diff options
Diffstat (limited to 'tests/suites/cop')
-rw-r--r-- | tests/suites/cop/cop_whitelist_blacklist.robot | 128 | ||||
-rw-r--r-- | tests/suites/cop/cop_whitelist_blacklist_IPv6.robot | 142 |
2 files changed, 0 insertions, 270 deletions
diff --git a/tests/suites/cop/cop_whitelist_blacklist.robot b/tests/suites/cop/cop_whitelist_blacklist.robot deleted file mode 100644 index c84387d349..0000000000 --- a/tests/suites/cop/cop_whitelist_blacklist.robot +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright (c) 2016 Cisco and/or its affiliates. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -*** Settings *** -| Library | resources.libraries.python.Trace -| Library | resources.libraries.python.Cop -| Resource | resources/libraries/robot/default.robot -| Resource | resources/libraries/robot/interfaces.robot -| Resource | resources/libraries/robot/ipv4.robot -| Resource | resources/libraries/robot/traffic.robot -| Resource | resources/libraries/robot/testing_path.robot -| Resource | resources/libraries/robot/l2_xconnect.robot -| Variables | resources/libraries/python/IPv4NodeAddress.py | ${nodes} -| Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO -| Test Setup | Run Keywords | Setup all DUTs before test -| ... | AND | Setup all TGs before traffic script -| ... | AND | Update All Interface Data On All Nodes | ${nodes} -| Test Teardown | Run Keywords | Show packet trace on all DUTs | ${nodes} -| ... | AND | Show vpp trace dump on all DUTs -| Documentation | *COP Security IPv4 Blacklist and Whitelist Tests* -| ... -| ... | *[Top] Network Topologies:* TG-DUT1-DUT2-TG 3-node circular topology -| ... | with single links between nodes. -| ... | *[Enc] Packet Encapsulations:* Eth-IPv4-ICMPv4 on all links. -| ... | *[Cfg] DUT configuration:* DUT1 is configured with IPv4 routing and -| ... | static routes. COP security white-lists are applied on DUT1 ingress -| ... | interface from TG. DUT2 is configured with L2XC. -| ... | *[Ver] TG verification:* Test ICMPv4 Echo Request packets are sent in -| ... | one direction by TG on link to DUT1; on receive TG verifies packets for -| ... | correctness and drops as applicable. -| ... | *[Ref] Applicable standard specifications:* - -*** Variables *** -| ${tg_node}= | ${nodes['TG']} -| ${dut1_node}= | ${nodes['DUT1']} -| ${dut2_node}= | ${nodes['DUT2']} - -| ${dut1_if1_ip}= | 192.168.1.1 -| ${dut1_if2_ip}= | 192.168.2.1 -| ${dut1_if1_ip_GW}= | 192.168.1.2 -| ${dut1_if2_ip_GW}= | 192.168.2.2 - -| ${test_dst_ip}= | 32.0.0.1 -| ${test_src_ip}= | 16.0.0.1 - -| ${cop_dut_ip}= | 16.0.0.0 - -| ${ip_prefix}= | 24 -| ${nodes_ipv4_addresses}= | ${nodes_ipv4_addr} - -| ${fib_table_number}= | 1 - -*** Test Cases *** -| TC01: DUT permits IPv4 pkts with COP whitelist set with IPv4 src-addr -| | [Documentation] -| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv4-ICMPv4. [Cfg] On DUT1 \ -| | ... | configure interface IPv4 addresses and routes in the main -| | ... | routing domain, add COP whitelist on interface to TG with IPv4 -| | ... | src-addr matching packets generated by TG; on DUT2 configure L2 -| | ... | xconnect. [Ver] Make TG send ICMPv4 Echo Req on its interface to -| | ... | DUT1; verify received ICMPv4 Echo Req pkts are correct. [Ref] -| | Given Path for 3-node testing is set -| | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node} -| | And Interfaces in 3-node path are up -| | And L2 setup xconnect on DUT -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Set Interface Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip} | ${ip_prefix} -| | And Set Interface Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip} | ${ip_prefix} -| | And Add Arp On Dut -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip_GW} | ${tg_to_dut1_mac} -| | And Add Arp On Dut -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip_GW} | ${tg_to_dut2_mac} -| | And Vpp Route Add | ${dut1_node} -| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_to_dut2} -| | And Add fib table | ${dut1_node} -| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | local -| | When COP Add whitelist Entry -| | ... | ${dut1_node} | ${dut1_to_tg} | ip4 | ${fib_table_number} -| | And COP interface enable or disable | ${dut1_node} | ${dut1_to_tg} | enable -| | Then Send Packet And Check Headers | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac} -| | ... | ${tg_to_dut2_mac} - -| TC02: DUT drops IPv4 pkts with COP blacklist set with IPv4 src-addr -| | [Documentation] -| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv4-ICMPv4. [Cfg] On DUT1 \ -| | ... | configure interface IPv4 addresses and routes in the main -| | ... | routing domain, add COP blacklist on interface to TG with IPv4 -| | ... | src-addr matching packets generated by TG; on DUT2 configure L2 -| | ... | xconnect. [Ver] Make TG send ICMPv4 Echo Req on its interface to -| | ... | DUT1; verify no ICMPv4 Echo Req pkts are received. [Ref] -| | Given Path for 3-node testing is set -| | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node} -| | And Interfaces in 3-node path are up -| | And L2 setup xconnect on DUT -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And Set Interface Address -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip} | ${ip_prefix} -| | And Set Interface Address -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip} | ${ip_prefix} -| | And Add Arp On Dut -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip_GW} | ${tg_to_dut1_mac} -| | And Add Arp On Dut -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip_GW} | ${tg_to_dut2_mac} -| | And Vpp Route Add | ${dut1_node} -| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_to_dut2} -| | And Add fib table | ${dut1_node} -| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | drop -| | When COP Add whitelist Entry -| | ... | ${dut1_node} | ${dut1_to_tg} | ip4 | ${fib_table_number} -| | And COP interface enable or disable | ${dut1_node} | ${dut1_to_tg} | enable -| | Then Send packet from Port to Port should failed | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac} -| | ... | ${tg_to_dut2_mac} diff --git a/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot b/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot deleted file mode 100644 index 3fb9428680..0000000000 --- a/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot +++ /dev/null @@ -1,142 +0,0 @@ -# Copyright (c) 2016 Cisco and/or its affiliates. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -*** Settings *** -| Library | resources.libraries.python.Trace -| Library | resources.libraries.python.Cop -| Resource | resources/libraries/robot/default.robot -| Resource | resources/libraries/robot/interfaces.robot -| Resource | resources/libraries/robot/ipv6.robot -| Resource | resources/libraries/robot/traffic.robot -| Resource | resources/libraries/robot/testing_path.robot -| Resource | resources/libraries/robot/l2_xconnect.robot -| Variables | resources/libraries/python/IPv6NodesAddr.py | ${nodes} -| Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO -| Test Setup | Run Keywords | Setup all DUTs before test -| ... | AND | Setup all TGs before traffic script -| ... | AND | Update All Interface Data On All Nodes | ${nodes} -| Test Teardown | Run Keywords | Show packet trace on all DUTs | ${nodes} -| ... | AND | Show vpp trace dump on all DUTs -| Documentation | *COP Security IPv6 Blacklist and Whitelist Tests* -| ... -| ... | *[Top] Network Topologies:* TG-DUT1-DUT2-TG 3-node circular topology -| ... | with single links between nodes. -| ... | *[Enc] Packet Encapsulations:* Eth-IPv6-ICMPv6 on all links. -| ... | *[Cfg] DUT configuration:* DUT1 is configured with IPv6 routing and -| ... | static routes. COP security white-lists are applied on DUT1 ingress -| ... | interface from TG. DUT2 is configured with L2XC. -| ... | *[Ver] TG verification:* Test ICMPv6 Echo Request packets are sent in -| ... | one direction by TG on link to DUT1; on receive TG verifies packets for -| ... | correctness and drops as applicable. -| ... | *[Ref] Applicable standard specifications:* - -*** Variables *** -| ${tg_node}= | ${nodes['TG']} -| ${dut1_node}= | ${nodes['DUT1']} -| ${dut2_node}= | ${nodes['DUT2']} - -| ${dut1_if1_ip}= | 3ffe:62::1 -| ${dut1_if2_ip}= | 3ffe:63::1 -| ${dut1_if1_ip_GW}= | 3ffe:62::2 -| ${dut1_if2_ip_GW}= | 3ffe:63::2 - -| ${dut2_if1_ip}= | 3ffe:72::1 -| ${dut2_if2_ip}= | 3ffe:73::1 - -| ${test_dst_ip}= | 3ffe:64::1 -| ${test_src_ip}= | 3ffe:61::1 - -| ${cop_dut_ip}= | 3ffe:61:: - -| ${ip_prefix}= | 64 - -| ${nodes_ipv6_addresses}= | ${nodes_ipv6_addr} - -| ${fib_table_number}= | 1 - -*** Test Cases *** -| TC01: DUT permits IPv6 pkts with COP whitelist set with IPv6 src-addr -| | [Documentation] -| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv6-ICMPv6. [Cfg] On DUT1 \ -| | ... | configure interface IPv6 addresses and routes in the main -| | ... | routing domain, add COP whitelist on interface to TG with IPv6 -| | ... | src-addr matching packets generated by TG; on DUT2 configure L2 -| | ... | xconnect. [Ver] Make TG send ICMPv6 Echo Req on its interface to -| | ... | DUT1; verify received ICMPv6 Echo Req pkts are correct. [Ref] -| | Given Path for 3-node testing is set -| | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node} -| | And Interfaces in 3-node path are up -| | And L2 setup xconnect on DUT -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And VPP Set IF IPv6 Addr -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip} | ${ip_prefix} -| | And VPP Set IF IPv6 Addr -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip} | ${ip_prefix} -| | And VPP Set IF IPv6 Addr -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_if1_ip} | ${ip_prefix} -| | And VPP Set IF IPv6 Addr -| | ... | ${dut2_node} | ${dut2_to_tg} | ${dut2_if2_ip} | ${ip_prefix} -| | And Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip_GW} | ${tg_to_dut1_mac} -| | And Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip_GW} | ${tg_to_dut2_mac} -| | And Vpp Route Add | ${dut1_node} -| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_to_dut2} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | And Add fib table | ${dut1_node} | ${cop_dut_ip} | ${ip_prefix} | -| | ... | ${fib_table_number} | local -| | When COP Add whitelist Entry | ${dut1_node} | ${dut1_to_tg} | ip6 | -| | ... | ${fib_table_number} -| | And COP interface enable or disable | ${dut1_node} | ${dut1_to_tg} | enable -| | Then Send Packet And Check Headers | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac} -| | ... | ${tg_to_dut2_mac} - -| TC02: DUT drops IPv6 pkts with COP blacklist set with IPv6 src-addr -| | [Documentation] -| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv6-ICMPv6. [Cfg] On DUT1 \ -| | ... | configure interface IPv6 addresses and routes in the main -| | ... | routing domain, add COP blacklist on interface to TG with IPv6 -| | ... | src-addr matching packets generated by TG; on DUT2 configure L2 -| | ... | xconnect. [Ver] Make TG send ICMPv6 Echo Req on its interface to -| | ... | DUT1; verify no ICMPv6 Echo Req pkts are received. [Ref] -| | Given Path for 3-node testing is set -| | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node} -| | And Interfaces in 3-node path are up -| | And L2 setup xconnect on DUT -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} -| | And VPP Set IF IPv6 Addr -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip} | ${ip_prefix} -| | And VPP Set IF IPv6 Addr -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip} | ${ip_prefix} -| | And VPP Set IF IPv6 Addr -| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_if1_ip} | ${ip_prefix} -| | And VPP Set IF IPv6 Addr -| | ... | ${dut2_node} | ${dut2_to_tg} | ${dut2_if2_ip} | ${ip_prefix} -| | And Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip_GW} | ${tg_to_dut1_mac} -| | And Add IP Neighbor -| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip_GW} | ${tg_to_dut2_mac} -| | And Vpp Route Add | ${dut1_node} -| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_to_dut2} -| | And Vpp All Ra Suppress Link Layer | ${nodes} -| | And Add fib table | ${dut1_node} -| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | drop -| | When COP Add whitelist Entry -| | ... | ${dut1_node} | ${dut1_to_tg} | ip6 | ${fib_table_number} -| | And COP interface enable or disable | ${dut1_node} | ${dut1_to_tg} | enable -| | Then Send packet from Port to Port should failed | ${tg_node} -| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac} -| | ... | ${tg_to_dut2_mac} |