aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2018-03-23 09:34:29 +0100
committerAndrew Yourtchenko <ayourtch@gmail.com>2018-03-23 09:34:29 +0100
commit0e89dfc9167257b4e357222ea8fd176408577203 (patch)
tree191b0b125c9602d600e764d98a051dfb91f458cc
parent5237c77cdd8041f173ceefe4919cd7e9e1130805 (diff)
acl-plugin: make test: shuffle applied ACLs as part of the tests
During the testing of 94f9a6de3f706243d138e05b63fef1d5c8174f6c I realized there was no test coverage for the cases where the ACLs are added then modified while having beein applied. This change adds some simple shuffling to l2l3 ACL test set, whereby after each of the ACLs being applied, a few extra ACLs are applied at the front and the back of the list, and are changed several times, the base for the changes being the set of all the ACEs that are being applied previously. After these few shuffles, the routine restores the applied ACLs and proceeds to the test as usual. Change-Id: Ieda2aa5b7963746d62484e54719309de9c1ee752 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
-rw-r--r--test/test_acl_plugin_l2l3.py80
-rw-r--r--test/vpp_papi_provider.py6
2 files changed, 85 insertions, 1 deletions
diff --git a/test/test_acl_plugin_l2l3.py b/test/test_acl_plugin_l2l3.py
index 04f91cfca5a..97675d40cbf 100644
--- a/test/test_acl_plugin_l2l3.py
+++ b/test/test_acl_plugin_l2l3.py
@@ -25,7 +25,7 @@
import unittest
from socket import inet_pton, AF_INET, AF_INET6
-from random import choice
+from random import choice, shuffle
from pprint import pprint
from scapy.packet import Raw
@@ -331,6 +331,80 @@ class TestIpIrb(VppTestCase):
# UDP:
+ def applied_acl_shuffle(self, sw_if_index):
+ # first collect what ACLs are applied and what they look like
+ r = self.vapi.acl_interface_list_dump(sw_if_index=sw_if_index)
+ orig_applied_acls = r[0]
+
+ # we will collect these just to save and generate additional rulesets
+ orig_acls = []
+ for acl_num in orig_applied_acls.acls:
+ rr = self.vapi.acl_dump(acl_num)
+ orig_acls.append(rr[0])
+
+ # now create a list of all the rules in all ACLs
+ all_rules = []
+ for old_acl in orig_acls:
+ for rule in old_acl.r:
+ all_rules.append(dict(vars(rule)))
+
+ # Add a few ACLs made from shuffled rules
+ shuffle(all_rules)
+ reply = self.vapi.acl_add_replace(acl_index=4294967295,
+ r=all_rules[::2],
+ tag="shuffle 1. acl")
+ shuffle_acl_1 = reply.acl_index
+ shuffle(all_rules)
+ reply = self.vapi.acl_add_replace(acl_index=4294967295,
+ r=all_rules[::3],
+ tag="shuffle 2. acl")
+ shuffle_acl_2 = reply.acl_index
+ shuffle(all_rules)
+ reply = self.vapi.acl_add_replace(acl_index=4294967295,
+ r=all_rules[::2],
+ tag="shuffle 3. acl")
+ shuffle_acl_3 = reply.acl_index
+
+ # apply the shuffle ACLs in front
+ input_acls = [shuffle_acl_1, shuffle_acl_2]
+ output_acls = [shuffle_acl_1, shuffle_acl_2]
+
+ # add the currently applied ACLs
+ n_input = orig_applied_acls.n_input
+ input_acls.extend(orig_applied_acls.acls[:n_input])
+ output_acls.extend(orig_applied_acls.acls[n_input:])
+
+ # and the trailing shuffle ACL(s)
+ input_acls.extend([shuffle_acl_3])
+ output_acls.extend([shuffle_acl_3])
+
+ # set the interface ACL list to the result
+ self.vapi.acl_interface_set_acl_list(sw_if_index=sw_if_index,
+ n_input=len(input_acls),
+ acls=input_acls + output_acls)
+ # change the ACLs a few times
+ for i in range(1, 10):
+ shuffle(all_rules)
+ reply = self.vapi.acl_add_replace(acl_index=shuffle_acl_1,
+ r=all_rules[::1+(i % 2)],
+ tag="shuffle 1. acl")
+ shuffle(all_rules)
+ reply = self.vapi.acl_add_replace(acl_index=shuffle_acl_2,
+ r=all_rules[::1+(i % 3)],
+ tag="shuffle 2. acl")
+ shuffle(all_rules)
+ reply = self.vapi.acl_add_replace(acl_index=shuffle_acl_2,
+ r=all_rules[::1+(i % 5)],
+ tag="shuffle 3. acl")
+
+ # restore to how it was before and clean up
+ self.vapi.acl_interface_set_acl_list(sw_if_index=sw_if_index,
+ n_input=orig_applied_acls.n_input,
+ acls=orig_applied_acls.acls)
+ reply = self.vapi.acl_del(acl_index=shuffle_acl_1)
+ reply = self.vapi.acl_del(acl_index=shuffle_acl_2)
+ reply = self.vapi.acl_del(acl_index=shuffle_acl_3)
+
def create_acls_for_a_stream(self, stream_dict,
test_l2_action, is_reflect):
r = stream_dict['rules']
@@ -371,6 +445,8 @@ class TestIpIrb(VppTestCase):
self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
n_input=n_input_l2,
acls=[acl_idx['L2']])
+ self.applied_acl_shuffle(self.pg0.sw_if_index)
+ self.applied_acl_shuffle(self.pg2.sw_if_index)
def apply_acl_ip46_both_directions_reflect(self,
primary_is_bridged_to_routed,
@@ -424,6 +500,8 @@ class TestIpIrb(VppTestCase):
n_input=1,
acls=[inbound_l2_acl,
outbound_l2_acl])
+ self.applied_acl_shuffle(self.pg0.sw_if_index)
+ self.applied_acl_shuffle(self.pg2.sw_if_index)
def apply_acl_ip46_routed_to_bridged(self, test_l2_deny, is_ip6,
is_reflect, add_eh):
diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py
index 5517174590d..4fdd94ba351 100644
--- a/test/vpp_papi_provider.py
+++ b/test/vpp_papi_provider.py
@@ -2765,6 +2765,12 @@ class VppPapiProvider(object):
{'acl_index': acl_index},
expected_retval=expected_retval)
+ def acl_interface_list_dump(self, sw_if_index=0xFFFFFFFF,
+ expected_retval=0):
+ return self.api(self.papi.acl_interface_list_dump,
+ {'sw_if_index': sw_if_index},
+ expected_retval=expected_retval)
+
def macip_acl_add(self, rules, tag=""):
""" Add MACIP acl