ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ACL-plugin add "replace" semantics for adding a new MacIP acl

Browse Source 
Change-Id: Ia5c869b2d8b8ad012b9e89fb6720c9c32d9ee065
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
This commit is contained in:
Pavel Kotucek
2017-09-07 08:17:31 +02:00
committed by Ole Trøan
parent 6b3a8eff76
commit c29940c58d
7 changed files with 428 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
src/plugins/acl/acl.api
View File

@ -305,7 +305,7 @@ define acl_interface_list_details
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@param tag - descriptive value for this MACIP ACL
@param count - number of rules in this ACL
@param count - number of rules in this MACIP ACL
@param r - vector of MACIP ACL rules
*/
@ -320,7 +320,7 @@ manual_endian manual_print define macip_acl_add
/** \brief Reply to add MACIP ACL
@param context - returned sender context, to match reply w/ request
@param acl_index - index of the newly created ACL
@param acl_index - index of the newly created MACIP ACL
@param retval 0 - no error
*/
@ -331,6 +331,38 @@ define macip_acl_add_reply
i32 retval;
};
/** \brief Add/Replace a MACIP ACL
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@param acl_index - an existing MACIP ACL entry (0..0xfffffffe) to replace, or 0xffffffff to make new MACIP ACL
@param tag - descriptive value for this MACIP ACL
@param count - number of rules in this MACIP ACL
@param r - vector of MACIP ACL rules
*/
manual_endian manual_print define macip_acl_add_replace
{
u32 client_index;
u32 context;
u32 acl_index; /* ~0 to add, existing MACIP ACL# to replace */
u8 tag[64];
u32 count;
vl_api_macip_acl_rule_t r[count];
};
/** \brief Reply to add/replace MACIP ACL
@param context - returned sender context, to match reply w/ request
@param acl_index - index of the newly created MACIP ACL
@param retval 0 - no error
*/
define macip_acl_add_replace_reply
{
u32 context;
u32 acl_index;
i32 retval;
};
/** \brief Delete a MACIP ACL
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@ -347,7 +379,7 @@ autoreply manual_print define macip_acl_del
/** \brief Add or delete a MACIP ACL to/from interface
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@param is_add - add (1) or delete (0) ACL from being used on an interface
@param is_add - add (1) or delete (0) MACIP ACL from being used on an interface
@param sw_if_index - interface to apply the action to
@param acl_index - MACIP ACL index
*/
@ -357,7 +389,7 @@ autoreply manual_print define macip_acl_interface_add_del
u32 client_index;
u32 context;
u8 is_add;
/* macip ACLs are always input */
/* MACIP ACLs are always input */
u32 sw_if_index;
u32 acl_index;
};
@ -365,7 +397,7 @@ autoreply manual_print define macip_acl_interface_add_del
/** \brief Dump one or all defined MACIP ACLs
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@param acl_index - MACIP ACL index or ~0 to dump all ACLs
@param acl_index - MACIP ACL index or ~0 to dump all MACIP ACLs
*/
define macip_acl_dump
@ -380,7 +412,7 @@ define macip_acl_dump
@param acl_index - index of this MACIP ACL
@param tag - descriptive tag which was supplied during the creation
@param count - length of the vector of MACIP ACL rules
@param r - rules comprising this ACL
@param r - rules comprising this MACIP ACL
*/
manual_endian manual_print define macip_acl_details
@ -406,7 +438,7 @@ define macip_acl_interface_get
/** \brief Reply with the vector of MACIP ACLs by sw_if_index
@param context - returned sender context, to match reply w/ request
@param count - total number of elements in the vector
@param acls - the vector of active MACACL indices per sw_if_index
@param acls - the vector of active MACIP ACL indices per sw_if_index
*/
define macip_acl_interface_get_reply
@ -419,7 +451,7 @@ define macip_acl_interface_get_reply
/** \brief Dump the list(s) of MACIP ACLs applied to specific or all interfaces
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@param sw_if_index - interface to dump the ACL list for
@param sw_if_index - interface to dump the MACIP ACL list for
*/
define macip_acl_interface_list_dump
@ -431,9 +463,9 @@ define macip_acl_interface_list_dump
/** \brief Details about a single MACIP ACL contents
@param context - returned sender context, to match reply w/ request
@param sw_if_index - interface for which the list of ACLs is applied
@param sw_if_index - interface for which the list of MACIP ACLs is applied
@param count - total length of acl indices vector
@param acls - the vector of ACL indices
@param acls - the vector of MACIP ACL indices
*/
define macip_acl_interface_list_details

59
src/plugins/acl/acl.c
View File

@ -71,6 +71,7 @@ _(ACL_INTERFACE_SET_ACL_LIST, acl_interface_set_acl_list) \
_(ACL_DUMP, acl_dump) \
_(ACL_INTERFACE_LIST_DUMP, acl_interface_list_dump) \
_(MACIP_ACL_ADD, macip_acl_add) \
_(MACIP_ACL_ADD_REPLACE, macip_acl_add_replace) \
_(MACIP_ACL_DEL, macip_acl_del) \
_(MACIP_ACL_INTERFACE_ADD_DEL, macip_acl_interface_add_del) \
_(MACIP_ACL_DUMP, macip_acl_dump) \
@ -1158,6 +1159,18 @@ macip_acl_add_list (u32 count, vl_api_macip_acl_rule_t rules[],
macip_acl_rule_t *r;
macip_acl_rule_t *acl_new_rules = 0;
int i;
if (*acl_list_index != ~0)
{
/* They supplied some number, let's see if this MACIP ACL exists */
if (pool_is_free_index (am->macip_acls, *acl_list_index))
{
/* tried to replace a non-existent ACL, no point doing anything */
clib_warning("acl-plugin-error: Trying to replace nonexistent MACIP ACL %d (tag %s)", *acl_list_index, tag);
return -1;
}
}
if (0 == count) {
clib_warning("acl-plugin-warning: Trying to create empty MACIP ACL (tag %s)", tag);
}
@ -1180,11 +1193,23 @@ macip_acl_add_list (u32 count, vl_api_macip_acl_rule_t rules[],
r->src_prefixlen = rules[i].src_ip_prefix_len;
}
/* Get ACL index */
pool_get_aligned (am->macip_acls, a, CLIB_CACHE_LINE_BYTES);
memset (a, 0, sizeof (*a));
/* Will return the newly allocated ACL index */
*acl_list_index = a - am->macip_acls;
if (~0 == *acl_list_index)
{
/* Get ACL index */
pool_get_aligned (am->macip_acls, a, CLIB_CACHE_LINE_BYTES);
memset (a, 0, sizeof (*a));
/* Will return the newly allocated ACL index */
*acl_list_index = a - am->macip_acls;
}
else
{
a = &am->macip_acls[*acl_list_index];
if (a->rules)
{
vec_free (a->rules);
}
macip_destroy_classify_tables (am, *acl_list_index);
}
a->rules = acl_new_rules;
a->count = count;
@ -1633,6 +1658,30 @@ vl_api_macip_acl_add_t_handler (vl_api_macip_acl_add_t * mp)
/* *INDENT-ON* */
}
static void
vl_api_macip_acl_add_replace_t_handler (vl_api_macip_acl_add_replace_t * mp)
{
vl_api_macip_acl_add_replace_reply_t *rmp;
acl_main_t *am = &acl_main;
int rv;
u32 acl_list_index = ntohl (mp->acl_index);
u32 acl_count = ntohl (mp->count);
u32 expected_len = sizeof(*mp) + acl_count*sizeof(mp->r[0]);
if (verify_message_len(mp, expected_len, "macip_acl_add_replace")) {
rv = macip_acl_add_list (acl_count, mp->r, &acl_list_index, mp->tag);
} else {
rv = VNET_API_ERROR_INVALID_VALUE;
}
/* *INDENT-OFF* */
REPLY_MACRO2(VL_API_MACIP_ACL_ADD_REPLACE_REPLY,
({
rmp->acl_index = htonl(acl_list_index);
}));
/* *INDENT-ON* */
}
static void
vl_api_macip_acl_del_t_handler (vl_api_macip_acl_del_t * mp)
{

160
src/plugins/acl/acl_test.c
View File

@ -72,7 +72,8 @@ _(macip_acl_del_reply)
#define foreach_reply_retval_aclindex_handler \
_(acl_add_replace_reply) \
_(macip_acl_add_reply)
_(macip_acl_add_reply) \
_(macip_acl_add_replace_reply)
#define _(n) \
static void vl_api_##n##_t_handler \
@ -272,6 +273,7 @@ _(ACL_INTERFACE_SET_ACL_LIST_REPLY, acl_interface_set_acl_list_reply) \
_(ACL_INTERFACE_LIST_DETAILS, acl_interface_list_details) \
_(ACL_DETAILS, acl_details) \
_(MACIP_ACL_ADD_REPLY, macip_acl_add_reply) \
_(MACIP_ACL_ADD_REPLACE_REPLY, macip_acl_add_replace_reply) \
_(MACIP_ACL_DEL_REPLY, macip_acl_del_reply) \
_(MACIP_ACL_DETAILS, macip_acl_details) \
_(MACIP_ACL_INTERFACE_ADD_DEL_REPLY, macip_acl_interface_add_del_reply) \
@ -965,8 +967,6 @@ static int api_macip_acl_add (vat_main_t * vam)
if(rules)
n_rules = vec_len(rules);
else
n_rules = 0;
if (n_rules_override >= 0)
n_rules = n_rules_override;
@ -1000,6 +1000,159 @@ static int api_macip_acl_add (vat_main_t * vam)
return ret;
}
static int api_macip_acl_add_replace (vat_main_t * vam)
{
acl_test_main_t * sm = &acl_test_main;
unformat_input_t * i = vam->input;
vl_api_macip_acl_add_replace_t * mp;
u32 acl_index = ~0;
u32 msg_size = sizeof (*mp); /* without the rules */
vl_api_macip_acl_rule_t *rules = 0;
int rule_idx = 0;
int n_rules = 0;
int n_rules_override = -1;
u32 src_prefix_length = 0;
u32 action = 0;
ip4_address_t src_v4address;
ip6_address_t src_v6address;
u8 src_mac[6];
u8 *tag = 0;
u8 mac_mask_all_1[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
int ret;
if (!unformat (i, "%d", &acl_index)) {
/* Just assume -1 */
}
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
if (unformat (i, "ipv6"))
{
vec_validate_macip_acl_rules(rules, rule_idx);
rules[rule_idx].is_ipv6 = 1;
}
else if (unformat (i, "ipv4"))
{
vec_validate_macip_acl_rules(rules, rule_idx);
rules[rule_idx].is_ipv6 = 0;
}
else if (unformat (i, "permit"))
{
vec_validate_macip_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = 1;
}
else if (unformat (i, "deny"))
{
vec_validate_macip_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = 0;
}
else if (unformat (i, "count %d", &n_rules_override))
{
/* we will use this later */
}
else if (unformat (i, "action %d", &action))
{
vec_validate_macip_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = action;
}
else if (unformat (i, "ip %U/%d",
unformat_ip4_address, &src_v4address, &src_prefix_length) ||
unformat (i, "ip %U",
unformat_ip4_address, &src_v4address))
{
if (src_prefix_length == 0)
src_prefix_length = 32;
vec_validate_macip_acl_rules(rules, rule_idx);
memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
rules[rule_idx].src_ip_prefix_len = src_prefix_length;
rules[rule_idx].is_ipv6 = 0;
}
else if (unformat (i, "src"))
{
/* Everything in MACIP is "source" but allow this verbosity */
}
else if (unformat (i, "ip %U/%d",
unformat_ip6_address, &src_v6address, &src_prefix_length) ||
unformat (i, "ip %U",
unformat_ip6_address, &src_v6address))
{
if (src_prefix_length == 0)
src_prefix_length = 128;
vec_validate_macip_acl_rules(rules, rule_idx);
memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
rules[rule_idx].src_ip_prefix_len = src_prefix_length;
rules[rule_idx].is_ipv6 = 1;
}
else if (unformat (i, "mac %U",
my_unformat_mac_address, &src_mac))
{
vec_validate_macip_acl_rules(rules, rule_idx);
memcpy (rules[rule_idx].src_mac, &src_mac, 6);
memcpy (rules[rule_idx].src_mac_mask, &mac_mask_all_1, 6);
}
else if (unformat (i, "mask %U",
my_unformat_mac_address, &src_mac))
{
vec_validate_macip_acl_rules(rules, rule_idx);
memcpy (rules[rule_idx].src_mac_mask, &src_mac, 6);
}
else if (unformat (i, "tag %s", &tag))
{
}
else if (unformat (i, ","))
{
rule_idx++;
vec_validate_macip_acl_rules(rules, rule_idx);
}
else
break;
}
if (!rules)
{
errmsg ("rule/s required\n");
return -99;
}
/* Construct the API message */
vam->result_ready = 0;
if(rules)
n_rules = vec_len(rules);
if (n_rules_override >= 0)
n_rules = n_rules_override;
msg_size += n_rules*sizeof(rules[0]);
mp = vl_msg_api_alloc_as_if_client(msg_size);
memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_ADD_REPLACE + sm->msg_id_base);
mp->client_index = vam->my_client_index;
if ((n_rules > 0) && rules)
clib_memcpy(mp->r, rules, n_rules*sizeof (mp->r[0]));
if (tag)
{
if (vec_len(tag) >= sizeof(mp->tag))
{
tag[sizeof(mp->tag)-1] = 0;
_vec_len(tag) = sizeof(mp->tag);
}
clib_memcpy(mp->tag, tag, vec_len(tag));
vec_free(tag);
}
mp->acl_index = ntohl(acl_index);
mp->count = htonl(n_rules);
/* send it... */
S(mp);
/* Wait for a reply... */
W (ret);
return ret;
}
/*
* List of messages that the api test plugin sends,
* and that the data plane plugin processes
@ -1013,6 +1166,7 @@ _(acl_interface_add_del, "<intfc> | sw_if_index <if-idx> [add|del] [input|output
_(acl_interface_set_acl_list, "<intfc> | sw_if_index <if-idx> input [acl-idx list] output [acl-idx list]") \
_(acl_interface_list_dump, "[<intfc> | sw_if_index <if-idx>]") \
_(macip_acl_add, "...") \
_(macip_acl_add_replace, "<acl-idx> [<ipv4|ipv6> <permit|deny|action N> [count <count>] [src] ip <ipaddress/[plen]> mac <mac> mask <mac_mask>, ... , ...") \
_(macip_acl_del, "<acl-idx>")\
_(macip_acl_dump, "[<acl-idx>]") \
_(macip_acl_interface_add_del, "<intfc> | sw_if_index <if-idx> [add|del] acl <acl-idx>") \

42
src/plugins/acl/manual_fns.h
View File

@ -89,6 +89,18 @@ vl_api_macip_acl_add_t_endian (vl_api_macip_acl_add_t * a)
vl_api_macip_acl_rule_t_array_endian (a->r, a->count);
}
static inline void
vl_api_macip_acl_add_replace_t_endian (vl_api_macip_acl_add_replace_t * a)
{
a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id);
a->client_index = clib_net_to_host_u32 (a->client_index);
a->context = clib_net_to_host_u32 (a->context);
a->acl_index = clib_net_to_host_u32 (a->acl_index);
/* a->tag[0..63] = a->tag[0..63] (no-op) */
a->count = clib_net_to_host_u32 (a->count);
vl_api_macip_acl_rule_t_array_endian (a->r, a->count);
}
static inline u8 *
format_acl_action(u8 *s, u8 action)
{
@ -292,6 +304,36 @@ vl_api_macip_acl_add_t_print (vl_api_macip_acl_add_t * a, void *handle)
return handle;
}
static inline void *
vl_api_macip_acl_add_replace_t_print (vl_api_macip_acl_add_replace_t * a, void *handle)
{
u8 *s = 0;
int i;
u32 acl_index = clib_net_to_host_u32 (a->acl_index);
u32 count = clib_net_to_host_u32 (a->count);
if (count > 0x100000)
{
s = format (s, "WARN: macip_acl_add_replace count endianness wrong? Fixup to avoid long loop.\n");
count = a->count;
}
s = format (s, "SCRIPT: macip_acl_add_replace %d count %d ",
acl_index, count);
if (a->tag[0])
s = format (s, "tag %s ", a->tag);
s = format (s, "count %d \\\n", count);
PRINT_S;
for (i = 0; i < count; i++)
vl_api_macip_acl_rule_t_print (&a->r[i], handle);
s = format (0, "\n");
PRINT_S;
return handle;
}
static inline void *
vl_api_acl_interface_set_acl_list_t_print (vl_api_acl_interface_set_acl_list_t

18
src/vpp-api/java/jvpp-acl/io/fd/vpp/jvpp/acl/examples/AclTestRequests.java
View File

@ -32,6 +32,8 @@ import io.fd.vpp.jvpp.acl.dto.AclInterfaceSetAclList;
import io.fd.vpp.jvpp.acl.dto.AclInterfaceSetAclListReply;
import io.fd.vpp.jvpp.acl.dto.MacipAclAdd;
import io.fd.vpp.jvpp.acl.dto.MacipAclAddReply;
import io.fd.vpp.jvpp.acl.dto.MacipAclAddReplace;
import io.fd.vpp.jvpp.acl.dto.MacipAclAddReplaceReply;
import io.fd.vpp.jvpp.acl.dto.MacipAclDel;
import io.fd.vpp.jvpp.acl.dto.MacipAclDelReply;
import io.fd.vpp.jvpp.acl.dto.MacipAclDetailsReplyDump;
@ -56,6 +58,13 @@ class AclTestRequests {
System.out.printf("MacipAclAdd send result = %s%n", reply);
}
static void sendMacIpAddReplaceRequest(final FutureJVppAclFacade jvpp) throws InterruptedException, ExecutionException {
final MacipAclAddReplace request = createMacIpAddReplaceRequest();
System.out.printf("Sending MacipAclAddReplace request %s%n", request.toString());
final MacipAclAddReplaceReply reply = jvpp.macipAclAddReplace(createMacIpAddReplaceRequest()).toCompletableFuture().get();
System.out.printf("MacipAclAddReplace send result = %s%n", reply);
}
static void sendMacIpDelRequest(final FutureJVppAclFacade jvpp) throws InterruptedException, ExecutionException {
final MacipAclDel request = new MacipAclDel();
request.aclIndex = 0;
@ -130,6 +139,15 @@ class AclTestRequests {
return request;
}
private static MacipAclAddReplace createMacIpAddReplaceRequest() {
MacipAclAddReplace request = new MacipAclAddReplace();
request.count = 2;
request.aclIndex = 0;
request.r = createMacipRules();
return request;
}
private static AclAddReplace createAclAddRequest() {
AclAddReplace request = new AclAddReplace();

118
test/test_acl_plugin_macip.py
View File

@ -130,13 +130,14 @@ class TestMACIP(VppTestCase):
acls = self.vapi.macip_acl_dump()
if self.DEBUG:
for acl in acls:
print "ACL #"+str(acl.acl_index)
for r in acl.r:
rule = "ACTION"
if r.is_permit == 1:
rule = "PERMIT"
elif r.is_permit == 0:
rule = "DENY "
print "IP6" if r.is_ipv6 else "IP4", \
print " IP6" if r.is_ipv6 else " IP4", \
rule, \
r.src_mac.encode('hex'), \
r.src_mac_mask.encode('hex'),\
@ -144,10 +145,12 @@ class TestMACIP(VppTestCase):
r.src_ip_prefix_len
return acls
def create_acls(self, mac_type, ip_type, acl_count, rules_count):
rules = []
def create_rules(self, mac_type=EXACT_MAC, ip_type=EXACT_IP,
acl_count=1, rules_count=[1]):
acls = []
src_mac = int("220000dead00", 16)
for acl in range(2, (acl_count+1) * 2):
rules = []
host = random.choice(self.loop0.remote_hosts)
is_ip6 = acl % 2
ip4 = host.ip4.split('.')
@ -210,12 +213,15 @@ class TestMACIP(VppTestCase):
if ip_type == self.WILD_IP:
break
reply = self.vapi.macip_acl_add_replace(rules)
acls.append(rules)
src_mac += 1099511627776
return acls
def apply_rules(self, acls):
for acl in acls:
reply = self.vapi.macip_acl_add(acl)
self.assertEqual(reply.retval, 0)
self.ACLS.append(reply.acl_index)
del rules[:]
src_mac += 1099511627776
def verify_acls(self, acl_count, rules_count, expected_count=2):
reply = self.macip_acl_dump_debug()
@ -459,7 +465,8 @@ class TestMACIP(VppTestCase):
# data = p[Raw].load.split(':',1)[1]
# print p[p_l3].src, data
def run_traffic(self, mac_type, ip_type, bridged_routed, is_ip6, packets):
def run_traffic(self, mac_type, ip_type, bridged_routed, is_ip6, packets,
do_not_expected_capture=False):
self.reset_packet_infos()
tx_if = self.pg0 if bridged_routed else self.pg2
@ -469,7 +476,7 @@ class TestMACIP(VppTestCase):
self.pg2, self.loop0,
bridged_routed, is_ip6)
reply = self.vapi.macip_acl_add_replace(test_dict['rules'])
reply = self.vapi.macip_acl_add(test_dict['rules'])
self.assertEqual(reply.retval, 0)
acl_index = reply.acl_index
@ -483,15 +490,20 @@ class TestMACIP(VppTestCase):
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
packet_count = self.get_packet_count_for_if_idx(self.loop0.sw_if_index)
if mac_type == self.WILD_MAC and ip_type == self.WILD_IP:
packet_count = packets
capture = rx_if.get_capture(packet_count)
self.verify_capture(test_dict['stream'], capture, is_ip6)
if do_not_expected_capture:
rx_if.get_capture(0)
else:
packet_count = self.get_packet_count_for_if_idx(
self.loop0.sw_if_index)
if mac_type == self.WILD_MAC and ip_type == self.WILD_IP:
packet_count = packets
capture = rx_if.get_capture(packet_count)
self.verify_capture(test_dict['stream'], capture, is_ip6)
def run_test_acls(self, mac_type, ip_type, acl_count,
rules_count, traffic=None, ip=None):
self.create_acls(mac_type, ip_type, acl_count, rules_count)
self.apply_rules(self.create_rules(mac_type, ip_type, acl_count,
rules_count))
self.verify_acls(acl_count, rules_count)
if traffic is not None:
@ -687,14 +699,84 @@ class TestMACIP(VppTestCase):
[100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
self.BRIDGED, self.IS_IP6)
def test_acl_replace(self):
""" MACIP replace ACL
"""
r1 = self.create_rules(acl_count=3, rules_count=[2, 2, 2])
r2 = self.create_rules(mac_type=self.OUI_MAC, ip_type=self.SUBNET_IP)
self.apply_rules(r1)
acls_before = self.macip_acl_dump_debug()
# replace acls #2, #3 with new
reply = self.vapi.macip_acl_add_replace(r2[0], 2)
self.assertEqual(reply.retval, 0)
self.assertEqual(reply.acl_index, 2)
reply = self.vapi.macip_acl_add_replace(r2[1], 3)
self.assertEqual(reply.retval, 0)
self.assertEqual(reply.acl_index, 3)
acls_after = self.macip_acl_dump_debug()
# verify changes
self.assertEqual(len(acls_before), len(acls_after))
for acl1, acl2 in zip(
acls_before[:2]+acls_before[4:],
acls_after[:2]+acls_after[4:]):
self.assertEqual(len(acl1), len(acl2))
self.assertEqual(len(acl1.r), len(acl2.r))
for r1, r2 in zip(acl1.r, acl2.r):
self.assertEqual(len(acl1.r), len(acl2.r))
self.assertEqual(acl1.r, acl2.r)
for acl1, acl2 in zip(
acls_before[2:4],
acls_after[2:4]):
self.assertEqual(len(acl1), len(acl2))
self.assertNotEqual(len(acl1.r), len(acl2.r))
for r1, r2 in zip(acl1.r, acl2.r):
self.assertNotEqual(len(acl1.r), len(acl2.r))
self.assertNotEqual(acl1.r, acl2.r)
def test_acl_replace_traffic_ip4(self):
""" MACIP replace ACL with IP4 traffic
"""
self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
self.BRIDGED, self.IS_IP4, 9)
r = self.create_rules()
# replace acls #2, #3 with new
reply = self.vapi.macip_acl_add_replace(r[0], 0)
self.assertEqual(reply.retval, 0)
self.assertEqual(reply.acl_index, 0)
self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
self.BRIDGED, self.IS_IP4, 9, True)
def test_acl_replace_traffic_ip6(self):
""" MACIP replace ACL with IP6 traffic
"""
self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
self.BRIDGED, self.IS_IP6, 9)
r = self.create_rules()
# replace acls #2, #3 with new
reply = self.vapi.macip_acl_add_replace(r[0], 0)
self.assertEqual(reply.retval, 0)
self.assertEqual(reply.acl_index, 0)
self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
self.BRIDGED, self.IS_IP6, 9, True)
def test_delete_intf(self):
""" MACIP ACL delete intf with acl
"""
intf_count = len(self.interfaces)+1
rules_count = [3, 5, 4]
intf = []
self.create_acls(self.EXACT_IP, self.EXACT_MAC, 3, rules_count)
self.apply_rules(self.create_rules(acl_count=3, rules_count=[3, 5, 4]))
intf.append(VppLoInterface(self, 0))
intf.append(VppLoInterface(self, 1))
@ -748,7 +830,7 @@ class TestMACIP(VppTestCase):
self.assertEqual(len([x for x in reply.acls if x != 4294967295]), 0)
@unittest.skipUnless(running_extended_tests(), "part of extended tests")
def test_check(self):
def test_routed(self):
""" MACIP with routed traffic
"""
# TODO: routed do not work yet !!!

22
test/vpp_papi_provider.py
View File

@ -2266,6 +2266,18 @@ class VppPapiProvider(object):
'traffic_type': traffic_type
})
def macip_acl_add(self, rules, tag=""):
""" Add MACIP acl
:param rules: list of rules for given acl
:param tag: acl tag
"""
return self.api(self.papi.macip_acl_add,
{'r': rules,
'count': len(rules),
'tag': tag})
def macip_acl_add_replace(self, rules, acl_index=0xFFFFFFFF, tag=""):
""" Add MACIP acl
@ -2273,13 +2285,9 @@ class VppPapiProvider(object):
:param tag: acl tag
"""
# return self.api(self.papi.macip_acl_add_replace,
# {'acl_index': acl_index,
# 'r': rules,
# 'count': len(rules),
# 'tag': tag})
return self.api(self.papi.macip_acl_add,
{'r': rules,
return self.api(self.papi.macip_acl_add_replace,
{'acl_index': acl_index,
'r': rules,
'count': len(rules),
'tag': tag})