aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--test/test_acl_plugin.py64
-rw-r--r--test/test_acl_plugin_conns.py52
-rw-r--r--test/test_acl_plugin_l2l3.py86
-rw-r--r--test/vpp_papi_provider.py29
4 files changed, 79 insertions, 152 deletions
diff --git a/test/test_acl_plugin.py b/test/test_acl_plugin.py
index 3a180d21961..605efbd4ccb 100644
--- a/test/test_acl_plugin.py
+++ b/test/test_acl_plugin.py
@@ -238,16 +238,15 @@ class TestACLplugin(VppTestCase):
return rule
def apply_rules(self, rules, tag=''):
- reply = self.api_acl_add_replace(acl_index=4294967295, r=rules,
- count=len(rules),
- tag=tag)
+ reply = self.vapi.acl_add_replace(acl_index=4294967295, r=rules,
+ tag=tag)
self.logger.info("Dumped ACL: " + str(
- self.api_acl_dump(reply.acl_index)))
+ self.vapi.acl_dump(reply.acl_index)))
# Apply a ACL on the interface as inbound
for i in self.pg_interfaces:
- self.api_acl_interface_set_acl_list(sw_if_index=i.sw_if_index,
- count=1, n_input=1,
- acls=[reply.acl_index])
+ self.vapi.acl_interface_set_acl_list(sw_if_index=i.sw_if_index,
+ n_input=1,
+ acls=[reply.acl_index])
return
def create_upper_layer(self, packet_index, proto, ports=0):
@@ -485,37 +484,6 @@ class TestACLplugin(VppTestCase):
capture = dst_if.get_capture(0)
self.assertEqual(len(capture), 0)
- def api_acl_add_replace(self, acl_index, r, count, tag='',
- expected_retval=0):
- """Add/replace an ACL
-
- :param int acl_index: ACL index to replace,
- 4294967295 to create new ACL.
- :param acl_rule r: ACL rules array.
- :param str tag: symbolic tag (description) for this ACL.
- :param int count: number of rules.
- """
- return self.vapi.api(self.vapi.papi.acl_add_replace,
- {'acl_index': acl_index,
- 'r': r,
- 'count': count,
- 'tag': tag},
- expected_retval=expected_retval)
-
- def api_acl_interface_set_acl_list(self, sw_if_index, count, n_input, acls,
- expected_retval=0):
- return self.vapi.api(self.vapi.papi.acl_interface_set_acl_list,
- {'sw_if_index': sw_if_index,
- 'count': count,
- 'n_input': n_input,
- 'acls': acls},
- expected_retval=expected_retval)
-
- def api_acl_dump(self, acl_index, expected_retval=0):
- return self.vapi.api(self.vapi.papi.acl_dump,
- {'acl_index': acl_index},
- expected_retval=expected_retval)
-
def test_0000_warmup_test(self):
""" ACL plugin version check; learn MACs
"""
@@ -544,12 +512,12 @@ class TestACLplugin(VppTestCase):
'dst_ip_addr': '\x00\x00\x00\x00',
'dst_ip_prefix_len': 0}]
# Test 1: add a new ACL
- reply = self.api_acl_add_replace(acl_index=4294967295, r=r,
- count=len(r), tag="permit 1234")
+ reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r,
+ tag="permit 1234")
self.assertEqual(reply.retval, 0)
# The very first ACL gets #0
self.assertEqual(reply.acl_index, 0)
- rr = self.api_acl_dump(reply.acl_index)
+ rr = self.vapi.acl_dump(reply.acl_index)
self.logger.info("Dumped ACL: " + str(rr))
self.assertEqual(len(rr), 1)
# We should have the same number of ACL entries as we had asked
@@ -582,16 +550,15 @@ class TestACLplugin(VppTestCase):
'dst_ip_addr': '\x00\x00\x00\x00',
'dst_ip_prefix_len': 0})
- reply = self.api_acl_add_replace(acl_index=4294967295, r=r_deny,
- count=len(r_deny),
- tag="deny 1234;permit all")
+ reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r_deny,
+ tag="deny 1234;permit all")
self.assertEqual(reply.retval, 0)
# The second ACL gets #1
self.assertEqual(reply.acl_index, 1)
# Test 2: try to modify a nonexistent ACL
- reply = self.api_acl_add_replace(acl_index=432, r=r, count=len(r),
- tag="FFFF:FFFF", expected_retval=-1)
+ reply = self.vapi.acl_add_replace(acl_index=432, r=r,
+ tag="FFFF:FFFF", expected_retval=-1)
self.assertEqual(reply.retval, -1)
# The ACL number should pass through
self.assertEqual(reply.acl_index, 432)
@@ -881,9 +848,8 @@ class TestACLplugin(VppTestCase):
for i in range(len(r)):
rules.append(self.create_rule(r[i][0], r[i][1], r[i][2], r[i][3]))
- reply = self.api_acl_add_replace(acl_index=4294967295, r=rules,
- count=len(rules))
- result = self.api_acl_dump(reply.acl_index)
+ reply = self.vapi.acl_add_replace(acl_index=4294967295, r=rules)
+ result = self.vapi.acl_dump(reply.acl_index)
i = 0
for drules in result:
diff --git a/test/test_acl_plugin_conns.py b/test/test_acl_plugin_conns.py
index 0d4aa09d5eb..43e8b69f930 100644
--- a/test/test_acl_plugin_conns.py
+++ b/test/test_acl_plugin_conns.py
@@ -79,30 +79,30 @@ class Conn(L4_Conn):
r = []
r.append(pkt.to_acl_rule(2, wildcard_sport=True))
r.append(self.wildcard_rule(0))
- res = self.testcase.api_acl_add_replace(0xffffffff, r)
+ res = self.testcase.vapi.acl_add_replace(0xffffffff, r)
self.testcase.assert_equal(res.retval, 0, "error adding ACL")
reflect_acl_index = res.acl_index
r = []
r.append(self.wildcard_rule(0))
- res = self.testcase.api_acl_add_replace(0xffffffff, r)
+ res = self.testcase.vapi.acl_add_replace(0xffffffff, r)
self.testcase.assert_equal(res.retval, 0, "error adding deny ACL")
deny_acl_index = res.acl_index
if reflect_side == acl_side:
- self.testcase.api_acl_interface_set_acl_list(
- self.ifs[acl_side].sw_if_index, 2, 1,
+ self.testcase.vapi.acl_interface_set_acl_list(
+ self.ifs[acl_side].sw_if_index, 1,
[reflect_acl_index,
deny_acl_index])
- self.testcase.api_acl_interface_set_acl_list(
- self.ifs[1-acl_side].sw_if_index, 0, 0, [])
+ self.testcase.vapi.acl_interface_set_acl_list(
+ self.ifs[1-acl_side].sw_if_index, 0, [])
else:
- self.testcase.api_acl_interface_set_acl_list(
- self.ifs[acl_side].sw_if_index, 2, 1,
+ self.testcase.vapi.acl_interface_set_acl_list(
+ self.ifs[acl_side].sw_if_index, 1,
[deny_acl_index,
reflect_acl_index])
- self.testcase.api_acl_interface_set_acl_list(
- self.ifs[1-acl_side].sw_if_index, 0, 0, [])
+ self.testcase.vapi.acl_interface_set_acl_list(
+ self.ifs[1-acl_side].sw_if_index, 0, [])
def wildcard_rule(self, is_permit):
any_addr = ["0.0.0.0", "::"]
@@ -152,38 +152,6 @@ class ACLPluginConnTestCase(VppTestCase):
self.logger.info(self.vapi.cli("show acl-plugin interface"))
self.logger.info(self.vapi.cli("show acl-plugin tables"))
- def api_acl_add_replace(self, acl_index, r, count=-1, tag="",
- expected_retval=0):
- """Add/replace an ACL
-
- :param int acl_index: ACL index to replace, 4294967295 to create new.
- :param acl_rule r: ACL rules array.
- :param str tag: symbolic tag (description) for this ACL.
- :param int count: number of rules.
- """
- if (count < 0):
- count = len(r)
- return self.vapi.api(self.vapi.papi.acl_add_replace,
- {'acl_index': acl_index,
- 'r': r,
- 'count': count,
- 'tag': tag
- }, expected_retval=expected_retval)
-
- def api_acl_interface_set_acl_list(self, sw_if_index, count, n_input, acls,
- expected_retval=0):
- return self.vapi.api(self.vapi.papi.acl_interface_set_acl_list,
- {'sw_if_index': sw_if_index,
- 'count': count,
- 'n_input': n_input,
- 'acls': acls
- }, expected_retval=expected_retval)
-
- def api_acl_dump(self, acl_index, expected_retval=0):
- return self.vapi.api(self.vapi.papi.acl_dump,
- {'acl_index': acl_index},
- expected_retval=expected_retval)
-
def run_basic_conn_test(self, af, acl_side):
""" Basic conn timeout test """
conn1 = Conn(self, self.pg0, self.pg1, af, UDP, 42001, 4242)
diff --git a/test/test_acl_plugin_l2l3.py b/test/test_acl_plugin_l2l3.py
index f383a482019..04f91cfca5a 100644
--- a/test/test_acl_plugin_l2l3.py
+++ b/test/test_acl_plugin_l2l3.py
@@ -119,36 +119,6 @@ class TestIpIrb(VppTestCase):
self.logger.info(self.vapi.cli("show acl-plugin interface"))
self.logger.info(self.vapi.cli("show acl-plugin tables"))
- def api_acl_add_replace(self, acl_index, r, count, tag="",
- expected_retval=0):
- """Add/replace an ACL
-
- :param int acl_index: ACL index to replace, 4294967295 to create new.
- :param acl_rule r: ACL rules array.
- :param str tag: symbolic tag (description) for this ACL.
- :param int count: number of rules.
- """
- return self.vapi.api(self.vapi.papi.acl_add_replace,
- {'acl_index': acl_index,
- 'r': r,
- 'count': count,
- 'tag': tag
- }, expected_retval=expected_retval)
-
- def api_acl_interface_set_acl_list(self, sw_if_index, count, n_input, acls,
- expected_retval=0):
- return self.vapi.api(self.vapi.papi.acl_interface_set_acl_list,
- {'sw_if_index': sw_if_index,
- 'count': count,
- 'n_input': n_input,
- 'acls': acls
- }, expected_retval=expected_retval)
-
- def api_acl_dump(self, acl_index, expected_retval=0):
- return self.vapi.api(self.vapi.papi.acl_dump,
- {'acl_index': acl_index},
- expected_retval=expected_retval)
-
def create_stream(self, src_ip_if, dst_ip_if, reverse, packet_sizes,
is_ip6, expect_blocked, expect_established,
add_extension_header):
@@ -367,11 +337,11 @@ class TestIpIrb(VppTestCase):
r_permit = stream_dict['permit_rules']
r_permit_reflect = stream_dict['permit_and_reflect_rules']
r_action = r_permit_reflect if is_reflect else r
- reply = self.api_acl_add_replace(acl_index=4294967295, r=r_action,
- count=len(r_action), tag="action acl")
+ reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r_action,
+ tag="act. acl")
action_acl_index = reply.acl_index
- reply = self.api_acl_add_replace(acl_index=4294967295, r=r_permit,
- count=len(r_permit), tag="permit acl")
+ reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r_permit,
+ tag="perm. acl")
permit_acl_index = reply.acl_index
return {'L2': action_acl_index if test_l2_action else permit_acl_index,
'L3': permit_acl_index if test_l2_action else action_acl_index,
@@ -392,18 +362,15 @@ class TestIpIrb(VppTestCase):
is_reflect)
n_input_l3 = 0 if bridged_to_routed else 1
n_input_l2 = 1 if bridged_to_routed else 0
- self.api_acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
- count=1,
- n_input=n_input_l3,
- acls=[acl_idx['L3']])
- self.api_acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
- count=1,
- n_input=n_input_l2,
- acls=[acl_idx['L2']])
- self.api_acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
- count=1,
- n_input=n_input_l2,
- acls=[acl_idx['L2']])
+ self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
+ n_input=n_input_l3,
+ acls=[acl_idx['L3']])
+ self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
+ n_input=n_input_l2,
+ acls=[acl_idx['L2']])
+ self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
+ n_input=n_input_l2,
+ acls=[acl_idx['L2']])
def apply_acl_ip46_both_directions_reflect(self,
primary_is_bridged_to_routed,
@@ -445,21 +412,18 @@ class TestIpIrb(VppTestCase):
else:
outbound_l3_acl = acl_idx_rev['L3']
- self.api_acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
- count=2,
- n_input=1,
- acls=[inbound_l3_acl,
- outbound_l3_acl])
- self.api_acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
- count=2,
- n_input=1,
- acls=[inbound_l2_acl,
- outbound_l2_acl])
- self.api_acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
- count=2,
- n_input=1,
- acls=[inbound_l2_acl,
- outbound_l2_acl])
+ self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
+ n_input=1,
+ acls=[inbound_l3_acl,
+ outbound_l3_acl])
+ self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
+ n_input=1,
+ acls=[inbound_l2_acl,
+ outbound_l2_acl])
+ self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
+ n_input=1,
+ acls=[inbound_l2_acl,
+ outbound_l2_acl])
def apply_acl_ip46_routed_to_bridged(self, test_l2_deny, is_ip6,
is_reflect, add_eh):
diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py
index 71e7aea11f3..97f201d33a2 100644
--- a/test/vpp_papi_provider.py
+++ b/test/vpp_papi_provider.py
@@ -2278,6 +2278,35 @@ class VppPapiProvider(object):
'traffic_type': traffic_type
})
+ def acl_add_replace(self, acl_index, r, tag='',
+ expected_retval=0):
+ """Add/replace an ACL
+ :param int acl_index: ACL index to replace, 2^32-1 to create new ACL.
+ :param acl_rule r: ACL rules array.
+ :param str tag: symbolic tag (description) for this ACL.
+ :param int count: number of rules.
+ """
+ return self.api(self.papi.acl_add_replace,
+ {'acl_index': acl_index,
+ 'r': r,
+ 'count': len(r),
+ 'tag': tag},
+ expected_retval=expected_retval)
+
+ def acl_interface_set_acl_list(self, sw_if_index, n_input, acls,
+ expected_retval=0):
+ return self.api(self.papi.acl_interface_set_acl_list,
+ {'sw_if_index': sw_if_index,
+ 'count': len(acls),
+ 'n_input': n_input,
+ 'acls': acls},
+ expected_retval=expected_retval)
+
+ def acl_dump(self, acl_index, expected_retval=0):
+ return self.api(self.papi.acl_dump,
+ {'acl_index': acl_index},
+ expected_retval=expected_retval)
+
def macip_acl_add(self, rules, tag=""):
""" Add MACIP acl