From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 4CD8E568A for ; Mon, 18 Feb 2019 11:07:02 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Feb 2019 02:07:01 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,384,1544515200"; d="scan'208";a="123283418" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga007.fm.intel.com with ESMTP; 18 Feb 2019 02:07:01 -0800 Received: from fmsmsx122.amr.corp.intel.com (10.18.125.37) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 18 Feb 2019 02:07:01 -0800 Received: from shsmsx107.ccr.corp.intel.com (10.239.4.96) by fmsmsx122.amr.corp.intel.com (10.18.125.37) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 18 Feb 2019 02:07:01 -0800 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.110]) by SHSMSX107.ccr.corp.intel.com ([169.254.9.162]) with mapi id 14.03.0415.000; Mon, 18 Feb 2019 18:06:59 +0800 From: "Wu, ChangqingX" To: "Ma, LihongX" , "dts@dpdk.org" CC: "Ma, LihongX" Thread-Topic: [dts] [PATCH V2] Add test suite of l3fwdacl Thread-Index: AQHUxDKEDm+bM1JitEKAqLn5EtkzbqXlWvTw Date: Mon, 18 Feb 2019 10:06:58 +0000 Message-ID: <7F81DD3887C58F49A6B2EFEC3C28E22E0B6A23B5@SHSMSX101.ccr.corp.intel.com> References: <1550101100-17747-1-git-send-email-lihongx.ma@intel.com> In-Reply-To: <1550101100-17747-1-git-send-email-lihongx.ma@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dts] [PATCH V2] Add test suite of l3fwdacl X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2019 10:07:04 -0000 Tested-by: Wu, ChangqingX -----Original Message----- From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of lihong Sent: Thursday, February 14, 2019 7:38 AM To: dts@dpdk.org Cc: Ma, LihongX Subject: [dts] [PATCH V2] Add test suite of l3fwdacl Signed-off-by: lihong --- tests/TestSuite_l3fwdacl.py | 874 ++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 874 insertions(+) create mode 100644 tests/TestSuite_l3fwdacl.py diff --git a/tests/TestSuite_l3fwdacl.py b/tests/TestSuite_l3fwdacl.py new = file mode 100644 index 0000000..221417a --- /dev/null +++ b/tests/TestSuite_l3fwdacl.py @@ -0,0 +1,874 @@ +# BSD LICENSE +# +# Copyright(c) 2010-2019 Intel Corporation. All rights reserved. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without #=20 +modification, are permitted provided that the following conditions #=20 +are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS #=20 +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT #=20 +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR #=20 +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT #=20 +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, #=20 +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT #=20 +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, #=20 +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY #=20 +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT #=20 +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE #=20 +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +""" +DPDK Test suite +Layer-3 forwarding ACL test script. +""" + +import re +import utils +import time +from test_case import TestCase + +class TestL3fwdacl(TestCase): + + exe_path =3D "./examples/l3fwd-acl/build" + all_ipv4_addresses =3D "0.0.0.0/0" + all_ipv6_addresses =3D "0:0:0:0:0:0:0:0/0" + all_ports =3D "0 : 65535" + all_protocols =3D "0x00/0x00" + + core_list_configs =3D { + "1S/1C/1T": {"config": "", "mask": "", "ports": []}, + "1S/1C/2T": {"config": "", "mask": "", "ports": []}, + "1S/2C/1T": {"config": "", "mask": "", "ports": []}, + "2S/1C/1T": {"config": "", "mask": "", "ports": []}, + } + + default_rule =3D {"Type": "ROUTE", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", + "Port": "1"} + + acl_ipv4_rule_list =3D [ + {"Type": "ACL", "sIpAddr": "200.10.0.1/32", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", "Port": ""}, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "100.10.0.1/32", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", "Port": ""}, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "11 : 11", "dPort": "ALL", "Protocol": "ALL", "Port": ""= }, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "101 : 101", "Protocol": "ALL", "Port": = ""}, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "0x06/0xff", "Port": = ""}, + {"Type": "ACL", "sIpAddr": "200.10.0.1/32", "dIpAddr": "100.10.0.1= /32", + "sPort": "11 : 11", "dPort": "101 : 101", "Protocol": "0x06/0xff"= , + "Port": ""} + ] + + acl_ipv6_rule_list =3D [ + {"Type": "ACL", "sIpAddr": "2001:0db8:85a3:08d3:1319:8a2e:0370:734= 4/128", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", "Port": ""}, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "2002:0db8:85a3:08d3:= 1319:8a2e:0370:7344/128", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", "Port": ""}, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "11 : 11", "dPort": "ALL", "Protocol": "ALL", "Port": ""= }, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "101 : 101", "Protocol": "ALL", "Port": = ""}, + {"Type": "ACL", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "0x06/0xff", "Port": = ""}, + {"Type": "ACL", "sIpAddr": "2001:0db8:85a3:08d3:1319:8a2e:0370:734= 4/128", "dIpAddr": "2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128", + "sPort": "11 : 11", "dPort": "101 : 101", "Protocol": "0x06/0xff"= , "Port": ""}, + ] + + exact_rule_list_ipv4 =3D [ + {"Type": "ROUTE", "sIpAddr": "200.10.0.1/32", + "dIpAddr": "100.10.0.1/32", "sPort": "11 : 11", + "dPort": "101 : 101", "Protocol": "0x06/0xff", "Port": "0"}, + {"Type": "ROUTE", "sIpAddr": "200.20.0.1/32", + "dIpAddr": "100.20.0.1/32", "sPort": "12 : 12", + "dPort": "102 : 102", "Protocol": "0x06/0xff", "Port": "1"}, + ] + + exact_rule_list_ipv6 =3D [ + {"Type": "ROUTE", "sIpAddr": "2001:0db8:85a3:08d3:1319:8a2e:0370:7= 344/128", "dIpAddr": "2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128", + "sPort": "11 : 11", "dPort": "101 : 101", "Protocol": "0x06/0xff"= , "Port": "0"}, + {"Type": "ROUTE", "sIpAddr": "2001:0db8:85a3:08d3:1319:8a2e:0370:7= 344/128", "dIpAddr": "2002:0db8:85a3:08d3:1319:8a2e:0370:7344/128", + "sPort": "12 : 12", "dPort": "102 : 102", "Protocol": "0x06/0xff"= , "Port": "1"}, + ] + + lpm_rule_list_ipv4 =3D [ + {"Type": "ROUTE", "sIpAddr": "0.0.0.0/0", "dIpAddr": "1.1.1.0/24", + "sPort": "0 : 65535", "dPort": "0 : 65535", "Protocol": "0x00/0x0= 0", + "Port": "0"}, + {"Type": "ROUTE", "sIpAddr": "0.0.0.0/0", "dIpAddr": "2.1.1.0/24", + "sPort": "0 : 65535", "dPort": "0 : 65535", "Protocol": "0x00/0x0= 0", + "Port": "1"}, + ] + + lpm_rule_list_ipv6 =3D [ + {"Type": "ROUTE", "sIpAddr": "0:0:0:0:0:0:0:0/0", "dIpAddr": "1:1:= 1:1:1:1:0:0/96", + "sPort": "0 : 65535", "dPort": "0 : 65535", "Protocol": "0x00/0x0= 0", "Port": "0"}, + {"Type": "ROUTE", "sIpAddr": "0:0:0:0:0:0:0:0/0", "dIpAddr": "2:1:= 1:1:1:1:0:0/96", + "sPort": "0 : 65535", "dPort": "0 : 65535", "Protocol": "0x00/0x0= 0", "Port": "1"}, + ] + + scalar_rule_list_ipv4 =3D [ + {"Type": "ACL", "sIpAddr": "200.10.0.1/32", "dIpAddr": "100.10.0.1= /32", + "sPort": "11 : 11", "dPort": "101 : 101", "Protocol": "0x06/0xff"= , + "Port": ""}, + ] + + scalar_rule_list_ipv6 =3D [ + {"Type": "ACL", "sIpAddr": "2001:0db8:85a3:08d3:1319:8a2e:0370:734= 4/128", "dIpAddr": "2002:0db8:85a3:08d3:1319:8a2e:0370:7344/101", + "sPort": "11 : 11", "dPort": "101 : 101", "Protocol": "0x06/0xff"= , + "Port": ""}, + ] + + invalid_rule_ipv4_list =3D [ + {"Type": "ROUTE", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "12 : 11", "dPort": "ALL", "Protocol": "ALL", "Port": "0= "}, + {"Type": "@R", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", "Port": "0"}, + {"Type": "ROUTE", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "", "Port": ""}, + ] + + invalid_rule_ipv6_list =3D [ + {"Type": "ROUTE", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "12 : 11", "dPort": "ALL", "Protocol": "ALL", "Port": "0= "}, + {"Type": "@R", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "ALL", "Port": "0"}, + {"Type": "ROUTE", "sIpAddr": "ALL", "dIpAddr": "ALL", + "sPort": "ALL", "dPort": "ALL", "Protocol": "", "Port": ""}, + ] + + invalid_port_rule_ipv4 =3D {"Type": "ROUTE", "sIpAddr": "200.10.0.1/32= ", + "dIpAddr": "100.10.0.1/32", "sPort": "11 : 1= 1", + "dPort": "101 : 101", "Protocol": "0x06/0xff= ", + "Port": "99"} + + invalid_port_rule_ipv6 =3D {"Type": "ACL", "sIpAddr": "2001:0db8:85a3:= 08d3:1319:8a2e:0370:7344/128", "dIpAddr": "2002:0db8:85a3:08d3:1319:8a2e:03= 70:7344/101", + "sPort": "11 : 11", "dPort": "101 : 101",=20 + "Protocol": "0x06/0xff", "Port": "99"} + + acl_ipv4_db =3D "/root/rule_ipv4.db" + acl_ipv6_db =3D "/root/rule_ipv6.db" + rule_format =3D "%s%s %s %s %s %s %s" + default_core_config =3D "1S/4C/1T" + + # Utility methods and other non-test code. + def start_l3fwdacl(self, scalar=3DFalse): + + extra_args =3D '' + + if scalar: + extra_args =3D '--scalar' + + cmdline =3D '%s/l3fwd-acl -c %s -n %d -- -p %s --config=3D"(%d,0,2= ),(%d,0,3)" --rule_ipv4=3D"%s" --rule_ipv6=3D"%s" %s' % \ + (TestL3fwdacl.exe_path, self.core_mask, self.dut.get_mem= ory_channels(), + self.port_mask, self.dut_ports[0], self.dut_ports[1], + TestL3fwdacl.acl_ipv4_db, + TestL3fwdacl.acl_ipv6_db, + extra_args) + + out =3D self.dut.send_expect(cmdline, "L3FWD:", 30) + + def get_core_list(self): + + self.sock0ports =3D self.dut.get_ports(self.nic, socket=3D0) + self.sock1ports =3D self.dut.get_ports(self.nic, socket=3D1) + + if len(self.sock0ports) > 0 and len(self.sock1ports) > 0: + return self.dut.get_core_list("2S/4C/2T") + else: + return self.dut.get_core_list("1S/4C/1T") + + def rule_cfg_init(self, acl_ipv4_db, acl_ipv6_db): + """ + initialize the acl rule file + """ + if acl_ipv4_db: + self.dut.send_expect("echo '' > %s" % acl_ipv4_db, "# ") + self.dut.send_expect("echo 'R0.0.0.0/0 0.0.0.0/0 0 : 65535 0 := 65535 0x00/0x00 %s' >> %s" % (self.dut_ports[1], acl_ipv4_db), "# ") + if acl_ipv6_db: + self.dut.send_expect("echo '' > %s" % acl_ipv6_db, "# ") + self.dut.send_expect("echo 'R0:0:0:0:0:0:0:0/0=20 + 0:0:0:0:0:0:0:0/0 0 : 65535 0 : 65535 0x00/0x00 %s' >> %s" %=20 + (self.dut_ports[1], acl_ipv6_db), "# ") + + def rule_cfg_delete(self, acl_ipv4_db, acl_ipv6_db): + """ + delete the acle rule file + """ + self.dut.send_expect("rm -rf %s" % acl_ipv4_db, "# ") + self.dut.send_expect("rm -rf %s" % acl_ipv6_db, "# ") + + def create_ipv4_ip_not_match(self, ip_address): + """ + generate ip not match rule ip + """ + match =3D r"(\d+).(\d+).(\d+).(\d+)/(\d+)" + m =3D re.search(match, ip_address) + + ip1 =3D int(m.group(1)) + ip2 =3D int(m.group(2)) + ip3 =3D int(m.group(3)) + ip4 =3D int(m.group(4)) + mask_len =3D int(m.group(5)) + + ip =3D ip1 << 24 | ip2 << 16 | ip3 << 8 | ip4 + ip_diff =3D ((ip >> (32 - mask_len)) + 1) << (32 - mask_len) + + ip1 =3D (ip_diff & 0xff000000) >> 24 + ip2 =3D (ip_diff & 0x00ff0000) >> 16 + ip3 =3D (ip_diff & 0x0000ff00) >> 8 + ip4 =3D ip_diff & 0xff + + return "%d.%d.%d.%d/32" % (ip1, ip2, ip3, ip4) + + def create_ipv6_ip_not_match(self, ip_address): + """ + generate ip not match rule ip + """ + return "0:0:0:0:0:0:0:1/128" + + def create_port_not_match(self, port): + """ + generate port number not match rule + """ + return "0 : 0" + + def send_ipv4_packet_not_match(self, rule, tx_port, rx_port): + """ + send a packet not match rule and return whether forwarded + """ + tx_interface =3D self.tester.get_interface(tx_port) + rx_interface =3D self.tester.get_interface(rx_port) + if rule["sIpAddr"] !=3D "ALL": + rule["sIpAddr"] =3D self.create_ipv4_ip_not_match(rule["sIpAdd= r"]) + if rule["dIpAddr"] !=3D "ALL": + rule["dIpAddr"] =3D self.create_ipv4_ip_not_match(rule["dIpAdd= r"]) + if rule["sPort"] !=3D "ALL": + rule["sPort"] =3D self.create_port_not_match(rule["sPort"]) + if rule["dPort"] !=3D "ALL": + rule["dPort"] =3D self.create_port_not_match(rule["dPort"]) + if rule["Protocol"] !=3D "ALL": + if "6" in rule["Protocol"]: + rule["Protocol"] =3D "0x11/0xff" + else: + rule["Protocol"] =3D "0x6/0xff" + + ethernet_str =3D self.create_ipv4_rule_string(rule, "Ether") + + dst_filter =3D {'layer': 'ether', 'config': {'dst': 'not ff:ff:ff:= ff:ff:ff'}} + filters =3D [dst_filter] + inst =3D self.tester.tcpdump_sniff_packets(rx_interface,=20 + timeout=3D5, filters=3Dfilters) + + self.tester.scapy_append('sendp([%s],iface=3D"%s")' % (ethernet_st= r, tx_interface)) + self.tester.scapy_execute() + out =3D self.remove_dhcp_from_revpackets(inst) + return len(out) + + def send_ipv6_packet_not_match(self, rule, tx_port, rx_port): + """ + send a packet not match rule and return whether forwardeid + """ + tx_interface =3D self.tester.get_interface(tx_port) + rx_interface =3D self.tester.get_interface(rx_port) + if rule["sIpAddr"] !=3D "ALL": + rule["sIpAddr"] =3D self.create_ipv6_ip_not_match(rule["sIpAdd= r"]) + if rule["dIpAddr"] !=3D "ALL": + rule["dIpAddr"] =3D self.create_ipv6_ip_not_match(rule["dIpAdd= r"]) + if rule["sPort"] !=3D "ALL": + rule["sPort"] =3D self.create_port_not_match(rule["sPort"]) + if rule["dPort"] !=3D "ALL": + rule["dPort"] =3D self.create_port_not_match(rule["dPort"]) + if rule["Protocol"] !=3D "ALL": + if "6" in rule["Protocol"]: + rule["Protocol"] =3D "0x11/0xff" + else: + rule["Protocol"] =3D "0x6/0xff" + + ethernet_str =3D self.create_ipv6_rule_string(rule, "Ether") + + fil =3D [{'layer': 'ether', 'config': {'dst': 'not ff:ff:ff:ff:ff:= ff'}}] + inst =3D self.tester.tcpdump_sniff_packets(rx_interface,=20 + timeout=3D5, filters=3Dfil) + + self.tester.scapy_append('sendp([%s],iface=3D"%s")' % (ethernet_st= r, tx_interface)) + self.tester.scapy_execute() + time.sleep(3) + out =3D self.remove_dhcp_from_revpackets(inst) + return len(out) + + def send_ipv4_packet_match(self, rule, tx_port, rx_port): + """ + send a packet match rule and return whether forwarded + """ + tx_interface =3D self.tester.get_interface(tx_port) + rx_interface =3D self.tester.get_interface(rx_port) + etherStr =3D self.create_ipv4_rule_string(rule, "Ether") + + dst_filter =3D {'layer': 'ether', 'config': {'dst': 'not ff:ff:ff:= ff:ff:ff'}} + filters =3D [dst_filter] + inst =3D self.tester.tcpdump_sniff_packets(rx_interface, timeout= =3D5, filters=3Dfilters) + self.tester.scapy_append('sendp([%s],iface=3D"%s")' % (etherStr, t= x_interface)) + self.tester.scapy_execute() + + out =3D self.remove_dhcp_from_revpackets(inst) + return len(out) + + def send_ipv6_packet_match(self, rule, tx_port, rx_port): + """ + send a packet match rule and return whether forwarded + """ + tx_interface =3D self.tester.get_interface(tx_port) + rx_interface =3D self.tester.get_interface(rx_port) + etherStr =3D self.create_ipv6_rule_string(rule, "Ether") + + fil =3D [{'layer': 'ether', 'config': {'dst': 'not ff:ff:ff:ff:ff:= ff'}}] + inst =3D self.tester.tcpdump_sniff_packets(rx_interface,=20 + timeout=3D5, filters=3Dfil) + + self.tester.scapy_append('sendp([%s],iface=3D"%s")' % (etherStr, t= x_interface)) + self.tester.scapy_execute() + time.sleep(3) + + out =3D self.remove_dhcp_from_revpackets(inst) + return len(out) + + def remove_dhcp_from_revpackets(self, inst): + pkts =3D self.tester.load_tcpdump_sniff_packets(inst) + i =3D 0 + while len(pkts) !=3D 0 and i <=3D len(pkts) - 1: + if pkts[i].pktgen.pkt.haslayer('DHCP'): + pkts.remove(pkts[i]) + i =3D i - 1 + i =3D i + 1 + return pkts + + def create_ipv4_rule_string(self, rule, rule_type): + """ + generate related string from rule + """ + acl_promt =3D "" + source_ip =3D "" + source_ip_addr =3D "" + destination_ip =3D "" + destination_ip_addr =3D "" + source_port =3D "" + source_port_num =3D "" + destination_port =3D "" + destination_port_numer =3D "" + protocol =3D "" + protocol_str =3D "" + + if rule["Type"] =3D=3D "ACL": + acl_promt =3D "@" + elif rule["Type"] =3D=3D "ROUTE": + acl_promt =3D "R" + else: + acl_promt =3D rule["Type"] + + if rule["sIpAddr"] =3D=3D "ALL": + source_ip =3D TestL3fwdacl.all_ipv4_addresses + source_ip_addr =3D "200.10.0.1" + else: + source_ip =3D rule["sIpAddr"] + source_ip_addr =3D rule["sIpAddr"].split('/')[0] + + if rule["dIpAddr"] =3D=3D "ALL": + destination_ip =3D TestL3fwdacl.all_ipv4_addresses + destination_ip_addr =3D "100.10.0.1" + else: + destination_ip =3D rule["dIpAddr"] + destination_ip_addr =3D rule["dIpAddr"].split('/')[0] + + if rule["sPort"] =3D=3D "ALL": + source_port =3D TestL3fwdacl.all_ports + source_port_num =3D "11" + else: + source_port =3D rule["sPort"] + source_port_num =3D rule["sPort"].split(' ')[0] + + if rule["dPort"] =3D=3D "ALL": + destination_port =3D TestL3fwdacl.all_ports + destination_port_numer =3D "101" + else: + destination_port =3D rule["dPort"] + destination_port_numer =3D rule["dPort"].split(' ')[0] + + if rule["Protocol"] =3D=3D "ALL": + protocol =3D TestL3fwdacl.all_protocols + protocol_str =3D "UDP" + else: + protocol =3D rule["Protocol"] + if "6" in rule["Protocol"]: + protocol_str =3D "TCP" + else: + protocol_str =3D "UDP" + + port =3D rule["Port"] + + destination_mac =3D self.dut.get_mac_address(self.dut_ports[0]) + + rule_str =3D TestL3fwdacl.rule_format % (acl_promt, source_ip, + destination_ip, + source_port, + destination_port, + protocol, + port) + + ether_str =3D 'Ether(dst=3D"%s")/IP(src=3D"%s",dst=3D"%s")/%s(spor= t=3D%s,dport=3D%s)' % \ + (destination_mac, source_ip_addr, destination_ip_addr, + protocol_str, source_port_num,=20 + destination_port_numer) + + if rule_type =3D=3D "DataBase": + return rule_str + elif rule_type =3D=3D "Ether": + return ether_str + + def create_ipv6_rule_string(self, rule, rule_type): + """ + generate related string from rule + """ + acl_promt =3D "" + source_ip =3D "" + source_ip_addr =3D "" + destination_ip =3D "" + destination_ip_addr =3D "" + source_port =3D "" + source_port_num =3D "" + destination_port =3D "" + destination_port_numer =3D "" + protocol =3D "" + protocol_str =3D "" + + if rule["Type"] =3D=3D "ACL": + acl_promt =3D "@" + elif rule["Type"] =3D=3D "ROUTE": + acl_promt =3D "R" + else: + acl_promt =3D rule["Type"] + + if rule["sIpAddr"] =3D=3D "ALL": + source_ip =3D TestL3fwdacl.all_ipv6_addresses + source_ip_addr =3D "200:0:0:0:0:0:0:1" + else: + source_ip =3D rule["sIpAddr"] + source_ip_addr =3D rule["sIpAddr"].split('/')[0] + + if rule["dIpAddr"] =3D=3D "ALL": + destination_ip =3D TestL3fwdacl.all_ipv6_addresses + destination_ip_addr =3D "100:0:0:0:0:0:0:1" + else: + destination_ip =3D rule["dIpAddr"] + destination_ip_addr =3D rule["dIpAddr"].split('/')[0] + + if rule["sPort"] =3D=3D "ALL": + source_port =3D TestL3fwdacl.all_ports + source_port_num =3D "11" + else: + source_port =3D rule["sPort"] + source_port_num =3D rule["sPort"].split(' ')[0] + + if rule["dPort"] =3D=3D "ALL": + destination_port =3D TestL3fwdacl.all_ports + destination_port_numer =3D "101" + else: + destination_port =3D rule["dPort"] + destination_port_numer =3D rule["dPort"].split(' ')[0] + + if rule["Protocol"] =3D=3D "ALL": + protocol =3D TestL3fwdacl.all_protocols + protocol_str =3D "UDP" + else: + protocol =3D rule["Protocol"] + if "6" in rule["Protocol"]: + protocol_str =3D "TCP" + else: + protocol_str =3D "UDP" + + port =3D rule["Port"] + + destination_mac =3D self.dut.get_mac_address(self.dut_ports[0]) + + rule_str =3D TestL3fwdacl.rule_format % (acl_promt, source_ip, + destination_ip, + source_port, + destination_port, + protocol, + port) + + ether_str =3D 'Ether(dst=3D"%s")/IPv6(src=3D"%s",dst=3D"%s")/%s(sp= ort=3D%s,dport=3D%s)' % \ + (destination_mac, source_ip_addr, destination_ip_addr, + protocol_str, source_port_num,=20 + destination_port_numer) + + if rule_type =3D=3D "DataBase": + return rule_str + elif rule_type =3D=3D "Ether": + return ether_str + + def create_acl_ipv4_db(self, rule_list): + """ + create rule.db from rule_list + """ + + self.dut.send_expect("echo '' > %s" % TestL3fwdacl.acl_ipv4_db, "#= ") + for rule in rule_list: + rule_str =3D self.create_ipv4_rule_string(rule, rule_type=3D"D= ataBase") + self.dut.send_expect("echo %s >> %s" % (rule_str, + =20 + TestL3fwdacl.acl_ipv4_db), "# ") + + return + + def create_acl_ipv6_db(self, rule_list): + """ + create rule.db from rule_list + """ + + self.dut.send_expect("echo '' > %s" % TestL3fwdacl.acl_ipv6_db, "#= ") + for rule in rule_list: + rule_str =3D self.create_ipv6_rule_string(rule, rule_type=3D"D= ataBase") + self.dut.send_expect("echo %s >> %s" % (rule_str, + =20 + TestL3fwdacl.acl_ipv6_db), "# ") + + return + + def basic_acl_ipv4_test(self, acl_rule): + """ + Bbasic test for l3fwal-acl + """ + rule_list =3D [] + rule_list.append(acl_rule) + rule_list.append(TestL3fwdacl.default_rule) + self.create_acl_ipv4_db(rule_list) + + self.start_l3fwdacl() + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv4_packet_match(acl_rule, tx_port, rx_port) + out2 =3D self.send_ipv4_packet_not_match(acl_rule, tx_port,=20 + rx_port) + + self.dut.send_expect("^C", "#", 20) + self.verify(out1 <=3D0, "Rx port receive unexpected packet") + self.verify(out2 >=3D 1, "Rx port not receive expected packet") + + def basic_acl_ipv6_test(self, acl_rule): + """ + Basic test for l3fwd-acl with ipv6 packets + """ + rule_list =3D [] + rule_list.append(acl_rule) + rule_list.append(TestL3fwdacl.default_rule) + self.create_acl_ipv6_db(rule_list) + + self.start_l3fwdacl() + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv6_packet_match(acl_rule, tx_port, rx_port) + out2 =3D self.send_ipv6_packet_not_match(acl_rule, tx_port,=20 + rx_port) + + self.dut.send_expect("^C", "#", 20) + self.verify(out1 <=3D 0, "Rx port receive unexpected packet") + self.verify(out2 >=3D 1, "Rx port not receive expected packet") + + def invalid_acl_ipv4_test(self, acl_rule): + """ + Basic test for l3fwal-acl with invalid rule + """ + + rule_list =3D [] + rule_list.append(acl_rule) + rule_list.append(TestL3fwdacl.default_rule) + self.create_acl_ipv4_db(rule_list) + + cmdline =3D '%s/l3fwd-acl -c %s -n %d -- -p %s --config=3D"(%d,0,2= ),(%d,0,3)" --rule_ipv4=3D"%s" --rule_ipv6=3D"%s"' % \ + (TestL3fwdacl.exe_path, self.core_mask, self.dut.get_mem= ory_channels(), + self.port_mask, self.dut_ports[0], self.dut_ports[1], + TestL3fwdacl.acl_ipv4_db, TestL3fwdacl.acl_ipv6_db) + + out =3D self.dut.send_expect(cmdline, "# ", 30) + self.verify("rules error" in out, "l3fwd not detect invalid rule") + self.dut.send_expect("^C", "#", 5) + + def invalid_acl_ipv6_test(self, acl_rule): + """ + Basic test for l3fwal-acl with invalid rule + """ + + rule_list =3D [] + rule_list.append(acl_rule) + rule_list.append(TestL3fwdacl.default_rule) + self.create_acl_ipv6_db(rule_list) + + cmdline =3D '%s/l3fwd-acl -c %s -n %d -- -p %s --config=3D"(%d,0,2= ),(%d,0,3)" --rule_ipv4=3D"%s" --rule_ipv6=3D"%s"' % \ + (TestL3fwdacl.exe_path, self.core_mask, self.dut.get_mem= ory_channels(), + self.port_mask, self.dut_ports[0], self.dut_ports[1], + TestL3fwdacl.acl_ipv4_db, TestL3fwdacl.acl_ipv6_db) + + out =3D self.dut.send_expect(cmdline, "# ", 30) + self.verify("rules error" in out, "l3fwd not detect invalid rule") + self.dut.send_expect("^C", "#", 5) + + def set_up_all(self): + """ + Run at the start of each test suite. + + l3fwd Acl Prerequisites + """ + + # Based on h/w type, choose how many dut_ports to use + ports =3D self.dut.get_ports(self.nic) + + # Verify that enough dut_ports are available + self.verify(len(ports) >=3D 2, "Insufficient dut_ports for speed=20 + testing") + + # Verify that enough threads are available + cores =3D self.get_core_list() + self.verify(cores is not None, "Insufficient cores for speed=20 + testing") + + self.core_mask =3D utils.create_mask(cores) + print "Core mask: %s" % self.core_mask + + valid_ports =3D [port for port in ports if self.tester.get_local_p= ort(port) !=3D -1] + self.verify( + len(valid_ports) >=3D 2, "Insufficient active dut_ports for=20 + speed testing") + + self.dut_ports =3D valid_ports + print "Valid ports found in DUT: %s" % self.dut_ports + + self.port_mask =3D utils.create_mask([self.dut_ports[0], self.dut_= ports[1]]) + print "Port mask: %s" % self.port_mask + + TestL3fwdacl.default_rule["Port"] =3D self.dut_ports[1] + + # compile l3fwd-acl + out =3D self.dut.send_expect("make -C examples/l3fwd-acl", "# ") + self.verify("Error" not in out, "compilation error 1") + self.verify("No such file" not in out, "compilation error 2") + + def test_l3fwdacl_acl_rule(self): + """ + l3fwd Access Control match ACL rule test + """ + + self.rule_cfg_init(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + for acl_rule in TestL3fwdacl.acl_ipv4_rule_list: + self.basic_acl_ipv4_test(acl_rule) + + for acl_rule in TestL3fwdacl.acl_ipv6_rule_list: + self.basic_acl_ipv6_test(acl_rule) + + self.rule_cfg_delete(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + def test_l3fwdacl_exact_route(self): + """ + l3fwd Access Control match Exact route rule test + """ + + self.rule_cfg_init(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + rule_list_ipv4 =3D [] + + TestL3fwdacl.exact_rule_list_ipv4[0]["Port"] =3D self.dut_ports[0] + TestL3fwdacl.exact_rule_list_ipv4[1]["Port"] =3D=20 + self.dut_ports[1] + + rule_list_ipv4.append(TestL3fwdacl.exact_rule_list_ipv4[0]) + rule_list_ipv4.append(TestL3fwdacl.exact_rule_list_ipv4[1]) + self.create_acl_ipv4_db(rule_list_ipv4) + + self.start_l3fwdacl() + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv4_packet_match(TestL3fwdacl.exact_rule_list_= ipv4[0], tx_port, tx_port) + out2 =3D=20 + self.send_ipv4_packet_match(TestL3fwdacl.exact_rule_list_ipv4[1],=20 + tx_port, rx_port) + + self.dut.send_expect("^C", "#", 20) + + self.verify(out1 >=3D 1, "Rx port0 not receive expected packet") + self.verify(out2 >=3D 1, "Rx port1 not receive expected packet") + + rule_list_ipv6 =3D [] + + TestL3fwdacl.exact_rule_list_ipv6[0]["Port"] =3D self.dut_ports[0] + TestL3fwdacl.exact_rule_list_ipv6[1]["Port"] =3D=20 + self.dut_ports[1] + + rule_list_ipv6.append(TestL3fwdacl.exact_rule_list_ipv6[0]) + rule_list_ipv6.append(TestL3fwdacl.exact_rule_list_ipv6[1]) + self.create_acl_ipv6_db(rule_list_ipv6) + + self.start_l3fwdacl() + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv6_packet_match(TestL3fwdacl.exact_rule_list_= ipv6[0], tx_port, tx_port) + out2 =3D=20 + self.send_ipv6_packet_match(TestL3fwdacl.exact_rule_list_ipv6[1],=20 + tx_port, rx_port) + + self.dut.send_expect("^C", "#", 20) + + self.verify(out1 >=3D 1, "Rx port0 not receive expected packet") + self.verify(out2 >=3D 1, "Rx port1 not receive expected packet") + + self.rule_cfg_delete(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + def test_l3fwdacl_lpm_route(self): + """ + l3fwd Access Control match Lpm route rule test + """ + + self.rule_cfg_init(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + rule_list_ipv4 =3D [] + + TestL3fwdacl.lpm_rule_list_ipv4[0]["Port"] =3D self.dut_ports[0] + TestL3fwdacl.lpm_rule_list_ipv4[1]["Port"] =3D self.dut_ports[1] + + rule_list_ipv4.append(TestL3fwdacl.lpm_rule_list_ipv4[0]) + rule_list_ipv4.append(TestL3fwdacl.lpm_rule_list_ipv4[1]) + self.create_acl_ipv4_db(rule_list_ipv4) + + self.start_l3fwdacl() + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv4_packet_match(TestL3fwdacl.lpm_rule_list_ip= v4[0], tx_port, tx_port) + out2 =3D=20 + self.send_ipv4_packet_match(TestL3fwdacl.lpm_rule_list_ipv4[1],=20 + tx_port, rx_port) + + self.dut.send_expect("^C", "#", 20) + + self.verify(out1 >=3D 1, "Rx port0 not receive expected packet") + self.verify(out2 >=3D 1, "Rx port1 not receive expected packet") + + rule_list_ipv6 =3D [] + + TestL3fwdacl.lpm_rule_list_ipv6[0]["Port"] =3D self.dut_ports[0] + TestL3fwdacl.lpm_rule_list_ipv6[1]["Port"] =3D self.dut_ports[1] + + rule_list_ipv6.append(TestL3fwdacl.lpm_rule_list_ipv6[0]) + rule_list_ipv6.append(TestL3fwdacl.lpm_rule_list_ipv6[1]) + self.create_acl_ipv6_db(rule_list_ipv6) + + self.start_l3fwdacl() + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv6_packet_match(TestL3fwdacl.lpm_rule_list_ip= v6[0], tx_port, tx_port) + out2 =3D=20 + self.send_ipv6_packet_match(TestL3fwdacl.lpm_rule_list_ipv6[1],=20 + tx_port, rx_port) + + self.dut.send_expect("^C", "#", 20) + + self.verify(out1 >=3D 1, "Rx port0 not receive expected packet") + self.verify(out2 >=3D 1, "Rx port1 not receive expected packet") + + self.rule_cfg_delete(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + def test_l3fwdacl_scalar(self): + """ + l3fwd Access Control match with Scalar function test + """ + + self.rule_cfg_init(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + rule_list_ipv4 =3D [] + rule_list_ipv4.append(TestL3fwdacl.scalar_rule_list_ipv4[0]) + rule_list_ipv4.append(TestL3fwdacl.default_rule) + self.create_acl_ipv4_db(rule_list_ipv4) + + self.start_l3fwdacl(scalar=3DTrue) + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv4_packet_match(TestL3fwdacl.scalar_rule_list= _ipv4[0], tx_port, rx_port) + out2 =3D=20 + self.send_ipv4_packet_not_match(TestL3fwdacl.scalar_rule_list_ipv4[0],=20 + tx_port, rx_port) + + self.dut.send_expect("^C", "#", 20) + + self.verify(out1 <=3D 0, "Rx port received unexpected packet") + self.verify(out2 >=3D 1, "Rx port not receive expected packet") + + rule_list_ipv6 =3D [] + rule_list_ipv6.append(TestL3fwdacl.scalar_rule_list_ipv6[0]) + rule_list_ipv6.append(TestL3fwdacl.default_rule) + self.create_acl_ipv6_db(rule_list_ipv6) + + self.start_l3fwdacl(scalar=3DTrue) + + tx_port =3D self.tester.get_local_port(self.dut_ports[0]) + rx_port =3D self.tester.get_local_port(self.dut_ports[1]) + + out1 =3D self.send_ipv6_packet_match(TestL3fwdacl.scalar_rule_list= _ipv6[0], tx_port, rx_port) + out2 =3D=20 + self.send_ipv6_packet_not_match(TestL3fwdacl.scalar_rule_list_ipv6[0],=20 + tx_port, rx_port) + + self.dut.send_expect("^C", "#", 20) + + self.verify(out1 <=3D 0, "Rx port received unexpected packet") + self.verify(out2 >=3D 1, "Rx port not receive expected packet") + + self.rule_cfg_delete(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + def test_l3fwdacl_invalid(self): + """ + l3fwd Access Control handle Invalid rule test + """ + + self.rule_cfg_init(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + for acl_rule in TestL3fwdacl.invalid_rule_ipv4_list: + self.invalid_acl_ipv4_test(acl_rule) + + for acl_rule in TestL3fwdacl.invalid_rule_ipv6_list: + self.invalid_acl_ipv6_test(acl_rule) + + rule_list_ipv4 =3D [] + rule_list_ipv4.append(TestL3fwdacl.invalid_port_rule_ipv4) + self.create_acl_ipv4_db(rule_list_ipv4) + + cmdline =3D '%s/l3fwd-acl -c %s -n %d -- -p %s --config=3D"(%d,0,2= ),(%d,0,3)" --rule_ipv4=3D"%s" --rule_ipv6=3D"%s" --scalar' % \ + (TestL3fwdacl.exe_path, self.core_mask, self.dut.get_mem= ory_channels(), + self.port_mask, self.dut_ports[0], self.dut_ports[1], + TestL3fwdacl.acl_ipv4_db, TestL3fwdacl.acl_ipv6_db) + + out =3D self.dut.send_expect(cmdline, "# ", 30) + self.verify("fwd number illegal" in out, "l3fwd not detect=20 + invalid port") + + rule_list_ipv6 =3D [] + rule_list_ipv6.append(TestL3fwdacl.invalid_port_rule_ipv6) + self.create_acl_ipv6_db(rule_list_ipv6) + + cmdline =3D '%s/l3fwd-acl -c %s -n %d -- -p %s --config=3D"(%d,0,2= ),(%d,0,3)" --rule_ipv4=3D"%s" --rule_ipv6=3D"%s" --scalar' % \ + (TestL3fwdacl.exe_path, self.core_mask, self.dut.get_mem= ory_channels(), + self.port_mask, self.dut_ports[0], self.dut_ports[1], + TestL3fwdacl.acl_ipv4_db, TestL3fwdacl.acl_ipv6_db) + + out =3D self.dut.send_expect(cmdline, "# ", 30) + self.verify("fwd number illegal" in out, "l3fwd not detect=20 + invalid port") + + self.rule_cfg_delete(TestL3fwdacl.acl_ipv4_db,=20 + TestL3fwdacl.acl_ipv6_db) + + def tear_down(self): + """ + Run after each test case. + """ + pass + + def tear_down_all(self): + """ + Run after each test suite. + """ + pass -- 2.7.4