summaryrefslogtreecommitdiffstats
path: root/test/test_acl_plugin_macip.py
diff options
context:
space:
mode:
Diffstat (limited to 'test/test_acl_plugin_macip.py')
-rw-r--r--test/test_acl_plugin_macip.py1295
1 files changed, 0 insertions, 1295 deletions
diff --git a/test/test_acl_plugin_macip.py b/test/test_acl_plugin_macip.py
deleted file mode 100644
index 41735251792..00000000000
--- a/test/test_acl_plugin_macip.py
+++ /dev/null
@@ -1,1295 +0,0 @@
-#!/usr/bin/env python
-from __future__ import print_function
-"""ACL plugin - MACIP tests
-"""
-import binascii
-import ipaddress
-import random
-from socket import inet_ntop, inet_pton, AF_INET, AF_INET6
-from struct import pack, unpack
-import re
-import unittest
-
-import scapy.compat
-from scapy.packet import Raw
-from scapy.layers.l2 import Ether
-from scapy.layers.inet import IP, UDP
-from scapy.layers.inet6 import IPv6
-
-from framework import VppTestCase, VppTestRunner, running_extended_tests
-from vpp_lo_interface import VppLoInterface
-from vpp_l2 import L2_PORT_TYPE
-from vpp_sub_interface import L2_VTR_OP, VppSubInterface, VppDot1QSubint, \
- VppDot1ADSubint
-
-
-class MethodHolder(VppTestCase):
- DEBUG = False
-
- BRIDGED = True
- ROUTED = False
-
- IS_IP4 = False
- IS_IP6 = True
-
- DOT1AD = "dot1ad"
- DOT1Q = "dot1q"
- PERMIT_TAGS = True
- DENY_TAGS = False
-
- # rule types
- DENY = 0
- PERMIT = 1
-
- # ACL types
- EXACT_IP = 1
- SUBNET_IP = 2
- WILD_IP = 3
-
- EXACT_MAC = 1
- WILD_MAC = 2
- OUI_MAC = 3
-
- ACLS = []
-
- @classmethod
- def setUpClass(cls):
- """
- Perform standard class setup (defined by class method setUpClass in
- class VppTestCase) before running the test case, set test case related
- variables and configure VPP.
- """
- super(MethodHolder, cls).setUpClass()
-
- cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes
- cls.bd_id = 111
- cls.remote_hosts_count = 200
-
- try:
- # create 4 pg interfaces, 1 loopback interface
- cls.create_pg_interfaces(range(4))
- cls.create_loopback_interfaces(1)
-
- # create 2 subinterfaces
- cls.subifs = [
- VppDot1QSubint(cls, cls.pg1, 10),
- VppDot1ADSubint(cls, cls.pg2, 20, 300, 400),
- VppDot1QSubint(cls, cls.pg3, 30),
- VppDot1ADSubint(cls, cls.pg3, 40, 600, 700)]
-
- cls.subifs[0].set_vtr(L2_VTR_OP.L2_POP_1,
- inner=10, push1q=1)
- cls.subifs[1].set_vtr(L2_VTR_OP.L2_POP_2,
- outer=300, inner=400, push1q=1)
- cls.subifs[2].set_vtr(L2_VTR_OP.L2_POP_1,
- inner=30, push1q=1)
- cls.subifs[3].set_vtr(L2_VTR_OP.L2_POP_2,
- outer=600, inner=700, push1q=1)
-
- cls.interfaces = list(cls.pg_interfaces)
- cls.interfaces.extend(cls.lo_interfaces)
- cls.interfaces.extend(cls.subifs)
-
- for i in cls.interfaces:
- i.admin_up()
-
- # Create BD with MAC learning enabled and put interfaces to this BD
- cls.vapi.sw_interface_set_l2_bridge(
- rx_sw_if_index=cls.loop0.sw_if_index, bd_id=cls.bd_id,
- port_type=L2_PORT_TYPE.BVI)
- cls.vapi.sw_interface_set_l2_bridge(
- rx_sw_if_index=cls.pg0.sw_if_index, bd_id=cls.bd_id)
- cls.vapi.sw_interface_set_l2_bridge(
- rx_sw_if_index=cls.pg1.sw_if_index, bd_id=cls.bd_id)
- cls.vapi.sw_interface_set_l2_bridge(
- rx_sw_if_index=cls.subifs[0].sw_if_index, bd_id=cls.bd_id)
- cls.vapi.sw_interface_set_l2_bridge(
- rx_sw_if_index=cls.subifs[1].sw_if_index, bd_id=cls.bd_id)
-
- # Configure IPv4/6 addresses on loop interface and routed interface
- cls.loop0.config_ip4()
- cls.loop0.config_ip6()
- cls.pg2.config_ip4()
- cls.pg2.config_ip6()
- cls.pg3.config_ip4()
- cls.pg3.config_ip6()
-
- # Configure MAC address binding to IPv4 neighbors on loop0
- cls.loop0.generate_remote_hosts(cls.remote_hosts_count)
- # Modify host mac addresses to have different OUI parts
- for i in range(2, cls.remote_hosts_count + 2):
- mac = cls.loop0.remote_hosts[i-2]._mac.split(':')
- mac[2] = format(int(mac[2], 16) + i, "02x")
- cls.loop0.remote_hosts[i - 2]._mac = ":".join(mac)
-
- cls.loop0.configure_ipv4_neighbors()
- cls.loop0.configure_ipv6_neighbors()
-
- # configure MAC address on pg3
- cls.pg3.resolve_arp()
- cls.pg3.resolve_ndp()
-
- # configure MAC address on subifs
- for i in cls.subifs:
- i.config_ip4()
- i.resolve_arp()
- i.config_ip6()
-
- # configure MAC address on pg2
- cls.pg2.resolve_arp()
- cls.pg2.resolve_ndp()
-
- # Loopback BVI interface has remote hosts
- # one half of hosts are behind pg0 second behind pg1,pg2,pg3 subifs
- cls.pg0.remote_hosts = cls.loop0.remote_hosts[:100]
- cls.subifs[0].remote_hosts = cls.loop0.remote_hosts[100:125]
- cls.subifs[1].remote_hosts = cls.loop0.remote_hosts[125:150]
- cls.subifs[2].remote_hosts = cls.loop0.remote_hosts[150:175]
- cls.subifs[3].remote_hosts = cls.loop0.remote_hosts[175:]
-
- except Exception:
- super(MethodHolder, cls).tearDownClass()
- raise
-
- @classmethod
- def tearDownClass(cls):
- super(MethodHolder, cls).tearDownClass()
-
- def setUp(self):
- super(MethodHolder, self).setUp()
- self.reset_packet_infos()
- del self.ACLS[:]
-
- def tearDown(self):
- super(MethodHolder, self).tearDown()
- self.delete_acls()
-
- def show_commands_at_teardown(self):
- self.logger.info(self.vapi.ppcli("show interface address"))
- self.logger.info(self.vapi.ppcli("show hardware"))
- self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl"))
- self.logger.info(self.vapi.ppcli("sh acl-plugin macip interface"))
- self.logger.info(self.vapi.ppcli("sh classify tables verbose"))
- self.logger.info(self.vapi.ppcli("sh acl-plugin acl"))
- self.logger.info(self.vapi.ppcli("sh acl-plugin interface"))
- self.logger.info(self.vapi.ppcli("sh acl-plugin tables"))
- # print(self.vapi.ppcli("show interface address"))
- # print(self.vapi.ppcli("show hardware"))
- # print(self.vapi.ppcli("sh acl-plugin macip interface"))
- # print(self.vapi.ppcli("sh acl-plugin macip acl"))
-
- def macip_acl_dump_debug(self):
- acls = self.vapi.macip_acl_dump()
- if self.DEBUG:
- for acl in acls:
- print("ACL #"+str(acl.acl_index))
- for r in acl.r:
- rule = "ACTION"
- if r.is_permit == 1:
- rule = "PERMIT"
- elif r.is_permit == 0:
- rule = "DENY "
- print(" IP6" if r.is_ipv6 else " IP4",
- rule,
- binascii.hexlify(r.src_mac),
- binascii.hexlify(r.src_mac_mask),
- unpack('<16B', r.src_ip_addr),
- r.src_ip_prefix_len)
- return acls
-
- def create_rules(self, mac_type=EXACT_MAC, ip_type=EXACT_IP,
- acl_count=1, rules_count=None):
- acls = []
- if rules_count is None:
- rules_count = [1]
- src_mac = int("220000dead00", 16)
- for acl in range(2, (acl_count+1) * 2):
- rules = []
- host = random.choice(self.loop0.remote_hosts)
- is_ip6 = acl % 2
- ip4 = host.ip4.split('.')
- ip6 = list(unpack('<16B', inet_pton(AF_INET6, host.ip6)))
-
- if ip_type == self.EXACT_IP:
- prefix_len4 = 32
- prefix_len6 = 128
- elif ip_type == self.WILD_IP:
- ip4 = [0, 0, 0, 0]
- ip6 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
- prefix_len4 = 0
- prefix_len6 = 0
- rules_count[(acl / 2) - 1] = 1
- else:
- prefix_len4 = 24
- prefix_len6 = 64
-
- if mac_type == self.EXACT_MAC:
- mask = "ff:ff:ff:ff:ff:ff"
- elif mac_type == self.WILD_MAC:
- mask = "00:00:00:00:00:00"
- elif mac_type == self.OUI_MAC:
- mask = "ff:ff:ff:00:00:00"
- else:
- mask = "ff:ff:ff:ff:ff:00"
-
- ip = ip6 if is_ip6 else ip4
- ip_len = prefix_len6 if is_ip6 else prefix_len4
-
- for i in range(0, rules_count[(acl / 2) - 1]):
- src_mac += 16777217
- if mac_type == self.WILD_MAC:
- mac = "00:00:00:00:00:00"
- elif mac_type == self.OUI_MAC:
- mac = ':'.join(re.findall('..', '{:02x}'.format(
- src_mac))[:3])+":00:00:00"
- else:
- mac = ':'.join(re.findall(
- '..', '{:02x}'.format(src_mac)))
-
- if ip_type == self.EXACT_IP:
- ip4[3] = random.randint(100, 200)
- ip6[15] = random.randint(100, 200)
- elif ip_type == self.SUBNET_IP:
- ip4[2] = random.randint(100, 200)
- ip4[3] = 0
- ip6[8] = random.randint(100, 200)
- ip6[15] = 0
- ip_pack = b''
- for j in range(0, len(ip)):
- ip_pack += pack('<B', int(ip[j]))
-
- rule = ({'is_permit': self.PERMIT,
- 'is_ipv6': is_ip6,
- 'src_ip_addr': ip_pack,
- 'src_ip_prefix_len': ip_len,
- 'src_mac': binascii.unhexlify(mac.replace(':', '')),
- 'src_mac_mask': binascii.unhexlify(
- mask.replace(':', ''))})
- rules.append(rule)
- if ip_type == self.WILD_IP:
- break
-
- acls.append(rules)
- src_mac += 1099511627776
- return acls
-
- def apply_macip_rules(self, acls):
- for acl in acls:
- reply = self.vapi.macip_acl_add(acl)
- self.assertEqual(reply.retval, 0)
- self.ACLS.append(reply.acl_index)
-
- def verify_macip_acls(self, acl_count, rules_count, expected_count=2):
- reply = self.macip_acl_dump_debug()
- for acl in range(2, (acl_count+1) * 2):
- self.assertEqual(reply[acl - 2].count, rules_count[acl//2-1])
-
- self.vapi.macip_acl_interface_get()
-
- self.vapi.macip_acl_interface_add_del(sw_if_index=0, acl_index=0)
- self.vapi.macip_acl_interface_add_del(sw_if_index=1, acl_index=1)
-
- reply = self.vapi.macip_acl_interface_get()
- self.assertEqual(reply.count, expected_count)
-
- def delete_acls(self):
- for acl in range(len(self.ACLS)-1, -1, -1):
- self.vapi.macip_acl_del(self.ACLS[acl])
-
- reply = self.vapi.macip_acl_dump()
- self.assertEqual(len(reply), 0)
-
- intf_acls = self.vapi.acl_interface_list_dump()
- for i_a in intf_acls:
- sw_if_index = i_a.sw_if_index
- for acl_index in i_a.acls:
- self.vapi.acl_interface_add_del(sw_if_index, acl_index, 0)
- self.vapi.acl_del(acl_index)
-
- def create_stream(self, mac_type, ip_type, packet_count,
- src_if, dst_if, traffic, is_ip6, tags=PERMIT_TAGS):
- # exact MAC and exact IP
- # exact MAC and subnet of IPs
- # exact MAC and wildcard IP
- # wildcard MAC and exact IP
- # wildcard MAC and subnet of IPs
- # wildcard MAC and wildcard IP
- # OUI restricted MAC and exact IP
- # OUI restricted MAC and subnet of IPs
- # OUI restricted MAC and wildcard IP
-
- packets = []
- macip_rules = []
- acl_rules = []
- ip_permit = ""
- mac_permit = ""
- dst_mac = ""
- mac_rule = "00:00:00:00:00:00"
- mac_mask = "00:00:00:00:00:00"
- for p in range(0, packet_count):
- remote_dst_index = p % len(dst_if.remote_hosts)
- remote_dst_host = dst_if.remote_hosts[remote_dst_index]
-
- dst_port = 1234 + p
- src_port = 4321 + p
- is_permit = self.PERMIT if p % 3 == 0 else self.DENY
- denyMAC = True if not is_permit and p % 3 == 1 else False
- denyIP = True if not is_permit and p % 3 == 2 else False
- if not is_permit and ip_type == self.WILD_IP:
- denyMAC = True
- if not is_permit and mac_type == self.WILD_MAC:
- denyIP = True
-
- if traffic == self.BRIDGED:
- if is_permit:
- src_mac = remote_dst_host._mac
- dst_mac = 'de:ad:00:00:00:00'
- src_ip4 = remote_dst_host.ip4
- dst_ip4 = src_if.remote_ip4
- src_ip6 = remote_dst_host.ip6
- dst_ip6 = src_if.remote_ip6
- ip_permit = src_ip6 if is_ip6 else src_ip4
- mac_permit = src_mac
- if denyMAC:
- mac = src_mac.split(':')
- mac[0] = format(int(mac[0], 16)+1, "02x")
- src_mac = ":".join(mac)
- if is_ip6:
- src_ip6 = ip_permit
- else:
- src_ip4 = ip_permit
- if denyIP:
- if ip_type != self.WILD_IP:
- src_mac = mac_permit
- src_ip4 = remote_dst_host.ip4
- dst_ip4 = src_if.remote_ip4
- src_ip6 = remote_dst_host.ip6
- dst_ip6 = src_if.remote_ip6
- else:
- if is_permit:
- src_mac = remote_dst_host._mac
- dst_mac = src_if.local_mac
- src_ip4 = src_if.remote_ip4
- dst_ip4 = remote_dst_host.ip4
- src_ip6 = src_if.remote_ip6
- dst_ip6 = remote_dst_host.ip6
- ip_permit = src_ip6 if is_ip6 else src_ip4
- mac_permit = src_mac
- if denyMAC:
- mac = src_mac.split(':')
- mac[0] = format(int(mac[0], 16) + 1, "02x")
- src_mac = ":".join(mac)
- if is_ip6:
- src_ip6 = ip_permit
- else:
- src_ip4 = ip_permit
- if denyIP:
- src_mac = remote_dst_host._mac
- if ip_type != self.WILD_IP:
- src_mac = mac_permit
- src_ip4 = remote_dst_host.ip4
- dst_ip4 = src_if.remote_ip4
- src_ip6 = remote_dst_host.ip6
- dst_ip6 = src_if.remote_ip6
-
- if is_permit:
- info = self.create_packet_info(src_if, dst_if)
- payload = self.info_to_payload(info)
- else:
- payload = "to be blocked"
-
- if mac_type == self.WILD_MAC:
- mac = src_mac.split(':')
- for i in range(1, 5):
- mac[i] = format(random.randint(0, 255), "02x")
- src_mac = ":".join(mac)
-
- # create packet
- packet = Ether(src=src_mac, dst=dst_mac)
- ip_rule = src_ip6 if is_ip6 else src_ip4
- if is_ip6:
- if ip_type != self.EXACT_IP:
- sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip_rule)))
- if ip_type == self.WILD_IP:
- sub_ip[0] = random.randint(240, 254)
- sub_ip[1] = random.randint(230, 239)
- sub_ip[14] = random.randint(100, 199)
- sub_ip[15] = random.randint(200, 255)
- elif ip_type == self.SUBNET_IP:
- if denyIP:
- sub_ip[2] = int(sub_ip[2]) + 1
- sub_ip[14] = random.randint(100, 199)
- sub_ip[15] = random.randint(200, 255)
- packed_src_ip6 = b''.join(
- [scapy.compat.chb(x) for x in sub_ip])
- src_ip6 = inet_ntop(AF_INET6, packed_src_ip6)
- packet /= IPv6(src=src_ip6, dst=dst_ip6)
- else:
- if ip_type != self.EXACT_IP:
- sub_ip = ip_rule.split('.')
- if ip_type == self.WILD_IP:
- sub_ip[0] = random.randint(1, 49)
- sub_ip[1] = random.randint(50, 99)
- sub_ip[2] = random.randint(100, 199)
- sub_ip[3] = random.randint(200, 255)
- elif ip_type == self.SUBNET_IP:
- if denyIP:
- sub_ip[1] = int(sub_ip[1])+1
- sub_ip[2] = random.randint(100, 199)
- sub_ip[3] = random.randint(200, 255)
- src_ip4 = '.'.join(['{!s}'.format(x) for x in sub_ip])
- packet /= IP(src=src_ip4, dst=dst_ip4, frag=0, flags=0)
-
- packet /= UDP(sport=src_port, dport=dst_port)/Raw(payload)
-
- packet[Raw].load += b" mac:%s" % scapy.compat.raw(src_mac)
-
- size = self.pg_if_packet_sizes[p % len(self.pg_if_packet_sizes)]
- if isinstance(src_if, VppSubInterface):
- size = size + 4
- if isinstance(src_if, VppDot1QSubint):
- if src_if is self.subifs[0]:
- if tags == self.PERMIT_TAGS:
- packet = src_if.add_dot1q_layer(packet, 10)
- else:
- packet = src_if.add_dot1q_layer(packet, 11)
- else:
- if tags == self.PERMIT_TAGS:
- packet = src_if.add_dot1q_layer(packet, 30)
- else:
- packet = src_if.add_dot1q_layer(packet, 33)
- elif isinstance(src_if, VppDot1ADSubint):
- if src_if is self.subifs[1]:
- if tags == self.PERMIT_TAGS:
- packet = src_if.add_dot1ad_layer(packet, 300, 400)
- else:
- packet = src_if.add_dot1ad_layer(packet, 333, 444)
- else:
- if tags == self.PERMIT_TAGS:
- packet = src_if.add_dot1ad_layer(packet, 600, 700)
- else:
- packet = src_if.add_dot1ad_layer(packet, 666, 777)
- self.extend_packet(packet, size)
- packets.append(packet)
-
- # create suitable MACIP rule
- if mac_type == self.EXACT_MAC:
- mac_rule = src_mac
- mac_mask = "ff:ff:ff:ff:ff:ff"
- elif mac_type == self.WILD_MAC:
- mac_rule = "00:00:00:00:00:00"
- mac_mask = "00:00:00:00:00:00"
- elif mac_type == self.OUI_MAC:
- mac = src_mac.split(':')
- mac[3] = mac[4] = mac[5] = '00'
- mac_rule = ":".join(mac)
- mac_mask = "ff:ff:ff:00:00:00"
-
- if is_ip6:
- if ip_type == self.WILD_IP:
- ip = "0::0"
- else:
- ip = src_ip6
- if ip_type == self.SUBNET_IP:
- sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip)))
- for i in range(8, 16):
- sub_ip[i] = 0
- packed_ip = b''.join(
- [scapy.compat.chb(x) for x in sub_ip])
- ip = inet_ntop(AF_INET6, packed_ip)
- else:
- if ip_type == self.WILD_IP:
- ip = "0.0.0.0"
- else:
- ip = src_ip4
- if ip_type == self.SUBNET_IP:
- sub_ip = ip.split('.')
- sub_ip[2] = sub_ip[3] = '0'
- ip = ".".join(sub_ip)
-
- prefix_len = 128 if is_ip6 else 32
- if ip_type == self.WILD_IP:
- prefix_len = 0
- elif ip_type == self.SUBNET_IP:
- prefix_len = 64 if is_ip6 else 16
- ip_rule = inet_pton(AF_INET6 if is_ip6 else AF_INET, ip)
-
- # create suitable ACL rule
- if is_permit:
- rule_l4_sport = packet[UDP].sport
- rule_l4_dport = packet[UDP].dport
- rule_family = AF_INET6 if packet.haslayer(IPv6) else AF_INET
- rule_prefix_len = 128 if packet.haslayer(IPv6) else 32
- rule_l3_layer = IPv6 if packet.haslayer(IPv6) else IP
- if packet.haslayer(IPv6):
- rule_l4_proto = packet[UDP].overload_fields[IPv6]['nh']
- else:
- rule_l4_proto = packet[IP].proto
-
- acl_rule = {
- 'is_permit': is_permit,
- 'is_ipv6': is_ip6,
- 'src_ip_addr': inet_pton(rule_family,
- packet[rule_l3_layer].src),
- 'src_ip_prefix_len': rule_prefix_len,
- 'dst_ip_addr': inet_pton(rule_family,
- packet[rule_l3_layer].dst),
- 'dst_ip_prefix_len': rule_prefix_len,
- 'srcport_or_icmptype_first': rule_l4_sport,
- 'srcport_or_icmptype_last': rule_l4_sport,
- 'dstport_or_icmpcode_first': rule_l4_dport,
- 'dstport_or_icmpcode_last': rule_l4_dport,
- 'proto': rule_l4_proto}
- acl_rules.append(acl_rule)
-
- if mac_type == self.WILD_MAC and ip_type == self.WILD_IP and p > 0:
- continue
-
- if is_permit:
- macip_rule = ({
- 'is_permit': is_permit,
- 'is_ipv6': is_ip6,
- 'src_ip_addr': ip_rule,
- 'src_ip_prefix_len': prefix_len,
- 'src_mac': binascii.unhexlify(mac_rule.replace(':', '')),
- 'src_mac_mask': binascii.unhexlify(
- mac_mask.replace(':', ''))})
- macip_rules.append(macip_rule)
-
- # deny all other packets
- if not (mac_type == self.WILD_MAC and ip_type == self.WILD_IP):
- macip_rule = ({'is_permit': 0,
- 'is_ipv6': is_ip6,
- 'src_ip_addr': "",
- 'src_ip_prefix_len': 0,
- 'src_mac': "",
- 'src_mac_mask': ""})
- macip_rules.append(macip_rule)
-
- acl_rule = {'is_permit': 0,
- 'is_ipv6': is_ip6}
- acl_rules.append(acl_rule)
- return {'stream': packets,
- 'macip_rules': macip_rules,
- 'acl_rules': acl_rules}
-
- def verify_capture(self, stream, capture, is_ip6):
- """
- :param stream:
- :param capture:
- :param is_ip6:
- :return:
- """
- # p_l3 = IPv6 if is_ip6 else IP
- # if self.DEBUG:
- # for p in stream:
- # print(p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst)
- #
- # acls = self.macip_acl_dump_debug()
-
- # TODO : verify
- # for acl in acls:
- # for r in acl.r:
- # print(binascii.hexlify(r.src_mac), \
- # binascii.hexlify(r.src_mac_mask),\
- # unpack('<16B', r.src_ip_addr), \
- # r.src_ip_prefix_len)
- #
- # for p in capture:
- # print(p[Ether].src, p[Ether].dst, p[p_l3].src, p[p_l3].dst
- # data = p[Raw].load.split(':',1)[1])
- # print(p[p_l3].src, data)
-
- def run_traffic(self, mac_type, ip_type, traffic, is_ip6, packets,
- do_not_expected_capture=False, tags=None,
- apply_rules=True, isMACIP=True, permit_tags=PERMIT_TAGS,
- try_replace=False):
- self.reset_packet_infos()
-
- if tags is None:
- tx_if = self.pg0 if traffic == self.BRIDGED else self.pg3
- rx_if = self.pg3 if traffic == self.BRIDGED else self.pg0
- src_if = self.pg3
- dst_if = self.loop0
- else:
- if tags == self.DOT1Q:
- if traffic == self.BRIDGED:
- tx_if = self.subifs[0]
- rx_if = self.pg0
- src_if = self.subifs[0]
- dst_if = self.loop0
- else:
- tx_if = self.subifs[2]
- rx_if = self.pg0
- src_if = self.subifs[2]
- dst_if = self.loop0
- elif tags == self.DOT1AD:
- if traffic == self.BRIDGED:
- tx_if = self.subifs[1]
- rx_if = self.pg0
- src_if = self.subifs[1]
- dst_if = self.loop0
- else:
- tx_if = self.subifs[3]
- rx_if = self.pg0
- src_if = self.subifs[3]
- dst_if = self.loop0
- else:
- return
-
- test_dict = self.create_stream(mac_type, ip_type, packets,
- src_if, dst_if,
- traffic, is_ip6,
- tags=permit_tags)
-
- if apply_rules:
- if isMACIP:
- reply = self.vapi.macip_acl_add(test_dict['macip_rules'])
- else:
- reply = self.vapi.acl_add_replace(acl_index=4294967295,
- r=test_dict['acl_rules'])
- self.assertEqual(reply.retval, 0)
- acl_index = reply.acl_index
-
- if isMACIP:
- self.vapi.macip_acl_interface_add_del(
- sw_if_index=tx_if.sw_if_index,
- acl_index=acl_index)
- reply = self.vapi.macip_acl_interface_get()
- self.assertEqual(reply.acls[tx_if.sw_if_index], acl_index)
- self.ACLS.append(reply.acls[tx_if.sw_if_index])
- else:
- self.vapi.acl_interface_add_del(
- sw_if_index=tx_if.sw_if_index, acl_index=acl_index)
- else:
- self.vapi.macip_acl_interface_add_del(
- sw_if_index=tx_if.sw_if_index,
- acl_index=0)
- if try_replace:
- if isMACIP:
- reply = self.vapi.macip_acl_add_replace(
- test_dict['macip_rules'],
- acl_index)
- else:
- reply = self.vapi.acl_add_replace(acl_index=acl_index,
- r=test_dict['acl_rules'])
- self.assertEqual(reply.retval, 0)
-
- if not isinstance(src_if, VppSubInterface):
- tx_if.add_stream(test_dict['stream'])
- else:
- tx_if.parent.add_stream(test_dict['stream'])
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
-
- if do_not_expected_capture:
- rx_if.get_capture(0)
- else:
- if traffic == self.BRIDGED and mac_type == self.WILD_MAC and \
- ip_type == self.WILD_IP:
- capture = rx_if.get_capture(packets)
- else:
- capture = rx_if.get_capture(
- self.get_packet_count_for_if_idx(dst_if.sw_if_index))
- self.verify_capture(test_dict['stream'], capture, is_ip6)
- if not isMACIP:
- self.vapi.acl_interface_add_del(sw_if_index=tx_if.sw_if_index,
- acl_index=acl_index, is_add=0)
- self.vapi.acl_del(acl_index)
-
- def run_test_acls(self, mac_type, ip_type, acl_count,
- rules_count, traffic=None, ip=None):
- self.apply_macip_rules(self.create_rules(mac_type, ip_type, acl_count,
- rules_count))
- self.verify_macip_acls(acl_count, rules_count)
-
- if traffic is not None:
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP, traffic, ip, 9)
-
-
-class TestMACIP_IP4(MethodHolder):
- """MACIP with IP4 traffic"""
-
- @classmethod
- def setUpClass(cls):
- super(TestMACIP_IP4, cls).setUpClass()
-
- @classmethod
- def tearDownClass(cls):
- super(TestMACIP_IP4, cls).tearDownClass()
-
- def test_acl_bridged_ip4_exactMAC_exactIP(self):
- """ IP4 MACIP exactMAC|exactIP ACL bridged traffic
- """
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
- self.BRIDGED, self.IS_IP4, 9)
-
- def test_acl_bridged_ip4_exactMAC_subnetIP(self):
- """ IP4 MACIP exactMAC|subnetIP ACL bridged traffic
- """
-
- self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
- self.BRIDGED, self.IS_IP4, 9)
-
- def test_acl_bridged_ip4_exactMAC_wildIP(self):
- """ IP4 MACIP exactMAC|wildIP ACL bridged traffic
- """
-
- self.run_traffic(self.EXACT_MAC, self.WILD_IP,
- self.BRIDGED, self.IS_IP4, 9)
-
- def test_acl_bridged_ip4_ouiMAC_exactIP(self):
- """ IP4 MACIP ouiMAC|exactIP ACL bridged traffic
- """
-
- self.run_traffic(self.OUI_MAC, self.EXACT_IP,
- self.BRIDGED, self.IS_IP4, 3)
-
- def test_acl_bridged_ip4_ouiMAC_subnetIP(self):
- """ IP4 MACIP ouiMAC|subnetIP ACL bridged traffic
- """
-
- self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
- self.BRIDGED, self.IS_IP4, 9)
-
- def test_acl_bridged_ip4_ouiMAC_wildIP(self):
- """ IP4 MACIP ouiMAC|wildIP ACL bridged traffic
- """
-
- self.run_traffic(self.OUI_MAC, self.WILD_IP,
- self.BRIDGED, self.IS_IP4, 9)
-
- def test_ac_bridgedl_ip4_wildMAC_exactIP(self):
- """ IP4 MACIP wildcardMAC|exactIP ACL bridged traffic
- """
-
- self.run_traffic(self.WILD_MAC, self.EXACT_IP,
- self.BRIDGED, self.IS_IP4, 9)
-
- def test_acl_bridged_ip4_wildMAC_subnetIP(self):
- """ IP4 MACIP wildcardMAC|subnetIP ACL bridged traffic
- """
-
- self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
- self.BRIDGED, self.IS_IP4, 9)
-
- def test_acl_bridged_ip4_wildMAC_wildIP(self):
- """ IP4 MACIP wildcardMAC|wildIP ACL bridged traffic
- """
-
- self.run_traffic(self.WILD_MAC, self.WILD_IP,
- self.BRIDGED, self.IS_IP4, 9)
-
- def test_acl_routed_ip4_exactMAC_exactIP(self):
- """ IP4 MACIP exactMAC|exactIP ACL routed traffic
- """
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
- self.ROUTED, self.IS_IP4, 9)
-
- def test_acl_routed_ip4_exactMAC_subnetIP(self):
- """ IP4 MACIP exactMAC|subnetIP ACL routed traffic
- """
- self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
- self.ROUTED, self.IS_IP4, 9)
-
- def test_acl_routed_ip4_exactMAC_wildIP(self):
- """ IP4 MACIP exactMAC|wildIP ACL routed traffic
- """
- self.run_traffic(self.EXACT_MAC, self.WILD_IP,
- self.ROUTED, self.IS_IP4, 9)
-
- def test_acl_routed_ip4_ouiMAC_exactIP(self):
- """ IP4 MACIP ouiMAC|exactIP ACL routed traffic
- """
-
- self.run_traffic(self.OUI_MAC, self.EXACT_IP,
- self.ROUTED, self.IS_IP4, 9)
-
- def test_acl_routed_ip4_ouiMAC_subnetIP(self):
- """ IP4 MACIP ouiMAC|subnetIP ACL routed traffic
- """
-
- self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
- self.ROUTED, self.IS_IP4, 9)
-
- def test_acl_routed_ip4_ouiMAC_wildIP(self):
- """ IP4 MACIP ouiMAC|wildIP ACL routed traffic
- """
-
- self.run_traffic(self.OUI_MAC, self.WILD_IP,
- self.ROUTED, self.IS_IP4, 9)
-
- def test_acl_routed_ip4_wildMAC_exactIP(self):
- """ IP4 MACIP wildcardMAC|exactIP ACL routed traffic
- """
-
- self.run_traffic(self.WILD_MAC, self.EXACT_IP,
- self.ROUTED, self.IS_IP4, 9)
-
- def test_acl_routed_ip4_wildMAC_subnetIP(self):
- """ IP4 MACIP wildcardMAC|subnetIP ACL routed traffic
- """
-
- self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
- self.ROUTED, self.IS_IP4, 9)
-
- def test_acl_routed_ip4_wildMAC_wildIP(self):
- """ IP4 MACIP wildcardMAC|wildIP ACL
- """
-
- self.run_traffic(self.WILD_MAC, self.WILD_IP,
- self.ROUTED, self.IS_IP4, 9)
-
- def test_acl_replace_traffic_ip4(self):
- """ MACIP replace ACL with IP4 traffic
- """
- self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
- self.BRIDGED, self.IS_IP4, 9, try_replace=True)
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
- self.BRIDGED, self.IS_IP4, 9, try_replace=True)
-
-
-class TestMACIP_IP6(MethodHolder):
- """MACIP with IP6 traffic"""
-
- @classmethod
- def setUpClass(cls):
- super(TestMACIP_IP6, cls).setUpClass()
-
- @classmethod
- def tearDownClass(cls):
- super(TestMACIP_IP6, cls).tearDownClass()
-
- def test_acl_bridged_ip6_exactMAC_exactIP(self):
- """ IP6 MACIP exactMAC|exactIP ACL bridged traffic
- """
-
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
- self.BRIDGED, self.IS_IP6, 9)
-
- def test_acl_bridged_ip6_exactMAC_subnetIP(self):
- """ IP6 MACIP exactMAC|subnetIP ACL bridged traffic
- """
-
- self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
- self.BRIDGED, self.IS_IP6, 9)
-
- def test_acl_bridged_ip6_exactMAC_wildIP(self):
- """ IP6 MACIP exactMAC|wildIP ACL bridged traffic
- """
-
- self.run_traffic(self.EXACT_MAC, self.WILD_IP,
- self.BRIDGED, self.IS_IP6, 9)
-
- def test_acl_bridged_ip6_ouiMAC_exactIP(self):
- """ IP6 MACIP oui_MAC|exactIP ACL bridged traffic
- """
-
- self.run_traffic(self.OUI_MAC, self.EXACT_IP,
- self.BRIDGED, self.IS_IP6, 9)
-
- def test_acl_bridged_ip6_ouiMAC_subnetIP(self):
- """ IP6 MACIP ouiMAC|subnetIP ACL bridged traffic
- """
-
- self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
- self.BRIDGED, self.IS_IP6, 9)
-
- def test_acl_bridged_ip6_ouiMAC_wildIP(self):
- """ IP6 MACIP ouiMAC|wildIP ACL bridged traffic
- """
-
- self.run_traffic(self.OUI_MAC, self.WILD_IP,
- self.BRIDGED, self.IS_IP6, 9)
-
- def test_acl_bridged_ip6_wildMAC_exactIP(self):
- """ IP6 MACIP wildcardMAC|exactIP ACL bridged traffic
- """
-
- self.run_traffic(self.WILD_MAC, self.EXACT_IP,
- self.BRIDGED, self.IS_IP6, 9)
-
- def test_acl_bridged_ip6_wildMAC_subnetIP(self):
- """ IP6 MACIP wildcardMAC|subnetIP ACL bridged traffic
- """
-
- self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
- self.BRIDGED, self.IS_IP6, 9)
-
- def test_acl_bridged_ip6_wildMAC_wildIP(self):
- """ IP6 MACIP wildcardMAC|wildIP ACL bridged traffic
- """
-
- self.run_traffic(self.WILD_MAC, self.WILD_IP,
- self.BRIDGED, self.IS_IP6, 9)
-
- def test_acl_routed_ip6_exactMAC_exactIP(self):
- """ IP6 MACIP exactMAC|exactIP ACL routed traffic
- """
-
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
- self.ROUTED, self.IS_IP6, 9)
-
- def test_acl_routed_ip6_exactMAC_subnetIP(self):
- """ IP6 MACIP exactMAC|subnetIP ACL routed traffic
- """
-
- self.run_traffic(self.EXACT_MAC, self.SUBNET_IP,
- self.ROUTED, self.IS_IP6, 9)
-
- def test_acl_routed_ip6_exactMAC_wildIP(self):
- """ IP6 MACIP exactMAC|wildIP ACL routed traffic
- """
-
- self.run_traffic(self.EXACT_MAC, self.WILD_IP,
- self.ROUTED, self.IS_IP6, 9)
-
- def test_acl_routed_ip6_ouiMAC_exactIP(self):
- """ IP6 MACIP ouiMAC|exactIP ACL routed traffic
- """
-
- self.run_traffic(self.OUI_MAC, self.EXACT_IP,
- self.ROUTED, self.IS_IP6, 9)
-
- def test_acl_routed_ip6_ouiMAC_subnetIP(self):
- """ IP6 MACIP ouiMAC|subnetIP ACL routed traffic
- """
-
- self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
- self.ROUTED, self.IS_IP6, 9)
-
- def test_acl_routed_ip6_ouiMAC_wildIP(self):
- """ IP6 MACIP ouiMAC|wildIP ACL routed traffic
- """
-
- self.run_traffic(self.OUI_MAC, self.WILD_IP,
- self.ROUTED, self.IS_IP6, 9)
-
- def test_acl_routed_ip6_wildMAC_exactIP(self):
- """ IP6 MACIP wildcardMAC|exactIP ACL routed traffic
- """
-
- self.run_traffic(self.WILD_MAC, self.EXACT_IP,
- self.ROUTED, self.IS_IP6, 9)
-
- def test_acl_routed_ip6_wildMAC_subnetIP(self):
- """ IP6 MACIP wildcardMAC|subnetIP ACL routed traffic
- """
-
- self.run_traffic(self.WILD_MAC, self.SUBNET_IP,
- self.ROUTED, self.IS_IP6, 9)
-
- def test_acl_routed_ip6_wildMAC_wildIP(self):
- """ IP6 MACIP wildcardMAC|wildIP ACL
- """
-
- self.run_traffic(self.WILD_MAC, self.WILD_IP,
- self.ROUTED, self.IS_IP6, 9)
-
- def test_acl_replace_traffic_ip6(self):
- """ MACIP replace ACL with IP6 traffic
- """
- self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
- self.BRIDGED, self.IS_IP6, 9, try_replace=True)
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
- self.BRIDGED, self.IS_IP6, 9, try_replace=True)
-
-
-class TestMACIP(MethodHolder):
- """MACIP Tests"""
-
- @classmethod
- def setUpClass(cls):
- super(TestMACIP, cls).setUpClass()
-
- @classmethod
- def tearDownClass(cls):
- super(TestMACIP, cls).tearDownClass()
-
- def test_acl_1_2(self):
- """ MACIP ACL with 2 entries
- """
-
- self.run_test_acls(self.EXACT_MAC, self.WILD_IP, 1, [2])
-
- def test_acl_1_5(self):
- """ MACIP ACL with 5 entries
- """
-
- self.run_test_acls(self.EXACT_MAC, self.SUBNET_IP, 1, [5])
-
- def test_acl_1_10(self):
- """ MACIP ACL with 10 entries
- """
-
- self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 1, [10])
-
- def test_acl_1_20(self):
- """ MACIP ACL with 20 entries
- """
-
- self.run_test_acls(self.OUI_MAC, self.WILD_IP, 1, [20])
-
- def test_acl_1_50(self):
- """ MACIP ACL with 50 entries
- """
-
- self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 1, [50])
-
- def test_acl_1_100(self):
- """ MACIP ACL with 100 entries
- """
-
- self.run_test_acls(self.OUI_MAC, self.EXACT_IP, 1, [100])
-
- def test_acl_2_X(self):
- """ MACIP 2 ACLs each with 100+ entries
- """
-
- self.run_test_acls(self.OUI_MAC, self.SUBNET_IP, 2, [100, 200])
-
- def test_acl_10_X(self):
- """ MACIP 10 ACLs each with 100+ entries
- """
-
- self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
- [100, 120, 140, 160, 180, 200, 210, 220, 230, 240])
-
- def test_acl_10_X_traffic_ip4(self):
- """ MACIP 10 ACLs each with 100+ entries with IP4 traffic
- """
-
- self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
- [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
- self.BRIDGED, self.IS_IP4)
-
- def test_acl_10_X_traffic_ip6(self):
- """ MACIP 10 ACLs each with 100+ entries with IP6 traffic
- """
-
- self.run_test_acls(self.EXACT_MAC, self.EXACT_IP, 10,
- [100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
- self.BRIDGED, self.IS_IP6)
-
- def test_acl_replace(self):
- """ MACIP replace ACL
- """
-
- r1 = self.create_rules(acl_count=3, rules_count=[2, 2, 2])
- r2 = self.create_rules(mac_type=self.OUI_MAC, ip_type=self.SUBNET_IP)
- self.apply_macip_rules(r1)
-
- acls_before = self.macip_acl_dump_debug()
-
- # replace acls #2, #3 with new
- reply = self.vapi.macip_acl_add_replace(r2[0], 2)
- self.assertEqual(reply.retval, 0)
- self.assertEqual(reply.acl_index, 2)
- reply = self.vapi.macip_acl_add_replace(r2[1], 3)
- self.assertEqual(reply.retval, 0)
- self.assertEqual(reply.acl_index, 3)
-
- acls_after = self.macip_acl_dump_debug()
-
- # verify changes
- self.assertEqual(len(acls_before), len(acls_after))
- for acl1, acl2 in zip(
- acls_before[:2]+acls_before[4:],
- acls_after[:2]+acls_after[4:]):
- self.assertEqual(len(acl1), len(acl2))
-
- self.assertEqual(len(acl1.r), len(acl2.r))
- for r1, r2 in zip(acl1.r, acl2.r):
- self.assertEqual(len(acl1.r), len(acl2.r))
- self.assertEqual(acl1.r, acl2.r)
- for acl1, acl2 in zip(
- acls_before[2:4],
- acls_after[2:4]):
- self.assertEqual(len(acl1), len(acl2))
-
- self.assertNotEqual(len(acl1.r), len(acl2.r))
- for r1, r2 in zip(acl1.r, acl2.r):
- self.assertNotEqual(len(acl1.r), len(acl2.r))
- self.assertNotEqual(acl1.r, acl2.r)
-
- def test_delete_intf(self):
- """ MACIP ACL delete intf with acl
- """
-
- intf_count = len(self.interfaces)+1
- intf = []
- self.apply_macip_rules(self.create_rules(acl_count=3,
- rules_count=[3, 5, 4]))
-
- intf.append(VppLoInterface(self))
- intf.append(VppLoInterface(self))
-
- sw_if_index0 = intf[0].sw_if_index
- self.vapi.macip_acl_interface_add_del(sw_if_index0, 1)
-
- reply = self.vapi.macip_acl_interface_get()
- self.assertEqual(reply.count, intf_count+1)
- self.assertEqual(reply.acls[sw_if_index0], 1)
-
- sw_if_index1 = intf[1].sw_if_index
- self.vapi.macip_acl_interface_add_del(sw_if_index1, 0)
-
- reply = self.vapi.macip_acl_interface_get()
- self.assertEqual(reply.count, intf_count+2)
- self.assertEqual(reply.acls[sw_if_index1], 0)
-
- intf[0].remove_vpp_config()
- reply = self.vapi.macip_acl_interface_get()
- self.assertEqual(reply.count, intf_count+2)
- self.assertEqual(reply.acls[sw_if_index0], 4294967295)
- self.assertEqual(reply.acls[sw_if_index1], 0)
-
- intf.append(VppLoInterface(self))
- intf.append(VppLoInterface(self))
- sw_if_index2 = intf[2].sw_if_index
- sw_if_index3 = intf[3].sw_if_index
- self.vapi.macip_acl_interface_add_del(sw_if_index2, 1)
- self.vapi.macip_acl_interface_add_del(sw_if_index3, 1)
-
- reply = self.vapi.macip_acl_interface_get()
- self.assertEqual(reply.count, intf_count+3)
- self.assertEqual(reply.acls[sw_if_index1], 0)
- self.assertEqual(reply.acls[sw_if_index2], 1)
- self.assertEqual(reply.acls[sw_if_index3], 1)
- self.logger.info("MACIP ACL on multiple interfaces:")
- self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl"))
- self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl index 1234"))
- self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl index 1"))
- self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl index 0"))
- self.logger.info(self.vapi.ppcli("sh acl-plugin macip interface"))
-
- intf[2].remove_vpp_config()
- intf[1].remove_vpp_config()
-
- reply = self.vapi.macip_acl_interface_get()
- self.assertEqual(reply.count, intf_count+3)
- self.assertEqual(reply.acls[sw_if_index0], 4294967295)
- self.assertEqual(reply.acls[sw_if_index1], 4294967295)
- self.assertEqual(reply.acls[sw_if_index2], 4294967295)
- self.assertEqual(reply.acls[sw_if_index3], 1)
-
- intf[3].remove_vpp_config()
- reply = self.vapi.macip_acl_interface_get()
-
- self.assertEqual(len([x for x in reply.acls if x != 4294967295]), 0)
-
-
-class TestACL_dot1q_bridged(MethodHolder):
- """ACL on dot1q bridged subinterfaces Tests"""
-
- @classmethod
- def setUpClass(cls):
- super(TestACL_dot1q_bridged, cls).setUpClass()
-
- @classmethod
- def tearDownClass(cls):
- super(TestACL_dot1q_bridged, cls).tearDownClass()
-
- def test_acl_bridged_ip4_subif_dot1q(self):
- """ IP4 ACL SubIf Dot1Q bridged traffic"""
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED,
- self.IS_IP4, 9, tags=self.DOT1Q, isMACIP=False)
-
- def test_acl_bridged_ip6_subif_dot1q(self):
- """ IP6 ACL SubIf Dot1Q bridged traffic"""
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED,
- self.IS_IP6, 9, tags=self.DOT1Q, isMACIP=False)
-
-
-class TestACL_dot1ad_bridged(MethodHolder):
- """ACL on dot1ad bridged subinterfaces Tests"""
-
- @classmethod
- def setUpClass(cls):
- super(TestACL_dot1ad_bridged, cls).setUpClass()
-
- @classmethod
- def tearDownClass(cls):
- super(TestACL_dot1ad_bridged, cls).tearDownClass()
-
- def test_acl_bridged_ip4_subif_dot1ad(self):
- """ IP4 ACL SubIf Dot1AD bridged traffic"""
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED,
- self.IS_IP4, 9, tags=self.DOT1AD, isMACIP=False)
-
- def test_acl_bridged_ip6_subif_dot1ad(self):
- """ IP6 ACL SubIf Dot1AD bridged traffic"""
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.BRIDGED,
- self.IS_IP6, 9, tags=self.DOT1AD, isMACIP=False)
-
-
-class TestACL_dot1q_routed(MethodHolder):
- """ACL on dot1q routed subinterfaces Tests"""
-
- @classmethod
- def setUpClass(cls):
- super(TestACL_dot1q_routed, cls).setUpClass()
-
- @classmethod
- def tearDownClass(cls):
- super(TestACL_dot1q_routed, cls).tearDownClass()
-
- def test_acl_routed_ip4_subif_dot1q(self):
- """ IP4 ACL SubIf Dot1Q routed traffic"""
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
- self.IS_IP4, 9, tags=self.DOT1Q, isMACIP=False)
-
- def test_acl_routed_ip6_subif_dot1q(self):
- """ IP6 ACL SubIf Dot1Q routed traffic"""
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
- self.IS_IP6, 9, tags=self.DOT1Q, isMACIP=False)
-
- def test_acl_routed_ip4_subif_dot1q_deny_by_tags(self):
- """ IP4 ACL SubIf wrong tags Dot1Q routed traffic"""
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
- self.IS_IP4, 9, True, tags=self.DOT1Q, isMACIP=False,
- permit_tags=self.DENY_TAGS)
-
- def test_acl_routed_ip6_subif_dot1q_deny_by_tags(self):
- """ IP6 ACL SubIf wrong tags Dot1Q routed traffic"""
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
- self.IS_IP6, 9, True, tags=self.DOT1Q, isMACIP=False,
- permit_tags=self.DENY_TAGS)
-
-
-class TestACL_dot1ad_routed(MethodHolder):
- """ACL on dot1ad routed subinterfaces Tests"""
-
- @classmethod
- def setUpClass(cls):
- super(TestACL_dot1ad_routed, cls).setUpClass()
-
- @classmethod
- def tearDownClass(cls):
- super(TestACL_dot1ad_routed, cls).tearDownClass()
-
- def test_acl_routed_ip6_subif_dot1ad(self):
- """ IP6 ACL SubIf Dot1AD routed traffic"""
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
- self.IS_IP6, 9, tags=self.DOT1AD, isMACIP=False)
-
- def test_acl_routed_ip4_subif_dot1ad(self):
- """ IP4 ACL SubIf Dot1AD routed traffic"""
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
- self.IS_IP4, 9, tags=self.DOT1AD, isMACIP=False)
-
- def test_acl_routed_ip6_subif_dot1ad_deny_by_tags(self):
- """ IP6 ACL SubIf wrong tags Dot1AD routed traffic"""
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
- self.IS_IP6, 9, True, tags=self.DOT1AD, isMACIP=False,
- permit_tags=self.DENY_TAGS)
-
- def test_acl_routed_ip4_subif_dot1ad_deny_by_tags(self):
- """ IP4 ACL SubIf wrong tags Dot1AD routed traffic"""
- self.run_traffic(self.EXACT_MAC, self.EXACT_IP, self.ROUTED,
- self.IS_IP4, 9, True, tags=self.DOT1AD, isMACIP=False,
- permit_tags=self.DENY_TAGS)
-
-
-if __name__ == '__main__':
- unittest.main(testRunner=VppTestRunner)