2.18. test_acl_plugin module¶
ACL plugin Test Case HLD:
-
class
test_acl_plugin.
TestACLplugin
(methodName='runTest')¶ Bases:
framework.VppTestCase
ACL plugin Test Case
-
DENY
= 0¶
-
ICMP
= 1¶
-
ICMPv4
= 0¶
-
ICMPv6
= 1¶
-
IP
= 0¶
-
IPRANDOM
= -1¶
-
IPV4
= 0¶
-
IPV6
= 1¶
-
PERMIT
= 1¶
-
PORTS_ALL
= -1¶
-
PORTS_RANGE
= 0¶
-
PORTS_RANGE_2
= 1¶
-
PROTO_ALL
= 0¶
-
TCP
= 0¶
-
UDP
= 1¶
-
apply_rules
(rules, tag=None)¶
-
apply_rules_to
(rules, tag=None, sw_if_index=4294967295)¶
-
bd_id
= 1¶
-
create_rule
(ip=0, permit_deny=0, ports=-1, proto=-1, s_prefix=0, s_ip=0, d_prefix=0, d_ip=0)¶
-
create_stream
(src_if, packet_sizes, traffic_type=0, ipv6=0, proto=-1, ports=0, fragments=False, pkt_raw=True, etype=-1)¶ Create input packet stream for defined interface using hosts or deleted_hosts list.
- Parameters
src_if (object) – Interface to create packet stream for.
packet_sizes (list) – List of required packet sizes.
traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.
- Returns
Stream of packets.
-
create_upper_layer
(packet_index, proto, ports=0)¶
-
etype_whitelist
(whitelist, n_input, add=True)¶
-
icmp4_code
= 3¶
-
icmp4_code_from_2
= 5¶
-
icmp4_code_to_2
= 20¶
-
icmp4_type
= 8¶
-
icmp4_type_2
= 8¶
-
icmp6_code
= 3¶
-
icmp6_code_from_2
= 8¶
-
icmp6_code_to_2
= 42¶
-
icmp6_type
= 128¶
-
icmp6_type_2
= 128¶
-
proto
= [[6, 17], [1, 58]]¶
-
proto_map
= {1: 'ICMP', 6: 'TCP', 17: 'UDP', 58: 'ICMPv6EchoRequest'}¶
-
run_traffic_no_check
()¶
-
run_verify_negat_test
(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False, etype=-1)¶
-
run_verify_test
(traffic_type=0, ip_type=0, proto=-1, ports=0, frags=False, pkt_raw=True, etype=-1)¶
-
setUp
()¶ Clear trace before running each test
-
classmethod
setUpClass
()¶ Perform standard class setup (defined by class method setUpClass in class VppTestCase) before running the test case, set test case related variables and configure VPP.
-
show_commands_at_teardown
()¶ Allow subclass specific teardown logging additions.
-
tcp_dport_from
= 40000¶
-
tcp_dport_from_2
= 20000¶
-
tcp_dport_to
= 45000¶
-
tcp_dport_to_2
= 25000¶
-
tcp_sport_from
= 30¶
-
tcp_sport_from_2
= 130¶
-
tcp_sport_to
= 35¶
-
tcp_sport_to_2
= 135¶
-
tearDown
()¶ Show various debug prints after each test.
-
classmethod
tearDownClass
()¶ Perform final cleanup after running all tests in this test-case
-
test_0000_warmup_test
()¶ ACL plugin version check; learn MACs
-
test_0001_acl_create
()¶ ACL create/delete test
-
test_0002_acl_permit_apply
()¶ permit ACL apply test
-
test_0003_acl_deny_apply
()¶ deny ACL apply test
-
test_0004_vpp624_permit_icmpv4
()¶ VPP_624 permit ICMPv4
-
test_0005_vpp624_permit_icmpv6
()¶ VPP_624 permit ICMPv6
-
test_0006_vpp624_deny_icmpv4
()¶ VPP_624 deny ICMPv4
-
test_0007_vpp624_deny_icmpv6
()¶ VPP_624 deny ICMPv6
-
test_0008_tcp_permit_v4
()¶ permit TCPv4
-
test_0009_tcp_permit_v6
()¶ permit TCPv6
-
test_0010_udp_permit_v4
()¶ permit UDPv4
-
test_0011_udp_permit_v6
()¶ permit UDPv6
-
test_0012_tcp_deny
()¶ deny TCPv4/v6
-
test_0013_udp_deny
()¶ deny UDPv4/v6
-
test_0014_acl_dump
()¶ verify add/dump acls
-
test_0015_tcp_permit_port_v4
()¶ permit single TCPv4
-
test_0016_udp_permit_port_v4
()¶ permit single UDPv4
-
test_0017_tcp_permit_port_v6
()¶ permit single TCPv6
-
test_0018_udp_permit_port_v6
()¶ permit single UDPv6
-
test_0019_udp_deny_port
()¶ deny single TCPv4/v6
-
test_0020_udp_deny_port
()¶ deny single UDPv4/v6
-
test_0021_udp_deny_port_verify_fragment_deny
()¶ deny single UDPv4/v6, permit ip any, verify non-initial fragment blocked
-
test_0022_zero_length_udp_ipv4
()¶ VPP-687 zero length udp ipv4 packet
-
test_0023_zero_length_udp_ipv6
()¶ VPP-687 zero length udp ipv6 packet
-
test_0108_tcp_permit_v4
()¶ permit TCPv4 + non-match range
-
test_0109_tcp_permit_v6
()¶ permit TCPv6 + non-match range
-
test_0110_udp_permit_v4
()¶ permit UDPv4 + non-match range
-
test_0111_udp_permit_v6
()¶ permit UDPv6 + non-match range
-
test_0112_tcp_deny
()¶ deny TCPv4/v6 + non-match range
-
test_0113_udp_deny
()¶ deny UDPv4/v6 + non-match range
-
test_0300_tcp_permit_v4_etype_aaaa
()¶ permit TCPv4, send 0xAAAA etype
-
test_0305_tcp_permit_v4_etype_blacklist_aaaa
()¶ permit TCPv4, whitelist 0x0BBB ethertype, send 0xAAAA-blocked
-
test_0306_tcp_permit_v4_etype_blacklist_aaaa
()¶ permit TCPv4, whitelist 0x0BBB ethertype, send 0x0BBB - pass
-
test_0307_tcp_permit_v4_etype_blacklist_aaaa
()¶ permit TCPv4, whitelist 0x0BBB, remove, send 0xAAAA - pass
-
test_0315_del_intf
()¶ apply an acl and delete the interface
-
udp_dport_from
= 20000¶
-
udp_dport_from_2
= 30000¶
-
udp_dport_to
= 25000¶
-
udp_dport_to_2
= 35000¶
-
udp_sport_from
= 10¶
-
udp_sport_from_2
= 90¶
-
udp_sport_to
= 15¶
-
udp_sport_to_2
= 95¶
-
verify_capture
(pg_if, capture, traffic_type=0, ip_type=0, etype=-1)¶ Verify captured input packet stream for defined interface.
- Parameters
pg_if (object) – Interface to verify captured packet stream for.
capture (list) – Captured packet stream.
traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.
-