aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrik Hrnciar <phrnciar@cisco.com>2016-06-02 13:59:35 +0200
committerJan Gelety <jgelety@cisco.com>2016-06-22 22:08:13 +0000
commit7782faed31d3802d814de369a8e18fcef35c56ed (patch)
tree7243d62e7545ce55d6748af508e394a50db1516e
parent3cd8b9041dfde2b67499f8d8946589d28bc46c60 (diff)
IACL MAC filtering tests
- CSIT-133 VPP drops packets based on MAC src addr. - CSIT-134 VPP can drop packets based on src MAC + IPv6 UDP src+dst port. Change-Id: I57d041bc5f3311946679128e556ceef8c4d55264 Signed-off-by: Patrik Hrnciar <phrnciar@cisco.com> (cherry picked from commit 8e014c373bdcd281475d83669122ba5eeefb96c1)
-rw-r--r--resources/libraries/python/Classify.py75
-rw-r--r--resources/libraries/robot/l2_traffic.robot65
-rw-r--r--resources/templates/vat/classify_add_session_l2.vat1
-rw-r--r--resources/templates/vat/classify_add_table_l2.vat1
-rw-r--r--tests/suites/ipv4/ipv4_iacl_untagged.robot110
-rw-r--r--tests/suites/ipv6/ipv6_iacl_untagged.robot128
6 files changed, 277 insertions, 103 deletions
diff --git a/resources/libraries/python/Classify.py b/resources/libraries/python/Classify.py
index 7d62e26a67..d955a9cc8c 100644
--- a/resources/libraries/python/Classify.py
+++ b/resources/libraries/python/Classify.py
@@ -21,8 +21,8 @@ class Classify(object):
"""Classify utilities."""
@staticmethod
- def vpp_create_classify_table(node, ip_version, direction):
- """Create classify table.
+ def vpp_creates_classify_table_l3(node, ip_version, direction):
+ """Create classify table for IP address filtering.
:param node: VPP node to create classify table.
:param ip_version: Version of IP protocol.
@@ -54,7 +54,38 @@ class Classify(object):
return table_index, skip_n, match_n
@staticmethod
- def vpp_create_classify_table_hex(node, hex_mask):
+ def vpp_creates_classify_table_l2(node, direction):
+ """Create classify table for MAC address filtering.
+
+ :param node: VPP node to create classify table.
+ :param direction: Direction of traffic - src/dst.
+ :type node: dict
+ :type direction: str
+ :return (table_index, skip_n, match_n)
+ table_index: Classify table index.
+ skip_n: Number of skip vectors.
+ match_n: Number of match vectors.
+ :rtype: tuple(int, int, int)
+ :raises RuntimeError: If VPP can't create table.
+ """
+ output = VatExecutor.cmd_from_template(node,
+ "classify_add_table_l2.vat",
+ direction=direction)
+
+ if output[0]["retval"] == 0:
+ table_index = output[0]["new_table_index"]
+ skip_n = output[0]["skip_n_vectors"]
+ match_n = output[0]["match_n_vectors"]
+ logger.trace('Classify table with table_index {} created on node {}'
+ .format(table_index, node['host']))
+ else:
+ raise RuntimeError('Unable to create classify table on node {}'
+ .format(node['host']))
+
+ return table_index, skip_n, match_n
+
+ @staticmethod
+ def vpp_creates_classify_table_hex(node, hex_mask):
"""Create classify table with hex mask.
:param node: VPP node to create classify table based on hex mask.
@@ -85,9 +116,10 @@ class Classify(object):
return table_index, skip_n, match_n
@staticmethod
- def vpp_configure_classify_session(node, acl_method, table_index, skip_n,
- match_n, ip_version, direction, address):
- """Configuration of classify session.
+ def vpp_configures_classify_session_l3(node, acl_method, table_index, skip_n,
+ match_n, ip_version, direction,
+ address):
+ """Configuration of classify session for IP address filtering.
:param node: VPP node to setup classify session.
:param acl_method: ACL method - deny/permit.
@@ -117,7 +149,36 @@ class Classify(object):
address=address)
@staticmethod
- def vpp_configure_classify_session_hex(node, acl_method, table_index,
+ def vpp_configures_classify_session_l2(node, acl_method, table_index, skip_n,
+ match_n, direction, address):
+ """Configuration of classify session for MAC address filtering.
+
+ :param node: VPP node to setup classify session.
+ :param acl_method: ACL method - deny/permit.
+ :param table_index: Classify table index.
+ :param skip_n: Number of skip vectors based on mask.
+ :param match_n: Number of match vectors based on mask.
+ :param direction: Direction of traffic - src/dst.
+ :param address: IPv4 or IPv6 address.
+ :type node: dict
+ :type acl_method: str
+ :type table_index: int
+ :type skip_n: int
+ :type match_n: int
+ :type direction: str
+ :type address: str
+ """
+ with VatTerminal(node) as vat:
+ vat.vat_terminal_exec_cmd_from_template("classify_add_session_l2.vat",
+ acl_method=acl_method,
+ table_index=table_index,
+ skip_n=skip_n,
+ match_n=match_n,
+ direction=direction,
+ address=address)
+
+ @staticmethod
+ def vpp_configures_classify_session_hex(node, acl_method, table_index,
skip_n, match_n, hex_value):
"""Configuration of classify session with hex value.
diff --git a/resources/libraries/robot/l2_traffic.robot b/resources/libraries/robot/l2_traffic.robot
index 4ec0624c30..1ddb6024fb 100644
--- a/resources/libraries/robot/l2_traffic.robot
+++ b/resources/libraries/robot/l2_traffic.robot
@@ -23,11 +23,11 @@
| | ...
| | ... | *Arguments:*
| | ...
-| | ... | - {tg_node} - TG node. Type: dictionary
-| | ... | - {src_int} - Source interface. Type: string
-| | ... | - {dst_int} - Destination interface. Type: string
-| | ... | - {src_ip} - Source IP address (Optional). Type: string
-| | ... | - {dst_ip} - Destination IP address (Optional). Type: string
+| | ... | - tg_node - TG node. Type: dictionary
+| | ... | - src_int - Source interface. Type: string
+| | ... | - dst_int - Destination interface. Type: string
+| | ... | - src_ip - Source IP address (Optional). Type: string
+| | ... | - dst_ip - Destination IP address (Optional). Type: string
| | ...
| | ... | *Return:*
| | ...
@@ -48,6 +48,39 @@
| | | ... | ${dst_mac} | ${src_ip} | ${dst_ip}
| | Run Traffic Script On Node | send_ip_icmp.py | ${tg_node} | ${args}
+| Send and receive ICMP Packet should failed
+| | [Documentation] | Send ICMPv4/ICMPv6 echo request from source interface to
+| | ... | destination interface and expect failure with
+| | ... | ICMP echo Rx timeout error message.
+| | ...
+| | ... | *Arguments:*
+| | ...
+| | ... | - tg_node - TG node. Type: dictionary
+| | ... | - src_int - Source interface. Type: string
+| | ... | - dst_int - Destination interface. Type: string
+| | ... | - src_ip - Source IP address (Optional). Type: string
+| | ... | - dst_ip - Destination IP address (Optional). Type: string
+| | ...
+| | ... | *Return:*
+| | ...
+| | ... | - No value returned
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | _NOTE:_ Default IP is IPv4
+| | ...
+| | ... | \| Send and receive ICMP Packet \| ${nodes['TG']} \
+| | ... | \| ${tg_to_dut_if1} \| ${tg_to_dut_if2} \|
+| | ...
+| | [Arguments] | ${tg_node} | ${src_int} | ${dst_int} |
+| | ... | ${src_ip}=192.168.100.1 | ${dst_ip}=192.168.100.2
+| | ${src_mac}= | Get Interface Mac | ${tg_node} | ${src_int}
+| | ${dst_mac}= | Get Interface Mac | ${tg_node} | ${dst_int}
+| | ${args}= | Traffic Script Gen Arg | ${dst_int} | ${src_int} | ${src_mac}
+| | | ... | ${dst_mac} | ${src_ip} | ${dst_ip}
+| | Run Keyword And Expect Error | ICMP echo Rx timeout |
+| | ... | Run Traffic Script On Node | send_ip_icmp.py | ${tg_node} | ${args}
+
| Send and receive ICMPv4 bidirectionally
| | [Documentation] | Send ICMPv4 echo request from both directions,
| | ... | from interface1 to interface2 and
@@ -55,11 +88,11 @@
| | ...
| | ... | *Arguments:*
| | ...
-| | ... | - {tg_node} - TG node. Type: dictionary
-| | ... | - {src_int} - Source interface. Type: string
-| | ... | - {dst_int} - Destination interface. Type: string
-| | ... | - {src_ip} - Source IP address (Optional). Type: string
-| | ... | - {dst_ip} - Destination IP address (Optional). Type: string
+| | ... | - tg_node - TG node. Type: dictionary
+| | ... | - src_int - Source interface. Type: string
+| | ... | - dst_int - Destination interface. Type: string
+| | ... | - src_ip - Source IP address (Optional). Type: string
+| | ... | - dst_ip - Destination IP address (Optional). Type: string
| | ...
| | ... | *Return:*
| | ...
@@ -84,11 +117,11 @@
| | ...
| | ... | *Arguments:*
| | ...
-| | ... | - {tg_node} - TG node. Type: dictionary
-| | ... | - {src_int} - Source interface. Type: string
-| | ... | - {dst_int} - Destination interface. Type: string
-| | ... | - {src_ip} - Source IP address (Optional). Type: string
-| | ... | - {dst_ip} - Destination IP address (Optional). Type: string
+| | ... | - tg_node - TG node. Type: dictionary
+| | ... | - src_int - Source interface. Type: string
+| | ... | - dst_int - Destination interface. Type: string
+| | ... | - src_ip - Source IP address (Optional). Type: string
+| | ... | - dst_ip - Destination IP address (Optional). Type: string
| | ...
| | ... | *Return:*
| | ...
@@ -104,4 +137,4 @@
| | Send and receive ICMP Packet | ${tg_node} | ${int1} | ${int2} |
| | ... | ${src_ip} | ${dst_ip}
| | Send and receive ICMP Packet | ${tg_node} | ${int2} | ${int1} |
-| | ... | ${dst_ip} | ${src_ip} \ No newline at end of file
+| | ... | ${dst_ip} | ${src_ip}
diff --git a/resources/templates/vat/classify_add_session_l2.vat b/resources/templates/vat/classify_add_session_l2.vat
new file mode 100644
index 0000000000..7aa6660d6d
--- /dev/null
+++ b/resources/templates/vat/classify_add_session_l2.vat
@@ -0,0 +1 @@
+classify_add_del_session acl-hit-next {acl_method} table-index {table_index} skip_n {skip_n} match_n {match_n} match l2 {direction} {address} \ No newline at end of file
diff --git a/resources/templates/vat/classify_add_table_l2.vat b/resources/templates/vat/classify_add_table_l2.vat
new file mode 100644
index 0000000000..8851613141
--- /dev/null
+++ b/resources/templates/vat/classify_add_table_l2.vat
@@ -0,0 +1 @@
+classify_add_del_table mask l2 {direction} \ No newline at end of file
diff --git a/tests/suites/ipv4/ipv4_iacl_untagged.robot b/tests/suites/ipv4/ipv4_iacl_untagged.robot
index 43c4a3732c..0a2aa5e6d4 100644
--- a/tests/suites/ipv4/ipv4_iacl_untagged.robot
+++ b/tests/suites/ipv4/ipv4_iacl_untagged.robot
@@ -18,6 +18,7 @@
| Resource | resources/libraries/robot/testing_path.robot
| Resource | resources/libraries/robot/ipv4.robot
| Resource | resources/libraries/robot/l2_xconnect.robot
+| Resource | resources/libraries/robot/l2_traffic.robot
| Resource | resources/libraries/robot/traffic.robot
| Library | resources.libraries.python.Classify.Classify
| Library | resources.libraries.python.Trace
@@ -39,6 +40,7 @@
| ${non_drop_src_ip}= | 15.0.0.1
| ${prefix_length}= | 24
| ${ip_version}= | ip4
+| ${l2_table}= | l2
*** Test Cases ***
| VPP drops packets based on IPv4 source addresses
@@ -61,16 +63,17 @@
| | And L2 setup xconnect on DUT
| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
| | Then Send Packet And Check Headers | ${tg_node}
-| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
-| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
+| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1}
+| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| | And Send Packet And Check Headers | ${tg_node}
| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table
-| | ... | ${dut1_node} | ${ip_version} | src
-| | And Vpp Configure Classify Session
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table L3 | ${dut1_node}
+| | ... | ${ip_version} | src
+| | And Vpp Configures Classify Session L3
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${ip_version} | src | ${test_src_ip}
| | And Vpp Enable Input Acl Interface
@@ -80,8 +83,8 @@
| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| | And Send Packet And Check Headers | ${tg_node}
-| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
-| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
+| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1}
+| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| VPP drops packets based on IPv4 destination addresses
@@ -107,16 +110,17 @@
| | And L2 setup xconnect on DUT
| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
| | Then Send Packet And Check Headers | ${tg_node}
-| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
-| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
+| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1}
+| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| | And Send Packet And Check Headers | ${tg_node}
| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table
-| | ... | ${dut1_node} | ${ip_version} | dst
-| | And Vpp Configure Classify Session
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table L3 | ${dut1_node}
+| | ... | ${ip_version} | dst
+| | And Vpp Configures Classify Session L3
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${ip_version} | dst | ${test_dst_ip}
| | And Vpp Enable Input Acl Interface
@@ -126,8 +130,8 @@
| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| | And Send Packet And Check Headers | ${tg_node}
-| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
-| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
+| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1}
+| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| VPP drops packets based on IPv4 src-addr and dst-addr
@@ -161,13 +165,14 @@
| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| | ${table_index_1} | ${skip_n_1} | ${match_n_1}=
-| | ... | When Vpp Create Classify Table | ${dut1_node} | ${ip_version} | src
+| | ... | When Vpp Creates Classify Table L3 | ${dut1_node}
+| | ... | ${ip_version} | src
| | ${table_index_2} | ${skip_n_2} | ${match_n_2}=
-| | ... | And Vpp Create Classify Table | ${dut1_node} | ${ip_version} | dst
-| | And Vpp Configure Classify Session
+| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} | dst
+| | And Vpp Configures Classify Session L3
| | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_2}
| | ... | ${ip_version} | src | ${test_src_ip}
-| | And Vpp Configure Classify Session
+| | And Vpp Configures Classify Session L3
| | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2}
| | ... | ${ip_version} | dst | ${test_dst_ip}
| | And Vpp Enable Input Acl Interface
@@ -208,9 +213,10 @@
| | And Send TCP or UDP packet | ${tg_node}
| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex
| | ... | ${dut1_node} | 0000000000000000000000000000000000000000000000FF
-| | And Vpp Configure Classify Session Hex
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | 000000000000000000000000000000000000000000000006
| | And Vpp Enable Input Acl Interface
@@ -247,9 +253,10 @@
| | And Send TCP or UDP packet | ${tg_node}
| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex
| | ... | ${dut1_node} | 0000000000000000000000000000000000000000000000FF
-| | And Vpp Configure Classify Session Hex
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | 000000000000000000000000000000000000000000000011
| | And Vpp Enable Input Acl Interface
@@ -288,9 +295,9 @@
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20
| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | source
| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
-| | ... | ${dut1_node} | ${hex_mask}
-| | And Vpp Configure Classify Session Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask}
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${hex_value}
| | And Vpp Enable Input Acl Interface
@@ -329,9 +336,9 @@
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80
| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | destination
| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
-| | ... | ${dut1_node} | ${hex_mask}
-| | And Vpp Configure Classify Session Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask}
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${hex_value}
| | And Vpp Enable Input Acl Interface
@@ -371,9 +378,9 @@
| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP
| | ... | source + destination
| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
-| | ... | ${dut1_node} | ${hex_mask}
-| | And Vpp Configure Classify Session Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask}
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${hex_value}
| | And Vpp Enable Input Acl Interface
@@ -412,9 +419,9 @@
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20
| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | source
| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
-| | ... | ${dut1_node} | ${hex_mask}
-| | And Vpp Configure Classify Session Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask}
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${hex_value}
| | And Vpp Enable Input Acl Interface
@@ -453,9 +460,9 @@
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80
| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | destination
| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
-| | ... | ${dut1_node} | ${hex_mask}
-| | And Vpp Configure Classify Session Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask}
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${hex_value}
| | And Vpp Enable Input Acl Interface
@@ -495,9 +502,9 @@
| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP
| | ... | source + destination
| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
-| | ... | ${dut1_node} | ${hex_mask}
-| | And Vpp Configure Classify Session Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask}
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${hex_value}
| | And Vpp Enable Input Acl Interface
@@ -508,3 +515,26 @@
| | And Send TCP or UDP packet | ${tg_node}
| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25
+
+| VPP drops packets based on MAC src addr
+| | [Documentation] | Create classify table on VPP, add source MAC address
+| | ... | of traffic into table and setup 'deny' traffic
+| | ... | and check if traffic is dropped.
+| | Given Path for 3-node testing is set
+| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']}
+| | And Interfaces in 3-node path are up
+| | And L2 setup xconnect on DUT
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg}
+| | And L2 setup xconnect on DUT
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
+| | Then Send and receive ICMP Packet
+| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src
+| | And Vpp Configures Classify Session L2
+| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
+| | ... | src | ${tg_to_dut1_mac}
+| | And Vpp Enable Input Acl Interface
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index}
+| | Then Send and receive ICMP Packet should failed
+| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
diff --git a/tests/suites/ipv6/ipv6_iacl_untagged.robot b/tests/suites/ipv6/ipv6_iacl_untagged.robot
index 2e8ec66786..ffe9880968 100644
--- a/tests/suites/ipv6/ipv6_iacl_untagged.robot
+++ b/tests/suites/ipv6/ipv6_iacl_untagged.robot
@@ -41,6 +41,7 @@
| ${non_drop_src_ip}= | 3ffe:51::1
| ${prefix_length}= | 64
| ${ip_version}= | ip6
+| ${l2_table}= | l2
*** Test Cases ***
| VPP drops packets based on IPv6 source addresses
@@ -64,16 +65,17 @@
| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
| | And Vpp All Ra Suppress Link Layer | ${nodes}
| | Then Send Packet And Check Headers | ${tg_node}
-| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
-| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
+| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1}
+| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| | And Send Packet And Check Headers | ${tg_node}
| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table
-| | ... | ${dut1_node} | ${ip_version} | src
-| | And Vpp Configure Classify Session
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table L3 | ${dut1_node}
+| | ... | ${ip_version} | src
+| | And Vpp Configures Classify Session L3
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${ip_version} | src | ${test_src_ip}
| | And Vpp Enable Input Acl Interface
@@ -83,8 +85,8 @@
| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| | And Send Packet And Check Headers | ${tg_node}
-| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
-| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
+| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1}
+| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| VPP drops packets based on IPv6 destination addresses
@@ -111,16 +113,17 @@
| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
| | And Vpp All Ra Suppress Link Layer | ${nodes}
| | Then Send Packet And Check Headers | ${tg_node}
-| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
-| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
+| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1}
+| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| | And Send Packet And Check Headers | ${tg_node}
| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table
-| | ... | ${dut1_node} | ${ip_version} | dst
-| | And Vpp Configure Classify Session
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table L3 | ${dut1_node}
+| | ... | ${ip_version} | dst
+| | And Vpp Configures Classify Session L3
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${ip_version} | dst | ${test_dst_ip}
| | And Vpp Enable Input Acl Interface
@@ -130,8 +133,8 @@
| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| | And Send Packet And Check Headers | ${tg_node}
-| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
-| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
+| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1}
+| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| VPP drops packets based on IPv6 src-addr and dst-addr
@@ -166,13 +169,14 @@
| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2}
| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac}
| | ${table_index_1} | ${skip_n_1} | ${match_n_1}=
-| | ... | When Vpp Create Classify Table | ${dut1_node} | ${ip_version} | src
+| | ... | When Vpp Creates Classify Table L3 | ${dut1_node}
+| | ... | ${ip_version} | src
| | ${table_index_2} | ${skip_n_2} | ${match_n_2}=
-| | ... | And Vpp Create Classify Table | ${dut1_node} | ${ip_version} | dst
-| | And Vpp Configure Classify Session
+| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} | dst
+| | And Vpp Configures Classify Session L3
| | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_2}
| | ... | ${ip_version} | src | ${test_src_ip}
-| | And Vpp Configure Classify Session
+| | And Vpp Configures Classify Session L3
| | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2}
| | ... | ${ip_version} | dst | ${test_dst_ip}
| | And Vpp Enable Input Acl Interface
@@ -214,9 +218,10 @@
| | And Send TCP or UDP packet | ${tg_node}
| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex
| | ... | ${dut1_node} | 0000000000000000000000000000000000000000FF
-| | And Vpp Configure Classify Session Hex
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | 000000000000000000000000000000000000000006
| | And Vpp Enable Input Acl Interface
@@ -254,9 +259,10 @@
| | And Send TCP or UDP packet | ${tg_node}
| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex
| | ... | ${dut1_node} | 0000000000000000000000000000000000000000FF
-| | And Vpp Configure Classify Session Hex
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | 000000000000000000000000000000000000000011
| | And Vpp Enable Input Acl Interface
@@ -296,9 +302,9 @@
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20
| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | source
| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
-| | ... | ${dut1_node} | ${hex_mask}
-| | And Vpp Configure Classify Session Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask}
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${hex_value}
| | And Vpp Enable Input Acl Interface
@@ -338,9 +344,9 @@
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80
| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | destination
| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
-| | ... | ${dut1_node} | ${hex_mask}
-| | And Vpp Configure Classify Session Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask}
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${hex_value}
| | And Vpp Enable Input Acl Interface
@@ -381,9 +387,9 @@
| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP
| | ... | source + destination
| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
-| | ... | ${dut1_node} | ${hex_mask}
-| | And Vpp Configure Classify Session Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask}
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${hex_value}
| | And Vpp Enable Input Acl Interface
@@ -423,9 +429,9 @@
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20
| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | source
| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
-| | ... | ${dut1_node} | ${hex_mask}
-| | And Vpp Configure Classify Session Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask}
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${hex_value}
| | And Vpp Enable Input Acl Interface
@@ -465,9 +471,9 @@
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80
| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | destination
| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
-| | ... | ${dut1_node} | ${hex_mask}
-| | And Vpp Configure Classify Session Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask}
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${hex_value}
| | And Vpp Enable Input Acl Interface
@@ -508,9 +514,9 @@
| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP
| | ... | source + destination
| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20
-| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex
-| | ... | ${dut1_node} | ${hex_mask}
-| | And Vpp Configure Classify Session Hex
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask}
+| | And Vpp Configures Classify Session Hex
| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
| | ... | ${hex_value}
| | And Vpp Enable Input Acl Interface
@@ -521,3 +527,45 @@
| | And Send TCP or UDP packet | ${tg_node}
| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25
+
+| VPP can drop packets based on src MAC + IPv6 UDP src+dst port
+| | [Documentation] | Create first classify table on VPP, for source MAC address
+| | ... | filtering and second classify table for IPv6 UDP source
+| | ... | and destination port filtering. Add MAC address and UDP
+| | ... | ports into table and set 'deny' traffic.
+| | ... | Check if traffic is dropped.
+| | Given Path for 3-node testing is set
+| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']}
+| | And Interfaces in 3-node path are up
+| | And L2 setup xconnect on DUT
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg}
+| | And L2 setup xconnect on DUT
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
+| | And Vpp All Ra Suppress Link Layer | ${nodes}
+| | Then Send TCP or UDP packet | ${tg_node}
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
+| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25
+| | And Send TCP or UDP packet | ${tg_node}
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
+| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src
+| | And Vpp Configures Classify Session L2
+| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
+| | ... | src | ${tg_to_dut1_mac}
+| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP
+| | ... | source + destination
+| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20
+| | ${table_index} | ${skip_n} | ${match_n}=
+| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask}
+| | And Vpp Configures Classify Session Hex
+| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
+| | ... | ${hex_value}
+| | And Vpp Enable Input Acl Interface
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index}
+| | Then Send TCP or UDP packet | ${tg_node}
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
+| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25
+| | And Send TCP or UDP packet should failed | ${tg_node}
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
+| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20