diff options
author | Patrik Hrnciar <phrnciar@cisco.com> | 2016-06-02 13:59:35 +0200 |
---|---|---|
committer | Matej Klotton <mklotton@cisco.com> | 2016-06-16 08:11:39 +0000 |
commit | 8e014c373bdcd281475d83669122ba5eeefb96c1 (patch) | |
tree | 923a05f06e4785ee1b4f2c4af56ea9f06aa6ee2e /tests/suites/ipv6 | |
parent | 244693d43a5d4a2b8ac3fa7dfcb659b2135743d9 (diff) |
IACL MAC filtering tests
- CSIT-133 VPP drops packets based on MAC src addr.
- CSIT-134 VPP can drop packets based on src MAC + IPv6 UDP src+dst port.
Change-Id: I57d041bc5f3311946679128e556ceef8c4d55264
Signed-off-by: Patrik Hrnciar <phrnciar@cisco.com>
Diffstat (limited to 'tests/suites/ipv6')
-rw-r--r-- | tests/suites/ipv6/ipv6_iacl_untagged.robot | 128 |
1 files changed, 88 insertions, 40 deletions
diff --git a/tests/suites/ipv6/ipv6_iacl_untagged.robot b/tests/suites/ipv6/ipv6_iacl_untagged.robot index 2e8ec66786..ffe9880968 100644 --- a/tests/suites/ipv6/ipv6_iacl_untagged.robot +++ b/tests/suites/ipv6/ipv6_iacl_untagged.robot @@ -41,6 +41,7 @@ | ${non_drop_src_ip}= | 3ffe:51::1 | ${prefix_length}= | 64 | ${ip_version}= | ip6 +| ${l2_table}= | l2 *** Test Cases *** | VPP drops packets based on IPv6 source addresses @@ -64,16 +65,17 @@ | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} | | And Vpp All Ra Suppress Link Layer | ${nodes} | | Then Send Packet And Check Headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table -| | ... | ${dut1_node} | ${ip_version} | src -| | And Vpp Configure Classify Session +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} +| | ... | ${ip_version} | src +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${ip_version} | src | ${test_src_ip} | | And Vpp Enable Input Acl Interface @@ -83,8 +85,8 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | VPP drops packets based on IPv6 destination addresses @@ -111,16 +113,17 @@ | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} | | And Vpp All Ra Suppress Link Layer | ${nodes} | | Then Send Packet And Check Headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table -| | ... | ${dut1_node} | ${ip_version} | dst -| | And Vpp Configure Classify Session +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} +| | ... | ${ip_version} | dst +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${ip_version} | dst | ${test_dst_ip} | | And Vpp Enable Input Acl Interface @@ -130,8 +133,8 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | VPP drops packets based on IPv6 src-addr and dst-addr @@ -166,13 +169,14 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | ${table_index_1} | ${skip_n_1} | ${match_n_1}= -| | ... | When Vpp Create Classify Table | ${dut1_node} | ${ip_version} | src +| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} +| | ... | ${ip_version} | src | | ${table_index_2} | ${skip_n_2} | ${match_n_2}= -| | ... | And Vpp Create Classify Table | ${dut1_node} | ${ip_version} | dst -| | And Vpp Configure Classify Session +| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} | dst +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_2} | | ... | ${ip_version} | src | ${test_src_ip} -| | And Vpp Configure Classify Session +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} | | ... | ${ip_version} | dst | ${test_dst_ip} | | And Vpp Enable Input Acl Interface @@ -214,9 +218,10 @@ | | And Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | | ... | ${dut1_node} | 0000000000000000000000000000000000000000FF -| | And Vpp Configure Classify Session Hex +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | 000000000000000000000000000000000000000006 | | And Vpp Enable Input Acl Interface @@ -254,9 +259,10 @@ | | And Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | | ... | ${dut1_node} | 0000000000000000000000000000000000000000FF -| | And Vpp Configure Classify Session Hex +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | 000000000000000000000000000000000000000011 | | And Vpp Enable Input Acl Interface @@ -296,9 +302,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | source | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -338,9 +344,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -381,9 +387,9 @@ | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | | ... | source + destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -423,9 +429,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | source | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -465,9 +471,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -508,9 +514,9 @@ | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | | ... | source + destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -521,3 +527,45 @@ | | And Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 + +| VPP can drop packets based on src MAC + IPv6 UDP src+dst port +| | [Documentation] | Create first classify table on VPP, for source MAC address +| | ... | filtering and second classify table for IPv6 UDP source +| | ... | and destination port filtering. Add MAC address and UDP +| | ... | ports into table and set 'deny' traffic. +| | ... | Check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And L2 setup xconnect on DUT +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src +| | And Vpp Configures Classify Session L2 +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | src | ${tg_to_dut1_mac} +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP +| | ... | source + destination +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 +| | And Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 |