2.26. test_classify_l2_acl module

Classifier-based L2 ACL Test Case HLD:

class test_classify_l2_acl.TestClassifyAcl(methodName='runTest')

Bases: framework.VppTestCase

Classifier-based L2 input and output ACL Test Case

DENY = 0
ICMP = 1
ICMPv4 = 0
ICMPv6 = 1
IP = 0
IPRANDOM = -1
IPV4 = 0
IPV6 = 1
PERMIT = 1
PORTS_ALL = -1
PORTS_RANGE = 0
PORTS_RANGE_2 = 1
PROTO_ALL = 0
TCP = 0
UDP = 1
bd_id = 1
build_classify_table(src_mac='', dst_mac='', ether_type='', etype='', key='mac', hit_next_index=4294967295)
static build_mac_mask(dst_mac='', src_mac='', ether_type='')

Build MAC ACL mask data with hexstring format

Parameters:
  • dst_mac (str) – source MAC address <0-ffffffffffff>
  • src_mac (str) – destination MAC address <0-ffffffffffff>
  • ether_type (str) – ethernet type <0-ffff>
static build_mac_match(dst_mac='', src_mac='', ether_type='')

Build MAC ACL match data with hexstring format

Parameters:
  • dst_mac (str) – source MAC address <x:x:x:x:x:x>
  • src_mac (str) – destination MAC address <x:x:x:x:x:x>
  • ether_type (str) – ethernet type <0-ffff>
create_classify_session(intf, table_index, match, hit_next_index=4294967295, is_add=1)

Create Classify Session

Parameters:
  • intf (VppInterface) – Interface to apply classify session.
  • table_index (int) – table index to identify classify table.
  • match (str) – matched value for interested traffic.
  • pbr_action (int) – enable/disable PBR feature.
  • vrfid (int) – VRF id.
  • is_add (int) – option to configure classify session. - create(1) or delete(0)
create_classify_table(key, mask, data_offset=0, is_add=1)

Create Classify Table

Parameters:
  • key (str) – key for classify table (ex, ACL name).
  • mask (str) – mask value for interested traffic.
  • match_n_vectors (int) –
  • is_add (int) – option to configure classify table. - create(1) or delete(0)
create_hosts(count, start=0)

Create required number of host MAC addresses and distribute them among interfaces. Create host IPv4 address for every host MAC address.

Parameters:
  • count (int) – Number of hosts to create MAC/IPv4 addresses for.
  • start (int) – Number to start numbering from.
create_stream(src_if, packet_sizes, traffic_type=0, ipv6=0, proto=-1, ports=0, fragments=False, pkt_raw=True, etype=-1)

Create input packet stream for defined interface using hosts or deleted_hosts list.

Parameters:
  • src_if (object) – Interface to create packet stream for.
  • packet_sizes (list) – List of required packet sizes.
  • traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.
Returns:

Stream of packets.
create_upper_layer(packet_index, proto, ports=0)
icmp4_code = 3
icmp4_code_from_2 = 5
icmp4_code_to_2 = 20
icmp4_type = 8
icmp4_type_2 = 8
icmp6_code = 3
icmp6_code_from_2 = 8
icmp6_code_to_2 = 42
icmp6_type = 128
icmp6_type_2 = 128
input_acl_set_interface(intf, table_index, is_add=1)

Configure Input ACL interface

Parameters:
  • intf (VppInterface) – Interface to apply Input ACL feature.
  • table_index (int) – table index to identify classify table.
  • is_add (int) – option to configure classify session. - enable(1) or disable(0)
output_acl_set_interface(intf, table_index, is_add=1)

Configure Output ACL interface

Parameters:
  • intf (VppInterface) – Interface to apply Output ACL feature.
  • table_index (int) – table index to identify classify table.
  • is_add (int) – option to configure classify session. - enable(1) or disable(0)
proto = [[6, 17], [1, 58]]
proto_map = {1: 'ICMP', 6: 'TCP', 17: 'UDP', 58: 'ICMPv6EchoRequest'}
run_traffic_no_check()
run_verify_negat_test(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False, etype=-1)
run_verify_test(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False, pkt_raw=True, etype=-1)
setUp()

Clear trace before running each test

classmethod setUpClass()

Perform standard class setup (defined by class method setUpClass in class VppTestCase) before running the test case, set test case related variables and configure VPP.

tcp_dport_from = 40000
tcp_dport_from_2 = 20000
tcp_dport_to = 45000
tcp_dport_to_2 = 25000
tcp_sport_from = 30
tcp_sport_from_2 = 130
tcp_sport_to = 35
tcp_sport_to_2 = 135
tearDown()

Show various debug prints after each test.

test_0000_warmup_test()

Learn the MAC addresses

test_0010_inacl_permit_src_mac()

Input L2 ACL test - permit source MAC

Test scenario for basic IP ACL with source IP
  • Create IPv4 stream for pg0 -> pg1 interface.
  • Create ACL with source MAC address.
  • Send and verify received packets on pg1 interface.
test_0011_inacl_permit_dst_mac()

Input L2 ACL test - permit destination MAC

Test scenario for basic IP ACL with source IP
  • Create IPv4 stream for pg0 -> pg1 interface.
  • Create ACL with destination MAC address.
  • Send and verify received packets on pg1 interface.
test_0012_inacl_permit_src_dst_mac()

Input L2 ACL test - permit source and destination MAC

Test scenario for basic IP ACL with source IP
  • Create IPv4 stream for pg0 -> pg1 interface.
  • Create ACL with source and destination MAC addresses.
  • Send and verify received packets on pg1 interface.
test_0013_inacl_permit_ether_type()

Input L2 ACL test - permit ether_type

Test scenario for basic IP ACL with source IP
  • Create IPv4 stream for pg0 -> pg1 interface.
  • Create ACL with destination MAC address.
  • Send and verify received packets on pg1 interface.
test_0015_inacl_deny()

Input L2 ACL test - deny

Test scenario for basic IP ACL with source IP
  • Create IPv4 stream for pg0 -> pg1 interface.
  • Create ACL with source MAC address.
  • Send and verify no received packets on pg1 interface.
test_0020_outacl_permit()

Output L2 ACL test - permit

Test scenario for basic IP ACL with source IP
  • Create IPv4 stream for pg0 -> pg1 interface.
  • Create ACL with source MAC address.
  • Send and verify received packets on pg1 interface.
test_0025_outacl_deny()

Output L2 ACL test - deny

Test scenario for basic IP ACL with source IP
  • Create IPv4 stream for pg0 -> pg1 interface.
  • Create ACL with source MAC address.
  • Send and verify no received packets on pg1 interface.
test_0030_inoutacl_permit()

Input+Output L2 ACL test - permit

Test scenario for basic IP ACL with source IP
  • Create IPv4 stream for pg0 -> pg1 interface.
  • Create ACLs with source MAC address.
  • Send and verify received packets on pg1 interface.
udp_dport_from = 20000
udp_dport_from_2 = 30000
udp_dport_to = 25000
udp_dport_to_2 = 35000
udp_sport_from = 10
udp_sport_from_2 = 90
udp_sport_to = 15
udp_sport_to_2 = 95
verify_capture(pg_if, capture, traffic_type=0, ip_type=0, etype=-1)

Verify captured input packet stream for defined interface.

Parameters:
  • pg_if (object) – Interface to verify captured packet stream for.
  • capture (list) – Captured packet stream.
  • traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.