2.17. test_acl_plugin module¶

ACL plugin Test Case HLD:

class test_acl_plugin.TestACLplugin(methodName='runTest')¶

Bases: framework.VppTestCase

ACL plugin Test Case

DENY = 0¶

ICMP = 1¶

ICMPv4 = 0¶

ICMPv6 = 1¶

IP = 0¶

IPRANDOM = -1¶

IPV4 = 0¶

IPV6 = 1¶

PERMIT = 1¶

PORTS_ALL = -1¶

PORTS_RANGE = 0¶

PORTS_RANGE_2 = 1¶

PROTO_ALL = 0¶

TCP = 0¶

UDP = 1¶

apply_rules(rules, tag='')¶

apply_rules_to(rules, tag='', sw_if_index=4294967295)¶

bd_id = 1¶

create_hosts(count, start=0)¶

Create required number of host MAC addresses and distribute them among interfaces. Create host IPv4 address for every host MAC address.

Parameters:	count (int) – Number of hosts to create MAC/IPv4 addresses for. start (int) – Number to start numbering from.

create_rule(ip=0, permit_deny=0, ports=-1, proto=-1, s_prefix=0, s_ip='\x00\x00\x00\x00', d_prefix=0, d_ip='\x00\x00\x00\x00')¶

create_stream(src_if, packet_sizes, traffic_type=0, ipv6=0, proto=-1, ports=0, fragments=False, pkt_raw=True, etype=-1)¶

Create input packet stream for defined interface using hosts or deleted_hosts list.

Parameters:	src_if (object) – Interface to create packet stream for. packet_sizes (list) – List of required packet sizes. traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.
Returns:	Stream of packets.

create_upper_layer(packet_index, proto, ports=0)¶

etype_whitelist(whitelist, n_input)¶

icmp4_code = 3¶

icmp4_code_from_2 = 5¶

icmp4_code_to_2 = 20¶

icmp4_type = 8¶

icmp4_type_2 = 8¶

icmp6_code = 3¶

icmp6_code_from_2 = 8¶

icmp6_code_to_2 = 42¶

icmp6_type = 128¶

icmp6_type_2 = 128¶

proto = [[6, 17], [1, 58]]¶

proto_map = {1: 'ICMP', 6: 'TCP', 17: 'UDP', 58: 'ICMPv6EchoRequest'}¶

run_traffic_no_check()¶

run_verify_negat_test(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False, etype=-1)¶

run_verify_test(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False, pkt_raw=True, etype=-1)¶

setUp()¶: Clear trace before running each test

classmethod setUpClass()¶: Perform standard class setup (defined by class method setUpClass in class VppTestCase) before running the test case, set test case related variables and configure VPP.

tcp_dport_from = 40000¶

tcp_dport_from_2 = 20000¶

tcp_dport_to = 45000¶

tcp_dport_to_2 = 25000¶

tcp_sport_from = 30¶

tcp_sport_from_2 = 130¶

tcp_sport_to = 35¶

tcp_sport_to_2 = 135¶

tearDown()¶: Show various debug prints after each test.

test_0000_warmup_test()¶: ACL plugin version check; learn MACs

test_0001_acl_create()¶: ACL create/delete test

test_0002_acl_permit_apply()¶: permit ACL apply test

test_0003_acl_deny_apply()¶: deny ACL apply test

test_0004_vpp624_permit_icmpv4()¶: VPP_624 permit ICMPv4

test_0005_vpp624_permit_icmpv6()¶: VPP_624 permit ICMPv6

test_0006_vpp624_deny_icmpv4()¶: VPP_624 deny ICMPv4

test_0007_vpp624_deny_icmpv6()¶: VPP_624 deny ICMPv6

test_0008_tcp_permit_v4()¶: permit TCPv4

test_0009_tcp_permit_v6()¶: permit TCPv6

test_0010_udp_permit_v4()¶: permit UDPv4

test_0011_udp_permit_v6()¶: permit UDPv6

test_0012_tcp_deny()¶: deny TCPv4/v6

test_0013_udp_deny()¶: deny UDPv4/v6

test_0014_acl_dump()¶: verify add/dump acls

test_0015_tcp_permit_port_v4()¶: permit single TCPv4

test_0016_udp_permit_port_v4()¶: permit single UDPv4

test_0017_tcp_permit_port_v6()¶: permit single TCPv6

test_0018_udp_permit_port_v6()¶: permit single UPPv6

test_0019_udp_deny_port()¶: deny single TCPv4/v6

test_0020_udp_deny_port()¶: deny single UDPv4/v6

test_0021_udp_deny_port_verify_fragment_deny()¶: deny single UDPv4/v6, permit ip any, verify non-initial fragment blocked

test_0022_zero_length_udp_ipv4()¶: VPP-687 zero length udp ipv4 packet

test_0023_zero_length_udp_ipv6()¶: VPP-687 zero length udp ipv6 packet

test_0108_tcp_permit_v4()¶: permit TCPv4 + non-match range

test_0109_tcp_permit_v6()¶: permit TCPv6 + non-match range

test_0110_udp_permit_v4()¶: permit UDPv4 + non-match range

test_0111_udp_permit_v6()¶: permit UDPv6 + non-match range

test_0112_tcp_deny()¶: deny TCPv4/v6 + non-match range

test_0113_udp_deny()¶: deny UDPv4/v6 + non-match range

test_0300_tcp_permit_v4_etype_aaaa()¶: permit TCPv4, send 0xAAAA etype

test_0305_tcp_permit_v4_etype_blacklist_aaaa()¶: permit TCPv4, whitelist 0x0BBB ethertype, send 0xAAAA, 0x0BBB

test_0315_del_intf()¶: apply an acl and delete the interface

udp_dport_from = 20000¶

udp_dport_from_2 = 30000¶

udp_dport_to = 25000¶

udp_dport_to_2 = 35000¶

udp_sport_from = 10¶

udp_sport_from_2 = 90¶

udp_sport_to = 15¶

udp_sport_to_2 = 95¶

verify_capture(pg_if, capture, traffic_type=0, ip_type=0, etype=-1)¶

Verify captured input packet stream for defined interface.

Parameters:	pg_if (object) – Interface to verify captured packet stream for. capture (list) – Captured packet stream. traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.