diff options
-rw-r--r-- | tests/suites/cop/cop_whitelist_blacklist.robot | 48 | ||||
-rw-r--r-- | tests/suites/cop/cop_whitelist_blacklist_IPv6.robot | 51 |
2 files changed, 54 insertions, 45 deletions
diff --git a/tests/suites/cop/cop_whitelist_blacklist.robot b/tests/suites/cop/cop_whitelist_blacklist.robot index 24bde134e6..c83b5e109b 100644 --- a/tests/suites/cop/cop_whitelist_blacklist.robot +++ b/tests/suites/cop/cop_whitelist_blacklist.robot @@ -27,13 +27,18 @@ | ... | AND | Update All Interface Data On All Nodes | ${nodes} | Test Setup | Clear interface counters on all vpp nodes in topology | ${nodes} | Test Teardown | Show packet trace on all DUTs | ${nodes} -| Documentation | *COP Blacklist and Whitelist Tests* -| ... | COP tests use 3-node topology TG - DUT1 - DUT2 - TG with one -| ... | link between nodes. DUT1 is configured with COP whitelist or -| ... | blacklist on link to TG, DUT2 is configured with L2 -| ... | xconnect. Test packets are sent in one direction by TG on -| ... | link to DUT1 and received on TG link to DUT2. On receive TG -| ... | verifies packet IP src-addr, dst-addr and MAC addresses. +| Documentation | *COP Security IPv4 Blacklist and Whitelist Tests* +| ... +| ... | *[Top] Network Topologies:* TG-DUT1-DUT2-TG 3-node circular topology +| ... | with single links between nodes. +| ... | *[Enc] Packet Encapsulations:* Eth-IPv4-ICMPv4 on all links. +| ... | *[Cfg] DUT configuration:* DUT1 is configured with IPv4 routing and +| ... | static routes. COP security white-lists are applied on DUT1 ingress +| ... | interface from TG. DUT2 is configured with L2XC. +| ... | *[Ver] TG verification:* Test ICMPv4 Echo Request packets are sent in +| ... | one direction by TG on link to DUT1; on receive TG verifies packets for +| ... | correctness and drops as applicable. +| ... | *[Ref] Applicable standard specifications:* *** Variables *** | ${tg_node}= | ${nodes['TG']} @@ -57,13 +62,13 @@ *** Test Cases *** | TC01: DUT permits IPv4 pkts with COP whitelist set with IPv4 src-addr -| | [Documentation] | Eth-IPv4-ICMPv4 on links TG-DUT1, TG-DUT2, DUT1-DUT2: On -| | ... | DUT1 configure interface IPv4 addresses and routes in the -| | ... | main routing domain. Add COP whitelist with IPv4 src-addr -| | ... | matching packets generated by TG. On DUT2 configure L2 -| | ... | xconnect. Make TG send ICMPv4 Echo Req on its interface to -| | ... | DUT1. Make TG verify received ICMPv4 Echo Replies are -| | ... | correct. +| | [Documentation] +| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv4-ICMPv4. [Cfg] On DUT1 \ +| | ... | configure interface IPv4 addresses and routes in the main +| | ... | routing domain, add COP whitelist on interface to TG with IPv4 +| | ... | src-addr matching packets generated by TG; on DUT2 configure L2 +| | ... | xconnect. [Ver] Make TG send ICMPv4 Echo Req on its interface to +| | ... | DUT1; verify received ICMPv4 Echo Req pkts are correct. [Ref] | | Given Path for 3-node testing is set | | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node} | | And Interfaces in 3-node path are up @@ -89,15 +94,14 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac} | | ... | ${tg_to_dut2_mac} - | TC02: DUT drops IPv4 pkts with COP blacklist set with IPv4 src-addr -| | [Documentation] | Eth-IPv4-ICMPv4 on links TG-DUT1, TG-DUT2, DUT1-DUT2: On -| | ... | DUT1 configure interface IPv4 addresses and routes in the -| | ... | main routing domain. Add COP blacklist with IPv4 src-addr -| | ... | matching packets generated by TG. On DUT2 configure L2 -| | ... | xconnect. Make TG send ICMPv4 Echo Req on its interface to -| | ... | DUT1. Make TG verify blacklisted ICMPv4 Echo Replies are -| | ... | dropped. +| | [Documentation] +| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv4-ICMPv4. [Cfg] On DUT1 \ +| | ... | configure interface IPv4 addresses and routes in the main +| | ... | routing domain, add COP blacklist on interface to TG with IPv4 +| | ... | src-addr matching packets generated by TG; on DUT2 configure L2 +| | ... | xconnect. [Ver] Make TG send ICMPv4 Echo Req on its interface to +| | ... | DUT1; verify no ICMPv4 Echo Req pkts are received. [Ref] | | Given Path for 3-node testing is set | | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node} | | And Interfaces in 3-node path are up diff --git a/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot b/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot index b2f6d319d7..054e376789 100644 --- a/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot +++ b/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot @@ -27,13 +27,18 @@ | ... | AND | Update All Interface Data On All Nodes | ${nodes} | Test Setup | Clear interface counters on all vpp nodes in topology | ${nodes} | Test Teardown | Show packet trace on all DUTs | ${nodes} -| Documentation | *COP Blacklist and Whitelist Tests* -| ... | COP tests use 3-node topology TG - DUT1 - DUT2 - TG with one -| ... | link between nodes. DUT1 is configured with COP whitelist or -| ... | blacklist on link to TG, DUT2 is configured with L2 -| ... | xconnect. Test packets are sent in one direction by TG on -| ... | link to DUT1 and received on TG link to DUT2. On receive TG -| ... | verifies packet IP src-addr, dst-addr and MAC addresses. +| Documentation | *COP Security IPv6 Blacklist and Whitelist Tests* +| ... +| ... | *[Top] Network Topologies:* TG-DUT1-DUT2-TG 3-node circular topology +| ... | with single links between nodes. +| ... | *[Enc] Packet Encapsulations:* Eth-IPv6-ICMPv6 on all links. +| ... | *[Cfg] DUT configuration:* DUT1 is configured with IPv6 routing and +| ... | static routes. COP security white-lists are applied on DUT1 ingress +| ... | interface from TG. DUT2 is configured with L2XC. +| ... | *[Ver] TG verification:* Test ICMPv6 Echo Request packets are sent in +| ... | one direction by TG on link to DUT1; on receive TG verifies packets for +| ... | correctness and drops as applicable. +| ... | *[Ref] Applicable standard specifications:* *** Variables *** | ${tg_node}= | ${nodes['TG']} @@ -60,14 +65,14 @@ | ${fib_table_number}= | 1 *** Test Cases *** -| TC03: DUT permits IPv6 pkts with COP whitelist set with IPv6 src-addr -| | [Documentation] | Eth-IPv6-ICMPv6 on links TG-DUT1, TG-DUT2, DUT1-DUT2: On -| | ... | DUT1 configure interface IPv6 addresses and routes in the -| | ... | main routing domain. Add COP whitelist with IPv6 src-addr -| | ... | matching packets generated by TG. On DUT2 configure L2 -| | ... | xconnect. Make TG send ICMPv6 Echo Req on its interface to -| | ... | DUT1. Make TG verify received ICMPv6 Echo Replies are -| | ... | correct. +| TC01: DUT permits IPv6 pkts with COP whitelist set with IPv6 src-addr +| | [Documentation] +| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv6-ICMPv6. [Cfg] On DUT1 \ +| | ... | configure interface IPv6 addresses and routes in the main +| | ... | routing domain, add COP whitelist on interface to TG with IPv6 +| | ... | src-addr matching packets generated by TG; on DUT2 configure L2 +| | ... | xconnect. [Ver] Make TG send ICMPv6 Echo Req on its interface to +| | ... | DUT1; verify received ICMPv6 Echo Req pkts are correct. [Ref] | | Given Path for 3-node testing is set | | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node} | | And Interfaces in 3-node path are up @@ -98,14 +103,14 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac} | | ... | ${tg_to_dut2_mac} -| TC04: DUT drops IPv6 pkts with COP blacklist set with IPv6 src-addr -| | [Documentation] | Eth-IPv6-ICMPv6 on links TG-DUT1, TG-DUT2, DUT1-DUT2: On -| | ... | DUT1 configure interface IPv6 addresses and routes in the -| | ... | main routing domain. Add COP blacklist with IPv6 src-addr -| | ... | matching packets generated by TG. On DUT2 configure L2 -| | ... | xconnect. Make TG send ICMPv6 Echo Req on its interface to -| | ... | DUT1. Make TG verify blacklisted ICMPv6 Echo Replies are -| | ... | dropped. +| TC02: DUT drops IPv6 pkts with COP blacklist set with IPv6 src-addr +| | [Documentation] +| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv6-ICMPv6. [Cfg] On DUT1 \ +| | ... | configure interface IPv6 addresses and routes in the main +| | ... | routing domain, add COP blacklist on interface to TG with IPv6 +| | ... | src-addr matching packets generated by TG; on DUT2 configure L2 +| | ... | xconnect. [Ver] Make TG send ICMPv6 Echo Req on its interface to +| | ... | DUT1; verify no ICMPv6 Echo Req pkts are received. [Ref] | | Given Path for 3-node testing is set | | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node} | | And Interfaces in 3-node path are up |