test/test_acl_plugin_macip.py

   1 #!/usr/bin/env python
   2 """ACL plugin - MACIP tests
   3 """
   4 import random
   5 import re
   6 import unittest
   7
   8 from socket import inet_ntop, inet_pton, AF_INET, AF_INET6
   9 from struct import *
  10 from scapy.packet import Raw
  11 from scapy.layers.l2 import Ether
  12 from scapy.layers.inet import IP, UDP, TCP
  13 from scapy.layers.inet6 import IPv6
  14
  15 from framework import VppTestCase, VppTestRunner, running_extended_tests
  16 from vpp_lo_interface import VppLoInterface
  17
  18
  19 class TestMACIP(VppTestCase):
  20     """MACIP Test Case"""
  21
  22     DEBUG = False
  23
  24     BRIDGED = True
  25     ROUTED = False
  26
  27     IS_IP4 = False
  28     IS_IP6 = True
  29
  30     # rule types
  31     DENY = 0
  32     PERMIT = 1
  33
  34     # ACL types
  35     EXACT_IP = 1
  36     SUBNET_IP = 2
  37     WILD_IP = 3
  38
  39     EXACT_MAC = 1
  40     WILD_MAC = 2
  41     OUI_MAC = 3
  42
  43     ACLS = []
  44
  45     @classmethod
  46     def setUpClass(cls):
  47         """
  48         Perform standard class setup (defined by class method setUpClass in
  49         class VppTestCase) before running the test case, set test case related
  50         variables and configure VPP.
  51         """
  52         super(TestMACIP, cls).setUpClass()
  53
  54         cls.pg_if_packet_sizes = [64, 512, 1518, 9018]  # packet sizes
  55         cls.bd_id = 10
  56         cls.remote_hosts_count = 250
  57
  58         try:
  59             # create 3 pg interfaces, 1 loopback interface
  60             cls.create_pg_interfaces(range(3))
  61             cls.create_loopback_interfaces(range(1))
  62
  63             cls.interfaces = list(cls.pg_interfaces)
  64             cls.interfaces.extend(cls.lo_interfaces)
  65
  66             for i in cls.interfaces:
  67                 i.admin_up()
  68
  69             # Create BD with MAC learning enabled and put interfaces to this BD
  70             cls.vapi.sw_interface_set_l2_bridge(
  71                 cls.loop0.sw_if_index, bd_id=cls.bd_id, bvi=1)
  72             cls.vapi.sw_interface_set_l2_bridge(
  73                 cls.pg0.sw_if_index, bd_id=cls.bd_id)
  74             cls.vapi.sw_interface_set_l2_bridge(
  75                 cls.pg1.sw_if_index, bd_id=cls.bd_id)
  76
  77             # Configure IPv4 addresses on loop interface and routed interface
  78             cls.loop0.config_ip4()
  79             cls.loop0.config_ip6()
  80             cls.pg2.config_ip4()
  81             cls.pg2.config_ip6()
  82
  83             # Configure MAC address binding to IPv4 neighbors on loop0
  84             cls.loop0.generate_remote_hosts(cls.remote_hosts_count)
  85             # Modify host mac addresses to have different OUI parts
  86             for i in range(2, cls.remote_hosts_count + 2):
  87                 mac = cls.loop0.remote_hosts[i-2]._mac.split(':')
  88                 mac[2] = format(int(mac[2], 16) + i, "02x")
  89                 cls.loop0.remote_hosts[i - 2]._mac = ":".join(mac)
  90
  91             cls.loop0.configure_ipv4_neighbors()
  92             cls.loop0.configure_ipv6_neighbors()
  93             # configure MAC address on pg2
  94             cls.pg2.resolve_arp()
  95             cls.pg2.resolve_ndp()
  96
  97             # Loopback BVI interface has remote hosts
  98             # one half of hosts are behind pg0 second behind pg1
  99             half = cls.remote_hosts_count // 2
 100             cls.pg0.remote_hosts = cls.loop0.remote_hosts[:half]
 101             cls.pg1.remote_hosts = cls.loop0.remote_hosts[half:]
 102
 103         except Exception:
 104             super(TestMACIP, cls).tearDownClass()
 105             raise
 106
 107     def setUp(self):
 108         super(TestMACIP, self).setUp()
 109         self.reset_packet_infos()
 110         del self.ACLS[:]
 111
 112     def tearDown(self):
 113         """
 114         Show various debug prints after each test.
 115         """
 116         super(TestMACIP, self).tearDown()
 117         if not self.vpp_dead:
 118             self.logger.info(self.vapi.ppcli("show interface address"))
 119             self.logger.info(self.vapi.ppcli("show hardware"))
 120             self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl"))
 121             self.logger.info(self.vapi.ppcli("sh acl-plugin macip interface"))
 122             self.logger.info(self.vapi.ppcli("sh classify tables verbose"))
 123             # print self.vapi.ppcli("show interface address")
 124             # print self.vapi.ppcli("show hardware")
 125             # print self.vapi.ppcli("sh acl-plugin macip interface")
 126             # print self.vapi.ppcli("sh acl-plugin macip acl")
 127         self.delete_acls()
 128
 129     def macip_acl_dump_debug(self):
 130         acls = self.vapi.macip_acl_dump()
 131         if self.DEBUG:
 132             for acl in acls:
 133                 print "ACL #"+str(acl.acl_index)
 134                 for r in acl.r:
 135                     rule = "ACTION"
 136                     if r.is_permit == 1:
 137                         rule = "PERMIT"
 138                     elif r.is_permit == 0:
 139                         rule = "DENY  "
 140                     print "    IP6" if r.is_ipv6 else "    IP4", \
 141                           rule, \
 142                           r.src_mac.encode('hex'), \
 143                           r.src_mac_mask.encode('hex'),\
 144                           unpack('<16B', r.src_ip_addr), \
 145                           r.src_ip_prefix_len
 146         return acls
 147
 148     def create_rules(self, mac_type=EXACT_MAC, ip_type=EXACT_IP,
 149                      acl_count=1, rules_count=[1]):
 150         acls = []
 151         src_mac = int("220000dead00", 16)
 152         for acl in range(2, (acl_count+1) * 2):
 153             rules = []
 154             host = random.choice(self.loop0.remote_hosts)
 155             is_ip6 = acl % 2
 156             ip4 = host.ip4.split('.')
 157             ip6 = list(unpack('<16B', inet_pton(AF_INET6, host.ip6)))
 158
 159             if ip_type == self.EXACT_IP:
 160                 prefix_len4 = 32
 161                 prefix_len6 = 128
 162             elif ip_type == self.WILD_IP:
 163                 ip4 = [0, 0, 0, 0]
 164                 ip6 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
 165                 prefix_len4 = 0
 166                 prefix_len6 = 0
 167                 rules_count[(acl / 2) - 1] = 1
 168             else:
 169                 prefix_len4 = 24
 170                 prefix_len6 = 64
 171
 172             if mac_type == self.EXACT_MAC:
 173                 mask = "ff:ff:ff:ff:ff:ff"
 174             elif mac_type == self.WILD_MAC:
 175                 mask = "00:00:00:00:00:00"
 176             elif mac_type == self.OUI_MAC:
 177                 mask = "ff:ff:ff:00:00:00"
 178             else:
 179                 mask = "ff:ff:ff:ff:ff:00"
 180
 181             ip = ip6 if is_ip6 else ip4
 182             ip_len = prefix_len6 if is_ip6 else prefix_len4
 183
 184             for i in range(0, rules_count[(acl / 2) - 1]):
 185                 src_mac += 16777217
 186                 if mac_type == self.WILD_MAC:
 187                     mac = "00:00:00:00:00:00"
 188                 elif mac_type == self.OUI_MAC:
 189                     mac = ':'.join(re.findall('..', '{:02x}'.format(
 190                         src_mac))[:3])+":00:00:00"
 191                 else:
 192                     mac = ':'.join(re.findall('..', '{:02x}'.format(src_mac)))
 193
 194                 if ip_type == self.EXACT_IP:
 195                     ip4[3] = random.randint(100, 200)
 196                     ip6[15] = random.randint(100, 200)
 197                 elif ip_type == self.SUBNET_IP:
 198                     ip4[2] = random.randint(100, 200)
 199                     ip4[3] = 0
 200                     ip6[8] = random.randint(100, 200)
 201                     ip6[15] = 0
 202                 ip_pack = ''
 203                 for j in range(0, len(ip)):
 204                     ip_pack += pack('<B', int(ip[j]))
 205
 206                 rule = ({'is_permit': self.PERMIT,
 207                          'is_ipv6': is_ip6,
 208                          'src_ip_addr': ip_pack,
 209                          'src_ip_prefix_len': ip_len,
 210                          'src_mac': mac.replace(':', '').decode('hex'),
 211                          'src_mac_mask': mask.replace(':', '').decode('hex')})
 212                 rules.append(rule)
 213                 if ip_type == self.WILD_IP:
 214                     break
 215
 216             acls.append(rules)
 217             src_mac += 1099511627776
 218         return acls
 219
 220     def apply_rules(self, acls):
 221         for acl in acls:
 222             reply = self.vapi.macip_acl_add(acl)
 223             self.assertEqual(reply.retval, 0)
 224             self.ACLS.append(reply.acl_index)
 225
 226     def verify_acls(self, acl_count, rules_count, expected_count=2):
 227         reply = self.macip_acl_dump_debug()
 228         for acl in range(2, (acl_count+1) * 2):
 229             self.assertEqual(reply[acl - 2].count, rules_count[acl/2-1])
 230
 231         self.vapi.macip_acl_interface_get()
 232
 233         self.vapi.macip_acl_interface_add_del(sw_if_index=0, acl_index=0)
 234         self.vapi.macip_acl_interface_add_del(sw_if_index=1, acl_index=1)
 235
 236         reply = self.vapi.macip_acl_interface_get()
 237         self.assertEqual(reply.count, expected_count)
 238
 239     def delete_acls(self):
 240         for acl in range(len(self.ACLS)-1, -1, -1):
 241             self.vapi.macip_acl_del(self.ACLS[acl])
 242
 243         reply = self.vapi.macip_acl_dump()
 244         self.assertEqual(len(reply), 0)
 245
 246     def create_stream(self, mac_type, ip_type, packet_count,
 247                       src_ip_if, dst_ip_if, bridged_routed, is_ip6):
 248         # exact MAC and exact IP
 249         # exact MAC and subnet of IPs
 250         # exact MAC and wildcard IP
 251         # wildcard MAC and exact IP
 252         # wildcard MAC and subnet of IPs
 253         # wildcard MAC and wildcard IP
 254         # OUI restricted MAC and exact IP
 255         # OUI restricted MAC and subnet of IPs
 256         # OUI restricted MAC and wildcard IP
 257
 258         packets = []
 259         rules = []
 260         ip_permit = ""
 261         mac_permit = ""
 262         dst_mac = ""
 263         mac_rule = "00:00:00:00:00:00"
 264         mac_mask = "00:00:00:00:00:00"
 265         for p in range(0, packet_count):
 266             remote_dst_index = p % len(dst_ip_if.remote_hosts)
 267             remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index]
 268
 269             dst_port = 1234 + p
 270             src_port = 4321 + p
 271             is_permit = self.PERMIT if p % 3 == 0 else self.DENY
 272             denyMAC = True if not is_permit and p % 3 == 1 else False
 273             denyIP = True if not is_permit and p % 3 == 2 else False
 274             if not is_permit and ip_type == self.WILD_IP:
 275                 denyMAC = True
 276             if not is_permit and mac_type == self.WILD_MAC:
 277                 denyIP = True
 278
 279             if bridged_routed == self.BRIDGED:
 280                 if is_permit:
 281                     src_mac = remote_dst_host._mac
 282                     dst_mac = 'de:ad:00:00:00:00'
 283                     src_ip4 = remote_dst_host.ip4
 284                     dst_ip4 = src_ip_if.remote_ip4
 285                     src_ip6 = remote_dst_host.ip6
 286                     dst_ip6 = src_ip_if.remote_ip6
 287                     ip_permit = src_ip6 if is_ip6 else src_ip4
 288                     mac_permit = src_mac
 289                 if denyMAC:
 290                     mac = src_mac.split(':')
 291                     mac[0] = format(int(mac[0], 16)+1, "02x")
 292                     src_mac = ":".join(mac)
 293                     if is_ip6:
 294                         src_ip6 = ip_permit
 295                     else:
 296                         src_ip4 = ip_permit
 297                 if denyIP:
 298                     if ip_type != self.WILD_IP:
 299                         src_mac = mac_permit
 300                     src_ip4 = remote_dst_host.ip4
 301                     dst_ip4 = src_ip_if.remote_ip4
 302                     src_ip6 = remote_dst_host.ip6
 303                     dst_ip6 = src_ip_if.remote_ip6
 304             else:
 305                 if is_permit:
 306                     src_mac = remote_dst_host._mac
 307                     dst_mac = src_ip_if.local_mac
 308                     src_ip4 = src_ip_if.remote_ip4
 309                     dst_ip4 = remote_dst_host.ip4
 310                     src_ip6 = src_ip_if.remote_ip6
 311                     dst_ip6 = remote_dst_host.ip6
 312                     ip_permit = src_ip6 if is_ip6 else src_ip4
 313                     mac_permit = src_mac
 314                 if denyMAC:
 315                     mac = src_mac.split(':')
 316                     mac[0] = format(int(mac[0], 16) + 1, "02x")
 317                     src_mac = ":".join(mac)
 318                     if is_ip6:
 319                         src_ip6 = ip_permit
 320                     else:
 321                         src_ip4 = ip_permit
 322                 if denyIP:
 323                     src_mac = remote_dst_host._mac
 324                     if ip_type != self.WILD_IP:
 325                         src_mac = mac_permit
 326                     src_ip4 = remote_dst_host.ip4
 327                     dst_ip4 = src_ip_if.remote_ip4
 328                     src_ip6 = remote_dst_host.ip6
 329                     dst_ip6 = src_ip_if.remote_ip6
 330
 331             if is_permit:
 332                 info = self.create_packet_info(src_ip_if, dst_ip_if)
 333                 payload = self.info_to_payload(info)
 334             else:
 335                 payload = "to be blocked"
 336
 337             if mac_type == self.WILD_MAC:
 338                 mac = src_mac.split(':')
 339                 for i in range(1, 5):
 340                     mac[i] = format(random.randint(0, 255), "02x")
 341                 src_mac = ":".join(mac)
 342
 343             # create packet
 344             packet = Ether(src=src_mac, dst=dst_mac)
 345             ip_rule = src_ip6 if is_ip6 else src_ip4
 346             if is_ip6:
 347                 if ip_type != self.EXACT_IP:
 348                     sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip_rule)))
 349                     if ip_type == self.WILD_IP:
 350                         sub_ip[0] = random.randint(240, 254)
 351                         sub_ip[1] = random.randint(230, 239)
 352                         sub_ip[14] = random.randint(100, 199)
 353                         sub_ip[15] = random.randint(200, 255)
 354                     elif ip_type == self.SUBNET_IP:
 355                         if denyIP:
 356                             sub_ip[2] = str(int(sub_ip[2]) + 1)
 357                         sub_ip[14] = random.randint(100, 199)
 358                         sub_ip[15] = random.randint(200, 255)
 359                     src_ip6 = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
 360                 packet /= IPv6(src=src_ip6, dst=dst_ip6)
 361             else:
 362                 if ip_type != self.EXACT_IP:
 363                     sub_ip = ip_rule.split('.')
 364                     if ip_type == self.WILD_IP:
 365                         sub_ip[0] = str(random.randint(1, 49))
 366                         sub_ip[1] = str(random.randint(50, 99))
 367                         sub_ip[2] = str(random.randint(100, 199))
 368                         sub_ip[3] = str(random.randint(200, 255))
 369                     elif ip_type == self.SUBNET_IP:
 370                         if denyIP:
 371                             sub_ip[1] = str(int(sub_ip[1])+1)
 372                         sub_ip[2] = str(random.randint(100, 199))
 373                         sub_ip[3] = str(random.randint(200, 255))
 374                     src_ip4 = ".".join(sub_ip)
 375                 packet /= IP(src=src_ip4, dst=dst_ip4, frag=0, flags=0)
 376
 377             packet /= UDP(sport=src_port, dport=dst_port)/Raw(payload)
 378
 379             packet[Raw].load += " mac:"+src_mac
 380
 381             size = self.pg_if_packet_sizes[p % len(self.pg_if_packet_sizes)]
 382             self.extend_packet(packet, size)
 383             packets.append(packet)
 384
 385             # create suitable rule
 386             if mac_type == self.EXACT_MAC:
 387                 mac_rule = src_mac
 388                 mac_mask = "ff:ff:ff:ff:ff:ff"
 389             elif mac_type == self.WILD_MAC:
 390                 mac_rule = "00:00:00:00:00:00"
 391                 mac_mask = "00:00:00:00:00:00"
 392             elif mac_type == self.OUI_MAC:
 393                 mac = src_mac.split(':')
 394                 mac[3] = mac[4] = mac[5] = '00'
 395                 mac_rule = ":".join(mac)
 396                 mac_mask = "ff:ff:ff:00:00:00"
 397
 398             if is_ip6:
 399                 if ip_type == self.WILD_IP:
 400                     ip = "0::0"
 401                 else:
 402                     ip = src_ip6
 403                     if ip_type == self.SUBNET_IP:
 404                         sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip)))
 405                         for i in range(8, 16):
 406                             sub_ip[i] = 0
 407                         ip = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
 408             else:
 409                 if ip_type == self.WILD_IP:
 410                     ip = "0.0.0.0"
 411                 else:
 412                     ip = src_ip4
 413                     if ip_type == self.SUBNET_IP:
 414                         sub_ip = ip.split('.')
 415                         sub_ip[2] = sub_ip[3] = '0'
 416                         ip = ".".join(sub_ip)
 417
 418             prefix_len = 128 if is_ip6 else 32
 419             if ip_type == self.WILD_IP:
 420                 prefix_len = 0
 421             elif ip_type == self.SUBNET_IP:
 422                 prefix_len = 64 if is_ip6 else 16
 423             ip_rule = inet_pton(AF_INET6 if is_ip6 else AF_INET, ip)
 424
 425             if mac_type == self.WILD_MAC and ip_type == self.WILD_IP and p > 0:
 426                 continue
 427
 428             if is_permit:
 429                 rule = ({'is_permit': is_permit,
 430                          'is_ipv6': is_ip6,
 431                          'src_ip_addr': ip_rule,
 432                          'src_ip_prefix_len': prefix_len,
 433                          'src_mac': mac_rule.replace(':', '').decode('hex'),
 434                          'src_mac_mask': mac_mask.replace(':', '').decode(
 435                              'hex')})
 436                 rules.append(rule)
 437
 438         # deny all other packets
 439         if not (mac_type == self.WILD_MAC and ip_type == self.WILD_IP):
 440             rule = ({'is_permit': 0,
 441                      'is_ipv6': is_ip6,
 442                      'src_ip_addr': "",
 443                      'src_ip_prefix_len': 0,
 444                      'src_mac': "",
 445                      'src_mac_mask': ""})
 446             rules.append(rule)
 447
 448         return {'stream': packets, 'rules': rules}
 449
 450     def verify_capture(self, stream, capture, is_ip6):
 451         p_l3 = IPv6 if is_ip6 else IP
 452         if self.DEBUG:
 453             for p in stream:
 454                 print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
 455
 456         acls = self.macip_acl_dump_debug()
 457
 458         # TODO : verify
 459         # for acl in acls:
 460         #     for r in acl.r:
 461         #         print r.src_mac.encode('hex'), \
 462         #               r.src_mac_mask.encode('hex'),\
 463         #               unpack('<16B', r.src_ip_addr), \
 464         #               r.src_ip_prefix_len
 465         #
 466         # for p in capture:
 467         #     print p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
 468         #     data = p[Raw].load.split(':',1)[1]
 469         #     print p[p_l3].src, data
 470
 471     def run_traffic(self, mac_type, ip_type, bridged_routed, is_ip6, packets,
 472                     do_not_expected_capture=False):
 473         self.reset_packet_infos()
 474
 475         tx_if = self.pg0 if bridged_routed == self.BRIDGED else self.pg2
 476         rx_if = self.pg2 if bridged_routed == self.BRIDGED else self.pg0
 477
 478         test_dict = self.create_stream(mac_type, ip_type, packets,
 479                                        self.pg2, self.loop0,
 480                                        bridged_routed,
 481                                        is_ip6)
 482
 483         reply = self.vapi.macip_acl_add(test_dict['rules'])
 484         self.assertEqual(reply.retval, 0)
 485         acl_index = reply.acl_index
 486
 487         self.vapi.macip_acl_interface_add_del(sw_if_index=tx_if.sw_if_index,
 488                                               acl_index=acl_index)
 489         reply = self.vapi.macip_acl_interface_get()
 490         self.assertEqual(reply.acls[tx_if.sw_if_index], acl_index)
 491         self.ACLS.append(reply.acls[tx_if.sw_if_index])
 492
 493         tx_if.add_stream(test_dict['stream'])
 494         self.pg_enable_capture(self.pg_interfaces)
 495         self.pg_start()
 496
 497         if do_not_expected_capture:
 498             rx_if.get_capture(0)
 499         else:
 500             packet_count = self.get_packet_count_for_if_idx(
 501                 self.loop0.sw_if_index)
 502             if mac_type == self.WILD_MAC and ip_type == self.WILD_IP:
 503                 packet_count = packets if bridged_routed else packet_count
 504             capture = rx_if.get_capture(packet_count)
 505             self.verify_capture(test_dict['stream'], capture, is_ip6)
 506
 507     def run_test_acls(self, mac_type, ip_type, acl_count,
 508                       rules_count, traffic=None, ip=None):
 509         self.apply_rules(self.create_rules(mac_type, ip_type, acl_count,
 510                                            rules_count))
 511         self.verify_acls(acl_count, rules_count)
 512
 513         if traffic is not None:
 514             self.run_traffic(self.EXACT_MAC, self.EXACT_IP, traffic, ip, 9)
 515
 516     def test_acl_bridged_ip4_exactMAC_exactIP(self):
 517         """ IP4 MACIP exactMAC|exactIP ACL bridged traffic
 518         """
 519         self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
 520                          self.BRIDGED, self.IS_IP4, 9)
 521
 522     def test_acl_bridged_ip6_exactMAC_exactIP(self):
 523         """ IP6 MACIP exactMAC|exactIP ACL bridged traffic
 524         """
 525
 526         self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
 527                          self.BRIDGED, self.IS_IP6, 9)
 528
 529     def test_acl_bridged_ip4_exactMAC_subnetIP(self):
 530         """ IP4 MACIP exactMAC|subnetIP ACL bridged traffic
 531         """
 532
 533         self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
 534                          self.BRIDGED, self.IS_IP4, 9)
 535
 536     def test_acl_bridged_ip6_exactMAC_subnetIP(self):
 537         """ IP6 MACIP exactMAC|subnetIP ACL bridged traffic
 538         """
 539
 540         self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
 541                          self.BRIDGED, self.IS_IP6, 9)
 542
 543     def test_acl_bridged_ip4_exactMAC_wildIP(self):
 544         """ IP4 MACIP exactMAC|wildIP ACL bridged traffic
 545         """
 546
 547         self.run_traffic(self.EXACT_MAC, self.WILD_IP,
 548                          self.BRIDGED, self.IS_IP4, 9)
 549
 550     def test_acl_bridged_ip6_exactMAC_wildIP(self):
 551         """ IP6 MACIP exactMAC|wildIP ACL bridged traffic
 552         """
 553
 554         self.run_traffic(self.EXACT_MAC, self.WILD_IP,
 555                          self.BRIDGED, self.IS_IP6, 9)
 556
 557     def test_acl_bridged_ip4_ouiMAC_exactIP(self):
 558         """ IP4 MACIP ouiMAC|exactIP ACL bridged traffic
 559         """
 560
 561         self.run_traffic(self.OUI_MAC, self.EXACT_IP,
 562                          self.BRIDGED, self.IS_IP4, 3)
 563
 564     def test_acl_bridged_ip6_ouiMAC_exactIP(self):
 565         """ IP6 MACIP oui_MAC|exactIP ACL bridged traffic
 566         """
 567
 568         self.run_traffic(self.OUI_MAC, self.EXACT_IP,
 569                          self.BRIDGED, self.IS_IP6, 9)
 570
 571     def test_acl_bridged_ip4_ouiMAC_subnetIP(self):
 572         """ IP4 MACIP ouiMAC|subnetIP ACL bridged traffic
 573         """
 574
 575         self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
 576                          self.BRIDGED, self.IS_IP4, 9)
 577
 578     def test_acl_bridged_ip6_ouiMAC_subnetIP(self):
 579         """ IP6 MACIP ouiMAC|subnetIP ACL bridged traffic
 580         """
 581
 582         self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
 583                          self.BRIDGED, self.IS_IP6, 9)
 584
 585     def test_acl_bridged_ip4_ouiMAC_wildIP(self):
 586         """ IP4 MACIP ouiMAC|wildIP ACL bridged traffic
 587         """
 588
 589         self.run_traffic(self.OUI_MAC, self.WILD_IP,
 590                          self.BRIDGED, self.IS_IP4, 9)
 591
 592     def test_acl_bridged_ip6_ouiMAC_wildIP(self):
 593         """ IP6 MACIP ouiMAC|wildIP ACL bridged traffic
 594         """
 595
 596         self.run_traffic(self.OUI_MAC, self.WILD_IP,
 597                          self.BRIDGED, self.IS_IP6, 9)
 598
 599     def test_ac_bridgedl_ip4_wildMAC_exactIP(self):
 600         """ IP4 MACIP wildcardMAC|exactIP ACL bridged traffic
 601         """
 602
 603         self.run_traffic(self.WILD_MAC, self.EXACT_IP,
 604                          self.BRIDGED, self.IS_IP4, 9)
 605
 606     def test_acl_bridged_ip6_wildMAC_exactIP(self):
 607         """ IP6 MACIP wildcardMAC|exactIP ACL bridged traffic
 608         """
 609
 610         self.run_traffic(self.WILD_MAC, self.EXACT_IP,
 611                          self.BRIDGED, self.IS_IP6, 9)
 612
 613     def test_acl_bridged_ip4_wildMAC_subnetIP(self):
 614         """ IP4 MACIP wildcardMAC|subnetIP ACL bridged traffic
 615         """
 616
 617         self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
 618                          self.BRIDGED, self.IS_IP4, 9)
 619
 620     def test_acl_bridged_ip6_wildMAC_subnetIP(self):
 621         """ IP6 MACIP wildcardMAC|subnetIP ACL bridged traffic
 622         """
 623
 624         self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
 625                          self.BRIDGED, self.IS_IP6, 9)
 626
 627     def test_acl_bridged_ip4_wildMAC_wildIP(self):
 628         """ IP4 MACIP wildcardMAC|wildIP ACL bridged traffic
 629         """
 630
 631         self.run_traffic(self.WILD_MAC, self.WILD_IP,
 632                          self.BRIDGED, self.IS_IP4, 9)
 633
 634     def test_acl_bridged_ip6_wildMAC_wildIP(self):
 635         """ IP6 MACIP wildcardMAC|wildIP ACL bridged traffic
 636         """
 637
 638         self.run_traffic(self.WILD_MAC, self.WILD_IP,
 639                          self.BRIDGED, self.IS_IP6, 9)
 640
 641     def test_acl_routed_ip4_exactMAC_exactIP(self):
 642         """ IP4 MACIP exactMAC|exactIP ACL routed traffic
 643         """
 644         self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
 645                          self.ROUTED, self.IS_IP4, 9)
 646
 647     def test_acl_routed_ip6_exactMAC_exactIP(self):
 648         """ IP6 MACIP exactMAC|exactIP ACL routed traffic
 649         """
 650
 651         self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
 652                          self.ROUTED, self.IS_IP6, 9)
 653
 654     def test_acl_routed_ip4_exactMAC_subnetIP(self):
 655         """ IP4 MACIP exactMAC|subnetIP ACL routed traffic
 656         """
 657         self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
 658                          self.ROUTED, self.IS_IP4, 9)
 659
 660     def test_acl_routed_ip6_exactMAC_subnetIP(self):
 661         """ IP6 MACIP exactMAC|subnetIP ACL routed traffic
 662         """
 663
 664         self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
 665                          self.ROUTED, self.IS_IP6, 9)
 666
 667     def test_acl_routed_ip4_exactMAC_wildIP(self):
 668         """ IP4 MACIP exactMAC|wildIP ACL routed traffic
 669         """
 670         self.run_traffic(self.EXACT_MAC, self.WILD_IP,
 671                          self.ROUTED, self.IS_IP4, 9)
 672
 673     def test_acl_routed_ip6_exactMAC_wildIP(self):
 674         """ IP6 MACIP exactMAC|wildIP ACL routed traffic
 675         """
 676
 677         self.run_traffic(self.EXACT_MAC, self.WILD_IP,
 678                          self.ROUTED, self.IS_IP6, 9)
 679
 680     def test_acl_routed_ip4_ouiMAC_exactIP(self):
 681         """ IP4 MACIP ouiMAC|exactIP ACL routed traffic
 682         """
 683
 684         self.run_traffic(self.OUI_MAC, self.EXACT_IP,
 685                          self.ROUTED, self.IS_IP4, 9)
 686
 687     def test_acl_routed_ip6_ouiMAC_exactIP(self):
 688         """ IP6 MACIP ouiMAC|exactIP ACL routed traffic
 689         """
 690
 691         self.run_traffic(self.OUI_MAC, self.EXACT_IP,
 692                          self.ROUTED, self.IS_IP6, 9)
 693
 694     def test_acl_routed_ip4_ouiMAC_subnetIP(self):
 695         """ IP4 MACIP ouiMAC|subnetIP ACL routed traffic
 696         """
 697
 698         self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
 699                          self.ROUTED, self.IS_IP4, 9)
 700
 701     def test_acl_routed_ip6_ouiMAC_subnetIP(self):
 702         """ IP6 MACIP ouiMAC|subnetIP ACL routed traffic
 703         """
 704
 705         self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
 706                          self.ROUTED, self.IS_IP6, 9)
 707
 708     def test_acl_routed_ip4_ouiMAC_wildIP(self):
 709         """ IP4 MACIP ouiMAC|wildIP ACL routed traffic
 710         """
 711
 712         self.run_traffic(self.OUI_MAC, self.WILD_IP,
 713                          self.ROUTED, self.IS_IP4, 9)
 714
 715     def test_acl_routed_ip6_ouiMAC_wildIP(self):
 716         """ IP6 MACIP ouiMAC|wildIP ACL routed traffic
 717         """
 718
 719         self.run_traffic(self.OUI_MAC, self.WILD_IP,
 720                          self.ROUTED, self.IS_IP6, 9)
 721
 722     def test_acl_routed_ip4_wildMAC_exactIP(self):
 723         """ IP4 MACIP wildcardMAC|exactIP ACL routed traffic
 724         """
 725
 726         self.run_traffic(self.WILD_MAC, self.EXACT_IP,
 727                          self.ROUTED, self.IS_IP4, 9)
 728
 729     def test_acl_routed_ip6_wildMAC_exactIP(self):
 730         """ IP6 MACIP wildcardMAC|exactIP ACL routed traffic
 731         """
 732
 733         self.run_traffic(self.WILD_MAC, self.EXACT_IP,
 734                          self.ROUTED, self.IS_IP6, 9)
 735
 736     def test_acl_routed_ip4_wildMAC_subnetIP(self):
 737         """ IP4 MACIP wildcardMAC|subnetIP ACL routed traffic
 738         """
 739
 740         self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
 741                          self.ROUTED, self.IS_IP4, 9)
 742
 743     def test_acl_routed_ip6_wildMAC_subnetIP(self):
 744         """ IP6 MACIP wildcardMAC|subnetIP ACL routed traffic
 745         """
 746
 747         self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
 748                          self.ROUTED, self.IS_IP6, 9)
 749
 750     def test_acl_1_2(self):
 751         """ MACIP ACL with 2 entries
 752         """
 753
 754         self.run_test_acls(self.EXACT_MAC, self.WILD_IP, 1, [2])
 755
 756     def test_acl_1_5(self):
 757         """ MACIP ACL with 5 entries
 758         """
 759
 760         self.run_test_acls(self.EXACT_MAC, self.SUBNET_IP, 1, [5])
 761
 762     def test_acl_1_10(self):
 763         """ MACIP ACL with 10 entries
 764         """
 765
 766         self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 1, [10])
 767
 768     def test_acl_1_20(self):
 769         """ MACIP ACL with 20 entries
 770         """
 771
 772         self.run_test_acls(self.OUI_MAC, self.WILD_IP, 1, [20])
 773
 774     def test_acl_1_50(self):
 775         """ MACIP ACL with 50 entries
 776         """
 777
 778         self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 1, [50])
 779
 780     def test_acl_1_100(self):
 781         """ MACIP ACL with 100 entries
 782         """
 783
 784         self.run_test_acls(self.OUI_MAC, self.EXACT_IP, 1, [100])
 785
 786     def test_acl_2_X(self):
 787         """ MACIP 2 ACLs each with 100+ entries
 788         """
 789
 790         self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 2, [100, 200])
 791
 792     def test_acl_10_X(self):
 793         """ MACIP 10 ACLs each with 100+ entries
 794         """
 795
 796         self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
 797                            [100, 120, 140, 160, 180, 200, 210, 220, 230, 240])
 798
 799     def test_acl_10_X_traffic_ip4(self):
 800         """ MACIP 10 ACLs each with 100+ entries with IP4 traffic
 801         """
 802
 803         self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
 804                            [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
 805                            self.BRIDGED, self.IS_IP4)
 806
 807     def test_acl_10_X_traffic_ip6(self):
 808         """ MACIP 10 ACLs each with 100+ entries with IP6 traffic
 809         """
 810
 811         self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
 812                            [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
 813                            self.BRIDGED, self.IS_IP6)
 814
 815     def test_acl_replace(self):
 816         """ MACIP replace ACL
 817         """
 818
 819         r1 = self.create_rules(acl_count=3, rules_count=[2, 2, 2])
 820         r2 = self.create_rules(mac_type=self.OUI_MAC, ip_type=self.SUBNET_IP)
 821         self.apply_rules(r1)
 822
 823         acls_before = self.macip_acl_dump_debug()
 824
 825         # replace acls #2, #3 with new
 826         reply = self.vapi.macip_acl_add_replace(r2[0], 2)
 827         self.assertEqual(reply.retval, 0)
 828         self.assertEqual(reply.acl_index, 2)
 829         reply = self.vapi.macip_acl_add_replace(r2[1], 3)
 830         self.assertEqual(reply.retval, 0)
 831         self.assertEqual(reply.acl_index, 3)
 832
 833         acls_after = self.macip_acl_dump_debug()
 834
 835         # verify changes
 836         self.assertEqual(len(acls_before), len(acls_after))
 837         for acl1, acl2 in zip(
 838                 acls_before[:2]+acls_before[4:],
 839                 acls_after[:2]+acls_after[4:]):
 840             self.assertEqual(len(acl1), len(acl2))
 841
 842             self.assertEqual(len(acl1.r), len(acl2.r))
 843             for r1, r2 in zip(acl1.r, acl2.r):
 844                 self.assertEqual(len(acl1.r), len(acl2.r))
 845                 self.assertEqual(acl1.r, acl2.r)
 846         for acl1, acl2 in zip(
 847                 acls_before[2:4],
 848                 acls_after[2:4]):
 849             self.assertEqual(len(acl1), len(acl2))
 850
 851             self.assertNotEqual(len(acl1.r), len(acl2.r))
 852             for r1, r2 in zip(acl1.r, acl2.r):
 853                 self.assertNotEqual(len(acl1.r), len(acl2.r))
 854                 self.assertNotEqual(acl1.r, acl2.r)
 855
 856     def test_acl_replace_traffic_ip4(self):
 857         """ MACIP replace ACL with IP4 traffic
 858         """
 859         self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
 860                          self.BRIDGED, self.IS_IP4, 9)
 861
 862         r = self.create_rules()
 863         # replace acls #2, #3 with new
 864         reply = self.vapi.macip_acl_add_replace(r[0], 0)
 865         self.assertEqual(reply.retval, 0)
 866         self.assertEqual(reply.acl_index, 0)
 867
 868         self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
 869                          self.BRIDGED, self.IS_IP4, 9, True)
 870
 871     def test_acl_replace_traffic_ip6(self):
 872         """ MACIP replace ACL with IP6 traffic
 873         """
 874         self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
 875                          self.BRIDGED, self.IS_IP6, 9)
 876
 877         r = self.create_rules()
 878         # replace acls #2, #3 with new
 879         reply = self.vapi.macip_acl_add_replace(r[0], 0)
 880         self.assertEqual(reply.retval, 0)
 881         self.assertEqual(reply.acl_index, 0)
 882
 883         self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
 884                          self.BRIDGED, self.IS_IP6, 9, True)
 885
 886     def test_delete_intf(self):
 887         """ MACIP ACL delete intf with acl
 888         """
 889
 890         intf_count = len(self.interfaces)+1
 891         intf = []
 892         self.apply_rules(self.create_rules(acl_count=3, rules_count=[3, 5, 4]))
 893
 894         intf.append(VppLoInterface(self, 0))
 895         intf.append(VppLoInterface(self, 1))
 896
 897         sw_if_index0 = intf[0].sw_if_index
 898         self.vapi.macip_acl_interface_add_del(sw_if_index0, 1)
 899
 900         reply = self.vapi.macip_acl_interface_get()
 901         self.assertEqual(reply.count, intf_count+1)
 902         self.assertEqual(reply.acls[sw_if_index0], 1)
 903
 904         sw_if_index1 = intf[1].sw_if_index
 905         self.vapi.macip_acl_interface_add_del(sw_if_index1, 0)
 906
 907         reply = self.vapi.macip_acl_interface_get()
 908         self.assertEqual(reply.count, intf_count+2)
 909         self.assertEqual(reply.acls[sw_if_index1], 0)
 910
 911         intf[0].remove_vpp_config()
 912         reply = self.vapi.macip_acl_interface_get()
 913         self.assertEqual(reply.count, intf_count+2)
 914         self.assertEqual(reply.acls[sw_if_index0], 4294967295)
 915         self.assertEqual(reply.acls[sw_if_index1], 0)
 916
 917         intf.append(VppLoInterface(self, 2))
 918         intf.append(VppLoInterface(self, 3))
 919         sw_if_index2 = intf[2].sw_if_index
 920         sw_if_index3 = intf[3].sw_if_index
 921         self.vapi.macip_acl_interface_add_del(sw_if_index2, 1)
 922         self.vapi.macip_acl_interface_add_del(sw_if_index3, 1)
 923
 924         reply = self.vapi.macip_acl_interface_get()
 925         self.assertEqual(reply.count, intf_count+3)
 926         self.assertEqual(reply.acls[sw_if_index1], 0)
 927         self.assertEqual(reply.acls[sw_if_index2], 1)
 928         self.assertEqual(reply.acls[sw_if_index3], 1)
 929
 930         intf[2].remove_vpp_config()
 931         intf[1].remove_vpp_config()
 932
 933         reply = self.vapi.macip_acl_interface_get()
 934         self.assertEqual(reply.count, intf_count+3)
 935         self.assertEqual(reply.acls[sw_if_index0], 4294967295)
 936         self.assertEqual(reply.acls[sw_if_index1], 4294967295)
 937         self.assertEqual(reply.acls[sw_if_index2], 4294967295)
 938         self.assertEqual(reply.acls[sw_if_index3], 1)
 939
 940         intf[3].remove_vpp_config()
 941         reply = self.vapi.macip_acl_interface_get()
 942
 943         self.assertEqual(len([x for x in reply.acls if x != 4294967295]), 0)
 944
 945     def test_acl_routed_ip4_wildMAC_wildIP(self):
 946         """ IP4 MACIP wildcardMAC|wildIP ACL
 947         """
 948
 949         self.run_traffic(self.WILD_MAC, self.WILD_IP,
 950                          self.ROUTED, self.IS_IP4, 9)
 951
 952     def test_acl_routed_ip6_wildMAC_wildIP(self):
 953         """ IP6 MACIP wildcardMAC|wildIP ACL
 954         """
 955
 956         self.run_traffic(self.WILD_MAC, self.WILD_IP,
 957                          self.ROUTED, self.IS_IP6, 9)
 958
 959
 960 if __name__ == '__main__':
 961     unittest.main(testRunner=VppTestRunner)