From 7782faed31d3802d814de369a8e18fcef35c56ed Mon Sep 17 00:00:00 2001 From: Patrik Hrnciar Date: Thu, 2 Jun 2016 13:59:35 +0200 Subject: IACL MAC filtering tests - CSIT-133 VPP drops packets based on MAC src addr. - CSIT-134 VPP can drop packets based on src MAC + IPv6 UDP src+dst port. Change-Id: I57d041bc5f3311946679128e556ceef8c4d55264 Signed-off-by: Patrik Hrnciar (cherry picked from commit 8e014c373bdcd281475d83669122ba5eeefb96c1) --- resources/libraries/python/Classify.py | 75 ++++++++++-- resources/libraries/robot/l2_traffic.robot | 65 ++++++++--- .../templates/vat/classify_add_session_l2.vat | 1 + resources/templates/vat/classify_add_table_l2.vat | 1 + tests/suites/ipv4/ipv4_iacl_untagged.robot | 110 +++++++++++------- tests/suites/ipv6/ipv6_iacl_untagged.robot | 128 ++++++++++++++------- 6 files changed, 277 insertions(+), 103 deletions(-) create mode 100644 resources/templates/vat/classify_add_session_l2.vat create mode 100644 resources/templates/vat/classify_add_table_l2.vat diff --git a/resources/libraries/python/Classify.py b/resources/libraries/python/Classify.py index 7d62e26a67..d955a9cc8c 100644 --- a/resources/libraries/python/Classify.py +++ b/resources/libraries/python/Classify.py @@ -21,8 +21,8 @@ class Classify(object): """Classify utilities.""" @staticmethod - def vpp_create_classify_table(node, ip_version, direction): - """Create classify table. + def vpp_creates_classify_table_l3(node, ip_version, direction): + """Create classify table for IP address filtering. :param node: VPP node to create classify table. :param ip_version: Version of IP protocol. @@ -54,7 +54,38 @@ class Classify(object): return table_index, skip_n, match_n @staticmethod - def vpp_create_classify_table_hex(node, hex_mask): + def vpp_creates_classify_table_l2(node, direction): + """Create classify table for MAC address filtering. + + :param node: VPP node to create classify table. + :param direction: Direction of traffic - src/dst. + :type node: dict + :type direction: str + :return (table_index, skip_n, match_n) + table_index: Classify table index. + skip_n: Number of skip vectors. + match_n: Number of match vectors. + :rtype: tuple(int, int, int) + :raises RuntimeError: If VPP can't create table. + """ + output = VatExecutor.cmd_from_template(node, + "classify_add_table_l2.vat", + direction=direction) + + if output[0]["retval"] == 0: + table_index = output[0]["new_table_index"] + skip_n = output[0]["skip_n_vectors"] + match_n = output[0]["match_n_vectors"] + logger.trace('Classify table with table_index {} created on node {}' + .format(table_index, node['host'])) + else: + raise RuntimeError('Unable to create classify table on node {}' + .format(node['host'])) + + return table_index, skip_n, match_n + + @staticmethod + def vpp_creates_classify_table_hex(node, hex_mask): """Create classify table with hex mask. :param node: VPP node to create classify table based on hex mask. @@ -85,9 +116,10 @@ class Classify(object): return table_index, skip_n, match_n @staticmethod - def vpp_configure_classify_session(node, acl_method, table_index, skip_n, - match_n, ip_version, direction, address): - """Configuration of classify session. + def vpp_configures_classify_session_l3(node, acl_method, table_index, skip_n, + match_n, ip_version, direction, + address): + """Configuration of classify session for IP address filtering. :param node: VPP node to setup classify session. :param acl_method: ACL method - deny/permit. @@ -117,7 +149,36 @@ class Classify(object): address=address) @staticmethod - def vpp_configure_classify_session_hex(node, acl_method, table_index, + def vpp_configures_classify_session_l2(node, acl_method, table_index, skip_n, + match_n, direction, address): + """Configuration of classify session for MAC address filtering. + + :param node: VPP node to setup classify session. + :param acl_method: ACL method - deny/permit. + :param table_index: Classify table index. + :param skip_n: Number of skip vectors based on mask. + :param match_n: Number of match vectors based on mask. + :param direction: Direction of traffic - src/dst. + :param address: IPv4 or IPv6 address. + :type node: dict + :type acl_method: str + :type table_index: int + :type skip_n: int + :type match_n: int + :type direction: str + :type address: str + """ + with VatTerminal(node) as vat: + vat.vat_terminal_exec_cmd_from_template("classify_add_session_l2.vat", + acl_method=acl_method, + table_index=table_index, + skip_n=skip_n, + match_n=match_n, + direction=direction, + address=address) + + @staticmethod + def vpp_configures_classify_session_hex(node, acl_method, table_index, skip_n, match_n, hex_value): """Configuration of classify session with hex value. diff --git a/resources/libraries/robot/l2_traffic.robot b/resources/libraries/robot/l2_traffic.robot index 4ec0624c30..1ddb6024fb 100644 --- a/resources/libraries/robot/l2_traffic.robot +++ b/resources/libraries/robot/l2_traffic.robot @@ -23,11 +23,11 @@ | | ... | | ... | *Arguments:* | | ... -| | ... | - {tg_node} - TG node. Type: dictionary -| | ... | - {src_int} - Source interface. Type: string -| | ... | - {dst_int} - Destination interface. Type: string -| | ... | - {src_ip} - Source IP address (Optional). Type: string -| | ... | - {dst_ip} - Destination IP address (Optional). Type: string +| | ... | - tg_node - TG node. Type: dictionary +| | ... | - src_int - Source interface. Type: string +| | ... | - dst_int - Destination interface. Type: string +| | ... | - src_ip - Source IP address (Optional). Type: string +| | ... | - dst_ip - Destination IP address (Optional). Type: string | | ... | | ... | *Return:* | | ... @@ -48,6 +48,39 @@ | | | ... | ${dst_mac} | ${src_ip} | ${dst_ip} | | Run Traffic Script On Node | send_ip_icmp.py | ${tg_node} | ${args} +| Send and receive ICMP Packet should failed +| | [Documentation] | Send ICMPv4/ICMPv6 echo request from source interface to +| | ... | destination interface and expect failure with +| | ... | ICMP echo Rx timeout error message. +| | ... +| | ... | *Arguments:* +| | ... +| | ... | - tg_node - TG node. Type: dictionary +| | ... | - src_int - Source interface. Type: string +| | ... | - dst_int - Destination interface. Type: string +| | ... | - src_ip - Source IP address (Optional). Type: string +| | ... | - dst_ip - Destination IP address (Optional). Type: string +| | ... +| | ... | *Return:* +| | ... +| | ... | - No value returned +| | ... +| | ... | *Example:* +| | ... +| | ... | _NOTE:_ Default IP is IPv4 +| | ... +| | ... | \| Send and receive ICMP Packet \| ${nodes['TG']} \ +| | ... | \| ${tg_to_dut_if1} \| ${tg_to_dut_if2} \| +| | ... +| | [Arguments] | ${tg_node} | ${src_int} | ${dst_int} | +| | ... | ${src_ip}=192.168.100.1 | ${dst_ip}=192.168.100.2 +| | ${src_mac}= | Get Interface Mac | ${tg_node} | ${src_int} +| | ${dst_mac}= | Get Interface Mac | ${tg_node} | ${dst_int} +| | ${args}= | Traffic Script Gen Arg | ${dst_int} | ${src_int} | ${src_mac} +| | | ... | ${dst_mac} | ${src_ip} | ${dst_ip} +| | Run Keyword And Expect Error | ICMP echo Rx timeout | +| | ... | Run Traffic Script On Node | send_ip_icmp.py | ${tg_node} | ${args} + | Send and receive ICMPv4 bidirectionally | | [Documentation] | Send ICMPv4 echo request from both directions, | | ... | from interface1 to interface2 and @@ -55,11 +88,11 @@ | | ... | | ... | *Arguments:* | | ... -| | ... | - {tg_node} - TG node. Type: dictionary -| | ... | - {src_int} - Source interface. Type: string -| | ... | - {dst_int} - Destination interface. Type: string -| | ... | - {src_ip} - Source IP address (Optional). Type: string -| | ... | - {dst_ip} - Destination IP address (Optional). Type: string +| | ... | - tg_node - TG node. Type: dictionary +| | ... | - src_int - Source interface. Type: string +| | ... | - dst_int - Destination interface. Type: string +| | ... | - src_ip - Source IP address (Optional). Type: string +| | ... | - dst_ip - Destination IP address (Optional). Type: string | | ... | | ... | *Return:* | | ... @@ -84,11 +117,11 @@ | | ... | | ... | *Arguments:* | | ... -| | ... | - {tg_node} - TG node. Type: dictionary -| | ... | - {src_int} - Source interface. Type: string -| | ... | - {dst_int} - Destination interface. Type: string -| | ... | - {src_ip} - Source IP address (Optional). Type: string -| | ... | - {dst_ip} - Destination IP address (Optional). Type: string +| | ... | - tg_node - TG node. Type: dictionary +| | ... | - src_int - Source interface. Type: string +| | ... | - dst_int - Destination interface. Type: string +| | ... | - src_ip - Source IP address (Optional). Type: string +| | ... | - dst_ip - Destination IP address (Optional). Type: string | | ... | | ... | *Return:* | | ... @@ -104,4 +137,4 @@ | | Send and receive ICMP Packet | ${tg_node} | ${int1} | ${int2} | | | ... | ${src_ip} | ${dst_ip} | | Send and receive ICMP Packet | ${tg_node} | ${int2} | ${int1} | -| | ... | ${dst_ip} | ${src_ip} \ No newline at end of file +| | ... | ${dst_ip} | ${src_ip} diff --git a/resources/templates/vat/classify_add_session_l2.vat b/resources/templates/vat/classify_add_session_l2.vat new file mode 100644 index 0000000000..7aa6660d6d --- /dev/null +++ b/resources/templates/vat/classify_add_session_l2.vat @@ -0,0 +1 @@ +classify_add_del_session acl-hit-next {acl_method} table-index {table_index} skip_n {skip_n} match_n {match_n} match l2 {direction} {address} \ No newline at end of file diff --git a/resources/templates/vat/classify_add_table_l2.vat b/resources/templates/vat/classify_add_table_l2.vat new file mode 100644 index 0000000000..8851613141 --- /dev/null +++ b/resources/templates/vat/classify_add_table_l2.vat @@ -0,0 +1 @@ +classify_add_del_table mask l2 {direction} \ No newline at end of file diff --git a/tests/suites/ipv4/ipv4_iacl_untagged.robot b/tests/suites/ipv4/ipv4_iacl_untagged.robot index 43c4a3732c..0a2aa5e6d4 100644 --- a/tests/suites/ipv4/ipv4_iacl_untagged.robot +++ b/tests/suites/ipv4/ipv4_iacl_untagged.robot @@ -18,6 +18,7 @@ | Resource | resources/libraries/robot/testing_path.robot | Resource | resources/libraries/robot/ipv4.robot | Resource | resources/libraries/robot/l2_xconnect.robot +| Resource | resources/libraries/robot/l2_traffic.robot | Resource | resources/libraries/robot/traffic.robot | Library | resources.libraries.python.Classify.Classify | Library | resources.libraries.python.Trace @@ -39,6 +40,7 @@ | ${non_drop_src_ip}= | 15.0.0.1 | ${prefix_length}= | 24 | ${ip_version}= | ip4 +| ${l2_table}= | l2 *** Test Cases *** | VPP drops packets based on IPv4 source addresses @@ -61,16 +63,17 @@ | | And L2 setup xconnect on DUT | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} | | Then Send Packet And Check Headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table -| | ... | ${dut1_node} | ${ip_version} | src -| | And Vpp Configure Classify Session +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} +| | ... | ${ip_version} | src +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${ip_version} | src | ${test_src_ip} | | And Vpp Enable Input Acl Interface @@ -80,8 +83,8 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | VPP drops packets based on IPv4 destination addresses @@ -107,16 +110,17 @@ | | And L2 setup xconnect on DUT | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} | | Then Send Packet And Check Headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table -| | ... | ${dut1_node} | ${ip_version} | dst -| | And Vpp Configure Classify Session +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} +| | ... | ${ip_version} | dst +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${ip_version} | dst | ${test_dst_ip} | | And Vpp Enable Input Acl Interface @@ -126,8 +130,8 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | VPP drops packets based on IPv4 src-addr and dst-addr @@ -161,13 +165,14 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | ${table_index_1} | ${skip_n_1} | ${match_n_1}= -| | ... | When Vpp Create Classify Table | ${dut1_node} | ${ip_version} | src +| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} +| | ... | ${ip_version} | src | | ${table_index_2} | ${skip_n_2} | ${match_n_2}= -| | ... | And Vpp Create Classify Table | ${dut1_node} | ${ip_version} | dst -| | And Vpp Configure Classify Session +| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} | dst +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_2} | | ... | ${ip_version} | src | ${test_src_ip} -| | And Vpp Configure Classify Session +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} | | ... | ${ip_version} | dst | ${test_dst_ip} | | And Vpp Enable Input Acl Interface @@ -208,9 +213,10 @@ | | And Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | | ... | ${dut1_node} | 0000000000000000000000000000000000000000000000FF -| | And Vpp Configure Classify Session Hex +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | 000000000000000000000000000000000000000000000006 | | And Vpp Enable Input Acl Interface @@ -247,9 +253,10 @@ | | And Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | | ... | ${dut1_node} | 0000000000000000000000000000000000000000000000FF -| | And Vpp Configure Classify Session Hex +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | 000000000000000000000000000000000000000000000011 | | And Vpp Enable Input Acl Interface @@ -288,9 +295,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | source | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -329,9 +336,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -371,9 +378,9 @@ | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | | ... | source + destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -412,9 +419,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | source | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -453,9 +460,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -495,9 +502,9 @@ | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | | ... | source + destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -508,3 +515,26 @@ | | And Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 + +| VPP drops packets based on MAC src addr +| | [Documentation] | Create classify table on VPP, add source MAC address +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And L2 setup xconnect on DUT +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | Then Send and receive ICMP Packet +| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src +| | And Vpp Configures Classify Session L2 +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | src | ${tg_to_dut1_mac} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index} +| | Then Send and receive ICMP Packet should failed +| | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2} diff --git a/tests/suites/ipv6/ipv6_iacl_untagged.robot b/tests/suites/ipv6/ipv6_iacl_untagged.robot index 2e8ec66786..ffe9880968 100644 --- a/tests/suites/ipv6/ipv6_iacl_untagged.robot +++ b/tests/suites/ipv6/ipv6_iacl_untagged.robot @@ -41,6 +41,7 @@ | ${non_drop_src_ip}= | 3ffe:51::1 | ${prefix_length}= | 64 | ${ip_version}= | ip6 +| ${l2_table}= | l2 *** Test Cases *** | VPP drops packets based on IPv6 source addresses @@ -64,16 +65,17 @@ | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} | | And Vpp All Ra Suppress Link Layer | ${nodes} | | Then Send Packet And Check Headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table -| | ... | ${dut1_node} | ${ip_version} | src -| | And Vpp Configure Classify Session +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} +| | ... | ${ip_version} | src +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${ip_version} | src | ${test_src_ip} | | And Vpp Enable Input Acl Interface @@ -83,8 +85,8 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} -| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${non_drop_src_ip} | ${test_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | VPP drops packets based on IPv6 destination addresses @@ -111,16 +113,17 @@ | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} | | And Vpp All Ra Suppress Link Layer | ${nodes} | | Then Send Packet And Check Headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table -| | ... | ${dut1_node} | ${ip_version} | dst -| | And Vpp Configure Classify Session +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} +| | ... | ${ip_version} | dst +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${ip_version} | dst | ${test_dst_ip} | | And Vpp Enable Input Acl Interface @@ -130,8 +133,8 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | And Send Packet And Check Headers | ${tg_node} -| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} -| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} +| | ... | ${test_src_ip} | ${non_drop_dst_ip} | ${tg_to_dut1} +| | ... | ${tg_to_dut1_mac} | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | VPP drops packets based on IPv6 src-addr and dst-addr @@ -166,13 +169,14 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | | ... | ${dut1_to_dut2_mac} | ${tg_to_dut2_mac} | | ${table_index_1} | ${skip_n_1} | ${match_n_1}= -| | ... | When Vpp Create Classify Table | ${dut1_node} | ${ip_version} | src +| | ... | When Vpp Creates Classify Table L3 | ${dut1_node} +| | ... | ${ip_version} | src | | ${table_index_2} | ${skip_n_2} | ${match_n_2}= -| | ... | And Vpp Create Classify Table | ${dut1_node} | ${ip_version} | dst -| | And Vpp Configure Classify Session +| | ... | And Vpp Creates Classify Table L3 | ${dut1_node} | ${ip_version} | dst +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_2} | | ... | ${ip_version} | src | ${test_src_ip} -| | And Vpp Configure Classify Session +| | And Vpp Configures Classify Session L3 | | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} | | ... | ${ip_version} | dst | ${test_dst_ip} | | And Vpp Enable Input Acl Interface @@ -214,9 +218,10 @@ | | And Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | | ... | ${dut1_node} | 0000000000000000000000000000000000000000FF -| | And Vpp Configure Classify Session Hex +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | 000000000000000000000000000000000000000006 | | And Vpp Enable Input Acl Interface @@ -254,9 +259,10 @@ | | And Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | | ... | ${dut1_node} | 0000000000000000000000000000000000000000FF -| | And Vpp Configure Classify Session Hex +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | 000000000000000000000000000000000000000011 | | And Vpp Enable Input Acl Interface @@ -296,9 +302,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 80 | 20 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | source | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -338,9 +344,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | TCP | 20 | 80 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -381,9 +387,9 @@ | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | TCP | | ... | source + destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -423,9 +429,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | source | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 0 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -465,9 +471,9 @@ | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 20 | 80 | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 0 | 80 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -508,9 +514,9 @@ | | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP | | ... | source + destination | | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 -| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table Hex -| | ... | ${dut1_node} | ${hex_mask} -| | And Vpp Configure Classify Session Hex +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} | | ... | ${hex_value} | | And Vpp Enable Input Acl Interface @@ -521,3 +527,45 @@ | | And Send TCP or UDP packet | ${tg_node} | | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} | | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 + +| VPP can drop packets based on src MAC + IPv6 UDP src+dst port +| | [Documentation] | Create first classify table on VPP, for source MAC address +| | ... | filtering and second classify table for IPv6 UDP source +| | ... | and destination port filtering. Add MAC address and UDP +| | ... | ports into table and set 'deny' traffic. +| | ... | Check if traffic is dropped. +| | Given Path for 3-node testing is set +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in 3-node path are up +| | And L2 setup xconnect on DUT +| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg} +| | And L2 setup xconnect on DUT +| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg} +| | And Vpp All Ra Suppress Link Layer | ${nodes} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 +| | And Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src +| | And Vpp Configures Classify Session L2 +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | src | ${tg_to_dut1_mac} +| | ${hex_mask}= | Compute Classify Hex Mask | ${ip_version} | UDP +| | ... | source + destination +| | ${hex_value}= | Compute Classify Hex Value | ${hex_mask} | 80 | 20 +| | ${table_index} | ${skip_n} | ${match_n}= +| | ... | When Vpp Creates Classify Table Hex | ${dut1_node} | ${hex_mask} +| | And Vpp Configures Classify Session Hex +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ${hex_value} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index} +| | Then Send TCP or UDP packet | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 110 | 25 +| | And Send TCP or UDP packet should failed | ${tg_node} +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac} +| | ... | ${tg_to_dut2} | ${dut1_to_tg_mac} | UDP | 80 | 20 -- cgit 1.2.3-korg