shell vppbuild run vppbuild stty -echo run vppbuild sudo -u ubuntu -i bash -c "(cd vpp && make plugins && echo ALLGOOD)" expect vppbuild ALLGOOD shell s0 shell s1 shell s2 cd s1 unshare -n /bin/bash /sbin/ifconfig -a ^D^D^D cd s2 unshare -n /bin/bash /sbin/ifconfig -a ^D^D^D cd lua function session_get_bash_pid(s) if not has_session(s) then return nil end local fname = "/tmp/lute-"..s.."-pid.txt" session_exec(s, "echo $$ >" .. fname) -- it's a dirty hack but it's quick sleep(0.5) local pid = io.lines(fname)() print("Got pid for " .. s .. " : " .. tostring(pid)) return(tonumber(pid)) end function session_connect_with(s0, s1) -- local pid0 = tostring(session_get_bash_pid(s0)) local pid1 = tostring(session_get_bash_pid(s1)) local eth_options = { "rx", "tx", "sg", "tso", "ufo", "gso", "gro", "lro", "rxvlan", "txvlan", "rxhash" } local this_end = s0 .. "_" .. s1 local other_end = s1 .. "_" .. s0 session_exec(s0, "ip link add name " .. this_end .. " type veth peer name " .. other_end) session_exec(s0, "ip link set dev " .. this_end .. " up promisc on") for i, option in ipairs(eth_options) do session_exec(s0, "/sbin/ethtool --offload " .. this_end .. " " .. option .. " off") session_exec(s0, "/sbin/ethtool --offload " .. other_end .. " " .. option .. " off") end session_exec(s0, "ip link set dev " .. other_end .. " up promisc on netns /proc/" .. pid1 .. "/ns/net") sleep(0.5) end ^D^D^D run lua session_connect_with("s0", "s1") run lua session_connect_with("s0", "s2") cd s1 ip -6 addr add dev s1_s0 2001:db8:1::1/64 ip -4 addr add dev s1_s0 192.0.2.1/24 ip link set dev s1_s0 up promisc on ^D^D^D cd s2 ip -6 addr add dev s2_s0 2001:db8:1::2/64 ip -6 addr add dev s2_s0 2001:db8:1::3/64 ip -6 addr add dev s2_s0 2001:db8:1::4/64 ip -4 addr add dev s2_s0 192.0.2.2/24 ip -4 addr add dev s2_s0:1 192.0.2.3/24 ip -4 addr add dev s2_s0:2 192.0.2.4/24 ip link set dev s2_s0 up promisc on ^D^D^D run s1 ip addr run s2 ip addr shell VPP cd VPP cd /home/ubuntu/vpp make debug r ^D^D^D expect VPP DBGvpp# cd lua -- Initialization of the Lua environment for talking to VPP vpp = require("vpp-lapi") root_dir = "/home/ubuntu/vpp" pneum_path = root_dir .. "/build-root/install-vpp_debug-native/vpp-api/lib64/libpneum.so" vpp:init({ pneum_path = pneum_path }) vpp:consume_api(root_dir .. "/build-root/install-vpp_debug-native/vlib-api/vlibmemory/memclnt.api") vpp:consume_api(root_dir .. "/build-root/install-vpp_debug-native/vpp/vpp-api/vpe.api") vpp:connect("aytest") vpp:consume_api(root_dir .. "/plugins/acl-plugin/acl/acl.api", "acl") ^D^D^D cd lua reply = vpp:api_call("af_packet_create", { host_if_name = "s0_s1", hw_addr = "AAAAAA" }) vpp_if_to_s1 = reply[1].sw_if_index reply = vpp:api_call("af_packet_create", { host_if_name = "s0_s2", hw_addr = "AAAAAA" }) vpp_if_to_s2 = reply[1].sw_if_index ifaces = { vpp_if_to_s1, vpp_if_to_s2 } reply = vpp:api_call("sw_interface_set_flags", { sw_if_index = vpp_if_to_s1, admin_up_down = 1, link_up_down = 1 }) print(vpp.dump(reply)) reply = vpp:api_call("sw_interface_set_flags", { sw_if_index = vpp_if_to_s2, admin_up_down = 1, link_up_down = 1 }) print(vpp.dump(reply)) bd_id = 42 reply = vpp:api_call("bridge_domain_add_del", { bd_id = bd_id, flood = 1, uu_flood = 1, forward = 1, learn = 1, arp_term = 0, is_add = 1 }) print(vpp.dump(reply)) for i, v in ipairs(ifaces) do reply = vpp:api_call("sw_interface_set_l2_bridge", { rx_sw_if_index = v, bd_id = bd_id, shg = 0, bvi = 0, enable = 1 } ) print(vpp.dump(reply)) end ^D^D^D run s1 ping -c 3 192.0.2.2 expect s1 packet loss run s1 ping -c 3 192.0.2.3 expect s1 packet loss run s1 ping -c 3 192.0.2.4 expect s1 packet loss run s1 ping6 -c 3 2001:db8:1::2 expect s1 packet loss run s1 ping6 -c 3 2001:db8:1::3 expect s1 packet loss run s1 ping6 -c 3 2001:db8:1::4 expect s1 packet loss cd lua --- ACL testing --[[ temporary comment out reply = vpp:api_call("acl_del", { context = 42, acl_index = 230 }) print(vpp.dump(reply)) print("---") reply = vpp:api_call("acl_del", { context = 42, acl_index = 8 }) print(vpp.dump(reply)) print("---") reply = vpp:api_call("acl_del", { context = 42, acl_index = 15 }) print(vpp.dump(reply)) print("---") reply = vpp:api_call("acl_add_replace", { context = 42, acl_index = -1, count = 2, r = { { is_permit = 1, is_ipv6 = 1 }, { is_permit = 0, is_ipv6 = 1 } } }) print(vpp.dump(reply)) print("---") interface_acl_in = reply[1].acl_index reply = vpp:api_call("acl_add_replace", { context = 42, acl_index = -1, count = 3, r = { { is_permit = 1, is_ipv6 = 1 }, { is_permit = 0, is_ipv6 = 1 }, { is_permit = 1, is_ipv6 = 0 } } }) print(vpp.dump(reply)) print("---") interface_acl_out = reply[1].acl_index reply = vpp:api_call("acl_interface_add_del", { context = 42, sw_if_index = 0, is_add = 1, is_input = 1, acl_index = interface_acl_in }) print(vpp.dump(reply)) print("---") reply = vpp:api_call("acl_interface_add_del", { context = 42, sw_if_index = 0, is_add = 1, is_input = 1, acl_index = interface_acl_in }) print(vpp.dump(reply)) print("---") reply = vpp:api_call("acl_interface_add_del", { context = 42, sw_if_index = 0, is_add = 1, is_input = 0, acl_index = interface_acl_out }) print(vpp.dump(reply)) print("---") reply = vpp:api_call("acl_interface_add_del", { context = 42, sw_if_index = 0, is_add = 1, is_input = 0, acl_index = interface_acl_out }) print(vpp.dump(reply)) print("---") reply = vpp:api_call("acl_add_replace", { context = 42, acl_index = -1, count = 0 }) print(vpp.dump(reply)) print("---") acl_index_to_delete = reply[1].acl_index print("Deleting " .. tostring(acl_index_to_delete)) reply = vpp:api_call("acl_del", { context = 42, acl_index = acl_index_to_delete }) print(vpp.dump(reply)) print("---") reply = vpp:api_call("acl_dump", { context = 42, sw_if_index = 0}) for ri, rv in ipairs(reply) do print("Reply message #" .. tostring(ri)) print(vpp.dump(rv)) for ai, av in ipairs(rv.r) do print("ACL rule #" .. tostring(ai) .. " : " .. vpp.dump(av)) end end print("---") reply = vpp:api_call("acl_del", { context = 42, acl_index = interface_acl_out }) print(vpp.dump(reply)) print("---") reply = vpp:api_call("acl_del", { context = 42, acl_index = interface_acl_in }) print(vpp.dump(reply)) print("---") reply = vpp:api_call("acl_dump", { context = 42, sw_if_index = 0}) print(vpp.dump(reply)) print("---") reply = vpp:api_call("acl_dump", { context = 42, sw_if_index = 4294967295 }) print(vpp.dump(reply)) print("---") ]] -- end of comment out ---- Should be nothing ^^ r = { { is_permit = 1, is_ipv6 = 1, dst_ip_addr = ip46("2001:db8:1::2"), dst_ip_prefix_len = 128 }, { is_permit = 0, is_ipv6 = 1, dst_ip_addr = ip46("2001:db8:1::3"), dst_ip_prefix_len = 128 }, { is_permit = 1, is_ipv6 = 1, dst_ip_addr = ip46("2001:db8::"), dst_ip_prefix_len = 32 }, { is_permit = 1, is_ipv6 = 0, dst_ip_addr = ip46("192.0.2.2"), dst_ip_prefix_len = 32}, { is_permit = 0, is_ipv6 = 0, dst_ip_addr = ip46("192.0.2.3"), dst_ip_prefix_len = 32 }, } reply = vpp:api_call("acl_add_replace", { context = 42, acl_index = -1, count = 5, r = r }) print(vpp.dump(reply)) print("---") interface_acl_in = reply[1].acl_index reply = vpp:api_call("acl_add_replace", { context = 42, acl_index = -1, count = 3, r = { { is_permit = 1, is_ipv6 = 1 }, { is_permit = 0, is_ipv6 = 1 }, { is_permit = 1, is_ipv6 = 0 } } }) print(vpp.dump(reply)) print("---") interface_acl_out = reply[1].acl_in reply = vpp:api_call("acl_interface_add_del", { context = 42, sw_if_index = vpp_if_to_s1, is_add = 1, is_input = 1, acl_index = interface_acl_in }) print(vpp.dump(reply)) print("---") --reply = vpp:api_call("acl_interface_add_del", { context = 42, sw_if_index = vpp_if_to_s2, is_add = 1, is_input = 0, acl_index = interface_acl_out }) -- print(vpp.dump(reply)) --print("---") ^D^D^D run VPP clear trace run VPP trace add af-packet-input 100 run s1 ping6 -c 3 2001:db8:1::2 expect s1 packet loss run VPP show trace expect VPP match: inacl 0 rule 0 run VPP clear trace run VPP trace add af-packet-input 100 run s1 ping6 -c 3 2001:db8:1::3 expect s1 packet loss run VPP show trace expect VPP match: inacl 0 rule 1 run VPP clear trace run VPP trace add af-packet-input 100 run s1 ping6 -c 3 2001:db8:1::4 expect s1 packet loss run VPP show trace expect VPP match: inacl 0 rule 2 run VPP clear trace run VPP trace add af-packet-input 100 run s1 ping -c 3 192.0.2.2 expect s1 packet loss run VPP show trace expect VPP match: inacl 0 rule 3 run VPP clear trace run VPP trace add af-packet-input 100 run s1 ping -c 3 192.0.2.3 expect s1 packet loss run VPP show trace expect VPP match: inacl 0 rule 4 cd lua --- TEST OUTBOUND ACL r1 = { { is_permit = 1, is_ipv6 = 1, src_ip_addr = ip46("2001:db8:1::1"), src_ip_prefix_len = 128, dst_ip_addr = ip46("2001:db8:1::2"), dst_ip_prefix_len = 128 }, { is_permit = 0, is_ipv6 = 1, src_ip_addr = ip46("2001:db8:1::1"), src_ip_prefix_len = 128, dst_ip_addr = ip46("2001:db8:1::4"), dst_ip_prefix_len = 128 } } reply = vpp:api_call("acl_add_replace", { context = 42, acl_index = -1, count = 3, r = r1 }) print(vpp.dump(reply)) print("---") interface_acl_out = reply[1].acl_index reply = vpp:api_call("acl_interface_add_del", { context = 42, sw_if_index = vpp_if_to_s2, is_add = 1, is_input = 0, acl_index = interface_acl_out }) print(vpp.dump(reply)) print("---") ^D^D^D run VPP clear trace run VPP trace add af-packet-input 100 run s1 ping6 -c 3 2001:db8:1::2 expect s1 packet loss run VPP show trace expect VPP match: outacl 2 rule 0 run VPP clear trace run VPP trace add af-packet-input 100 run s1 ping6 -c 3 2001:db8:1::3 expect s1 packet loss run VPP show trace expect VPP match: inacl 0 rule 1 run VPP clear trace run VPP trace add af-packet-input 100 run s1 ping6 -c 3 2001:db8:1::4 expect s1 packet loss run VPP show trace expect VPP match: outacl 2 rule 1 run lua print("ALL GOOD!")