in ptf/saiacl.py [0:0]
def runTest(self):
print("Testing AclRedirectPortAndLagTest")
print('-------------------------------------------------------------')
eth_pkt1 = simple_eth_packet(pktlen=100,
eth_dst=self.mac,
eth_src='00:06:07:08:09:0a',
eth_type=0x8137)
eth_pkt2 = simple_eth_packet(pktlen=100,
eth_dst=self.mac,
eth_src='00:06:07:08:09:0a',
eth_type=0x8136)
eth_pkt3 = simple_eth_packet(pktlen=100,
eth_dst=self.mac,
eth_src='00:06:07:08:09:0a',
eth_type=0x8135)
eth_pkt4 = simple_eth_packet(pktlen=100,
eth_dst=self.mac,
eth_src='00:06:07:08:09:0a',
eth_type=0x8134)
neg_test_pkt = simple_eth_packet(pktlen=100,
eth_dst=self.mac,
eth_src='00:06:07:08:09:0a',
eth_type=0x1111)
print('#### NO ACL Applied ####')
# send the test packet(s)
print("Sending Test packet EthType:0x%lx port 25 -> port 24" % (
eth_pkt1[Ether].type))
send_packet(self, self.dev_port25, eth_pkt1)
verify_packets(self, eth_pkt1, [self.dev_port24])
print("Sending Test packet EthType:0x%lx port 25 -> port 24" % (
eth_pkt2[Ether].type))
send_packet(self, self.dev_port25, eth_pkt2)
verify_packets(self, eth_pkt2, [self.dev_port24])
print("Sending Test packet EthType:0x%lx port 25 -> port 24" % (
eth_pkt3[Ether].type))
send_packet(self, self.dev_port25, eth_pkt3)
verify_packets(self, eth_pkt3, [self.dev_port24])
print("Sending Test packet EthType:0x%lx port 25 -> port 24" % (
eth_pkt4[Ether].type))
send_packet(self, self.dev_port25, eth_pkt4)
verify_packets(self, eth_pkt4, [self.dev_port24])
print("Sending Test(negative test) packet EthType:0x%lx port 25 -> "
"port 24" % (neg_test_pkt[Ether].type))
send_packet(self, self.dev_port25, neg_test_pkt)
verify_packets(self, neg_test_pkt, [self.dev_port24])
print("Sending Test(negative test) packet EthType:0x%lx port 25 -> "
"port 24" % (neg_test_pkt[Ether].type))
# setup ACL to redirect based on Ether type
entry_priority = 1
acl_action = SAI_ACL_ENTRY_ATTR_ACTION_REDIRECT
# setup ACL table group
group_bind_point_list = [SAI_ACL_BIND_POINT_TYPE_PORT]
group_type = SAI_ACL_TABLE_GROUP_TYPE_PARALLEL
group_stage_ingress = SAI_ACL_STAGE_INGRESS
group_member_priority = 100
# setup ACL table
table_stage_ingress = SAI_ACL_STAGE_INGRESS
table_bind_point_list = [SAI_ACL_BIND_POINT_TYPE_PORT]
group_bind_point_type_list = sai_thrift_s32_list_t(
count=len(group_bind_point_list),
int32list=group_bind_point_list)
table_bind_point_type_list = sai_thrift_s32_list_t(
count=len(table_bind_point_list),
int32list=table_bind_point_list)
# create ACL table group
acl_table_group_ingress = sai_thrift_create_acl_table_group(
self.client,
acl_stage=group_stage_ingress,
acl_bind_point_type_list=group_bind_point_type_list,
type=group_type)
self.acl_grps.append(acl_table_group_ingress)
# create ACL tables
print("Create ACL tables")
acl_table_id_ingress = sai_thrift_create_acl_table(
self.client,
acl_stage=table_stage_ingress,
acl_bind_point_type_list=table_bind_point_type_list)
self.acl_tables.append(acl_table_id_ingress)
self.assertTrue((acl_table_id_ingress != 0),
"ACL table create failed")
print("IPV4 ACL Table created 0x%lx" % (acl_table_id_ingress))
# create ACL table group members
acl_group_member_id_ingress = \
sai_thrift_create_acl_table_group_member(
self.client,
acl_table_group_id=acl_table_group_ingress,
acl_table_id=acl_table_id_ingress,
priority=group_member_priority)
self.assertTrue(acl_group_member_id_ingress != 0,
"ACL group member add failed for ACL table 0x%lx, "
"acl group 0x%lx" % (
acl_table_id_ingress, acl_table_group_ingress))
self.acl_grp_members.append(acl_group_member_id_ingress)
eth_type = 0x8137 - 0x10000
ether_type = sai_thrift_acl_field_data_t(
data=sai_thrift_acl_field_data_data_t(u16=eth_type),
mask=sai_thrift_acl_field_data_mask_t(u16=32767))
redirect_action = sai_thrift_acl_action_data_t(
parameter=sai_thrift_acl_action_parameter_t(
s32=acl_action,
oid=self.port26))
# create ACL entries
print("Create ACL entries")
acl_ip_entry_id_ingress1 = sai_thrift_create_acl_entry(
self.client,
table_id=acl_table_id_ingress,
priority=entry_priority,
field_ether_type=ether_type,
action_redirect=redirect_action)
# create ACL counter
acl_counter_ingress1 = sai_thrift_create_acl_counter(
self.client, table_id=acl_table_id_ingress)
# attach ACL counter to ACL entry
action_counter_ingress1 = sai_thrift_acl_action_data_t(
parameter=sai_thrift_acl_action_parameter_t(
oid=acl_counter_ingress1),
enable=True)
sai_thrift_set_acl_entry_attribute(
self.client, acl_ip_entry_id_ingress1,
action_counter=action_counter_ingress1)
self.counters.append(acl_counter_ingress1)
self.action_counters.append(action_counter_ingress1)
self.acl_rules.append(acl_ip_entry_id_ingress1)
self.assertTrue((acl_ip_entry_id_ingress1 != 0), 'ACL entry Match: '
'EthType-0x%lx Action: Redirect-0x%lx, create '
'failed for ACL table 0x%lx' % (
eth_type, self.port26, acl_table_id_ingress))
print("ACL entry Match: EthType-0x%lx Action: Redirect-0x%lx "
"created 0x%lx" % (eth_pkt1[Ether].type, self.port26,
acl_ip_entry_id_ingress1))
entry_priority += 1
eth_type = 0x8136 - 0x10000
ether_type = sai_thrift_acl_field_data_t(
data=sai_thrift_acl_field_data_data_t(u16=eth_type),
mask=sai_thrift_acl_field_data_mask_t(u16=32767))
redirect_action = sai_thrift_acl_action_data_t(
parameter=sai_thrift_acl_action_parameter_t(
s32=acl_action,
oid=self.lag_id))
acl_ip_entry_id_ingress2 = sai_thrift_create_acl_entry(
self.client,
table_id=acl_table_id_ingress,
priority=entry_priority,
field_ether_type=ether_type,
action_redirect=redirect_action)
# create ACL counter
acl_counter_ingress2 = sai_thrift_create_acl_counter(
self.client, table_id=acl_table_id_ingress)
# attach ACL counter to ACL entry
action_counter_ingress2 = sai_thrift_acl_action_data_t(
parameter=sai_thrift_acl_action_parameter_t(
oid=acl_counter_ingress2),
enable=True)
sai_thrift_set_acl_entry_attribute(
self.client, acl_ip_entry_id_ingress2,
action_counter=action_counter_ingress2)
self.counters.append(acl_counter_ingress2)
self.action_counters.append(action_counter_ingress2)
self.acl_rules.append(acl_ip_entry_id_ingress2)
self.assertTrue((acl_ip_entry_id_ingress2 != 0), 'ACL entry Match: '
'EthType-0x%lx Action: Redirect-0x%lx, create '
'failed for ACL table 0x%lx' % (
eth_type, self.lag_id, acl_table_id_ingress))
print("ACL entry Match: EthType-0x%lx Action: Redirect-0x%lx "
"created 0x%lx" % (eth_pkt2[Ether].type, self.lag_id,
acl_ip_entry_id_ingress2))
# create ACL table group members
acl_group_member_id_ingress = \
sai_thrift_create_acl_table_group_member(
self.client,
acl_table_group_id=acl_table_group_ingress,
acl_table_id=acl_table_id_ingress,
priority=200)
self.assertTrue(acl_group_member_id_ingress != 0,
"ACL group member add failed for ACL table 0x%lx, "
"ACL group 0x%lx" % (
acl_table_id_ingress, acl_table_group_ingress))
self.acl_grp_members.append(acl_group_member_id_ingress)
eth_type = 0x8135 - 0x10000
ether_type = sai_thrift_acl_field_data_t(
data=sai_thrift_acl_field_data_data_t(u16=eth_type),
mask=sai_thrift_acl_field_data_mask_t(u16=32767))
redirect_action = sai_thrift_acl_action_data_t(
parameter=sai_thrift_acl_action_parameter_t(
s32=acl_action,
oid=self.port26))
print("Create ACL entries")
acl_ip_entry_id_ingress3 = sai_thrift_create_acl_entry(
self.client,
table_id=acl_table_id_ingress,
priority=entry_priority,
field_ether_type=ether_type,
action_redirect=redirect_action)
# create ACL counter
acl_counter_ingress3 = sai_thrift_create_acl_counter(
self.client, table_id=acl_table_id_ingress)
# attach ACL counter to ACL entry
action_counter_ingress3 = sai_thrift_acl_action_data_t(
parameter=sai_thrift_acl_action_parameter_t(
oid=acl_counter_ingress3),
enable=True)
sai_thrift_set_acl_entry_attribute(
self.client, acl_ip_entry_id_ingress3,
action_counter=action_counter_ingress3)
self.counters.append(acl_counter_ingress3)
self.action_counters.append(action_counter_ingress3)
self.acl_rules.append(acl_ip_entry_id_ingress3)
self.assertTrue((acl_ip_entry_id_ingress3 != 0), 'ACL entry Match: '
'EthType-0x%lx Action: Redirect-0x%lx, create '
'failed for acl table 0x%lx' % (
eth_type, self.port26, acl_table_id_ingress))
print("ACL entry Match: EthType-0x%lx Action: Redirect-0x%lx "
"created 0x%lx" % (eth_pkt3[Ether].type, self.port26,
acl_ip_entry_id_ingress3))
eth_type = 0x8134 - 0x10000
ether_type = sai_thrift_acl_field_data_t(
data=sai_thrift_acl_field_data_data_t(u16=eth_type),
mask=sai_thrift_acl_field_data_mask_t(u16=32767))
redirect_action = sai_thrift_acl_action_data_t(
parameter=sai_thrift_acl_action_parameter_t(
s32=acl_action,
oid=self.lag_id))
print("Create ACL entries")
acl_ip_entry_id_ingress4 = sai_thrift_create_acl_entry(
self.client,
table_id=acl_table_id_ingress,
priority=entry_priority,
field_ether_type=ether_type,
action_redirect=redirect_action)
# create ACL counter
acl_counter_ingress4 = sai_thrift_create_acl_counter(
self.client, table_id=acl_table_id_ingress)
# attach ACL counter to ACL entry
action_counter_ingress4 = sai_thrift_acl_action_data_t(
parameter=sai_thrift_acl_action_parameter_t(
oid=acl_counter_ingress4),
enable=True)
sai_thrift_set_acl_entry_attribute(
self.client, acl_ip_entry_id_ingress4,
action_counter=action_counter_ingress4)
self.acl_rules.append(acl_ip_entry_id_ingress4)
self.assertTrue((acl_ip_entry_id_ingress4 != 0), 'ACL entry Match: '
'EthType-0x%lx Action: Redirect-0x%lx, create '
'failed for ACL table 0x%lx' % (
eth_type, self.lag_id, acl_table_id_ingress))
print("ACL entry Match: EthType-0x%lx Action: Redirect-0x%lx "
"created 0x%lx" % (eth_pkt3[Ether].type, self.lag_id,
acl_ip_entry_id_ingress4))
self.counters.append(acl_counter_ingress4)
self.action_counters.append(action_counter_ingress4)
print("Binding ACL grp 0x%lx to Port25" % (acl_table_group_ingress))
# bind ACL GRP to Port25
sai_thrift_set_port_attribute(
self.client, self.port25, ingress_acl=acl_table_group_ingress)
print("Sending Test packet EthType:0x%lx port 25 -> [ACL REDIRECT] "
"-> port 26" % (eth_pkt1[Ether].type))
# ensure packet is redirected!
send_packet(self, self.dev_port25, eth_pkt1)
verify_packets(self, eth_pkt1, [self.dev_port26])
packets1 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress1, packets=True)
self.assertEqual(packets1['packets'], 1)
packets2 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress2, packets=True)
self.assertEqual(packets2['packets'], 0)
packets3 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress3, packets=True)
self.assertEqual(packets3['packets'], 0)
packets4 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress4, packets=True)
self.assertEqual(packets4['packets'], 0)
# ensure packet is redirected!
print("Sending Test packet EthType:0x%lx port 25 -> [ACL REDIRECT] "
"-> Lag1 (Port 26/Port 27)" % (eth_pkt2[Ether].type))
send_packet(self, self.dev_port25, eth_pkt2)
verify_packets_any(self, eth_pkt2, [self.dev_port27,
self.dev_port28])
packets1 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress1, packets=True)
self.assertEqual(packets1['packets'], 1)
packets2 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress2, packets=True)
self.assertEqual(packets2['packets'], 1)
packets3 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress3, packets=True)
self.assertEqual(packets3['packets'], 0)
packets4 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress4, packets=True)
self.assertEqual(packets4['packets'], 0)
# ensure packet is redirected!
print("Sending Test packet EthType:0x%lx port 25 -> [ACL REDIRECT] "
"-> port 26" % (eth_pkt3[Ether].type))
send_packet(self, self.dev_port25, eth_pkt3)
verify_packets(self, eth_pkt3, [self.dev_port26])
packets1 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress1, packets=True)
self.assertEqual(packets1['packets'], 1)
packets2 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress2, packets=True)
self.assertEqual(packets2['packets'], 1)
packets3 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress3, packets=True)
self.assertEqual(packets3['packets'], 1)
packets4 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress4, packets=True)
self.assertEqual(packets4['packets'], 0)
# ensure packet is redirected!
print("Sending Test packet EthType:0x%lx port 25 -> [ACL REDIRECT] "
"-> Lag1 (Port 27/Port 28)" % (eth_pkt4[Ether].type))
send_packet(self, self.dev_port25, eth_pkt4)
verify_packets_any(self, eth_pkt4, [self.dev_port27,
self.dev_port28])
packets1 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress1, packets=True)
self.assertEqual(packets1['packets'], 1)
packets2 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress2, packets=True)
self.assertEqual(packets2['packets'], 1)
packets3 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress3, packets=True)
self.assertEqual(packets3['packets'], 1)
packets4 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress4, packets=True)
self.assertEqual(packets4['packets'], 1)
# ensure packet is not redirected!
print("Sending Test(negative test) packet EthType:0x%lx port 25 -> "
"port 24" % (neg_test_pkt[Ether].type))
send_packet(self, self.dev_port25, neg_test_pkt)
verify_packets(self, neg_test_pkt, [self.dev_port24])
packets1 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress1, packets=True)
self.assertEqual(packets1['packets'], 1)
packets2 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress2, packets=True)
self.assertEqual(packets2['packets'], 1)
packets3 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress3, packets=True)
self.assertEqual(packets3['packets'], 1)
packets4 = sai_thrift_get_acl_counter_attribute(
self.client, acl_counter_ingress4, packets=True)
self.assertEqual(packets4['packets'], 1)