2.29. test_classify_l2_acl module¶
Classifier-based L2 ACL Test Case HLD:
-
class
test_classify_l2_acl.
TestClassifyAcl
(methodName='runTest')¶ Bases:
framework.VppTestCase
Classifier-based L2 input and output ACL Test Case
-
DENY
= 0¶
-
ICMP
= 1¶
-
ICMPv4
= 0¶
-
ICMPv6
= 1¶
-
IP
= 0¶
-
IPRANDOM
= -1¶
-
IPV4
= 0¶
-
IPV6
= 1¶
-
PERMIT
= 1¶
-
PORTS_ALL
= -1¶
-
PORTS_RANGE
= 0¶
-
PORTS_RANGE_2
= 1¶
-
PROTO_ALL
= 0¶
-
TCP
= 0¶
-
UDP
= 1¶
-
bd_id
= 1¶
-
build_classify_table
(src_mac='', dst_mac='', ether_type='', etype='', key='mac', hit_next_index=4294967295)¶
-
static
build_mac_mask
(dst_mac='', src_mac='', ether_type='')¶ Build MAC ACL mask data with hexstring format
- Parameters
dst_mac (str) – source MAC address <0-ffffffffffff>
src_mac (str) – destination MAC address <0-ffffffffffff>
ether_type (str) – ethernet type <0-ffff>
-
static
build_mac_match
(dst_mac='', src_mac='', ether_type='')¶ Build MAC ACL match data with hexstring format
- Parameters
dst_mac (str) – source MAC address <x:x:x:x:x:x>
src_mac (str) – destination MAC address <x:x:x:x:x:x>
ether_type (str) – ethernet type <0-ffff>
-
create_classify_session
(intf, table_index, match, hit_next_index=4294967295, is_add=1)¶ Create Classify Session
- Parameters
intf (VppInterface) – Interface to apply classify session.
table_index (int) – table index to identify classify table.
match (str) – matched value for interested traffic.
pbr_action (int) – enable/disable PBR feature.
vrfid (int) – VRF id.
is_add (int) – option to configure classify session. - create(1) or delete(0)
-
create_classify_table
(key, mask, data_offset=0, is_add=1)¶ Create Classify Table
- Parameters
key (str) – key for classify table (ex, ACL name).
mask (str) – mask value for interested traffic.
match_n_vectors (int) –
is_add (int) – option to configure classify table. - create(1) or delete(0)
-
create_hosts
(count, start=0)¶ Create required number of host MAC addresses and distribute them among interfaces. Create host IPv4 address for every host MAC address.
- Parameters
count (int) – Number of hosts to create MAC/IPv4 addresses for.
start (int) – Number to start numbering from.
-
create_stream
(src_if, packet_sizes, traffic_type=0, ipv6=0, proto=-1, ports=0, fragments=False, pkt_raw=True, etype=-1)¶ Create input packet stream for defined interface using hosts or deleted_hosts list.
- Parameters
src_if (object) – Interface to create packet stream for.
packet_sizes (list) – List of required packet sizes.
traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.
- Returns
Stream of packets.
-
create_upper_layer
(packet_index, proto, ports=0)¶
-
icmp4_code
= 3¶
-
icmp4_code_from_2
= 5¶
-
icmp4_code_to_2
= 20¶
-
icmp4_type
= 8¶
-
icmp4_type_2
= 8¶
-
icmp6_code
= 3¶
-
icmp6_code_from_2
= 8¶
-
icmp6_code_to_2
= 42¶
-
icmp6_type
= 128¶
-
icmp6_type_2
= 128¶
-
input_acl_set_interface
(intf, table_index, is_add=1)¶ Configure Input ACL interface
- Parameters
intf (VppInterface) – Interface to apply Input ACL feature.
table_index (int) – table index to identify classify table.
is_add (int) – option to configure classify session. - enable(1) or disable(0)
-
output_acl_set_interface
(intf, table_index, is_add=1)¶ Configure Output ACL interface
- Parameters
intf (VppInterface) – Interface to apply Output ACL feature.
table_index (int) – table index to identify classify table.
is_add (int) – option to configure classify session. - enable(1) or disable(0)
-
proto
= [[6, 17], [1, 58]]¶
-
proto_map
= {1: 'ICMP', 6: 'TCP', 17: 'UDP', 58: 'ICMPv6EchoRequest'}¶
-
run_traffic_no_check
()¶
-
run_verify_negat_test
(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False, etype=-1)¶
-
run_verify_test
(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False, pkt_raw=True, etype=-1)¶
-
setUp
()¶ Clear trace before running each test
-
classmethod
setUpClass
()¶ Perform standard class setup (defined by class method setUpClass in class VppTestCase) before running the test case, set test case related variables and configure VPP.
-
tcp_dport_from
= 40000¶
-
tcp_dport_from_2
= 20000¶
-
tcp_dport_to
= 45000¶
-
tcp_dport_to_2
= 25000¶
-
tcp_sport_from
= 30¶
-
tcp_sport_from_2
= 130¶
-
tcp_sport_to
= 35¶
-
tcp_sport_to_2
= 135¶
-
tearDown
()¶ Show various debug prints after each test.
-
classmethod
tearDownClass
()¶ Perform final cleanup after running all tests in this test-case
-
test_0000_warmup_test
()¶ Learn the MAC addresses
-
test_0010_inacl_permit_src_mac
()¶ Input L2 ACL test - permit source MAC
- Test scenario for basic IP ACL with source IP
Create IPv4 stream for pg0 -> pg1 interface.
Create ACL with source MAC address.
Send and verify received packets on pg1 interface.
-
test_0011_inacl_permit_dst_mac
()¶ Input L2 ACL test - permit destination MAC
- Test scenario for basic IP ACL with source IP
Create IPv4 stream for pg0 -> pg1 interface.
Create ACL with destination MAC address.
Send and verify received packets on pg1 interface.
-
test_0012_inacl_permit_src_dst_mac
()¶ Input L2 ACL test - permit source and destination MAC
- Test scenario for basic IP ACL with source IP
Create IPv4 stream for pg0 -> pg1 interface.
Create ACL with source and destination MAC addresses.
Send and verify received packets on pg1 interface.
-
test_0013_inacl_permit_ether_type
()¶ Input L2 ACL test - permit ether_type
- Test scenario for basic IP ACL with source IP
Create IPv4 stream for pg0 -> pg1 interface.
Create ACL with destination MAC address.
Send and verify received packets on pg1 interface.
-
test_0015_inacl_deny
()¶ Input L2 ACL test - deny
- Test scenario for basic IP ACL with source IP
Create IPv4 stream for pg0 -> pg1 interface.
Create ACL with source MAC address.
Send and verify no received packets on pg1 interface.
-
test_0020_outacl_permit
()¶ Output L2 ACL test - permit
- Test scenario for basic IP ACL with source IP
Create IPv4 stream for pg0 -> pg1 interface.
Create ACL with source MAC address.
Send and verify received packets on pg1 interface.
-
test_0025_outacl_deny
()¶ Output L2 ACL test - deny
- Test scenario for basic IP ACL with source IP
Create IPv4 stream for pg0 -> pg1 interface.
Create ACL with source MAC address.
Send and verify no received packets on pg1 interface.
-
test_0030_inoutacl_permit
()¶ Input+Output L2 ACL test - permit
- Test scenario for basic IP ACL with source IP
Create IPv4 stream for pg0 -> pg1 interface.
Create ACLs with source MAC address.
Send and verify received packets on pg1 interface.
-
udp_dport_from
= 20000¶
-
udp_dport_from_2
= 30000¶
-
udp_dport_to
= 25000¶
-
udp_dport_to_2
= 35000¶
-
udp_sport_from
= 10¶
-
udp_sport_from_2
= 90¶
-
udp_sport_to
= 15¶
-
udp_sport_to_2
= 95¶
-
verify_capture
(pg_if, capture, traffic_type=0, ip_type=0, etype=-1)¶ Verify captured input packet stream for defined interface.
- Parameters
pg_if (object) – Interface to verify captured packet stream for.
capture (list) – Captured packet stream.
traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.
-