diff options
author | Andrew Yourtchenko <ayourtch@gmail.com> | 2017-12-09 14:55:52 +0100 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2017-12-11 19:05:23 +0000 |
commit | d78349109fdb98fa0ba5f5aff779be700ff78357 (patch) | |
tree | f704a36483ac448ea8946949e90d556510f952be /test | |
parent | abbc04c564b4120a3ee753cdd133a7a151dc5c8e (diff) |
acl-plugin: unapply/reapply the classifier-based inacls when performing macip_acl_add_replace on an existing MACIP ACL
The classifier tables layout might (and most always will) change during the MACIP ACL modification.
Furthermore, vnet_set_input_acl_intfc() is quite a picky creature - it quietly does nothing
if there is an existing inacl applied, even if the number is different, so a simple "reapply"
does not work. So, cleanly remove inacl, then reapply when the new tables are ready.
Also, fix the testcase which was supposed to test this exact behavior.
Thanks to Jon Loeliger for spotting this issue.
Change-Id: I7e4bd8023d9de7e914448bb4466c1b0ef6940f58
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/test_acl_plugin_macip.py | 34 |
1 files changed, 15 insertions, 19 deletions
diff --git a/test/test_acl_plugin_macip.py b/test/test_acl_plugin_macip.py index d27458d7df0..bf87e02ecd9 100644 --- a/test/test_acl_plugin_macip.py +++ b/test/test_acl_plugin_macip.py @@ -588,7 +588,8 @@ class MethodHolder(VppTestCase): def run_traffic(self, mac_type, ip_type, traffic, is_ip6, packets, do_not_expected_capture=False, tags=None, - apply_rules=True, isMACIP=True, permit_tags=PERMIT_TAGS): + apply_rules=True, isMACIP=True, permit_tags=PERMIT_TAGS, + try_replace=False): self.reset_packet_infos() if tags is None: @@ -650,6 +651,15 @@ class MethodHolder(VppTestCase): self.vapi.macip_acl_interface_add_del( sw_if_index=tx_if.sw_if_index, acl_index=0) + if try_replace: + if isMACIP: + reply = self.vapi.macip_acl_add_replace( + test_dict['macip_rules'], + acl_index) + else: + reply = self.vapi.acl_add_replace(acl_index=acl_index, + r=test_dict['acl_rules']) + self.assertEqual(reply.retval, 0) if not isinstance(src_if, VppSubInterface): tx_if.add_stream(test_dict['stream']) @@ -812,16 +822,9 @@ class TestMACIP_IP4(MethodHolder): """ MACIP replace ACL with IP4 traffic """ self.run_traffic(self.OUI_MAC, self.SUBNET_IP, - self.BRIDGED, self.IS_IP4, 9) - - r = self.create_rules() - # replace acls #2, #3 with new - reply = self.vapi.macip_acl_add_replace(r[0], 0) - self.assertEqual(reply.retval, 0) - self.assertEqual(reply.acl_index, 0) - + self.BRIDGED, self.IS_IP4, 9, try_replace=True) self.run_traffic(self.EXACT_MAC, self.EXACT_IP, - self.BRIDGED, self.IS_IP4, 9, True) + self.BRIDGED, self.IS_IP4, 9, try_replace=True) class TestMACIP_IP6(MethodHolder): @@ -957,16 +960,9 @@ class TestMACIP_IP6(MethodHolder): """ MACIP replace ACL with IP6 traffic """ self.run_traffic(self.OUI_MAC, self.SUBNET_IP, - self.BRIDGED, self.IS_IP6, 9) - - r = self.create_rules() - # replace acls #2, #3 with new - reply = self.vapi.macip_acl_add_replace(r[0], 0) - self.assertEqual(reply.retval, 0) - self.assertEqual(reply.acl_index, 0) - + self.BRIDGED, self.IS_IP6, 9, try_replace=True) self.run_traffic(self.EXACT_MAC, self.EXACT_IP, - self.BRIDGED, self.IS_IP6, 9, True) + self.BRIDGED, self.IS_IP6, 9, try_replace=True) class TestMACIP(MethodHolder): |