diff options
author | Tibor Frank <tifrank@cisco.com> | 2019-06-14 09:26:38 +0200 |
---|---|---|
committer | Tibor Frank <tifrank@cisco.com> | 2019-06-28 08:11:47 +0200 |
commit | 10e0393fde6d919cf0e5848bc5e506d981642ef8 (patch) | |
tree | 21a5902cab3b71677de48477074fc505dbb0f9f5 /tests/vpp/func | |
parent | a8b330a297d085a217ecdb39a74130ee0626b16e (diff) |
VAT-to-PAPI: Classify
Change-Id: Ic06a0a65429680e6ecdc3f5288d091c2c2630921
Signed-off-by: Tibor Frank <tifrank@cisco.com>
Diffstat (limited to 'tests/vpp/func')
3 files changed, 71 insertions, 791 deletions
diff --git a/tests/vpp/func/ip4/eth2p-ethip4-ip4base-iaclbase-func.robot b/tests/vpp/func/ip4/eth2p-ethip4-ip4base-iaclbase-func.robot index edc9480260..b8528f36d1 100644 --- a/tests/vpp/func/ip4/eth2p-ethip4-ip4base-iaclbase-func.robot +++ b/tests/vpp/func/ip4/eth2p-ethip4-ip4base-iaclbase-func.robot @@ -36,10 +36,10 @@ | ... | ingress ACL (iACL) tests use 3-node topology TG - DUT1 - DUT2 - TG with | ... | one link between the nodes. DUT1 and DUT2 are configured with IPv4 | ... | routing and static routes. DUT1 is configured with iACL on link to TG, -| ... | iACL classification and permit/deny action are configured on a per test +| ... | iACL classification and permit action are configured on a per test | ... | case basis. Test ICMPv4 Echo Request packets are sent in one direction | ... | by TG on link to DUT1 and received on TG link to DUT2. On receive TG -| ... | verifies if packets are dropped, or if received verifies packet IPv4 +| ... | verifies if packets are accepted, or if received verifies packet IPv4 | ... | src-addr, dst-addr and MAC addresses. *** Variables *** @@ -55,101 +55,10 @@ | ${l2_table}= | l2 *** Test Cases *** -| TC01: DUT with iACL IPv4 src-addr drops matching pkts -| | [Documentation] -| | ... | On DUT1 add source IPv4 address to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send packet and verify headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} -| | ... | ${ip_version} | src -| | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${ip_version} | src | ${test_src_ip} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then Packet transmission from port to port should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} - -| TC02: DUT with iACL IPv4 dst-addr drops matching pkts -| | [Documentation] -| | ... | On DUT1 add destination IPv4 address to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${non_drop_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} -| | ... | ${ip_version} | dst -| | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${ip_version} | dst | ${test_dst_ip} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then Packet transmission from port to port should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} - -| TC03: DUT with iACL IPv4 src-addr and dst-addr drops matching pkts +| TC01: DUT with iACL IPv4 src-addr and dst-addr accepts matching pkts | | [Documentation] | | ... | On DUT1 add source and destination IPv4 addresses to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. +| | ... | with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -178,20 +87,21 @@ | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | ${table_index_1} | ${skip_n_1} | ${match_n_1}= | | ... | When Vpp Creates Classify Table L3 | ${dut1_node} -| | ... | ${ip_version} | src +| | ... | ${ip_version} | src | ${test_src_ip} | | ${table_index_2} | ${skip_n_2} | ${match_n_2}= -| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} | dst +| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} +| | ... | dst | ${test_dst_ip} | | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_1} +| | ... | ${dut1_node} | permit | ${table_index_1} | | ... | ${ip_version} | src | ${test_src_ip} | | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} +| | ... | ${dut1_node} | permit | ${table_index_2} | | ... | ${ip_version} | dst | ${test_dst_ip} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index_1} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index_2} -| | Then Packet transmission from port to port should fail | ${tg_node} +| | Then Send packet and verify headers | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} @@ -200,172 +110,10 @@ | | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| TC04: DUT with iACL IPv4 protocol set to TCP drops matching pkts -| | [Documentation] -| | ... | On DUT1 add protocol mask and TCP protocol (0x06) to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex -| | ... | ${dut1_node} | 0000000000000000000000000000000000000000000000FF -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | 000000000000000000000000000000000000000000000006 -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 - -| TC05: DUT with iACL IPv4 protocol set to UDP drops matching pkts -| | [Documentation] -| | ... | On DUT1 add protocol mask and UDP protocol (0x11) to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex -| | ... | ${dut1_node} | 0000000000000000000000000000000000000000000000FF -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | 000000000000000000000000000000000000000000000011 -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 - -| TC06: DUT with iACL IPv4 TCP src-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add TCP source ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | source -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 20 - -| TC07: DUT with iACL IPv4 TCP dst-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add TCP destination ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 110 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | destination -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 110 - -| TC08: DUT with iACL IPv4 TCP src-ports and dst-ports drops matching pkts +| TC02: DUT with iACL IPv4 TCP src-ports and dst-ports accepts matching pkts | | [Documentation] | | ... | On DUT1 add TCP source and destination ports to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. +| | ... | with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -393,103 +141,20 @@ | | ${table_index} | ${skip_n} | ${match_n}= | | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} | | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} +| | ... | ${dut1_node} | permit | ${table_index} | ${hex_value} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} +| | Then Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 | | And Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 25 -| TC09: DUT with iACL IPv4 UDP src-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add UDP source ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | source -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 20 - -| TC10: DUT with iACL IPv4 UDP dst-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add TCP destination ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address | ${dut1_node} -| | ... | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 110 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | destination -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 110 - -| TC11: DUT with iACL IPv4 UDP src-ports and dst-ports drops matching pkts +| TC03: DUT with iACL IPv4 UDP src-ports and dst-ports accepts matching pkts | | [Documentation] | | ... | On DUT1 add UDP source and destination ports to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. +| | ... | with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -517,11 +182,10 @@ | | ${table_index} | ${skip_n} | ${match_n}= | | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} | | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} +| | ... | ${dut1_node} | permit | ${table_index} | ${hex_value} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} +| | Then Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 | | And Send TCP or UDP packet and verify received packet | ${tg_node} diff --git a/tests/vpp/func/ip6/eth2p-ethip6-ip6base-iaclbase-func.robot b/tests/vpp/func/ip6/eth2p-ethip6-ip6base-iaclbase-func.robot index 74a92d26ed..ad0d322948 100644 --- a/tests/vpp/func/ip6/eth2p-ethip6-ip6base-iaclbase-func.robot +++ b/tests/vpp/func/ip6/eth2p-ethip6-ip6base-iaclbase-func.robot @@ -36,10 +36,10 @@ | ... | ingress ACL (iACL) tests use 3-node topology TG - DUT1 - DUT2 - TG with | ... | one link between the nodes. DUT1 and DUT2 are configured with IPv6 | ... | routing and static routes. DUT1 is configured with iACL on link to TG, -| ... | iACL classification and permit/deny action are configured on a per test +| ... | iACL classification and permit action are configured on a per test | ... | case basis. Test ICMPv6 Echo Request packets are sent in one direction | ... | by TG on link to DUT1 and received on TG link to DUT2. On receive TG -| ... | verifies if packets are dropped, or if received verifies packet IPv6 +| ... | verifies if packets are accepted, or if received verifies packet IPv6 | ... | src-addr, dst-addr and MAC addresses. *** Variables *** @@ -57,103 +57,10 @@ | ${l2_table}= | l2 *** Test Cases *** -| TC01: DUT with iACL IPv6 src-addr drops matching pkts -| | [Documentation] -| | ... | On DUT1 add source IPv6 address to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send packet and verify headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} -| | ... | ${ip_version} | src -| | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${ip_version} | src | ${test_src_ip} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then Packet transmission from port to port should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} - -| TC02: DUT with iACL IPv6 dst-addr drops matching pkts -| | [Documentation] -| | ... | On DUT1 add destination IPv6 address to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${non_drop_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} -| | ... | ${ip_version} | dst -| | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${ip_version} | dst | ${test_dst_ip} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then Packet transmission from port to port should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | And Send packet and verify headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} -| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} -| | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} - -| TC03: DUT with iACL IPv6 src-addr and dst-addr drops matching pkts +| TC01: DUT with iACL IPv6 src-addr and dst-addr accepts matching pkts | | [Documentation] | | ... | On DUT1 add source and destination IPv6 addresses to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. +| | ... | with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -183,20 +90,21 @@ | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | ${table_index_1} | ${skip_n_1} | ${match_n_1}= | | ... | When Vpp Creates Classify Table L3 | ${dut1_node} -| | ... | ${ip_version} | src +| | ... | ${ip_version} | src | ${test_src_ip} | | ${table_index_2} | ${skip_n_2} | ${match_n_2}= -| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} | dst +| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} +| | ... | dst | ${test_dst_ip} | | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_1} +| | ... | ${dut1_node} | permit | ${table_index_1} | | ... | ${ip_version} | src | ${test_src_ip} | | And Vpp Configures Classify Session L3 -| | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} +| | ... | ${dut1_node} | permit | ${table_index_2} | | ... | ${ip_version} | dst | ${test_dst_ip} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index_1} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index_2} -| | Then Packet transmission from port to port should fail | ${tg_node} +| | Then Send packet and verify headers | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} @@ -205,183 +113,18 @@ | | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| TC04: DUT with iACL IPv6 protocol set to TCP drops matching pkts -| | [Documentation] -| | ... | On DUT1 add protocol mask and TCP protocol (0x06) to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex -| | ... | ${dut1_node} | 0000000000000000000000000000000000000000FF -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | 000000000000000000000000000000000000000006 -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 - -| TC05: DUT with iACL IPv6 protocol set to UDP drops matching pkts -| | [Documentation] -| | ... | On DUT1 add protocol mask and UDP protocol (0x11) to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex -| | ... | ${dut1_node} | 0000000000000000000000000000000000000000FF -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | 000000000000000000000000000000000000000011 -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 - -| TC06: DUT with iACL IPv6 TCP src-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add TCP source ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | source -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 20 - -| TC07: DUT with iACL IPv6 TCP dst-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add TCP destination ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 110 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | destination -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 110 - -| TC08: DUT with iACL IPv6 TCP src-ports and dst-ports drops matching pkts +| TC02: DUT with iACL IPv6 TCP src-ports and dst-ports accepts matching pkts | | [Documentation] | | ... | On DUT1 add TCP source and destination ports to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. +| | ... | with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up | | And VPP Interface Set IP Address | | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} | | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} +| | ... | ${prefix_length} | | And VPP Add IP Neighbor | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} | | ... | ${tg_to_dut2_mac} @@ -403,112 +146,28 @@ | | ${table_index} | ${skip_n} | ${match_n}= | | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} | | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} +| | ... | ${dut1_node} | permit | ${table_index} | ${hex_value} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} +| | Then Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 | | And Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 110 | 25 -| TC09: DUT with iACL IPv6 UDP src-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add UDP source ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | source -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 20 - -| TC10: DUT with iACL IPv6 UDP dst-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add TCP destination ports to classify table with 'deny'.\ -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} -| | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} -| | And VPP Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} -| | ... | ${tg_to_dut2_mac} -| | And Vpp Route Add -| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} -| | ... | gateway=${dut1_to_dut2_ip_GW} | interface=${dut1_to_dut2} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 110 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | destination -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 110 - -| TC11: DUT with iACL IPv6 UDP src-ports and dst-ports drops matching pkts +| TC03: DUT with iACL IPv6 UDP src-ports and dst-ports accepts matching pkts | | [Documentation] | | ... | On DUT1 add UDP source and destination ports to classify table\ -| | ... | with 'deny'. Make TG verify matching packets are dropped. +| | ... | with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up | | And VPP Interface Set IP Address | | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_to_tg_ip} | ${prefix_length} | | And VPP Interface Set IP Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} | ${prefix_length} +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip} +| | ... | ${prefix_length} | | And VPP Add IP Neighbor | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_dut2_ip_GW} | | ... | ${tg_to_dut2_mac} @@ -530,54 +189,12 @@ | | ${table_index} | ${skip_n} | ${match_n}= | | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} | | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} +| | ... | ${dut1_node} | permit | ${table_index} | ${hex_value} | | And Vpp Enable Input Acl Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${ip_version} | ${table_index} -| | Then TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 - -| TC12: DUT with iACL MAC src-addr and iACL IPv6 UDP src-ports and dst-ports drops matching pkts -| | [Documentation] -| | ... | On DUT1 add source MAC address to classify (L2) table and add UDP\ -| | ... | source and destination ports to classify (hex) table with 'deny'. -| | ... | Make TG verify matching packets are dropped. -| | Given Configure path in 3-node circular topology -| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} -| | And Set interfaces in 3-node circular topology up -| | And Configure L2XC -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg} -| | And Configure L2XC -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Vpp All Ra Suppress Link Layer | ${nodes} | | Then Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 -| | And Send TCP or UDP packet and verify received packet | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src -| | And Vpp Configures Classify Session L2 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | src | ${tg_to_dut1_mac} -| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP -| | ... | source + destination -| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} -| | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | ${hex_value} -| | And Vpp Enable Input Acl Interface -| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index} -| | Then Send TCP or UDP packet and verify received packet | ${tg_node} +| | And Send TCP or UDP packet and verify received packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 -| | And TCP or UDP packet transmission should fail | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 diff --git a/tests/vpp/func/l2xc/eth2p-eth-l2xcbase-iaclbase-func.robot b/tests/vpp/func/l2xc/eth2p-eth-l2xcbase-iaclbase-func.robot index b62f0f8731..c12a6100f4 100644 --- a/tests/vpp/func/l2xc/eth2p-eth-l2xcbase-iaclbase-func.robot +++ b/tests/vpp/func/l2xc/eth2p-eth-l2xcbase-iaclbase-func.robot @@ -1,4 +1,4 @@ -# Copyright (c) 2016 Cisco and/or its affiliates. +# Copyright (c) 2019 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -31,17 +31,16 @@ | ... | DUT1 is configured with iACL classification on link to TG, | ... | *[Ver] TG verification:* Test ICMPv4 Echo Request packets are sent | ... | in one direction by TG on link to DUT1 and received on TG link -| ... | to DUT2. On receive TG verifies if packets are dropped. +| ... | to DUT2. On receive TG verifies if packets are accepted. *** Variables *** | ${l2_table}= | l2 *** Test Cases *** -| TC01: DUT with iACL MAC src-addr drops matching pkts +| TC01: DUT with iACL MAC src-addr accepts matching pkts | | [Documentation] | | ... | [Top] TG-DUT1-DUT2-TG. -| | ... | [Cfg] On DUT1 add source MAC address to classify table with 'deny'. -| | ... | [Ver] Make TG verify matching packets are dropped. +| | ... | [Cfg] On DUT1 add source MAC address to classify table with 'permit'. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -52,21 +51,21 @@ | | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} | | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src -| | And Vpp Configures Classify Session L2 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | | ... | src | ${tg_to_dut1_mac} +| | And Vpp Configures Classify Session L2 +| | ... | ${dut1_node} | permit | ${table_index} | src | ${tg_to_dut1_mac} | | And Vpp Enable Input ACL Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index} -| | Then ICMP packet transmission should fail +| | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} -| TC02: DUT with iACL MAC dst-addr drops matching pkts +| TC02: DUT with iACL MAC dst-addr accepts matching pkts | | [Documentation] | | ... | [Top] TG-DUT1-DUT2-TG. | | ... | [Cfg] On DUT1 add destination MAC address to classify -| | ... | table with 'deny'. -| | ... | [Ver] Make TG verify matching packets are dropped. +| | ... | table with 'permit'. +| | ... | [Ver] Make TG verify matching packets are accepted. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -77,21 +76,21 @@ | | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} | | ${table_index} | ${skip_n} | ${match_n}= -| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | dst -| | And Vpp Configures Classify Session L2 -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | | ... | dst | ${tg_to_dut2_mac} +| | And Vpp Configures Classify Session L2 +| | ... | ${dut1_node} | permit | ${table_index} | dst | ${tg_to_dut2_mac} | | And Vpp Enable Input ACL Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index} -| | Then ICMP packet transmission should fail +| | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} -| TC03: DUT with iACL MAC src-addr and dst-addr drops matching pkts +| TC03: DUT with iACL MAC src-addr and dst-addr accepts matching pkts | | [Documentation] | | ... | [Top] TG-DUT1-DUT2-TG. | | ... | [Cfg] On DUT1 add source and destination MAC address to classify -| | ... | table with 'deny'. -| | ... | [Ver] Make TG verify matching packets are dropped. +| | ... | table with 'permit'. +| | ... | [Ver] Make TG verify matching packets are accepted. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -102,27 +101,28 @@ | | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} | | ${table_index_1} | ${skip_n_1} | ${match_n_1}= -| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src -| | And Vpp Configures Classify Session L2 -| | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_1} +| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | | ... | src | ${tg_to_dut1_mac} -| | ${table_index_2} | ${skip_n_2} | ${match_n_2}= -| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | dst | | And Vpp Configures Classify Session L2 -| | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} +| | ... | ${dut1_node} | permit | ${table_index_1} | src | ${tg_to_dut1_mac} +| | ${table_index_2} | ${skip_n_2} | ${match_n_2}= +| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | | ... | dst | ${tg_to_dut1_mac} +| | And Vpp Configures Classify Session L2 +| | ... | ${dut1_node} | permit | ${table_index_2} | dst | ${tg_to_dut1_mac} | | And Vpp Enable Input ACL Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index_1} | | And Vpp Enable Input ACL Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index_2} -| | Then ICMP packet transmission should fail +| | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} -| TC04: DUT with iACL EtherType drops matching pkts +| TC04: DUT with iACL EtherType accepts matching pkts | | [Documentation] | | ... | [Top] TG-DUT1-DUT2-TG. -| | ... | [Cfg] On DUT1 add EtherType IPv4(0x0800) to classify table with 'deny'. -| | ... | [Ver] Make TG verify matching packets are dropped. +| | ... | [Cfg] On DUT1 add EtherType IPv4(0x0800) to classify table with +| | ... | 'permit'. +| | ... | [Ver] Make TG verify matching packets are accepted. | | Given Configure path in 3-node circular topology | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} | | And Set interfaces in 3-node circular topology up @@ -136,9 +136,8 @@ | | ... | When Vpp Creates Classify Table Hex | | ... | ${dut1_node} | 000000000000000000000000ffff | | And Vpp Configures Classify Session Hex -| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} -| | ... | 0000000000000000000000000800 +| | ... | ${dut1_node} | permit | ${table_index} | 0000000000000000000000000800 | | And Vpp Enable Input ACL Interface | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index} -| | Then ICMP packet transmission should fail +| | Then Send ICMP packet and verify received packet | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} |