Skip to content

Commit

Permalink
Merge pull request opencomputeproject#6 from IGordynskyi/add-L3AclTes…
Browse files Browse the repository at this point in the history 
…t-new-ACL-model

Added "saiacl.L3AclTest" test case according to new SAI ACL model
  • Loading branch information
Zubin Shah authored Dec 22, 2016
2 parents 59c4064 + 15d5b32 commit 3057dec
Show file tree
Hide file tree
Showing 4 changed files with 196 additions and 3 deletions.
1 change: 1 addition & 0 deletions test/saithrift/src/switch_sai.thrift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,7 @@ service switch_sai_rpc {
//router interface API
sai_thrift_object_id_t sai_thrift_create_router_interface(1: list<sai_thrift_attribute_t> thrift_attr_list);
sai_thrift_status_t sai_thrift_remove_router_interface(1: sai_thrift_object_id_t rif_id);
sai_thrift_status_t sai_thrift_set_router_interface_attribute(1: sai_thrift_object_id_t rif_id, 2: sai_thrift_attribute_t thrift_attr);

//next hop API
sai_thrift_object_id_t sai_thrift_create_next_hop(1: list<sai_thrift_attribute_t> thrift_attr_list);
Expand Down
20 changes: 20 additions & 0 deletions test/saithrift/src/switch_sai_rpc_server.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,8 @@ class switch_sai_rpcHandler : virtual public switch_sai_rpcIf {
case SAI_ROUTER_INTERFACE_ATTR_ADMIN_V6_STATE:
attr_list[i].value.booldata = attribute.value.booldata;
break;
case SAI_ROUTER_INTERFACE_ATTR_INGRESS_ACL:
attr_list[i].value.oid = attribute.value.oid;
default:
break;
}
Expand Down Expand Up @@ -513,6 +515,24 @@ class switch_sai_rpcHandler : virtual public switch_sai_rpcIf {
return status;
}

sai_thrift_status_t sai_thrift_set_router_interface_attribute(const sai_thrift_object_id_t rif_id, const sai_thrift_attribute_t &thrift_attr) {
printf("sai_thrift_set_router_interface\n");
sai_status_t status = SAI_STATUS_SUCCESS;
sai_router_interface_api_t *rif_api;
status = sai_api_query(SAI_API_ROUTER_INTERFACE, (void **) &rif_api);
if (status != SAI_STATUS_SUCCESS) {
return status;
}
sai_object_id_t *buffer_profile_list = NULL;
std::vector<sai_thrift_attribute_t> thrift_attr_list;
thrift_attr_list.push_back(thrift_attr);
sai_attribute_t attr;
sai_thrift_parse_router_interface_attributes(thrift_attr_list, &attr, &buffer_profile_list);
status = rif_api->set_router_interface_attribute((sai_object_id_t)rif_id, &attr);
if (buffer_profile_list) free(buffer_profile_list);
return status;
}

sai_thrift_status_t sai_thrift_create_fdb_entry(const sai_thrift_fdb_entry_t& thrift_fdb_entry, const std::vector<sai_thrift_attribute_t> & thrift_attr_list) {
printf("sai_thrift_create_fdb_entry\n");
sai_status_t status = SAI_STATUS_SUCCESS;
Expand Down
146 changes: 144 additions & 2 deletions test/saithrift/tests/saiacl.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,9 @@ def runTest(self):
in_ports,
out_ports,
in_port,
out_port)
out_port,
src_l4_port,
dst_l4_port)
acl_entry_id = sai_thrift_create_acl_entry(self.client,
acl_table_id,
entry_priority,
Expand All @@ -111,6 +113,7 @@ def runTest(self):
ip_proto,
in_ports, out_ports,
in_port, out_port,
src_l4_port, dst_l4_port,
ingress_mirror_id,
egress_mirror_id)

Expand Down Expand Up @@ -227,7 +230,9 @@ def runTest(self):
in_ports,
out_ports,
in_port,
out_port)
out_port,
src_l4_port,
dst_l4_port)
acl_entry_id = sai_thrift_create_acl_entry(self.client,
acl_table_id,
entry_priority,
Expand All @@ -239,6 +244,7 @@ def runTest(self):
ip_proto,
in_ports, out_ports,
in_port, out_port,
src_l4_port, dst_l4_port,
ingress_mirror_id,
egress_mirror_id)

Expand Down Expand Up @@ -274,3 +280,139 @@ def runTest(self):
self.client.sai_thrift_remove_router_interface(rif_id1)
self.client.sai_thrift_remove_router_interface(rif_id2)
self.client.sai_thrift_remove_virtual_router(vr_id)

@group('acl')
class L3AclTest(sai_base_test.ThriftInterfaceDataPlane):
def runTest(self):
print
print '----------------------------------------------------------------------------------------------'
print "Sending packet ptf_intf 2 -> ptf_intf 1 (192.168.100.100 ---> 10.10.10.1 [id = 105])"

switch_init(self.client)
port1 = port_list[1]
port2 = port_list[2]
L4_SRC_PORT = 1000
v4_enabled = 1
v6_enabled = 1
mac = ''

vr_id = sai_thrift_create_virtual_router(self.client, v4_enabled, v6_enabled)
rif_id1 = sai_thrift_create_router_interface(self.client, vr_id, 1, port1, 0, v4_enabled, v6_enabled, mac)
rif_id2 = sai_thrift_create_router_interface(self.client, vr_id, 1, port2, 0, v4_enabled, v6_enabled, mac)

addr_family = SAI_IP_ADDR_FAMILY_IPV4
ip_addr1 = '10.10.10.1'
ip_mask1 = '255.255.255.255'
dmac1 = '00:11:22:33:44:55'
sai_thrift_create_neighbor(self.client, addr_family, rif_id1, ip_addr1, dmac1)
nhop1 = sai_thrift_create_nhop(self.client, addr_family, ip_addr1, rif_id1)
sai_thrift_create_route(self.client, vr_id, addr_family, ip_addr1, ip_mask1, rif_id1)

# send the test packet(s)
pkt = simple_tcp_packet(eth_dst=router_mac,
eth_src='00:22:22:22:22:22',
ip_dst='10.10.10.1',
ip_src='192.168.100.100',
tcp_sport = L4_SRC_PORT,
ip_id=105,
ip_ttl=64)
exp_pkt = simple_tcp_packet(
eth_dst='00:11:22:33:44:55',
eth_src=router_mac,
ip_dst='10.10.10.1',
ip_src='192.168.100.100',
tcp_sport = L4_SRC_PORT,
ip_id=105,
ip_ttl=63)
try:
print '#### NO ACL Applied ####'
print '#### Sending ', router_mac, '| 00:22:22:22:22:22 | 10.10.10.1 | 192.168.100.100 | SPORT 1000 | @ ptf_intf 2'
send_packet(self, 2, str(pkt))
print '#### Expecting 00:11:22:33:44:55 |', router_mac, '| 10.10.10.1 | 192.168.100.100 | SPORT 1000 | @ ptf_intf 1'
verify_packets(self, exp_pkt, [1])
finally:
print '----------------------------------------------------------------------------------------------'

print "Sending packet ptf_intf 2 -[acl]-> ptf_intf 1 (192.168.0.1 -[acl]-> 10.10.10.1 [id = 105])"
print 'ACL \'DROP, src ip 192.168.100.100/255.255.255.0, SPORT 1000, in_ports[ptf_intf_1,2]\' Applied '
# setup ACL to block based on Source IP and SPORT
table_stage = SAI_ACL_STAGE_INGRESS
table_bind_point_list = [SAI_ACL_BIND_POINT_TYPE_ROUTER_INTF]
entry_priority = 1
action = SAI_PACKET_ACTION_DROP
in_ports = [port1, port2]
ip_src = "192.168.0.1"
ip_src_mask = "255.255.255.0"
ip_dst = None
ip_dst_mask = None
ip_proto = None
in_port = None
out_port = None
out_ports = None
src_l4_port = L4_SRC_PORT
dst_l4_port = None
ingress_mirror_id = None
egress_mirror_id = None

acl_table_id = sai_thrift_create_acl_table(self.client,
table_stage,
table_bind_point_list,
addr_family,
mac_src,
mac_dst,
ip_src,
ip_dst,
ip_proto,
in_ports,
out_ports,
in_port,
out_port,
src_l4_port,
dst_l4_port)
acl_entry_id = sai_thrift_create_acl_entry(self.client,
acl_table_id,
entry_priority,
action, addr_family,
mac_src, mac_src_mask,
mac_dst, mac_dst_mask,
ip_src, ip_src_mask,
ip_dst, ip_dst_mask,
ip_proto,
in_ports, out_ports,
in_port, out_port,
src_l4_port, dst_l4_port,
ingress_mirror_id,
egress_mirror_id)

# bind this ACL table to rif_id1s object id
attr_value = sai_thrift_attribute_value_t(oid=acl_table_id)
attr = sai_thrift_attribute_t(id=SAI_ROUTER_INTERFACE_ATTR_INGRESS_ACL, value=attr_value)
self.client.sai_thrift_set_router_interface_attribute(rif_id1, attr)

try:
assert acl_table_id > 0, 'acl_entry_id is <= 0'
assert acl_entry_id > 0, 'acl_entry_id is <= 0'

print '#### ACL \'DROP, src ip 192.168.100.100/255.255.255.0, SPORT 1000, in_ports[ptf_intf_1,2]\' Applied ####'
print '#### Sending ', router_mac, '| 00:22:22:22:22:22 | 10.10.10.1 | 192.168.0.1 | @ ptf_intf 2'
# send the same packet
send_packet(self, 2, str(pkt))
# ensure packet is dropped
# check for absence of packet here!
print '#### NOT Expecting 00:11:22:33:44:55 |', router_mac, '| 10.10.10.1 | 192.168.0.1 | @ ptf_intf 1'
verify_no_packet(self, exp_pkt, 1)
finally:
# unbind this ACL table from rif_id1s object id
attr_value = sai_thrift_attribute_value_t(oid=SAI_NULL_OBJECT_ID)
attr = sai_thrift_attribute_t(id=SAI_ROUTER_INTERFACE_ATTR_INGRESS_ACL, value=attr_value)
self.client.sai_thrift_set_router_interface_attribute(rif_id1, attr)
# cleanup ACL
self.client.sai_thrift_remove_acl_entry(acl_entry_id)
self.client.sai_thrift_remove_acl_table(acl_table_id)
# cleanup
sai_thrift_remove_route(self.client, vr_id, addr_family, ip_addr1, ip_mask1, rif_id1)
self.client.sai_thrift_remove_next_hop(nhop1)
sai_thrift_remove_neighbor(self.client, addr_family, rif_id1, ip_addr1, dmac1)
self.client.sai_thrift_remove_router_interface(rif_id1)
self.client.sai_thrift_remove_router_interface(rif_id2)
self.client.sai_thrift_remove_virtual_router(vr_id)
32 changes: 31 additions & 1 deletion test/saithrift/tests/switch.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -408,7 +408,8 @@ def sai_thrift_create_acl_table(client,
ip_src, ip_dst,
ip_proto,
in_ports, out_ports,
in_port, out_port):
in_port, out_port,
src_l4_port, dst_l4_port):

acl_attr_list = []

Expand Down Expand Up @@ -479,6 +480,18 @@ def sai_thrift_create_acl_table(client,
value=attribute_value)
acl_attr_list.append(attribute)

if src_l4_port != None:
attribute_value = sai_thrift_attribute_value_t(booldata=1)
attribute = sai_thrift_attribute_t(id=SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT,
value=attribute_value)
acl_attr_list.append(attribute)

if dst_l4_port != None:
attribute_value = sai_thrift_attribute_value_t(booldata=1)
attribute = sai_thrift_attribute_t(id=SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT,
value=attribute_value)
acl_attr_list.append(attribute)

acl_table_id = client.sai_thrift_create_acl_table(acl_attr_list)
return acl_table_id

Expand All @@ -493,6 +506,7 @@ def sai_thrift_create_acl_entry(client,
ip_proto,
in_port_list, out_port_list,
in_port, out_port,
src_l4_port, dst_l4_port,
ingress_mirror, egress_mirror):
acl_attr_list = []

Expand Down Expand Up @@ -560,6 +574,22 @@ def sai_thrift_create_acl_entry(client,
value=attribute_value)
acl_attr_list.append(attribute)

#L4 Source port
if src_l4_port != None:
attribute_value = sai_thrift_attribute_value_t(aclfield=sai_thrift_acl_field_data_t(data = sai_thrift_acl_data_t(u16=src_l4_port),
mask = sai_thrift_acl_mask_t(u16=0)))
attribute = sai_thrift_attribute_t(id=SAI_ACL_ENTRY_ATTR_FIELD_L4_SRC_PORT,
value=attribute_value)
acl_attr_list.append(attribute)

#L4 Destination port
if dst_l4_port != None:
attribute_value = sai_thrift_attribute_value_t(aclfield=sai_thrift_acl_field_data_t(data = sai_thrift_acl_data_t(u16=dst_l4_port),
mask = sai_thrift_acl_mask_t(u16=0)))
attribute = sai_thrift_attribute_t(id=SAI_ACL_ENTRY_ATTR_FIELD_L4_DST_PORT,
value=attribute_value)
acl_attr_list.append(attribute)

#Packet action
if action != None:
attribute_value = sai_thrift_attribute_value_t(aclaction=sai_thrift_acl_action_data_t(parameter = sai_thrift_acl_data_t(u32=action)))
Expand Down

0 comments on commit 3057dec

Please sign in to comment.