gbp: enforce same endpoint mac and ip src

[vpp.git] / test / test_gbp.py

diff --git a/test/test_gbp.py b/test/test_gbp.py
index cc26238..ac0fb22 100644 (file)
--- a/test/test_gbp.py
+++ b/test/test_gbp.py
@@ -3617,6 +3617,16 @@ class TestGBP(VppTestCase):
                              mac=None)
         rep.add_vpp_config()
 
+        #
+        # EP1 impersonating EP3 is dropped
+        #
+        p = (Ether(src=eep1.mac, dst="ff:ff:ff:ff:ff:ff") /
+             Dot1Q(vlan=100) /
+             ARP(op="who-has",
+             psrc="10.0.0.3", pdst="10.0.0.128",
+             hwsrc=eep1.mac, hwdst="ff:ff:ff:ff:ff:ff"))
+        self.send_and_assert_no_replies(self.pg0, p)
+
         #
         # ARP packet from External EPs are accepted and replied to
         #
@@ -3630,11 +3640,11 @@ class TestGBP(VppTestCase):
         #
         # ARP packet from host in remote subnet are accepted and replied to
         #
-        p_arp = (Ether(src=vlan_102.remote_mac, dst="ff:ff:ff:ff:ff:ff") /
+        p_arp = (Ether(src=eep3.mac, dst="ff:ff:ff:ff:ff:ff") /
                  Dot1Q(vlan=102) /
                  ARP(op="who-has",
-                     psrc="10.0.0.17", pdst="10.0.0.128",
-                     hwsrc=vlan_102.remote_mac, hwdst="ff:ff:ff:ff:ff:ff"))
+                     psrc=eep3.ip4.address, pdst="10.0.0.128",
+                     hwsrc=eep3.mac, hwdst="ff:ff:ff:ff:ff:ff"))
         rxs = self.send_and_expect(self.pg0, p_arp * 1, self.pg0)
 
         #