#!/usr/bin/env python """ACL plugin - MACIP tests """ import random import re import unittest from socket import inet_ntop, inet_pton, AF_INET, AF_INET6 from struct import * from scapy.packet import Raw from scapy.layers.l2 import Ether from scapy.layers.inet import IP, UDP from scapy.layers.inet6 import IPv6 from framework import VppTestCase, VppTestRunner, running_extended_tests from vpp_lo_interface import VppLoInterface from vpp_papi_provider import L2_VTR_OP from vpp_sub_interface import VppSubInterface, VppDot1QSubint, VppDot1ADSubint class MethodHolder(VppTestCase): DEBUG = False BRIDGED = True ROUTED = False IS_IP4 = False IS_IP6 = True DOT1AD = "dot1ad" DOT1Q = "dot1q" PERMIT_TAGS = True DENY_TAGS = False # rule types DENY = 0 PERMIT = 1 # ACL types EXACT_IP = 1 SUBNET_IP = 2 WILD_IP = 3 EXACT_MAC = 1 WILD_MAC = 2 OUI_MAC = 3 ACLS = [] @classmethod def setUpClass(cls): """ Perform standard class setup (defined by class method setUpClass in class VppTestCase) before running the test case, set test case related variables and configure VPP. """ super(MethodHolder, cls).setUpClass() cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes cls.bd_id = 111 cls.remote_hosts_count = 200 try: # create 4 pg interfaces, 1 loopback interface cls.create_pg_interfaces(range(4)) cls.create_loopback_interfaces(range(1)) # create 2 subinterfaces cls.subifs = [ VppDot1QSubint(cls, cls.pg1, 10), VppDot1ADSubint(cls, cls.pg2, 20, 300, 400), VppDot1QSubint(cls, cls.pg3, 30), VppDot1ADSubint(cls, cls.pg3, 40, 600, 700)] cls.subifs[0].set_vtr(L2_VTR_OP.L2_POP_1, inner=10, push1q=1) cls.subifs[1].set_vtr(L2_VTR_OP.L2_POP_2, outer=300, inner=400, push1q=1) cls.subifs[2].set_vtr(L2_VTR_OP.L2_POP_1, inner=30, push1q=1) cls.subifs[3].set_vtr(L2_VTR_OP.L2_POP_2, outer=600, inner=700, push1q=1) cls.interfaces = list(cls.pg_interfaces) cls.interfaces.extend(cls.lo_interfaces) cls.interfaces.extend(cls.subifs) for i in cls.interfaces: i.admin_up() # Create BD with MAC learning enabled and put interfaces to this BD cls.vapi.sw_interface_set_l2_bridge( cls.loop0.sw_if_index, bd_id=cls.bd_id, bvi=1) cls.vapi.sw_interface_set_l2_bridge( cls.pg0.sw_if_index, bd_id=cls.bd_id) cls.vapi.sw_interface_set_l2_bridge( cls.pg1.sw_if_index, bd_id=cls.bd_id) cls.vapi.sw_interface_set_l2_bridge( cls.subifs[0].sw_if_index, bd_id=cls.bd_id) cls.vapi.sw_interface_set_l2_bridge( cls.subifs[1].sw_if_index, bd_id=cls.bd_id) # Configure IPv4/6 addresses on loop interface and routed interface cls.loop0.config_ip4() cls.loop0.config_ip6() cls.pg2.config_ip4() cls.pg2.config_ip6() cls.pg3.config_ip4() cls.pg3.config_ip6() # Configure MAC address binding to IPv4 neighbors on loop0 cls.loop0.generate_remote_hosts(cls.remote_hosts_count) # Modify host mac addresses to have different OUI parts for i in range(2, cls.remote_hosts_count + 2): mac = cls.loop0.remote_hosts[i-2]._mac.split(':') mac[2] = format(int(mac[2], 16) + i, "02x") cls.loop0.remote_hosts[i - 2]._mac = ":".join(mac) cls.loop0.configure_ipv4_neighbors() cls.loop0.configure_ipv6_neighbors() # configure MAC address on pg3 cls.pg3.resolve_arp() cls.pg3.resolve_ndp() # configure MAC address on subifs for i in cls.subifs: i.config_ip4() i.resolve_arp() i.config_ip6() # configure MAC address on pg2 cls.pg2.resolve_arp() cls.pg2.resolve_ndp() # Loopback BVI interface has remote hosts # one half of hosts are behind pg0 second behind pg1,pg2,pg3 subifs cls.pg0.remote_hosts = cls.loop0.remote_hosts[:100] cls.subifs[0].remote_hosts = cls.loop0.remote_hosts[100:125] cls.subifs[1].remote_hosts = cls.loop0.remote_hosts[125:150] cls.subifs[2].remote_hosts = cls.loop0.remote_hosts[150:175] cls.subifs[3].remote_hosts = cls.loop0.remote_hosts[175:] except Exception: super(TestMACIP, cls).tearDownClass() raise def setUp(self): super(MethodHolder, self).setUp() self.reset_packet_infos() del self.ACLS[:] def tearDown(self): """ Show various debug prints after each test. """ super(MethodHolder, self).tearDown() if not self.vpp_dead: self.logger.info(self.vapi.ppcli("show interface address")) self.logger.info(self.vapi.ppcli("show hardware")) self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl")) self.logger.info(self.vapi.ppcli("sh acl-plugin macip interface")) self.logger.info(self.vapi.ppcli("sh classify tables verbose")) self.logger.info(self.vapi.ppcli("sh acl-plugin acl")) self.logger.info(self.vapi.ppcli("sh acl-plugin interface")) self.logger.info(self.vapi.ppcli("sh acl-plugin tables")) # print self.vapi.ppcli("show interface address") # print self.vapi.ppcli("show hardware") # print self.vapi.ppcli("sh acl-plugin macip interface") # print self.vapi.ppcli("sh acl-plugin macip acl") self.delete_acls() def macip_acl_dump_debug(self): acls = self.vapi.macip_acl_dump() if self.DEBUG: for acl in acls: print "ACL #"+str(acl.acl_index) for r in acl.r: rule = "ACTION" if r.is_permit == 1: rule = "PERMIT" elif r.is_permit == 0: rule = "DENY " print " IP6" if r.is_ipv6 else " IP4", \ rule, \ r.src_mac.encode('hex'), \ r.src_mac_mask.encode('hex'),\ unpack('<16B', r.src_ip_addr), \ r.src_ip_prefix_len return acls def create_rules(self, mac_type=EXACT_MAC, ip_type=EXACT_IP, acl_count=1, rules_count=[1]): acls = [] src_mac = int("220000dead00", 16) for acl in range(2, (acl_count+1) * 2): rules = [] host = random.choice(self.loop0.remote_hosts) is_ip6 = acl % 2 ip4 = host.ip4.split('.') ip6 = list(unpack('<16B', inet_pton(AF_INET6, host.ip6))) if ip_type == self.EXACT_IP: prefix_len4 = 32 prefix_len6 = 128 elif ip_type == self.WILD_IP: ip4 = [0, 0, 0, 0] ip6 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] prefix_len4 = 0 prefix_len6 = 0 rules_count[(acl / 2) - 1] = 1 else: prefix_len4 = 24 prefix_len6 = 64 if mac_type == self.EXACT_MAC: mask = "ff:ff:ff:ff:ff:ff" elif mac_type == self.WILD_MAC: mask = "00:00:00:00:00:00" elif mac_type == self.OUI_MAC: mask = "ff:ff:ff:00:00:00" else: mask = "ff:ff:ff:ff:ff:00" ip = ip6 if is_ip6 else ip4 ip_len = prefix_len6 if is_ip6 else prefix_len4 for i in range(0, rules_count[(acl / 2) - 1]): src_mac += 16777217 if mac_type == self.WILD_MAC: mac = "00:00:00:00:00:00" elif mac_type == self.OUI_MAC: mac = ':'.join(re.findall('..', '{:02x}'.format( src_mac))[:3])+":00:00:00" else: mac = ':'.join(re.findall('..', '{:02x}'.format(src_mac))) if ip_type == self.EXACT_IP: ip4[3] = random.randint(100, 200) ip6[15] = random.randint(100, 200) elif ip_type == self.SUBNET_IP: ip4[2] = random.randint(100, 200) ip4[3] = 0 ip6[8] = random.randint(100, 200) ip6[15] = 0 ip_pack = '' for j in range(0, len(ip)): ip_pack += pack(' @media only all and (prefers-color-scheme: dark) { .highlight .hll { background-color: #49483e } .highlight .c { color: #75715e } /* Comment */ .highlight .err { color: #960050; background-color: #1e0010 } /* Error */ .highlight .k { color: #66d9ef } /* Keyword */ .highlight .l { color: #ae81ff } /* Literal */ .highlight .n { color: #f8f8f2 } /* Name */ .highlight .o { color: #f92672 } /* Operator */ .highlight .p { color: #f8f8f2 } /* Punctuation */ .highlight .ch { color: #75715e } /* Comment.Hashbang */ .highlight .cm { color: #75715e } /* Comment.Multiline */ .highlight .cp { color: #75715e } /* Comment.Preproc */ .highlight .cpf { color: #75715e } /* Comment.PreprocFile */ .highlight .c1 { color: #75715e } /* Comment.Single */ .highlight .cs { color: #75715e } /* Comment.Special */ .highlight .gd { color: #f92672 } /* Generic.Deleted */ .highlight .ge { font-style: italic } /* Generic.Emph */ .highlight .gi { color: #a6e22e } /* Generic.Inserted */ .highlight .gs { font-weight: bold } /* Generic.Strong */ .highlight .gu { color: #75715e } /* Generic.Subheading */ .highlight .kc { color: #66d9ef } /* Keyword.Constant */ .highlight .kd { color: #66d9ef } /* Keyword.Declaration */ .highlight .kn { color: #f92672 } /* Keyword.Namespace */ .highlight .kp { color: #66d9ef } /* Keyword.Pseudo */ .highlight .kr { color: #66d9ef } /* Keyword.Reserved */ .highlight .kt { color: #66d9ef } /* Keyword.Type */ .highlight .ld { color: #e6db74 } /* Literal.Date */ .highlight .m { color: #ae81ff } /* Literal.Number */ .highlight .s { color: #e6db74 } /* Literal.String */ .highlight .na { color: #a6e22e } /* Name.Attribute */ .highlight .nb { color: #f8f8f2 } /* Name.Builtin */ .highlight .nc { color: #a6e22e } /* Name.Class */ .highlight .no { color: #66d9ef } /* Name.Constant */ .highlight .nd { color: #a6e22e } /* Name.Decorator */ .highlight .ni { color: #f8f8f2 } /* Name.Entity */ .highlight .ne { color: #a6e22e } /* Name.Exception */ .highlight .nf { color: #a6e22e } /* Name.Function */ .highlight .nl { color: #f8f8f2 } /* Name.Label */ .highlight .nn { color: #f8f8f2 } /* Name.Namespace */ .highlight .nx { color: #a6e22e } /* Name.Other */ .highlight .py { color: #f8f8f2 } /* Name.Property */ .highlight .nt { color: #f92672 } /* Name.Tag */ .highlight .nv { color: #f8f8f2 } /* Name.Variable */ .highlight .ow { color: #f92672 } /* Operator.Word */ .highlight .w { color: #f8f8f2 } /* Text.Whitespace */ .highlight .mb { color: #ae81ff } /* Literal.Number.Bin */ .highlight .mf { color: #ae81ff } /* Literal.Number.Float */ .highlight .mh { color: #ae81ff } /* Literal.Number.Hex */ .highlight .mi { color: #ae81ff } /* Literal.Number.Integer */ .highlight .mo { color: #ae81ff } /* Literal.Number.Oct */ .highlight .sa { color: #e6db74 } /* Literal.String.Affix */ .highlight .sb { color: #e6db74 } /* Literal.String.Backtick */ .highlight .sc { color: #e6db74 } /* Literal.String.Char */ .highlight .dl { color: #e6db74 } /* Literal.String.Delimiter */ .highlight .sd { color: #e6db74 } /* Literal.String.Doc */ .highlight .s2 { color: #e6db74 } /* Literal.String.Double */ .highlight .se { color: #ae81ff } /* Literal.String.Escape */ .highlight .sh { color: #e6db74 } /* Literal.String.Heredoc */ .highlight .si { color: #e6db74 } /* Literal.String.Interpol */ .highlight .sx { color: #e6db74 } /* Literal.String.Other */ .highlight .sr { color: #e6db74 } /* Literal.String.Regex */ .highlight .s1 { color: #e6db74 } /* Literal.String.Single */ .highlight .ss { color: #e6db74 } /* Literal.String.Symbol */ .highlight .bp { color: #f8f8f2 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #a6e22e } /* Name.Function.Magic */ .highlight .vc { color: #f8f8f2 } /* Name.Variable.Class */ .highlight .vg { color: #f8f8f2 } /* Name.Variable.Global */ .highlight .vi { color: #f8f8f2 } /* Name.Variable.Instance */ .highlight .vm { color: #f8f8f2 } /* Name.Variable.Magic */ .highlight .il { color: #ae81ff } /* Literal.Number.Integer.Long */ } @media (prefers-color-scheme: light) { .highlight .hll { background-color: #ffffcc } .highlight .c { color: #888888 } /* Comment */ .highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */ .highlight .k { color: #008800; font-weight: bold } /* Keyword */ .highlight .ch { color: #888888 } /* Comment.Hashbang */ .highlight .cm { color: #888888 } /* Comment.Multiline */ .highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */ .highlight .cpf { color: #888888 } /* Comment.PreprocFile */ .highlight .c1 { color: #888888 } /* Comment.Single */ .highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */ .highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */ .highlight .ge { font-style: italic } /* Generic.Emph */ .highlight .gr { color: #aa0000 } /* Generic.Error */ .highlight .gh { color: #333333 } /* Generic.Heading */ .highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */ .highlight .go { color: #888888 } /* Generic.Output */ .highlight .gp { color: #555555 } /* Generic.Prompt */ .highlight .gs { font-weight: bold } /* Generic.Strong */ .highlight .gu { color: #666666 } /* Generic.Subheading */ .highlight .gt { color: #aa0000 } /* Generic.Traceback */ .highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */ .highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */ .highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */ .highlight .kp { color: #008800 } /* Keyword.Pseudo */ .highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */ .highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */ .highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */ .highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */ .highlight .na { color: #336699 } /* Name.Attribute */ .highlight .nb { color: #003388 } /* Name.Builtin */ .highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */ .highlight .no { color: #003366; font-weight: bold } /* Name.Constant */ .highlight .nd { color: #555555 } /* Name.Decorator */ .highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */ .highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */ .highlight .nl { color: #336699; font-style: italic } /* Name.Label */ .highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */ .highlight .py { color: #336699; font-weight: bold } /* Name.Property */ .highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #336699 } /* Name.Variable */ .highlight .ow { color: #008800 } /* Operator.Word */ .highlight .w { color: #bbbbbb } /* Text.Whitespace */ .highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ } 
# Copyright (c) 2019 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

"""Linux sysctl library."""

from resources.libraries.python.ssh import exec_cmd_no_error

__all__ = ["SysctlUtil"]


class SysctlUtil(object):
    """Class contains methods for getting or setting sysctl settings."""

    @staticmethod
    def get_sysctl_value(node, key):
        """Get sysctl key.

        :param node: Node in the topology.
        :param key: Key that will be set.
        :type node: dict
        :type key: str
        """
        command = 'sysctl {key}'.format(key=key)

        message = 'Node {host} failed to run: {command}'.\
            format(host=node['host'], command=command)

        exec_cmd_no_error(node, command, sudo=True, message=message)

    @staticmethod
    def set_sysctl_value(node, key, value):
        """Set sysctl key to specific value.

        :param node: Node in the topology.
        :param key: Key that will be set.
        :param value: Value to set.
        :type node: dict
        :type key: str
        :type value: str
        """
        command = 'sysctl -w {key}={value}'.format(key=key, value=value)

        message = 'Node {host} failed to run: {command}'.\
            format(host=node['host'], command=command)

        exec_cmd_no_error(node, command, sudo=True, message=message)
cl_bridged_ip4_ouiMAC_exactIP(self): """ IP4 MACIP ouiMAC|exactIP ACL bridged traffic """ self.run_traffic(self.OUI_MAC, self.EXACT_IP, self.BRIDGED, self.IS_IP4, 3) def test_acl_bridged_ip4_ouiMAC_subnetIP(self): """ IP4 MACIP ouiMAC|subnetIP ACL bridged traffic """ self.run_traffic(self.OUI_MAC, self.SUBNET_IP, self.BRIDGED, self.IS_IP4, 9) def test_acl_bridged_ip4_ouiMAC_wildIP(self): """ IP4 MACIP ouiMAC|wildIP ACL bridged traffic """ self.run_traffic(self.OUI_MAC, self.WILD_IP, self.BRIDGED, self.IS_IP4, 9) def test_ac_bridgedl_ip4_wildMAC_exactIP(self): """ IP4 MACIP wildcardMAC|exactIP ACL bridged traffic """ self.run_traffic(self.WILD_MAC, self.EXACT_IP, self.BRIDGED, self.IS_IP4, 9) def test_acl_bridged_ip4_wildMAC_subnetIP(self): """ IP4 MACIP wildcardMAC|subnetIP ACL bridged traffic """ self.run_traffic(self.WILD_MAC, self.SUBNET_IP, self.BRIDGED, self.IS_IP4, 9) def test_acl_bridged_ip4_wildMAC_wildIP(self): """ IP4 MACIP wildcardMAC|wildIP ACL bridged traffic """ self.run_traffic(self.WILD_MAC, self.WILD_IP, self.BRIDGED, self.IS_IP4, 9) def test_acl_routed_ip4_exactMAC_exactIP(self): """ IP4 MACIP exactMAC|exactIP ACL routed traffic """ self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP4, 9) def test_acl_routed_ip4_exactMAC_subnetIP(self): """ IP4 MACIP exactMAC|subnetIP ACL routed traffic """ self.run_traffic(self.EXACT_MAC, self.SUBNET_IP, self.ROUTED, self.IS_IP4, 9) def test_acl_routed_ip4_exactMAC_wildIP(self): """ IP4 MACIP exactMAC|wildIP ACL routed traffic """ self.run_traffic(self.EXACT_MAC, self.WILD_IP, self.ROUTED, self.IS_IP4, 9) def test_acl_routed_ip4_ouiMAC_exactIP(self): """ IP4 MACIP ouiMAC|exactIP ACL routed traffic """ self.run_traffic(self.OUI_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP4, 9) def test_acl_routed_ip4_ouiMAC_subnetIP(self): """ IP4 MACIP ouiMAC|subnetIP ACL routed traffic """ self.run_traffic(self.OUI_MAC, self.SUBNET_IP, self.ROUTED, self.IS_IP4, 9) def test_acl_routed_ip4_ouiMAC_wildIP(self): """ IP4 MACIP ouiMAC|wildIP ACL routed traffic """ self.run_traffic(self.OUI_MAC, self.WILD_IP, self.ROUTED, self.IS_IP4, 9) def test_acl_routed_ip4_wildMAC_exactIP(self): """ IP4 MACIP wildcardMAC|exactIP ACL routed traffic """ self.run_traffic(self.WILD_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP4, 9) def test_acl_routed_ip4_wildMAC_subnetIP(self): """ IP4 MACIP wildcardMAC|subnetIP ACL routed traffic """ self.run_traffic(self.WILD_MAC, self.SUBNET_IP, self.ROUTED, self.IS_IP4, 9) def test_acl_routed_ip4_wildMAC_wildIP(self): """ IP4 MACIP wildcardMAC|wildIP ACL """ self.run_traffic(self.WILD_MAC, self.WILD_IP, self.ROUTED, self.IS_IP4, 9) def test_acl_replace_traffic_ip4(self): """ MACIP replace ACL with IP4 traffic """ self.run_traffic(self.OUI_MAC, self.SUBNET_IP, self.BRIDGED, self.IS_IP4, 9, try_replace=True) self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED, self.IS_IP4, 9, try_replace=True) class TestMACIP_IP6(MethodHolder): """MACIP with IP6 traffic""" def test_acl_bridged_ip6_exactMAC_exactIP(self): """ IP6 MACIP exactMAC|exactIP ACL bridged traffic """ self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED, self.IS_IP6, 9) def test_acl_bridged_ip6_exactMAC_subnetIP(self): """ IP6 MACIP exactMAC|subnetIP ACL bridged traffic """ self.run_traffic(self.EXACT_MAC, self.SUBNET_IP, self.BRIDGED, self.IS_IP6, 9) def test_acl_bridged_ip6_exactMAC_wildIP(self): """ IP6 MACIP exactMAC|wildIP ACL bridged traffic """ self.run_traffic(self.EXACT_MAC, self.WILD_IP, self.BRIDGED, self.IS_IP6, 9) def test_acl_bridged_ip6_ouiMAC_exactIP(self): """ IP6 MACIP oui_MAC|exactIP ACL bridged traffic """ self.run_traffic(self.OUI_MAC, self.EXACT_IP, self.BRIDGED, self.IS_IP6, 9) def test_acl_bridged_ip6_ouiMAC_subnetIP(self): """ IP6 MACIP ouiMAC|subnetIP ACL bridged traffic """ self.run_traffic(self.OUI_MAC, self.SUBNET_IP, self.BRIDGED, self.IS_IP6, 9) def test_acl_bridged_ip6_ouiMAC_wildIP(self): """ IP6 MACIP ouiMAC|wildIP ACL bridged traffic """ self.run_traffic(self.OUI_MAC, self.WILD_IP, self.BRIDGED, self.IS_IP6, 9) def test_acl_bridged_ip6_wildMAC_exactIP(self): """ IP6 MACIP wildcardMAC|exactIP ACL bridged traffic """ self.run_traffic(self.WILD_MAC, self.EXACT_IP, self.BRIDGED, self.IS_IP6, 9) def test_acl_bridged_ip6_wildMAC_subnetIP(self): """ IP6 MACIP wildcardMAC|subnetIP ACL bridged traffic """ self.run_traffic(self.WILD_MAC, self.SUBNET_IP, self.BRIDGED, self.IS_IP6, 9) def test_acl_bridged_ip6_wildMAC_wildIP(self): """ IP6 MACIP wildcardMAC|wildIP ACL bridged traffic """ self.run_traffic(self.WILD_MAC, self.WILD_IP, self.BRIDGED, self.IS_IP6, 9) def test_acl_routed_ip6_exactMAC_exactIP(self): """ IP6 MACIP exactMAC|exactIP ACL routed traffic """ self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP6, 9) def test_acl_routed_ip6_exactMAC_subnetIP(self): """ IP6 MACIP exactMAC|subnetIP ACL routed traffic """ self.run_traffic(self.EXACT_MAC, self.SUBNET_IP, self.ROUTED, self.IS_IP6, 9) def test_acl_routed_ip6_exactMAC_wildIP(self): """ IP6 MACIP exactMAC|wildIP ACL routed traffic """ self.run_traffic(self.EXACT_MAC, self.WILD_IP, self.ROUTED, self.IS_IP6, 9) def test_acl_routed_ip6_ouiMAC_exactIP(self): """ IP6 MACIP ouiMAC|exactIP ACL routed traffic """ self.run_traffic(self.OUI_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP6, 9) def test_acl_routed_ip6_ouiMAC_subnetIP(self): """ IP6 MACIP ouiMAC|subnetIP ACL routed traffic """ self.run_traffic(self.OUI_MAC, self.SUBNET_IP, self.ROUTED, self.IS_IP6, 9) def test_acl_routed_ip6_ouiMAC_wildIP(self): """ IP6 MACIP ouiMAC|wildIP ACL routed traffic """ self.run_traffic(self.OUI_MAC, self.WILD_IP, self.ROUTED, self.IS_IP6, 9) def test_acl_routed_ip6_wildMAC_exactIP(self): """ IP6 MACIP wildcardMAC|exactIP ACL routed traffic """ self.run_traffic(self.WILD_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP6, 9) def test_acl_routed_ip6_wildMAC_subnetIP(self): """ IP6 MACIP wildcardMAC|subnetIP ACL routed traffic """ self.run_traffic(self.WILD_MAC, self.SUBNET_IP, self.ROUTED, self.IS_IP6, 9) def test_acl_routed_ip6_wildMAC_wildIP(self): """ IP6 MACIP wildcardMAC|wildIP ACL """ self.run_traffic(self.WILD_MAC, self.WILD_IP, self.ROUTED, self.IS_IP6, 9) def test_acl_replace_traffic_ip6(self): """ MACIP replace ACL with IP6 traffic """ self.run_traffic(self.OUI_MAC, self.SUBNET_IP, self.BRIDGED, self.IS_IP6, 9, try_replace=True) self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED, self.IS_IP6, 9, try_replace=True) class TestMACIP(MethodHolder): """MACIP Tests""" def test_acl_1_2(self): """ MACIP ACL with 2 entries """ self.run_test_acls(self.EXACT_MAC, self.WILD_IP, 1, [2]) def test_acl_1_5(self): """ MACIP ACL with 5 entries """ self.run_test_acls(self.EXACT_MAC, self.SUBNET_IP, 1, [5]) def test_acl_1_10(self): """ MACIP ACL with 10 entries """ self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 1, [10]) def test_acl_1_20(self): """ MACIP ACL with 20 entries """ self.run_test_acls(self.OUI_MAC, self.WILD_IP, 1, [20]) def test_acl_1_50(self): """ MACIP ACL with 50 entries """ self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 1, [50]) def test_acl_1_100(self): """ MACIP ACL with 100 entries """ self.run_test_acls(self.OUI_MAC, self.EXACT_IP, 1, [100]) def test_acl_2_X(self): """ MACIP 2 ACLs each with 100+ entries """ self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 2, [100, 200]) def test_acl_10_X(self): """ MACIP 10 ACLs each with 100+ entries """ self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10, [100, 120, 140, 160, 180, 200, 210, 220, 230, 240]) def test_acl_10_X_traffic_ip4(self): """ MACIP 10 ACLs each with 100+ entries with IP4 traffic """ self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10, [100, 120, 140, 160, 180, 200, 210, 220, 230, 240], self.BRIDGED, self.IS_IP4) def test_acl_10_X_traffic_ip6(self): """ MACIP 10 ACLs each with 100+ entries with IP6 traffic """ self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10, [100, 120, 140, 160, 180, 200, 210, 220, 230, 240], self.BRIDGED, self.IS_IP6) def test_acl_replace(self): """ MACIP replace ACL """ r1 = self.create_rules(acl_count=3, rules_count=[2, 2, 2]) r2 = self.create_rules(mac_type=self.OUI_MAC, ip_type=self.SUBNET_IP) self.apply_macip_rules(r1) acls_before = self.macip_acl_dump_debug() # replace acls #2, #3 with new reply = self.vapi.macip_acl_add_replace(r2[0], 2) self.assertEqual(reply.retval, 0) self.assertEqual(reply.acl_index, 2) reply = self.vapi.macip_acl_add_replace(r2[1], 3) self.assertEqual(reply.retval, 0) self.assertEqual(reply.acl_index, 3) acls_after = self.macip_acl_dump_debug() # verify changes self.assertEqual(len(acls_before), len(acls_after)) for acl1, acl2 in zip( acls_before[:2]+acls_before[4:], acls_after[:2]+acls_after[4:]): self.assertEqual(len(acl1), len(acl2)) self.assertEqual(len(acl1.r), len(acl2.r)) for r1, r2 in zip(acl1.r, acl2.r): self.assertEqual(len(acl1.r), len(acl2.r)) self.assertEqual(acl1.r, acl2.r) for acl1, acl2 in zip( acls_before[2:4], acls_after[2:4]): self.assertEqual(len(acl1), len(acl2)) self.assertNotEqual(len(acl1.r), len(acl2.r)) for r1, r2 in zip(acl1.r, acl2.r): self.assertNotEqual(len(acl1.r), len(acl2.r)) self.assertNotEqual(acl1.r, acl2.r) def test_delete_intf(self): """ MACIP ACL delete intf with acl """ intf_count = len(self.interfaces)+1 intf = [] self.apply_macip_rules(self.create_rules(acl_count=3, rules_count=[3, 5, 4])) intf.append(VppLoInterface(self, 0)) intf.append(VppLoInterface(self, 1)) sw_if_index0 = intf[0].sw_if_index self.vapi.macip_acl_interface_add_del(sw_if_index0, 1) reply = self.vapi.macip_acl_interface_get() self.assertEqual(reply.count, intf_count+1) self.assertEqual(reply.acls[sw_if_index0], 1) sw_if_index1 = intf[1].sw_if_index self.vapi.macip_acl_interface_add_del(sw_if_index1, 0) reply = self.vapi.macip_acl_interface_get() self.assertEqual(reply.count, intf_count+2) self.assertEqual(reply.acls[sw_if_index1], 0) intf[0].remove_vpp_config() reply = self.vapi.macip_acl_interface_get() self.assertEqual(reply.count, intf_count+2) self.assertEqual(reply.acls[sw_if_index0], 4294967295) self.assertEqual(reply.acls[sw_if_index1], 0) intf.append(VppLoInterface(self, 2)) intf.append(VppLoInterface(self, 3)) sw_if_index2 = intf[2].sw_if_index sw_if_index3 = intf[3].sw_if_index self.vapi.macip_acl_interface_add_del(sw_if_index2, 1) self.vapi.macip_acl_interface_add_del(sw_if_index3, 1) reply = self.vapi.macip_acl_interface_get() self.assertEqual(reply.count, intf_count+3) self.assertEqual(reply.acls[sw_if_index1], 0) self.assertEqual(reply.acls[sw_if_index2], 1) self.assertEqual(reply.acls[sw_if_index3], 1) intf[2].remove_vpp_config() intf[1].remove_vpp_config() reply = self.vapi.macip_acl_interface_get() self.assertEqual(reply.count, intf_count+3) self.assertEqual(reply.acls[sw_if_index0], 4294967295) self.assertEqual(reply.acls[sw_if_index1], 4294967295) self.assertEqual(reply.acls[sw_if_index2], 4294967295) self.assertEqual(reply.acls[sw_if_index3], 1) intf[3].remove_vpp_config() reply = self.vapi.macip_acl_interface_get() self.assertEqual(len([x for x in reply.acls if x != 4294967295]), 0) class TestACL_dot1q_bridged(MethodHolder): """ACL on dot1q bridged subinterfaces Tests""" def test_acl_bridged_ip4_subif_dot1q(self): """ IP4 ACL SubIf Dot1Q bridged traffic""" self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED, self.IS_IP4, 9, tags=self.DOT1Q, isMACIP=False) def test_acl_bridged_ip6_subif_dot1q(self): """ IP6 ACL SubIf Dot1Q bridged traffic""" self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED, self.IS_IP6, 9, tags=self.DOT1Q, isMACIP=False) class TestACL_dot1ad_bridged(MethodHolder): """ACL on dot1ad bridged subinterfaces Tests""" def test_acl_bridged_ip4_subif_dot1ad(self): """ IP4 ACL SubIf Dot1AD bridged traffic""" self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED, self.IS_IP4, 9, tags=self.DOT1AD, isMACIP=False) def test_acl_bridged_ip6_subif_dot1ad(self): """ IP6 ACL SubIf Dot1AD bridged traffic""" self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED, self.IS_IP6, 9, tags=self.DOT1AD, isMACIP=False) class TestACL_dot1q_routed(MethodHolder): """ACL on dot1q routed subinterfaces Tests""" def test_acl_routed_ip4_subif_dot1q(self): """ IP4 ACL SubIf Dot1Q routed traffic""" self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP4, 9, tags=self.DOT1Q, isMACIP=False) def test_acl_routed_ip6_subif_dot1q(self): """ IP6 ACL SubIf Dot1Q routed traffic""" self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP6, 9, tags=self.DOT1Q, isMACIP=False) def test_acl_routed_ip4_subif_dot1q_deny_by_tags(self): """ IP4 ACL SubIf wrong tags Dot1Q routed traffic""" self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP4, 9, True, tags=self.DOT1Q, isMACIP=False, permit_tags=self.DENY_TAGS) def test_acl_routed_ip6_subif_dot1q_deny_by_tags(self): """ IP6 ACL SubIf wrong tags Dot1Q routed traffic""" self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP6, 9, True, tags=self.DOT1Q, isMACIP=False, permit_tags=self.DENY_TAGS) class TestACL_dot1ad_routed(MethodHolder): """ACL on dot1ad routed subinterfaces Tests""" def test_acl_routed_ip6_subif_dot1ad(self): """ IP6 ACL SubIf Dot1AD routed traffic""" self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP6, 9, tags=self.DOT1AD, isMACIP=False) def test_acl_routed_ip4_subif_dot1ad(self): """ IP4 ACL SubIf Dot1AD routed traffic""" self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP4, 9, tags=self.DOT1AD, isMACIP=False) def test_acl_routed_ip6_subif_dot1ad_deny_by_tags(self): """ IP6 ACL SubIf wrong tags Dot1AD routed traffic""" self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP6, 9, True, tags=self.DOT1AD, isMACIP=False, permit_tags=self.DENY_TAGS) def test_acl_routed_ip4_subif_dot1ad_deny_by_tags(self): """ IP4 ACL SubIf wrong tags Dot1AD routed traffic""" self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED, self.IS_IP4, 9, True, tags=self.DOT1AD, isMACIP=False, permit_tags=self.DENY_TAGS) if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)