From 0755314c9c6580d448486f41ce0618be8254690b Mon Sep 17 00:00:00 2001 From: simone-dell <36049136+simone-dell@users.noreply.github.com> Date: Tue, 13 Feb 2018 18:42:01 -0800 Subject: [PATCH 1/4] Add files via upload --- .../roles/test/tasks/acl/acltb_test_rules.json | 18 +++++++++++++++++- .../tasks/acl/acltb_test_rules_part_2.json | 18 +++++++++++++++++- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/ansible/roles/test/tasks/acl/acltb_test_rules.json b/ansible/roles/test/tasks/acl/acltb_test_rules.json index 329dce74fa..ee0e10e36f 100644 --- a/ansible/roles/test/tasks/acl/acltb_test_rules.json +++ b/ansible/roles/test/tasks/acl/acltb_test_rules.json @@ -31,7 +31,7 @@ }, "ip": { "config": { - "destination-ip-address": "192.168.0.16/32" + "source-ip-address": "192.168.0.16/32" } } }, @@ -184,6 +184,22 @@ "ethertype": "ETHERTYPE_IPV4" } } + }, + "13": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 13 + }, + "ip": { + "config": { + "protocol":1, + "source-ip-address": "10.0.0.2/32" + } + } } } } diff --git a/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json b/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json index 329dce74fa..ee0e10e36f 100644 --- a/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json +++ b/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json @@ -31,7 +31,7 @@ }, "ip": { "config": { - "destination-ip-address": "192.168.0.16/32" + "source-ip-address": "192.168.0.16/32" } } }, @@ -184,6 +184,22 @@ "ethertype": "ETHERTYPE_IPV4" } } + }, + "13": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 13 + }, + "ip": { + "config": { + "protocol":1, + "source-ip-address": "10.0.0.2/32" + } + } } } } From e02527145414cae45fef1d21fcf2d90220fcb26b Mon Sep 17 00:00:00 2001 From: simone-dell <36049136+simone-dell@users.noreply.github.com> Date: Tue, 13 Feb 2018 18:44:53 -0800 Subject: [PATCH 2/4] Add files via upload Added ICMP test - create ptf icmp packet and make sure it is rejected based on drop icmp rule --- .../roles/test/files/acstests/acltb_test.py | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/ansible/roles/test/files/acstests/acltb_test.py b/ansible/roles/test/files/acstests/acltb_test.py index 085f4eb780..694cad4206 100644 --- a/ansible/roles/test/files/acstests/acltb_test.py +++ b/ansible/roles/test/files/acstests/acltb_test.py @@ -239,6 +239,38 @@ def runAclTests(self, dst_ip, dst_ip_blocked, src_port, dst_ports): tests_passed += (1 if res else 0) print "Test #11 %s" % ("PASSED" if res else "FAILED") + #Creates a ICMP packet + pkt0 = simple_icmp_packet( + eth_dst = self.router_mac, + eth_src = self.dataplane.get_mac(0, 0), + ip_src = "10.0.0.1", + ip_dst = dst_ip, + icmp_type=8, + icmp_code=0, + ip_ttl = 64 + ) + #exp_pkt = pkt.deepcopy() + exp_pkt0 = simple_icmp_packet( + eth_dst = self.dataplane.get_mac(0, 0), + eth_src = self.router_mac, + ip_src = "10.0.0.1", + ip_dst = dst_ip, + icmp_type=8, + icmp_code=0, + ip_ttl = 63 + ) + + # Test #12 - Verify IP protocol & source IP match + pkt = pkt0.copy() + exp_pkt = exp_pkt0.copy() + pkt['IP'].src = "10.0.0.2" + exp_pkt['IP'].src = "10.0.0.2" + pkt['IP'].proto=0x1 + exp_pkt['IP'].proto=0x1 + res = self.runSendReceiveTest(pkt, src_port, exp_pkt, dst_ports) + tests_passed += (0 if res else 1) + print "Test #12 %s" % ("FAILED" if res else "PASSED") + return tests_passed, self.tests_total #--------------------------------------------------------------------- From 04286b22a48b6e6bb6733a878390b2f1854d8a43 Mon Sep 17 00:00:00 2001 From: simone-dell <36049136+simone-dell@users.noreply.github.com> Date: Tue, 13 Feb 2018 18:48:50 -0800 Subject: [PATCH 3/4] Add files via upload --- ansible/roles/test/files/acstests/acltb_test.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/test/files/acstests/acltb_test.py b/ansible/roles/test/files/acstests/acltb_test.py index 694cad4206..48ac86263c 100644 --- a/ansible/roles/test/files/acstests/acltb_test.py +++ b/ansible/roles/test/files/acstests/acltb_test.py @@ -265,8 +265,8 @@ def runAclTests(self, dst_ip, dst_ip_blocked, src_port, dst_ports): exp_pkt = exp_pkt0.copy() pkt['IP'].src = "10.0.0.2" exp_pkt['IP'].src = "10.0.0.2" - pkt['IP'].proto=0x1 - exp_pkt['IP'].proto=0x1 + pkt['IP'].proto=0x1 + exp_pkt['IP'].proto=0x1 res = self.runSendReceiveTest(pkt, src_port, exp_pkt, dst_ports) tests_passed += (0 if res else 1) print "Test #12 %s" % ("FAILED" if res else "PASSED") From 75b11c3a495f828b86e312bf1a7ed8a571dc7fb1 Mon Sep 17 00:00:00 2001 From: simone-dell <36049136+simone-dell@users.noreply.github.com> Date: Tue, 13 Feb 2018 18:53:40 -0800 Subject: [PATCH 4/4] Add files via upload --- ansible/roles/test/tasks/acl/acltb_test_rules.json | 2 +- ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/test/tasks/acl/acltb_test_rules.json b/ansible/roles/test/tasks/acl/acltb_test_rules.json index ee0e10e36f..9d94870469 100644 --- a/ansible/roles/test/tasks/acl/acltb_test_rules.json +++ b/ansible/roles/test/tasks/acl/acltb_test_rules.json @@ -31,7 +31,7 @@ }, "ip": { "config": { - "source-ip-address": "192.168.0.16/32" + "destination-ip-address": "192.168.0.16/32" } } }, diff --git a/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json b/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json index ee0e10e36f..9d94870469 100644 --- a/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json +++ b/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json @@ -31,7 +31,7 @@ }, "ip": { "config": { - "source-ip-address": "192.168.0.16/32" + "destination-ip-address": "192.168.0.16/32" } } },