acl-plugin: CLI to clear all sessions

It is useful to have the CLI to clear the existing sessions. There was a work-in-progress CLI but it did not work properly. Fix it and split into a separate "clear acl-plugin sessions", and add a unit test into the extended connection-oriented tests. Change-Id: I55889165ebcee139841fdac88747390903a05394 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21 11:24:25 +02:00
parent a2b4ac1c13
commit eb46754ef6
3 changed files with 75 additions and 8 deletions
--- a/test/test_acl_plugin_conns.py
+++ b/test/test_acl_plugin_conns.py
@ -279,6 +279,27 @@ class ACLPluginConnTestCase(VppTestCase):
        # If it didn't - it is a problem
        self.assert_equal(p2, None, "packet on long-idle conn")

+    def run_clear_conn_test(self, af, acl_side):
+        """ Clear the connections via CLI """
+        conn1 = Conn(self, self.pg0, self.pg1, af, UDP, 42001, 4242)
+        conn1.apply_acls(0, acl_side)
+        conn1.send_through(0)
+        # the return packets should pass
+        conn1.send_through(1)
+        # send some packets on conn1, ensure it doesn't go away
+        for i in IterateWithSleep(self, 20, "Keep conn active", 0.3):
+            conn1.send_through(1)
+        # clear all connections
+        self.vapi.ppcli("clear acl-plugin sessions")
+        # now try to send a packet on the reflected side
+        try:
+            p2 = conn1.send_through(1).command()
+        except:
+            # If we asserted while waiting, it's good.
+            # the conn should have timed out.
+            p2 = None
+        self.assert_equal(p2, None, "packet on supposedly deleted conn")
+
    def test_0000_conn_prepare_test(self):
        """ Prepare the settings """
        self.vapi.ppcli("set acl-plugin session timeout udp idle 1")
@ -291,6 +312,14 @@ class ACLPluginConnTestCase(VppTestCase):
        """ IPv4: Basic conn timeout test reflect on egress """
        self.run_basic_conn_test(AF_INET, 1)

+    def test_0005_clear_conn_test(self):
+        """ IPv4: reflect egress, clear conn """
+        self.run_clear_conn_test(AF_INET, 1)
+
+    def test_0006_clear_conn_test(self):
+        """ IPv4: reflect ingress, clear conn """
+        self.run_clear_conn_test(AF_INET, 0)
+
    def test_0011_active_conn_test(self):
        """ IPv4: Idle conn behind active conn, reflect on ingress """
        self.run_active_conn_test(AF_INET, 0)
@ -307,6 +336,14 @@ class ACLPluginConnTestCase(VppTestCase):
        """ IPv6: Basic conn timeout test reflect on egress """
        self.run_basic_conn_test(AF_INET6, 1)

+    def test_1005_clear_conn_test(self):
+        """ IPv6: reflect egress, clear conn """
+        self.run_clear_conn_test(AF_INET6, 1)
+
+    def test_1006_clear_conn_test(self):
+        """ IPv6: reflect ingress, clear conn """
+        self.run_clear_conn_test(AF_INET6, 0)
+
    def test_1011_active_conn_test(self):
        """ IPv6: Idle conn behind active conn, reflect on ingress """
        self.run_active_conn_test(AF_INET6, 0)