summaryrefslogtreecommitdiffstats
path: root/MAINTAINERS
blob: b259754484d4428bd91ce021a0990fcae1a8b76b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
Descriptions of section entries:

	M: Maintainer Full name and E-mail address: Full Name <address@domain>
	   One maintainer per line.  Multiple M: lines acceptable.
	F: Files and directories with wildcard patterns.
	   A trailing slash includes all files and subdirectory files.
	   F:	drivers/net/	all files in and below drivers/net
	   F:	drivers/net/*	all files in drivers/net, but not below
	   One pattern per line.  Multiple F: lines acceptable.
	E: exclude file(s) matched by F:
	C: Single line comment related to current section.
	I: single word feature/component identifier
	Y: path to feature YAML file

		-----------------------------------

Build System
I:	build
M:	Damjan Marion <damarion@cisco.com>
F:	Makefile
F:	src/CMakeLists.txt
F:	src/cmake/
F:	build/

Build System Internal
I:	ebuild
M:	Dave Barach <vpp@barachs.net>
F:	build-root/Makefile
F:	build-data/

VNET Link Bonding
I:	bonding
M:	Steven Luong <sluong@cisco.com>
F:	src/vnet/bonding/

Sphinx Documents
I:	docs
M:	John DeNisco <jdenisco@cisco.com>
M:	Ray Kinsella <raykinsella78@gmail.com>
F:	docs/

Infrastructure Library
I:	vppinfra
M:	Dave Barach <vpp@barachs.net>
F:	src/vppinfra/

Physical Memory Allocator
I:	pmalloc
M:	Damjan Marion <damarion@cisco.com>
F:	src/vppinfra/pmalloc.[ch]

Vector Library
I:	vlib
M:	Dave Barach <vpp@barachs.net>
M:	Damjan Marion <damarion@cisco.com>
F:	src/vlib/
E:	src/vlib/buffer*.[ch]
E:	src/vlib/pci/
E:	src/vlib/linux/pci.[ch]
E:	src/vlib/linux/vfio.[ch]

Vector Library - Buffer Management
I:	buffers
M:	Damjan Marion <damarion@cisco.com>
M:	Dave Barach <vpp@barachs.net>
F:	src/vlib/buffer*.[ch]

Vector Library - PCI
I:	pci
M:	Damjan Marion <damarion@cisco.com>
F:	src/vlib/pci/
F:	src/vlib/linux/pci.[ch]
F:	src/vlib/linux/vfio.[ch]

Binary API Libraries
I:	api
M:	Dave Barach <vpp@barachs.net>
F:	src/vlibapi/
F:	src/vlibmemory/

VNET Bidirectional Forwarding Detection (BFD)
I:	bfd
M:	Klement Sekera <ksekera@cisco.com>
F:	src/vnet/bfd/

VNET Classifier
I:	classify
M:	Dave Barach <vpp@barachs.net>
F:	src/vnet/classify

VNET Policer
I:	policer
M:	Neale Ranns <neale@graphiant.com>
F:	src/vnet/policer/

VNET Device Drivers
I:	devices
Y:	src/vnet/devices/af_packet/FEATURE.yaml
Y:	src/vnet/devices/pipe/FEATURE.yaml
M:	Damjan Marion <damarion@cisco.com>
F:	src/vnet/devices/

VNET TAP Drivers
I:	tap
Y:	src/vnet/devices/tap/FEATURE.yaml
M:	Damjan Marion <damarion@cisco.com>
M:	Steven Luong <sluong@cisco.com>
M:	Mohsin Kazmi <sykazmi@cisco.com>
F:	src/vnet/devices/tap/

VNET Vhost User Driver
I:	vhost
Y:	src/vnet/devices/virtio/FEATURE.yaml
M:	Steven Luong <sluong@cisco.com>
F:	src/vnet/devices/virtio/vhost_user*

VNET Native Virtio Drivers
I:	virtio
Y:	src/vnet/devices/virtio/FEATURE.yaml
M:	Mohsin Kazmi <sykazmi@cisco.com>
M:	Damjan Marion <damarion@cisco.com>
F:	src/vnet/devices/virtio/

VNET Ethernet
I:	ethernet
M:	Dave Barach <vpp@barachs.net>
M:	Damjan Marion <damarion@cisco.com>
F:	src/vnet/ethernet/

VNET Feature Arcs
I:	feature
M:	Dave Barach <vpp@barachs.net>
M:	Damjan Marion <damarion@cisco.com>
F:	src/vnet/feature/

VNET FIB
I:	fib
M:	Neale Ranns <neale@graphiant.com>
F:	src/vnet/fib/
F:	src/vnet/mfib/
F:	src/vnet/dpo
F:	src/vnet/adj

VNET IPv4 LPM
I:	ip
M:	Dave Barach <vpp@barachs.net>
F:	src/vnet/ip/

VNET IPv6 LPM
I:	ip6
M:	Neale Ranns <neale@graphiant.com>
M:	Jon Loeliger <jdl@netgate.com>
F:	src/vnet/ip/

VNET IP Neighbors
I:	ip-neighbor
M:	Neale Ranns <neale@graphiant.com>
F:	src/vnet/ip-neighbor

VNET QoS
I:	qos
M:	Neale Ranns <neale@graphiant.com>
F:	src/vnet/qos/

VNET Interface Common
I:	interface
M:	Dave Barach <vpp@barachs.net>
F:	src/vnet/interface*.[ch]

VNET Packet Generator
I:	pg
M:	Dave Barach <vpp@barachs.net>
F:	src/vnet/pg/

VNET Segment Routing (IPv6 and MPLS)
I:	sr
M:	Pablo Camarillo <pcamaril@cisco.com>
F:	src/vnet/srv6/
F:	src/vnet/srmpls/
F:	src/examples/srv6-sample-localsid/

VNET IPSec
I:	ipsec
M:	Neale Ranns <neale@graphiant.com>
M:	Radu Nicolau <radu.nicolau@intel.com>
M:	Fan Zhang <roy.fan.zhang@intel.com>
F:	src/vnet/ipsec/

VNET Crypto Infra
I:	crypto
M:	Damjan Marion <damarion@cisco.com>
M:	Neale Ranns <neale@graphiant.com>
F:	src/vnet/crypto/

VNET TEIB
I:	teib
M:	Neale Ranns <neale@graphiant.com>
F:	src/vnet/teib/

VNET SPAN
I:	span
M:	N/A
F:	src/vnet/span

Plugin - Crypto - native
I:	crypto-native
M:	Damjan Marion <damarion@cisco.com>
F:	src/plugins/crypto_native/

Plugin - Crypto - OpenSSL
I:	crypto-openssl
M:	Damjan Marion <damarion@cisco.com>
F:	src/plugins/crypto_openssl/

Plugin - Crypto - ipsecmb
I:	crypto-ipsecmb
M:	Neale Ranns <neale@graphiant.com>
M:      Fan Zhang <roy.fan.zhang@intel.com>
F:	src/plugins/crypto_ipsecmb/

Plugin - Crypto - sw_scheduler
I:	crypto-sw-scheduler
M:	Fan Zhang <roy.fan.zhang@intel.com>
F:	src/plugs/crypto_sw_scheduler/

VNET L2
I:	l2
M:	John Lo <lojultra2020@outlook.com>
M:	Steven Luong <sluong@cisco.com>
F:	src/vnet/l2/

VNET GRE
I:	gre
M:	Neale Ranns <neale@graphiant.com>
F:	src/vnet/gre/

VNET GSO
I:	gso
M:	Andrew Yourtchenko <ayourtch@gmail.com>
M:	Mohsin Kazmi <sykazmi@cisco.com>
F:	src/vnet/gso/

Plugin - MAP
I:	map
Y:	src/plugins/map/FEATURE.yaml
M:	Ole Troan <ot@cisco.com>
M:	Jon Loeliger <jdl@netgate.com>
F:	src/plugins/map

VNET MPLS
I:	mpls
M:	Neale Ranns <neale@graphiant.com>
F:	src/vnet/mpls/

VNET BIER
I:	bier
M:	Neale Ranns <neale@graphiant.com>
F:	src/vnet/bier/

VNET Session Layer
I:	session
Y:	src/vnet/session/FEATURE.yaml
M:	Florin Coras <fcoras@cisco.com>
F:	src/vnet/session

VNET TCP
I:	tcp
Y:	src/vnet/tcp/FEATURE.yaml
M:	Florin Coras <fcoras@cisco.com>
F:	src/vnet/tcp

VNET UDP
I:	udp
Y:	src/vnet/udp/FEATURE.yaml
M:	Florin Coras <fcoras@cisco.com>
F:	src/vnet/udp

VNET VXLAN
I:	vxlan
M:	John Lo <lojultra2020@outlook.com>
M:	Steven Luong <sluong@cisco.com>
F:	src/vnet/vxlan/

VNET VXLAN-GPE
I:	vxlan-gpe
M:	Hongjun Ni <hongjun.ni@intel.com>
F:	src/vnet/vxlan-gpe/

VNET IPIP
I:	ipip
Y:	src/vnet/ipip/FEATURE.yaml
M:	Ole Troan <otroan@employees.org>
F:	src/vnet/ipip/

VNET tunnel
I:	tunnel
M:	Neale Ranns <neale@graphiant.com>
F:	src/vnet/tunnel'

VNET TLS and TLS engine plugins
I:	tls
M:	Florin Coras <fcoras@cisco.com>
M:	Ping Yu <ping.yu@intel.com>
F:	src/vnet/tls
F:	src/plugins/tlsopenssl
F:	src/plugins/tlsmbedtls
F:	src/plugins/tlspicotls

VNET SYSLOG
I:	syslog
M:	Matus Fabian <matfabia@cisco.com>
F:	src/vnet/syslog

Plugin - DHCP
I:	dhcp
M:	Dave Barach <vpp@barachs.net>
M:	Neale Ranns <neale@graphiant.com>
F:	src/plugins/dhcp/

VNET - ARP
I:	arp
M:	Dave Barach <vpp@barachs.net>
M:	Neale Ranns <neale@graphiant.com>
F:	src/vnet/arp/

Plugin - ARPing CLI
I:	arping
M:	Steven Luong <sluong@cisco.com>
F:	src/plugins/arping/

VNET - IP6 Neighbor Discovery
I:	ip6-nd
M:	Dave Barach <vpp@barachs.net>
M:	Neale Ranns <neale@graphiant.com>
F:	src/vnet/ip6-nd/

VNET GENEVE
I:	geneve
M:	N/A
F:	src/vnet/geneve/

VNET FLOW
I:	flow
M:	Damjan Marion <damarion@cisco.com>
F:	src/vnet/flow/

VNET Hash
I:	hash
M:	Mohsin Kazmi <sykazmi@cisco.com>
M:	Damjan Marion <damarion@cisco.com>
F:	src/vnet/hash/

VPP Main App
I:	vpp
M:	Dave Barach <vpp@barachs.net>
M:	Damjan Marion <damarion@cisco.com>
F:	src/vpp/

Plugin - Access Control List (ACL) Based Forwarding
I:	abf
M:	Neale Ranns <neale@graphiant.com>
F:	src/plugins/abf/

Plugin - Allow / Deny List
I:	adl
M:	Dave Barach <vpp@barachs.net>
F:	src/plugins/adl/

Plugin - Simple DNS name resolver
I:	dns
M:	Dave Barach <vpp@barachs.net>
F:	src/plugins/dns/

Plugin - ACL
I:	acl
M:	Andrew Yourtchenko <ayourtch@gmail.com>
F:	src/plugins/acl/

Plugin - NAT
I:	nat
M:	Ole Troan <ot@cisco.com>
M:  Filip Varga <fivarga@cisco.com>
M:  Klement Sekera <ksekera@cisco.com>
F:	src/plugins/nat/

Plugin - PNAT Static match and rewrite engine
I:	pnat
M:	Ole Troan <ot@cisco.com>
F:	src/plugins/nat/pnat/

Plugin - AVF Device driver
I:	avf
M:	Damjan Marion <damarion@cisco.com>
F:	src/plugins/avf/

Plugin - Dispatch Trace PCAP
I:	dispatch-trace
M:	Dave Barach <vpp@barachs.net>
F:	src/plugins/dispatch-trace

Plugin - DPDK
I:	dpdk
M:	Damjan Marion <damarion@cisco.com>
M:	Mohammed Hawari <mohammed@hawari.fr>
F:	src/plugins/dpdk/

Plugin - DPDK Crypto
I:	dpdk-cryptodev
M:	Sergio Gonzalez Monroy <sergio.gonzalez.monroy@outlook.com>
M:	Radu Nicolau <radu.nicolau@intel.com>
M:	Fan Zhang <roy.fan.zhang@intel.com>
F:	src/plugins/dpdk/cryptodev/

Plugin - flowprobe
I:	flowprobe
Y:	src/plugins/flowprobe/FEATURE.yaml
M:	Ole Troan <otroan@employees.org>
F:	src/plugins/flowprobe/

Plugin - http_static
I:	http_static
M:	Dave Barach <vpp@barachs.net>
F:	src/plugins/http_static/

Plugin - builtinurl
I:	builtinurl
M:	Dave Barach <vpp@barachs.net>
F:	src/plugins/builtinurl/

Plugin - GTPU
I:	gtpu
M:	Hongjun Ni <hongjun.ni@intel.com>
F:	src/plugins/gtpu/

Plugin - Internet Key Exchange (IKEv2) Protocol
I:	ikev2
M:	Damjan Marion <damarion@cisco.com>
M:	Neale Ranns <neale@graphiant.com>
M:	Filip Tehlar <ftehlar@cisco.com>
M:	Benoît Ganne <bganne@cisco.com>
F:	src/plugins/ikev2/

Plugin - Internet Group Management Protocol (IGMP)
I:	igmp
M:	Neale Ranns <neale@graphiant.com>
F:	src/plugins/igmp/

Plugin - L3 Cross-Connect (L3XC)
I:	l3xc
M:	Neale Ranns <neale@graphiant.com>
F:	src/plugins/l3xc/

Plugin - LISP
I:	lisp
Y:	src/plugins/lisp/lisp-cp/FEATURE.yaml
Y:	src/plugins/lisp/lisp-gpe/FEATURE.yaml
M:	Florin Coras <fcoras@cisco.com>
F:	src/plugins/lisp/

Plugin - Link Layer Discovery Protocol (LLDP)
I:	lldp
M:	Klement Sekera <ksekera@cisco.com>
F:	src/plugins/lldp/

Plugin - memif device driver
I:	memif
M:	Damjan Marion <damarion@cisco.com>
F:	src/plugins/memif/

Plugin - Marvell MUSDK device driver
I:	marvell
M:	Damjan Marion <damarion@cisco.com>
F:	src/plugins/marvell/

Plugin - performance counter
I:	perfmon
M:	Damjan Marion <damarion@cisco.com>
F:	src/plugins/perfmon/

Plugin - PPPoE
I:	pppoe
M:	Hongjun Ni <hongjun.ni@intel.com>
F:	src/plugins/pppoe/

Plugin - Ping
I:	ping
M:	Andrew Yourtchenko <ayourtch@gmail.com>
F:	src/plugins/ping

Plugin - IPv6 Segment Routing Dynamic Proxy
I:	srv6-ad
M:	Francois Clad <fclad@cisco.com>
F:	src/plugins/srv6-ad/

Plugin - IPv6 Segment Routing Flow-Based Dynamic Proxy
I:	srv6-ad-flow
M:	Francois Clad <fclad@cisco.com>
F:	src/plugins/srv6-ad-flow/

Plugin - IPv6 Segment Routing Masquerading Proxy
I:	srv6-am
M:	Francois Clad <fclad@cisco.com>
F:	src/plugins/srv6-am/

Plugin - IPv6 Segment Routing Static Proxy
I:	srv6-as
M:	Francois Clad <fclad@cisco.com>
F:	src/plugins/srv6-as/

Plugin - IPv6 Segment Routing Mobile
I:	srv6-mobile
M:	Tetsuya Murakami <tetsuya.mrk@gmail.com>
M:	Satoru Matsushima <satoru.matsushima@gmail.com>
F:	src/plugins/srv6-mobile/

Plugin - Link Aggregation Control Protocol
I:	lacp
M:	Steven Luong <sluong@cisco.com>
F:	src/plugins/lacp/

Plugin - Load Balancer
I:	lb
M:	Pfister <ppfister@cisco.com>
M:	Hongjun Ni <hongjun.ni@intel.com>
F:	src/plugins/lb/

Plugin - NSH
I:	nsh
M:	Hongjun Ni <hongjun.ni@intel.com>
M:	Vengada <venggovi@cisco.com>
F:	src/plugins/nsh/

Plugin - TCP MSS Clamping
I:	mss_clamp
M:	Miklos Tirpak <miklos.tirpak@emnify.com>
F:	src/plugins/mss_clamp/

Plugin - Time-based MAC filter
I:	mactime
Y:	src/plugins/mactime/FEATURE.yaml
M:	Dave Barach <vpp@barachs.net>
F:      src/plugins/mactime/

Plugin - Network Delay Simulator
I:	nsim
Y:	src/plugins/nsim/FEATURE.yaml
M:	Dave Barach <vpp@barachs.net>
F:	src/plugins/nsim/

Plugin - Buffer Metadata Modification Tracker
I:	mdata
M:	Dave Barach <vpp@barachs.net>
F:	src/plugins/mdata/

Plugin - Unit Tests
I:	unittest
M:	Dave Barach <vpp@barachs.net>
M:	Florin Coras <fcoras@cisco.com>
F:	src/plugins/unittest/

Test Infrastructure
I:	tests
M:	Klement Sekera <ksekera@cisco.com>
M:	Paul Vinciguerra <pvinci@vinciconsulting.com>
F:	test/

SVM Library
I:	svm
M:	Dave Barach <vpp@barachs.net>
F:	src/svm

VPP API TEST
I:	vat
M:	Dave Barach <vpp@barachs.net>
F:	src/vat/

VPP Executable
I:	vpp
M:	Dave Barach <vpp@barachs.net>
F:	src/vpp/

Emacs templates
I:	emacs
M:	Dave Barach <vpp@barachs.net>
F:	extras/emacs/

Graphical Event Viewer
I:	g2
M:	Dave Barach <vpp@barachs.net>
F:	src/tools/g2/

Performance Tooling
I:	perftool
M:	Dave Barach <vpp@barachs.net>
F:	src/tools/perftool/

Plugin - vmxnet3 device driver
I:	vmxnet3
M:	Steven Luong <sluong@cisco.com>
F:	src/plugins/vmxnet3/

Binary API Compiler for Python
I:	vppapigen
M:	Ole Troan <otroan@employees.org>
F:	src/tools/vppapigen/
F:  extras/scripts/crcchecker.py

API trace tool
I:	vppapitrace
M:	Ole Troan <otroan@employees.org>
F:	src/tools/vppapitrace/

Binary API Compiler for C and C++
I:	vapi
M:	Ole Troan <ot@cisco.com>
F:	src/vpp-api/vapi

Plugin - RDMA (ibverb) driver
I:	rdma
M:	Benoît Ganne <bganne@cisco.com>
M:	Damjan Marion <damarion@cisco.com>
F:	src/plugins/rdma/

Plugin - QUIC protocol
I:	quic
M:	Aloys Augustin <aloaugus@cisco.com>
M:	Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
M:	Dave Wallace <dwallacelf@gmail.com>
M:	Florin Coras <fcoras@cisco.com>
Y:	src/plugins/quic/FEATURE.yaml
F:	src/plugins/quic/

Plugin - snort plugin
I:	snort
M:	Damjan Marion <damarion@cisco.com>
F:	src/plugins/snort/

libmemif
I:	libmemif
M:	Damjan Marion <damarion@cisco.com>
F:	extras/libmemif

gomemif
I:	gomemif
M:	Jakub Grajciar <jgrajcia@cisco.com>
F:	extras/gomemif

VPP Comms Library
I:	vcl
Y:	src/vnet/vcl/FEATURE.yaml
M:	Florin Coras <fcoras@cisco.com>
F:	src/vcl

Statistics Segment
I:	stats
M:	Ole Troan <ot@cisco.com>
F:	src/vpp/stats/
F:	src/vpp-api/client/stat_client.[ch]

Plugin - Host Stack Applications
I:	hsa
M:	Florin Coras <fcoras@cisco.com>
M:	Dave Wallace <dwallacelf@gmail.com>
M:	Aloys Augustin <aloaugus@cisco.com>
M:	Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
F:	src/plugins/hs_apps/

Python binding for the VPP API
I:	papi
M:	Ole Troan <ot@cisco.com>
M:	Paul Vinciguerra <pvinci@vinciconsulting.com>
F:	src/vpp-api/python

Plugin - Cisco Discovery Protocol
I:	cdp
M:	vpp-dev Mailing List <vpp-dev@fd.io>
C:  Unmaintained
F:	src/plugins/cdp/

Plugin - Source VRF Select
I:	svs
M:	Neale Ranns <neale@graphiant.com>
F:	src/plugins/svs/

Plugin - IPv6 Connection Tracker
I:	ct6
M:	Dave Barach <vpp@barachs.net>
F:	src/plugins/ct6

Plugin - Steal The NIC
I:	stn
M:	vpp-dev Mailing List <vpp-dev@fd.io>
C:  Unmaintained
F:	src/plugins/stn

Plugin - IOAM
I:	ioam
M:	vpp-dev Mailing List <vpp-dev@fd.io>
C:  Unmaintained
F:	src/plugins/ioam

Plugin - Awkward chained buffer geometry tool
I:	oddbuf
M:	Dave Barach <vpp@barachs.net>
F:	src/plugins/oddbuf

Plugin - VRRP
I:	vrrp
M:	Matthew Smith <mgsmith@netgate.com>
F:	src/plugins/vrrp

Plugin - Unicast Reverse Path forwarding
I:	urpf
M:	Neale Ranns <neale@graphiant.com>
F:	src/plugins/urpf

Plugin - CNat
I:	cnat
M:	Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
M:	Neale Ranns <neale@graphiant.com>
F:	src/plugins/cnat

Plugin - Wireguard
I:	wireguard
M:	Artem Glazychev <artem.glazychev@xored.com>
M:	Fan Zhang <roy.fan.zhang@intel.com>
F:	src/plugins/wireguard

VPP Config Tooling
I:	vpp_config
M:	John DeNisco <jdenisco@cisco.com>
F:	extras/vpp_config

bash functions
I:	bash
M:	Dave Wallace <dwallacelf@gmail.com>
F:	extras/bash/

Plugin - AF_XDP driver
I:	af_xdp
M:	Benoît Ganne <bganne@cisco.com>
M:	Damjan Marion <damarion@cisco.com>
F:	src/plugins/af_xdp/

Plugin - geneve
I:	geneve
M:	community vpp-dev@lists.fd.io
F:	src/plugins/geneve/

Plugin - linux-cp
I:	linux-cp
M:	Neale Ranns <neale@graphiant.com>
M:	Matthew Smith <mgsmith@netgate.com>
F:	src/plugins/linux-cp/

Plugin - SRTP
I:	srtp
M:	Florin Coras <fcoras@cisco.com>
F:	src/plugins/srtp/

Plugin - bufmon
I:	bufmon
M:	Benoît Ganne <bganne@cisco.com>
F:	src/plugins/bufmon/

Plugin - HSI
I:	hsi
M:	Florin Coras <fcoras@cisco.com>
F:	src/plugins/hsi/

cJSON
I:	cjson
M:	Ole Troan <ot@cisco.com>
F:	src/vppinfra/cJSON.[ch]

VAT2
I:	vat2
M:	Ole Troan <ot@cisco.com>
F:	src/vat2/

VNET Ipfix Export
I:	ipfix-export
M:	Ole Troan <ot@cisco.com>
M:	Paul Atkins <patkins@graphiant.com>
F:	src/vnet/ipfix-export/

RPM packaging on openSUSE
I:	rpm-packaging
M:	Laszlo Kiraly <laszlo.kiraly@est.tech>
F:	src/extras/rpm/opensuse

THE REST
I:	misc
M:	vpp-dev Mailing List <vpp-dev@fd.io>
C:	Missing Maintainer
F:	*
F:	*/
ecorator */ .highlight .ni { color: #f8f8f2 } /* Name.Entity */ .highlight .ne { color: #a6e22e } /* Name.Exception */ .highlight .nf { color: #a6e22e } /* Name.Function */ .highlight .nl { color: #f8f8f2 } /* Name.Label */ .highlight .nn { color: #f8f8f2 } /* Name.Namespace */ .highlight .nx { color: #a6e22e } /* Name.Other */ .highlight .py { color: #f8f8f2 } /* Name.Property */ .highlight .nt { color: #f92672 } /* Name.Tag */ .highlight .nv { color: #f8f8f2 } /* Name.Variable */ .highlight .ow { color: #f92672 } /* Operator.Word */ .highlight .w { color: #f8f8f2 } /* Text.Whitespace */ .highlight .mb { color: #ae81ff } /* Literal.Number.Bin */ .highlight .mf { color: #ae81ff } /* Literal.Number.Float */ .highlight .mh { color: #ae81ff } /* Literal.Number.Hex */ .highlight .mi { color: #ae81ff } /* Literal.Number.Integer */ .highlight .mo { color: #ae81ff } /* Literal.Number.Oct */ .highlight .sa { color: #e6db74 } /* Literal.String.Affix */ .highlight .sb { color: #e6db74 } /* Literal.String.Backtick */ .highlight .sc { color: #e6db74 } /* Literal.String.Char */ .highlight .dl { color: #e6db74 } /* Literal.String.Delimiter */ .highlight .sd { color: #e6db74 } /* Literal.String.Doc */ .highlight .s2 { color: #e6db74 } /* Literal.String.Double */ .highlight .se { color: #ae81ff } /* Literal.String.Escape */ .highlight .sh { color: #e6db74 } /* Literal.String.Heredoc */ .highlight .si { color: #e6db74 } /* Literal.String.Interpol */ .highlight .sx { color: #e6db74 } /* Literal.String.Other */ .highlight .sr { color: #e6db74 } /* Literal.String.Regex */ .highlight .s1 { color: #e6db74 } /* Literal.String.Single */ .highlight .ss { color: #e6db74 } /* Literal.String.Symbol */ .highlight .bp { color: #f8f8f2 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #a6e22e } /* Name.Function.Magic */ .highlight .vc { color: #f8f8f2 } /* Name.Variable.Class */ .highlight .vg { color: #f8f8f2 } /* Name.Variable.Global */ .highlight .vi { color: #f8f8f2 } /* Name.Variable.Instance */ .highlight .vm { color: #f8f8f2 } /* Name.Variable.Magic */ .highlight .il { color: #ae81ff } /* Literal.Number.Integer.Long */ } @media (prefers-color-scheme: light) { .highlight .hll { background-color: #ffffcc } .highlight .c { color: #888888 } /* Comment */ .highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */ .highlight .k { color: #008800; font-weight: bold } /* Keyword */ .highlight .ch { color: #888888 } /* Comment.Hashbang */ .highlight .cm { color: #888888 } /* Comment.Multiline */ .highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */ .highlight .cpf { color: #888888 } /* Comment.PreprocFile */ .highlight .c1 { color: #888888 } /* Comment.Single */ .highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */ .highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */ .highlight .ge { font-style: italic } /* Generic.Emph */ .highlight .gr { color: #aa0000 } /* Generic.Error */ .highlight .gh { color: #333333 } /* Generic.Heading */ .highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */ .highlight .go { color: #888888 } /* Generic.Output */ .highlight .gp { color: #555555 } /* Generic.Prompt */ .highlight .gs { font-weight: bold } /* Generic.Strong */ .highlight .gu { color: #666666 } /* Generic.Subheading */ .highlight .gt { color: #aa0000 } /* Generic.Traceback */ .highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */ .highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */ .highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */ .highlight .kp { color: #008800 } /* Keyword.Pseudo */ .highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */ .highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */ .highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */ .highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */ .highlight .na { color: #336699 } /* Name.Attribute */ .highlight .nb { color: #003388 } /* Name.Builtin */ .highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */ .highlight .no { color: #003366; font-weight: bold } /* Name.Constant */ .highlight .nd { color: #555555 } /* Name.Decorator */ .highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */ .highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */ .highlight .nl { color: #336699; font-style: italic } /* Name.Label */ .highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */ .highlight .py { color: #336699; font-weight: bold } /* Name.Property */ .highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #336699 } /* Name.Variable */ .highlight .ow { color: #008800 } /* Operator.Word */ .highlight .w { color: #bbbbbb } /* Text.Whitespace */ .highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ }
#!/usr/bin/env python
"""ACL plugin Test Case HLD:
"""

import unittest
import random

from scapy.packet import Raw
from scapy.layers.l2 import Ether
from scapy.layers.inet import IP, TCP, UDP, ICMP
from scapy.layers.inet6 import IPv6, ICMPv6EchoRequest
from scapy.layers.inet6 import IPv6ExtHdrFragment
from framework import VppTestCase, VppTestRunner
from util import Host, ppp

from vpp_lo_interface import VppLoInterface


class TestACLplugin(VppTestCase):
    """ ACL plugin Test Case """

    # traffic types
    IP = 0
    ICMP = 1

    # IP version
    IPRANDOM = -1
    IPV4 = 0
    IPV6 = 1

    # rule types
    DENY = 0
    PERMIT = 1

    # supported protocols
    proto = [[6, 17], [1, 58]]
    proto_map = {1: 'ICMP', 58: 'ICMPv6EchoRequest', 6: 'TCP', 17: 'UDP'}
    ICMPv4 = 0
    ICMPv6 = 1
    TCP = 0
    UDP = 1
    PROTO_ALL = 0

    # port ranges
    PORTS_ALL = -1
    PORTS_RANGE = 0
    PORTS_RANGE_2 = 1
    udp_sport_from = 10
    udp_sport_to = udp_sport_from + 5
    udp_dport_from = 20000
    udp_dport_to = udp_dport_from + 5000
    tcp_sport_from = 30
    tcp_sport_to = tcp_sport_from + 5
    tcp_dport_from = 40000
    tcp_dport_to = tcp_dport_from + 5000

    udp_sport_from_2 = 90
    udp_sport_to_2 = udp_sport_from_2 + 5
    udp_dport_from_2 = 30000
    udp_dport_to_2 = udp_dport_from_2 + 5000
    tcp_sport_from_2 = 130
    tcp_sport_to_2 = tcp_sport_from_2 + 5
    tcp_dport_from_2 = 20000
    tcp_dport_to_2 = tcp_dport_from_2 + 5000

    icmp4_type = 8  # echo request
    icmp4_code = 3
    icmp6_type = 128  # echo request
    icmp6_code = 3

    icmp4_type_2 = 8
    icmp4_code_from_2 = 5
    icmp4_code_to_2 = 20
    icmp6_type_2 = 128
    icmp6_code_from_2 = 8
    icmp6_code_to_2 = 42

    # Test variables
    bd_id = 1

    @classmethod
    def setUpClass(cls):
        """
        Perform standard class setup (defined by class method setUpClass in
        class VppTestCase) before running the test case, set test case related
        variables and configure VPP.
        """
        super(TestACLplugin, cls).setUpClass()

        try:
            # Create 2 pg interfaces
            cls.create_pg_interfaces(range(2))

            # Packet flows mapping pg0 -> pg1, pg2 etc.
            cls.flows = dict()
            cls.flows[cls.pg0] = [cls.pg1]

            # Packet sizes
            cls.pg_if_packet_sizes = [64, 512, 1518, 9018]

            # Create BD with MAC learning and unknown unicast flooding disabled
            # and put interfaces to this BD
            cls.vapi.bridge_domain_add_del(bd_id=cls.bd_id, uu_flood=1,
                                           learn=1)
            for pg_if in cls.pg_interfaces:
                cls.vapi.sw_interface_set_l2_bridge(pg_if.sw_if_index,
                                                    bd_id=cls.bd_id)

            # Set up all interfaces
            for i in cls.pg_interfaces:
                i.admin_up()

            # Mapping between packet-generator index and lists of test hosts
            cls.hosts_by_pg_idx = dict()
            for pg_if in cls.pg_interfaces:
                cls.hosts_by_pg_idx[pg_if.sw_if_index] = []

            # Create list of deleted hosts
            cls.deleted_hosts_by_pg_idx = dict()
            for pg_if in cls.pg_interfaces:
                cls.deleted_hosts_by_pg_idx[pg_if.sw_if_index] = []

            # warm-up the mac address tables
            # self.warmup_test()
            count = 16
            start = 0
            n_int = len(cls.pg_interfaces)
            macs_per_if = count / n_int
            i = -1
            for pg_if in cls.pg_interfaces:
                i += 1
                start_nr = macs_per_if * i + start
                end_nr = count + start if i == (n_int - 1) \
                    else macs_per_if * (i + 1) + start
                hosts = cls.hosts_by_pg_idx[pg_if.sw_if_index]
                for j in range(start_nr, end_nr):
                    host = Host(
                        "00:00:00:ff:%02x:%02x" % (pg_if.sw_if_index, j),
                        "172.17.1%02x.%u" % (pg_if.sw_if_index, j),
                        "2017:dead:%02x::%u" % (pg_if.sw_if_index, j))
                    hosts.append(host)

        except Exception:
            super(TestACLplugin, cls).tearDownClass()
            raise

    def setUp(self):
        super(TestACLplugin, self).setUp()
        self.reset_packet_infos()

    def tearDown(self):
        """
        Show various debug prints after each test.
        """
        super(TestACLplugin, self).tearDown()
        if not self.vpp_dead:
            cli = "show vlib graph l2-input-feat-arc"
            self.logger.info(self.vapi.ppcli(cli))
            cli = "show vlib graph l2-input-feat-arc-end"
            self.logger.info(self.vapi.ppcli(cli))
            cli = "show vlib graph l2-output-feat-arc"
            self.logger.info(self.vapi.ppcli(cli))
            cli = "show vlib graph l2-output-feat-arc-end"
            self.logger.info(self.vapi.ppcli(cli))
            self.logger.info(self.vapi.ppcli("show l2fib verbose"))
            self.logger.info(self.vapi.ppcli("show acl-plugin acl"))
            self.logger.info(self.vapi.ppcli("show acl-plugin interface"))
            self.logger.info(self.vapi.ppcli("show acl-plugin tables"))
            self.logger.info(self.vapi.ppcli("show bridge-domain %s detail"
                                             % self.bd_id))

    def create_rule(self, ip=0, permit_deny=0, ports=PORTS_ALL, proto=-1,
                    s_prefix=0, s_ip='\x00\x00\x00\x00',
                    d_prefix=0, d_ip='\x00\x00\x00\x00'):
        if proto == -1:
            return
        if ports == self.PORTS_ALL:
            sport_from = 0
            dport_from = 0
            sport_to = 65535 if proto != 1 and proto != 58 else 255
            dport_to = sport_to
        elif ports == self.PORTS_RANGE:
            if proto == 1:
                sport_from = self.icmp4_type
                sport_to = self.icmp4_type
                dport_from = self.icmp4_code
                dport_to = self.icmp4_code
            elif proto == 58:
                sport_from = self.icmp6_type
                sport_to = self.icmp6_type
                dport_from = self.icmp6_code
                dport_to = self.icmp6_code
            elif proto == self.proto[self.IP][self.TCP]:
                sport_from = self.tcp_sport_from
                sport_to = self.tcp_sport_to
                dport_from = self.tcp_dport_from
                dport_to = self.tcp_dport_to
            elif proto == self.proto[self.IP][self.UDP]:
                sport_from = self.udp_sport_from
                sport_to = self.udp_sport_to
                dport_from = self.udp_dport_from
                dport_to = self.udp_dport_to
        elif ports == self.PORTS_RANGE_2:
            if proto == 1:
                sport_from = self.icmp4_type_2
                sport_to = self.icmp4_type_2
                dport_from = self.icmp4_code_from_2
                dport_to = self.icmp4_code_to_2
            elif proto == 58:
                sport_from = self.icmp6_type_2
                sport_to = self.icmp6_type_2
                dport_from = self.icmp6_code_from_2
                dport_to = self.icmp6_code_to_2
            elif proto == self.proto[self.IP][self.TCP]:
                sport_from = self.tcp_sport_from_2
                sport_to = self.tcp_sport_to_2
                dport_from = self.tcp_dport_from_2
                dport_to = self.tcp_dport_to_2
            elif proto == self.proto[self.IP][self.UDP]:
                sport_from = self.udp_sport_from_2
                sport_to = self.udp_sport_to_2
                dport_from = self.udp_dport_from_2
                dport_to = self.udp_dport_to_2
        else:
            sport_from = ports
            sport_to = ports
            dport_from = ports
            dport_to = ports

        rule = ({'is_permit': permit_deny, 'is_ipv6': ip, 'proto': proto,
                 'srcport_or_icmptype_first': sport_from,
                 'srcport_or_icmptype_last': sport_to,
                 'src_ip_prefix_len': s_prefix,
                 'src_ip_addr': s_ip,
                 'dstport_or_icmpcode_first': dport_from,
                 'dstport_or_icmpcode_last': dport_to,
                 'dst_ip_prefix_len': d_prefix,
                 'dst_ip_addr': d_ip})
        return rule

    def apply_rules(self, rules, tag=''):
        reply = self.vapi.acl_add_replace(acl_index=4294967295, r=rules,
                                          tag=tag)
        self.logger.info("Dumped ACL: " + str(
            self.vapi.acl_dump(reply.acl_index)))
        # Apply a ACL on the interface as inbound
        for i in self.pg_interfaces:
            self.vapi.acl_interface_set_acl_list(sw_if_index=i.sw_if_index,
                                                 n_input=1,
                                                 acls=[reply.acl_index])
        return

    def apply_rules_to(self, rules, tag='', sw_if_index=0xFFFFFFFF):
        reply = self.vapi.acl_add_replace(acl_index=4294967295, r=rules,
                                          tag=tag)
        self.logger.info("Dumped ACL: " + str(
            self.vapi.acl_dump(reply.acl_index)))
        # Apply a ACL on the interface as inbound
        self.vapi.acl_interface_set_acl_list(sw_if_index=sw_if_index,
                                             n_input=1,
                                             acls=[reply.acl_index])
        return

    def etype_whitelist(self, whitelist, n_input):
        # Apply whitelists on all the interfaces
        for i in self.pg_interfaces:
            # checkstyle can't read long names. Help them.
            fun = self.vapi.acl_interface_set_etype_whitelist
            fun(sw_if_index=i.sw_if_index, n_input=n_input,
                whitelist=whitelist)
        return

    def create_upper_layer(self, packet_index, proto, ports=0):
        p = self.proto_map[proto]
        if p == 'UDP':
            if ports == 0:
                return UDP(sport=random.randint(self.udp_sport_from,
                                                self.udp_sport_to),
                           dport=random.randint(self.udp_dport_from,
                                                self.udp_dport_to))
            else:
                return UDP(sport=ports, dport=ports)
        elif p == 'TCP':
            if ports == 0:
                return TCP(sport=random.randint(self.tcp_sport_from,
                                                self.tcp_sport_to),
                           dport=random.randint(self.tcp_dport_from,
                                                self.tcp_dport_to))
            else:
                return TCP(sport=ports, dport=ports)
        return ''

    def create_stream(self, src_if, packet_sizes, traffic_type=0, ipv6=0,
                      proto=-1, ports=0, fragments=False,
                      pkt_raw=True, etype=-1):
        """
        Create input packet stream for defined interface using hosts or
        deleted_hosts list.

        :param object src_if: Interface to create packet stream for.
        :param list packet_sizes: List of required packet sizes.
        :param traffic_type: 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.
        :return: Stream of packets.
        """
        pkts = []
        if self.flows.__contains__(src_if):
            src_hosts = self.hosts_by_pg_idx[src_if.sw_if_index]
            for dst_if in self.flows[src_if]:
                dst_hosts = self.hosts_by_pg_idx[dst_if.sw_if_index]
                n_int = len(dst_hosts) * len(src_hosts)
                for i in range(0, n_int):
                    dst_host = dst_hosts[i / len(src_hosts)]
                    src_host = src_hosts[i % len(src_hosts)]
                    pkt_info = self.create_packet_info(src_if, dst_if)
                    if ipv6 == 1:
                        pkt_info.ip = 1
                    elif ipv6 == 0:
                        pkt_info.ip = 0
                    else:
                        pkt_info.ip = random.choice([0, 1])
                    if proto == -1:
                        pkt_info.proto = random.choice(self.proto[self.IP])
                    else:
                        pkt_info.proto = proto
                    payload = self.info_to_payload(pkt_info)
                    p = Ether(dst=dst_host.mac, src=src_host.mac)
                    if etype > 0:
                        p = Ether(dst=dst_host.mac,
                                  src=src_host.mac,
                                  type=etype)
                    if pkt_info.ip:
                        p /= IPv6(dst=dst_host.ip6, src=src_host.ip6)
                        if fragments:
                            p /= IPv6ExtHdrFragment(offset=64, m=1)
                    else:
                        if fragments:
                            p /= IP(src=src_host.ip4, dst=dst_host.ip4,
                                    flags=1, frag=64)
                        else:
                            p /= IP(src=src_host.ip4, dst=dst_host.ip4)
                    if traffic_type == self.ICMP:
                        if pkt_info.ip:
                            p /= ICMPv6EchoRequest(type=self.icmp6_type,
                                                   code=self.icmp6_code)
                        else:
                            p /= ICMP(type=self.icmp4_type,
                                      code=self.icmp4_code)
                    else:
                        p /= self.create_upper_layer(i, pkt_info.proto, ports)
                    if pkt_raw:
                        p /= Raw(payload)
                        pkt_info.data = p.copy()
                    if pkt_raw:
                        size = random.choice(packet_sizes)
                        self.extend_packet(p, size)
                    pkts.append(p)
        return pkts

    def verify_capture(self, pg_if, capture,
                       traffic_type=0, ip_type=0, etype=-1):
        """
        Verify captured input packet stream for defined interface.

        :param object pg_if: Interface to verify captured packet stream for.
        :param list capture: Captured packet stream.
        :param traffic_type: 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.
        """
        last_info = dict()
        for i in self.pg_interfaces:
            last_info[i.sw_if_index] = None
        dst_sw_if_index = pg_if.sw_if_index
        for packet in capture:
            if etype > 0:
                if packet[Ether].type != etype:
                    self.logger.error(ppp("Unexpected ethertype in packet:",
                                          packet))
                else:
                    continue
            try:
                # Raw data for ICMPv6 are stored in ICMPv6EchoRequest.data
                if traffic_type == self.ICMP and ip_type == self.IPV6:
                    payload_info = self.payload_to_info(
                        packet[ICMPv6EchoRequest].data)
                    payload = packet[ICMPv6EchoRequest]
                else:
                    payload_info = self.payload_to_info(str(packet[Raw]))
                    payload = packet[self.proto_map[payload_info.proto]]
            except:
                self.logger.error(ppp("Unexpected or invalid packet "
                                      "(outside network):", packet))
                raise

            if ip_type != 0:
                self.assertEqual(payload_info.ip, ip_type)
            if traffic_type == self.ICMP:
                try:
                    if payload_info.ip == 0:
                        self.assertEqual(payload.type, self.icmp4_type)
                        self.assertEqual(payload.code, self.icmp4_code)
                    else:
                        self.assertEqual(payload.type, self.icmp6_type)
                        self.assertEqual(payload.code, self.icmp6_code)
                except:
                    self.logger.error(ppp("Unexpected or invalid packet "
                                          "(outside network):", packet))
                    raise
            else:
                try:
                    ip_version = IPv6 if payload_info.ip == 1 else IP

                    ip = packet[ip_version]
                    packet_index = payload_info.index

                    self.assertEqual(payload_info.dst, dst_sw_if_index)
                    self.logger.debug("Got packet on port %s: src=%u (id=%u)" %
                                      (pg_if.name, payload_info.src,
                                       packet_index))
                    next_info = self.get_next_packet_info_for_interface2(
                        payload_info.src, dst_sw_if_index,
                        last_info[payload_info.src])
                    last_info[payload_info.src] = next_info
                    self.assertTrue(next_info is not None)
                    self.assertEqual(packet_index, next_info.index)
                    saved_packet = next_info.data
                    # Check standard fields
                    self.assertEqual(ip.src, saved_packet[ip_version].src)
                    self.assertEqual(ip.dst, saved_packet[ip_version].dst)
                    p = self.proto_map[payload_info.proto]
                    if p == 'TCP':
                        tcp = packet[TCP]
                        self.assertEqual(tcp.sport, saved_packet[
                            TCP].sport)
                        self.assertEqual(tcp.dport, saved_packet[
                            TCP].dport)
                    elif p == 'UDP':
                        udp = packet[UDP]
                        self.assertEqual(udp.sport, saved_packet[
                            UDP].sport)
                        self.assertEqual(udp.dport, saved_packet[
                            UDP].dport)
                except:
                    self.logger.error(ppp("Unexpected or invalid packet:",
                                          packet))
                    raise
        for i in self.pg_interfaces:
            remaining_packet = self.get_next_packet_info_for_interface2(
                i, dst_sw_if_index, last_info[i.sw_if_index])
            self.assertTrue(
                remaining_packet is None,
                "Port %u: Packet expected from source %u didn't arrive" %
                (dst_sw_if_index, i.sw_if_index))

    def run_traffic_no_check(self):
        # Test
        # Create incoming packet streams for packet-generator interfaces
        for i in self.pg_interfaces:
            if self.flows.__contains__(i):
                pkts = self.create_stream(i, self.pg_if_packet_sizes)
                if len(pkts) > 0:
                    i.add_stream(pkts)

        # Enable packet capture and start packet sending
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

    def run_verify_test(self, traffic_type=0, ip_type=0, proto=-1, ports=0,
                        frags=False, pkt_raw=True, etype=-1):
        # Test
        # Create incoming packet streams for packet-generator interfaces
        pkts_cnt = 0
        for i in self.pg_interfaces:
            if self.flows.__contains__(i):
                pkts = self.create_stream(i, self.pg_if_packet_sizes,
                                          traffic_type, ip_type, proto, ports,
                                          frags, pkt_raw, etype)
                if len(pkts) > 0:
                    i.add_stream(pkts)
                    pkts_cnt += len(pkts)

        # Enable packet capture and start packet sendingself.IPV
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        self.logger.info("sent packets count: %d" % pkts_cnt)

        # Verify
        # Verify outgoing packet streams per packet-generator interface
        for src_if in self.pg_interfaces:
            if self.flows.__contains__(src_if):
                for dst_if in self.flows[src_if]:
                    capture = dst_if.get_capture(pkts_cnt)
                    self.logger.info("Verifying capture on interface %s" %
                                     dst_if.name)
                    self.verify_capture(dst_if, capture,
                                        traffic_type, ip_type, etype)

    def run_verify_negat_test(self, traffic_type=0, ip_type=0, proto=-1,
                              ports=0, frags=False, etype=-1):
        # Test
        pkts_cnt = 0
        self.reset_packet_infos()
        for i in self.pg_interfaces:
            if self.flows.__contains__(i):
                pkts = self.create_stream(i, self.pg_if_packet_sizes,
                                          traffic_type, ip_type, proto, ports,
                                          frags, True, etype)
                if len(pkts) > 0:
                    i.add_stream(pkts)
                    pkts_cnt += len(pkts)

        # Enable packet capture and start packet sending
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        self.logger.info("sent packets count: %d" % pkts_cnt)

        # Verify
        # Verify outgoing packet streams per packet-generator interface
        for src_if in self.pg_interfaces:
            if self.flows.__contains__(src_if):
                for dst_if in self.flows[src_if]:
                    self.logger.info("Verifying capture on interface %s" %
                                     dst_if.name)
                    capture = dst_if.get_capture(0)
                    self.assertEqual(len(capture), 0)

    def test_0000_warmup_test(self):
        """ ACL plugin version check; learn MACs
        """
        reply = self.vapi.papi.acl_plugin_get_version()
        self.assertEqual(reply.major, 1)
        self.logger.info("Working with ACL plugin version: %d.%d" % (
            reply.major, reply.minor))
        # minor version changes are non breaking
        # self.assertEqual(reply.minor, 0)

    def test_0001_acl_create(self):
        """ ACL create/delete test
        """

        self.logger.info("ACLP_TEST_START_0001")
        # Add an ACL
        r = [{'is_permit': 1, 'is_ipv6': 0, 'proto': 17,
              'srcport_or_icmptype_first': 1234,
              'srcport_or_icmptype_last': 1235,
              'src_ip_prefix_len': 0,
              'src_ip_addr': '\x00\x00\x00\x00',
              'dstport_or_icmpcode_first': 1234,
              'dstport_or_icmpcode_last': 1234,
              'dst_ip_addr': '\x00\x00\x00\x00',
              'dst_ip_prefix_len': 0}]
        # Test 1: add a new ACL
        reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r,
                                          tag="permit 1234")
        self.assertEqual(reply.retval, 0)
        # The very first ACL gets #0
        self.assertEqual(reply.acl_index, 0)
        first_acl = reply.acl_index
        rr = self.vapi.acl_dump(reply.acl_index)
        self.logger.info("Dumped ACL: " + str(rr))
        self.assertEqual(len(rr), 1)
        # We should have the same number of ACL entries as we had asked
        self.assertEqual(len(rr[0].r), len(r))
        # The rules should be the same. But because the submitted and returned
        # are different types, we need to iterate over rules and keys to get
        # to basic values.
        for i_rule in range(0, len(r) - 1):
            for rule_key in r[i_rule]:
                self.assertEqual(rr[0].r[i_rule][rule_key],
                                 r[i_rule][rule_key])

        # Add a deny-1234 ACL
        r_deny = [{'is_permit': 0, 'is_ipv6': 0, 'proto': 17,
                   'srcport_or_icmptype_first': 1234,
                   'srcport_or_icmptype_last': 1235,
                   'src_ip_prefix_len': 0,
                   'src_ip_addr': '\x00\x00\x00\x00',
                   'dstport_or_icmpcode_first': 1234,
                   'dstport_or_icmpcode_last': 1234,
                   'dst_ip_addr': '\x00\x00\x00\x00',
                   'dst_ip_prefix_len': 0},
                  {'is_permit': 1, 'is_ipv6': 0, 'proto': 17,
                   'srcport_or_icmptype_first': 0,
                   'srcport_or_icmptype_last': 0,
                   'src_ip_prefix_len': 0,
                   'src_ip_addr': '\x00\x00\x00\x00',
                   'dstport_or_icmpcode_first': 0,
                   'dstport_or_icmpcode_last': 0,
                   'dst_ip_addr': '\x00\x00\x00\x00',
                   'dst_ip_prefix_len': 0}]

        reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r_deny,
                                          tag="deny 1234;permit all")
        self.assertEqual(reply.retval, 0)
        # The second ACL gets #1
        self.assertEqual(reply.acl_index, 1)
        second_acl = reply.acl_index

        # Test 2: try to modify a nonexistent ACL
        reply = self.vapi.acl_add_replace(acl_index=432, r=r,
                                          tag="FFFF:FFFF", expected_retval=-6)
        self.assertEqual(reply.retval, -6)
        # The ACL number should pass through
        self.assertEqual(reply.acl_index, 432)
        # apply an ACL on an interface inbound, try to delete ACL, must fail
        self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
                                             n_input=1,
                                             acls=[first_acl])
        reply = self.vapi.acl_del(acl_index=first_acl, expected_retval=-142)
        # Unapply an ACL and then try to delete it - must be ok
        self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
                                             n_input=0,
                                             acls=[])
        reply = self.vapi.acl_del(acl_index=first_acl, expected_retval=0)

        # apply an ACL on an interface outbound, try to delete ACL, must fail
        self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
                                             n_input=0,
                                             acls=[second_acl])
        reply = self.vapi.acl_del(acl_index=second_acl, expected_retval=-143)
        # Unapply the ACL and then try to delete it - must be ok
        self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
                                             n_input=0,
                                             acls=[])
        reply = self.vapi.acl_del(acl_index=second_acl, expected_retval=0)

        # try to apply a nonexistent ACL - must fail
        self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
                                             n_input=1,
                                             acls=[first_acl],
                                             expected_retval=-6)

        self.logger.info("ACLP_TEST_FINISH_0001")

    def test_0002_acl_permit_apply(self):
        """ permit ACL apply test
        """
        self.logger.info("ACLP_TEST_START_0002")

        rules = []
        rules.append(self.create_rule(self.IPV4, self.PERMIT,
                     0, self.proto[self.IP][self.UDP]))
        rules.append(self.create_rule(self.IPV4, self.PERMIT,
                     0, self.proto[self.IP][self.TCP]))

        # Apply rules
        self.apply_rules(rules, "permit per-flow")

        # Traffic should still pass
        self.run_verify_test(self.IP, self.IPV4, -1)
        self.logger.info("ACLP_TEST_FINISH_0002")

    def test_0003_acl_deny_apply(self):
        """ deny ACL apply test
        """
        self.logger.info("ACLP_TEST_START_0003")
        # Add a deny-flows ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY,
                     self.PORTS_ALL, self.proto[self.IP][self.UDP]))
        # Permit ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.PERMIT,
                                      self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "deny per-flow;permit all")

        # Traffic should not pass
        self.run_verify_negat_test(self.IP, self.IPV4,
                                   self.proto[self.IP][self.UDP])
        self.logger.info("ACLP_TEST_FINISH_0003")
        # self.assertEqual(1, 0)

    def test_0004_vpp624_permit_icmpv4(self):
        """ VPP_624 permit ICMPv4
        """
        self.logger.info("ACLP_TEST_START_0004")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.PERMIT, self.PORTS_RANGE,
                                      self.proto[self.ICMP][self.ICMPv4]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit icmpv4")

        # Traffic should still pass
        self.run_verify_test(self.ICMP, self.IPV4,
                             self.proto[self.ICMP][self.ICMPv4])

        self.logger.info("ACLP_TEST_FINISH_0004")

    def test_0005_vpp624_permit_icmpv6(self):
        """ VPP_624 permit ICMPv6
        """
        self.logger.info("ACLP_TEST_START_0005")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV6, self.PERMIT, self.PORTS_RANGE,
                                      self.proto[self.ICMP][self.ICMPv6]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit icmpv6")

        # Traffic should still pass
        self.run_verify_test(self.ICMP, self.IPV6,
                             self.proto[self.ICMP][self.ICMPv6])

        self.logger.info("ACLP_TEST_FINISH_0005")

    def test_0006_vpp624_deny_icmpv4(self):
        """ VPP_624 deny ICMPv4
        """
        self.logger.info("ACLP_TEST_START_0006")
        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_RANGE,
                                      self.proto[self.ICMP][self.ICMPv4]))
        # permit ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.PERMIT,
                                      self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "deny icmpv4")

        # Traffic should not pass
        self.run_verify_negat_test(self.ICMP, self.IPV4, 0)

        self.logger.info("ACLP_TEST_FINISH_0006")

    def test_0007_vpp624_deny_icmpv6(self):
        """ VPP_624 deny ICMPv6
        """
        self.logger.info("ACLP_TEST_START_0007")
        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_RANGE,
                                      self.proto[self.ICMP][self.ICMPv6]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV6, self.PERMIT,
                                      self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "deny icmpv6")

        # Traffic should not pass
        self.run_verify_negat_test(self.ICMP, self.IPV6, 0)

        self.logger.info("ACLP_TEST_FINISH_0007")

    def test_0008_tcp_permit_v4(self):
        """ permit TCPv4
        """
        self.logger.info("ACLP_TEST_START_0008")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.PERMIT, self.PORTS_RANGE,
                     self.proto[self.IP][self.TCP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ipv4 tcp")

        # Traffic should still pass
        self.run_verify_test(self.IP, self.IPV4, self.proto[self.IP][self.TCP])

        self.logger.info("ACLP_TEST_FINISH_0008")

    def test_0009_tcp_permit_v6(self):
        """ permit TCPv6
        """
        self.logger.info("ACLP_TEST_START_0009")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV6, self.PERMIT, self.PORTS_RANGE,
                                      self.proto[self.IP][self.TCP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ip6 tcp")

        # Traffic should still pass
        self.run_verify_test(self.IP, self.IPV6, self.proto[self.IP][self.TCP])

        self.logger.info("ACLP_TEST_FINISH_0008")

    def test_0010_udp_permit_v4(self):
        """ permit UDPv4
        """
        self.logger.info("ACLP_TEST_START_0010")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.PERMIT, self.PORTS_RANGE,
                                      self.proto[self.IP][self.UDP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ipv udp")

        # Traffic should still pass
        self.run_verify_test(self.IP, self.IPV4, self.proto[self.IP][self.UDP])

        self.logger.info("ACLP_TEST_FINISH_0010")

    def test_0011_udp_permit_v6(self):
        """ permit UDPv6
        """
        self.logger.info("ACLP_TEST_START_0011")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV6, self.PERMIT, self.PORTS_RANGE,
                                      self.proto[self.IP][self.UDP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ip6 udp")

        # Traffic should still pass
        self.run_verify_test(self.IP, self.IPV6, self.proto[self.IP][self.UDP])

        self.logger.info("ACLP_TEST_FINISH_0011")

    def test_0012_tcp_deny(self):
        """ deny TCPv4/v6
        """
        self.logger.info("ACLP_TEST_START_0012")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_RANGE,
                                      self.proto[self.IP][self.TCP]))
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_RANGE,
                                      self.proto[self.IP][self.TCP]))
        # permit ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.PERMIT,
                                      self.PORTS_ALL, 0))
        rules.append(self.create_rule(self.IPV6, self.PERMIT,
                                      self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "deny ip4/ip6 tcp")

        # Traffic should not pass
        self.run_verify_negat_test(self.IP, self.IPRANDOM,
                                   self.proto[self.IP][self.TCP])

        self.logger.info("ACLP_TEST_FINISH_0012")

    def test_0013_udp_deny(self):
        """ deny UDPv4/v6
        """
        self.logger.info("ACLP_TEST_START_0013")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_RANGE,
                                      self.proto[self.IP][self.UDP]))
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_RANGE,
                                      self.proto[self.IP][self.UDP]))
        # permit ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.PERMIT,
                                      self.PORTS_ALL, 0))
        rules.append(self.create_rule(self.IPV6, self.PERMIT,
                                      self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "deny ip4/ip6 udp")

        # Traffic should not pass
        self.run_verify_negat_test(self.IP, self.IPRANDOM,
                                   self.proto[self.IP][self.UDP])

        self.logger.info("ACLP_TEST_FINISH_0013")

    def test_0014_acl_dump(self):
        """ verify add/dump acls
        """
        self.logger.info("ACLP_TEST_START_0014")

        r = [[self.IPV4, self.PERMIT, 1234, self.proto[self.IP][self.TCP]],
             [self.IPV4, self.PERMIT, 2345, self.proto[self.IP][self.UDP]],
             [self.IPV4, self.PERMIT, 0, self.proto[self.IP][self.TCP]],
             [self.IPV4, self.PERMIT, 0, self.proto[self.IP][self.UDP]],
             [self.IPV4, self.PERMIT, 5, self.proto[self.ICMP][self.ICMPv4]],
             [self.IPV6, self.PERMIT, 4321, self.proto[self.IP][self.TCP]],
             [self.IPV6, self.PERMIT, 5432, self.proto[self.IP][self.UDP]],
             [self.IPV6, self.PERMIT, 0, self.proto[self.IP][self.TCP]],
             [self.IPV6, self.PERMIT, 0, self.proto[self.IP][self.UDP]],
             [self.IPV6, self.PERMIT, 6, self.proto[self.ICMP][self.ICMPv6]],
             [self.IPV4, self.DENY, self.PORTS_ALL, 0],
             [self.IPV4, self.DENY, 1234, self.proto[self.IP][self.TCP]],
             [self.IPV4, self.DENY, 2345, self.proto[self.IP][self.UDP]],
             [self.IPV4, self.DENY, 5, self.proto[self.ICMP][self.ICMPv4]],
             [self.IPV6, self.DENY, 4321, self.proto[self.IP][self.TCP]],
             [self.IPV6, self.DENY, 5432, self.proto[self.IP][self.UDP]],
             [self.IPV6, self.DENY, 6, self.proto[self.ICMP][self.ICMPv6]],
             [self.IPV6, self.DENY, self.PORTS_ALL, 0]
             ]

        # Add and verify new ACLs
        rules = []
        for i in range(len(r)):
            rules.append(self.create_rule(r[i][0], r[i][1], r[i][2], r[i][3]))

        reply = self.vapi.acl_add_replace(acl_index=4294967295, r=rules)
        result = self.vapi.acl_dump(reply.acl_index)

        i = 0
        for drules in result:
            for dr in drules.r:
                self.assertEqual(dr.is_ipv6, r[i][0])
                self.assertEqual(dr.is_permit, r[i][1])
                self.assertEqual(dr.proto, r[i][3])

                if r[i][2] > 0:
                    self.assertEqual(dr.srcport_or_icmptype_first, r[i][2])
                else:
                    if r[i][2] < 0:
                        self.assertEqual(dr.srcport_or_icmptype_first, 0)
                        self.assertEqual(dr.srcport_or_icmptype_last, 65535)
                    else:
                        if dr.proto == self.proto[self.IP][self.TCP]:
                            self.assertGreater(dr.srcport_or_icmptype_first,
                                               self.tcp_sport_from-1)
                            self.assertLess(dr.srcport_or_icmptype_first,
                                            self.tcp_sport_to+1)
                            self.assertGreater(dr.dstport_or_icmpcode_last,
                                               self.tcp_dport_from-1)
                            self.assertLess(dr.dstport_or_icmpcode_last,
                                            self.tcp_dport_to+1)
                        elif dr.proto == self.proto[self.IP][self.UDP]:
                            self.assertGreater(dr.srcport_or_icmptype_first,
                                               self.udp_sport_from-1)
                            self.assertLess(dr.srcport_or_icmptype_first,
                                            self.udp_sport_to+1)
                            self.assertGreater(dr.dstport_or_icmpcode_last,
                                               self.udp_dport_from-1)
                            self.assertLess(dr.dstport_or_icmpcode_last,
                                            self.udp_dport_to+1)
                i += 1

        self.logger.info("ACLP_TEST_FINISH_0014")

    def test_0015_tcp_permit_port_v4(self):
        """ permit single TCPv4
        """
        self.logger.info("ACLP_TEST_START_0015")

        port = random.randint(0, 65535)
        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.PERMIT, port,
                                      self.proto[self.IP][self.TCP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ip4 tcp "+str(port))

        # Traffic should still pass
        self.run_verify_test(self.IP, self.IPV4,
                             self.proto[self.IP][self.TCP], port)

        self.logger.info("ACLP_TEST_FINISH_0015")

    def test_0016_udp_permit_port_v4(self):
        """ permit single UDPv4
        """
        self.logger.info("ACLP_TEST_START_0016")

        port = random.randint(0, 65535)
        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.PERMIT, port,
                                      self.proto[self.IP][self.UDP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ip4 tcp "+str(port))

        # Traffic should still pass
        self.run_verify_test(self.IP, self.IPV4,
                             self.proto[self.IP][self.UDP], port)

        self.logger.info("ACLP_TEST_FINISH_0016")

    def test_0017_tcp_permit_port_v6(self):
        """ permit single TCPv6
        """
        self.logger.info("ACLP_TEST_START_0017")

        port = random.randint(0, 65535)
        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV6, self.PERMIT, port,
                                      self.proto[self.IP][self.TCP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ip4 tcp "+str(port))

        # Traffic should still pass
        self.run_verify_test(self.IP, self.IPV6,
                             self.proto[self.IP][self.TCP], port)

        self.logger.info("ACLP_TEST_FINISH_0017")

    def test_0018_udp_permit_port_v6(self):
        """ permit single UPPv6
        """
        self.logger.info("ACLP_TEST_START_0018")

        port = random.randint(0, 65535)
        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV6, self.PERMIT, port,
                                      self.proto[self.IP][self.UDP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV6, self.DENY,
                                      self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ip4 tcp "+str(port))

        # Traffic should still pass
        self.run_verify_test(self.IP, self.IPV6,
                             self.proto[self.IP][self.UDP], port)

        self.logger.info("ACLP_TEST_FINISH_0018")

    def test_0019_udp_deny_port(self):
        """ deny single TCPv4/v6
        """
        self.logger.info("ACLP_TEST_START_0019")

        port = random.randint(0, 65535)
        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY, port,
                                      self.proto[self.IP][self.TCP]))
        rules.append(self.create_rule(self.IPV6, self.DENY, port,
                                      self.proto[self.IP][self.TCP]))
        # Permit ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.PERMIT,
                                      self.PORTS_ALL, 0))
        rules.append(self.create_rule(self.IPV6, self.PERMIT,
                                      self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "deny ip4/ip6 udp "+str(port))

        # Traffic should not pass
        self.run_verify_negat_test(self.IP, self.IPRANDOM,
                                   self.proto[self.IP][self.TCP], port)

        self.logger.info("ACLP_TEST_FINISH_0019")

    def test_0020_udp_deny_port(self):
        """ deny single UDPv4/v6
        """
        self.logger.info("ACLP_TEST_START_0020")

        port = random.randint(0, 65535)
        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY, port,
                                      self.proto[self.IP][self.UDP]))
        rules.append(self.create_rule(self.IPV6, self.DENY, port,
                                      self.proto[self.IP][self.UDP]))
        # Permit ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.PERMIT,
                                      self.PORTS_ALL, 0))
        rules.append(self.create_rule(self.IPV6, self.PERMIT,
                                      self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "deny ip4/ip6 udp "+str(port))

        # Traffic should not pass
        self.run_verify_negat_test(self.IP, self.IPRANDOM,
                                   self.proto[self.IP][self.UDP], port)

        self.logger.info("ACLP_TEST_FINISH_0020")

    def test_0021_udp_deny_port_verify_fragment_deny(self):
        """ deny single UDPv4/v6, permit ip any, verify non-initial fragment
        blocked
        """
        self.logger.info("ACLP_TEST_START_0021")

        port = random.randint(0, 65535)
        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY, port,
                                      self.proto[self.IP][self.UDP]))
        rules.append(self.create_rule(self.IPV6, self.DENY, port,
                                      self.proto[self.IP][self.UDP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.PERMIT,
                                      self.PORTS_ALL, 0))
        rules.append(self.create_rule(self.IPV6, self.PERMIT,
                                      self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "deny ip4/ip6 udp "+str(port))

        # Traffic should not pass
        self.run_verify_negat_test(self.IP, self.IPRANDOM,
                                   self.proto[self.IP][self.UDP], port, True)

        self.logger.info("ACLP_TEST_FINISH_0021")

    def test_0022_zero_length_udp_ipv4(self):
        """ VPP-687 zero length udp ipv4 packet"""
        self.logger.info("ACLP_TEST_START_0022")

        port = random.randint(0, 65535)
        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.PERMIT, port,
                                      self.proto[self.IP][self.UDP]))
        # deny ip any any in the end
        rules.append(
            self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit empty udp ip4 " + str(port))

        # Traffic should still pass
        # Create incoming packet streams for packet-generator interfaces
        pkts_cnt = 0
        pkts = self.create_stream(self.pg0, self.pg_if_packet_sizes,
                                  self.IP, self.IPV4,
                                  self.proto[self.IP][self.UDP], port,
                                  False, False)
        if len(pkts) > 0:
            self.pg0.add_stream(pkts)
            pkts_cnt += len(pkts)

        # Enable packet capture and start packet sendingself.IPV
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        self.pg1.get_capture(pkts_cnt)

        self.logger.info("ACLP_TEST_FINISH_0022")

    def test_0023_zero_length_udp_ipv6(self):
        """ VPP-687 zero length udp ipv6 packet"""
        self.logger.info("ACLP_TEST_START_0023")

        port = random.randint(0, 65535)
        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV6, self.PERMIT, port,
                                      self.proto[self.IP][self.UDP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit empty udp ip6 "+str(port))

        # Traffic should still pass
        # Create incoming packet streams for packet-generator interfaces
        pkts_cnt = 0
        pkts = self.create_stream(self.pg0, self.pg_if_packet_sizes,
                                  self.IP, self.IPV6,
                                  self.proto[self.IP][self.UDP], port,
                                  False, False)
        if len(pkts) > 0:
            self.pg0.add_stream(pkts)
            pkts_cnt += len(pkts)

        # Enable packet capture and start packet sendingself.IPV
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        # Verify outgoing packet streams per packet-generator interface
        self.pg1.get_capture(pkts_cnt)

        self.logger.info("ACLP_TEST_FINISH_0023")

    def test_0108_tcp_permit_v4(self):
        """ permit TCPv4 + non-match range
        """
        self.logger.info("ACLP_TEST_START_0108")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_RANGE_2,
                     self.proto[self.IP][self.TCP]))
        rules.append(self.create_rule(self.IPV4, self.PERMIT, self.PORTS_RANGE,
                     self.proto[self.IP][self.TCP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ipv4 tcp")

        # Traffic should still pass
        self.run_verify_test(self.IP, self.IPV4, self.proto[self.IP][self.TCP])

        self.logger.info("ACLP_TEST_FINISH_0108")

    def test_0109_tcp_permit_v6(self):
        """ permit TCPv6 + non-match range
        """
        self.logger.info("ACLP_TEST_START_0109")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_RANGE_2,
                                      self.proto[self.IP][self.TCP]))
        rules.append(self.create_rule(self.IPV6, self.PERMIT, self.PORTS_RANGE,
                                      self.proto[self.IP][self.TCP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ip6 tcp")

        # Traffic should still pass
        self.run_verify_test(self.IP, self.IPV6, self.proto[self.IP][self.TCP])

        self.logger.info("ACLP_TEST_FINISH_0109")

    def test_0110_udp_permit_v4(self):
        """ permit UDPv4 + non-match range
        """
        self.logger.info("ACLP_TEST_START_0110")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_RANGE_2,
                                      self.proto[self.IP][self.UDP]))
        rules.append(self.create_rule(self.IPV4, self.PERMIT, self.PORTS_RANGE,
                                      self.proto[self.IP][self.UDP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ipv4 udp")

        # Traffic should still pass
        self.run_verify_test(self.IP, self.IPV4, self.proto[self.IP][self.UDP])

        self.logger.info("ACLP_TEST_FINISH_0110")

    def test_0111_udp_permit_v6(self):
        """ permit UDPv6 + non-match range
        """
        self.logger.info("ACLP_TEST_START_0111")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_RANGE_2,
                                      self.proto[self.IP][self.UDP]))
        rules.append(self.create_rule(self.IPV6, self.PERMIT, self.PORTS_RANGE,
                                      self.proto[self.IP][self.UDP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ip6 udp")

        # Traffic should still pass
        self.run_verify_test(self.IP, self.IPV6, self.proto[self.IP][self.UDP])

        self.logger.info("ACLP_TEST_FINISH_0111")

    def test_0112_tcp_deny(self):
        """ deny TCPv4/v6 + non-match range
        """
        self.logger.info("ACLP_TEST_START_0112")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.PERMIT,
                                      self.PORTS_RANGE_2,
                                      self.proto[self.IP][self.TCP]))
        rules.append(self.create_rule(self.IPV6, self.PERMIT,
                                      self.PORTS_RANGE_2,
                                      self.proto[self.IP][self.TCP]))
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_RANGE,
                                      self.proto[self.IP][self.TCP]))
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_RANGE,
                                      self.proto[self.IP][self.TCP]))
        # permit ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.PERMIT,
                                      self.PORTS_ALL, 0))
        rules.append(self.create_rule(self.IPV6, self.PERMIT,
                                      self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "deny ip4/ip6 tcp")

        # Traffic should not pass
        self.run_verify_negat_test(self.IP, self.IPRANDOM,
                                   self.proto[self.IP][self.TCP])

        self.logger.info("ACLP_TEST_FINISH_0112")

    def test_0113_udp_deny(self):
        """ deny UDPv4/v6 + non-match range
        """
        self.logger.info("ACLP_TEST_START_0113")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.PERMIT,
                                      self.PORTS_RANGE_2,
                                      self.proto[self.IP][self.UDP]))
        rules.append(self.create_rule(self.IPV6, self.PERMIT,
                                      self.PORTS_RANGE_2,
                                      self.proto[self.IP][self.UDP]))
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_RANGE,
                                      self.proto[self.IP][self.UDP]))
        rules.append(self.create_rule(self.IPV6, self.DENY, self.PORTS_RANGE,
                                      self.proto[self.IP][self.UDP]))
        # permit ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.PERMIT,
                                      self.PORTS_ALL, 0))
        rules.append(self.create_rule(self.IPV6, self.PERMIT,
                                      self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "deny ip4/ip6 udp")

        # Traffic should not pass
        self.run_verify_negat_test(self.IP, self.IPRANDOM,
                                   self.proto[self.IP][self.UDP])

        self.logger.info("ACLP_TEST_FINISH_0113")

    def test_0300_tcp_permit_v4_etype_aaaa(self):
        """ permit TCPv4, send 0xAAAA etype
        """
        self.logger.info("ACLP_TEST_START_0300")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_RANGE_2,
                     self.proto[self.IP][self.TCP]))
        rules.append(self.create_rule(self.IPV4, self.PERMIT, self.PORTS_RANGE,
                     self.proto[self.IP][self.TCP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ipv4 tcp")

        # Traffic should still pass also for an odd ethertype
        self.run_verify_test(self.IP, self.IPV4, self.proto[self.IP][self.TCP],
                             0, False, True, 0xaaaa)
        self.logger.info("ACLP_TEST_FINISH_0300")

    def test_0305_tcp_permit_v4_etype_blacklist_aaaa(self):
        """ permit TCPv4, whitelist 0x0BBB ethertype, send 0xAAAA-blocked
        """
        self.logger.info("ACLP_TEST_START_0305")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_RANGE_2,
                     self.proto[self.IP][self.TCP]))
        rules.append(self.create_rule(self.IPV4, self.PERMIT, self.PORTS_RANGE,
                     self.proto[self.IP][self.TCP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ipv4 tcp")

        # whitelist the 0xbbbb etype - so the 0xaaaa should be blocked
        self.etype_whitelist([0xbbb], 1)

        # The oddball ethertype should be blocked
        self.run_verify_negat_test(self.IP, self.IPV4,
                                   self.proto[self.IP][self.TCP],
                                   0, False, 0xaaaa)

        # remove the whitelist
        self.etype_whitelist([], 0)

        self.logger.info("ACLP_TEST_FINISH_0305")

    def test_0306_tcp_permit_v4_etype_blacklist_aaaa(self):
        """ permit TCPv4, whitelist 0x0BBB ethertype, send 0x0BBB - pass
        """
        self.logger.info("ACLP_TEST_START_0306")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_RANGE_2,
                     self.proto[self.IP][self.TCP]))
        rules.append(self.create_rule(self.IPV4, self.PERMIT, self.PORTS_RANGE,
                     self.proto[self.IP][self.TCP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ipv4 tcp")

        # whitelist the 0xbbbb etype - so the 0xaaaa should be blocked
        self.etype_whitelist([0xbbb], 1)

        # The whitelisted traffic, should pass
        self.run_verify_test(self.IP, self.IPV4, self.proto[self.IP][self.TCP],
                             0, False, True, 0x0bbb)

        # remove the whitelist, the previously blocked 0xAAAA should pass now
        self.etype_whitelist([], 0)

        self.logger.info("ACLP_TEST_FINISH_0306")

    def test_0307_tcp_permit_v4_etype_blacklist_aaaa(self):
        """ permit TCPv4, whitelist 0x0BBB, remove, send 0xAAAA - pass
        """
        self.logger.info("ACLP_TEST_START_0307")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_RANGE_2,
                     self.proto[self.IP][self.TCP]))
        rules.append(self.create_rule(self.IPV4, self.PERMIT, self.PORTS_RANGE,
                     self.proto[self.IP][self.TCP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))

        # Apply rules
        self.apply_rules(rules, "permit ipv4 tcp")

        # whitelist the 0xbbbb etype - so the 0xaaaa should be blocked
        self.etype_whitelist([0xbbb], 1)
        # remove the whitelist, the previously blocked 0xAAAA should pass now
        self.etype_whitelist([], 0)

        # The whitelisted traffic, should pass
        self.run_verify_test(self.IP, self.IPV4, self.proto[self.IP][self.TCP],
                             0, False, True, 0xaaaa)

        self.logger.info("ACLP_TEST_FINISH_0306")

    def test_0315_del_intf(self):
        """ apply an acl and delete the interface
        """
        self.logger.info("ACLP_TEST_START_0315")

        # Add an ACL
        rules = []
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_RANGE_2,
                     self.proto[self.IP][self.TCP]))
        rules.append(self.create_rule(self.IPV4, self.PERMIT, self.PORTS_RANGE,
                     self.proto[self.IP][self.TCP]))
        # deny ip any any in the end
        rules.append(self.create_rule(self.IPV4, self.DENY, self.PORTS_ALL, 0))

        # create an interface
        intf = []
        intf.append(VppLoInterface(self))

        # Apply rules
        self.apply_rules_to(rules, "permit ipv4 tcp", intf[0].sw_if_index)

        # Remove the interface
        intf[0].remove_vpp_config()

        self.logger.info("ACLP_TEST_FINISH_0315")

if __name__ == '__main__':
    unittest.main(testRunner=VppTestRunner)