vpp/test/test_acl_plugin_conns.py

411 lines
15 KiB
Python
Raw Normal View History

#!/usr/bin/env python3
""" ACL plugin extended stateful tests """
import unittest
from config import config
2023-08-31 00:47:44 -04:00
from framework import VppTestCase
from scapy.layers.inet import IP, UDP, TCP
from scapy.packet import Packet
2023-08-31 00:47:44 -04:00
from socket import AF_INET, AF_INET6
from scapy.layers.inet6 import IPv6
from util import L4_Conn
from ipaddress import ip_network
from vpp_acl import AclRule, VppAcl, VppAclInterface
def to_acl_rule(self, is_permit, wildcard_sport=False):
p = self
rule_family = AF_INET6 if p.haslayer(IPv6) else AF_INET
rule_prefix_len = 128 if p.haslayer(IPv6) else 32
rule_l3_layer = IPv6 if p.haslayer(IPv6) else IP
rule_l4_sport = p.sport
rule_l4_dport = p.dport
if p.haslayer(IPv6):
rule_l4_proto = p[IPv6].nh
else:
rule_l4_proto = p[IP].proto
if wildcard_sport:
rule_l4_sport_first = 0
rule_l4_sport_last = 65535
else:
rule_l4_sport_first = rule_l4_sport
rule_l4_sport_last = rule_l4_sport
new_rule = AclRule(
is_permit=is_permit,
proto=rule_l4_proto,
src_prefix=ip_network((p[rule_l3_layer].src, rule_prefix_len)),
dst_prefix=ip_network((p[rule_l3_layer].dst, rule_prefix_len)),
sport_from=rule_l4_sport_first,
sport_to=rule_l4_sport_last,
dport_from=rule_l4_dport,
dport_to=rule_l4_dport,
)
return new_rule
Packet.to_acl_rule = to_acl_rule
class IterateWithSleep:
def __init__(self, testcase, n_iters, description, sleep_sec):
self.curr = 0
self.testcase = testcase
self.n_iters = n_iters
self.sleep_sec = sleep_sec
self.description = description
def __iter__(self):
for x in range(0, self.n_iters):
yield x
self.testcase.sleep(self.sleep_sec)
class Conn(L4_Conn):
def apply_acls(self, reflect_side, acl_side):
pkts = []
pkts.append(self.pkt(0))
pkts.append(self.pkt(1))
pkt = pkts[reflect_side]
r = []
r.append(pkt.to_acl_rule(2, wildcard_sport=True))
r.append(self.wildcard_rule(0))
reflect_acl = VppAcl(self.testcase, r)
reflect_acl.add_vpp_config()
r = []
r.append(self.wildcard_rule(0))
deny_acl = VppAcl(self.testcase, r)
deny_acl.add_vpp_config()
if reflect_side == acl_side:
acl_if0 = VppAclInterface(
self.testcase,
self.ifs[acl_side].sw_if_index,
[reflect_acl, deny_acl],
n_input=1,
)
acl_if1 = VppAclInterface(
self.testcase, self.ifs[1 - acl_side].sw_if_index, [], n_input=0
)
acl_if0.add_vpp_config()
acl_if1.add_vpp_config()
else:
acl_if0 = VppAclInterface(
self.testcase,
self.ifs[acl_side].sw_if_index,
[deny_acl, reflect_acl],
n_input=1,
)
acl_if1 = VppAclInterface(
self.testcase, self.ifs[1 - acl_side].sw_if_index, [], n_input=0
)
acl_if0.add_vpp_config()
acl_if1.add_vpp_config()
def wildcard_rule(self, is_permit):
any_addr = ["0.0.0.0", "::"]
rule_family = self.address_family
is_ip6 = 1 if rule_family == AF_INET6 else 0
new_rule = AclRule(
is_permit=is_permit,
proto=0,
src_prefix=ip_network((any_addr[is_ip6], 0)),
dst_prefix=ip_network((any_addr[is_ip6], 0)),
sport_from=0,
sport_to=65535,
dport_from=0,
dport_to=65535,
)
return new_rule
@unittest.skipUnless(config.extended, "part of extended tests")
class ACLPluginConnTestCase(VppTestCase):
"""ACL plugin connection-oriented extended testcases"""
@classmethod
def setUpClass(cls):
super(ACLPluginConnTestCase, cls).setUpClass()
# create pg0 and pg1
cls.create_pg_interfaces(range(2))
cmd = "set acl-plugin session table event-trace 1"
cls.logger.info(cls.vapi.cli(cmd))
for i in cls.pg_interfaces:
i.admin_up()
i.config_ip4()
i.config_ip6()
i.resolve_arp()
i.resolve_ndp()
VTL Cleanup: Fix missing calls to setUpClass/tearDownClass, fix numerous TypeErrors. * TypeError: assertIsNotNone() got an unexpected keyword argument 'msg' * Correct missing calls to setUpClass/tearDownClass. If you want the setUpClass and tearDownClass on base classes called then you must call up to them yourself. The implementations in TestCase are empty. https://docs.python.org/2/library/unittest.html#setupclass-and-teardownclass Cleans up issues in parallel test mode: ------------- FAILURES AND ERRORS IN TESTS: Testcase name: VCL Thru Host Stack Bidir Nsock FAILURE: test_vcl.VCLThruHostStackBidirNsock.test_vcl_thru_host_stack_bi_dir_nsock [test_vcl.VCLThruHostStackBidirNsock.test_vcl_thru_host_stack_bi_dir_nsock] Testcase name: Bidirectional Forwarding Detection (BFD) (changing auth) ERROR: test_bfd.BFDAuthOnOffTestCase.test_auth_change_key_delayed [test_bfd.BFDAuthOnOffTestCase.test_auth_change_key_delayed] ERROR: test_bfd.BFDAuthOnOffTestCase.test_auth_change_key_immediate [test_bfd.BFDAuthOnOffTestCase.test_auth_change_key_immediate] ERROR: test_bfd.BFDAuthOnOffTestCase.test_auth_off_delayed [test_bfd.BFDAuthOnOffTestCase.test_auth_off_delayed] ERROR: test_bfd.BFDAuthOnOffTestCase.test_auth_off_immediate [test_bfd.BFDAuthOnOffTestCase.test_auth_off_immediate] ERROR: test_bfd.BFDAuthOnOffTestCase.test_auth_on_delayed [test_bfd.BFDAuthOnOffTestCase.test_auth_on_delayed] ERROR: test_bfd.BFDAuthOnOffTestCase.test_auth_on_immediate [test_bfd.BFDAuthOnOffTestCase.test_auth_on_immediate] Testcase name: Punt Socket for IPv4 ERROR: test_punt.TestIP4PuntSocket.test_punt_socket_dump [test_punt.TestIP4PuntSocket.test_punt_socket_dump] ERROR: test_punt.TestIP4PuntSocket.test_punt_socket_traffic_multi_port_multi_sockets [test_punt.TestIP4PuntSocket.test_punt_socket_traffic_multi_port_multi_sockets] ERROR: test_punt.TestIP4PuntSocket.test_punt_socket_traffic_multi_ports_single_socket [test_punt.TestIP4PuntSocket.test_punt_socket_traffic_multi_ports_single_socket] ERROR: test_punt.TestIP4PuntSocket.test_punt_socket_traffic_single_port_single_socket [test_punt.TestIP4PuntSocket.test_punt_socket_traffic_single_port_single_socket] Testcase name: Bidirectional Forwarding Detection (BFD) (IPv6) ERROR: test_bfd.BFD6TestCase.test_echo [test_bfd.BFD6TestCase.test_echo] ERROR: test_bfd.BFD6TestCase.test_echo_looped_back [test_bfd.BFD6TestCase.test_echo_looped_back] ERROR: test_bfd.BFD6TestCase.test_intf_deleted [test_bfd.BFD6TestCase.test_intf_deleted] ERROR: test_bfd.BFD6TestCase.test_session_up [test_bfd.BFD6TestCase.test_session_up] ERROR: test_bfd.BFD6TestCase.test_session_up_by_ip [test_bfd.BFD6TestCase.test_session_up_by_ip] Testcase name: Bidirectional Forwarding Detection (BFD) (CLI) ERROR: test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp [test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp] ERROR: test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp6 [test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp6] ERROR: test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp6_auth [test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp6_auth] ERROR: test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp_auth [test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp_auth] ERROR: test_bfd.BFDCLITestCase.test_admin_up_down [test_bfd.BFDCLITestCase.test_admin_up_down] ERROR: test_bfd.BFDCLITestCase.test_auth_on_off [test_bfd.BFDCLITestCase.test_auth_on_off] ERROR: test_bfd.BFDCLITestCase.test_auth_on_off_delayed [test_bfd.BFDCLITestCase.test_auth_on_off_delayed] ERROR: test_bfd.BFDCLITestCase.test_set_del_meticulous_sha1_key [test_bfd.BFDCLITestCase.test_set_del_meticulous_sha1_key] ERROR: test_bfd.BFDCLITestCase.test_set_del_sha1_key [test_bfd.BFDCLITestCase.test_set_del_sha1_key] ERROR: test_bfd.BFDCLITestCase.test_set_del_udp_echo_source [test_bfd.BFDCLITestCase.test_set_del_udp_echo_source] ERROR: test_bfd.BFDCLITestCase.test_show [test_bfd.BFDCLITestCase.test_show] Testcase name: VAPI test ERROR: test_vapi.VAPITestCase.test_vapi_c [test_vapi.VAPITestCase.test_vapi_c] Testcase name: Container integration extended testcases ERROR: test_container.ContainerIntegrationTestCase.test_0010_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0010_basic_conn_test] ERROR: test_container.ContainerIntegrationTestCase.test_0011_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0011_basic_conn_test] ERROR: test_container.ContainerIntegrationTestCase.test_0050_loopback_prepare_test [test_container.ContainerIntegrationTestCase.test_0050_loopback_prepare_test] ERROR: test_container.ContainerIntegrationTestCase.test_0110_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0110_basic_conn_test] ERROR: test_container.ContainerIntegrationTestCase.test_0111_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0111_basic_conn_test] ERROR: test_container.ContainerIntegrationTestCase.test_0200_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0200_basic_conn_test] ERROR: test_container.ContainerIntegrationTestCase.test_0210_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0210_basic_conn_test] ERROR: test_container.ContainerIntegrationTestCase.test_0211_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0211_basic_conn_test] ERROR: test_container.ContainerIntegrationTestCase.test_0300_unconfigure_commands [test_container.ContainerIntegrationTestCase.test_0300_unconfigure_commands] ERROR: test_container.ContainerIntegrationTestCase.test_0410_spoof_test [test_container.ContainerIntegrationTestCase.test_0410_spoof_test] ERROR: test_container.ContainerIntegrationTestCase.test_0411_spoof_test [test_container.ContainerIntegrationTestCase.test_0411_spoof_test] Testcase name: Re-enable IPFIX ERROR: test_flowprobe.ReenableIPFIX.test_0011 [test_flowprobe.ReenableIPFIX.test_0011] Testcase name: VXLAN over IPv6 Test Case ERROR: setUpClass [setUpClass (test_vxlan6.TestVxlan6)] Testcase name: JVPP Core Test Case ERROR: test_jvpp.TestJVpp.test_vpp_acl_callback_api [test_jvpp.TestJVpp.test_vpp_acl_callback_api] ERROR: test_jvpp.TestJVpp.test_vpp_acl_future_api [test_jvpp.TestJVpp.test_vpp_acl_future_api] ERROR: test_jvpp.TestJVpp.test_vpp_core_callback_api [test_jvpp.TestJVpp.test_vpp_core_callback_api] ERROR: test_jvpp.TestJVpp.test_vpp_core_future_api [test_jvpp.TestJVpp.test_vpp_core_future_api] ERROR: test_jvpp.TestJVpp.test_vpp_ioamexport_callback_api [test_jvpp.TestJVpp.test_vpp_ioamexport_callback_api] ERROR: test_jvpp.TestJVpp.test_vpp_ioamexport_future_api [test_jvpp.TestJVpp.test_vpp_ioamexport_future_api] ERROR: test_jvpp.TestJVpp.test_vpp_ioampot_callback_api [test_jvpp.TestJVpp.test_vpp_ioampot_callback_api] ERROR: test_jvpp.TestJVpp.test_vpp_ioampot_future_api [test_jvpp.TestJVpp.test_vpp_ioampot_future_api] ERROR: test_jvpp.TestJVpp.test_vpp_ioamtrace_callback_api [test_jvpp.TestJVpp.test_vpp_ioamtrace_callback_api] ERROR: test_jvpp.TestJVpp.test_vpp_ioamtrace_future_api [test_jvpp.TestJVpp.test_vpp_ioamtrace_future_api] ERROR: test_jvpp.TestJVpp.test_vpp_snat_callback_api [test_jvpp.TestJVpp.test_vpp_snat_callback_api] ERROR: test_jvpp.TestJVpp.test_vpp_snat_future_api [test_jvpp.TestJVpp.test_vpp_snat_future_api] Testcase name: LDP Cut Thru Tests FAILURE: test_vcl.LDPCutThruTestCase.test_ldp_cut_thru_iperf3 [test_vcl.LDPCutThruTestCase.test_ldp_cut_thru_iperf3] Testcase name: ACL plugin connection-oriented extended testcases ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0000_conn_prepare_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0000_conn_prepare_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0001_basic_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0001_basic_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0002_basic_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0002_basic_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0005_clear_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0005_clear_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0006_clear_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0006_clear_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0011_active_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0011_active_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0012_active_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0012_active_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_1001_basic_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_1001_basic_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_1002_basic_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_1002_basic_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_1005_clear_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_1005_clear_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_1006_clear_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_1006_clear_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_1011_active_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_1011_active_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_1012_active_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_1012_active_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2000_prepare_for_tcp_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2000_prepare_for_tcp_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2001_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2001_tcp_transient_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2002_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2002_tcp_transient_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2003_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2003_tcp_transient_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2004_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2004_tcp_transient_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2005_tcp_transient_teardown_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2005_tcp_transient_teardown_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2006_tcp_transient_teardown_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2006_tcp_transient_teardown_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_3001_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_3001_tcp_transient_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_3002_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_3002_tcp_transient_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_3003_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_3003_tcp_transient_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_3004_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_3004_tcp_transient_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_3005_tcp_transient_teardown_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_3005_tcp_transient_teardown_conn_test] ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_3006_tcp_transient_teardown_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_3006_tcp_transient_teardown_conn_test] Testcase name: LDP Thru Host Stack Echo FAILURE: test_vcl.LDPThruHostStackEcho.test_ldp_thru_host_stack_echo [test_vcl.LDPThruHostStackEcho.test_ldp_thru_host_stack_echo] Testcase name: Bidirectional Forwarding Detection (BFD) - API ERROR: test_bfd.BFDAPITestCase.test_activate_auth [test_bfd.BFDAPITestCase.test_activate_auth] ERROR: test_bfd.BFDAPITestCase.test_add_auth_nonexistent_key [test_bfd.BFDAPITestCase.test_add_auth_nonexistent_key] ERROR: test_bfd.BFDAPITestCase.test_add_bfd [test_bfd.BFDAPITestCase.test_add_bfd] ERROR: test_bfd.BFDAPITestCase.test_add_bfd6 [test_bfd.BFDAPITestCase.test_add_bfd6] ERROR: test_bfd.BFDAPITestCase.test_add_bfd_sha1 [test_bfd.BFDAPITestCase.test_add_bfd_sha1] ERROR: test_bfd.BFDAPITestCase.test_add_sha1_keys [test_bfd.BFDAPITestCase.test_add_sha1_keys] ERROR: test_bfd.BFDAPITestCase.test_change_key [test_bfd.BFDAPITestCase.test_change_key] ERROR: test_bfd.BFDAPITestCase.test_deactivate_auth [test_bfd.BFDAPITestCase.test_deactivate_auth] ERROR: test_bfd.BFDAPITestCase.test_double_add [test_bfd.BFDAPITestCase.test_double_add] ERROR: test_bfd.BFDAPITestCase.test_double_add_sha1 [test_bfd.BFDAPITestCase.test_double_add_sha1] ERROR: test_bfd.BFDAPITestCase.test_mod_bfd [test_bfd.BFDAPITestCase.test_mod_bfd] ERROR: test_bfd.BFDAPITestCase.test_set_del_udp_echo_source [test_bfd.BFDAPITestCase.test_set_del_udp_echo_source] ERROR: test_bfd.BFDAPITestCase.test_shared_sha1_key [test_bfd.BFDAPITestCase.test_shared_sha1_key] Testcase name: LDP Thru Host Stack Iperf FAILURE: test_vcl.LDPThruHostStackIperf.test_ldp_thru_host_stack_iperf3 [test_vcl.LDPThruHostStackIperf.test_ldp_thru_host_stack_iperf3] Testcase name: Bidirectional Forwarding Detection (BFD) (SHA1 auth) ERROR: test_bfd.BFDSHA1TestCase.test_session_up [test_bfd.BFDSHA1TestCase.test_session_up] Testcase name: Punt Socket for IPv6 ERROR: test_punt.TestIP6PuntSocket.test_punt_socket_dump [test_punt.TestIP6PuntSocket.test_punt_socket_dump] ERROR: test_punt.TestIP6PuntSocket.test_punt_socket_traffic_multi_port_multi_sockets [test_punt.TestIP6PuntSocket.test_punt_socket_traffic_multi_port_multi_sockets] ERROR: test_punt.TestIP6PuntSocket.test_punt_socket_traffic_multi_ports_single_socket [test_punt.TestIP6PuntSocket.test_punt_socket_traffic_multi_ports_single_socket] ERROR: test_punt.TestIP6PuntSocket.test_punt_socket_traffic_single_port_single_socket [test_punt.TestIP6PuntSocket.test_punt_socket_traffic_single_port_single_socket] Testcase name: Disable Flowprobe feature ERROR: test_flowprobe.DisableFP.test_0001 [test_flowprobe.DisableFP.test_0001] Testcase name: Disable IPFIX ERROR: test_flowprobe.DisableIPFIX.test_0001 [test_flowprobe.DisableIPFIX.test_0001] Testcase name: VPP Object Model Test ERROR: test_vom.VOMTestCase.test_vom_cpp [test_vom.VOMTestCase.test_vom_cpp] Testcase name: BFD-FIB interactions (IPv6) ERROR: test_bfd.BFDFIBTestCase.test_session_with_fib [test_bfd.BFDFIBTestCase.test_session_with_fib] Testcase name: Bidirectional Forwarding Detection (BFD) ERROR: test_bfd.BFD4TestCase.test_echo [test_bfd.BFD4TestCase.test_echo] ERROR: test_bfd.BFD4TestCase.test_echo_looped_back [test_bfd.BFD4TestCase.test_echo_looped_back] ERROR: test_bfd.BFD4TestCase.test_intf_deleted [test_bfd.BFD4TestCase.test_intf_deleted] ERROR: test_bfd.BFD4TestCase.test_session_down [test_bfd.BFD4TestCase.test_session_down] ERROR: test_bfd.BFD4TestCase.test_session_up [test_bfd.BFD4TestCase.test_session_up] ERROR: test_bfd.BFD4TestCase.test_session_up_by_ip [test_bfd.BFD4TestCase.test_session_up_by_ip] Testcase name: VXLAN-GPE Test Case ERROR: test_vxlan_gpe.TestVxlanGpe.test_decap [test_vxlan_gpe.TestVxlanGpe.test_decap] ERROR: test_vxlan_gpe.TestVxlanGpe.test_encap [test_vxlan_gpe.TestVxlanGpe.test_encap] ERROR: test_vxlan_gpe.TestVxlanGpe.test_ucast_flood [test_vxlan_gpe.TestVxlanGpe.test_ucast_flood] Testcase name: Re-enable Flowprobe feature ERROR: test_flowprobe.ReenableFP.test_0001 [test_flowprobe.ReenableFP.test_0001] Testcase name: LDP IPv6 Cut Thru Tests FAILURE: test_vcl.LDPIpv6CutThruTestCase.test_ldp_ipv6_cut_thru_echo [test_vcl.LDPIpv6CutThruTestCase.test_ldp_ipv6_cut_thru_echo] TESTCASES WHERE NO TESTS WERE SUCCESSFULLY EXECUTED: VXLAN over IPv6 Test Case ============================================================================== 0 attempt(s) left. Change-Id: Id202ed6ee7f57670f34ec87380244c568b509416 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-01-25 14:05:48 -08:00
@classmethod
def tearDownClass(cls):
super(ACLPluginConnTestCase, cls).tearDownClass()
acl-plugin: bihash-based ACL lookup Add a bihash-based ACL lookup mechanism and make it a new default. This changes the time required to lookup a 5-tuple match from O(total_N_entries) to O(total_N_mask_types), where "mask type" is an overall mask on the 5-tuple required to represent an ACE. For testing/comparison there is a temporary debug CLI "set acl-plugin use-hash-acl-matching {0|1}", which, when set to 0, makes the plugin use the "old" linear lookup, and when set to 1, makes it use the hash-based lookup. Based on the discussions on vpp-dev mailing list, prevent assigning the ACL index to an interface, when the ACL with that index is not defined, also prevent deleting an ACL if that ACL is applied. Also, for the easier debugging of the state, there are new debug CLI commands to see the ACL plugin state at several layers: "show acl-plugin acl [index N]" - show a high-level ACL representation, used for the linear lookup and as a base for building the hashtable-based lookup. Also shows if a given ACL is applied somewhere. "show acl-plugin interface [sw_if_index N]" - show which interfaces have which ACL(s) applied. "show acl-plugin tables" - a lower-level debug command used to see the state of all of the related data structures at once. There are specifiers possible, which make for a more focused and maybe augmented output: "show acl-plugin tables acl [index N]" show the "bitmask-ready" representations of the ACLs, we well as the mask types and their associated indices. "show acl-plutin tables mask" show the derived mask types and their indices only. "show acl-plugin tables applied [sw_if_index N]" show the table of all of the ACEs applied for a given sw_if_index or all interfaces. "show acl-plugin tables hash [verbose N]" show the 48x8 bihash used for the ACL lookup. Change-Id: I89fff051424cb44bcb189e3cee04c1b8f76efc28 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-05-24 13:20:47 +02:00
def tearDown(self):
"""Run standard test teardown and log various show commands"""
acl-plugin: bihash-based ACL lookup Add a bihash-based ACL lookup mechanism and make it a new default. This changes the time required to lookup a 5-tuple match from O(total_N_entries) to O(total_N_mask_types), where "mask type" is an overall mask on the 5-tuple required to represent an ACE. For testing/comparison there is a temporary debug CLI "set acl-plugin use-hash-acl-matching {0|1}", which, when set to 0, makes the plugin use the "old" linear lookup, and when set to 1, makes it use the hash-based lookup. Based on the discussions on vpp-dev mailing list, prevent assigning the ACL index to an interface, when the ACL with that index is not defined, also prevent deleting an ACL if that ACL is applied. Also, for the easier debugging of the state, there are new debug CLI commands to see the ACL plugin state at several layers: "show acl-plugin acl [index N]" - show a high-level ACL representation, used for the linear lookup and as a base for building the hashtable-based lookup. Also shows if a given ACL is applied somewhere. "show acl-plugin interface [sw_if_index N]" - show which interfaces have which ACL(s) applied. "show acl-plugin tables" - a lower-level debug command used to see the state of all of the related data structures at once. There are specifiers possible, which make for a more focused and maybe augmented output: "show acl-plugin tables acl [index N]" show the "bitmask-ready" representations of the ACLs, we well as the mask types and their associated indices. "show acl-plutin tables mask" show the derived mask types and their indices only. "show acl-plugin tables applied [sw_if_index N]" show the table of all of the ACEs applied for a given sw_if_index or all interfaces. "show acl-plugin tables hash [verbose N]" show the 48x8 bihash used for the ACL lookup. Change-Id: I89fff051424cb44bcb189e3cee04c1b8f76efc28 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-05-24 13:20:47 +02:00
super(ACLPluginConnTestCase, self).tearDown()
def show_commands_at_teardown(self):
self.logger.info(self.vapi.cli("show ip neighbors"))
self.logger.info(self.vapi.cli("show ip6 neighbors"))
self.logger.info(self.vapi.cli("show acl-plugin sessions"))
self.logger.info(self.vapi.cli("show acl-plugin acl"))
self.logger.info(self.vapi.cli("show acl-plugin interface"))
self.logger.info(self.vapi.cli("show acl-plugin tables"))
self.logger.info(self.vapi.cli("show event-logger all"))
acl-plugin: bihash-based ACL lookup Add a bihash-based ACL lookup mechanism and make it a new default. This changes the time required to lookup a 5-tuple match from O(total_N_entries) to O(total_N_mask_types), where "mask type" is an overall mask on the 5-tuple required to represent an ACE. For testing/comparison there is a temporary debug CLI "set acl-plugin use-hash-acl-matching {0|1}", which, when set to 0, makes the plugin use the "old" linear lookup, and when set to 1, makes it use the hash-based lookup. Based on the discussions on vpp-dev mailing list, prevent assigning the ACL index to an interface, when the ACL with that index is not defined, also prevent deleting an ACL if that ACL is applied. Also, for the easier debugging of the state, there are new debug CLI commands to see the ACL plugin state at several layers: "show acl-plugin acl [index N]" - show a high-level ACL representation, used for the linear lookup and as a base for building the hashtable-based lookup. Also shows if a given ACL is applied somewhere. "show acl-plugin interface [sw_if_index N]" - show which interfaces have which ACL(s) applied. "show acl-plugin tables" - a lower-level debug command used to see the state of all of the related data structures at once. There are specifiers possible, which make for a more focused and maybe augmented output: "show acl-plugin tables acl [index N]" show the "bitmask-ready" representations of the ACLs, we well as the mask types and their associated indices. "show acl-plutin tables mask" show the derived mask types and their indices only. "show acl-plugin tables applied [sw_if_index N]" show the table of all of the ACEs applied for a given sw_if_index or all interfaces. "show acl-plugin tables hash [verbose N]" show the 48x8 bihash used for the ACL lookup. Change-Id: I89fff051424cb44bcb189e3cee04c1b8f76efc28 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-05-24 13:20:47 +02:00
def run_basic_conn_test(self, af, acl_side):
"""Basic conn timeout test"""
conn1 = Conn(self, self.pg0, self.pg1, af, UDP, 42001, 4242)
conn1.apply_acls(0, acl_side)
conn1.send_through(0)
# the return packets should pass
conn1.send_through(1)
# send some packets on conn1, ensure it doesn't go away
for i in IterateWithSleep(self, 20, "Keep conn active", 0.3):
conn1.send_through(1)
# allow the conn to time out
for i in IterateWithSleep(self, 30, "Wait for timeout", 0.1):
pass
# now try to send a packet on the reflected side
try:
p2 = conn1.send_through(1).command()
except:
# If we asserted while waiting, it's good.
# the conn should have timed out.
p2 = None
self.assert_equal(p2, None, "packet on long-idle conn")
def run_active_conn_test(self, af, acl_side):
"""Idle connection behind active connection test"""
base = 10000 + 1000 * acl_side
conn1 = Conn(self, self.pg0, self.pg1, af, UDP, base + 1, 2323)
conn2 = Conn(self, self.pg0, self.pg1, af, UDP, base + 2, 2323)
conn3 = Conn(self, self.pg0, self.pg1, af, UDP, base + 3, 2323)
conn1.apply_acls(0, acl_side)
conn1.send(0)
conn1.recv(1)
# create and check that the conn2/3 work
self.sleep(0.1)
conn2.send_pingpong(0)
self.sleep(0.1)
conn3.send_pingpong(0)
# send some packets on conn1, keep conn2/3 idle
for i in IterateWithSleep(self, 20, "Keep conn active", 0.2):
conn1.send_through(1)
try:
p2 = conn2.send_through(1).command()
except:
# If we asserted while waiting, it's good.
# the conn should have timed out.
p2 = None
# We should have not received the packet on a long-idle
# connection, because it should have timed out
# If it didn't - it is a problem
self.assert_equal(p2, None, "packet on long-idle conn")
def run_clear_conn_test(self, af, acl_side):
"""Clear the connections via CLI"""
conn1 = Conn(self, self.pg0, self.pg1, af, UDP, 42001, 4242)
conn1.apply_acls(0, acl_side)
conn1.send_through(0)
# the return packets should pass
conn1.send_through(1)
# send some packets on conn1, ensure it doesn't go away
for i in IterateWithSleep(self, 20, "Keep conn active", 0.3):
conn1.send_through(1)
# clear all connections
self.vapi.ppcli("clear acl-plugin sessions")
# now try to send a packet on the reflected side
try:
p2 = conn1.send_through(1).command()
except:
# If we asserted while waiting, it's good.
# the conn should have timed out.
p2 = None
self.assert_equal(p2, None, "packet on supposedly deleted conn")
def run_tcp_transient_setup_conn_test(self, af, acl_side):
conn1 = Conn(self, self.pg0, self.pg1, af, TCP, 53001, 5151)
conn1.apply_acls(0, acl_side)
conn1.send_through(0, "S")
# the return packets should pass
conn1.send_through(1, "SA")
# allow the conn to time out
for i in IterateWithSleep(self, 30, "Wait for timeout", 0.1):
pass
# ensure conn times out
try:
p2 = conn1.send_through(1).command()
except:
# If we asserted while waiting, it's good.
# the conn should have timed out.
p2 = None
self.assert_equal(p2, None, "packet on supposedly deleted conn")
def run_tcp_established_conn_test(self, af, acl_side):
conn1 = Conn(self, self.pg0, self.pg1, af, TCP, 53002, 5052)
conn1.apply_acls(0, acl_side)
conn1.send_through(0, "S")
# the return packets should pass
conn1.send_through(1, "SA")
# complete the threeway handshake
# (NB: sequence numbers not tracked, so not set!)
conn1.send_through(0, "A")
# allow the conn to time out if it's in embryonic timer
for i in IterateWithSleep(self, 30, "Wait for transient timeout", 0.1):
pass
# Try to send the packet from the "forbidden" side - it must pass
conn1.send_through(1, "A")
# ensure conn times out for real
for i in IterateWithSleep(self, 130, "Wait for timeout", 0.1):
pass
try:
p2 = conn1.send_through(1).command()
except:
# If we asserted while waiting, it's good.
# the conn should have timed out.
p2 = None
self.assert_equal(p2, None, "packet on supposedly deleted conn")
def run_tcp_transient_teardown_conn_test(self, af, acl_side):
conn1 = Conn(self, self.pg0, self.pg1, af, TCP, 53002, 5052)
conn1.apply_acls(0, acl_side)
conn1.send_through(0, "S")
# the return packets should pass
conn1.send_through(1, "SA")
# complete the threeway handshake
# (NB: sequence numbers not tracked, so not set!)
conn1.send_through(0, "A")
# allow the conn to time out if it's in embryonic timer
for i in IterateWithSleep(self, 30, "Wait for transient timeout", 0.1):
pass
# Try to send the packet from the "forbidden" side - it must pass
conn1.send_through(1, "A")
# Send the FIN to bounce the session out of established
conn1.send_through(1, "FA")
# If conn landed on transient timer it will time out here
for i in IterateWithSleep(self, 30, "Wait for transient timeout", 0.1):
pass
# Now it should have timed out already
try:
p2 = conn1.send_through(1).command()
except:
# If we asserted while waiting, it's good.
# the conn should have timed out.
p2 = None
self.assert_equal(p2, None, "packet on supposedly deleted conn")
def test_0000_conn_prepare_test(self):
"""Prepare the settings"""
self.vapi.ppcli("set acl-plugin session timeout udp idle 1")
def test_0001_basic_conn_test(self):
"""IPv4: Basic conn timeout test reflect on ingress"""
self.run_basic_conn_test(AF_INET, 0)
def test_0002_basic_conn_test(self):
"""IPv4: Basic conn timeout test reflect on egress"""
self.run_basic_conn_test(AF_INET, 1)
def test_0005_clear_conn_test(self):
"""IPv4: reflect egress, clear conn"""
self.run_clear_conn_test(AF_INET, 1)
def test_0006_clear_conn_test(self):
"""IPv4: reflect ingress, clear conn"""
self.run_clear_conn_test(AF_INET, 0)
def test_0011_active_conn_test(self):
"""IPv4: Idle conn behind active conn, reflect on ingress"""
self.run_active_conn_test(AF_INET, 0)
def test_0012_active_conn_test(self):
"""IPv4: Idle conn behind active conn, reflect on egress"""
self.run_active_conn_test(AF_INET, 1)
def test_1001_basic_conn_test(self):
"""IPv6: Basic conn timeout test reflect on ingress"""
self.run_basic_conn_test(AF_INET6, 0)
def test_1002_basic_conn_test(self):
"""IPv6: Basic conn timeout test reflect on egress"""
self.run_basic_conn_test(AF_INET6, 1)
def test_1005_clear_conn_test(self):
"""IPv6: reflect egress, clear conn"""
self.run_clear_conn_test(AF_INET6, 1)
def test_1006_clear_conn_test(self):
"""IPv6: reflect ingress, clear conn"""
self.run_clear_conn_test(AF_INET6, 0)
def test_1011_active_conn_test(self):
"""IPv6: Idle conn behind active conn, reflect on ingress"""
self.run_active_conn_test(AF_INET6, 0)
def test_1012_active_conn_test(self):
"""IPv6: Idle conn behind active conn, reflect on egress"""
self.run_active_conn_test(AF_INET6, 1)
def test_2000_prepare_for_tcp_test(self):
"""Prepare for TCP session tests"""
# ensure the session hangs on if it gets treated as UDP
self.vapi.ppcli("set acl-plugin session timeout udp idle 200")
# let the TCP connection time out at 5 seconds
self.vapi.ppcli("set acl-plugin session timeout tcp idle 10")
self.vapi.ppcli("set acl-plugin session timeout tcp transient 1")
def test_2001_tcp_transient_conn_test(self):
"""IPv4: transient TCP session (incomplete 3WHS), ref. on ingress"""
self.run_tcp_transient_setup_conn_test(AF_INET, 0)
def test_2002_tcp_transient_conn_test(self):
"""IPv4: transient TCP session (incomplete 3WHS), ref. on egress"""
self.run_tcp_transient_setup_conn_test(AF_INET, 1)
def test_2003_tcp_transient_conn_test(self):
"""IPv4: established TCP session (complete 3WHS), ref. on ingress"""
self.run_tcp_established_conn_test(AF_INET, 0)
def test_2004_tcp_transient_conn_test(self):
"""IPv4: established TCP session (complete 3WHS), ref. on egress"""
self.run_tcp_established_conn_test(AF_INET, 1)
def test_2005_tcp_transient_teardown_conn_test(self):
"""IPv4: transient TCP session (3WHS,ACK,FINACK), ref. on ingress"""
self.run_tcp_transient_teardown_conn_test(AF_INET, 0)
def test_2006_tcp_transient_teardown_conn_test(self):
"""IPv4: transient TCP session (3WHS,ACK,FINACK), ref. on egress"""
self.run_tcp_transient_teardown_conn_test(AF_INET, 1)
def test_3001_tcp_transient_conn_test(self):
"""IPv6: transient TCP session (incomplete 3WHS), ref. on ingress"""
self.run_tcp_transient_setup_conn_test(AF_INET6, 0)
def test_3002_tcp_transient_conn_test(self):
"""IPv6: transient TCP session (incomplete 3WHS), ref. on egress"""
self.run_tcp_transient_setup_conn_test(AF_INET6, 1)
def test_3003_tcp_transient_conn_test(self):
"""IPv6: established TCP session (complete 3WHS), ref. on ingress"""
self.run_tcp_established_conn_test(AF_INET6, 0)
def test_3004_tcp_transient_conn_test(self):
"""IPv6: established TCP session (complete 3WHS), ref. on egress"""
self.run_tcp_established_conn_test(AF_INET6, 1)
def test_3005_tcp_transient_teardown_conn_test(self):
"""IPv6: transient TCP session (3WHS,ACK,FINACK), ref. on ingress"""
self.run_tcp_transient_teardown_conn_test(AF_INET6, 0)
def test_3006_tcp_transient_teardown_conn_test(self):
"""IPv6: transient TCP session (3WHS,ACK,FINACK), ref. on egress"""
self.run_tcp_transient_teardown_conn_test(AF_INET6, 1)