From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id F110B1150 for ; Tue, 22 Jan 2019 04:28:01 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Jan 2019 19:28:00 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,504,1539673200"; d="scan'208";a="268862099" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga004.jf.intel.com with ESMTP; 21 Jan 2019 19:28:00 -0800 Received: from fmsmsx113.amr.corp.intel.com (10.18.116.7) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 21 Jan 2019 19:28:00 -0800 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by FMSMSX113.amr.corp.intel.com (10.18.116.7) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 21 Jan 2019 19:27:59 -0800 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.196]) by shsmsx102.ccr.corp.intel.com ([169.254.2.63]) with mapi id 14.03.0415.000; Tue, 22 Jan 2019 11:27:57 +0800 From: "Zhang, Yuwei1" To: "Ma, LihongX" , "dts@dpdk.org" CC: "Ma, LihongX" Thread-Topic: [dts] [PATCH V1] Add test suite of l3fwdacl Thread-Index: AQHUrHpLK4DcjyzRz0WKQwFdFGSqQaW6q+Lg Date: Tue, 22 Jan 2019 03:27:56 +0000 Message-ID: References: <1547493175-19286-1-git-send-email-lihongx.ma@intel.com> In-Reply-To: <1547493175-19286-1-git-send-email-lihongx.ma@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZjc2NDc4NWYtNGQyMC00NDhhLWIwMDQtMmRhOWRkNGE0ZDc2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoic0pvS3pwTjBhbTMrRjdWbHR5UURVTkhDSlhoZ1FTa1Q3QW5ES0hOKytOTnZcL2lEcFpva2JxaFRnRlJQSmtrUFYifQ== dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dts] [PATCH V1] Add test suite of l3fwdacl X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jan 2019 03:28:03 -0000 Acked-by: Yuwei, Zhang(yuwei1.zhang@intel.com) -----Original Message----- From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of lihong Sent: Tuesday, January 15, 2019 3:13 AM To: dts@dpdk.org Cc: Ma, LihongX Subject: [dts] [PATCH V1] Add test suite of l3fwdacl Signed-off-by: lihong --- tests/TestSuite_l3fwdacl.py | 934 ++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 934 insertions(+) create mode 100644 tests/TestSuite_l3fwdacl.py diff --git a/tests/TestSuite_l3fwdacl.py b/tests/TestSuite_l3fwdacl.py new = file mode 100644 index 0000000..8ee8266 --- /dev/null +++ b/tests/TestSuite_l3fwdacl.py @@ -0,0 +1,934 @@ +# BSD LICENSE +# +# Copyright(c) 2010-2019 Intel Corporation. All rights reserved. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without #=20 +modification, are permitted provided that the following conditions #=20 +are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS #=20 +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT #=20 +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR #=20 +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT #=20 +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, #=20 +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT #=20 +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, #=20 +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY #=20 +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT #=20 +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE #=20 +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +""" +DPDK Test suite +Layer-3 forwarding ACL test script. +""" + +import re +import utils +import time +from test_case import TestCase + +class TestL3fwdacl(TestCase): + + exe_path =3D "./examples/l3fwd-acl/build" + all_ipv4_addresses =3D "0.0.0.0/0" + all_ipv6_addresses =3D "0:0:0:0:0:0:0:0/0" + all_ports =3D "0 : 65535" + all_protocols =3D "0x00/0x00" + + core_list_configs =3D { + "1S/1C/1T": {"config": "", "mask": "", "ports": []}, + "1S/1C/2T": {"config": "", "mask": "", "ports": []}, + "1S/2C/1T": {"config": "", "mask": "", "ports": []}, + "2S/1C/1T": {"config": "", "mask": "", "ports": []}, + } + + performance_cases =3D [ + {"DB": "/root/acl1_1000_lim512.rules", + "Pcap0": "acl1_1000_lim512.prtX.pcap", + "Pcap2": "acl1_1000_lim512.prtY.pcap"}, + {"DB": "/root/acl2_1000_lim512.rules", + "Pcap0": "acl2_1000_lim512.prtX.pcap", + "Pcap2": "acl2_1000_lim512.prtY.pcap"}, + {"DB": "/root/acl3_1000_lim512.rules", + "Pcap0": "acl3_1000_lim512.prtX.pcap", + "Pcap2": "acl3_1000_lim512.prtY.pcap"}, + {"DB": "/root/acl4_1000_lim512.rules", + "Pcap0": "acl4_1000_lim512.prtX.pcap", + "Pcap2": "acl4_1000_lim512.prtY.pcap"}, + {"DB": "/root/acl5_1000_lim512.rules", + "Pcap0": "acl5_1000_lim512.prtX.pcap", + "Pcap2": "acl5_1000_lim512.prtY.pcap"}, + ] + + performance_results =3D [] + + default_rule =3D {"Type": "ROUTE", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", + "Port": "1"} + + acl_ipv4_rule_list =3D [ + {"Type": "ACL", "sIpAddr": "200.10.0.1/32", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", "Port": ""}, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "100.10.0.1/32", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", "Port": ""}, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "11 : 11", "dPort": "ALL", "Protocol": "ALL", "Port": ""= }, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "101 : 101", "Protocol": "ALL", "Port": = ""}, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "0x06/0xff", "Port": = ""}, + {"Type": "ACL", "sIpAddr": "200.10.0.1/32", "dIpAddr": "100.10.0.1= /32", + "sPort": "11 : 11", "dPort": "101 : 101", "Protocol": "0x06/0xff"= , + "Port": ""} + ] + + acl_ipv6_rule_list =3D [ + {"Type": "ACL", "sIpAddr": "2001:0db8:85a3:08d3:1319:8a2e:0370:734= 4/128", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", "Port": ""}, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "2002:0db8:85a3:08d3:= 1319:8a2e:0370:7344/128", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", "Port": ""}, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "11 : 11", "dPort": "ALL", "Protocol": "ALL", "Port": ""= }, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "101 : 101", "Protocol": "ALL", "Port": = ""}, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "0x06/0xff", "Port": = ""}, + {"Type": "ACL", "sIpAddr": "2001:0db8:85a3:08d3:1319:8a2e:0370:734= 4/128", "dIpAddr": "2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128", + "sPort": "11 : 11", "dPort": "101 : 101", "Protocol": "0x06/0xff"= , "Port": ""}, + ] + + exact_rule_list_ipv4 =3D [ + {"Type": "ROUTE", "sIpAddr": "200.10.0.1/32", + "dIpAddr": "100.10.0.1/32", "sPort": "11 : 11", + "dPort": "101 : 101", "Protocol": "0x06/0xff", "Port": "0"}, + {"Type": "ROUTE", "sIpAddr": "200.20.0.1/32", + "dIpAddr": "100.20.0.1/32", "sPort": "12 : 12", + "dPort": "102 : 102", "Protocol": "0x06/0xff", "Port": "1"}, + ] + + exact_rule_list_ipv6 =3D [ + {"Type": "ROUTE", "sIpAddr": "2001:0db8:85a3:08d3:1319:8a2e:0370:7= 344/128", "dIpAddr": "2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128", + "sPort": "11 : 11", "dPort": "101 : 101", "Protocol": "0x06/0xff"= , "Port": "0"}, + {"Type": "ROUTE", "sIpAddr": "2001:0db8:85a3:08d3:1319:8a2e:0370:7= 344/128", "dIpAddr": "2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128", + "sPort": "12 : 12", "dPort": "102 : 102", "Protocol": "0x06/0xff"= , "Port": "1"}, + ] + + lpm_rule_list_ipv4 =3D [ + {"Type": "ROUTE", "sIpAddr": "0.0.0.0/0", "dIpAddr": "1.1.1.0/24", + "sPort": "0 : 65535", "dPort": "0 : 65535", "Protocol": "0x00/0x0= 0", + "Port": "0"}, + {"Type": "ROUTE", "sIpAddr": "0.0.0.0/0", "dIpAddr": "2.1.1.0/24", + "sPort": "0 : 65535", "dPort": "0 : 65535", "Protocol": "0x00/0x0= 0", + "Port": "1"}, + ] + + lpm_rule_list_ipv6 =3D [ + {"Type": "ROUTE", "sIpAddr": "0:0:0:0:0:0:0:0/0", "dIpAddr": "1:1:= 1:1:1:1:0:0/96", + "sPort": "0 : 65535", "dPort": "0 : 65535", "Protocol": "0x00/0x0= 0", "Port": "0"}, + {"Type": "ROUTE", "sIpAddr": "0:0:0:0:0:0:0:0/0", "dIpAddr": "2:1:= 1:1:1:1:0:0/96", + "sPort": "0 : 65535", "dPort": "0 : 65535", "Protocol": "0x00/0x0= 0", "Port": "1"}, + ] + + scalar_rule_list_ipv4 =3D [ + {"Type": "ACL", "sIpAddr": "200.10.0.1/32", "dIpAddr": "100.10.0.1= /32", + "sPort": "11 : 11", "dPort": "101 : 101", "Protocol": "0x06/0xff"= , + "Port": ""}, + ] + + scalar_rule_list_ipv6 =3D [ + {"Type": "ACL", "sIpAddr": "2001:0db8:85a3:08d3:1319:8a2e:0370:734= 4/128", "dIpAddr": "2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101", + "sPort": "11 : 11", "dPort": "101 : 101", "Protocol": "0x06/0xff"= , + "Port": ""}, + ] + + invalid_rule_ipv4_list =3D [ + {"Type": "ROUTE", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "12 : 11", "dPort": "ALL", "Protocol": "ALL", "Port": "0= "}, + {"Type": "@R", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", "Port": "0"}, + {"Type": "ROUTE", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "", "Port": ""}, + ] + + invalid_rule_ipv6_list =3D [ + {"Type": "ROUTE", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "12 : 11", "dPort": "ALL", "Protocol": "ALL", "Port": "0= "}, + {"Type": "@R", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", "Port": "0"}, + {"Type": "ROUTE", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "", "Port": ""}, + ] + + invalid_port_rule_ipv4 =3D {"Type": "ROUTE", "sIpAddr": "200.10.0.1/32= ", + "dIpAddr": "100.10.0.1/32", "sPort": "11 : 1= 1", + "dPort": "101 : 101", "Protocol": "0x06/0xff= ", + "Port": "99"} + + invalid_port_rule_ipv6 =3D {"Type": "ACL", "sIpAddr": "2001:0db8:85a3:= 08d3:1319:8a2e:0370:7344/128", "dIpAddr": "2002:0db8:85a3:08d3:1319:8a2e:03= 70:7344/101", + "sPort": "11 : 11", "dPort": "101 : 101",=20 + "Protocol": "0x06/0xff", "Port": "99"} + + acl_ipv4_db =3D "/root/rule_ipv4.db" + acl_ipv6_db =3D "/root/rule_ipv6.db" + perfDB =3D "" + rule_format =3D "%s%s %s %s %s %s %s" + default_core_config =3D "1S/4C/1T" + + # Utility methods and other non-test code. + def start_l3fwdacl(self, scalar=3DFalse): + + extra_args =3D '' + + if scalar: + extra_args =3D '--scalar' + + cmdline =3D '%s/l3fwd-acl -c %s -n %d -- -p %s --config=3D"(%d,0,2= ),(%d,0,3)" --rule_ipv4=3D"%s" --rule_ipv6=3D"%s" %s' % \ + (TestL3fwdacl.exe_path, self.core_mask, self.dut.get_mem= ory_channels(), + self.port_mask, self.dut_ports[0], self.dut_ports[1], + TestL3fwdacl.acl_ipv4_db, + TestL3fwdacl.acl_ipv6_db, + extra_args) + + out =3D self.dut.send_expect(cmdline, "L3FWD:", 30) + + def get_core_list(self): + + self.sock0ports =3D self.dut.get_ports(self.nic, socket=3D0) + self.sock1ports =3D self.dut.get_ports(self.nic, socket=3D1) + + core1 =3D self.dut.get_lcore_id('C{1.1.0}') + core2 =3D self.dut.get_lcore_id('C{1.2.0}') + core3 =3D self.dut.get_lcore_id('C{1.3.0}') + core4 =3D self.dut.get_lcore_id('C{1.4.0}') + + thread1 =3D self.dut.get_lcore_id('C{1.1.1}') + thread2 =3D self.dut.get_lcore_id('C{1.2.1}') + thread3 =3D self.dut.get_lcore_id('C{0.1.1}') + + socket1 =3D self.dut.get_lcore_id('C{0.1.0}') + socket2 =3D self.dut.get_lcore_id('C{0.2.0}') + + # l3fwd support first 8 dut_ports only + TestL3fwdacl.core_list_configs["1S/1C/1T"]["config"] =3D "\(%s,0,%= s\),\(%s,0,%s\)" % (self.dut_ports[0], core1, self.dut_ports[1], core1) + TestL3fwdacl.core_list_configs["1S/1C/1T"]["mask"] =3D utils.creat= e_mask([core1]) + TestL3fwdacl.core_list_configs["1S/1C/1T"]["ports"].append(self.du= t_ports[0]) + TestL3fwdacl.core_list_configs["1S/1C/1T"]["ports"].append(self.du= t_ports[1]) + TestL3fwdacl.core_list_configs["1S/1C/2T"]["config"] =3D "\(%s,0,%= s\),\(%s,0,%s\)" % (self.dut_ports[0], core1, self.dut_ports[1], thread1) + TestL3fwdacl.core_list_configs["1S/1C/2T"]["mask"] =3D utils.creat= e_mask([core1, thread1]) + TestL3fwdacl.core_list_configs["1S/1C/2T"]["ports"].append(self.du= t_ports[0]) + TestL3fwdacl.core_list_configs["1S/1C/2T"]["ports"].append(self.du= t_ports[1]) + TestL3fwdacl.core_list_configs["1S/2C/1T"]["config"] =3D "\(%s,0,%= s\),\(%s,0,%s\)" % (self.dut_ports[0], core1, self.dut_ports[1], core2) + TestL3fwdacl.core_list_configs["1S/2C/1T"]["mask"] =3D utils.creat= e_mask([core1, core2]) + TestL3fwdacl.core_list_configs["1S/2C/1T"]["ports"].append(self.du= t_ports[0]) + =20 + TestL3fwdacl.core_list_configs["1S/2C/1T"]["ports"].append(self.dut_po + rts[1]) + + if len(self.sock0ports) > 0 and len(self.sock1ports) > 0: + TestL3fwdacl.core_list_configs["2S/1C/1T"]["config"] =3D "\(%s= ,0,%s\),\(%s,0,%s\)" % (self.sock0ports[0], core1, self.sock1ports[0], sock= et1) + TestL3fwdacl.core_list_configs["2S/1C/1T"]["mask"] =3D utils.c= reate_mask([core1, socket1]) + TestL3fwdacl.core_list_configs["2S/1C/1T"]["ports"].append(sel= f.sock0ports[0]) + =20 + TestL3fwdacl.core_list_configs["2S/1C/1T"]["ports"].append(self.sock1p + orts[0]) + + # no need to run two socket config if two cards on one slot + self.port_mask_1_socket =3D utils.create_mask([self.dut_ports[0], + self.dut_ports[1]]) + + if len(self.sock0ports) > 0 and len(self.sock1ports) > 0: + self.port_mask_2_sockets =3D utils.create_mask([self.sock0port= s[0], + self.sock1ports[0]= ]) + else: + del TestL3fwdacl.core_list_configs["2S/1C/1T"] + + def rule_cfg_init(self, acl_ipv4_db, acl_ipv6_db): + """ + initialize the acl rule file + """ + if acl_ipv4_db: + self.dut.send_expect("echo '' > %s" % acl_ipv4_db, "# ") + self.dut.send_expect("echo 'R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 := 65535 0x00/0x00 %s' >> %s" % (self.dut_ports[1], acl_ipv4_db), "# ") + if acl_ipv6_db: + self.dut.send_expect("echo '' > %s" % acl_ipv6_db, "# ") + self.dut.send_expect("echo 'R0:0:0:0:0:0:0:0/0=20 + 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 %s' >> %s" %=20 + (self.dut_ports[1], acl_ipv6_db), "# ") + + def rule_cfg_delete(self, acl_ipv4_db, acl_ipv6_db): + """ + delete the acle rule file + """ + self.dut.send_expect("rm -rf %s" % acl_ipv4_db, "# ") + self.dut.send_expect("rm -rf %s" % acl_ipv6_db, "# ") + + def create_ipv4_ip_not_match(self, ip_address): + """ + generate ip not match rule ip + """ + match =3D r"(\d+).(\d+).(\d+).(\d+)/(\d+)" + m =3D re.search(match, ip_address) + + ip1 =3D int(m.group(1)) + ip2 =3D int(m.group(2)) + ip3 =3D int(m.group(3)) + ip4 =3D int(m.group(4)) + mask_len =3D int(m.group(5)) + + ip =3D ip1 << 24 | ip2 << 16 | ip3 << 8 | ip4 + ip_diff =3D ((ip >> (32 - mask_len)) + 1) << (32 - mask_len) + + ip1 =3D (ip_diff & 0xff000000) >> 24 + ip2 =3D (ip_diff & 0x00ff0000) >> 16 + ip3 =3D (ip_diff & 0x0000ff00) >> 8 + ip4 =3D ip_diff & 0xff + + return "%d.%d.%d.%d/32" % (ip1, ip2, ip3, ip4) + + def create_ipv6_ip_not_match(self, ip_address): + """ + generate ip not match rule ip + """ + return "0:0:0:0:0:0:0:1/128" + + def create_port_not_match(self, port): + """ + generate port number not match rule + """ + return "0 : 0" + + def send_ipv4_packet_not_match(self, rule, tx_port, rx_port): + """ + send a packet not match rule and return whether forwarded + """ + tx_interface =3D self.tester.get_interface(tx_port) + rx_interface =3D self.tester.get_interface(rx_port) + if rule["sIpAddr"] !=3D "ALL": + rule["sIpAddr"] =3D self.create_ipv4_ip_not_match(rule["sIpAdd= r"]) + if rule["dIpAddr"] !=3D "ALL": + rule["dIpAddr"] =3D self.create_ipv4_ip_not_match(rule["dIpAdd= r"]) + if rule["sPort"] !=3D "ALL": + rule["sPort"] =3D self.create_port_not_match(rule["sPort"]) + if rule["dPort"] !=3D "ALL": + rule["dPort"] =3D self.create_port_not_match(rule["dPort"]) + if rule["Protocol"] !=3D "ALL": + if "6" in rule["Protocol"]: + rule["Protocol"] =3D "0x11/0xff" + else: + rule["Protocol"] =3D "0x6/0xff" + + ethernet_str =3D self.create_ipv4_rule_string(rule, "Ether") + + src_filter =3D {'layer': 'ether', 'config': {'src': 'not 00:00:00:= 00:00:00'}} + dst_filter =3D {'layer': 'ether', 'config': {'dst': 'not ff:ff:ff:= ff:ff:ff'}} + filters =3D [src_filter, dst_filter] + inst =3D self.tester.tcpdump_sniff_packets(rx_interface,=20 + timeout=3D5, filters=3Dfilters) + + self.tester.scapy_append('sendp([%s],iface=3D"%s")' % (ethernet_st= r, tx_interface)) + self.tester.scapy_execute() + out =3D self.remove_dhcp_from_revpackets(inst) + return len(out) + + def send_ipv6_packet_not_match(self, rule, tx_port, rx_port): + """ + send a packet not match rule and return whether forwardeid + """ + tx_interface =3D self.tester.get_interface(tx_port) + rx_interface =3D self.tester.get_interface(rx_port) + if rule["sIpAddr"] !=3D "ALL": + rule["sIpAddr"] =3D self.create_ipv6_ip_not_match(rule["sIpAdd= r"]) + if rule["dIpAddr"] !=3D "ALL": + rule["dIpAddr"] =3D self.create_ipv6_ip_not_match(rule["dIpAdd= r"]) + if rule["sPort"] !=3D "ALL": + rule["sPort"] =3D self.create_port_not_match(rule["sPort"]) + if rule["dPort"] !=3D "ALL": + rule["dPort"] =3D self.create_port_not_match(rule["dPort"]) + if rule["Protocol"] !=3D "ALL": + if "6" in rule["Protocol"]: + rule["Protocol"] =3D "0x11/0xff" + else: + rule["Protocol"] =3D "0x6/0xff" + + ethernet_str =3D self.create_ipv6_rule_string(rule, "Ether") + + fil =3D [{'layer': 'ether', 'config': {'dst': 'not ff:ff:ff:ff:ff:= ff'}}] + inst =3D self.tester.tcpdump_sniff_packets(rx_interface,=20 + timeout=3D5, filters=3Dfil) + + self.tester.scapy_append('sendp([%s],iface=3D"%s")' % (ethernet_st= r, tx_interface)) + self.tester.scapy_execute() + time.sleep(3) + out =3D self.remove_dhcp_from_revpackets(inst) + return len(out) + + def send_ipv4_packet_match(self, rule, tx_port, rx_port): + """ + send a packet match rule and return whether forwarded + """ + tx_interface =3D self.tester.get_interface(tx_port) + rx_interface =3D self.tester.get_interface(rx_port) + etherStr =3D self.create_ipv4_rule_string(rule, "Ether") + + src_filter =3D {'layer': 'ether', 'config': {'src': 'not 00:00:00:= 00:00:00'}} + dst_filter =3D {'layer': 'ether', 'config': {'dst': 'not ff:ff:ff:= ff:ff:ff'}} + filters =3D [src_filter, dst_filter] + inst =3D self.tester.tcpdump_sniff_packets(rx_interface, timeout= =3D5, filters=3Dfilters) + self.tester.scapy_append('sendp([%s],iface=3D"%s")' % (etherStr, t= x_interface)) + self.tester.scapy_execute() + + out =3D self.remove_dhcp_from_revpackets(inst) + return len(out) + + def send_ipv6_packet_match(self, rule, tx_port, rx_port): + """ + send a packet match rule and return whether forwarded + """ + tx_interface =3D self.tester.get_interface(tx_port) + rx_interface =3D self.tester.get_interface(rx_port) + etherStr =3D self.create_ipv6_rule_string(rule, "Ether") + + fil =3D [{'layer': 'ether', 'config': {'dst': 'not ff:ff:ff:ff:ff:= ff'}}] + inst =3D self.tester.tcpdump_sniff_packets(rx_interface,=20 + timeout=3D5, filters=3Dfil) + + self.tester.scapy_append('sendp([%s],iface=3D"%s")' % (etherStr, t= x_interface)) + self.tester.scapy_execute() + time.sleep(3) + + out =3D self.remove_dhcp_from_revpackets(inst) + return len(out) + + def remove_dhcp_from_revpackets(self, inst): + pkts =3D self.tester.load_tcpdump_sniff_packets(inst) + i =3D 0 + while len(pkts) !=3D 0 and i <=3D len(pkts) - 1: + if pkts[i].pktgen.pkt.haslayer('DHCP'): + pkts.remove(pkts[i]) + i =3D i - 1 + i =3D i + 1 + return pkts + + def create_ipv4_rule_string(self, rule, rule_type): + """ + generate related string from rule + """ + acl_promt =3D "" + source_ip =3D "" + source_ip_addr =3D "" + destination_ip =3D "" + destination_ip_addr =3D "" + source_port =3D "" + source_port_num =3D "" + destination_port =3D "" + destination_port_numer =3D "" + protocol =3D "" + protocol_str =3D "" + + if rule["Type"] =3D=3D "ACL": + acl_promt =3D "@" + elif rule["Type"] =3D=3D "ROUTE": + acl_promt =3D "R" + else: + acl_promt =3D rule["Type"] + + if rule["sIpAddr"] =3D=3D "ALL": + source_ip =3D TestL3fwdacl.all_ipv4_addresses + source_ip_addr =3D "200.10.0.1" + else: + source_ip =3D rule["sIpAddr"] + source_ip_addr =3D rule["sIpAddr"].split('/')[0] + + if rule["dIpAddr"] =3D=3D "ALL": + destination_ip =3D TestL3fwdacl.all_ipv4_addresses + destination_ip_addr =3D "100.10.0.1" + else: + destination_ip =3D rule["dIpAddr"] + destination_ip_addr =3D rule["dIpAddr"].split('/')[0] + + if rule["sPort"] =3D=3D "ALL": + source_port =3D TestL3fwdacl.all_ports + source_port_num =3D "11" + else: + source_port =3D rule["sPort"] + source_port_num =3D rule["sPort"].split(' ')[0] + + if rule["dPort"] =3D=3D "ALL": + destination_port =3D TestL3fwdacl.all_ports + destination_port_numer =3D "101" + else: + destination_port =3D rule["dPort"] + destination_port_numer =3D rule["dPort"].split(' ')[0] + + if rule["Protocol"] =3D=3D "ALL": + protocol =3D TestL3fwdacl.all_protocols + protocol_str =3D "UDP" + else: + protocol =3D rule["Protocol"] + if "6" in rule["Protocol"]: + protocol_str =3D "TCP" + else: + protocol_str =3D "UDP" + + port =3D rule["Port"] + + destination_mac =3D self.dut.get_mac_address(self.dut_ports[0]) + + rule_str =3D TestL3fwdacl.rule_format % (acl_promt, source_ip, + destination_ip, + source_port, + destination_port, + protocol, + port) + + ether_str =3D 'Ether(dst=3D"%s")/IP(src=3D"%s",dst=3D"%s")/%s(spor= t=3D%s,dport=3D%s)' % \ + (destination_mac, source_ip_addr, destination_ip_addr, + protocol_str, source_port_num,=20 + destination_port_numer) + + if rule_type =3D=3D "DataBase": + return rule_str + elif rule_type =3D=3D "Ether": + return ether_str + + def create_ipv6_rule_string(self, rule, rule_type): + """ + generate related string from rule + """ + acl_promt =3D "" + source_ip =3D "" + source_ip_addr =3D "" + destination_ip =3D "" + destination_ip_addr =3D "" + source_port =3D "" + source_port_num =3D "" + destination_port =3D "" + destination_port_numer =3D "" + protocol =3D "" + protocol_str =3D "" + + if rule["Type"] =3D=3D "ACL": + acl_promt =3D "@" + elif rule["Type"] =3D=3D "ROUTE": + acl_promt =3D "R" + else: + acl_promt =3D rule["Type"] + + if rule["sIpAddr"] =3D=3D "ALL": + source_ip =3D TestL3fwdacl.all_ipv6_addresses + source_ip_addr =3D "200:0:0:0:0:0:0:1" + else: + source_ip =3D rule["sIpAddr"] + source_ip_addr =3D rule["sIpAddr"].split('/')[0] + + if rule["dIpAddr"] =3D=3D "ALL": + destination_ip =3D TestL3fwdacl.all_ipv6_addresses + destination_ip_addr =3D "100:0:0:0:0:0:0:1" + else: + destination_ip =3D rule["dIpAddr"] + destination_ip_addr =3D rule["dIpAddr"].split('/')[0] + + if rule["sPort"] =3D=3D "ALL": + source_port =3D TestL3fwdacl.all_ports + source_port_num =3D "11" + else: + source_port =3D rule["sPort"] + source_port_num =3D rule["sPort"].split(' ')[0] + + if rule["dPort"] =3D=3D "ALL": + destination_port =3D TestL3fwdacl.all_ports + destination_port_numer =3D "101" + else: + destination_port =3D rule["dPort"] + destination_port_numer =3D rule["dPort"].split(' ')[0] + + if rule["Protocol"] =3D=3D "ALL": + protocol =3D TestL3fwdacl.all_protocols + protocol_str =3D "UDP" + else: + protocol =3D rule["Protocol"] + if "6" in rule["Protocol"]: + protocol_str =3D "TCP" + else: + protocol_str =3D "UDP" + + port =3D rule["Port"] + + destination_mac =3D self.dut.get_mac_address(self.dut_ports[0]) + + rule_str =3D TestL3fwdacl.rule_format % (acl_promt, source_ip, + destination_ip, + source_port, + destination_port, + protocol, + port) + + ether_str =3D 'Ether(dst=3D"%s")/IPv6(src=3D"%s",dst=3D"%s")/%s(sp= ort=3D%s,dport=3D%s)' % \ + (destination_mac, source_ip_addr, destination_ip_addr, + protocol_str, source_port_num,=20 + destination_port_numer) + + if rule_type =3D=3D "DataBase": + return rule_str + elif rule_type =3D=3D "Ether": + return ether_str + + def create_acl_ipv4_db(self, rule_list): + """ + create rule.db from rule_list + """ + + self.dut.send_expect("echo '' > %s" % TestL3fwdacl.acl_ipv4_db, "#= ") + for rule in rule_list: + rule_str =3D self.create_ipv4_rule_string(rule, rule_type=3D"D= ataBase") + self.dut.send_expect("echo %s >> %s" % (rule_str, + =20 + TestL3fwdacl.acl_ipv4_db), "# ") + + return + + def create_acl_ipv6_db(self, rule_list): + """ + create rule.db from rule_list + """ + + self.dut.send_expect("echo '' > %s" % TestL3fwdacl.acl_ipv6_db, "#= ") + for rule in rule_list: + rule_str =3D self.create_ipv6_rule_string(rule, rule_type=3D"D= ataBase") + self.dut.send_expect("echo %s >> %s" % (rule_str, + =20 + TestL3fwdacl.acl_ipv6_db), "# ") + + return + + def basic_acl_ipv4_test(self, acl_rule): + """ + Bbasic test for l3fwal-acl + """ + rule_list =3D [] + rule_list.append(acl_rule) + rule_list.append(TestL3fwdacl.default_rule) + self.create_acl_ipv4_db(rule_list) + + self.start_l3fwdacl() + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv4_packet_match(acl_rule, tx_port, rx_port) + out2 =3D self.send_ipv4_packet_not_match(acl_rule, tx_port,=20 + rx_port) + + self.dut.send_expect("^C", "#", 20) + self.verify(out1 <=3D0, "Rx port receive unexpected packet") + self.verify(out2 >=3D 1, "Rx port not receive expected packet") + + def basic_acl_ipv6_test(self, acl_rule): + """ + Basic test for l3fwd-acl with ipv6 packets + """ + rule_list =3D [] + rule_list.append(acl_rule) + rule_list.append(TestL3fwdacl.default_rule) + self.create_acl_ipv6_db(rule_list) + + self.start_l3fwdacl() + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv6_packet_match(acl_rule, tx_port, rx_port) + out2 =3D self.send_ipv6_packet_not_match(acl_rule, tx_port,=20 + rx_port) + + self.dut.send_expect("^C", "#", 20) + self.verify(out1 <=3D 0, "Rx port receive unexpected packet") + self.verify(out2 >=3D 1, "Rx port not receive expected packet") + + def invalid_acl_ipv4_test(self, acl_rule): + """ + Basic test for l3fwal-acl with invalid rule + """ + + rule_list =3D [] + rule_list.append(acl_rule) + rule_list.append(TestL3fwdacl.default_rule) + self.create_acl_ipv4_db(rule_list) + + cmdline =3D '%s/l3fwd-acl -c %s -n %d -- -p %s --config=3D"(%d,0,2= ),(%d,0,3)" --rule_ipv4=3D"%s" --rule_ipv6=3D"%s"' % \ + (TestL3fwdacl.exe_path, self.core_mask, self.dut.get_mem= ory_channels(), + self.port_mask, self.dut_ports[0], self.dut_ports[1], + TestL3fwdacl.acl_ipv4_db, TestL3fwdacl.acl_ipv6_db) + + out =3D self.dut.send_expect(cmdline, "# ", 30) + self.verify("rules error" in out, "l3fwd not detect invalid rule") + self.dut.send_expect("^C", "#", 5) + + def invalid_acl_ipv6_test(self, acl_rule): + """ + Basic test for l3fwal-acl with invalid rule + """ + + rule_list =3D [] + rule_list.append(acl_rule) + rule_list.append(TestL3fwdacl.default_rule) + self.create_acl_ipv6_db(rule_list) + + cmdline =3D '%s/l3fwd-acl -c %s -n %d -- -p %s --config=3D"(%d,0,2= ),(%d,0,3)" --rule_ipv4=3D"%s" --rule_ipv6=3D"%s"' % \ + (TestL3fwdacl.exe_path, self.core_mask, self.dut.get_mem= ory_channels(), + self.port_mask, self.dut_ports[0], self.dut_ports[1], + TestL3fwdacl.acl_ipv4_db, TestL3fwdacl.acl_ipv6_db) + + out =3D self.dut.send_expect(cmdline, "# ", 30) + self.verify("rules error" in out, "l3fwd not detect invalid rule") + self.dut.send_expect("^C", "#", 5) + + def set_up_all(self): + """ + Run at the start of each test suite. + + l3fwd Acl Prerequisites + """ + + # Based on h/w type, choose how many dut_ports to use + ports =3D self.dut.get_ports(self.nic) + + # Verify that enough dut_ports are available + self.verify(len(ports) >=3D 2, "Insufficient dut_ports for speed=20 + testing") + + # Verify that enough threads are available + cores =3D self.dut.get_core_list("2S/4C/2T") + self.verify(cores is not None, "Insufficient cores for speed=20 + testing") + + self.core_mask =3D utils.create_mask(cores) + print "Core mask: %s" % self.core_mask + + valid_ports =3D [port for port in ports if self.tester.get_local_p= ort(port) !=3D -1] + self.verify( + len(valid_ports) >=3D 2, "Insufficient active dut_ports for=20 + speed testing") + + self.dut_ports =3D valid_ports + print "Valid ports found in DUT: %s" % self.dut_ports + + self.port_mask =3D utils.create_mask([self.dut_ports[0], self.dut_= ports[1]]) + print "Port mask: %s" % self.port_mask + + TestL3fwdacl.default_rule["Port"] =3D self.dut_ports[1] + + # compile l3fwd-acl + out =3D self.dut.send_expect("make -C examples/l3fwd-acl", "# ") + self.verify("Error" not in out, "compilation error 1") + self.verify("No such file" not in out, "compilation error 2") + + return "SUCCESS" + + def test_l3fwdacl_acl_rule(self): + """ + l3fwd Access Control match ACL rule test + """ + + self.rule_cfg_init(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + for acl_rule in TestL3fwdacl.acl_ipv4_rule_list: + self.basic_acl_ipv4_test(acl_rule) + + for acl_rule in TestL3fwdacl.acl_ipv6_rule_list: + self.basic_acl_ipv6_test(acl_rule) + + self.rule_cfg_delete(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + return "SUCCESS" + + def test_l3fwdacl_exact_route(self): + """ + l3fwd Access Control match Exact route rule test + """ + + self.rule_cfg_init(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + rule_list_ipv4 =3D [] + + TestL3fwdacl.exact_rule_list_ipv4[0]["Port"] =3D self.dut_ports[0] + TestL3fwdacl.exact_rule_list_ipv4[1]["Port"] =3D=20 + self.dut_ports[1] + + rule_list_ipv4.append(TestL3fwdacl.exact_rule_list_ipv4[0]) + rule_list_ipv4.append(TestL3fwdacl.exact_rule_list_ipv4[1]) + self.create_acl_ipv4_db(rule_list_ipv4) + + self.start_l3fwdacl() + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv4_packet_match(TestL3fwdacl.exact_rule_list_= ipv4[0], tx_port, tx_port) + out2 =3D=20 + self.send_ipv4_packet_match(TestL3fwdacl.exact_rule_list_ipv4[1],=20 + tx_port, rx_port) + + self.dut.send_expect("^C", "#", 20) + + self.verify(out1 >=3D 1, "Rx port0 not receive expected packet") + self.verify(out2 >=3D 1, "Rx port1 not receive expected packet") + + rule_list_ipv6 =3D [] + + TestL3fwdacl.exact_rule_list_ipv6[0]["Port"] =3D self.dut_ports[0] + TestL3fwdacl.exact_rule_list_ipv6[1]["Port"] =3D=20 + self.dut_ports[1] + + rule_list_ipv6.append(TestL3fwdacl.exact_rule_list_ipv6[0]) + rule_list_ipv6.append(TestL3fwdacl.exact_rule_list_ipv6[1]) + self.create_acl_ipv6_db(rule_list_ipv6) + + self.start_l3fwdacl() + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv6_packet_match(TestL3fwdacl.exact_rule_list_= ipv6[0], tx_port, tx_port) + out2 =3D=20 + self.send_ipv6_packet_match(TestL3fwdacl.exact_rule_list_ipv6[1],=20 + tx_port, rx_port) + + self.dut.send_expect("^C", "#", 20) + + self.verify(out1 >=3D 1, "Rx port0 not receive expected packet") + self.verify(out2 >=3D 1, "Rx port1 not receive expected packet") + + self.rule_cfg_delete(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + return "SUCCESS" + + def test_l3fwdacl_lpm_route(self): + """ + l3fwd Access Control match Lpm route rule test + """ + + self.rule_cfg_init(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + rule_list_ipv4 =3D [] + + TestL3fwdacl.lpm_rule_list_ipv4[0]["Port"] =3D self.dut_ports[0] + TestL3fwdacl.lpm_rule_list_ipv4[1]["Port"] =3D self.dut_ports[1] + + rule_list_ipv4.append(TestL3fwdacl.lpm_rule_list_ipv4[0]) + rule_list_ipv4.append(TestL3fwdacl.lpm_rule_list_ipv4[1]) + self.create_acl_ipv4_db(rule_list_ipv4) + + self.start_l3fwdacl() + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv4_packet_match(TestL3fwdacl.lpm_rule_list_ip= v4[0], tx_port, tx_port) + out2 =3D=20 + self.send_ipv4_packet_match(TestL3fwdacl.lpm_rule_list_ipv4[1],=20 + tx_port, rx_port) + + self.dut.send_expect("^C", "#", 20) + + self.verify(out1 >=3D 1, "Rx port0 not receive expected packet") + self.verify(out2 >=3D 1, "Rx port1 not receive expected packet") + + rule_list_ipv6 =3D [] + + TestL3fwdacl.lpm_rule_list_ipv6[0]["Port"] =3D self.dut_ports[0] + TestL3fwdacl.lpm_rule_list_ipv6[1]["Port"] =3D self.dut_ports[1] + + rule_list_ipv6.append(TestL3fwdacl.lpm_rule_list_ipv6[0]) + rule_list_ipv6.append(TestL3fwdacl.lpm_rule_list_ipv6[1]) + self.create_acl_ipv6_db(rule_list_ipv6) + + self.start_l3fwdacl() + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv6_packet_match(TestL3fwdacl.lpm_rule_list_ip= v6[0], tx_port, tx_port) + out2 =3D=20 + self.send_ipv6_packet_match(TestL3fwdacl.lpm_rule_list_ipv6[1],=20 + tx_port, rx_port) + + self.dut.send_expect("^C", "#", 20) + + self.verify(out1 >=3D 1, "Rx port0 not receive expected packet") + self.verify(out2 >=3D 1, "Rx port1 not receive expected packet") + + self.rule_cfg_delete(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + return "SUCCESS" + + def test_l3fwdacl_scalar(self): + """ + l3fwd Access Control match with Scalar function test + """ + + self.rule_cfg_init(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + rule_list_ipv4 =3D [] + rule_list_ipv4.append(TestL3fwdacl.scalar_rule_list_ipv4[0]) + rule_list_ipv4.append(TestL3fwdacl.default_rule) + self.create_acl_ipv4_db(rule_list_ipv4) + + self.start_l3fwdacl(scalar=3DTrue) + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv4_packet_match(TestL3fwdacl.scalar_rule_list= _ipv4[0], tx_port, rx_port) + out2 =3D=20 + self.send_ipv4_packet_not_match(TestL3fwdacl.scalar_rule_list_ipv4[0],=20 + tx_port, rx_port) + + self.dut.send_expect("^C", "#", 20) + + self.verify(out1 <=3D 0, "Rx port received unexpected packet") + self.verify(out2 >=3D 1, "Rx port not receive expected packet") + + rule_list_ipv6 =3D [] + rule_list_ipv6.append(TestL3fwdacl.scalar_rule_list_ipv6[0]) + rule_list_ipv6.append(TestL3fwdacl.default_rule) + self.create_acl_ipv6_db(rule_list_ipv6) + + self.start_l3fwdacl(scalar=3DTrue) + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv6_packet_match(TestL3fwdacl.scalar_rule_list= _ipv6[0], tx_port, rx_port) + out2 =3D=20 + self.send_ipv6_packet_not_match(TestL3fwdacl.scalar_rule_list_ipv6[0],=20 + tx_port, rx_port) + + self.dut.send_expect("^C", "#", 20) + + self.verify(out1 <=3D 0, "Rx port received unexpected packet") + self.verify(out2 >=3D 1, "Rx port not receive expected packet") + + self.rule_cfg_delete(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + return "SUCCESS" + + def test_l3fwdacl_invalid(self): + """ + l3fwd Access Control handle Invalid rule test + """ + + self.rule_cfg_init(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + for acl_rule in TestL3fwdacl.invalid_rule_ipv4_list: + self.invalid_acl_ipv4_test(acl_rule) + + for acl_rule in TestL3fwdacl.invalid_rule_ipv6_list: + self.invalid_acl_ipv6_test(acl_rule) + + rule_list_ipv4 =3D [] + rule_list_ipv4.append(TestL3fwdacl.invalid_port_rule_ipv4) + self.create_acl_ipv4_db(rule_list_ipv4) + + cmdline =3D '%s/l3fwd-acl -c %s -n %d -- -p %s --config=3D"(%d,0,2= ),(%d,0,3)" --rule_ipv4=3D"%s" --rule_ipv6=3D"%s" --scalar' % \ + (TestL3fwdacl.exe_path, self.core_mask, self.dut.get_mem= ory_channels(), + self.port_mask, self.dut_ports[0], self.dut_ports[1], + TestL3fwdacl.acl_ipv4_db, TestL3fwdacl.acl_ipv6_db) + + out =3D self.dut.send_expect(cmdline, "# ", 30) + self.verify("fwd number illegal" in out, "l3fwd not detect=20 + invalid port") + + rule_list_ipv6 =3D [] + rule_list_ipv6.append(TestL3fwdacl.invalid_port_rule_ipv6) + self.create_acl_ipv6_db(rule_list_ipv6) + + cmdline =3D '%s/l3fwd-acl -c %s -n %d -- -p %s --config=3D"(%d,0,2= ),(%d,0,3)" --rule_ipv4=3D"%s" --rule_ipv6=3D"%s" --scalar' % \ + (TestL3fwdacl.exe_path, self.core_mask, self.dut.get_mem= ory_channels(), + self.port_mask, self.dut_ports[0], self.dut_ports[1], + TestL3fwdacl.acl_ipv4_db, TestL3fwdacl.acl_ipv6_db) + + out =3D self.dut.send_expect(cmdline, "# ", 30) + self.verify("fwd number illegal" in out, "l3fwd not detect=20 + invalid port") + + self.rule_cfg_delete(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + return "SUCCESS" -- 2.7.4