2.18. test_acl_plugin module

ACL plugin Test Case HLD:

class test_acl_plugin.TestACLplugin(methodName='runTest')

Bases: framework.VppTestCase

ACL plugin Test Case

DENY = 0
ICMP = 1
ICMPv4 = 0
ICMPv6 = 1
IP = 0
IPRANDOM = -1
IPV4 = 0
IPV6 = 1
PERMIT = 1
PORTS_ALL = -1
PORTS_RANGE = 0
PORTS_RANGE_2 = 1
PROTO_ALL = 0
TCP = 0
UDP = 1
apply_rules(rules, tag=None)
apply_rules_to(rules, tag=None, sw_if_index=4294967295)
bd_id = 1
create_rule(ip=0, permit_deny=0, ports=-1, proto=-1, s_prefix=0, s_ip=0, d_prefix=0, d_ip=0)
create_stream(src_if, packet_sizes, traffic_type=0, ipv6=0, proto=-1, ports=0, fragments=False, pkt_raw=True, etype=-1)

Create input packet stream for defined interface using hosts or deleted_hosts list.

Parameters
  • src_if (object) – Interface to create packet stream for.

  • packet_sizes (list) – List of required packet sizes.

  • traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.

Returns

Stream of packets.

create_upper_layer(packet_index, proto, ports=0)
etype_whitelist(whitelist, n_input, add=True)
icmp4_code = 3
icmp4_code_from_2 = 5
icmp4_code_to_2 = 20
icmp4_type = 8
icmp4_type_2 = 8
icmp6_code = 3
icmp6_code_from_2 = 8
icmp6_code_to_2 = 42
icmp6_type = 128
icmp6_type_2 = 128
proto = [[6, 17], [1, 58]]
proto_map = {1: 'ICMP', 6: 'TCP', 17: 'UDP', 58: 'ICMPv6EchoRequest'}
run_traffic_no_check()
run_verify_negat_test(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False, etype=-1)
run_verify_test(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False, pkt_raw=True, etype=-1)
setUp()

Clear trace before running each test

classmethod setUpClass()

Perform standard class setup (defined by class method setUpClass in class VppTestCase) before running the test case, set test case related variables and configure VPP.

show_commands_at_teardown()

Allow subclass specific teardown logging additions.

tcp_dport_from = 40000
tcp_dport_from_2 = 20000
tcp_dport_to = 45000
tcp_dport_to_2 = 25000
tcp_sport_from = 30
tcp_sport_from_2 = 130
tcp_sport_to = 35
tcp_sport_to_2 = 135
tearDown()

Show various debug prints after each test.

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_0000_warmup_test()

ACL plugin version check; learn MACs

test_0001_acl_create()

ACL create/delete test

test_0002_acl_permit_apply()

permit ACL apply test

test_0003_acl_deny_apply()

deny ACL apply test

test_0004_vpp624_permit_icmpv4()

VPP_624 permit ICMPv4

test_0005_vpp624_permit_icmpv6()

VPP_624 permit ICMPv6

test_0006_vpp624_deny_icmpv4()

VPP_624 deny ICMPv4

test_0007_vpp624_deny_icmpv6()

VPP_624 deny ICMPv6

test_0008_tcp_permit_v4()

permit TCPv4

test_0009_tcp_permit_v6()

permit TCPv6

test_0010_udp_permit_v4()

permit UDPv4

test_0011_udp_permit_v6()

permit UDPv6

test_0012_tcp_deny()

deny TCPv4/v6

test_0013_udp_deny()

deny UDPv4/v6

test_0014_acl_dump()

verify add/dump acls

test_0015_tcp_permit_port_v4()

permit single TCPv4

test_0016_udp_permit_port_v4()

permit single UDPv4

test_0017_tcp_permit_port_v6()

permit single TCPv6

test_0018_udp_permit_port_v6()

permit single UDPv6

test_0019_udp_deny_port()

deny single TCPv4/v6

test_0020_udp_deny_port()

deny single UDPv4/v6

test_0021_udp_deny_port_verify_fragment_deny()

deny single UDPv4/v6, permit ip any, verify non-initial fragment blocked

test_0022_zero_length_udp_ipv4()

VPP-687 zero length udp ipv4 packet

test_0023_zero_length_udp_ipv6()

VPP-687 zero length udp ipv6 packet

test_0108_tcp_permit_v4()

permit TCPv4 + non-match range

test_0109_tcp_permit_v6()

permit TCPv6 + non-match range

test_0110_udp_permit_v4()

permit UDPv4 + non-match range

test_0111_udp_permit_v6()

permit UDPv6 + non-match range

test_0112_tcp_deny()

deny TCPv4/v6 + non-match range

test_0113_udp_deny()

deny UDPv4/v6 + non-match range

test_0300_tcp_permit_v4_etype_aaaa()

permit TCPv4, send 0xAAAA etype

test_0305_tcp_permit_v4_etype_blacklist_aaaa()

permit TCPv4, whitelist 0x0BBB ethertype, send 0xAAAA-blocked

test_0306_tcp_permit_v4_etype_blacklist_aaaa()

permit TCPv4, whitelist 0x0BBB ethertype, send 0x0BBB - pass

test_0307_tcp_permit_v4_etype_blacklist_aaaa()

permit TCPv4, whitelist 0x0BBB, remove, send 0xAAAA - pass

test_0315_del_intf()

apply an acl and delete the interface

udp_dport_from = 20000
udp_dport_from_2 = 30000
udp_dport_to = 25000
udp_dport_to_2 = 35000
udp_sport_from = 10
udp_sport_from_2 = 90
udp_sport_to = 15
udp_sport_to_2 = 95
verify_capture(pg_if, capture, traffic_type=0, ip_type=0, etype=-1)

Verify captured input packet stream for defined interface.

Parameters
  • pg_if (object) – Interface to verify captured packet stream for.

  • capture (list) – Captured packet stream.

  • traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.