2 """ACL IRB Test Case HLD:
5 - L2 MAC learning enabled in l2bd
6 - 2 routed interfaces untagged, bvi (Bridge Virtual Interface)
7 - 2 bridged interfaces in l2bd with bvi
10 - sending ip4 eth pkts between routed interfaces
12 - 2 bridged interfaces
14 - 64B, 512B, 1518B, 9200B (ether_size)
16 - burst of pkts per interface
18 - routed pkts hitting different FIB entries
19 - bridged pkts hitting different MAC entries
22 - all packets received correctly
27 from socket import inet_pton, AF_INET, AF_INET6
28 from random import choice, shuffle
29 from pprint import pprint
31 from scapy.packet import Raw
32 from scapy.layers.l2 import Ether
33 from scapy.layers.inet import IP, UDP, ICMP, TCP
34 from scapy.layers.inet6 import IPv6, ICMPv6Unknown, ICMPv6EchoRequest
35 from scapy.layers.inet6 import ICMPv6EchoReply, IPv6ExtHdrRouting
36 from scapy.layers.inet6 import IPv6ExtHdrFragment
38 from framework import VppTestCase, VppTestRunner
39 from vpp_papi_provider import L2_PORT_TYPE
43 class TestIpIrb(VppTestCase):
49 #. Create BD with MAC learning enabled and put interfaces to this BD.
50 #. Configure IPv4 addresses on loopback interface and routed interface.
51 #. Configure MAC address binding to IPv4 neighbors on loop0.
52 #. Configure MAC address on pg2.
53 #. Loopback BVI interface has remote hosts, one half of hosts are
54 behind pg0 second behind pg1.
56 super(TestIpIrb, cls).setUpClass()
58 cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes
60 cls.remote_hosts_count = 250
62 # create 3 pg interfaces, 1 loopback interface
63 cls.create_pg_interfaces(range(3))
64 cls.create_loopback_interfaces(1)
66 cls.interfaces = list(cls.pg_interfaces)
67 cls.interfaces.extend(cls.lo_interfaces)
69 for i in cls.interfaces:
72 # Create BD with MAC learning enabled and put interfaces to this BD
73 cls.vapi.sw_interface_set_l2_bridge(
74 cls.loop0.sw_if_index, bd_id=cls.bd_id,
75 port_type=L2_PORT_TYPE.BVI)
76 cls.vapi.sw_interface_set_l2_bridge(
77 cls.pg0.sw_if_index, bd_id=cls.bd_id)
78 cls.vapi.sw_interface_set_l2_bridge(
79 cls.pg1.sw_if_index, bd_id=cls.bd_id)
81 # Configure IPv4 addresses on loopback interface and routed interface
82 cls.loop0.config_ip4()
83 cls.loop0.config_ip6()
87 # Configure MAC address binding to IPv4 neighbors on loop0
88 cls.loop0.generate_remote_hosts(cls.remote_hosts_count)
89 cls.loop0.configure_ipv4_neighbors()
90 cls.loop0.configure_ipv6_neighbors()
91 # configure MAC address on pg2
95 cls.WITHOUT_EH = False
98 # Loopback BVI interface has remote hosts, one half of hosts are behind
99 # pg0 second behind pg1
100 half = cls.remote_hosts_count // 2
101 cls.pg0.remote_hosts = cls.loop0.remote_hosts[:half]
102 cls.pg1.remote_hosts = cls.loop0.remote_hosts[half:]
105 """Run standard test teardown and log ``show l2patch``,
106 ``show l2fib verbose``,``show bridge-domain <bd_id> detail``,
109 super(TestIpIrb, self).tearDown()
110 if not self.vpp_dead:
111 self.logger.info(self.vapi.cli("show l2patch"))
112 self.logger.info(self.vapi.cli("show classify tables"))
113 self.logger.info(self.vapi.cli("show vlib graph"))
114 self.logger.info(self.vapi.cli("show l2fib verbose"))
115 self.logger.info(self.vapi.cli("show bridge-domain %s detail" %
117 self.logger.info(self.vapi.cli("show ip arp"))
118 self.logger.info(self.vapi.cli("show ip6 neighbors"))
119 self.logger.info(self.vapi.cli("show acl-plugin sessions"))
120 self.logger.info(self.vapi.cli("show acl-plugin acl"))
121 self.logger.info(self.vapi.cli("show acl-plugin interface"))
122 self.logger.info(self.vapi.cli("show acl-plugin tables"))
124 def create_stream(self, src_ip_if, dst_ip_if, reverse, packet_sizes,
125 is_ip6, expect_blocked, expect_established,
126 add_extension_header):
130 permit_and_reflect_rules = []
131 total_packet_count = 8
132 for i in range(0, total_packet_count):
134 can_reflect_this_packet = (modulo == 0)
136 remote_dst_index = i % len(dst_ip_if.remote_hosts)
137 remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index]
139 info = self.create_packet_info(src_ip_if, dst_ip_if)
140 payload = self.info_to_payload(info)
142 to_be_blocked = False
143 if (expect_blocked and not expect_established):
145 if (not can_reflect_this_packet):
148 payload = "to be blocked"
150 info = self.create_packet_info(src_ip_if, dst_ip_if)
151 payload = self.info_to_payload(info)
153 dst_mac = 'de:ad:00:00:00:00'
154 src_mac = remote_dst_host._mac
155 dst_ip6 = src_ip_if.remote_ip6
156 src_ip6 = remote_dst_host.ip6
157 dst_ip4 = src_ip_if.remote_ip4
158 src_ip4 = remote_dst_host.ip4
162 dst_mac = src_ip_if.local_mac
163 src_mac = src_ip_if.remote_mac
164 src_ip6 = src_ip_if.remote_ip6
165 dst_ip6 = remote_dst_host.ip6
166 src_ip4 = src_ip_if.remote_ip4
167 dst_ip4 = remote_dst_host.ip4
171 # default ULP should be something we do not use in tests
172 ulp_l4 = TCP(sport=src_l4, dport=dst_l4)
173 # potentially a chain of protocols leading to ULP
176 if can_reflect_this_packet:
178 ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
179 if add_extension_header:
180 # prepend some extension headers
181 ulp = (IPv6ExtHdrRouting() / IPv6ExtHdrRouting() /
182 IPv6ExtHdrFragment(offset=0, m=1) / ulp_l4)
183 # uncomment below to test invalid ones
184 # ulp = IPv6ExtHdrRouting(len = 200) / ulp_l4
187 p = (Ether(dst=dst_mac, src=src_mac) /
188 IPv6(src=src_ip6, dst=dst_ip6) /
192 ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
193 # IPv4 does not allow extension headers,
194 # but we rather make it a first fragment
195 flags = 1 if add_extension_header else 0
197 p = (Ether(dst=dst_mac, src=src_mac) /
198 IP(src=src_ip4, dst=dst_ip4, frag=0, flags=flags) /
203 ulp_l4 = ICMPv6Unknown(type=128 + (i % 2), code=i % 2)
205 p = (Ether(dst=dst_mac, src=src_mac) /
206 IPv6(src=src_ip6, dst=dst_ip6) /
210 ulp_l4 = ICMP(type=8 + (i % 2), code=i % 2)
212 p = (Ether(dst=dst_mac, src=src_mac) /
213 IP(src=src_ip4, dst=dst_ip4) /
219 size = packet_sizes[(i // 2) % len(packet_sizes)]
220 self.extend_packet(p, size)
223 rule_family = AF_INET6 if p.haslayer(IPv6) else AF_INET
224 rule_prefix_len = 128 if p.haslayer(IPv6) else 32
225 rule_l3_layer = IPv6 if p.haslayer(IPv6) else IP
228 rule_l4_sport = p[UDP].sport
229 rule_l4_dport = p[UDP].dport
232 rule_l4_sport = p[ICMP].type
233 rule_l4_dport = p[ICMP].code
235 rule_l4_sport = p[ICMPv6Unknown].type
236 rule_l4_dport = p[ICMPv6Unknown].code
238 rule_l4_proto = ulp_l4.overload_fields[IPv6]['nh']
240 rule_l4_proto = p[IP].proto
243 'is_permit': is_permit,
244 'is_ipv6': p.haslayer(IPv6),
245 'src_ip_addr': inet_pton(rule_family,
246 p[rule_l3_layer].src),
247 'src_ip_prefix_len': rule_prefix_len,
248 'dst_ip_addr': inet_pton(rule_family,
249 p[rule_l3_layer].dst),
250 'dst_ip_prefix_len': rule_prefix_len,
251 'srcport_or_icmptype_first': rule_l4_sport,
252 'srcport_or_icmptype_last': rule_l4_sport,
253 'dstport_or_icmpcode_first': rule_l4_dport,
254 'dstport_or_icmpcode_last': rule_l4_dport,
255 'proto': rule_l4_proto,
257 rules.append(new_rule)
258 new_rule_permit = new_rule.copy()
259 new_rule_permit['is_permit'] = 1
260 permit_rules.append(new_rule_permit)
262 new_rule_permit_and_reflect = new_rule.copy()
263 if can_reflect_this_packet:
264 new_rule_permit_and_reflect['is_permit'] = 2
266 new_rule_permit_and_reflect['is_permit'] = is_permit
267 permit_and_reflect_rules.append(new_rule_permit_and_reflect)
269 return {'stream': pkts,
271 'permit_rules': permit_rules,
272 'permit_and_reflect_rules': permit_and_reflect_rules}
274 def verify_capture(self, dst_ip_if, src_ip_if, capture, reverse):
276 for i in self.interfaces:
277 last_info[i.sw_if_index] = None
279 dst_ip_sw_if_index = dst_ip_if.sw_if_index
282 for packet in capture:
283 l3 = IP if packet.haslayer(IP) else IPv6
285 if packet.haslayer(UDP):
288 if packet.haslayer(ICMP):
293 # Scapy IPv6 stuff is too smart for its own good.
294 # So we do this and coerce the ICMP into unknown type
295 if packet.haslayer(UDP):
296 data = str(packet[UDP][Raw])
299 data = str(ICMP(str(packet[l3].payload))[Raw])
301 data = str(ICMPv6Unknown(str(packet[l3].payload)).msgbody)
302 udp_or_icmp = packet[l3].payload
303 payload_info = self.payload_to_info(data)
304 packet_index = payload_info.index
306 self.assertEqual(payload_info.dst, dst_ip_sw_if_index)
308 next_info = self.get_next_packet_info_for_interface2(
309 payload_info.src, dst_ip_sw_if_index,
310 last_info[payload_info.src])
311 last_info[payload_info.src] = next_info
312 self.assertTrue(next_info is not None)
313 self.assertEqual(packet_index, next_info.index)
314 saved_packet = next_info.data
315 self.assertTrue(next_info is not None)
319 self.assertEqual(packet.src, dst_ip_if.local_mac)
320 host = dst_ip_if.host_by_mac(packet.dst)
323 # self.assertEqual(ip.src, src_ip_if.remote_ip4)
324 if saved_packet is not None:
325 self.assertEqual(ip.src, saved_packet[l3].src)
326 self.assertEqual(ip.dst, saved_packet[l3].dst)
328 self.assertEqual(udp_or_icmp.sport, saved_packet[l4].sport)
329 self.assertEqual(udp_or_icmp.dport, saved_packet[l4].dport)
331 print("Saved packet is none")
332 # self.assertEqual(ip.dst, host.ip4)
336 def applied_acl_shuffle(self, sw_if_index):
337 # first collect what ACLs are applied and what they look like
338 r = self.vapi.acl_interface_list_dump(sw_if_index=sw_if_index)
339 orig_applied_acls = r[0]
341 # we will collect these just to save and generate additional rulesets
343 for acl_num in orig_applied_acls.acls:
344 rr = self.vapi.acl_dump(acl_num)
345 orig_acls.append(rr[0])
347 # now create a list of all the rules in all ACLs
349 for old_acl in orig_acls:
350 for rule in old_acl.r:
351 all_rules.append(dict(rule._asdict()))
353 # Add a few ACLs made from shuffled rules
355 reply = self.vapi.acl_add_replace(acl_index=4294967295,
357 tag="shuffle 1. acl")
358 shuffle_acl_1 = reply.acl_index
360 reply = self.vapi.acl_add_replace(acl_index=4294967295,
362 tag="shuffle 2. acl")
363 shuffle_acl_2 = reply.acl_index
365 reply = self.vapi.acl_add_replace(acl_index=4294967295,
367 tag="shuffle 3. acl")
368 shuffle_acl_3 = reply.acl_index
370 # apply the shuffle ACLs in front
371 input_acls = [shuffle_acl_1, shuffle_acl_2]
372 output_acls = [shuffle_acl_1, shuffle_acl_2]
374 # add the currently applied ACLs
375 n_input = orig_applied_acls.n_input
376 input_acls.extend(orig_applied_acls.acls[:n_input])
377 output_acls.extend(orig_applied_acls.acls[n_input:])
379 # and the trailing shuffle ACL(s)
380 input_acls.extend([shuffle_acl_3])
381 output_acls.extend([shuffle_acl_3])
383 # set the interface ACL list to the result
384 self.vapi.acl_interface_set_acl_list(sw_if_index=sw_if_index,
385 n_input=len(input_acls),
386 acls=input_acls + output_acls)
387 # change the ACLs a few times
388 for i in range(1, 10):
390 reply = self.vapi.acl_add_replace(acl_index=shuffle_acl_1,
391 r=all_rules[::1+(i % 2)],
392 tag="shuffle 1. acl")
394 reply = self.vapi.acl_add_replace(acl_index=shuffle_acl_2,
395 r=all_rules[::1+(i % 3)],
396 tag="shuffle 2. acl")
398 reply = self.vapi.acl_add_replace(acl_index=shuffle_acl_2,
399 r=all_rules[::1+(i % 5)],
400 tag="shuffle 3. acl")
402 # restore to how it was before and clean up
403 self.vapi.acl_interface_set_acl_list(sw_if_index=sw_if_index,
404 n_input=orig_applied_acls.n_input,
405 acls=orig_applied_acls.acls)
406 reply = self.vapi.acl_del(acl_index=shuffle_acl_1)
407 reply = self.vapi.acl_del(acl_index=shuffle_acl_2)
408 reply = self.vapi.acl_del(acl_index=shuffle_acl_3)
410 def create_acls_for_a_stream(self, stream_dict,
411 test_l2_action, is_reflect):
412 r = stream_dict['rules']
413 r_permit = stream_dict['permit_rules']
414 r_permit_reflect = stream_dict['permit_and_reflect_rules']
415 r_action = r_permit_reflect if is_reflect else r
416 reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r_action,
418 action_acl_index = reply.acl_index
419 reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r_permit,
421 permit_acl_index = reply.acl_index
422 return {'L2': action_acl_index if test_l2_action else permit_acl_index,
423 'L3': permit_acl_index if test_l2_action else action_acl_index,
424 'permit': permit_acl_index, 'action': action_acl_index}
426 def apply_acl_ip46_x_to_y(self, bridged_to_routed, test_l2_deny,
427 is_ip6, is_reflect, add_eh):
430 self.reset_packet_infos()
431 stream_dict = self.create_stream(
432 self.pg2, self.loop0,
434 self.pg_if_packet_sizes, is_ip6,
435 not is_reflect, False, add_eh)
436 stream = stream_dict['stream']
437 acl_idx = self.create_acls_for_a_stream(stream_dict, test_l2_deny,
439 n_input_l3 = 0 if bridged_to_routed else 1
440 n_input_l2 = 1 if bridged_to_routed else 0
441 self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
443 acls=[acl_idx['L3']])
444 self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
446 acls=[acl_idx['L2']])
447 self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
449 acls=[acl_idx['L2']])
450 self.applied_acl_shuffle(self.pg0.sw_if_index)
451 self.applied_acl_shuffle(self.pg2.sw_if_index)
453 def apply_acl_ip46_both_directions_reflect(self,
454 primary_is_bridged_to_routed,
455 reflect_on_l2, is_ip6, add_eh):
456 primary_is_routed_to_bridged = not primary_is_bridged_to_routed
457 self.reset_packet_infos()
458 stream_dict_fwd = self.create_stream(self.pg2, self.loop0,
459 primary_is_bridged_to_routed,
460 self.pg_if_packet_sizes, is_ip6,
461 False, False, add_eh)
462 acl_idx_fwd = self.create_acls_for_a_stream(stream_dict_fwd,
465 stream_dict_rev = self.create_stream(self.pg2, self.loop0,
466 not primary_is_bridged_to_routed,
467 self.pg_if_packet_sizes, is_ip6,
469 # We want the primary action to be "deny" rather than reflect
470 acl_idx_rev = self.create_acls_for_a_stream(stream_dict_rev,
471 reflect_on_l2, False)
473 if primary_is_bridged_to_routed:
474 inbound_l2_acl = acl_idx_fwd['L2']
476 inbound_l2_acl = acl_idx_rev['L2']
478 if primary_is_routed_to_bridged:
479 outbound_l2_acl = acl_idx_fwd['L2']
481 outbound_l2_acl = acl_idx_rev['L2']
483 if primary_is_routed_to_bridged:
484 inbound_l3_acl = acl_idx_fwd['L3']
486 inbound_l3_acl = acl_idx_rev['L3']
488 if primary_is_bridged_to_routed:
489 outbound_l3_acl = acl_idx_fwd['L3']
491 outbound_l3_acl = acl_idx_rev['L3']
493 self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
495 acls=[inbound_l3_acl,
497 self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
499 acls=[inbound_l2_acl,
501 self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
503 acls=[inbound_l2_acl,
505 self.applied_acl_shuffle(self.pg0.sw_if_index)
506 self.applied_acl_shuffle(self.pg2.sw_if_index)
508 def apply_acl_ip46_routed_to_bridged(self, test_l2_deny, is_ip6,
510 self.apply_acl_ip46_x_to_y(False, test_l2_deny, is_ip6,
513 def apply_acl_ip46_bridged_to_routed(self, test_l2_deny, is_ip6,
515 self.apply_acl_ip46_x_to_y(True, test_l2_deny, is_ip6,
518 def run_traffic_ip46_x_to_y(self, bridged_to_routed,
519 test_l2_deny, is_ip6,
520 is_reflect, is_established, add_eh):
521 self.reset_packet_infos()
522 stream_dict = self.create_stream(self.pg2, self.loop0,
524 self.pg_if_packet_sizes, is_ip6,
525 not is_reflect, is_established,
527 stream = stream_dict['stream']
529 tx_if = self.pg0 if bridged_to_routed else self.pg2
530 rx_if = self.pg2 if bridged_to_routed else self.pg0
532 tx_if.add_stream(stream)
533 self.pg_enable_capture(self.pg_interfaces)
535 packet_count = self.get_packet_count_for_if_idx(self.loop0.sw_if_index)
536 rcvd1 = rx_if.get_capture(packet_count)
537 self.verify_capture(self.loop0, self.pg2, rcvd1, bridged_to_routed)
539 def run_traffic_ip46_routed_to_bridged(self, test_l2_deny, is_ip6,
540 is_reflect, is_established, add_eh):
541 self.run_traffic_ip46_x_to_y(False, test_l2_deny, is_ip6,
542 is_reflect, is_established, add_eh)
544 def run_traffic_ip46_bridged_to_routed(self, test_l2_deny, is_ip6,
545 is_reflect, is_established, add_eh):
546 self.run_traffic_ip46_x_to_y(True, test_l2_deny, is_ip6,
547 is_reflect, is_established, add_eh)
549 def run_test_ip46_routed_to_bridged(self, test_l2_deny,
550 is_ip6, is_reflect, add_eh):
551 self.apply_acl_ip46_routed_to_bridged(test_l2_deny,
552 is_ip6, is_reflect, add_eh)
553 self.run_traffic_ip46_routed_to_bridged(test_l2_deny, is_ip6,
554 is_reflect, False, add_eh)
556 def run_test_ip46_bridged_to_routed(self, test_l2_deny,
557 is_ip6, is_reflect, add_eh):
558 self.apply_acl_ip46_bridged_to_routed(test_l2_deny,
559 is_ip6, is_reflect, add_eh)
560 self.run_traffic_ip46_bridged_to_routed(test_l2_deny, is_ip6,
561 is_reflect, False, add_eh)
563 def run_test_ip46_routed_to_bridged_and_back(self, test_l2_action,
565 self.apply_acl_ip46_both_directions_reflect(False, test_l2_action,
567 self.run_traffic_ip46_routed_to_bridged(test_l2_action, is_ip6,
569 self.run_traffic_ip46_bridged_to_routed(test_l2_action, is_ip6,
572 def run_test_ip46_bridged_to_routed_and_back(self, test_l2_action,
574 self.apply_acl_ip46_both_directions_reflect(True, test_l2_action,
576 self.run_traffic_ip46_bridged_to_routed(test_l2_action, is_ip6,
578 self.run_traffic_ip46_routed_to_bridged(test_l2_action, is_ip6,
581 def test_0000_ip6_irb_1(self):
582 """ ACL plugin prepare"""
583 if not self.vpp_dead:
584 cmd = "set acl-plugin session timeout udp idle 2000"
585 self.logger.info(self.vapi.ppcli(cmd))
586 # uncomment to not skip past the routing header
587 # and watch the EH tests fail
588 # self.logger.info(self.vapi.ppcli(
589 # "set acl-plugin skip-ipv6-extension-header 43 0"))
590 # uncomment to test the session limit (stateful tests will fail)
591 # self.logger.info(self.vapi.ppcli(
592 # "set acl-plugin session table max-entries 1"))
593 # new datapath is the default, but just in case
594 # self.logger.info(self.vapi.ppcli(
595 # "set acl-plugin l2-datapath new"))
596 # If you want to see some tests fail, uncomment the next line
597 # self.logger.info(self.vapi.ppcli(
598 # "set acl-plugin l2-datapath old"))
600 def test_0001_ip6_irb_1(self):
601 """ ACL IPv6 routed -> bridged, L2 ACL deny"""
602 self.run_test_ip46_routed_to_bridged(True, True, False,
605 def test_0002_ip6_irb_1(self):
606 """ ACL IPv6 routed -> bridged, L3 ACL deny"""
607 self.run_test_ip46_routed_to_bridged(False, True, False,
610 def test_0003_ip4_irb_1(self):
611 """ ACL IPv4 routed -> bridged, L2 ACL deny"""
612 self.run_test_ip46_routed_to_bridged(True, False, False,
615 def test_0004_ip4_irb_1(self):
616 """ ACL IPv4 routed -> bridged, L3 ACL deny"""
617 self.run_test_ip46_routed_to_bridged(False, False, False,
620 def test_0005_ip6_irb_1(self):
621 """ ACL IPv6 bridged -> routed, L2 ACL deny """
622 self.run_test_ip46_bridged_to_routed(True, True, False,
625 def test_0006_ip6_irb_1(self):
626 """ ACL IPv6 bridged -> routed, L3 ACL deny """
627 self.run_test_ip46_bridged_to_routed(False, True, False,
630 def test_0007_ip6_irb_1(self):
631 """ ACL IPv4 bridged -> routed, L2 ACL deny """
632 self.run_test_ip46_bridged_to_routed(True, False, False,
635 def test_0008_ip6_irb_1(self):
636 """ ACL IPv4 bridged -> routed, L3 ACL deny """
637 self.run_test_ip46_bridged_to_routed(False, False, False,
641 def test_0101_ip6_irb_1(self):
642 """ ACL IPv6 routed -> bridged, L2 ACL permit+reflect"""
643 self.run_test_ip46_routed_to_bridged_and_back(True, True,
646 def test_0102_ip6_irb_1(self):
647 """ ACL IPv6 bridged -> routed, L2 ACL permit+reflect"""
648 self.run_test_ip46_bridged_to_routed_and_back(True, True,
651 def test_0103_ip6_irb_1(self):
652 """ ACL IPv4 routed -> bridged, L2 ACL permit+reflect"""
653 self.run_test_ip46_routed_to_bridged_and_back(True, False,
656 def test_0104_ip6_irb_1(self):
657 """ ACL IPv4 bridged -> routed, L2 ACL permit+reflect"""
658 self.run_test_ip46_bridged_to_routed_and_back(True, False,
661 def test_0111_ip6_irb_1(self):
662 """ ACL IPv6 routed -> bridged, L3 ACL permit+reflect"""
663 self.run_test_ip46_routed_to_bridged_and_back(False, True,
666 def test_0112_ip6_irb_1(self):
667 """ ACL IPv6 bridged -> routed, L3 ACL permit+reflect"""
668 self.run_test_ip46_bridged_to_routed_and_back(False, True,
671 def test_0113_ip6_irb_1(self):
672 """ ACL IPv4 routed -> bridged, L3 ACL permit+reflect"""
673 self.run_test_ip46_routed_to_bridged_and_back(False, False,
676 def test_0114_ip6_irb_1(self):
677 """ ACL IPv4 bridged -> routed, L3 ACL permit+reflect"""
678 self.run_test_ip46_bridged_to_routed_and_back(False, False,
681 # A block of tests with extension headers
683 def test_1001_ip6_irb_1(self):
684 """ ACL IPv6+EH routed -> bridged, L2 ACL deny"""
685 self.run_test_ip46_routed_to_bridged(True, True, False,
688 def test_1002_ip6_irb_1(self):
689 """ ACL IPv6+EH routed -> bridged, L3 ACL deny"""
690 self.run_test_ip46_routed_to_bridged(False, True, False,
693 def test_1005_ip6_irb_1(self):
694 """ ACL IPv6+EH bridged -> routed, L2 ACL deny """
695 self.run_test_ip46_bridged_to_routed(True, True, False,
698 def test_1006_ip6_irb_1(self):
699 """ ACL IPv6+EH bridged -> routed, L3 ACL deny """
700 self.run_test_ip46_bridged_to_routed(False, True, False,
703 def test_1101_ip6_irb_1(self):
704 """ ACL IPv6+EH routed -> bridged, L2 ACL permit+reflect"""
705 self.run_test_ip46_routed_to_bridged_and_back(True, True,
708 def test_1102_ip6_irb_1(self):
709 """ ACL IPv6+EH bridged -> routed, L2 ACL permit+reflect"""
710 self.run_test_ip46_bridged_to_routed_and_back(True, True,
713 def test_1111_ip6_irb_1(self):
714 """ ACL IPv6+EH routed -> bridged, L3 ACL permit+reflect"""
715 self.run_test_ip46_routed_to_bridged_and_back(False, True,
718 def test_1112_ip6_irb_1(self):
719 """ ACL IPv6+EH bridged -> routed, L3 ACL permit+reflect"""
720 self.run_test_ip46_bridged_to_routed_and_back(False, True,
723 # IPv4 with "MF" bit set
725 def test_1201_ip6_irb_1(self):
726 """ ACL IPv4+MF routed -> bridged, L2 ACL deny"""
727 self.run_test_ip46_routed_to_bridged(True, False, False,
730 def test_1202_ip6_irb_1(self):
731 """ ACL IPv4+MF routed -> bridged, L3 ACL deny"""
732 self.run_test_ip46_routed_to_bridged(False, False, False,
735 def test_1205_ip6_irb_1(self):
736 """ ACL IPv4+MF bridged -> routed, L2 ACL deny """
737 self.run_test_ip46_bridged_to_routed(True, False, False,
740 def test_1206_ip6_irb_1(self):
741 """ ACL IPv4+MF bridged -> routed, L3 ACL deny """
742 self.run_test_ip46_bridged_to_routed(False, False, False,
745 def test_1301_ip6_irb_1(self):
746 """ ACL IPv4+MF routed -> bridged, L2 ACL permit+reflect"""
747 self.run_test_ip46_routed_to_bridged_and_back(True, False,
750 def test_1302_ip6_irb_1(self):
751 """ ACL IPv4+MF bridged -> routed, L2 ACL permit+reflect"""
752 self.run_test_ip46_bridged_to_routed_and_back(True, False,
755 def test_1311_ip6_irb_1(self):
756 """ ACL IPv4+MF routed -> bridged, L3 ACL permit+reflect"""
757 self.run_test_ip46_routed_to_bridged_and_back(False, False,
760 def test_1312_ip6_irb_1(self):
761 """ ACL IPv4+MF bridged -> routed, L3 ACL permit+reflect"""
762 self.run_test_ip46_bridged_to_routed_and_back(False, False,
765 if __name__ == '__main__':
766 unittest.main(testRunner=VppTestRunner)