From febcacd87fee0097c9fcc202ccc475aaf09b48fc Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Fri, 5 Feb 2021 17:00:52 -0800 Subject: [PATCH 1/2] Added test case to verify ebtables rules. Signed-off-by: Abhishek Dosi --- tests/cacl/test_ebtables_application.py | 42 +++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 tests/cacl/test_ebtables_application.py diff --git a/tests/cacl/test_ebtables_application.py b/tests/cacl/test_ebtables_application.py new file mode 100644 index 0000000000..72b39cd3c7 --- /dev/null +++ b/tests/cacl/test_ebtables_application.py @@ -0,0 +1,42 @@ +import pytest +from tests.common.helpers.assertions import pytest_assert + +logger = logging.getLogger(__name__) + +pytestmark = [ + pytest.mark.disable_loganalyzer, # disable automatic loganalyzer globally + pytest.mark.topology('any') +] + +def generate_expected_rules(duthost): + ebtables_rules = [] + # Default policies + ebtables_rules.append("-d BGA -j DROP") + ebtables_rules.append("-p ARP -j DROP") + ebtables_rules.append("-p 802_1Q --vlan-encap ARP -j DROP") + return ebtables_rules + + +def test_ebtables_application(duthosts, rand_one_dut_hostname): + """ + Test case to ensure ebtables rules are applied are corectly on DUT during init + + This is done by generating our own set of expected ebtables + rules based on the DuT's configuration and comparing them against the + actual ebtables rules on the DuT. + """ + duthost = duthosts[rand_one_dut_hostname] + expected_ebtables_rules = generate_expected_rules(duthost) + + stdout = duthost.shell("sudo ebtables -L FORWARD")["stdout"] + ebtables_rules = stdout.strip().split("\n") + + actual_ebtables_rules = [rule.strip() for rule in ebtables_rules if rule.startswith('-')] + + # Ensure all expected ebtables rules are present on the DuT + missing_ebtables_rules = set(expected_ebtables_rules) - set(actual_ebtables_rules) + pytest_assert(len(missing_ebtables_rules) == 0, "Missing expected ebtables rules: {}".format(repr(missing_ebtables_rules))) + + # Ensure there are no unexpected ebtables rules present on the DuT + unexpected_ebtables_rules = set(actual_ebtables_rules) - set(expected_ebtables_rules) + pytest_assert(len(unexpected_ebtables_rules) == 0, "Unexpected ebtables rules: {}".format(repr(unexpected_ebtables_rules))) From a6d5c16b2ab95f6df6923823541fa49d90bf5940 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Wed, 27 Oct 2021 16:24:36 -0700 Subject: [PATCH 2/2] Fix to avoid overlap of Front Port Channel and Internal Pot Channel Signed-off-by: Abhishek Dosi --- ansible/templates/minigraph_dpg_asic.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/templates/minigraph_dpg_asic.j2 b/ansible/templates/minigraph_dpg_asic.j2 index ceca239598..44e89c532a 100644 --- a/ansible/templates/minigraph_dpg_asic.j2 +++ b/ansible/templates/minigraph_dpg_asic.j2 @@ -95,7 +95,7 @@ {% if 'port-channel' in vm_topo_config['vm'][vms[index]]['ip_intf'][dut_index|int]|lower %} {% set port_channel_intf=';'.join(vm_asic_ifnames[vms[index]]) %} - PortChannel{{ ((index+1)|string).zfill(2) }} + PortChannel{{ ((index+1)|string).zfill(4) }} {{ port_channel_intf }} @@ -142,7 +142,7 @@ {% if 'port-channel' in vm_topo_config['vm'][vms[index]]['ip_intf'][dut_index|int]|lower %} - PortChannel{{ ((index+1) |string).zfill(2) }} + PortChannel{{ ((index+1) |string).zfill(4) }} {% else %} {{ front_panel_asic_ifnames[vm_topo_config['vm'][vms[index]]['interface_indexes'][dut_index|int][0]] }} {% endif %} @@ -151,7 +151,7 @@ {% if 'port-channel' in vm_topo_config['vm'][vms[index]]['ip_intf'][dut_index|int]|lower %} - PortChannel{{ ((index+1) |string).zfill(2) }} + PortChannel{{ ((index+1) |string).zfill(4) }} {% else %} {{ front_panel_asic_ifnames[vm_topo_config['vm'][vms[index]]['interface_indexes'][dut_index|int][0]] }} {% endif %}