2.34. test_classify_l2_acl module

Classifier-based L2 ACL Test Case HLD:

class test_classify_l2_acl.TestClassifyAcl(methodName='runTest')

Bases: template_classifier.TestClassifier

Classifier-based L2 input and output ACL Test Case

DENY = 0
ICMP = 1
ICMPv4 = 0
ICMPv6 = 1
IP = 0
IPRANDOM = -1
IPV4 = 0
IPV6 = 1
PERMIT = 1
PORTS_ALL = -1
PORTS_RANGE = 0
PORTS_RANGE_2 = 1
PROTO_ALL = 0
TCP = 0
UDP = 1
bd_id = 1
build_classify_table(src_mac='', dst_mac='', ether_type='', etype='', key='mac', hit_next_index=4294967295)
create_classify_session(intf, table_index, match, hit_next_index=4294967295, is_add=1)

Create Classify Session

Parameters

  • intf (VppInterface) – Interface to apply classify session.

  • table_index (int) – table index to identify classify table.

  • match (str) – matched value for interested traffic.

  • is_add (int) – option to configure classify session. - create(1) or delete(0)

create_hosts(count, start=0)

Create required number of host MAC addresses and distribute them among interfaces. Create host IPv4 address for every host MAC address.

Parameters

  • count (int) – Number of hosts to create MAC/IPv4 addresses for.

  • start (int) – Number to start numbering from.

create_stream(src_if, packet_sizes, traffic_type=0, ipv6=0, proto=- 1, ports=0, fragments=False, pkt_raw=True, etype=- 1)

Create input packet stream for defined interface using hosts or deleted_hosts list.

Parameters

  • src_if (object) – Interface to create packet stream for.

  • packet_sizes (list) – List of required packet sizes.

  • traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.

Returns

Stream of packets.

create_upper_layer(packet_index, proto, ports=0)
icmp4_code = 3
icmp4_code_from_2 = 5
icmp4_code_to_2 = 20
icmp4_type = 8
icmp4_type_2 = 8
icmp6_code = 3
icmp6_code_from_2 = 8
icmp6_code_to_2 = 42
icmp6_type = 128
icmp6_type_2 = 128
proto = [[6, 17], [1, 58]]
proto_map = {1: 'ICMP', 6: 'TCP', 17: 'UDP', 58: 'ICMPv6EchoRequest'}
run_traffic_no_check()
run_verify_negat_test(traffic_type=0, ip_type=0, proto=- 1, ports=0, frags=False, etype=- 1)
run_verify_test(traffic_type=0, ip_type=0, proto=- 1, ports=0, frags=False, pkt_raw=True, etype=- 1)
setUp()

Perform test setup before test case.

Config:
  • create 4 pg interfaces
    • untagged pg0/pg1/pg2 interface
      pg0 ——-> pg1 (IP ACL)
      —> pg2 (MAC ACL))

      -> pg3 (PBR)

  • setup interfaces:

    • put it into UP state

    • set IPv4/6 addresses

    • resolve neighbor address using ARP

Variables

  • interfaces (list) – pg interfaces.

  • pg_if_packet_sizes (list) – packet sizes in test.

  • acl_tbl_idx (dict) – ACL table index.

  • pbr_vrfid (int) – VRF id for PBR test.

classmethod setUpClass()

Perform standard class setup (defined by class method setUpClass in class VppTestCase) before running the test case, set test case related variables and configure VPP.

tcp_dport_from = 40000
tcp_dport_from_2 = 20000
tcp_dport_to = 45000
tcp_dport_to_2 = 25000
tcp_sport_from = 30
tcp_sport_from_2 = 130
tcp_sport_to = 35
tcp_sport_to_2 = 135
tearDown()

Show various debug prints after each test.

classmethod tearDownClass()

Perform final cleanup after running all tests in this test-case

test_0000_warmup_test()

Learn the MAC addresses

test_0010_inacl_permit_src_mac()

Input L2 ACL test - permit source MAC

Test scenario for basic IP ACL with source IP

  • Create IPv4 stream for pg0 -> pg1 interface.

  • Create ACL with source MAC address.

  • Send and verify received packets on pg1 interface.

test_0011_inacl_permit_dst_mac()

Input L2 ACL test - permit destination MAC

Test scenario for basic IP ACL with source IP

  • Create IPv4 stream for pg0 -> pg1 interface.

  • Create ACL with destination MAC address.

  • Send and verify received packets on pg1 interface.

test_0012_inacl_permit_src_dst_mac()

Input L2 ACL test - permit source and destination MAC

Test scenario for basic IP ACL with source IP

  • Create IPv4 stream for pg0 -> pg1 interface.

  • Create ACL with source and destination MAC addresses.

  • Send and verify received packets on pg1 interface.

test_0013_inacl_permit_ether_type()

Input L2 ACL test - permit ether_type

Test scenario for basic IP ACL with source IP

  • Create IPv4 stream for pg0 -> pg1 interface.

  • Create ACL with destination MAC address.

  • Send and verify received packets on pg1 interface.

test_0015_inacl_deny()

Input L2 ACL test - deny

Test scenario for basic IP ACL with source IP

  • Create IPv4 stream for pg0 -> pg1 interface.

  • Create ACL with source MAC address.

  • Send and verify no received packets on pg1 interface.

test_0020_outacl_permit()

Output L2 ACL test - permit

Test scenario for basic IP ACL with source IP

  • Create IPv4 stream for pg0 -> pg1 interface.

  • Create ACL with source MAC address.

  • Send and verify received packets on pg1 interface.

test_0025_outacl_deny()

Output L2 ACL test - deny

Test scenario for basic IP ACL with source IP

  • Create IPv4 stream for pg0 -> pg1 interface.

  • Create ACL with source MAC address.

  • Send and verify no received packets on pg1 interface.

test_0030_inoutacl_permit()

Input+Output L2 ACL test - permit

Test scenario for basic IP ACL with source IP

  • Create IPv4 stream for pg0 -> pg1 interface.

  • Create ACLs with source MAC address.

  • Send and verify received packets on pg1 interface.

udp_dport_from = 20000
udp_dport_from_2 = 30000
udp_dport_to = 25000
udp_dport_to_2 = 35000
udp_sport_from = 10
udp_sport_from_2 = 90
udp_sport_to = 15
udp_sport_to_2 = 95
verify_capture(pg_if, capture, traffic_type=0, ip_type=0, etype=- 1)

Verify captured input packet stream for defined interface.

Parameters

  • pg_if (object) – Interface to verify captured packet stream for.

  • capture (list) – Captured packet stream.

  • traffic_type – 1: ICMP packet, 2: IPv6 with EH, 0: otherwise.