8d991d923b
* TypeError: assertIsNotNone() got an unexpected keyword argument 'msg'
* Correct missing calls to setUpClass/tearDownClass.
If you want the setUpClass and tearDownClass on base classes called then you must call up to them yourself.
The implementations in TestCase are empty.
https://docs.python.org/2/library/unittest.html#setupclass-and-teardownclass
Cleans up issues in parallel test mode:
-------------
FAILURES AND ERRORS IN TESTS:
Testcase name: VCL Thru Host Stack Bidir Nsock
FAILURE: test_vcl.VCLThruHostStackBidirNsock.test_vcl_thru_host_stack_bi_dir_nsock [test_vcl.VCLThruHostStackBidirNsock.test_vcl_thru_host_stack_bi_dir_nsock]
Testcase name: Bidirectional Forwarding Detection (BFD) (changing auth)
ERROR: test_bfd.BFDAuthOnOffTestCase.test_auth_change_key_delayed [test_bfd.BFDAuthOnOffTestCase.test_auth_change_key_delayed]
ERROR: test_bfd.BFDAuthOnOffTestCase.test_auth_change_key_immediate [test_bfd.BFDAuthOnOffTestCase.test_auth_change_key_immediate]
ERROR: test_bfd.BFDAuthOnOffTestCase.test_auth_off_delayed [test_bfd.BFDAuthOnOffTestCase.test_auth_off_delayed]
ERROR: test_bfd.BFDAuthOnOffTestCase.test_auth_off_immediate [test_bfd.BFDAuthOnOffTestCase.test_auth_off_immediate]
ERROR: test_bfd.BFDAuthOnOffTestCase.test_auth_on_delayed [test_bfd.BFDAuthOnOffTestCase.test_auth_on_delayed]
ERROR: test_bfd.BFDAuthOnOffTestCase.test_auth_on_immediate [test_bfd.BFDAuthOnOffTestCase.test_auth_on_immediate]
Testcase name: Punt Socket for IPv4
ERROR: test_punt.TestIP4PuntSocket.test_punt_socket_dump [test_punt.TestIP4PuntSocket.test_punt_socket_dump]
ERROR: test_punt.TestIP4PuntSocket.test_punt_socket_traffic_multi_port_multi_sockets [test_punt.TestIP4PuntSocket.test_punt_socket_traffic_multi_port_multi_sockets]
ERROR: test_punt.TestIP4PuntSocket.test_punt_socket_traffic_multi_ports_single_socket [test_punt.TestIP4PuntSocket.test_punt_socket_traffic_multi_ports_single_socket]
ERROR: test_punt.TestIP4PuntSocket.test_punt_socket_traffic_single_port_single_socket [test_punt.TestIP4PuntSocket.test_punt_socket_traffic_single_port_single_socket]
Testcase name: Bidirectional Forwarding Detection (BFD) (IPv6)
ERROR: test_bfd.BFD6TestCase.test_echo [test_bfd.BFD6TestCase.test_echo]
ERROR: test_bfd.BFD6TestCase.test_echo_looped_back [test_bfd.BFD6TestCase.test_echo_looped_back]
ERROR: test_bfd.BFD6TestCase.test_intf_deleted [test_bfd.BFD6TestCase.test_intf_deleted]
ERROR: test_bfd.BFD6TestCase.test_session_up [test_bfd.BFD6TestCase.test_session_up]
ERROR: test_bfd.BFD6TestCase.test_session_up_by_ip [test_bfd.BFD6TestCase.test_session_up_by_ip]
Testcase name: Bidirectional Forwarding Detection (BFD) (CLI)
ERROR: test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp [test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp]
ERROR: test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp6 [test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp6]
ERROR: test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp6_auth [test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp6_auth]
ERROR: test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp_auth [test_bfd.BFDCLITestCase.test_add_mod_del_bfd_udp_auth]
ERROR: test_bfd.BFDCLITestCase.test_admin_up_down [test_bfd.BFDCLITestCase.test_admin_up_down]
ERROR: test_bfd.BFDCLITestCase.test_auth_on_off [test_bfd.BFDCLITestCase.test_auth_on_off]
ERROR: test_bfd.BFDCLITestCase.test_auth_on_off_delayed [test_bfd.BFDCLITestCase.test_auth_on_off_delayed]
ERROR: test_bfd.BFDCLITestCase.test_set_del_meticulous_sha1_key [test_bfd.BFDCLITestCase.test_set_del_meticulous_sha1_key]
ERROR: test_bfd.BFDCLITestCase.test_set_del_sha1_key [test_bfd.BFDCLITestCase.test_set_del_sha1_key]
ERROR: test_bfd.BFDCLITestCase.test_set_del_udp_echo_source [test_bfd.BFDCLITestCase.test_set_del_udp_echo_source]
ERROR: test_bfd.BFDCLITestCase.test_show [test_bfd.BFDCLITestCase.test_show]
Testcase name: VAPI test
ERROR: test_vapi.VAPITestCase.test_vapi_c [test_vapi.VAPITestCase.test_vapi_c]
Testcase name: Container integration extended testcases
ERROR: test_container.ContainerIntegrationTestCase.test_0010_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0010_basic_conn_test]
ERROR: test_container.ContainerIntegrationTestCase.test_0011_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0011_basic_conn_test]
ERROR: test_container.ContainerIntegrationTestCase.test_0050_loopback_prepare_test [test_container.ContainerIntegrationTestCase.test_0050_loopback_prepare_test]
ERROR: test_container.ContainerIntegrationTestCase.test_0110_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0110_basic_conn_test]
ERROR: test_container.ContainerIntegrationTestCase.test_0111_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0111_basic_conn_test]
ERROR: test_container.ContainerIntegrationTestCase.test_0200_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0200_basic_conn_test]
ERROR: test_container.ContainerIntegrationTestCase.test_0210_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0210_basic_conn_test]
ERROR: test_container.ContainerIntegrationTestCase.test_0211_basic_conn_test [test_container.ContainerIntegrationTestCase.test_0211_basic_conn_test]
ERROR: test_container.ContainerIntegrationTestCase.test_0300_unconfigure_commands [test_container.ContainerIntegrationTestCase.test_0300_unconfigure_commands]
ERROR: test_container.ContainerIntegrationTestCase.test_0410_spoof_test [test_container.ContainerIntegrationTestCase.test_0410_spoof_test]
ERROR: test_container.ContainerIntegrationTestCase.test_0411_spoof_test [test_container.ContainerIntegrationTestCase.test_0411_spoof_test]
Testcase name: Re-enable IPFIX
ERROR: test_flowprobe.ReenableIPFIX.test_0011 [test_flowprobe.ReenableIPFIX.test_0011]
Testcase name: VXLAN over IPv6 Test Case
ERROR: setUpClass [setUpClass (test_vxlan6.TestVxlan6)]
Testcase name: JVPP Core Test Case
ERROR: test_jvpp.TestJVpp.test_vpp_acl_callback_api [test_jvpp.TestJVpp.test_vpp_acl_callback_api]
ERROR: test_jvpp.TestJVpp.test_vpp_acl_future_api [test_jvpp.TestJVpp.test_vpp_acl_future_api]
ERROR: test_jvpp.TestJVpp.test_vpp_core_callback_api [test_jvpp.TestJVpp.test_vpp_core_callback_api]
ERROR: test_jvpp.TestJVpp.test_vpp_core_future_api [test_jvpp.TestJVpp.test_vpp_core_future_api]
ERROR: test_jvpp.TestJVpp.test_vpp_ioamexport_callback_api [test_jvpp.TestJVpp.test_vpp_ioamexport_callback_api]
ERROR: test_jvpp.TestJVpp.test_vpp_ioamexport_future_api [test_jvpp.TestJVpp.test_vpp_ioamexport_future_api]
ERROR: test_jvpp.TestJVpp.test_vpp_ioampot_callback_api [test_jvpp.TestJVpp.test_vpp_ioampot_callback_api]
ERROR: test_jvpp.TestJVpp.test_vpp_ioampot_future_api [test_jvpp.TestJVpp.test_vpp_ioampot_future_api]
ERROR: test_jvpp.TestJVpp.test_vpp_ioamtrace_callback_api [test_jvpp.TestJVpp.test_vpp_ioamtrace_callback_api]
ERROR: test_jvpp.TestJVpp.test_vpp_ioamtrace_future_api [test_jvpp.TestJVpp.test_vpp_ioamtrace_future_api]
ERROR: test_jvpp.TestJVpp.test_vpp_snat_callback_api [test_jvpp.TestJVpp.test_vpp_snat_callback_api]
ERROR: test_jvpp.TestJVpp.test_vpp_snat_future_api [test_jvpp.TestJVpp.test_vpp_snat_future_api]
Testcase name: LDP Cut Thru Tests
FAILURE: test_vcl.LDPCutThruTestCase.test_ldp_cut_thru_iperf3 [test_vcl.LDPCutThruTestCase.test_ldp_cut_thru_iperf3]
Testcase name: ACL plugin connection-oriented extended testcases
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0000_conn_prepare_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0000_conn_prepare_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0001_basic_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0001_basic_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0002_basic_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0002_basic_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0005_clear_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0005_clear_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0006_clear_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0006_clear_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0011_active_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0011_active_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_0012_active_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_0012_active_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_1001_basic_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_1001_basic_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_1002_basic_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_1002_basic_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_1005_clear_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_1005_clear_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_1006_clear_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_1006_clear_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_1011_active_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_1011_active_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_1012_active_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_1012_active_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2000_prepare_for_tcp_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2000_prepare_for_tcp_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2001_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2001_tcp_transient_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2002_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2002_tcp_transient_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2003_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2003_tcp_transient_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2004_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2004_tcp_transient_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2005_tcp_transient_teardown_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2005_tcp_transient_teardown_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_2006_tcp_transient_teardown_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_2006_tcp_transient_teardown_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_3001_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_3001_tcp_transient_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_3002_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_3002_tcp_transient_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_3003_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_3003_tcp_transient_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_3004_tcp_transient_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_3004_tcp_transient_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_3005_tcp_transient_teardown_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_3005_tcp_transient_teardown_conn_test]
ERROR: test_acl_plugin_conns.ACLPluginConnTestCase.test_3006_tcp_transient_teardown_conn_test [test_acl_plugin_conns.ACLPluginConnTestCase.test_3006_tcp_transient_teardown_conn_test]
Testcase name: LDP Thru Host Stack Echo
FAILURE: test_vcl.LDPThruHostStackEcho.test_ldp_thru_host_stack_echo [test_vcl.LDPThruHostStackEcho.test_ldp_thru_host_stack_echo]
Testcase name: Bidirectional Forwarding Detection (BFD) - API
ERROR: test_bfd.BFDAPITestCase.test_activate_auth [test_bfd.BFDAPITestCase.test_activate_auth]
ERROR: test_bfd.BFDAPITestCase.test_add_auth_nonexistent_key [test_bfd.BFDAPITestCase.test_add_auth_nonexistent_key]
ERROR: test_bfd.BFDAPITestCase.test_add_bfd [test_bfd.BFDAPITestCase.test_add_bfd]
ERROR: test_bfd.BFDAPITestCase.test_add_bfd6 [test_bfd.BFDAPITestCase.test_add_bfd6]
ERROR: test_bfd.BFDAPITestCase.test_add_bfd_sha1 [test_bfd.BFDAPITestCase.test_add_bfd_sha1]
ERROR: test_bfd.BFDAPITestCase.test_add_sha1_keys [test_bfd.BFDAPITestCase.test_add_sha1_keys]
ERROR: test_bfd.BFDAPITestCase.test_change_key [test_bfd.BFDAPITestCase.test_change_key]
ERROR: test_bfd.BFDAPITestCase.test_deactivate_auth [test_bfd.BFDAPITestCase.test_deactivate_auth]
ERROR: test_bfd.BFDAPITestCase.test_double_add [test_bfd.BFDAPITestCase.test_double_add]
ERROR: test_bfd.BFDAPITestCase.test_double_add_sha1 [test_bfd.BFDAPITestCase.test_double_add_sha1]
ERROR: test_bfd.BFDAPITestCase.test_mod_bfd [test_bfd.BFDAPITestCase.test_mod_bfd]
ERROR: test_bfd.BFDAPITestCase.test_set_del_udp_echo_source [test_bfd.BFDAPITestCase.test_set_del_udp_echo_source]
ERROR: test_bfd.BFDAPITestCase.test_shared_sha1_key [test_bfd.BFDAPITestCase.test_shared_sha1_key]
Testcase name: LDP Thru Host Stack Iperf
FAILURE: test_vcl.LDPThruHostStackIperf.test_ldp_thru_host_stack_iperf3 [test_vcl.LDPThruHostStackIperf.test_ldp_thru_host_stack_iperf3]
Testcase name: Bidirectional Forwarding Detection (BFD) (SHA1 auth)
ERROR: test_bfd.BFDSHA1TestCase.test_session_up [test_bfd.BFDSHA1TestCase.test_session_up]
Testcase name: Punt Socket for IPv6
ERROR: test_punt.TestIP6PuntSocket.test_punt_socket_dump [test_punt.TestIP6PuntSocket.test_punt_socket_dump]
ERROR: test_punt.TestIP6PuntSocket.test_punt_socket_traffic_multi_port_multi_sockets [test_punt.TestIP6PuntSocket.test_punt_socket_traffic_multi_port_multi_sockets]
ERROR: test_punt.TestIP6PuntSocket.test_punt_socket_traffic_multi_ports_single_socket [test_punt.TestIP6PuntSocket.test_punt_socket_traffic_multi_ports_single_socket]
ERROR: test_punt.TestIP6PuntSocket.test_punt_socket_traffic_single_port_single_socket [test_punt.TestIP6PuntSocket.test_punt_socket_traffic_single_port_single_socket]
Testcase name: Disable Flowprobe feature
ERROR: test_flowprobe.DisableFP.test_0001 [test_flowprobe.DisableFP.test_0001]
Testcase name: Disable IPFIX
ERROR: test_flowprobe.DisableIPFIX.test_0001 [test_flowprobe.DisableIPFIX.test_0001]
Testcase name: VPP Object Model Test
ERROR: test_vom.VOMTestCase.test_vom_cpp [test_vom.VOMTestCase.test_vom_cpp]
Testcase name: BFD-FIB interactions (IPv6)
ERROR: test_bfd.BFDFIBTestCase.test_session_with_fib [test_bfd.BFDFIBTestCase.test_session_with_fib]
Testcase name: Bidirectional Forwarding Detection (BFD)
ERROR: test_bfd.BFD4TestCase.test_echo [test_bfd.BFD4TestCase.test_echo]
ERROR: test_bfd.BFD4TestCase.test_echo_looped_back [test_bfd.BFD4TestCase.test_echo_looped_back]
ERROR: test_bfd.BFD4TestCase.test_intf_deleted [test_bfd.BFD4TestCase.test_intf_deleted]
ERROR: test_bfd.BFD4TestCase.test_session_down [test_bfd.BFD4TestCase.test_session_down]
ERROR: test_bfd.BFD4TestCase.test_session_up [test_bfd.BFD4TestCase.test_session_up]
ERROR: test_bfd.BFD4TestCase.test_session_up_by_ip [test_bfd.BFD4TestCase.test_session_up_by_ip]
Testcase name: VXLAN-GPE Test Case
ERROR: test_vxlan_gpe.TestVxlanGpe.test_decap [test_vxlan_gpe.TestVxlanGpe.test_decap]
ERROR: test_vxlan_gpe.TestVxlanGpe.test_encap [test_vxlan_gpe.TestVxlanGpe.test_encap]
ERROR: test_vxlan_gpe.TestVxlanGpe.test_ucast_flood [test_vxlan_gpe.TestVxlanGpe.test_ucast_flood]
Testcase name: Re-enable Flowprobe feature
ERROR: test_flowprobe.ReenableFP.test_0001 [test_flowprobe.ReenableFP.test_0001]
Testcase name: LDP IPv6 Cut Thru Tests
FAILURE: test_vcl.LDPIpv6CutThruTestCase.test_ldp_ipv6_cut_thru_echo [test_vcl.LDPIpv6CutThruTestCase.test_ldp_ipv6_cut_thru_echo]
TESTCASES WHERE NO TESTS WERE SUCCESSFULLY EXECUTED:
VXLAN over IPv6 Test Case
==============================================================================
0 attempt(s) left.
Change-Id: Id202ed6ee7f57670f34ec87380244c568b509416
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
411 lines
16 KiB
Python
411 lines
16 KiB
Python
#!/usr/bin/env python
|
|
""" ACL plugin extended stateful tests """
|
|
|
|
import unittest
|
|
from framework import VppTestCase, VppTestRunner, running_extended_tests
|
|
from scapy.layers.l2 import Ether
|
|
from scapy.packet import Raw
|
|
from scapy.layers.inet import IP, UDP, TCP
|
|
from scapy.packet import Packet
|
|
from socket import inet_pton, AF_INET, AF_INET6
|
|
from scapy.layers.inet6 import IPv6, ICMPv6Unknown, ICMPv6EchoRequest
|
|
from scapy.layers.inet6 import ICMPv6EchoReply, IPv6ExtHdrRouting
|
|
from scapy.layers.inet6 import IPv6ExtHdrFragment
|
|
from pprint import pprint
|
|
from random import randint
|
|
from util import L4_Conn
|
|
|
|
|
|
def to_acl_rule(self, is_permit, wildcard_sport=False):
|
|
p = self
|
|
rule_family = AF_INET6 if p.haslayer(IPv6) else AF_INET
|
|
rule_prefix_len = 128 if p.haslayer(IPv6) else 32
|
|
rule_l3_layer = IPv6 if p.haslayer(IPv6) else IP
|
|
rule_l4_sport = p.sport
|
|
rule_l4_dport = p.dport
|
|
if p.haslayer(IPv6):
|
|
rule_l4_proto = p[IPv6].nh
|
|
else:
|
|
rule_l4_proto = p[IP].proto
|
|
|
|
if wildcard_sport:
|
|
rule_l4_sport_first = 0
|
|
rule_l4_sport_last = 65535
|
|
else:
|
|
rule_l4_sport_first = rule_l4_sport
|
|
rule_l4_sport_last = rule_l4_sport
|
|
|
|
new_rule = {
|
|
'is_permit': is_permit,
|
|
'is_ipv6': p.haslayer(IPv6),
|
|
'src_ip_addr': inet_pton(rule_family,
|
|
p[rule_l3_layer].src),
|
|
'src_ip_prefix_len': rule_prefix_len,
|
|
'dst_ip_addr': inet_pton(rule_family,
|
|
p[rule_l3_layer].dst),
|
|
'dst_ip_prefix_len': rule_prefix_len,
|
|
'srcport_or_icmptype_first': rule_l4_sport_first,
|
|
'srcport_or_icmptype_last': rule_l4_sport_last,
|
|
'dstport_or_icmpcode_first': rule_l4_dport,
|
|
'dstport_or_icmpcode_last': rule_l4_dport,
|
|
'proto': rule_l4_proto,
|
|
}
|
|
return new_rule
|
|
|
|
Packet.to_acl_rule = to_acl_rule
|
|
|
|
|
|
class IterateWithSleep():
|
|
def __init__(self, testcase, n_iters, description, sleep_sec):
|
|
self.curr = 0
|
|
self.testcase = testcase
|
|
self.n_iters = n_iters
|
|
self.sleep_sec = sleep_sec
|
|
self.description = description
|
|
|
|
def __iter__(self):
|
|
for x in range(0, self.n_iters):
|
|
yield x
|
|
self.testcase.sleep(self.sleep_sec)
|
|
|
|
|
|
class Conn(L4_Conn):
|
|
def apply_acls(self, reflect_side, acl_side):
|
|
pkts = []
|
|
pkts.append(self.pkt(0))
|
|
pkts.append(self.pkt(1))
|
|
pkt = pkts[reflect_side]
|
|
|
|
r = []
|
|
r.append(pkt.to_acl_rule(2, wildcard_sport=True))
|
|
r.append(self.wildcard_rule(0))
|
|
res = self.testcase.vapi.acl_add_replace(0xffffffff, r)
|
|
self.testcase.assert_equal(res.retval, 0, "error adding ACL")
|
|
reflect_acl_index = res.acl_index
|
|
|
|
r = []
|
|
r.append(self.wildcard_rule(0))
|
|
res = self.testcase.vapi.acl_add_replace(0xffffffff, r)
|
|
self.testcase.assert_equal(res.retval, 0, "error adding deny ACL")
|
|
deny_acl_index = res.acl_index
|
|
|
|
if reflect_side == acl_side:
|
|
self.testcase.vapi.acl_interface_set_acl_list(
|
|
self.ifs[acl_side].sw_if_index, 1,
|
|
[reflect_acl_index,
|
|
deny_acl_index])
|
|
self.testcase.vapi.acl_interface_set_acl_list(
|
|
self.ifs[1-acl_side].sw_if_index, 0, [])
|
|
else:
|
|
self.testcase.vapi.acl_interface_set_acl_list(
|
|
self.ifs[acl_side].sw_if_index, 1,
|
|
[deny_acl_index,
|
|
reflect_acl_index])
|
|
self.testcase.vapi.acl_interface_set_acl_list(
|
|
self.ifs[1-acl_side].sw_if_index, 0, [])
|
|
|
|
def wildcard_rule(self, is_permit):
|
|
any_addr = ["0.0.0.0", "::"]
|
|
rule_family = self.address_family
|
|
is_ip6 = 1 if rule_family == AF_INET6 else 0
|
|
new_rule = {
|
|
'is_permit': is_permit,
|
|
'is_ipv6': is_ip6,
|
|
'src_ip_addr': inet_pton(rule_family, any_addr[is_ip6]),
|
|
'src_ip_prefix_len': 0,
|
|
'dst_ip_addr': inet_pton(rule_family, any_addr[is_ip6]),
|
|
'dst_ip_prefix_len': 0,
|
|
'srcport_or_icmptype_first': 0,
|
|
'srcport_or_icmptype_last': 65535,
|
|
'dstport_or_icmpcode_first': 0,
|
|
'dstport_or_icmpcode_last': 65535,
|
|
'proto': 0,
|
|
}
|
|
return new_rule
|
|
|
|
|
|
@unittest.skipUnless(running_extended_tests, "part of extended tests")
|
|
class ACLPluginConnTestCase(VppTestCase):
|
|
""" ACL plugin connection-oriented extended testcases """
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
super(ACLPluginConnTestCase, cls).setUpClass()
|
|
# create pg0 and pg1
|
|
cls.create_pg_interfaces(range(2))
|
|
cmd = "set acl-plugin session table event-trace 1"
|
|
cls.logger.info(cls.vapi.cli(cmd))
|
|
for i in cls.pg_interfaces:
|
|
i.admin_up()
|
|
i.config_ip4()
|
|
i.config_ip6()
|
|
i.resolve_arp()
|
|
i.resolve_ndp()
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
super(ACLPluginConnTestCase, cls).tearDownClass()
|
|
|
|
def tearDown(self):
|
|
"""Run standard test teardown and log various show commands
|
|
"""
|
|
super(ACLPluginConnTestCase, self).tearDown()
|
|
if not self.vpp_dead:
|
|
self.logger.info(self.vapi.cli("show ip arp"))
|
|
self.logger.info(self.vapi.cli("show ip6 neighbors"))
|
|
self.logger.info(self.vapi.cli("show acl-plugin sessions"))
|
|
self.logger.info(self.vapi.cli("show acl-plugin acl"))
|
|
self.logger.info(self.vapi.cli("show acl-plugin interface"))
|
|
self.logger.info(self.vapi.cli("show acl-plugin tables"))
|
|
self.logger.info(self.vapi.cli("show event-logger all"))
|
|
|
|
def run_basic_conn_test(self, af, acl_side):
|
|
""" Basic conn timeout test """
|
|
conn1 = Conn(self, self.pg0, self.pg1, af, UDP, 42001, 4242)
|
|
conn1.apply_acls(0, acl_side)
|
|
conn1.send_through(0)
|
|
# the return packets should pass
|
|
conn1.send_through(1)
|
|
# send some packets on conn1, ensure it doesn't go away
|
|
for i in IterateWithSleep(self, 20, "Keep conn active", 0.3):
|
|
conn1.send_through(1)
|
|
# allow the conn to time out
|
|
for i in IterateWithSleep(self, 30, "Wait for timeout", 0.1):
|
|
pass
|
|
# now try to send a packet on the reflected side
|
|
try:
|
|
p2 = conn1.send_through(1).command()
|
|
except:
|
|
# If we asserted while waiting, it's good.
|
|
# the conn should have timed out.
|
|
p2 = None
|
|
self.assert_equal(p2, None, "packet on long-idle conn")
|
|
|
|
def run_active_conn_test(self, af, acl_side):
|
|
""" Idle connection behind active connection test """
|
|
base = 10000 + 1000*acl_side
|
|
conn1 = Conn(self, self.pg0, self.pg1, af, UDP, base + 1, 2323)
|
|
conn2 = Conn(self, self.pg0, self.pg1, af, UDP, base + 2, 2323)
|
|
conn3 = Conn(self, self.pg0, self.pg1, af, UDP, base + 3, 2323)
|
|
conn1.apply_acls(0, acl_side)
|
|
conn1.send(0)
|
|
conn1.recv(1)
|
|
# create and check that the conn2/3 work
|
|
self.sleep(0.1)
|
|
conn2.send_pingpong(0)
|
|
self.sleep(0.1)
|
|
conn3.send_pingpong(0)
|
|
# send some packets on conn1, keep conn2/3 idle
|
|
for i in IterateWithSleep(self, 20, "Keep conn active", 0.2):
|
|
conn1.send_through(1)
|
|
try:
|
|
p2 = conn2.send_through(1).command()
|
|
except:
|
|
# If we asserted while waiting, it's good.
|
|
# the conn should have timed out.
|
|
p2 = None
|
|
# We should have not received the packet on a long-idle
|
|
# connection, because it should have timed out
|
|
# If it didn't - it is a problem
|
|
self.assert_equal(p2, None, "packet on long-idle conn")
|
|
|
|
def run_clear_conn_test(self, af, acl_side):
|
|
""" Clear the connections via CLI """
|
|
conn1 = Conn(self, self.pg0, self.pg1, af, UDP, 42001, 4242)
|
|
conn1.apply_acls(0, acl_side)
|
|
conn1.send_through(0)
|
|
# the return packets should pass
|
|
conn1.send_through(1)
|
|
# send some packets on conn1, ensure it doesn't go away
|
|
for i in IterateWithSleep(self, 20, "Keep conn active", 0.3):
|
|
conn1.send_through(1)
|
|
# clear all connections
|
|
self.vapi.ppcli("clear acl-plugin sessions")
|
|
# now try to send a packet on the reflected side
|
|
try:
|
|
p2 = conn1.send_through(1).command()
|
|
except:
|
|
# If we asserted while waiting, it's good.
|
|
# the conn should have timed out.
|
|
p2 = None
|
|
self.assert_equal(p2, None, "packet on supposedly deleted conn")
|
|
|
|
def run_tcp_transient_setup_conn_test(self, af, acl_side):
|
|
conn1 = Conn(self, self.pg0, self.pg1, af, TCP, 53001, 5151)
|
|
conn1.apply_acls(0, acl_side)
|
|
conn1.send_through(0, 'S')
|
|
# the return packets should pass
|
|
conn1.send_through(1, 'SA')
|
|
# allow the conn to time out
|
|
for i in IterateWithSleep(self, 30, "Wait for timeout", 0.1):
|
|
pass
|
|
# ensure conn times out
|
|
try:
|
|
p2 = conn1.send_through(1).command()
|
|
except:
|
|
# If we asserted while waiting, it's good.
|
|
# the conn should have timed out.
|
|
p2 = None
|
|
self.assert_equal(p2, None, "packet on supposedly deleted conn")
|
|
|
|
def run_tcp_established_conn_test(self, af, acl_side):
|
|
conn1 = Conn(self, self.pg0, self.pg1, af, TCP, 53002, 5052)
|
|
conn1.apply_acls(0, acl_side)
|
|
conn1.send_through(0, 'S')
|
|
# the return packets should pass
|
|
conn1.send_through(1, 'SA')
|
|
# complete the threeway handshake
|
|
# (NB: sequence numbers not tracked, so not set!)
|
|
conn1.send_through(0, 'A')
|
|
# allow the conn to time out if it's in embryonic timer
|
|
for i in IterateWithSleep(self, 30, "Wait for transient timeout", 0.1):
|
|
pass
|
|
# Try to send the packet from the "forbidden" side - it must pass
|
|
conn1.send_through(1, 'A')
|
|
# ensure conn times out for real
|
|
for i in IterateWithSleep(self, 130, "Wait for timeout", 0.1):
|
|
pass
|
|
try:
|
|
p2 = conn1.send_through(1).command()
|
|
except:
|
|
# If we asserted while waiting, it's good.
|
|
# the conn should have timed out.
|
|
p2 = None
|
|
self.assert_equal(p2, None, "packet on supposedly deleted conn")
|
|
|
|
def run_tcp_transient_teardown_conn_test(self, af, acl_side):
|
|
conn1 = Conn(self, self.pg0, self.pg1, af, TCP, 53002, 5052)
|
|
conn1.apply_acls(0, acl_side)
|
|
conn1.send_through(0, 'S')
|
|
# the return packets should pass
|
|
conn1.send_through(1, 'SA')
|
|
# complete the threeway handshake
|
|
# (NB: sequence numbers not tracked, so not set!)
|
|
conn1.send_through(0, 'A')
|
|
# allow the conn to time out if it's in embryonic timer
|
|
for i in IterateWithSleep(self, 30, "Wait for transient timeout", 0.1):
|
|
pass
|
|
# Try to send the packet from the "forbidden" side - it must pass
|
|
conn1.send_through(1, 'A')
|
|
# Send the FIN to bounce the session out of established
|
|
conn1.send_through(1, 'FA')
|
|
# If conn landed on transient timer it will time out here
|
|
for i in IterateWithSleep(self, 30, "Wait for transient timeout", 0.1):
|
|
pass
|
|
# Now it should have timed out already
|
|
try:
|
|
p2 = conn1.send_through(1).command()
|
|
except:
|
|
# If we asserted while waiting, it's good.
|
|
# the conn should have timed out.
|
|
p2 = None
|
|
self.assert_equal(p2, None, "packet on supposedly deleted conn")
|
|
|
|
def test_0000_conn_prepare_test(self):
|
|
""" Prepare the settings """
|
|
self.vapi.ppcli("set acl-plugin session timeout udp idle 1")
|
|
|
|
def test_0001_basic_conn_test(self):
|
|
""" IPv4: Basic conn timeout test reflect on ingress """
|
|
self.run_basic_conn_test(AF_INET, 0)
|
|
|
|
def test_0002_basic_conn_test(self):
|
|
""" IPv4: Basic conn timeout test reflect on egress """
|
|
self.run_basic_conn_test(AF_INET, 1)
|
|
|
|
def test_0005_clear_conn_test(self):
|
|
""" IPv4: reflect egress, clear conn """
|
|
self.run_clear_conn_test(AF_INET, 1)
|
|
|
|
def test_0006_clear_conn_test(self):
|
|
""" IPv4: reflect ingress, clear conn """
|
|
self.run_clear_conn_test(AF_INET, 0)
|
|
|
|
def test_0011_active_conn_test(self):
|
|
""" IPv4: Idle conn behind active conn, reflect on ingress """
|
|
self.run_active_conn_test(AF_INET, 0)
|
|
|
|
def test_0012_active_conn_test(self):
|
|
""" IPv4: Idle conn behind active conn, reflect on egress """
|
|
self.run_active_conn_test(AF_INET, 1)
|
|
|
|
def test_1001_basic_conn_test(self):
|
|
""" IPv6: Basic conn timeout test reflect on ingress """
|
|
self.run_basic_conn_test(AF_INET6, 0)
|
|
|
|
def test_1002_basic_conn_test(self):
|
|
""" IPv6: Basic conn timeout test reflect on egress """
|
|
self.run_basic_conn_test(AF_INET6, 1)
|
|
|
|
def test_1005_clear_conn_test(self):
|
|
""" IPv6: reflect egress, clear conn """
|
|
self.run_clear_conn_test(AF_INET6, 1)
|
|
|
|
def test_1006_clear_conn_test(self):
|
|
""" IPv6: reflect ingress, clear conn """
|
|
self.run_clear_conn_test(AF_INET6, 0)
|
|
|
|
def test_1011_active_conn_test(self):
|
|
""" IPv6: Idle conn behind active conn, reflect on ingress """
|
|
self.run_active_conn_test(AF_INET6, 0)
|
|
|
|
def test_1012_active_conn_test(self):
|
|
""" IPv6: Idle conn behind active conn, reflect on egress """
|
|
self.run_active_conn_test(AF_INET6, 1)
|
|
|
|
def test_2000_prepare_for_tcp_test(self):
|
|
""" Prepare for TCP session tests """
|
|
# ensure the session hangs on if it gets treated as UDP
|
|
self.vapi.ppcli("set acl-plugin session timeout udp idle 200")
|
|
# let the TCP connection time out at 5 seconds
|
|
self.vapi.ppcli("set acl-plugin session timeout tcp idle 10")
|
|
self.vapi.ppcli("set acl-plugin session timeout tcp transient 1")
|
|
|
|
def test_2001_tcp_transient_conn_test(self):
|
|
""" IPv4: transient TCP session (incomplete 3WHS), ref. on ingress """
|
|
self.run_tcp_transient_setup_conn_test(AF_INET, 0)
|
|
|
|
def test_2002_tcp_transient_conn_test(self):
|
|
""" IPv4: transient TCP session (incomplete 3WHS), ref. on egress """
|
|
self.run_tcp_transient_setup_conn_test(AF_INET, 1)
|
|
|
|
def test_2003_tcp_transient_conn_test(self):
|
|
""" IPv4: established TCP session (complete 3WHS), ref. on ingress """
|
|
self.run_tcp_established_conn_test(AF_INET, 0)
|
|
|
|
def test_2004_tcp_transient_conn_test(self):
|
|
""" IPv4: established TCP session (complete 3WHS), ref. on egress """
|
|
self.run_tcp_established_conn_test(AF_INET, 1)
|
|
|
|
def test_2005_tcp_transient_teardown_conn_test(self):
|
|
""" IPv4: transient TCP session (3WHS,ACK,FINACK), ref. on ingress """
|
|
self.run_tcp_transient_teardown_conn_test(AF_INET, 0)
|
|
|
|
def test_2006_tcp_transient_teardown_conn_test(self):
|
|
""" IPv4: transient TCP session (3WHS,ACK,FINACK), ref. on egress """
|
|
self.run_tcp_transient_teardown_conn_test(AF_INET, 1)
|
|
|
|
def test_3001_tcp_transient_conn_test(self):
|
|
""" IPv6: transient TCP session (incomplete 3WHS), ref. on ingress """
|
|
self.run_tcp_transient_setup_conn_test(AF_INET6, 0)
|
|
|
|
def test_3002_tcp_transient_conn_test(self):
|
|
""" IPv6: transient TCP session (incomplete 3WHS), ref. on egress """
|
|
self.run_tcp_transient_setup_conn_test(AF_INET6, 1)
|
|
|
|
def test_3003_tcp_transient_conn_test(self):
|
|
""" IPv6: established TCP session (complete 3WHS), ref. on ingress """
|
|
self.run_tcp_established_conn_test(AF_INET6, 0)
|
|
|
|
def test_3004_tcp_transient_conn_test(self):
|
|
""" IPv6: established TCP session (complete 3WHS), ref. on egress """
|
|
self.run_tcp_established_conn_test(AF_INET6, 1)
|
|
|
|
def test_3005_tcp_transient_teardown_conn_test(self):
|
|
""" IPv6: transient TCP session (3WHS,ACK,FINACK), ref. on ingress """
|
|
self.run_tcp_transient_teardown_conn_test(AF_INET6, 0)
|
|
|
|
def test_3006_tcp_transient_teardown_conn_test(self):
|
|
""" IPv6: transient TCP session (3WHS,ACK,FINACK), ref. on egress """
|
|
self.run_tcp_transient_teardown_conn_test(AF_INET6, 1)
|