summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl/acl.h
AgeCommit message (Expand)AuthorFilesLines
2018-03-30acl-plugin: implement an optional session reclassification when ACL is (re-)a...Andrew Yourtchenko1-0/+9
2018-03-27acl-plugin: autosize the ACL plugin heap and fix the heap size types and parsingAndrew Yourtchenko1-4/+2
2018-03-23acl-plugin: improvements in 'show acl-plugin macip acl' CLIAndrew Yourtchenko1-0/+3
2018-03-23acl-plugin: set ACL heap within the exported functions that might alloc memoryAndrew Yourtchenko1-0/+2
2018-03-22Revert "acl-plugin: improvement on 'show acl-plugin' CLI"Damjan Marion1-3/+0
2018-03-22acl-plugin: implement ACL lookup contexts for "ACL as a service" use by other...Andrew Yourtchenko1-0/+24
2018-03-21acl-plugin: improvement on 'show acl-plugin' CLISteve Shin1-0/+3
2018-02-08acl-plugin: add whitelisted ethertype mode (VPP-1163)Andrew Yourtchenko1-0/+6
2018-02-08acl-plugin: VPP-1088: add support for egress filter in macip ACLsAndrew Yourtchenko1-0/+4
2018-02-08acl-plugin: an elog-based tracing implementation for troubleshooting the conn...Andrew Yourtchenko1-0/+2
2017-11-08ACL plugin support tagged subinterfacesPavel Kotucek1-0/+5
2017-09-12acl-plugin: add startup-config section "acl-plugin" and heap/hash parametersAndrew Yourtchenko1-0/+10
2017-08-22acl-plugin: Recreate the bihash_40_8.h in the proper placeAndrew Yourtchenko1-1/+2
2017-08-18acl-plugin: time out the sessions created by main thread too (VPP-948)Andrew Yourtchenko1-0/+2
2017-08-08acl-plugin: rework the optimization 7383, fortify acl-plugin memory behavior ...Andrew Yourtchenko1-0/+6
2017-08-03acl-plugin: multicore: CSIT c100k 2-core stateful ACL test does not pass (VPP...Andrew Yourtchenko1-3/+3
2017-06-19acl-plugin: bihash-based ACL lookupAndrew Yourtchenko1-0/+30
2017-06-15acl-plugin: store sessions in a single hash table instead of a per-interfaceAndrew Yourtchenko1-3/+6
2017-06-07acl-plugin: add a plugin-specific control-ping message api and make the test ...Andrew Yourtchenko1-1/+1
2017-06-07acl-plugin: make the ACL plugin multicore-capableAndrew Yourtchenko1-7/+4
2017-04-20Clean up old datapath code in ACL plugin.Andrew Yourtchenko1-22/+9
2017-04-06acl-plugin: make the IPv4/IPv6 non-first fragment handling in line with ACL (...Andrew Yourtchenko1-1/+4
2017-03-30acl-plugin: cleaner node bugfixes (VPP-675)Andrew Yourtchenko1-0/+16
2017-03-21ACL plugin 1.2Andrew Yourtchenko1-3/+119
2017-03-03VPP-651: Ensure sw_if_index to node mapping for L2 output path is only done v...Andrew Yourtchenko1-3/+2
2017-02-03Plugin infrastructure improvementsDamjan Marion1-2/+0
2017-01-01Move java,lua api and remaining plugins to src/Damjan Marion1-0/+148
>, "P"]), BitField("reserved", 0, 18), ByteField("next_proto", 0), IntField("iid", 0), ] bind_layers(UDP, LISP_GPE_Header, dport=4341) bind_layers(UDP, LISP_GPE_Header, sport=4341) bind_layers(LISP_GPE_Header, IP, next_proto=1) bind_layers(LISP_GPE_Header, IPv6, next_proto=2) bind_layers(LISP_GPE_Header, Ether, next_proto=3) class ForeignAddressFactory(object): count = 0 prefix_len = 24 net_template = '10.10.10.{}' net = net_template.format(0) + '/' + str(prefix_len) def get_ip4(self): if self.count > 255: raise Exception("Network host address exhaustion") self.count += 1 return self.net_template.format(self.count) class Driver(metaclass=abc.ABCMeta): config_order = ['locator-sets', 'locators', 'local-mappings', 'remote-mappings', 'adjacencies'] """ Basic class for data driven testing """ def __init__(self, test, test_cases): self._test_cases = test_cases self._test = test @property def test_cases(self): return self._test_cases @property def test(self): return self._test def create_packet(self, src_if, dst_if, deid, payload=''): """ Create IPv4 packet param: src_if param: dst_if """ packet = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / IP(src=src_if.remote_ip4, dst=deid) / Raw(payload)) return packet @abc.abstractmethod def run(self): """ testing procedure """ pass class SimpleDriver(Driver): """ Implements simple test procedure """ def __init__(self, test, test_cases): super(SimpleDriver, self).__init__(test, test_cases) def verify_capture(self, src_loc, dst_loc, capture): """ Verify captured packet :param src_loc: source locator address :param dst_loc: destination locator address :param capture: list of captured packets """ self.test.assertEqual(len(capture), 1, "Unexpected number of " "packets! Expected 1 but {} received" .format(len(capture))) packet = capture[0] try: ip_hdr = packet[IP] # assert the values match self.test.assertEqual(ip_hdr.src, src_loc, "IP source address") self.test.assertEqual(ip_hdr.dst, dst_loc, "IP destination address") gpe_hdr = packet[LISP_GPE_Header] self.test.assertEqual(gpe_hdr.next_proto, 1, "next_proto is not ipv4!") ih = gpe_hdr[IP] self.test.assertEqual(ih.src, self.test.pg0.remote_ip4, "unexpected source EID!") self.test.assertEqual(ih.dst, self.test.deid_ip4, "unexpected dest EID!") except: self.test.logger.error(ppp("Unexpected or invalid packet:", packet)) raise def configure_tc(self, tc): for config_item in self.config_order: for vpp_object in tc[config_item]: vpp_object.add_vpp_config() def run(self, dest): """ Send traffic for each test case and verify that it is encapsulated """ for tc in enumerate(self.test_cases): self.test.logger.info('Running {}'.format(tc[1]['name'])) self.configure_tc(tc[1]) packet = self.create_packet(self.test.pg0, self.test.pg1, dest, 'data') self.test.pg0.add_stream(packet) self.test.pg0.enable_capture() self.test.pg1.enable_capture() self.test.pg_start() capture = self.test.pg1.get_capture(1) self.verify_capture(self.test.pg1.local_ip4, self.test.pg1.remote_ip4, capture) self.test.pg0.assert_nothing_captured() class TestLisp(VppTestCase): """ Basic LISP test """ @classmethod def setUpClass(cls): super(TestLisp, cls).setUpClass() cls.faf = ForeignAddressFactory() cls.create_pg_interfaces(range(2)) # create pg0 and pg1 for i in cls.pg_interfaces: i.admin_up() # put the interface upsrc_if i.config_ip4() # configure IPv4 address on the interface i.resolve_arp() # resolve ARP, so that we know VPP MAC @classmethod def tearDownClass(cls): super(TestLisp, cls).tearDownClass() def setUp(self): super(TestLisp, self).setUp() self.vapi.lisp_enable_disable(is_enable=1) def test_lisp_basic_encap(self): """Test case for basic encapsulation""" self.deid_ip4_net = self.faf.net self.deid_ip4 = self.faf.get_ip4() self.seid_ip4 = '{!s}/{!s}'.format(self.pg0.local_ip4, 32) self.rloc_ip4 = self.pg1.remote_ip4 test_cases = [ { 'name': 'basic ip4 over ip4', 'locator-sets': [VppLispLocatorSet(self, 'ls-4o4')], 'locators': [ VppLispLocator(self, self.pg1.sw_if_index, 'ls-4o4') ], 'local-mappings': [ VppLocalMapping(self, self.seid_ip4, 'ls-4o4') ], 'remote-mappings': [ VppRemoteMapping(self, self.deid_ip4_net, [LispRemoteLocator(self.rloc_ip4)]) ], 'adjacencies': [ VppLispAdjacency(self, self.seid_ip4, self.deid_ip4_net) ] } ] self.test_driver = SimpleDriver(self, test_cases) self.test_driver.run(self.deid_ip4) class TestLispUT(VppTestCase): """ Lisp UT """ @classmethod def setUpClass(cls): super(TestLispUT, cls).setUpClass() @classmethod def tearDownClass(cls): super(TestLispUT, cls).tearDownClass() def test_fib(self): """ LISP Unit Tests """ error = self.vapi.cli("test lisp cp") if error: self.logger.critical(error) self.assertNotIn("Failed", error) if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)