ... | - tg_node - Node to execute scripts on (TG). Type: dictionary +| | ... | - src_ip - IP of source interface (TG-if1). Type: integer +| | ... | - dst_ip - IP of destination interface (TG-if2). Type: integer +| | ... | - tx_port - Source interface (TG-if1). Type: string +| | ... | - tx_mac - MAC address of source interface (TG-if1). Type: string +| | ... | - rx_port - Destionation interface (TG-if1). Type: string +| | ... | - rx_mac - MAC address of destination interface (TG-if1). Type: string +| | ... | - protocol - Type of protocol. Type: string +| | ... | - source_port - Source TCP/UDP port. Type: string or integer +| | ... | - destination_port - Destination TCP/UDP port. Type: string or integer +| | ... +| | ... | *Return:* +| | ... | - No value returned +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Send TCP or UDP packet \| ${nodes['TG']} \ +| | ... | \| 16.0.0.1 \| 32.0.0.1 \| eth2 \| 08:00:27:cc:4f:54 \ +| | ... | \| eth4 \| 08:00:27:c9:6a:d5 \| TCP \| 20 \| 80 \| +| | ... +| | [Arguments] | ${tg_node} | ${src_ip} | ${dst_ip} | ${tx_port} | +| | ... | ${tx_mac} | ${rx_port} | ${rx_mac} | ${protocol} | ${source_port} +| | ... | ${destination_port} +| | ${args}= | Catenate | --tx_mac | ${tx_mac} +| | ... | --rx_mac | ${rx_mac} +| | ... | --src_ip | ${src_ip} +| | ... | --dst_ip | ${dst_ip} +| | ... | --tx_if | ${tx_port} +| | ... | --rx_if | ${rx_port} +| | ... | --protocol | ${protocol} +| | ... | --source_port | ${source_port} +| | ... | --destination_port | ${destination_port} +| | Run Traffic Script On Node | send_tcp_udp.py +| | ... | ${tg_node} | ${args} + +| Send TCP or UDP packet should failed +| | [Documentation] | Sends TCP or UDP packet with specified source +| | ... | and destination port. +| | ... +| | ... | *Arguments:* +| | ... +| | ... | _NOTE:_ Arguments are based on topology: +| | ... | TG(if1)->(if1)DUT(if2)->TG(if2) +| | ... +| | ... | - tg_node - Node to execute scripts on (TG). Type: dictionary +| | ... | - src_ip - IP of source interface (TG-if1). Type: integer +| | ... | - dst_ip - IP of destination interface (TG-if2). Type: integer +| | ... | - tx_port - Source interface (TG-if1). Type: string +| | ... | - tx_mac - MAC address of source interface (TG-if1). Type: string +| | ... | - rx_port - Destionation interface (TG-if1). Type: string +| | ... | - rx_mac - MAC address of destination interface (TG-if1). Type: string +| | ... | - protocol - Type of protocol. Type: string +| | ... | - source_port - Source TCP/UDP port. Type: string or integer +| | ... | - destination_port - Destination TCP/UDP port. Type: string or integer +| | ... +| | ... | *Return:* +| | ... | - No value returned +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Send TCP or UDP packet should failed \| ${nodes['TG']} \ +| | ... | \| 16.0.0.1 \| 32.0.0.1 \| eth2 \| 08:00:27:cc:4f:54 \ +| | ... | \| eth4 \| 08:00:27:c9:6a:d5 \| TCP \| 20 \| 80 \| +| | ... +| | [Arguments] | ${tg_node} | ${src_ip} | ${dst_ip} | ${tx_port} | +| | ... | ${tx_mac} | ${rx_port} | ${rx_mac} | ${protocol} | ${source_port} +| | ... | ${destination_port} +| | ${args}= | Catenate | --tx_mac | ${tx_mac} +| | ... | --rx_mac | ${rx_mac} +| | ... | --src_ip | ${src_ip} +| | ... | --dst_ip | ${dst_ip} +| | ... | --tx_if | ${tx_port} +| | ... | --rx_if | ${rx_port} +| | ... | --protocol | ${protocol} +| | ... | --source_port | ${source_port} +| | ... | --destination_port | ${destination_port} +| | Run Keyword And Expect Error | TCP/UDP Rx timeout +| | ... | Run Traffic Script On Node | send_tcp_udp.py +| | ... | ${tg_node} | ${args} diff --git a/resources/templates/vat/classify_add_session_hex.vat b/resources/templates/vat/classify_add_session_hex.vat new file mode 100644 index 0000000000..c9c072927c --- /dev/null +++ b/resources/templates/vat/classify_add_session_hex.vat @@ -0,0 +1 @@ +classify_add_del_session acl-hit-next {acl_method} table-index {table_index} skip_n {skip_n} match_n {match_n} match hex {hex_value} \ No newline at end of file diff --git a/resources/templates/vat/classify_add_table_hex.vat b/resources/templates/vat/classify_add_table_hex.vat new file mode 100644 index 0000000000..8d5365585d --- /dev/null +++ b/resources/templates/vat/classify_add_table_hex.vat @@ -0,0 +1 @@ +classify_add_del_table mask hex {hex_mask} \ No newline at end of file diff --git a/resources/traffic_scripts/send_tcp_udp.py b/resources/traffic_scripts/send_tcp_udp.py new file mode 100755 index 0000000000..77f918213f --- /dev/null +++ b/resources/traffic_scripts/send_tcp_udp.py @@ -0,0 +1,121 @@ +#!/usr/bin/env python +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Traffic script that sends an TCP or UDP packet +from one interface to the other. +""" + +import sys +import ipaddress + +from scapy.layers.inet import IP, UDP, TCP +from scapy.layers.inet6 import IPv6 +from scapy.all import Ether + +from resources.libraries.python.PacketVerifier import RxQueue, TxQueue +from resources.libraries.python.TrafficScriptArg import TrafficScriptArg + + +def valid_ipv4(ip): + """Check if IP address has the correct IPv4 address format. + + :param ip: IP address. + :type ip: str + :return: True in case of correct IPv4 address format, + otherwise return False. + :rtype: bool + """ + try: + ipaddress.IPv4Address(unicode(ip)) + return True + except (AttributeError, ipaddress.AddressValueError): + return False + + +def valid_ipv6(ip): + """Check if IP address has the correct IPv6 address format. + + :param ip: IP address. + :type ip: str + :return: True in case of correct IPv6 address format, + otherwise return False. + :rtype: bool + """ + try: + ipaddress.IPv6Address(unicode(ip)) + return True + except (AttributeError, ipaddress.AddressValueError): + return False + + +def main(): + """Send TCP or UDP packet from one traffic generator interface to the other. + """ + args = TrafficScriptArg( + ['tx_mac', 'rx_mac', 'src_ip', 'dst_ip', 'protocol', + 'source_port', 'destination_port']) + + src_mac = args.get_arg('tx_mac') + dst_mac = args.get_arg('rx_mac') + src_ip = args.get_arg('src_ip') + dst_ip = args.get_arg('dst_ip') + tx_if = args.get_arg('tx_if') + rx_if = args.get_arg('rx_if') + + protocol = args.get_arg('protocol') + source_port = args.get_arg('source_port') + destination_port = args.get_arg('destination_port') + + ip_version = None + if valid_ipv4(src_ip) and valid_ipv4(dst_ip): + ip_version = IP + elif valid_ipv6(src_ip) and valid_ipv6(dst_ip): + ip_version = IPv6 + else: + ValueError("Invalid IP version!") + + if protocol.upper() == 'TCP': + protocol = TCP + elif protocol.upper() == 'UDP': + protocol = UDP + else: + raise ValueError("Invalid type of protocol!") + + rxq = RxQueue(rx_if) + txq = TxQueue(tx_if) + + pkt_raw = (Ether(src=src_mac, dst=dst_mac) / + ip_version(src=src_ip, dst=dst_ip) / + protocol(sport=int(source_port), dport=int(destination_port))) + + txq.send(pkt_raw) + ether = rxq.recv(2) + + if ether is None: + raise RuntimeError("TCP/UDP Rx timeout") + + if 'TCP' in ether: + print ("TCP packet received.") + + elif 'UDP' in ether: + print ("UDP packet received.") + else: + raise RuntimeError("Not an TCP or UDP packet received {0}" + .format(ether.__repr__())) + + sys.exit(0) + + +if __name__ == "__main__": + main() diff --git a/tests/suites/ipv4/ipv4_iacl_untagged.robot b/tests/suites/ipv4/ipv4_iacl_untagged.robot index 43460df1fa..43c4a3732c 100644 --- a/tests/suites/ipv4/ipv4_iacl_untagged.robot +++ b/tests/suites/ipv4/ipv4_iacl_untagged.robot @@ -26,7 +26,8 @@ | Suite Setup | Run Keywords | Setup all TGs before traffic script | ... | AND | Update All Interface Data On All Nodes | ${nodes} | Test Setup | Setup all DUTs before test -| Test Teardown | Show packet trace on all DUTs | ${nodes} +| Test Teardown | Run Keywords | Show packet trace on all DUTs | ${nodes} +| ... | AND | Vpp Show Errors | ${nodes['DUT1']} *** Variables *** | ${dut1_to_tg_ip}= | 192.168.1.1 @@ -34,7 +35,10 @@ | ${dut1_to_dut2_ip_GW}= | 192.168.2.2 | ${test_dst_ip}= | 32.0.0.1 | ${test_src_ip}= | 16.0.0.1 +| ${non_drop_dst_ip}= | 33.0.0.1 +| ${non_drop_src_ip}= | 15.0.0.1 | ${prefix_length}= | 24 +| ${ip_version}= | ip4 *** Test Cases *** | VPP drops packets based on IPv4 source addresses @@ -48,13 +52,6 @@ | | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} | | And Set Interface Address | ${dut1_node} | | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table -| | ... | ${dut1_node} | ip4 | src -| | And Vpp Configure Classify Session -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ip4 | src | ${test_src_ip} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ip4 | ${table_index} | | And Add Arp On Dut | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} | | ... | ${tg_to_dut2_mac} @@ -63,11 +60,29 @@ | | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} | | And L2 setup xconnect on DUT | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | Then Send Packet And Check Headers | ${tg_node} +| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | And Send Packet And Check Headers | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table +| | ... | ${dut1_node} | ${ip_version} | src +| | And Vpp Configure Classify Session +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${ip_version} | src | ${test_src_ip} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} | | Then Send packet from Port to Port should failed | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} - +| | And Send Packet And Check Headers | ${tg_node} +| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | VPP drops packets based on IPv4 destination addresses | | [Documentation] | Create classify table on VPP, add destination IP address @@ -80,26 +95,40 @@ | | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} | | And Set Interface Address | ${dut1_node} | | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table -| | ... | ${dut1_node} | ip4 | dst -| | And Vpp Configure Classify Session -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ip4 | dst | ${test_dst_ip} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ip4 | ${table_index} | | And Add Arp On Dut | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} | | ... | ${tg_to_dut2_mac} | | And Vpp Route Add | | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} | | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${non_drop_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} | | And L2 setup xconnect on DUT | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | Then Send Packet And Check Headers | ${tg_node} +| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | And Send Packet And Check Headers | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table +| | ... | ${dut1_node} | ${ip_version} | dst +| | And Vpp Configure Classify Session +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${ip_version} | dst | ${test_dst_ip} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} | | Then Send packet from Port to Port should failed | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} - +| | And Send Packet And Check Headers | ${tg_node} +| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | VPP drops packets based on IPv4 src-addr and dst-addr | | [Documentation] | Create classify table on VPP, add source and destination @@ -112,20 +141,137 @@ | | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} | | And Set Interface Address | ${dut1_node} | | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${non_drop_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | Then Send Packet And Check Headers | ${tg_node} +| | ... | ${non_drop_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | And Send Packet And Check Headers | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | ${table_index_1} | ${skip_n_1} | ${match_n_1}= -| | ... | When Vpp Create Classify Table | ${dut1_node} | ip4 | src +| | ... | When Vpp Create Classify Table | ${dut1_node} | ${ip_version} | src | | ${table_index_2} | ${skip_n_2} | ${match_n_2}= -| | ... | When Vpp Create Classify Table | ${dut1_node} | ip4 | dst +| | ... | And Vpp Create Classify Table | ${dut1_node} | ${ip_version} | dst | | And Vpp Configure Classify Session | | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_2} -| | ... | ip4 | src | ${test_src_ip} +| | ... | ${ip_version} | src | ${test_src_ip} | | And Vpp Configure Classify Session | | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} -| | ... | ip4 | dst | ${test_dst_ip} +| | ... | ${ip_version} | dst | ${test_dst_ip} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index_1} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index_2} +| | Then Send packet from Port to Port should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | And Send Packet And Check Headers | ${tg_node} +| | ... | ${non_drop_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} + +| VPP drops packets based on IPv4 protocol (TCP) +| | [Documentation] | Create classify table on VPP, add mask for TCP port +| | ... | into table and setup 'deny' traffic +| | ... | and check if TCP traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | 0000000000000000000000000000000000000000000000FF +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | 000000000000000000000000000000000000000000000006 | | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ip4 | ${table_index_1} +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 + +| VPP drops packets based on IPv4 protocol (UDP) +| | [Documentation] | Create classify table on VPP, add mask for UDP port +| | ... | into table and setup 'deny' traffic +| | ... | and check if UDP traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | 0000000000000000000000000000000000000000000000FF +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | 000000000000000000000000000000000000000000000011 | | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ip4 | ${table_index_2} +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 + +| VPP drops packets based on IPv4 TCP src ports +| | [Documentation] | Create classify table on VPP, add source TCP port +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} | | And Add Arp On Dut | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} | | ... | ${tg_to_dut2_mac} @@ -134,7 +280,231 @@ | | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} | | And L2 setup xconnect on DUT | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send packet from Port to Port should failed | ${tg_node} +| | Then Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | source +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | ${hex_mask} +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 20 + +| VPP drops packets based on IPv4 TCP dst ports +| | [Documentation] | Create classify table on VPP, add destination TCP port +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 110 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | destination +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | ${hex_mask} +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 110 + +| VPP drops packets based on IPv4 TCP src + dst ports +| | [Documentation] | Create classify table on VPP, add source and destination +| | ... | TCP port of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 25 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP +| | ... | source + destination +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | ${hex_mask} +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 25 + +| VPP drops packets based on IPv4 UDP src ports +| | [Documentation] | Create classify table on VPP, add source UDP port +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | source +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | ${hex_mask} +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 20 + +| VPP drops packets based on IPv4 UDP dst ports +| | [Documentation] | Create classify table on VPP, add destination UDP port +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 110 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | destination +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | ${hex_mask} +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 110 + +| VPP drops packets based on IPv4 UDP src + dst ports +| | [Documentation] | Create classify table on VPP, add source and destination +| | ... | UDP port of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Set Interface Address | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP +| | ... | source + destination +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | ${hex_mask} +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 diff --git a/tests/suites/ipv6/ipv6_iacl_untagged.robot b/tests/suites/ipv6/ipv6_iacl_untagged.robot index ed91616653..2e8ec66786 100644 --- a/tests/suites/ipv6/ipv6_iacl_untagged.robot +++ b/tests/suites/ipv6/ipv6_iacl_untagged.robot @@ -26,7 +26,8 @@ | Suite Setup | Run Keywords | Setup all TGs before traffic script | ... | AND | Update All Interface Data On All Nodes | ${nodes} | Test Setup | Setup all DUTs before test -| Test Teardown | Show packet trace on all DUTs | ${nodes} +| Test Teardown | Run Keywords | Show packet trace on all DUTs | ${nodes} +| ... | AND | Vpp Show Errors | ${nodes['DUT1']} *** Variables *** | ${dut1_to_tg_ip}= | 3ffe:62::1 @@ -36,7 +37,10 @@ | ${dut2_to_tg_ip}= | 3ffe:73::1 | ${test_dst_ip}= | 3ffe:64::1 | ${test_src_ip}= | 3ffe:61::1 +| ${non_drop_dst_ip}= | 3ffe:54::1 +| ${non_drop_src_ip}= | 3ffe:51::1 | ${prefix_length}= | 64 +| ${ip_version}= | ip6 *** Test Cases *** | VPP drops packets based on IPv6 source addresses @@ -48,15 +52,8 @@ | | And Interfaces in 3-node path are up | | And Vpp Set If Ipv6 Addr | ${dut1_node} | | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | And Vpp Set If Ipv6 Addr | ${dut1_node} | | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table -| | ... | ${dut1_node} | ip6 | src -| | And Vpp Configure Classify Session -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ip6 | src | ${test_src_ip} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ip6 | ${table_index} | | And Add Ip Neighbor | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} | | ... | ${tg_to_dut2_mac} @@ -65,11 +62,30 @@ | | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} | | And L2 setup xconnect on DUT | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | Then Send Packet And Check Headers | ${tg_node} +| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | And Send Packet And Check Headers | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table +| | ... | ${dut1_node} | ${ip_version} | src +| | And Vpp Configure Classify Session +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${ip_version} | src | ${test_src_ip} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} | | Then Send packet from Port to Port should failed | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} - +| | And Send Packet And Check Headers | ${tg_node} +| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | VPP drops packets based on IPv6 destination addresses | | [Documentation] | Create classify table on VPP, add destination IP address @@ -80,28 +96,43 @@ | | And Interfaces in 3-node path are up | | And Vpp Set If Ipv6 Addr | ${dut1_node} | | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | And Vpp Set If Ipv6 Addr | ${dut1_node} | | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table -| | ... | ${dut1_node} | ip6 | dst -| | And Vpp Configure Classify Session -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ip6 | dst | ${test_dst_ip} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ip6 | ${table_index} | | And Add Ip Neighbor | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} | | ... | ${tg_to_dut2_mac} | | And Vpp Route Add | | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} | | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${non_drop_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} | | And L2 setup xconnect on DUT | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | Then Send Packet And Check Headers | ${tg_node} +| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | And Send Packet And Check Headers | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table +| | ... | ${dut1_node} | ${ip_version} | dst +| | And Vpp Configure Classify Session +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${ip_version} | dst | ${test_dst_ip} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} | | Then Send packet from Port to Port should failed | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} - +| | And Send Packet And Check Headers | ${tg_node} +| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | VPP drops packets based on IPv6 src-addr and dst-addr | | [Documentation] | Create classify table on VPP, add source and destination @@ -112,22 +143,142 @@ | | And Interfaces in 3-node path are up | | And Vpp Set If Ipv6 Addr | ${dut1_node} | | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | And Vpp Set If Ipv6 Addr | ${dut1_node} | | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Ip Neighbor +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${non_drop_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | Then Send Packet And Check Headers | ${tg_node} +| | ... | ${non_drop_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | And Send Packet And Check Headers | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | ${table_index_1} | ${skip_n_1} | ${match_n_1}= -| | ... | When Vpp Create Classify Table | ${dut1_node} | ip6 | src +| | ... | When Vpp Create Classify Table | ${dut1_node} | ${ip_version} | src | | ${table_index_2} | ${skip_n_2} | ${match_n_2}= -| | ... | When Vpp Create Classify Table | ${dut1_node} | ip6 | dst +| | ... | And Vpp Create Classify Table | ${dut1_node} | ${ip_version} | dst | | And Vpp Configure Classify Session | | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_2} -| | ... | ip6 | src | ${test_src_ip} +| | ... | ${ip_version} | src | ${test_src_ip} | | And Vpp Configure Classify Session | | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} -| | ... | ip6 | dst | ${test_dst_ip} +| | ... | ${ip_version} | dst | ${test_dst_ip} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index_1} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index_2} +| | Then Send packet from Port to Port should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | And Send Packet And Check Headers | ${tg_node} +| | ... | ${non_drop_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} + +| VPP drops packets based on IPv6 protocol (TCP) +| | [Documentation] | Create classify table on VPP, add mask for TCP port +| | ... | into table and setup 'deny' traffic +| | ... | and check if TCP traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Ip Neighbor +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | 0000000000000000000000000000000000000000FF +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | 000000000000000000000000000000000000000006 | | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ip6 | ${table_index_1} +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 + +| VPP drops packets based on IPv6 protocol (UDP) +| | [Documentation] | Create classify table on VPP, add mask for UDP port +| | ... | into table and setup 'deny' traffic +| | ... | and check if UDP traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Ip Neighbor +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | 0000000000000000000000000000000000000000FF +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | 000000000000000000000000000000000000000011 | | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ip6 | ${table_index_2} +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 + +| VPP drops packets based on IPv6 TCP src ports +| | [Documentation] | Create classify table on VPP, add source IP address +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} | | And Add Ip Neighbor | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} | | ... | ${tg_to_dut2_mac} @@ -136,7 +287,237 @@ | | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} | | And L2 setup xconnect on DUT | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send packet from Port to Port should failed | ${tg_node} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | Then Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | source +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | ${hex_mask} +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 20 + +| VPP drops packets based on IPv6 TCP dst ports +| | [Documentation] | Create classify table on VPP, add destination TCP port +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Ip Neighbor +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 110 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | destination +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | ${hex_mask} +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 110 + +| VPP drops packets based on IPv6 TCP src + dst ports +| | [Documentation] | Create classify table on VPP, add source and destination +| | ... | TCP port of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Ip Neighbor +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 25 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP +| | ... | source + destination +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | ${hex_mask} +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 25 + +| VPP drops packets based on IPv6 UDP src ports +| | [Documentation] | Create classify table on VPP, add source UDP port +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Ip Neighbor +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | source +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | ${hex_mask} +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 20 + +| VPP drops packets based on IPv6 UDP dst ports +| | [Documentation] | Create classify table on VPP, add destination UDP port +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Ip Neighbor +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 110 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | destination +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | ${hex_mask} +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 110 + +| VPP drops packets based on IPv6 UDP src + dst ports +| | [Documentation] | Create classify table on VPP, add source and destination +| | ... | UDP port of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} +| | And Vpp Set If Ipv6 Addr | ${dut1_node} +| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | And Add Ip Neighbor +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} +| | ... | ${tg_to_dut2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} +| | ... | ${dut1_to_dut2_ip_GW} | ${dut1_to_dut2} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP +| | ... | source + destination +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ... | ${dut1_node} | ${hex_mask} +| | And Vpp Configure Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} +| | Then Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25