aboutsummaryrefslogtreecommitdiffstats
path: root/resources/libraries
diff options
context:
space:
mode:
Diffstat (limited to 'resources/libraries')
-rw-r--r--resources/libraries/python/Classify.py156
-rw-r--r--resources/libraries/robot/performance/performance_configuration.robot106
2 files changed, 261 insertions, 1 deletions
diff --git a/resources/libraries/python/Classify.py b/resources/libraries/python/Classify.py
index e4fa2a3087..469a707c32 100644
--- a/resources/libraries/python/Classify.py
+++ b/resources/libraries/python/Classify.py
@@ -16,6 +16,7 @@
from robot.api import logger
from resources.libraries.python.VatExecutor import VatExecutor, VatTerminal
+from resources.libraries.python.topology import Topology
class Classify(object):
@@ -387,10 +388,163 @@ class Classify(object):
:param node: VPP node.
:type node: dict
"""
-
try:
VatExecutor.cmd_from_template(
node, "acl_plugin/acl_interface_dump.vat", json_out=False)
except RuntimeError:
# Fails to parse response, but it is still logged
pass
+
+ @staticmethod
+ def set_acl_list_for_interface(node, interface, acl_type, acl_idx=None):
+ """Set the list of input or output ACLs applied to the interface. It
+ unapplies any previously applied ACLs.
+
+ :param node: VPP node to set ACL on.
+ :param interface: Interface name or sw_if_index.
+ :param acl_type: Type of ACL(s) - input or output.
+ :param acl_idx: Index(ies) of ACLs to be applied on the interface.
+ :type node: dict
+ :type interface: str or int
+ :type acl_type: str
+ :type acl_idx: list
+ :raises RuntimeError: If unable to set ACL list for the interface.
+ """
+ sw_if_index = Topology.get_interface_sw_index(node, interface) \
+ if isinstance(interface, basestring) else interface
+
+ acl_list = acl_type + ' ' + ' '.join(str(idx) for idx in acl_idx) \
+ if acl_idx else acl_type
+
+ try:
+ with VatTerminal(node, json_param=False) as vat:
+ vat.vat_terminal_exec_cmd_from_template(
+ "acl_plugin/acl_interface_set_acl_list.vat",
+ interface=sw_if_index, acl_list=acl_list)
+ except:
+ raise RuntimeError("Setting of ACL list for interface {0} failed "
+ "on node {1}".format(interface, node['host']))
+
+ @staticmethod
+ def add_replace_acl(node, acl_idx=None, ip_ver="ipv4", action="permit",
+ src=None, dst=None, sport=None, dport=None, proto=None,
+ tcpflg_val=None, tcpflg_mask=None):
+ """Add a new ACL or replace the existing one. To replace an existing
+ ACL, pass the ID of this ACL.
+
+ :param node: VPP node to set ACL on.
+ :param acl_idx: ID of ACL. (Optional)
+ :param ip_ver: IP version. (Optional)
+ :param action: ACL action. (Optional)
+ :param src: Source IP in format IP/plen. (Optional)
+ :param dst: Destination IP in format IP/plen. (Optional)
+ :param sport: Source port or ICMP4/6 type - range format X-Y allowed.
+ (Optional)
+ :param dport: Destination port or ICMP4/6 code - range format X-Y
+ allowed. (Optional)
+ :param proto: L4 protocol (http://www.iana.org/assignments/protocol-
+ numbers/protocol-numbers.xhtml). (Optional)
+ :param tcpflg_val: TCP flags value. (Optional)
+ :param tcpflg_mask: TCP flags mask. (Optional)
+ :type node: dict
+ :type acl_idx: int
+ :type ip_ver: str
+ :type action: str
+ :type src: str
+ :type dst: str
+ :type sport: str or int
+ :type dport: str or int
+ :type proto: int
+ :type tcpflg_val: int
+ :type tcpflg_mask: int
+ :raises RuntimeError: If unable to add or replace ACL.
+ """
+ acl_idx = '{0}'.format(acl_idx) if acl_idx else ''
+
+ src = 'src {0}'.format(src) if src else ''
+
+ dst = 'dst {0}'.format(dst) if dst else ''
+
+ sport = 'sport {0}'.format(sport) if sport else ''
+
+ dport = 'dport {0}'.format(dport) if dport else ''
+
+ proto = 'proto {0}'.format(proto) if proto else ''
+
+ tcpflags = 'tcpflags {0} {1}'.format(tcpflg_val, tcpflg_mask) \
+ if tcpflg_val and tcpflg_mask else ''
+
+ try:
+ with VatTerminal(node, json_param=False) as vat:
+ vat.vat_terminal_exec_cmd_from_template(
+ "acl_plugin/acl_add_replace.vat", acl_idx=acl_idx,
+ ip_ver=ip_ver, action=action, src=src, dst=dst, sport=sport,
+ dport=dport, proto=proto, tcpflags=tcpflags)
+ except:
+ raise RuntimeError("Adding or replacing of ACL failed on "
+ "node {0}".format(node['host']))
+
+ @staticmethod
+ def add_replace_acl_multi_entries(node, acl_idx=None, rules=None):
+ """Add a new ACL or replace the existing one. To replace an existing
+ ACL, pass the ID of this ACL.
+
+ :param node: VPP node to set ACL on.
+ :param acl_idx: ID of ACL. (Optional)
+ :param rules: Required rules. (Optional)
+ :type node: dict
+ :type acl_idx: int
+ :type rules: str
+ :raises RuntimeError: If unable to add or replace ACL.
+ """
+ acl_idx = '{0}'.format(acl_idx) if acl_idx else ''
+
+ rules = '{0}'.format(rules) if rules else ''
+
+ try:
+ with VatTerminal(node, json_param=False) as vat:
+ vat.vat_terminal_exec_cmd_from_template(
+ "acl_plugin/acl_add_replace.vat", acl_idx=acl_idx,
+ ip_ver=rules, action='', src='', dst='', sport='',
+ dport='', proto='', tcpflags='')
+ except:
+ raise RuntimeError("Adding or replacing of ACL failed on "
+ "node {0}".format(node['host']))
+
+ @staticmethod
+ def delete_acl(node, idx):
+ """Delete required ACL.
+
+ :param node: VPP node to delete ACL on.
+ :param idx: Index of ACL to be deleted.
+ :type node: dict
+ :type idx: int or str
+ :raises RuntimeError: If unable to delete ACL.
+ """
+ try:
+ with VatTerminal(node, json_param=False) as vat:
+ vat.vat_terminal_exec_cmd_from_template(
+ "acl_plugin/acl_delete.vat", idx=idx)
+ except:
+ raise RuntimeError("Deletion of ACL failed on node {0}".
+ format(node['host']))
+
+ @staticmethod
+ def cli_show_acl(node, acl_idx=None):
+ """Show ACLs.
+
+ :param node: VPP node to show ACL on.
+ :param acl_idx: Index of ACL to be shown.
+ :type node: dict
+ :type acl_idx: int or str
+ :raises RuntimeError: If unable to delete ACL.
+ """
+ acl_idx = '{0}'.format(acl_idx) if acl_idx else ''
+
+ try:
+ with VatTerminal(node, json_param=False) as vat:
+ vat.vat_terminal_exec_cmd_from_template(
+ "acl_plugin/show_acl.vat", idx=acl_idx)
+ except:
+ raise RuntimeError("Failed to show ACL on node {0}".
+ format(node['host']))
diff --git a/resources/libraries/robot/performance/performance_configuration.robot b/resources/libraries/robot/performance/performance_configuration.robot
index 3255547e08..568114f15b 100644
--- a/resources/libraries/robot/performance/performance_configuration.robot
+++ b/resources/libraries/robot/performance/performance_configuration.robot
@@ -13,6 +13,7 @@
*** Settings ***
| Library | Collections
+| Library | String
| Library | resources.libraries.python.topology.Topology
| Library | resources.libraries.python.NodePath
| Library | resources.libraries.python.DpdkUtil
@@ -734,6 +735,111 @@
| | Configure L2BD forwarding | ${dut2} | ${dut2_if1} | ${dut2_if2}
| | All Vpp Interfaces Ready Wait | ${nodes}
+| Configure IPv4 ACLs
+| | [Documentation]
+| | ... | Configure ACL with required number of not-hitting permit ACEs plus two
+| | ... | hitting ACEs for both traffic directions.
+| | ...
+| | ... | _NOTE:_ This KW uses following test case variables:
+| | ... | - ${src_ip_start} - Source IP address start. Type: string.
+| | ... | - ${dst_ip_start} - Destination IP address start. Type: string.
+| | ... | - ${ip_step} - IP address step. Type: string.
+| | ... | - ${sport_start} - Source port number start. Type: string.
+| | ... | - ${dport_start} - Destination port number start. Type: string.
+| | ... | - ${port_step} - Port number step. Type: string.
+| | ... | - ${no_hit_aces_number} - Number of not-hitting ACEs to be configured.
+| | ... | Type: integer
+| | ... | - ${acl_apply_type} - To what path aplly the ACL - input or output.
+| | ... | Type: string
+| | ... | - ${acl_action} - Action for the rule - deny, permit, permit+reflect.
+| | ... | Type: stringe
+| | ... | - ${trex_stream1_subnet} - IP subnet used by T-Rex in direction 0->1.
+| | ... | Type: string
+| | ... | - ${trex_stream2_subnet} - IP subnet used by T-Rex in direction 1->0.
+| | ... | Type: string
+| | ...
+| | [Arguments] | ${dut} | ${dut_if1}=${None} | ${dut_if2}=${None}
+| | ${src_ip_int} = | Evaluate
+| | ... | int(ipaddress.ip_address(unicode($src_ip_start))) - $ip_step
+| | ... | modules=ipaddress
+| | ${dst_ip_int} = | Evaluate
+| | ... | int(ipaddress.ip_address(unicode($dst_ip_start))) - $ip_step
+| | ... | modules=ipaddress
+| | ${ip_limit} = | Set Variable | 255.255.255.255
+| | ${ip_limit_int} = | Evaluate
+| | ... | int(ipaddress.ip_address(unicode($ip_limit))) | modules=ipaddress
+| | ${sport}= | Evaluate | $sport_start - $port_step
+| | ${dport}= | Evaluate | $dport_start - $port_step
+| | ${port_limit}= | Set Variable | ${65535}
+| | ${acl}= | Set Variable | ipv4 permit
+| | :FOR | ${nr} | IN RANGE | 0 | ${no_hit_aces_number}
+| | | ${src_ip_int} = | Evaluate | $src_ip_int + $ip_step
+| | | ${dst_ip_int} = | Evaluate | $dst_ip_int + $ip_step
+| | | ${sport}= | Evaluate | $sport + $port_step
+| | | ${dport}= | Evaluate | $dport + $port_step
+| | | ${ipv4_limit_reached}= | Set Variable If
+| | | ... | $src_ip_int > $ip_limit_int or $src_ip_int > $ip_limit_int
+| | | ... | ${True}
+| | | ${udp_limit_reached}= | Set Variable If
+| | | ... | $sport > $port_limit or $dport > $port_limit | ${True}
+| | | Run Keyword If | $ipv4_limit_reached is True | Log
+| | | ... | Can't do more iterations - IPv4 address limit has been reached.
+| | | ... | WARN
+| | | Run Keyword If | $udp_limit_reached is True | Log
+| | | ... | Can't do more iterations - UDP port limit has been reached.
+| | | ... | WARN
+| | | ${src_ip} = | Run Keyword If | $ipv4_limit_reached is True
+| | | ... | Set Variable | ${ip_limit}
+| | | ... | ELSE | Evaluate | str(ipaddress.ip_address($src_ip_int))
+| | | ... | modules=ipaddress
+| | | ${dst_ip} = | Run Keyword If | $ipv4_limit_reached is True
+| | | ... | Set Variable | ${ip_limit}
+| | | ... | ELSE | Evaluate | str(ipaddress.ip_address($dst_ip_int))
+| | | ... | modules=ipaddress
+| | | ${sport}= | Set Variable If | ${sport} > $port_limit | $port_limit
+| | | ... | ${sport}
+| | | ${dport}= | Set Variable If | ${dport} > $port_limit | $port_limit
+| | | ... | ${dport}
+| | | ${acl}= | Catenate | ${acl} | src ${src_ip}/32 dst ${dst_ip}/32
+| | | ... | sport ${sport} | dport ${dport},
+| | | Exit For Loop If
+| | | ... | $ipv4_limit_reached is True or $udp_limit_reached is True
+| | ${acl}= | Catenate | ${acl}
+| | ... | ipv4 ${acl_action} src ${trex_stream1_subnet},
+| | ... | ipv4 ${acl_action} src ${trex_stream2_subnet}
+| | Add Replace Acl Multi Entries | ${dut} | rules=${acl}
+| | @{acl_list}= | Create List | ${0}
+| | Run Keyword If | 'input' in $acl_apply_type and $dut_if1 is not None
+| | ... | Set Acl List For Interface | ${dut} | ${dut_if1} | input | ${acl_list}
+| | Run Keyword If | 'input' in $acl_apply_type and $dut_if2 is not None
+| | ... | Set Acl List For Interface | ${dut} | ${dut_if2} | input | ${acl_list}
+| | Run Keyword If | 'output' in $acl_apply_type and $dut_if1 is not None
+| | ... | Set Acl List For Interface | ${dut} | ${dut_if1} | output
+| | ... | ${acl_list}
+| | Run Keyword If | 'output' in $acl_apply_type and $dut_if2 is not None
+| | ... | Set Acl List For Interface | ${dut} | ${dut_if2} | output
+| | ... | ${acl_list}
+
+| Initialize L2 bridge domain with IPv4 ACLs on DUT1 in 3-node circular topology
+| | [Documentation]
+| | ... | Setup L2BD topology by adding two interfaces on DUT1 into bridge
+| | ... | domain that is created automatically with index 1. Learning is
+| | ... | enabled. Interfaces are brought up. Apply required ACL rules to DUT1
+| | ... | interfaces.
+| | ...
+| | ... | _NOTE:_ This KW uses following test case variables:
+| | ... | - ${dut1} - DUT1 node.
+| | ... | - ${dut2} - DUT2 node.
+| | ... | - ${dut1_if1} - DUT1 interface towards TG.
+| | ... | - ${dut1_if2} - DUT1 interface towards DUT2.
+| | ... | - ${dut2_if1} - DUT2 interface towards DUT1.
+| | ... | - ${dut2_if2} - DUT2 interface towards TG.
+| | ...
+| | Configure L2BD forwarding | ${dut1} | ${dut1_if1} | ${dut1_if2}
+| | Configure L2XC | ${dut2} | ${dut2_if1} | ${dut2_if2}
+| | All Vpp Interfaces Ready Wait | ${nodes}
+| | Configure IPv4 ACLs | ${dut1} | ${dut1_if1} | ${dut1_if2}
+
| Initialize L2 bridge domains with Vhost-User in 3-node circular topology
| | [Documentation]
| | ... | Create two Vhost-User interfaces on all defined VPP nodes. Add each