go.ligato.io/vpp-agent/v3@v3.5.0/plugins/vpp/aclplugin/vppcalls/vpp2106/dump_vppcalls_test.go (about) 1 // Copyright (c) 2021 Cisco and/or its affiliates. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at: 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package vpp2106 16 17 import ( 18 "testing" 19 20 . "github.com/onsi/gomega" 21 "go.ligato.io/cn-infra/v2/logging/logrus" 22 23 "go.ligato.io/vpp-agent/v3/plugins/vpp/aclplugin/vppcalls" 24 vpp_acl "go.ligato.io/vpp-agent/v3/plugins/vpp/binapi/vpp2106/acl" 25 "go.ligato.io/vpp-agent/v3/plugins/vpp/binapi/vpp2106/acl_types" 26 "go.ligato.io/vpp-agent/v3/plugins/vpp/binapi/vpp2106/ethernet_types" 27 "go.ligato.io/vpp-agent/v3/plugins/vpp/binapi/vpp2106/ip_types" 28 "go.ligato.io/vpp-agent/v3/plugins/vpp/binapi/vpp2106/vpe" 29 "go.ligato.io/vpp-agent/v3/plugins/vpp/ifplugin/ifaceidx" 30 ) 31 32 // Test translation of IP rule into ACL Plugin's format 33 func TestGetIPRuleMatch(t *testing.T) { 34 ctx := setupACLTest(t) 35 defer ctx.teardownACLTest() 36 37 icmpV4Rule := ctx.aclHandler.getIPRuleMatches(acl_types.ACLRule{ 38 DstPrefix: ip_types.Prefix{ 39 Address: ip_types.Address{ 40 Af: ip_types.ADDRESS_IP4, 41 Un: ip_types.AddressUnionIP4(ip_types.IP4Address{20, 0, 0, 1}), 42 }, 43 Len: 24, 44 }, 45 SrcPrefix: ip_types.Prefix{ 46 Address: ip_types.Address{ 47 Af: ip_types.ADDRESS_IP4, 48 Un: ip_types.AddressUnionIP4(ip_types.IP4Address{10, 0, 0, 1}), 49 }, 50 Len: 24, 51 }, 52 Proto: vppcalls.ICMPv4Proto, 53 }) 54 if icmpV4Rule.GetIcmp() == nil { 55 t.Fatal("should have icmp match") 56 } 57 58 icmpV6Rule := ctx.aclHandler.getIPRuleMatches(acl_types.ACLRule{ 59 SrcPrefix: ip_types.Prefix{ 60 Address: ip_types.Address{ 61 Af: ip_types.ADDRESS_IP6, 62 Un: ip_types.AddressUnionIP6(ip_types.IP6Address{'d', 'e', 'd', 'd', 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}), 63 }, 64 Len: 64, 65 }, 66 DstPrefix: ip_types.Prefix{ 67 Address: ip_types.Address{ 68 Af: ip_types.ADDRESS_IP6, 69 Un: ip_types.AddressUnionIP6(ip_types.IP6Address{'d', 'e', 'd', 'd', 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}), 70 }, 71 Len: 32, 72 }, 73 Proto: vppcalls.ICMPv6Proto, 74 }) 75 if icmpV6Rule.GetIcmp() == nil { 76 t.Fatal("should have icmpv6 match") 77 } 78 79 tcpRule := ctx.aclHandler.getIPRuleMatches(acl_types.ACLRule{ 80 DstPrefix: ip_types.Prefix{ 81 Address: ip_types.Address{ 82 Af: ip_types.ADDRESS_IP4, 83 Un: ip_types.AddressUnionIP4(ip_types.IP4Address{20, 0, 0, 1}), 84 }, 85 Len: 24, 86 }, 87 SrcPrefix: ip_types.Prefix{ 88 Address: ip_types.Address{ 89 Af: ip_types.ADDRESS_IP4, 90 Un: ip_types.AddressUnionIP4(ip_types.IP4Address{10, 0, 0, 1}), 91 }, 92 Len: 24, 93 }, 94 Proto: vppcalls.TCPProto, 95 }) 96 if tcpRule.GetTcp() == nil { 97 t.Fatal("should have tcp match") 98 } 99 100 udpRule := ctx.aclHandler.getIPRuleMatches(acl_types.ACLRule{ 101 DstPrefix: ip_types.Prefix{ 102 Address: ip_types.Address{ 103 Af: ip_types.ADDRESS_IP4, 104 Un: ip_types.AddressUnionIP4(ip_types.IP4Address{20, 0, 0, 1}), 105 }, 106 Len: 24, 107 }, 108 SrcPrefix: ip_types.Prefix{ 109 Address: ip_types.Address{ 110 Af: ip_types.ADDRESS_IP4, 111 Un: ip_types.AddressUnionIP4(ip_types.IP4Address{10, 0, 0, 1}), 112 }, 113 Len: 24, 114 }, 115 Proto: vppcalls.UDPProto, 116 }) 117 if udpRule.GetUdp() == nil { 118 t.Fatal("should have udp match") 119 } 120 } 121 122 // Test translation of MACIP rule into ACL Plugin's format 123 func TestGetMACIPRuleMatches(t *testing.T) { 124 ctx := setupACLTest(t) 125 defer ctx.teardownACLTest() 126 127 macipV4Rule := ctx.aclHandler.getMACIPRuleMatches(acl_types.MacipACLRule{ 128 IsPermit: 1, 129 SrcMac: ethernet_types.MacAddress{2, 'd', 'e', 'a', 'd', 2}, 130 SrcMacMask: ethernet_types.MacAddress{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 131 SrcPrefix: ip_types.Prefix{ 132 Address: ip_types.Address{ 133 Af: ip_types.ADDRESS_IP4, 134 Un: ip_types.AddressUnionIP4(ip_types.IP4Address{10, 0, 0, 1}), 135 }, 136 Len: 32, 137 }, 138 }) 139 if macipV4Rule.GetSourceMacAddress() == "" { 140 t.Fatal("should have mac match") 141 } 142 macipV6Rule := ctx.aclHandler.getMACIPRuleMatches(acl_types.MacipACLRule{ 143 IsPermit: 0, 144 SrcMac: ethernet_types.MacAddress{2, 'd', 'e', 'a', 'd', 2}, 145 SrcMacMask: ethernet_types.MacAddress{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 146 SrcPrefix: ip_types.Prefix{ 147 Address: ip_types.Address{ 148 Af: ip_types.ADDRESS_IP6, 149 Un: ip_types.AddressUnionIP6(ip_types.IP6Address{'d', 'e', 'd', 'd', 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}), 150 }, 151 Len: 64, 152 }, 153 }) 154 if macipV6Rule.GetSourceMacAddress() == "" { 155 t.Fatal("should have mac match") 156 } 157 } 158 159 // Test dumping of IP rules 160 func TestDumpIPACL(t *testing.T) { 161 ctx := setupACLTest(t) 162 defer ctx.teardownACLTest() 163 164 ctx.MockVpp.MockReply( 165 &vpp_acl.ACLDetails{ 166 ACLIndex: 0, 167 Tag: "acl1", 168 Count: 1, 169 R: []acl_types.ACLRule{{IsPermit: 1}}, 170 }, 171 &vpp_acl.ACLDetails{ 172 ACLIndex: 1, 173 Tag: "acl2", 174 Count: 2, 175 R: []acl_types.ACLRule{{IsPermit: 0}, {IsPermit: 2}}, 176 }, 177 &vpp_acl.ACLDetails{ 178 ACLIndex: 2, 179 Tag: "acl3", 180 Count: 3, 181 R: []acl_types.ACLRule{{IsPermit: 0}, {IsPermit: 1}, {IsPermit: 2}}, 182 }) 183 ctx.MockVpp.MockReply(&vpe.ControlPingReply{}) 184 ctx.MockVpp.MockReply(&vpp_acl.ACLInterfaceListDetails{ 185 SwIfIndex: 1, 186 Count: 2, 187 NInput: 1, 188 Acls: []uint32{0, 2}, 189 }) 190 ctx.MockVpp.MockReply(&vpe.ControlPingReply{}) 191 192 ctx.ifIndexes.Put("if0", &ifaceidx.IfaceMetadata{SwIfIndex: 1}) 193 194 ifaces, err := ctx.aclHandler.DumpACL() 195 Expect(err).To(Succeed()) 196 Expect(ifaces).To(HaveLen(3)) 197 //Expect(ifaces[0].Identifier.ACLIndex).To(Equal(uint32(0))) 198 //Expect(ifaces[0].vppcalls.ACLDetails.Rules[0].AclAction).To(Equal(uint32(1))) 199 //Expect(ifaces[1].Identifier.ACLIndex).To(Equal(uint32(1))) 200 //Expect(ifaces[2].Identifier.ACLIndex).To(Equal(uint32(2))) 201 } 202 203 // Test dumping of MACIP rules 204 func TestDumpMACIPACL(t *testing.T) { 205 ctx := setupACLTest(t) 206 defer ctx.teardownACLTest() 207 208 ctx.MockVpp.MockReply( 209 &vpp_acl.MacipACLDetails{ 210 ACLIndex: 0, 211 Tag: "acl1", 212 Count: 1, 213 R: []acl_types.MacipACLRule{{IsPermit: 1}}, 214 }, 215 &vpp_acl.MacipACLDetails{ 216 ACLIndex: 1, 217 Tag: "acl2", 218 Count: 2, 219 R: []acl_types.MacipACLRule{{IsPermit: 0}, {IsPermit: 2}}, 220 }, 221 &vpp_acl.MacipACLDetails{ 222 ACLIndex: 2, 223 Tag: "acl3", 224 Count: 3, 225 R: []acl_types.MacipACLRule{{IsPermit: 0}, {IsPermit: 1}, {IsPermit: 2}}, 226 }) 227 ctx.MockVpp.MockReply(&vpe.ControlPingReply{}) 228 ctx.MockVpp.MockReply(&vpp_acl.MacipACLInterfaceListDetails{ 229 SwIfIndex: 1, 230 Count: 2, 231 Acls: []uint32{0, 2}, 232 }) 233 ctx.MockVpp.MockReply(&vpe.ControlPingReply{}) 234 235 swIfIndexes := ifaceidx.NewIfaceIndex(logrus.DefaultLogger(), "test") 236 swIfIndexes.Put("if0", &ifaceidx.IfaceMetadata{SwIfIndex: 1}) 237 238 ifaces, err := ctx.aclHandler.DumpMACIPACL() 239 Expect(err).To(Succeed()) 240 Expect(ifaces).To(HaveLen(3)) 241 //Expect(ifaces[0].Identifier.ACLIndex).To(Equal(uint32(0))) 242 //Expect(ifaces[0].vppcalls.ACLDetails.Rules[0].AclAction).To(Equal(uint32(1))) 243 //Expect(ifaces[1].Identifier.ACLIndex).To(Equal(uint32(1))) 244 //Expect(ifaces[2].Identifier.ACLIndex).To(Equal(uint32(2))) 245 } 246 247 // Test dumping of interfaces with assigned IP rules 248 func TestDumpACLInterfaces(t *testing.T) { 249 ctx := setupACLTest(t) 250 defer ctx.teardownACLTest() 251 252 ctx.MockVpp.MockReply(&vpp_acl.ACLInterfaceListDetails{ 253 SwIfIndex: 1, 254 Count: 2, 255 NInput: 1, 256 Acls: []uint32{0, 2}, 257 }) 258 ctx.MockVpp.MockReply(&vpe.ControlPingReply{}) 259 260 ctx.ifIndexes.Put("if0", &ifaceidx.IfaceMetadata{SwIfIndex: 1}) 261 262 indexes := []uint32{0, 2} 263 ifaces, err := ctx.aclHandler.DumpACLInterfaces(indexes) 264 Expect(err).To(Succeed()) 265 Expect(ifaces).To(HaveLen(2)) 266 Expect(ifaces[0].Ingress).To(Equal([]string{"if0"})) 267 Expect(ifaces[2].Egress).To(Equal([]string{"if0"})) 268 } 269 270 // Test dumping of interfaces with assigned MACIP rules 271 func TestDumpMACIPACLInterfaces(t *testing.T) { 272 ctx := setupACLTest(t) 273 defer ctx.teardownACLTest() 274 275 ctx.MockVpp.MockReply(&vpp_acl.MacipACLInterfaceListDetails{ 276 SwIfIndex: 1, 277 Count: 2, 278 Acls: []uint32{0, 1}, 279 }) 280 ctx.MockVpp.MockReply(&vpe.ControlPingReply{}) 281 282 ctx.ifIndexes.Put("if0", &ifaceidx.IfaceMetadata{SwIfIndex: 1}) 283 284 indexes := []uint32{0, 1} 285 ifaces, err := ctx.aclHandler.DumpMACIPACLInterfaces(indexes) 286 Expect(err).To(Succeed()) 287 Expect(ifaces).To(HaveLen(2)) 288 Expect(ifaces[0].Ingress).To(Equal([]string{"if0"})) 289 Expect(ifaces[0].Egress).To(BeNil()) 290 Expect(ifaces[1].Ingress).To(Equal([]string{"if0"})) 291 Expect(ifaces[1].Egress).To(BeNil()) 292 } 293 294 // Test dumping of all configured ACLs with IP-type ruleData 295 func TestDumpIPAcls(t *testing.T) { 296 ctx := setupACLTest(t) 297 defer ctx.teardownACLTest() 298 299 ctx.MockVpp.MockReply(&vpp_acl.ACLDetails{ 300 ACLIndex: 0, 301 Count: 1, 302 R: []acl_types.ACLRule{{IsPermit: 1}}, 303 }) 304 ctx.MockVpp.MockReply(&vpe.ControlPingReply{}) 305 306 IPRuleACLs, err := ctx.aclHandler.DumpIPAcls() 307 Expect(err).To(Succeed()) 308 Expect(IPRuleACLs).To(HaveLen(1)) 309 } 310 311 // Test dumping of all configured ACLs with MACIP-type ruleData 312 func TestDumpMacIPAcls(t *testing.T) { 313 ctx := setupACLTest(t) 314 defer ctx.teardownACLTest() 315 316 ctx.MockVpp.MockReply(&vpp_acl.MacipACLDetails{ 317 ACLIndex: 0, 318 Count: 1, 319 R: []acl_types.MacipACLRule{{IsPermit: 1}}, 320 }) 321 ctx.MockVpp.MockReply(&vpe.ControlPingReply{}) 322 323 MacIPRuleACLs, err := ctx.aclHandler.DumpMacIPAcls() 324 Expect(err).To(Succeed()) 325 Expect(MacIPRuleACLs).To(HaveLen(1)) 326 } 327 328 func TestDumpInterfaceIPAcls(t *testing.T) { 329 ctx := setupACLTest(t) 330 defer ctx.teardownACLTest() 331 332 ctx.MockVpp.MockReply(&vpp_acl.ACLInterfaceListDetails{ 333 SwIfIndex: 0, 334 Count: 2, 335 NInput: 1, 336 Acls: []uint32{0, 1}, 337 }) 338 ctx.MockVpp.MockReply(&vpp_acl.ACLDetails{ 339 ACLIndex: 0, 340 Count: 1, 341 R: []acl_types.ACLRule{{IsPermit: 1}, {IsPermit: 0}}, 342 }) 343 ctx.MockVpp.MockReply(&vpp_acl.ACLDetails{ 344 ACLIndex: 1, 345 Count: 1, 346 R: []acl_types.ACLRule{{IsPermit: 2}, {IsPermit: 0}}, 347 }) 348 349 ACLs, err := ctx.aclHandler.DumpInterfaceACLs(0) 350 Expect(err).To(Succeed()) 351 Expect(ACLs).To(HaveLen(2)) 352 } 353 354 func TestDumpInterfaceMACIPAcls(t *testing.T) { 355 ctx := setupACLTest(t) 356 defer ctx.teardownACLTest() 357 358 ctx.MockVpp.MockReply(&vpp_acl.MacipACLInterfaceListDetails{ 359 SwIfIndex: 0, 360 Count: 2, 361 Acls: []uint32{0, 1}, 362 }) 363 ctx.MockVpp.MockReply(&vpp_acl.MacipACLDetails{ 364 ACLIndex: 0, 365 Count: 1, 366 R: []acl_types.MacipACLRule{{IsPermit: 1}, {IsPermit: 0}}, 367 }) 368 ctx.MockVpp.MockReply(&vpp_acl.MacipACLDetails{ 369 ACLIndex: 1, 370 Count: 1, 371 R: []acl_types.MacipACLRule{{IsPermit: 2}, {IsPermit: 1}}, 372 }) 373 374 ACLs, err := ctx.aclHandler.DumpInterfaceMACIPACLs(0) 375 Expect(err).To(Succeed()) 376 Expect(ACLs).To(HaveLen(2)) 377 } 378 379 func TestDumpInterface(t *testing.T) { 380 ctx := setupACLTest(t) 381 defer ctx.teardownACLTest() 382 383 ctx.MockVpp.MockReply(&vpp_acl.ACLInterfaceListDetails{ 384 SwIfIndex: 0, 385 Count: 2, 386 NInput: 1, 387 Acls: []uint32{0, 1}, 388 }) 389 IPacls, err := ctx.aclHandler.DumpInterfaceACLList(0) 390 Expect(err).To(BeNil()) 391 Expect(IPacls.Acls).To(HaveLen(2)) 392 393 ctx.MockVpp.MockReply(&vpp_acl.ACLInterfaceListDetails{}) 394 IPacls, err = ctx.aclHandler.DumpInterfaceACLList(0) 395 Expect(err).To(BeNil()) 396 Expect(IPacls.Acls).To(HaveLen(0)) 397 398 ctx.MockVpp.MockReply(&vpp_acl.MacipACLInterfaceListDetails{ 399 SwIfIndex: 0, 400 Count: 2, 401 Acls: []uint32{0, 1}, 402 }) 403 MACIPacls, err := ctx.aclHandler.DumpInterfaceMACIPACLList(0) 404 Expect(err).To(BeNil()) 405 Expect(MACIPacls.Acls).To(HaveLen(2)) 406 407 ctx.MockVpp.MockReply(&vpp_acl.MacipACLInterfaceListDetails{}) 408 MACIPacls, err = ctx.aclHandler.DumpInterfaceMACIPACLList(0) 409 Expect(err).To(BeNil()) 410 Expect(MACIPacls.Acls).To(HaveLen(0)) 411 } 412 413 func TestDumpInterfaces(t *testing.T) { 414 ctx := setupACLTest(t) 415 defer ctx.teardownACLTest() 416 417 ctx.MockVpp.MockReply( 418 &vpp_acl.ACLInterfaceListDetails{ 419 SwIfIndex: 0, 420 Count: 2, 421 NInput: 1, 422 Acls: []uint32{0, 1}, 423 }, 424 &vpp_acl.ACLInterfaceListDetails{ 425 SwIfIndex: 1, 426 Count: 1, 427 NInput: 1, 428 Acls: []uint32{2}, 429 }, 430 &vpp_acl.ACLInterfaceListDetails{ 431 SwIfIndex: 2, 432 Count: 2, 433 NInput: 1, 434 Acls: []uint32{3, 4}, 435 }) 436 ctx.MockVpp.MockReply(&vpe.ControlPingReply{}) 437 ctx.MockVpp.MockReply(&vpp_acl.MacipACLInterfaceListDetails{ 438 SwIfIndex: 3, 439 Count: 2, 440 Acls: []uint32{6, 7}, 441 }, 442 &vpp_acl.MacipACLInterfaceListDetails{ 443 SwIfIndex: 4, 444 Count: 1, 445 Acls: []uint32{5}, 446 }) 447 ctx.MockVpp.MockReply(&vpe.ControlPingReply{}) 448 449 IPacls, MACIPacls, err := ctx.aclHandler.DumpInterfacesLists() 450 Expect(err).To(BeNil()) 451 Expect(IPacls).To(HaveLen(3)) 452 Expect(MACIPacls).To(HaveLen(2)) 453 }