diff options
author | Patrik Hrnciar <phrnciar@cisco.com> | 2016-06-02 13:59:35 +0200 |
---|---|---|
committer | Matej Klotton <mklotton@cisco.com> | 2016-06-16 08:11:39 +0000 |
commit | 8e014c373bdcd281475d83669122ba5eeefb96c1 (patch) | |
tree | 923a05f06e4785ee1b4f2c4af56ea9f06aa6ee2e /tests/suites/ipv4 | |
parent | 244693d43a5d4a2b8ac3fa7dfcb659b2135743d9 (diff) |
IACL MAC filtering tests
- CSIT-133 VPP drops packets based on MAC src addr.
- CSIT-134 VPP can drop packets based on src MAC + IPv6 UDP src+dst port.
Change-Id: I57d041bc5f3311946679128e556ceef8c4d55264
Signed-off-by: Patrik Hrnciar <phrnciar@cisco.com>
Diffstat (limited to 'tests/suites/ipv4')
-rw-r--r-- | tests/suites/ipv4/ipv4_iacl_untagged.robot | 110 |
1 files changed, 70 insertions, 40 deletions
diff --git a/tests/suites/ipv4/ipv4_iacl_untagged.robot b/tests/suites/ipv4/ipv4_iacl_untagged.robot index 43c4a3732c..0a2aa5e6d4 100644 --- a/tests/suites/ipv4/ipv4_iacl_untagged.robot +++ b/tests/suites/ipv4/ipv4_iacl_untagged.robot @@ -18,6 +18,7 @@ | Resource | resources/libraries/robot/testing_path.robot | Resource | resources/libraries/robot/ipv4.robot | Resource | resources/libraries/robot/l2_xconnect.robot +| Resource | resources/libraries/robot/l2_traffic.robot | Resource | resources/libraries/robot/traffic.robot | Library | resources.libraries.python.Classify.Classify | Library | resources.libraries.python.Trace @@ -39,6 +40,7 @@ | ${non_drop_src_ip}= | 15.0.0.1 | ${prefix_length}= | 24 | ${ip_version}= | ip4 +| ${l2_table}= | l2 *** Test Cases *** | VPP drops packets based on IPv4 source addresses @@ -61,16 +63,17 @@ | | And L2 setup xconnect on DUT | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} | | Then Send Packet And Check Headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table -| | ... | ${dut1_node} | ${ip_version} | src -| | And Vpp Configure Classify Session +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} +| | ... | ${ip_version} | src +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${ip_version} | src | ${test_src_ip} | | And Vpp Enable Input Acl Interface @@ -80,8 +83,8 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | VPP drops packets based on IPv4 destination addresses @@ -107,16 +110,17 @@ | | And L2 setup xconnect on DUT | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} | | Then Send Packet And Check Headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table -| | ... | ${dut1_node} | ${ip_version} | dst -| | And Vpp Configure Classify Session +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} +| | ... | ${ip_version} | dst +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${ip_version} | dst | ${test_dst_ip} | | And Vpp Enable Input Acl Interface @@ -126,8 +130,8 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | VPP drops packets based on IPv4 src-addr and dst-addr @@ -161,13 +165,14 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | ${table_index_1} | ${skip_n_1} | ${match_n_1}= -| | ... | When Vpp Create Classify Table | ${dut1_node} | ${ip_version} | src +| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} +| | ... | ${ip_version} | src | | ${table_index_2} | ${skip_n_2} | ${match_n_2}= -| | ... | And Vpp Create Classify Table | ${dut1_node} | ${ip_version} | dst -| | And Vpp Configure Classify Session +| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} | dst +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_2} | | ... | ${ip_version} | src | ${test_src_ip} -| | And Vpp Configure Classify Session +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} | | ... | ${ip_version} | dst | ${test_dst_ip} | | And Vpp Enable Input Acl Interface @@ -208,9 +213,10 @@ | | And Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | | ... | ${dut1_node} | 0000000000000000000000000000000000000000000000FF -| | And Vpp Configure Classify Session Hex +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | 000000000000000000000000000000000000000000000006 | | And Vpp Enable Input Acl Interface @@ -247,9 +253,10 @@ | | And Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | | ... | ${dut1_node} | 0000000000000000000000000000000000000000000000FF -| | And Vpp Configure Classify Session Hex +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | 000000000000000000000000000000000000000000000011 | | And Vpp Enable Input Acl Interface @@ -288,9 +295,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | source | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -329,9 +336,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -371,9 +378,9 @@ | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | | ... | source + destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -412,9 +419,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | source | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -453,9 +460,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -495,9 +502,9 @@ | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | | ... | source + destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -508,3 +515,26 @@ | | And Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 + +| VPP drops packets based on MAC src addr +| | [Documentation] | Create classify table on VPP, add source MAC address +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And L2 setup xconnect on DUT +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | Then Send and receive ICMP Packet +| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src +| | And Vpp Configures Classify Session L2 +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | src | ${tg_to_dut1_mac} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index} +| | Then Send and receive ICMP Packet should failed +| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} |