diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/test_acl_plugin.py | 86 | ||||
-rw-r--r-- | test/test_acl_plugin_l2l3.py | 16 |
2 files changed, 51 insertions, 51 deletions
diff --git a/test/test_acl_plugin.py b/test/test_acl_plugin.py index 5ccfa39e525..ccf495ced1b 100644 --- a/test/test_acl_plugin.py +++ b/test/test_acl_plugin.py @@ -238,7 +238,7 @@ class TestACLplugin(VppTestCase): 'dst_ip_addr': d_ip}) return rule - def apply_rules(self, rules, tag=''): + def apply_rules(self, rules, tag=b''): reply = self.vapi.acl_add_replace(acl_index=4294967295, r=rules, tag=tag) self.logger.info("Dumped ACL: " + str( @@ -250,7 +250,7 @@ class TestACLplugin(VppTestCase): acls=[reply.acl_index]) return - def apply_rules_to(self, rules, tag='', sw_if_index=0xFFFFFFFF): + def apply_rules_to(self, rules, tag=b'', sw_if_index=0xFFFFFFFF): reply = self.vapi.acl_add_replace(acl_index=4294967295, r=rules, tag=tag) self.logger.info("Dumped ACL: " + str( @@ -542,14 +542,14 @@ class TestACLplugin(VppTestCase): 'srcport_or_icmptype_first': 1234, 'srcport_or_icmptype_last': 1235, 'src_ip_prefix_len': 0, - 'src_ip_addr': '\x00\x00\x00\x00', + 'src_ip_addr': b'\x00\x00\x00\x00', 'dstport_or_icmpcode_first': 1234, 'dstport_or_icmpcode_last': 1234, - 'dst_ip_addr': '\x00\x00\x00\x00', + 'dst_ip_addr': b'\x00\x00\x00\x00', 'dst_ip_prefix_len': 0}] # Test 1: add a new ACL reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r, - tag="permit 1234") + tag=b"permit 1234") self.assertEqual(reply.retval, 0) # The very first ACL gets #0 self.assertEqual(reply.acl_index, 0) @@ -572,23 +572,23 @@ class TestACLplugin(VppTestCase): 'srcport_or_icmptype_first': 1234, 'srcport_or_icmptype_last': 1235, 'src_ip_prefix_len': 0, - 'src_ip_addr': '\x00\x00\x00\x00', + 'src_ip_addr': b'\x00\x00\x00\x00', 'dstport_or_icmpcode_first': 1234, 'dstport_or_icmpcode_last': 1234, - 'dst_ip_addr': '\x00\x00\x00\x00', + 'dst_ip_addr': b'\x00\x00\x00\x00', 'dst_ip_prefix_len': 0}, {'is_permit': 1, 'is_ipv6': 0, 'proto': 17, 'srcport_or_icmptype_first': 0, 'srcport_or_icmptype_last': 0, 'src_ip_prefix_len': 0, - 'src_ip_addr': '\x00\x00\x00\x00', + 'src_ip_addr': b'\x00\x00\x00\x00', 'dstport_or_icmpcode_first': 0, 'dstport_or_icmpcode_last': 0, - 'dst_ip_addr': '\x00\x00\x00\x00', + 'dst_ip_addr': b'\x00\x00\x00\x00', 'dst_ip_prefix_len': 0}] reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r_deny, - tag="deny 1234;permit all") + tag=b"deny 1234;permit all") self.assertEqual(reply.retval, 0) # The second ACL gets #1 self.assertEqual(reply.acl_index, 1) @@ -596,7 +596,7 @@ class TestACLplugin(VppTestCase): # Test 2: try to modify a nonexistent ACL reply = self.vapi.acl_add_replace(acl_index=432, r=r, - tag="FFFF:FFFF", expected_retval=-6) + tag=b"FFFF:FFFF", expected_retval=-6) self.assertEqual(reply.retval, -6) # The ACL number should pass through self.assertEqual(reply.acl_index, 432) @@ -642,7 +642,7 @@ class TestACLplugin(VppTestCase): 0, self.proto[self.IP][self.TCP])) # Apply rules - self.apply_rules(rules, "permit per-flow") + self.apply_rules(rules, b"permit per-flow") # Traffic should still pass self.run_verify_test(self.IP, self.IPV4, -1) @@ -661,7 +661,7 @@ class TestACLplugin(VppTestCase): self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "deny per-flow;permit all") + self.apply_rules(rules, b"deny per-flow;permit all") # Traffic should not pass self.run_verify_negat_test(self.IP, self.IPV4, @@ -682,7 +682,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit icmpv4") + self.apply_rules(rules, b"permit icmpv4") # Traffic should still pass self.run_verify_test(self.ICMP, self.IPV4, @@ -703,7 +703,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit icmpv6") + self.apply_rules(rules, b"permit icmpv6") # Traffic should still pass self.run_verify_test(self.ICMP, self.IPV6, @@ -724,7 +724,7 @@ class TestACLplugin(VppTestCase): self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "deny icmpv4") + self.apply_rules(rules, b"deny icmpv4") # Traffic should not pass self.run_verify_negat_test(self.ICMP, self.IPV4, 0) @@ -744,7 +744,7 @@ class TestACLplugin(VppTestCase): self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "deny icmpv6") + self.apply_rules(rules, b"deny icmpv6") # Traffic should not pass self.run_verify_negat_test(self.ICMP, self.IPV6, 0) @@ -764,7 +764,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ipv4 tcp") + self.apply_rules(rules, b"permit ipv4 tcp") # Traffic should still pass self.run_verify_test(self.IP, self.IPV4, self.proto[self.IP][self.TCP]) @@ -784,7 +784,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ip6 tcp") + self.apply_rules(rules, b"permit ip6 tcp") # Traffic should still pass self.run_verify_test(self.IP, self.IPV6, self.proto[self.IP][self.TCP]) @@ -804,7 +804,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ipv udp") + self.apply_rules(rules, b"permit ipv udp") # Traffic should still pass self.run_verify_test(self.IP, self.IPV4, self.proto[self.IP][self.UDP]) @@ -824,7 +824,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ip6 udp") + self.apply_rules(rules, b"permit ip6 udp") # Traffic should still pass self.run_verify_test(self.IP, self.IPV6, self.proto[self.IP][self.UDP]) @@ -849,7 +849,7 @@ class TestACLplugin(VppTestCase): self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "deny ip4/ip6 tcp") + self.apply_rules(rules, b"deny ip4/ip6 tcp") # Traffic should not pass self.run_verify_negat_test(self.IP, self.IPRANDOM, @@ -875,7 +875,7 @@ class TestACLplugin(VppTestCase): self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "deny ip4/ip6 udp") + self.apply_rules(rules, b"deny ip4/ip6 udp") # Traffic should not pass self.run_verify_negat_test(self.IP, self.IPRANDOM, @@ -966,7 +966,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ip4 tcp "+str(port)) + self.apply_rules(rules, b"permit ip4 tcp %d" % port) # Traffic should still pass self.run_verify_test(self.IP, self.IPV4, @@ -988,7 +988,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ip4 tcp "+str(port)) + self.apply_rules(rules, b"permit ip4 tcp %d" % port) # Traffic should still pass self.run_verify_test(self.IP, self.IPV4, @@ -1010,7 +1010,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ip4 tcp "+str(port)) + self.apply_rules(rules, b"permit ip4 tcp %d" % port) # Traffic should still pass self.run_verify_test(self.IP, self.IPV6, @@ -1033,7 +1033,7 @@ class TestACLplugin(VppTestCase): self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ip4 tcp "+str(port)) + self.apply_rules(rules, b"permit ip4 tcp %d" % port) # Traffic should still pass self.run_verify_test(self.IP, self.IPV6, @@ -1060,7 +1060,7 @@ class TestACLplugin(VppTestCase): self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "deny ip4/ip6 udp "+str(port)) + self.apply_rules(rules, b"deny ip4/ip6 udp %d" % port) # Traffic should not pass self.run_verify_negat_test(self.IP, self.IPRANDOM, @@ -1087,7 +1087,7 @@ class TestACLplugin(VppTestCase): self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "deny ip4/ip6 udp "+str(port)) + self.apply_rules(rules, b"deny ip4/ip6 udp %d" % port) # Traffic should not pass self.run_verify_negat_test(self.IP, self.IPRANDOM, @@ -1115,7 +1115,7 @@ class TestACLplugin(VppTestCase): self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "deny ip4/ip6 udp "+str(port)) + self.apply_rules(rules, b"deny ip4/ip6 udp %d" % port) # Traffic should not pass self.run_verify_negat_test(self.IP, self.IPRANDOM, @@ -1137,7 +1137,7 @@ class TestACLplugin(VppTestCase): self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit empty udp ip4 " + str(port)) + self.apply_rules(rules, b"permit empty udp ip4 %d" % port) # Traffic should still pass # Create incoming packet streams for packet-generator interfaces @@ -1171,7 +1171,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit empty udp ip6 "+str(port)) + self.apply_rules(rules, b"permit empty udp ip6 %d" % port) # Traffic should still pass # Create incoming packet streams for packet-generator interfaces @@ -1208,7 +1208,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ipv4 tcp") + self.apply_rules(rules, b"permit ipv4 tcp") # Traffic should still pass self.run_verify_test(self.IP, self.IPV4, self.proto[self.IP][self.TCP]) @@ -1230,7 +1230,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ip6 tcp") + self.apply_rules(rules, b"permit ip6 tcp") # Traffic should still pass self.run_verify_test(self.IP, self.IPV6, self.proto[self.IP][self.TCP]) @@ -1252,7 +1252,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ipv4 udp") + self.apply_rules(rules, b"permit ipv4 udp") # Traffic should still pass self.run_verify_test(self.IP, self.IPV4, self.proto[self.IP][self.UDP]) @@ -1274,7 +1274,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ip6 udp") + self.apply_rules(rules, b"permit ip6 udp") # Traffic should still pass self.run_verify_test(self.IP, self.IPV6, self.proto[self.IP][self.UDP]) @@ -1305,7 +1305,7 @@ class TestACLplugin(VppTestCase): self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "deny ip4/ip6 tcp") + self.apply_rules(rules, b"deny ip4/ip6 tcp") # Traffic should not pass self.run_verify_negat_test(self.IP, self.IPRANDOM, @@ -1337,7 +1337,7 @@ class TestACLplugin(VppTestCase): self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "deny ip4/ip6 udp") + self.apply_rules(rules, b"deny ip4/ip6 udp") # Traffic should not pass self.run_verify_negat_test(self.IP, self.IPRANDOM, @@ -1360,7 +1360,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ipv4 tcp") + self.apply_rules(rules, b"permit ipv4 tcp") # Traffic should still pass also for an odd ethertype self.run_verify_test(self.IP, self.IPV4, self.proto[self.IP][self.TCP], @@ -1382,7 +1382,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ipv4 tcp") + self.apply_rules(rules, b"permit ipv4 tcp") # whitelist the 0xbbbb etype - so the 0xaaaa should be blocked self.etype_whitelist([0xbbb], 1) @@ -1412,7 +1412,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ipv4 tcp") + self.apply_rules(rules, b"permit ipv4 tcp") # whitelist the 0xbbbb etype - so the 0xaaaa should be blocked self.etype_whitelist([0xbbb], 1) @@ -1441,7 +1441,7 @@ class TestACLplugin(VppTestCase): rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, "permit ipv4 tcp") + self.apply_rules(rules, b"permit ipv4 tcp") # whitelist the 0xbbbb etype - so the 0xaaaa should be blocked self.etype_whitelist([0xbbb], 1) @@ -1473,7 +1473,7 @@ class TestACLplugin(VppTestCase): intf.append(VppLoInterface(self)) # Apply rules - self.apply_rules_to(rules, "permit ipv4 tcp", intf[0].sw_if_index) + self.apply_rules_to(rules, b"permit ipv4 tcp", intf[0].sw_if_index) # Remove the interface intf[0].remove_vpp_config() diff --git a/test/test_acl_plugin_l2l3.py b/test/test_acl_plugin_l2l3.py index 85b7e5845a7..73dd473c67f 100644 --- a/test/test_acl_plugin_l2l3.py +++ b/test/test_acl_plugin_l2l3.py @@ -369,17 +369,17 @@ class TestACLpluginL2L3(VppTestCase): shuffle(all_rules) reply = self.vapi.acl_add_replace(acl_index=4294967295, r=all_rules[::2], - tag="shuffle 1. acl") + tag=b"shuffle 1. acl") shuffle_acl_1 = reply.acl_index shuffle(all_rules) reply = self.vapi.acl_add_replace(acl_index=4294967295, r=all_rules[::3], - tag="shuffle 2. acl") + tag=b"shuffle 2. acl") shuffle_acl_2 = reply.acl_index shuffle(all_rules) reply = self.vapi.acl_add_replace(acl_index=4294967295, r=all_rules[::2], - tag="shuffle 3. acl") + tag=b"shuffle 3. acl") shuffle_acl_3 = reply.acl_index # apply the shuffle ACLs in front @@ -404,15 +404,15 @@ class TestACLpluginL2L3(VppTestCase): shuffle(all_rules) reply = self.vapi.acl_add_replace(acl_index=shuffle_acl_1, r=all_rules[::1+(i % 2)], - tag="shuffle 1. acl") + tag=b"shuffle 1. acl") shuffle(all_rules) reply = self.vapi.acl_add_replace(acl_index=shuffle_acl_2, r=all_rules[::1+(i % 3)], - tag="shuffle 2. acl") + tag=b"shuffle 2. acl") shuffle(all_rules) reply = self.vapi.acl_add_replace(acl_index=shuffle_acl_2, r=all_rules[::1+(i % 5)], - tag="shuffle 3. acl") + tag=b"shuffle 3. acl") # restore to how it was before and clean up self.vapi.acl_interface_set_acl_list(sw_if_index=sw_if_index, @@ -429,10 +429,10 @@ class TestACLpluginL2L3(VppTestCase): r_permit_reflect = stream_dict['permit_and_reflect_rules'] r_action = r_permit_reflect if is_reflect else r reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r_action, - tag="act. acl") + tag=b"act. acl") action_acl_index = reply.acl_index reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r_permit, - tag="perm. acl") + tag=b"perm. acl") permit_acl_index = reply.acl_index return {'L2': action_acl_index if test_l2_action else permit_acl_index, 'L3': permit_acl_index if test_l2_action else action_acl_index, |