2.13. test_acl_plugin module

ACL plugin Test Case HLD:

class test_acl_plugin.TestACLplugin(methodName='runTest')

Bases: framework.VppTestCase

ACL plugin Test Case

DENY = 0
ICMP = 1
ICMPv4 = 0
ICMPv6 = 1
IP = 0
IPRANDOM = -1
IPV4 = 0
IPV6 = 1
PERMIT = 1
PORTS_ALL = -1
PORTS_RANGE = 0
PORTS_RANGE_2 = 1
PROTO_ALL = 0
TCP = 0
UDP = 1
apply_rules(rules, tag='')
bd_id = 1
create_hosts(count, start=0)

Create required number of host MAC addresses and distribute them among interfaces. Create host IPv4 address for every host MAC address.

Parameters:
  • count (int) – Number of hosts to create MAC/IPv4 addresses for.
  • start (int) – Number to start numbering from.
create_rule(ip=0, permit_deny=0, ports=-1, proto=-1, s_prefix=0, s_ip='\x00\x00\x00\x00', d_prefix=0, d_ip='\x00\x00\x00\x00')
create_stream(src_if, packet_sizes, traffic_type=0, ipv6=0, proto=-1, ports=0, fragments=False, pkt_raw=True)

Create input packet stream for defined interface using hosts or deleted_hosts list.

Parameters:
  • src_if (object) – Interface to create packet stream for.
  • packet_sizes (list) – List of required packet sizes.
  • traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.
Returns:

Stream of packets.

create_upper_layer(packet_index, proto, ports=0)
icmp4_code = 3
icmp4_code_from_2 = 5
icmp4_code_to_2 = 20
icmp4_type = 8
icmp4_type_2 = 8
icmp6_code = 3
icmp6_code_from_2 = 8
icmp6_code_to_2 = 42
icmp6_type = 128
icmp6_type_2 = 128
proto = [[6, 17], [1, 58]]
proto_map = {1: 'ICMP', 58: 'ICMPv6EchoRequest', 6: 'TCP', 17: 'UDP'}
run_traffic_no_check()
run_verify_negat_test(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False)
run_verify_test(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False, pkt_raw=True)
setUp()
classmethod setUpClass()

Perform standard class setup (defined by class method setUpClass in class VppTestCase) before running the test case, set test case related variables and configure VPP.

tcp_dport_from = 40000
tcp_dport_from_2 = 20000
tcp_dport_to = 45000
tcp_dport_to_2 = 25000
tcp_sport_from = 30
tcp_sport_from_2 = 130
tcp_sport_to = 35
tcp_sport_to_2 = 135
tearDown()

Show various debug prints after each test.

test_0000_warmup_test()

ACL plugin version check; learn MACs

test_0001_acl_create()

ACL create/delete test

test_0002_acl_permit_apply()

permit ACL apply test

test_0003_acl_deny_apply()

deny ACL apply test

test_0004_vpp624_permit_icmpv4()

VPP_624 permit ICMPv4

test_0005_vpp624_permit_icmpv6()

VPP_624 permit ICMPv6

test_0006_vpp624_deny_icmpv4()

VPP_624 deny ICMPv4

test_0007_vpp624_deny_icmpv6()

VPP_624 deny ICMPv6

test_0008_tcp_permit_v4()

permit TCPv4

test_0009_tcp_permit_v6()

permit TCPv6

test_0010_udp_permit_v4()

permit UDPv4

test_0011_udp_permit_v6()

permit UDPv6

test_0012_tcp_deny()

deny TCPv4/v6

test_0013_udp_deny()

deny UDPv4/v6

test_0014_acl_dump()

verify add/dump acls

test_0015_tcp_permit_port_v4()

permit single TCPv4

test_0016_udp_permit_port_v4()

permit single UDPv4

test_0017_tcp_permit_port_v6()

permit single TCPv6

test_0018_udp_permit_port_v6()

permit single UPPv6

test_0019_udp_deny_port()

deny single TCPv4/v6

test_0020_udp_deny_port()

deny single UDPv4/v6

test_0021_udp_deny_port_verify_fragment_deny()

deny single UDPv4/v6, permit ip any, verify non-initial fragment blocked

test_0022_zero_length_udp_ipv4()

VPP-687 zero length udp ipv4 packet

test_0023_zero_length_udp_ipv6()

VPP-687 zero length udp ipv6 packet

test_0108_tcp_permit_v4()

permit TCPv4 + non-match range

test_0109_tcp_permit_v6()

permit TCPv6 + non-match range

test_0110_udp_permit_v4()

permit UDPv4 + non-match range

test_0111_udp_permit_v6()

permit UDPv6 + non-match range

test_0112_tcp_deny()

deny TCPv4/v6 + non-match range

test_0113_udp_deny()

deny UDPv4/v6 + non-match range

udp_dport_from = 20000
udp_dport_from_2 = 30000
udp_dport_to = 25000
udp_dport_to_2 = 35000
udp_sport_from = 10
udp_sport_from_2 = 90
udp_sport_to = 15
udp_sport_to_2 = 95
verify_capture(pg_if, capture, traffic_type=0, ip_type=0)

Verify captured input packet stream for defined interface.

Parameters:
  • pg_if (object) – Interface to verify captured packet stream for.
  • capture (list) – Captured packet stream.
  • traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.