diff --git a/ansible/roles/test/files/acstests/acltb_test.py b/ansible/roles/test/files/acstests/acltb_test.py index 085f4eb780..48ac86263c 100644 --- a/ansible/roles/test/files/acstests/acltb_test.py +++ b/ansible/roles/test/files/acstests/acltb_test.py @@ -239,6 +239,38 @@ def runAclTests(self, dst_ip, dst_ip_blocked, src_port, dst_ports): tests_passed += (1 if res else 0) print "Test #11 %s" % ("PASSED" if res else "FAILED") + #Creates a ICMP packet + pkt0 = simple_icmp_packet( + eth_dst = self.router_mac, + eth_src = self.dataplane.get_mac(0, 0), + ip_src = "10.0.0.1", + ip_dst = dst_ip, + icmp_type=8, + icmp_code=0, + ip_ttl = 64 + ) + #exp_pkt = pkt.deepcopy() + exp_pkt0 = simple_icmp_packet( + eth_dst = self.dataplane.get_mac(0, 0), + eth_src = self.router_mac, + ip_src = "10.0.0.1", + ip_dst = dst_ip, + icmp_type=8, + icmp_code=0, + ip_ttl = 63 + ) + + # Test #12 - Verify IP protocol & source IP match + pkt = pkt0.copy() + exp_pkt = exp_pkt0.copy() + pkt['IP'].src = "10.0.0.2" + exp_pkt['IP'].src = "10.0.0.2" + pkt['IP'].proto=0x1 + exp_pkt['IP'].proto=0x1 + res = self.runSendReceiveTest(pkt, src_port, exp_pkt, dst_ports) + tests_passed += (0 if res else 1) + print "Test #12 %s" % ("FAILED" if res else "PASSED") + return tests_passed, self.tests_total #--------------------------------------------------------------------- diff --git a/ansible/roles/test/tasks/acl/acltb_test_rules.json b/ansible/roles/test/tasks/acl/acltb_test_rules.json index 329dce74fa..9d94870469 100644 --- a/ansible/roles/test/tasks/acl/acltb_test_rules.json +++ b/ansible/roles/test/tasks/acl/acltb_test_rules.json @@ -184,6 +184,22 @@ "ethertype": "ETHERTYPE_IPV4" } } + }, + "13": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 13 + }, + "ip": { + "config": { + "protocol":1, + "source-ip-address": "10.0.0.2/32" + } + } } } } diff --git a/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json b/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json index 329dce74fa..9d94870469 100644 --- a/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json +++ b/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json @@ -184,6 +184,22 @@ "ethertype": "ETHERTYPE_IPV4" } } + }, + "13": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 13 + }, + "ip": { + "config": { + "protocol":1, + "source-ip-address": "10.0.0.2/32" + } + } } } }