From 8e014c373bdcd281475d83669122ba5eeefb96c1 Mon Sep 17 00:00:00 2001 From: Patrik Hrnciar Date: Thu, 2 Jun 2016 13:59:35 +0200 Subject: IACL MAC filtering tests - CSIT-133 VPP drops packets based on MAC src addr. - CSIT-134 VPP can drop packets based on src MAC + IPv6 UDP src+dst port. Change-Id: I57d041bc5f3311946679128e556ceef8c4d55264 Signed-off-by: Patrik Hrnciar --- resources/libraries/python/Classify.py | 75 ++++++++++++++++++++-- resources/libraries/robot/l2_traffic.robot | 65 ++++++++++++++----- .../templates/vat/classify_add_session_l2.vat | 1 + resources/templates/vat/classify_add_table_l2.vat | 1 + 4 files changed, 119 insertions(+), 23 deletions(-) create mode 100644 resources/templates/vat/classify_add_session_l2.vat create mode 100644 resources/templates/vat/classify_add_table_l2.vat (limited to 'resources') diff --git a/resources/libraries/python/Classify.py b/resources/libraries/python/Classify.py index 7d62e26a67..d955a9cc8c 100644 --- a/resources/libraries/python/Classify.py +++ b/resources/libraries/python/Classify.py @@ -21,8 +21,8 @@ class Classify(object): """Classify utilities.""" @staticmethod - def vpp_create_classify_table(node, ip_version, direction): - """Create classify table. + def vpp_creates_classify_table_l3(node, ip_version, direction): + """Create classify table for IP address filtering. :param node: VPP node to create classify table. :param ip_version: Version of IP protocol. @@ -54,7 +54,38 @@ class Classify(object): return table_index, skip_n, match_n @staticmethod - def vpp_create_classify_table_hex(node, hex_mask): + def vpp_creates_classify_table_l2(node, direction): + """Create classify table for MAC address filtering. + + :param node: VPP node to create classify table. + :param direction: Direction of traffic - src/dst. + :type node: dict + :type direction: str + :return (table_index, skip_n, match_n) + table_index: Classify table index. + skip_n: Number of skip vectors. + match_n: Number of match vectors. + :rtype: tuple(int, int, int) + :raises RuntimeError: If VPP can't create table. + """ + output = VatExecutor.cmd_from_template(node, + "classify_add_table_l2.vat", + direction=direction) + + if output[0]["retval"] == 0: + table_index = output[0]["new_table_index"] + skip_n = output[0]["skip_n_vectors"] + match_n = output[0]["match_n_vectors"] + logger.trace('Classify table with table_index {} created on node {}' + .format(table_index, node['host'])) + else: + raise RuntimeError('Unable to create classify table on node {}' + .format(node['host'])) + + return table_index, skip_n, match_n + + @staticmethod + def vpp_creates_classify_table_hex(node, hex_mask): """Create classify table with hex mask. :param node: VPP node to create classify table based on hex mask. @@ -85,9 +116,10 @@ class Classify(object): return table_index, skip_n, match_n @staticmethod - def vpp_configure_classify_session(node, acl_method, table_index, skip_n, - match_n, ip_version, direction, address): - """Configuration of classify session. + def vpp_configures_classify_session_l3(node, acl_method, table_index, skip_n, + match_n, ip_version, direction, + address): + """Configuration of classify session for IP address filtering. :param node: VPP node to setup classify session. :param acl_method: ACL method - deny/permit. @@ -117,7 +149,36 @@ class Classify(object): address=address) @staticmethod - def vpp_configure_classify_session_hex(node, acl_method, table_index, + def vpp_configures_classify_session_l2(node, acl_method, table_index, skip_n, + match_n, direction, address): + """Configuration of classify session for MAC address filtering. + + :param node: VPP node to setup classify session. + :param acl_method: ACL method - deny/permit. + :param table_index: Classify table index. + :param skip_n: Number of skip vectors based on mask. + :param match_n: Number of match vectors based on mask. + :param direction: Direction of traffic - src/dst. + :param address: IPv4 or IPv6 address. + :type node: dict + :type acl_method: str + :type table_index: int + :type skip_n: int + :type match_n: int + :type direction: str + :type address: str + """ + with VatTerminal(node) as vat: + vat.vat_terminal_exec_cmd_from_template("classify_add_session_l2.vat", + acl_method=acl_method, + table_index=table_index, + skip_n=skip_n, + match_n=match_n, + direction=direction, + address=address) + + @staticmethod + def vpp_configures_classify_session_hex(node, acl_method, table_index, skip_n, match_n, hex_value): """Configuration of classify session with hex value. diff --git a/resources/libraries/robot/l2_traffic.robot b/resources/libraries/robot/l2_traffic.robot index 4ec0624c30..1ddb6024fb 100644 --- a/resources/libraries/robot/l2_traffic.robot +++ b/resources/libraries/robot/l2_traffic.robot @@ -23,11 +23,11 @@ | | ... | | ... | *Arguments:* | | ... -| | ... | - {tg_node} - TG node. Type: dictionary -| | ... | - {src_int} - Source interface. Type: string -| | ... | - {dst_int} - Destination interface. Type: string -| | ... | - {src_ip} - Source IP address (Optional). Type: string -| | ... | - {dst_ip} - Destination IP address (Optional). Type: string +| | ... | - tg_node - TG node. Type: dictionary +| | ... | - src_int - Source interface. Type: string +| | ... | - dst_int - Destination interface. Type: string +| | ... | - src_ip - Source IP address (Optional). Type: string +| | ... | - dst_ip - Destination IP address (Optional). Type: string | | ... | | ... | *Return:* | | ... @@ -48,6 +48,39 @@ | | | ... | ${dst_mac} | ${src_ip} | ${dst_ip} | | Run Traffic Script On Node | send_ip_icmp.py | ${tg_node} | ${args} +| Send and receive ICMP Packet should failed +| | [Documentation] | Send ICMPv4/ICMPv6 echo request from source interface to +| | ... | destination interface and expect failure with +| | ... | ICMP echo Rx timeout error message. +| | ... +| | ... | *Arguments:* +| | ... +| | ... | - tg_node - TG node. Type: dictionary +| | ... | - src_int - Source interface. Type: string +| | ... | - dst_int - Destination interface. Type: string +| | ... | - src_ip - Source IP address (Optional). Type: string +| | ... | - dst_ip - Destination IP address (Optional). Type: string +| | ... +| | ... | *Return:* +| | ... +| | ... | - No value returned +| | ... +| | ... | *Example:* +| | ... +| | ... | _NOTE:_ Default IP is IPv4 +| | ... +| | ... | \| Send and receive ICMP Packet \| ${nodes['TG']} \ +| | ... | \| ${tg_to_dut_if1} \| ${tg_to_dut_if2} \| +| | ... +| | [Arguments] | ${tg_node} | ${src_int} | ${dst_int} | +| | ... | ${src_ip}=192.168.100.1 | ${dst_ip}=192.168.100.2 +| | ${src_mac}= | Get Interface Mac | ${tg_node} | ${src_int} +| | ${dst_mac}= | Get Interface Mac | ${tg_node} | ${dst_int} +| | ${args}= | Traffic Script Gen Arg | ${dst_int} | ${src_int} | ${src_mac} +| | | ... | ${dst_mac} | ${src_ip} | ${dst_ip} +| | Run Keyword And Expect Error | ICMP echo Rx timeout | +| | ... | Run Traffic Script On Node | send_ip_icmp.py | ${tg_node} | ${args} + | Send and receive ICMPv4 bidirectionally | | [Documentation] | Send ICMPv4 echo request from both directions, | | ... | from interface1 to interface2 and @@ -55,11 +88,11 @@ | | ... | | ... | *Arguments:* | | ... -| | ... | - {tg_node} - TG node. Type: dictionary -| | ... | - {src_int} - Source interface. Type: string -| | ... | - {dst_int} - Destination interface. Type: string -| | ... | - {src_ip} - Source IP address (Optional). Type: string -| | ... | - {dst_ip} - Destination IP address (Optional). Type: string +| | ... | - tg_node - TG node. Type: dictionary +| | ... | - src_int - Source interface. Type: string +| | ... | - dst_int - Destination interface. Type: string +| | ... | - src_ip - Source IP address (Optional). Type: string +| | ... | - dst_ip - Destination IP address (Optional). Type: string | | ... | | ... | *Return:* | | ... @@ -84,11 +117,11 @@ | | ... | | ... | *Arguments:* | | ... -| | ... | - {tg_node} - TG node. Type: dictionary -| | ... | - {src_int} - Source interface. Type: string -| | ... | - {dst_int} - Destination interface. Type: string -| | ... | - {src_ip} - Source IP address (Optional). Type: string -| | ... | - {dst_ip} - Destination IP address (Optional). Type: string +| | ... | - tg_node - TG node. Type: dictionary +| | ... | - src_int - Source interface. Type: string +| | ... | - dst_int - Destination interface. Type: string +| | ... | - src_ip - Source IP address (Optional). Type: string +| | ... | - dst_ip - Destination IP address (Optional). Type: string | | ... | | ... | *Return:* | | ... @@ -104,4 +137,4 @@ | | Send and receive ICMP Packet | ${tg_node} | ${int1} | ${int2} | | | ... | ${src_ip} | ${dst_ip} | | Send and receive ICMP Packet | ${tg_node} | ${int2} | ${int1} | -| | ... | ${dst_ip} | ${src_ip} \ No newline at end of file +| | ... | ${dst_ip} | ${src_ip} diff --git a/resources/templates/vat/classify_add_session_l2.vat b/resources/templates/vat/classify_add_session_l2.vat new file mode 100644 index 0000000000..7aa6660d6d --- /dev/null +++ b/resources/templates/vat/classify_add_session_l2.vat @@ -0,0 +1 @@ +classify_add_del_session acl-hit-next {acl_method} table-index {table_index} skip_n {skip_n} match_n {match_n} match l2 {direction} {address} \ No newline at end of file diff --git a/resources/templates/vat/classify_add_table_l2.vat b/resources/templates/vat/classify_add_table_l2.vat new file mode 100644 index 0000000000..8851613141 --- /dev/null +++ b/resources/templates/vat/classify_add_table_l2.vat @@ -0,0 +1 @@ +classify_add_del_table mask l2 {direction} \ No newline at end of file -- cgit 1.2.3-korg