2.20. test_acl_plugin module¶

ACL plugin Test Case HLD:

class test_acl_plugin.TestACLplugin(methodName='runTest')¶

Bases: framework.VppTestCase

ACL plugin Test Case

DENY = 0¶

ICMP = 1¶

ICMPv4 = 0¶

ICMPv6 = 1¶

IP = 0¶

IPRANDOM = -1¶

IPV4 = 0¶

IPV6 = 1¶

PERMIT = 1¶

PORTS_ALL = -1¶

PORTS_RANGE = 0¶

PORTS_RANGE_2 = 1¶

PROTO_ALL = 0¶

TCP = 0¶

UDP = 1¶

apply_rules(rules, tag=None)¶

apply_rules_to(rules, tag=None, sw_if_index=4294967295)¶

bd_id = 1¶

create_rule(ip=0, permit_deny=0, ports=- 1, proto=- 1, s_prefix=0, s_ip=0, d_prefix=0, d_ip=0)¶

create_stream(src_if, packet_sizes, traffic_type=0, ipv6=0, proto=- 1, ports=0, fragments=False, pkt_raw=True, etype=- 1)¶

Create input packet stream for defined interface using hosts or deleted_hosts list.

Parameters

src_if (object) – Interface to create packet stream for.
packet_sizes (list) – List of required packet sizes.
traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.

Returns

Stream of packets.

create_upper_layer(packet_index, proto, ports=0)¶

etype_whitelist(whitelist, n_input, add=True)¶

icmp4_code = 3¶

icmp4_code_from_2 = 5¶

icmp4_code_to_2 = 20¶

icmp4_type = 8¶

icmp4_type_2 = 8¶

icmp6_code = 3¶

icmp6_code_from_2 = 8¶

icmp6_code_to_2 = 42¶

icmp6_type = 128¶

icmp6_type_2 = 128¶

proto = [[6, 17], [1, 58]]¶

proto_map = {1: 'ICMP', 6: 'TCP', 17: 'UDP', 58: 'ICMPv6EchoRequest'}¶

run_traffic_no_check()¶

run_verify_negat_test(traffic_type=0, ip_type=0, proto=- 1, ports=0, frags=False, etype=- 1)¶

run_verify_test(traffic_type=0, ip_type=0, proto=- 1, ports=0, frags=False, pkt_raw=True, etype=- 1)¶

setUp()¶: Clear trace before running each test

classmethod setUpClass()¶: Perform standard class setup (defined by class method setUpClass in class VppTestCase) before running the test case, set test case related variables and configure VPP.

show_commands_at_teardown()¶: Allow subclass specific teardown logging additions.

tcp_dport_from = 40000¶

tcp_dport_from_2 = 20000¶

tcp_dport_to = 45000¶

tcp_dport_to_2 = 25000¶

tcp_sport_from = 30¶

tcp_sport_from_2 = 130¶

tcp_sport_to = 35¶

tcp_sport_to_2 = 135¶

tearDown()¶: Show various debug prints after each test.

classmethod tearDownClass()¶: Perform final cleanup after running all tests in this test-case

test_0000_warmup_test()¶: ACL plugin version check; learn MACs

test_0001_acl_create()¶: ACL create/delete test

test_0002_acl_permit_apply()¶: permit ACL apply test

test_0003_acl_deny_apply()¶: deny ACL apply test

test_0004_vpp624_permit_icmpv4()¶: VPP_624 permit ICMPv4

test_0005_vpp624_permit_icmpv6()¶: VPP_624 permit ICMPv6

test_0006_vpp624_deny_icmpv4()¶: VPP_624 deny ICMPv4

test_0007_vpp624_deny_icmpv6()¶: VPP_624 deny ICMPv6

test_0008_tcp_permit_v4()¶: permit TCPv4

test_0009_tcp_permit_v6()¶: permit TCPv6

test_0010_udp_permit_v4()¶: permit UDPv4

test_0011_udp_permit_v6()¶: permit UDPv6

test_0012_tcp_deny()¶: deny TCPv4/v6

test_0013_udp_deny()¶: deny UDPv4/v6

test_0014_acl_dump()¶: verify add/dump acls

test_0015_tcp_permit_port_v4()¶: permit single TCPv4

test_0016_udp_permit_port_v4()¶: permit single UDPv4

test_0017_tcp_permit_port_v6()¶: permit single TCPv6

test_0018_udp_permit_port_v6()¶: permit single UDPv6

test_0019_udp_deny_port()¶: deny single TCPv4/v6

test_0020_udp_deny_port()¶: deny single UDPv4/v6

test_0021_udp_deny_port_verify_fragment_deny()¶: deny single UDPv4/v6, permit ip any, verify non-initial fragment blocked

test_0022_zero_length_udp_ipv4()¶: VPP-687 zero length udp ipv4 packet

test_0023_zero_length_udp_ipv6()¶: VPP-687 zero length udp ipv6 packet

test_0108_tcp_permit_v4()¶: permit TCPv4 + non-match range

test_0109_tcp_permit_v6()¶: permit TCPv6 + non-match range

test_0110_udp_permit_v4()¶: permit UDPv4 + non-match range

test_0111_udp_permit_v6()¶: permit UDPv6 + non-match range

test_0112_tcp_deny()¶: deny TCPv4/v6 + non-match range

test_0113_udp_deny()¶: deny UDPv4/v6 + non-match range

test_0300_tcp_permit_v4_etype_aaaa()¶: permit TCPv4, send 0xAAAA etype

test_0305_tcp_permit_v4_etype_blacklist_aaaa()¶: permit TCPv4, whitelist 0x0BBB ethertype, send 0xAAAA-blocked

test_0306_tcp_permit_v4_etype_blacklist_aaaa()¶: permit TCPv4, whitelist 0x0BBB ethertype, send 0x0BBB - pass

test_0307_tcp_permit_v4_etype_blacklist_aaaa()¶: permit TCPv4, whitelist 0x0BBB, remove, send 0xAAAA - pass

test_0315_del_intf()¶: apply an acl and delete the interface

test_tags = [<TestCaseTag.FIXME_VPP_WORKERS: 2>]¶

udp_dport_from = 20000¶

udp_dport_from_2 = 30000¶

udp_dport_to = 25000¶

udp_dport_to_2 = 35000¶

udp_sport_from = 10¶

udp_sport_from_2 = 90¶

udp_sport_to = 15¶

udp_sport_to_2 = 95¶

verify_capture(pg_if, capture, traffic_type=0, ip_type=0, etype=- 1)¶

Verify captured input packet stream for defined interface.

Parameters

pg_if (object) – Interface to verify captured packet stream for.
capture (list) – Captured packet stream.
traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.