2.10. test_acl_plugin module¶

ACL plugin Test Case HLD:

class test_acl_plugin.TestACLplugin(methodName='runTest')¶

Bases: framework.VppTestCase

ACL plugin Test Case

DENY = 0¶

ICMP = 1¶

ICMPv4 = 0¶

ICMPv6 = 1¶

IP = 0¶

IPRANDOM = -1¶

IPV4 = 0¶

IPV6 = 1¶

PERMIT = 1¶

PORTS_ALL = -1¶

PORTS_RANGE = 0¶

PROTO_ALL = 0¶

TCP = 0¶

UDP = 1¶

api_acl_add_replace(acl_index, r, count, tag='', expected_retval=0)¶

Add/replace an ACL

Parameters:	acl_index (int) – ACL index to replace,

4294967295 to create new ACL. :param acl_rule r: ACL rules array. :param str tag: symbolic tag (description) for this ACL. :param int count: number of rules.

api_acl_dump(acl_index, expected_retval=0)¶

api_acl_interface_set_acl_list(sw_if_index, count, n_input, acls, expected_retval=0)¶

apply_rules(rules, tag='')¶

bd_id = 1¶

create_hosts(count, start=0)¶

Create required number of host MAC addresses and distribute them among interfaces. Create host IPv4 address for every host MAC address.

Parameters:	count (int) – Number of hosts to create MAC/IPv4 addresses for. start (int) – Number to start numbering from.

create_rule(ip=0, permit_deny=0, ports=-1, proto=-1, s_prefix=0, s_ip='\x00\x00\x00\x00', d_prefix=0, d_ip='\x00\x00\x00\x00')¶

create_stream(src_if, packet_sizes, traffic_type=0, ipv6=0, proto=-1, ports=0, fragments=False)¶

Create input packet stream for defined interface using hosts or deleted_hosts list.

Parameters:	src_if (object) – Interface to create packet stream for. packet_sizes (list) – List of required packet sizes. traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.
Returns:	Stream of packets.

create_upper_layer(packet_index, proto, ports=0)¶

icmp4_code = 3¶

icmp4_type = 8¶

icmp6_code = 3¶

icmp6_type = 128¶

proto = [[6, 17], [1, 58]]¶

proto_map = {1: 'ICMP', 58: 'ICMPv6EchoRequest', 6: 'TCP', 17: 'UDP'}¶

run_traffic_no_check()¶

run_verify_negat_test(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False)¶

run_verify_test(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False)¶

setUp()¶

classmethod setUpClass()¶: Perform standard class setup (defined by class method setUpClass in class VppTestCase) before running the test case, set test case related variables and configure VPP.

tcp_dport_from = 40000¶

tcp_dport_to = 45000¶

tcp_sport_from = 30¶

tcp_sport_to = 35¶

tearDown()¶: Show various debug prints after each test.

test_0000_warmup_test()¶: ACL plugin version check; learn MACs

test_0001_acl_create()¶: ACL create test

test_0002_acl_permit_apply()¶: permit ACL apply test

test_0003_acl_deny_apply()¶: deny ACL apply test

test_0004_vpp624_permit_icmpv4()¶: VPP_624 permit ICMPv4

test_0005_vpp624_permit_icmpv6()¶: VPP_624 permit ICMPv6

test_0006_vpp624_deny_icmpv4()¶: VPP_624 deny ICMPv4

test_0007_vpp624_deny_icmpv6()¶: VPP_624 deny ICMPv6

test_0008_tcp_permit_v4()¶: permit TCPv4

test_0009_tcp_permit_v6()¶: permit TCPv6

test_0010_udp_permit_v4()¶: permit UDPv4

test_0011_udp_permit_v6()¶: permit UDPv6

test_0012_tcp_deny()¶: deny TCPv4/v6

test_0013_udp_deny()¶: deny UDPv4/v6

test_0014_acl_dump()¶: verify add/dump acls

test_0015_tcp_permit_port_v4()¶: permit single TCPv4

test_0016_udp_permit_port_v4()¶: permit single UDPv4

test_0017_tcp_permit_port_v6()¶: permit single TCPv6

test_0018_udp_permit_port_v6()¶: permit single UPPv6

test_0019_udp_deny_port()¶: deny single TCPv4/v6

test_0020_udp_deny_port()¶: deny single UDPv4/v6

test_0021_udp_deny_port_verify_fragment_deny()¶: deny single UDPv4/v6, permit ip any, verify non-initial fragment blocked

udp_dport_from = 20000¶

udp_dport_to = 25000¶

udp_sport_from = 10¶

udp_sport_to = 15¶

verify_capture(pg_if, capture, traffic_type=0, ip_type=0)¶

Verify captured input packet stream for defined interface.

Parameters:	pg_if (object) – Interface to verify captured packet stream for. capture (list) – Captured packet stream. traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.