From f068c3ed296c49dfbfe17677fc1ad2428fb4e3e4 Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Wed, 3 Jan 2018 04:18:48 -0800 Subject: DVR: run L3 output features - rename l2_bridged to is_dvr. Including on the ip.api this was new in the 18.01 release so no compatability issues. - steal the free space in vnet_buffer_opaque_t for use with flags. - run the ipX-output feature arc from the DVR DPO Change-Id: I040e5976d1dbe076fcdda3a40a7804f56337ce3f Signed-off-by: Neale Ranns --- test/test_dvr.py | 60 ++++++++++++++++++++++++++++++++++------------- test/vpp_ip_route.py | 8 ++++--- test/vpp_papi_provider.py | 6 ++--- 3 files changed, 52 insertions(+), 22 deletions(-) (limited to 'test') diff --git a/test/test_dvr.py b/test/test_dvr.py index e7b68db2ac7..e2e960584a6 100644 --- a/test/test_dvr.py +++ b/test/test_dvr.py @@ -13,6 +13,7 @@ from scapy.packet import Raw from scapy.layers.l2 import Ether, Dot1Q, ARP from scapy.layers.inet import IP, UDP from util import ppp +from socket import AF_INET, inet_pton class TestDVR(VppTestCase): @@ -107,22 +108,16 @@ class TestDVR(VppTestCase): self, ip_non_tag_bridged, 32, [VppRoutePath("0.0.0.0", self.pg1.sw_if_index, - proto=DpoProto.DPO_PROTO_ETHERNET)]) + is_dvr=1)]) route_no_tag.add_vpp_config() # # Inject the packet that arrives and leaves on a non-tagged interface # Since it's 'bridged' expect that the MAC headed is unchanged. # - self.pg0.add_stream(pkt_no_tag) - - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - - rx = self.pg1.get_capture(1) - - self.assertEqual(rx[0][Ether].dst, pkt_no_tag[Ether].dst) - self.assertEqual(rx[0][Ether].src, pkt_no_tag[Ether].src) + rx = self.send_and_expect(self.pg0, pkt_no_tag * 65, self.pg1) + self.assert_same_mac_addr(pkt_no_tag, rx) + self.assert_has_no_tag(rx) # # Add routes to bridge the traffic via a tagged interface @@ -131,12 +126,12 @@ class TestDVR(VppTestCase): self, ip_tag_bridged, 32, [VppRoutePath("0.0.0.0", sub_if_on_pg3.sw_if_index, - proto=DpoProto.DPO_PROTO_ETHERNET)]) + is_dvr=1)]) route_with_tag.add_vpp_config() # - # Inject the packet that arrives and leaves on a non-tagged interface - # Since it's 'bridged' expect that the MAC headed is unchanged. + # Inject the packet that arrives non-tag and leaves on a tagged + # interface # rx = self.send_and_expect(self.pg0, pkt_tag * 65, self.pg3) self.assert_same_mac_addr(pkt_tag, rx) @@ -172,9 +167,42 @@ class TestDVR(VppTestCase): self.assert_same_mac_addr(pkt_tag_to_tag, rx) self.assert_has_no_tag(rx) + # + # Add an output L3 ACL that will block the traffic + # + rule_1 = ({'is_permit': 0, + 'is_ipv6': 0, + 'proto': 17, + 'srcport_or_icmptype_first': 1234, + 'srcport_or_icmptype_last': 1234, + 'src_ip_prefix_len': 32, + 'src_ip_addr': inet_pton(AF_INET, any_src_addr), + 'dstport_or_icmpcode_first': 1234, + 'dstport_or_icmpcode_last': 1234, + 'dst_ip_prefix_len': 32, + 'dst_ip_addr': inet_pton(AF_INET, ip_non_tag_bridged)}) + acl = self.vapi.acl_add_replace(acl_index=4294967295, + r=[rule_1]) + + # + # Apply the ACL on the output interface + # + self.vapi.acl_interface_set_acl_list(self.pg1.sw_if_index, + 0, + [acl.acl_index]) + + # + # Send packet's that should match the ACL and be dropped + # + rx = self.send_and_assert_no_replies(self.pg2, pkt_tag_to_non_tag * 65) + # # cleanup # + self.vapi.acl_interface_set_acl_list(self.pg1.sw_if_index, + 0, []) + self.vapi.acl_del(acl.acl_index) + self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, 1, enable=0) self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, 1, @@ -258,7 +286,7 @@ class TestDVR(VppTestCase): 93) # - # Disable UU flooding, learning and ARM terminaation. makes this test + # Disable UU flooding, learning and ARP terminaation. makes this test # easier as unicast packets are dropped if not extracted. # self.vapi.bridge_flags(1, 0, (1 << 0) | (1 << 3) | (1 << 4)) @@ -269,11 +297,11 @@ class TestDVR(VppTestCase): route_1 = VppIpRoute(self, "1.1.1.1", 32, [VppRoutePath("0.0.0.0", self.pg1.sw_if_index, - proto=DpoProto.DPO_PROTO_ETHERNET)]) + is_dvr=1)]) route_2 = VppIpRoute(self, "1.1.1.2", 32, [VppRoutePath("0.0.0.0", sub_if_on_pg2.sw_if_index, - proto=DpoProto.DPO_PROTO_ETHERNET)]) + is_dvr=1)]) route_1.add_vpp_config() route_2.add_vpp_config() diff --git a/test/vpp_ip_route.py b/test/vpp_ip_route.py index fedf1302e21..2d34f55efdf 100644 --- a/test/vpp_ip_route.py +++ b/test/vpp_ip_route.py @@ -110,6 +110,7 @@ class VppRoutePath(object): is_resolve_attached=0, is_source_lookup=0, is_udp_encap=0, + is_dvr=0, next_hop_id=0xffffffff, proto=DpoProto.DPO_PROTO_IP4): self.nh_itf = nh_sw_if_index @@ -135,6 +136,7 @@ class VppRoutePath(object): self.nh_itf = rpf_id self.is_udp_encap = is_udp_encap self.next_hop_id = next_hop_id + self.is_dvr = is_dvr class VppMRoutePath(VppRoutePath): @@ -206,8 +208,7 @@ class VppIpRoute(VppObject): next_hop_table_id=path.nh_table_id, next_hop_id=path.next_hop_id, is_ipv6=self.is_ip6, - is_l2_bridged=1 - if path.proto == DpoProto.DPO_PROTO_ETHERNET else 0, + is_dvr=path.is_dvr, is_resolve_host=path.is_resolve_host, is_resolve_attached=path.is_resolve_attached, is_source_lookup=path.is_source_lookup, @@ -241,7 +242,8 @@ class VppIpRoute(VppObject): next_hop_id=path.next_hop_id, is_add=0, is_udp_encap=path.is_udp_encap, - is_ipv6=self.is_ip6) + is_ipv6=self.is_ip6, + is_dvr=path.is_dvr) def query_vpp_config(self): return find_route(self._test, diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py index 16bc44b64b9..acd05a7a26d 100644 --- a/test/vpp_papi_provider.py +++ b/test/vpp_papi_provider.py @@ -759,7 +759,7 @@ class VppPapiProvider(object): is_local=0, is_classify=0, is_multipath=0, - is_l2_bridged=0, + is_dvr=0, is_udp_encap=0, is_source_lookup=0): """ @@ -780,7 +780,7 @@ class VppPapiProvider(object): :param is_multipath: (Default value = 0) :param is_resolve_host: (Default value = 0) :param is_resolve_attached: (Default value = 0) - :param is_l2_bridged: (Default value = 0) + :param is_dvr: (Default value = 0) :param is_source_lookup: (Default value = 0) :param next_hop_weight: (Default value = 1) @@ -802,7 +802,7 @@ class VppPapiProvider(object): 'is_multipath': is_multipath, 'is_resolve_host': is_resolve_host, 'is_resolve_attached': is_resolve_attached, - 'is_l2_bridged': is_l2_bridged, + 'is_dvr': is_dvr, 'is_source_lookup': is_source_lookup, 'is_udp_encap': is_udp_encap, 'next_hop_weight': next_hop_weight, -- cgit 1.2.3-korg