def acl_replace_with_icmp_traffic(self, step, step_num): self._check_basic_private_variables(step_num) acl_name = 'test' action = 'permit' src_ip = self._tx_host_ip dst_ip = self._rx_host_ip seq_num = '1' proto = 'icmp' src_port = '' dst_port = '' count_str = '' step(str(step_num) + '.a Configure an ACL with a %s icmp %s %s rule' % (action, src_ip, dst_ip)) configure_acl_l3( self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str ) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._pri_int, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) step(str(step_num) + '.b Create and verify ICMP packets') rx_expect = True self._create_and_verify_traffic_l3('ICMP', rx_expect) step(str(step_num) + '.c Create new ACL with a %s icmp %s %s rule and apply to same' 'port' % (action, src_ip, dst_ip)) acl_name2 = 'test2' action = 'deny' configure_acl_l3( self._sw1, self._aclAddrType, acl_name2, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str ) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._pri_int, acl_addr_type=self._aclAddrType, acl_name=acl_name2, direction=self._aclDir) step(str(step_num) + '.b Create and verify ICMP packets') rx_expect = False self._create_and_verify_traffic_l3('ICMP', rx_expect) step(str(step_num) + '.f Remove the configured ACL') unconfigure_acl(self._sw1, self._aclAddrType, acl_name) unconfigure_acl(self._sw1, self._aclAddrType, acl_name2)
def acl_deny_udp_on_multiple_ports(self, step, step_num): self._check_basic_private_variables(step_num) assert self._sec_int is not None acl_name = 'test' step( str(step_num) + '.a Configure an ACL with a deny udp and permit icmp rule') seq_num = '1' action = 'deny' proto = 'udp' src_ip = self._tx_host_ip src_port = '' dst_ip = self._rx_host_ip dst_port = '' count_str = '' configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str) seq_num = '2' action = 'permit' proto = 'icmp' src_ip = 'any' dst_ip = 'any' configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str) for inter_num in (self._pri_int, self._sec_int): apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=inter_num, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) step(str(step_num) + '.b Create and verify UDP packets') rx_expect = False self._create_and_verify_traffic_l3('UDP', rx_expect) step(str(step_num) + '.c Create and verify reverse UDP packets') self._create_and_verify_traffic_l3('UDP', rx_expect, direction='reverse') step(str(step_num) + '.d Create and verify ICMP packets') rx_expect = True self._create_and_verify_traffic_l3('ICMP', rx_expect) step(str(step_num) + '.e Create and verify reverse ICMP packets') self._create_and_verify_traffic_l3('ICMP', rx_expect, direction='reverse') step(str(step_num) + '.f Remove the configured ACL') unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
def acl_permit_icmp_on_multiple_ports(self, step, step_num): self._check_basic_private_variables(step_num) acl_name = 'test' action = 'permit' src_ip = self._tx_host_ip dst_ip = self._rx_host_ip step(str(step_num) + '.a Configure an ACL with a %s icmp %s %s rule' % (action, src_ip, dst_ip)) seq_num = '11' proto = 'icmp' src_port = '' dst_port = '' count_str = '' configure_acl_l3( self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str ) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._pri_int, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) # Switching the src_ip and the dst_ip src_ip = self._rx_host_ip dst_ip = self._tx_host_ip step(str(step_num) + '.b Add to an ACL with a %s icmp %s %s rule' % (action, src_ip, dst_ip)) seq_num = '12' configure_acl_l3( self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str ) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._sec_int, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) step(str(step_num) + '.d Create and verify ICMP packets') rx_expect = True self._create_and_verify_traffic_l3('ICMP', rx_expect) step(str(step_num) + '.e Create and verify reverse ICMP packets') self._create_and_verify_traffic_l3('ICMP', rx_expect, direction='reverse') step(str(step_num) + '.f Remove the configured ACL') unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
def acl_deny_udp_on_multiple_ports(self, step, step_num): self._check_basic_private_variables(step_num) assert self._sec_int is not None acl_name = 'test' step(str(step_num) + '.a Configure an ACL with a deny udp and permit icmp rule') seq_num = '1' action = 'deny' proto = 'udp' src_ip = self._tx_host_ip src_port = '' dst_ip = self._rx_host_ip dst_port = '' count_str = '' configure_acl_l3( self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str ) seq_num = '2' action = 'permit' proto = 'icmp' src_ip = 'any' dst_ip = 'any' configure_acl_l3( self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str ) for inter_num in (self._pri_int, self._sec_int): apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=inter_num, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) step(str(step_num) + '.b Create and verify UDP packets') rx_expect = False self._create_and_verify_traffic_l3('UDP', rx_expect) step(str(step_num) + '.c Create and verify reverse UDP packets') self._create_and_verify_traffic_l3('UDP', rx_expect, direction='reverse') step(str(step_num) + '.d Create and verify ICMP packets') rx_expect = True self._create_and_verify_traffic_l3('ICMP', rx_expect) step(str(step_num) + '.e Create and verify reverse ICMP packets') self._create_and_verify_traffic_l3('ICMP', rx_expect, direction='reverse') step(str(step_num) + '.f Remove the configured ACL') unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
def acl_replace_with_icmp_traffic(self, step, step_num): self._check_basic_private_variables(step_num) acl_name = 'test' action = 'permit' src_ip = self._tx_host_ip dst_ip = self._rx_host_ip seq_num = '1' proto = 'icmp' src_port = '' dst_port = '' count_str = '' step( str(step_num) + '.a Configure an ACL with a %s icmp %s %s rule' % (action, src_ip, dst_ip)) configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._pri_int, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) step(str(step_num) + '.b Create and verify ICMP packets') rx_expect = True self._create_and_verify_traffic_l3('ICMP', rx_expect) step( str(step_num) + '.c Create new ACL with a %s icmp %s %s rule and apply to same' 'port' % (action, src_ip, dst_ip)) acl_name2 = 'test2' action = 'deny' configure_acl_l3(self._sw1, self._aclAddrType, acl_name2, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._pri_int, acl_addr_type=self._aclAddrType, acl_name=acl_name2, direction=self._aclDir) step(str(step_num) + '.b Create and verify ICMP packets') rx_expect = False self._create_and_verify_traffic_l3('ICMP', rx_expect) step(str(step_num) + '.f Remove the configured ACL') unconfigure_acl(self._sw1, self._aclAddrType, acl_name) unconfigure_acl(self._sw1, self._aclAddrType, acl_name2)
def acl_permit_icmp_on_multiple_ports(self, step, step_num): self._check_basic_private_variables(step_num) acl_name = 'test' action = 'permit' src_ip = self._tx_host_ip dst_ip = self._rx_host_ip step( str(step_num) + '.a Configure an ACL with a %s icmp %s %s rule' % (action, src_ip, dst_ip)) seq_num = '11' proto = 'icmp' src_port = '' dst_port = '' count_str = '' configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._pri_int, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) # Switching the src_ip and the dst_ip src_ip = self._rx_host_ip dst_ip = self._tx_host_ip step( str(step_num) + '.b Add to an ACL with a %s icmp %s %s rule' % (action, src_ip, dst_ip)) seq_num = '12' configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._sec_int, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) step(str(step_num) + '.d Create and verify ICMP packets') rx_expect = True self._create_and_verify_traffic_l3('ICMP', rx_expect) step(str(step_num) + '.e Create and verify reverse ICMP packets') self._create_and_verify_traffic_l3('ICMP', rx_expect, direction='reverse') step(str(step_num) + '.f Remove the configured ACL') unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
def acl_modify_after_sending_udp_traffic(self, step, step_num): self._check_basic_private_variables(step_num) acl_name = 'test' action = 'permit' src_ip = self._tx_host_ip dst_ip = self._rx_host_ip step(str(step_num) + '.a Configure an ACL with 1 %s udp %s %s rule' % (action, src_ip, dst_ip)) seq_num = '1' proto = 'udp' src_port = '' dst_port = '' count_str = '' configure_acl_l3( self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str ) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._pri_int, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) step(str(step_num) + '.b Create and verify UDP packets') rx_expect = True self._create_and_verify_traffic_l3('UDP', rx_expect) step(str(step_num) + '.c Create and verify other UDP packets') rx_expect = False self._create_and_verify_traffic_l3('ICMP', rx_expect) action = 'deny' step(str(step_num) + '.d Modify ACL with 1 %s udp %s %s rule' % (action, src_ip, dst_ip)) configure_acl_l3( self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str ) step(str(step_num) + '.e Create and verify UDP packets') rx_expect = False self._create_and_verify_traffic_l3('UDP', rx_expect) step(str(step_num) + '.f Create and verify other UDP packets') rx_expect = False self._create_and_verify_traffic_l3('ICMP', rx_expect) step(str(step_num) + '.g Remove the configured ACL') unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
def acl_modify_after_sending_udp_traffic(self, step, step_num): self._check_basic_private_variables(step_num) acl_name = 'test' action = 'permit' src_ip = self._tx_host_ip dst_ip = self._rx_host_ip step( str(step_num) + '.a Configure an ACL with 1 %s udp %s %s rule' % (action, src_ip, dst_ip)) seq_num = '1' proto = 'udp' src_port = '' dst_port = '' count_str = '' configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._pri_int, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) step(str(step_num) + '.b Create and verify UDP packets') rx_expect = True self._create_and_verify_traffic_l3('UDP', rx_expect) step(str(step_num) + '.c Create and verify other UDP packets') rx_expect = False self._create_and_verify_traffic_l3('ICMP', rx_expect) action = 'deny' step( str(step_num) + '.d Modify ACL with 1 %s udp %s %s rule' % (action, src_ip, dst_ip)) configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str) step(str(step_num) + '.e Create and verify UDP packets') rx_expect = False self._create_and_verify_traffic_l3('UDP', rx_expect) step(str(step_num) + '.f Create and verify other UDP packets') rx_expect = False self._create_and_verify_traffic_l3('ICMP', rx_expect) step(str(step_num) + '.g Remove the configured ACL') unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
def acl_permit_icmp_hitcount(self, step, step_num): self._check_basic_private_variables(step_num) acl_name = 'test' action = 'permit' src_ip = self._tx_host_ip dst_ip = self._rx_host_ip count_str = 'count' step( str(step_num) + '.a Configure an ACL with a %s icmp %s %s %s rule' % (action, src_ip, dst_ip, count_str)) seq_num = '50' proto = 'icmp' src_port = '' dst_port = '' configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._pri_int, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) step(str(step_num) + '.b Create and verify ICMP packets') self._clear_hitcounts(acl_name, self._pri_int) self.print_clr("INFO", "Delaying 6 seconds to allow the acl to be" " applied") sleep(6) rx_expect = True self._create_and_verify_traffic_l3('ICMP', rx_expect) # delay added to retrieve correct hitcount self.print_clr( "INFO", "Delaying 6 seconds to allow the hits to show" " up in the osvdb") sleep(6) assert (self._get_hitcount( sw=self._sw1, acl_name=acl_name, inter_num=self._pri_int, target_ace_str='%s %s %s %s %s count' % (seq_num, action, proto, src_ip, dst_ip)) == '10') step(str(step_num) + '.f Remove the configured ACL') unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
def acl_permit_icmp_hitcount(self, step, step_num): self._check_basic_private_variables(step_num) acl_name = 'test' action = 'permit' src_ip = self._tx_host_ip dst_ip = self._rx_host_ip count_str = 'count' step(str(step_num) + '.a Configure an ACL with a %s icmp %s %s %s rule' % (action, src_ip, dst_ip, count_str)) seq_num = '50' proto = 'icmp' src_port = '' dst_port = '' configure_acl_l3( self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str ) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._pri_int, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) step(str(step_num) + '.b Create and verify ICMP packets') self._clear_hitcounts(acl_name, self._pri_int) self.print_clr("INFO", "Delaying 6 seconds to allow the acl to be" " applied") sleep(6) rx_expect = True self._create_and_verify_traffic_l3('ICMP', rx_expect) # delay added to retrieve correct hitcount self.print_clr("INFO", "Delaying 6 seconds to allow the hits to show" " up in the osvdb") sleep(6) assert(self._get_hitcount(sw=self._sw1, acl_name=acl_name, inter_num=self._pri_int, target_ace_str='%s %s %s %s %s count' % (seq_num, action, proto, src_ip, dst_ip)) == '10') step(str(step_num) + '.f Remove the configured ACL') unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
def common_in_out_apply_one_acl_one_ace_test( sw, acl_addr_type, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, app_type, interface_num, dir_list, count, log ): assert sw is not None assert acl_addr_type in ('ip', 'ipv6', 'mac') assert isinstance(acl_name, str) assert isinstance(seq_num, str) assert action in ('permit', 'deny') assert isinstance(proto, str) assert isinstance(src_ip, str) assert isinstance(src_port, str) assert isinstance(dst_ip, str) assert isinstance(dst_port, str) assert app_type in ('port', 'vlan') assert isinstance(interface_num, str) assert isinstance(dir_list, list) assert count in ('count', '') assert log in ('log', '') for direction in dir_list: assert direction in ['in', 'out'] configure_acl_l3( sw=sw, acl_addr_type=acl_addr_type, acl_name=acl_name, seq_num=seq_num, action=action, proto=proto, src_ip=src_ip, src_port=src_port, dst_ip=dst_ip, dst_port=dst_port, count=count, log=log ) for direction in dir_list: apply_acl( sw=sw, app_type=app_type, interface_num=interface_num, acl_addr_type=acl_addr_type, acl_name=acl_name, direction=direction ) for direction in dir_list: no_apply_interface( sw=sw, app_type=app_type, interface_num=interface_num, acl_addr_type=acl_addr_type, acl_name=acl_name, direction=direction ) unconfigure_ace( sw=sw, acl_addr_type=acl_addr_type, acl_name=acl_name, seq_num=seq_num )
def acl_action_udp_dotted_netmask(self, step, step_num, action_str): self._check_basic_private_variables(step_num) assert isinstance(action_str, str) and \ action_str in ('permit', 'deny') acl_name = 'test' src_ip = self._rm_host_num_and_add_prefix(self._tx_host_ip, '255.255.255.254') dst_ip = self._rm_host_num_and_add_prefix(self._rx_host_ip, '255.255.255.0') step(str(step_num) + '.a Configure an ACL with 1 %s udp %s %s rule' % (action_str, src_ip, dst_ip)) seq_num = '1' action = action_str proto = 'udp' src_port = '' dst_port = '' count_str = '' configure_acl_l3( self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str ) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._pri_int, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) step(str(step_num) + '.b Create and verify UDP packets') rx_expect = True if action_str == 'permit' else False self._create_and_verify_traffic_l3('UDP', rx_expect) step(str(step_num) + '.c Create and verify ICMP packets') rx_expect = False self._create_and_verify_traffic_l3('ICMP', rx_expect) step(str(step_num) + '.d Remove the configured ACL') unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
def acl_action_udp_sport_eq_param(self, step, step_num, action_str): self._check_basic_private_variables(step_num) assert isinstance(action_str, str) and \ action_str in ('permit', 'deny') acl_name = 'test' src_ip = self._tx_host_ip src_port = 'eq 5555' dst_ip = self._rx_host_ip step( str(step_num) + '.a Configure an ACL with 1 %s udp %s %s %s rule' % (action_str, src_ip, src_port, dst_ip)) seq_num = '1' action = action_str proto = 'udp' dst_port = '' count_str = '' configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=self._pri_int, acl_addr_type=self._aclAddrType, acl_name=acl_name, direction=self._aclDir) step(str(step_num) + '.b Create and verify UDP packets') rx_expect = True if action_str == 'permit' else False self._create_and_verify_traffic_l3('UDP', rx_expect) step(str(step_num) + '.c Create and verify other UDP packets') rx_expect = False self._create_and_verify_traffic_l3('UDP', rx_expect, src_port='1000', dst_port='5555') step(str(step_num) + '.d Remove the configured ACL') unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
def acl_config_persistance(self, step, step_num, entries_list): self._check_basic_private_variables(step_num) # Verify entries_list is a list of integers with no more than 2 entries # (for now). assert isinstance(entries_list, list) and\ len(entries_list) <= 2 for i in list(range(len(entries_list))): assert isinstance(entries_list[i], int) seq_num = '1' action = 'permit' proto = 'icmp' src_port = '' dst_port = '' count_str = 'count' tx_dir = ['forward', 'reverse'] interface_num_list = [self._pri_int, self._sec_int] acl_name = ['test', 'test2'] range_lt_gt_count = 0 target_ace_list = [] for i in list(range(len(entries_list))): if tx_dir[i] == 'forward': src_ip, dst_ip = self._tx_host_ip, self._rx_host_ip else: dst_ip, src_ip = self._tx_host_ip, self._rx_host_ip step(str(step_num) + '.a Configure an ACL with a %s %s %s %s %s rule' % (action, proto, src_ip, dst_ip, count_str)) configure_acl_l3( self._sw1, self._aclAddrType, acl_name[i], seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str ) step(str(step_num) + '.b Configure the ACL another %s random rules (off by one' ' because we already\nconfigured one rule that we will use' ' for traffic tests later)' % (str(entries_list[i] - 1))) for seq in list(range(2, entries_list[i] + 1)): r_action = choice(["permit", "deny"]) r_proto = choice([str(randrange(1, 255)), 'tcp', 'udp', 'sctp']) r_src_ip = self._rand_ip_address_with_prefix() r_dst_ip = self._rand_ip_address_with_prefix() r_src_port, range_lt_gt_count = self._rand_port( r_proto, range_lt_gt_count ) r_dst_port, range_lt_gt_count = self._rand_port( r_proto, range_lt_gt_count ) r_count_str = choice(['count', '']) configure_acl_l3( self._sw1, self._aclAddrType, acl_name[i], str(seq), r_action, r_proto, r_src_ip, r_src_port, r_dst_ip, r_dst_port, r_count_str ) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=interface_num_list[i], acl_addr_type=self._aclAddrType, acl_name=acl_name[i], direction=self._aclDir) self._clear_hitcounts(acl_name[i], interface_num_list[i]) step(str(step_num) + '.c Create and verify ICMP packets') sleep(6) rx_expect = True self._create_and_verify_traffic_l3('ICMP', rx_expect, direction=tx_dir[i]) sleep(6) # delay to retrieve correct hitcount target_ace_list.append('%s %s %s %s %s count' % (seq_num, action, proto, src_ip, dst_ip)) assert(self._get_hitcount(sw=self._sw1, acl_name=acl_name[i], inter_num=interface_num_list[i], target_ace_str=target_ace_list[i]) == '10') # Check the running and startup config are the same before reboot self.print_clr("INFO", "Copying the running config to the startup" " config") self._sw1._shells['vtysh']._timeout = 1500 self._sw1.libs.vtysh.copy_running_config_startup_config() run_res_before_boot = self._sw1.libs.vtysh.show_running_config() start_res_before_boot = self._sw1.libs.vtysh.show_startup_config() assert(run_res_before_boot == start_res_before_boot) self.print_clr("INFO", "Rebooting Switch") reboot_switch(self._sw1) self.print_clr("INFO", "Delaying 60 seconds while switch inits") sleep(60) # Check the running config is still the same as before run_res_after_boot = self._sw1.libs.vtysh.show_running_config() assert(run_res_before_boot == run_res_after_boot) # Check the startup config is the same and the current running start_res_after_boot = self._sw1.libs.vtysh.show_startup_config() assert(run_res_after_boot == start_res_after_boot) # Check that the applied ACL still works along with logging step(str(step_num) + '.d Create and verify ICMP packets') for i in list(range(len(entries_list))): self._clear_hitcounts(acl_name[i], interface_num_list[i]) rx_expect = True self._create_and_verify_traffic_l3('ICMP', rx_expect, direction=tx_dir[i]) sleep(6) # delay tp retrieve correct hitcount assert(self._get_hitcount(sw=self._sw1, acl_name=acl_name[i], inter_num=interface_num_list[i], target_ace_str=target_ace_list[i]) == '10') step(str(step_num) + '.e Remove the configured ACL(s)') for i in list(range(len(entries_list))): unconfigure_acl(self._sw1, self._aclAddrType, acl_name[i])
def test_ace_apply(topology, step): test_num = 0 """ Test apply of ACEs to ports. Build a topology of one switch. Tested the ability to properly add ACL, delete ACL. """ ops1 = topology.get('ops1') assert ops1 is not None acl_name = 'test1' seq_num = '1' test_num += 1 step( '#### T{test_num} Add Permit ACE ####\n' '#### to existing IPv4 ACL ####' .format(**locals()) ) configure_acl_l3( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num, action='permit', proto='pim', src_ip='1.2.3.4', src_port='', dst_ip='5.6.7.8', dst_port='', count='', log='' ) test_num += 1 step( '#### T{test_num} Add Deny ACE ####\n' '#### to existing IPv4 ACL ####' .format(**locals()) ) configure_acl_l3( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num, action='deny', proto='igmp', src_ip='1.2.3.4', src_port='', dst_ip='5.6.7.8', dst_port='', count='', log='' ) test_num += 1 step( '#### T{test_num} Add Permit ACE ####\n' '#### to existing IPv4 ACL ####\n' '#### with just count ####' .format(**locals()) ) configure_acl_l3( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num, action='permit', proto='igmp', src_ip='9.10.11.12', src_port='', dst_ip='13.14.15.16', dst_port='', count='count', log='' ) test_num += 1 step( '#### T{test_num} Add Permit ACE ####\n' '#### to existing IPv4 ACL ####\n' '#### with count and log ####' .format(**locals()) ) configure_acl_l3( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num, action='permit', proto='igmp', src_ip='17.18.19.20', src_port='', dst_ip='21.22.23.24', dst_port='', count='count', log='log' ) test_num += 1 step( '#### T{test_num} Add Permit ACE ####\n' '#### to existing IPv4 ACL ####\n' '#### with just log ####' .format(**locals()) ) configure_acl_l3( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num, action='permit', proto='igmp', src_ip='25.26.27.28', src_port='', dst_ip='29.30.31.32', dst_port='', count='', log='log' ) test_num += 1 step( '#### T{test_num} Remove ACE ####\n' '#### from existing IPv4 ACL ####' .format(**locals()) ) unconfigure_ace( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num ) test_num += 1 step( '#### T{test_num} Remove IPv4 ACL ####' .format(**locals()) ) unconfigure_acl(sw=ops1, acl_addr_type='ip', acl_name=acl_name) for direction in ['in', 'out']: dir_synonym = "Ingress" if direction == 'in' else "Egress" acl_name = 'testApplyACL_{dir_synonym}'.format(**locals()) test_num += 1 step( '## T{test_num} Applying {dir_synonym} IPV4 ACL ##\n' '#### T{test_num}a Apply {dir_synonym} IPV4 ACL ####\n' '#### to interface ####\n' '#### ACL does not exist ####' .format(**locals()) ) with pytest.raises(exceptions.AclDoesNotExistException): apply_acl( sw=ops1, app_type='port', interface_num='4', acl_addr_type='ip', acl_name=acl_name, direction=direction ) step( '#### T{test_num}b Apply {dir_synonym} IPV4 ACL ####\n' '#### to interface ####\n' '#### igmp protocol ####' .format(**locals()) ) seq_num = '4' configure_acl_l3( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num, action='permit', proto='igmp', src_ip='1.2.3.4/255.0.0.0', src_port='', dst_ip='5.6.7.8/255.255.0.0', dst_port='', count='', log='' ) interface_num = '4' apply_acl( sw=ops1, app_type='port', interface_num='4', acl_addr_type='ip', acl_name=acl_name, direction=direction ) unconfigure_ace( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num ) test_num += 1 step( '#### T{test_num} Apply {dir_synonym} no ACL ####\n' '#### on interface 4 ####' .format(**locals()) ) no_apply_interface( sw=ops1, app_type='port', interface_num=interface_num, acl_addr_type='ip', acl_name=acl_name, direction=direction ) test_num += 1 step( '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n' '#### to interface ####\n' '#### A.B.C.D/M Network ####' .format(**locals()) ) common_apply_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='6', action='permit', proto='igmp', src_ip='1.2.3.4/8', src_port='', dst_ip='5.6.7.8/24', dst_port='', app_type='port', interface_num='5', direction=direction, count='', log='' ) test_num += 1 step( '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n' '#### to interface ####\n' '#### A.B.C.D Host count ####' .format(**locals()) ) common_apply_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='7', action='permit', proto='igmp', src_ip='1.2.3.4', src_port='', dst_ip='5.6.7.8', dst_port='', app_type='port', interface_num='7', direction=direction, count='count', log='' ) test_num += 1 step( '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n' '#### to interface ####\n' '#### Numbered proto and any host log ####' .format(**locals()) ) common_apply_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='8', action='permit', proto='4', src_ip='any', src_port='', dst_ip='any', dst_port='', app_type='port', interface_num='8', direction=direction, count='', log='log' ) test_num += 1 step( '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n' '#### to interface ####\n' '#### sctp eq L4 count log####' .format(**locals()) ) common_apply_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='9', action='permit', proto='sctp', src_ip='172.21.30.4', src_port='eq 10', dst_ip='5.6.7.8/24', dst_port='eq 11', app_type='port', interface_num='9', direction=direction, count='count', log='log' ) test_num += 1 step( '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n' '#### to interface ####\n' '#### sctp eq L4 ####' .format(**locals()) ) common_apply_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='10', action='permit', proto='sctp', src_ip='172.21.30.4', src_port='eq 10', dst_ip='5.6.7.8/24', dst_port='eq 11', app_type='port', interface_num='10', direction=direction, count='', log='' ) test_num += 1 step( '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n' '#### to interface ####\n' '#### sctp gt L4 count ####' .format(**locals()) ) common_apply_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='11', action='permit', proto='sctp', src_ip='172.21.30.4/24', src_port='gt 10', dst_ip='5.6.7.8/24', dst_port='gt 11', app_type='port', interface_num='11', direction=direction, count='count', log='' ) test_num += 1 step( '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n' '#### to interface ####\n' '#### sctp lt L4 log ####' .format(**locals()) ) common_apply_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='12', action='permit', proto='sctp', src_ip='172.21.30.4/24', src_port='lt 10', dst_ip='5.6.7.8/24', dst_port='lt 11', app_type='port', interface_num='12', direction=direction, count='', log='log' ) test_num += 1 step( '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n' '#### to interface ####\n' '#### sctp range L4 count log ####' .format(**locals()) ) common_apply_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='13', action='permit', proto='sctp', src_ip='1.2.3.4/1', src_port='range 100 500', dst_ip='5.6.7.8/32', dst_port='range 40 50', app_type='port', interface_num='13', direction=direction, count='count', log='log' ) test_num += 1 step( '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n' '#### to interface ####\n' '#### tcp deny eq L4 ####' .format(**locals()) ) common_apply_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='14', action='deny', proto='tcp', src_ip='1.2.3.4/8', src_port='eq 4', dst_ip='5.6.7.8/24', dst_port='eq 40', app_type='port', interface_num='14', direction=direction, count='', log='' ) test_num += 1 step( '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n' '#### to interface ####\n' '#### tcp deny range L4 count ####' .format(**locals()) ) common_apply_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='15', action='deny', proto='tcp', src_ip='1.2.3.4/8', src_port='range 4 6', dst_ip='5.6.7.8/24', dst_port='range 40 60', app_type='port', interface_num='15', direction=direction, count='count', log='' ) test_num += 1 step( '#### T{test_num} Remove {dir_synonym} IPV4 ACL ####' .format(**locals()) ) unconfigure_acl(sw=ops1, acl_addr_type='ip', acl_name=acl_name) # END for direction in ['in' : 'out']: # Beginning of mixing ingress with egress using a single ACL acl_name = "testIngressEgressOneACL" for dir_list in [['in', 'out'], ['out', 'in']]: test_num += 1 step( '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n' '#### On one port, ACL, and ACE ####\n' '#### deny udp any Host L4 range ####' .format(**locals()) ) common_in_out_apply_one_acl_one_ace_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='1', action='deny', proto='udp', src_ip='any', src_port='', dst_ip='1.1.1.1', dst_port='range 0 65535', app_type='port', interface_num='1', dir_list=dir_list, count='', log='' ) test_num += 1 step( '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n' '#### On one port, ACL, and ACE ####\n' '#### permit tcp Network L4 lt Non-contiguous L4 gt count ####' .format(**locals()) ) common_in_out_apply_one_acl_one_ace_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='2', action='permit', proto='tcp', src_ip='1.1.1.0/24', src_port='lt 42', dst_ip='1.1.0.0/255.0.255.255', dst_port='gt 50', app_type='port', interface_num='2', dir_list=dir_list, count='count', log='' ) test_num += 1 step( '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n' '#### On one port, ACL, and ACE ####\n' '#### deny sctp Host L4 eq any log ####' .format(**locals()) ) common_in_out_apply_one_acl_one_ace_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='3', action='deny', proto='sctp', src_ip='1.1.1.1', src_port='eq 1000', dst_ip='any', dst_port='', app_type='port', interface_num='3', dir_list=dir_list, count='', log='log' ) test_num += 1 step( '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n' '#### On one port, ACL, and ACE ####\n' '#### permit udp Host L4 range Network L4 lt count log ####' .format(**locals()) ) common_in_out_apply_one_acl_one_ace_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='4', action='permit', proto='udp', src_ip='1.1.1.1', src_port='range 1 65534', dst_ip='1.1.1.0/255.255.255.0', dst_port='lt 65535', app_type='port', interface_num='4', dir_list=dir_list, count='count', log='log' ) test_num += 1 step( '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n' '#### On one port, ACL, and ACE ####\n' '#### deny tcp non-contiguous Network gt Network eq ####' .format(**locals()) ) common_in_out_apply_one_acl_one_ace_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='5', action='deny', proto='tcp', src_ip='18.32.144.40/254.228.144.172', src_port='gt 0', dst_ip='1.1.0.0/16', dst_port='eq 42', app_type='port', interface_num='5', dir_list=dir_list, count='', log='' ) test_num += 1 step( '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n' '#### On one port, ACL, and ACE ####\n' '#### permit sctp any Host count ####' .format(**locals()) ) common_in_out_apply_one_acl_one_ace_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='6', action='permit', proto='sctp', src_ip='any', src_port='', dst_ip='1.1.1.1', dst_port='', app_type='port', interface_num='6', dir_list=dir_list, count='count', log='' ) test_num += 1 step( '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n' '#### On one port, ACL, and ACE ####\n' '#### deny icmp any Host log ####' .format(**locals()) ) common_in_out_apply_one_acl_one_ace_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='7', action='deny', proto='icmp', src_ip='any', src_port='', dst_ip='1.1.1.1', dst_port='', app_type='port', interface_num='7', dir_list=dir_list, count='', log='log' ) test_num += 1 step( '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n' '#### On one port, ACL, and ACE ####\n' '#### permit 255 Network Network count log ####' .format(**locals()) ) common_in_out_apply_one_acl_one_ace_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='8', action='permit', proto='255', src_ip='1.1.1.0/24', src_port='', dst_ip='1.1.0.0/255.255.0.0', dst_port='', app_type='port', interface_num='8', dir_list=dir_list, count='count', log='log' ) test_num += 1 step( '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n' '#### On one port, ACL, and ACE ####\n' '#### deny 0 Non-contiguous any ####' .format(**locals()) ) common_in_out_apply_one_acl_one_ace_test( sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='9', action='deny', proto='0', src_ip='255.0.255.255/255.0.255.255', src_port='', dst_ip='any', dst_port='', app_type='port', interface_num='9', dir_list=dir_list, count='', log='' ) # End for dir_list in [['in', 'out'], ['out', 'in']]: test_num += 1 step( '#### T{test_num} Remove Ingress Egress IPV4 ACL ####' .format(**locals()) ) unconfigure_acl(sw=ops1, acl_addr_type='ip', acl_name=acl_name) # Begin testing different Ingress and Egress ACLs applied to one port acl_name_in = 'testIngress' acl_name_out = 'testEgress' test_num += 1 step( '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n' '#### On one port with two ACLs with one ACE each ####\n' '#### Ingress permit udp any Network L4 lt ####\n' '#### Egress deny tcp Host L4 range Network L4 gt ####' .format(**locals()) ) common_in_out_apply_different_acl_test( sw=ops1, acl_addr_type='ip', acl_name_list=[acl_name_in, acl_name_out], seq_num_list=['1', '1'], action_list=['permit', 'deny'], proto_list=['udp', 'tcp'], src_ip_list=['any', '1.1.1.1'], src_port_list=['', 'range 1 2'], dst_ip_list=['1.1.1.0/24', '1.1.0.0/255.255.0.0'], dst_port_list=['lt 42', 'gt 50'], app_type='port', interface_num='1', dir_list=['in', 'out'], count_list=['', ''], log_list=['', ''] ) test_num += 1 step( '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n' '#### On one port with two ACLs with one ACE each count ####\n' '#### Egress deny sctp non-contiguous L4 eq any log ####\n' '#### Ingress permit 250 any Host ####' .format(**locals()) ) common_in_out_apply_different_acl_test( sw=ops1, acl_addr_type='ip', acl_name_list=[acl_name_out, acl_name_in], seq_num_list=['2', '500'], action_list=['deny', 'permit'], proto_list=['sctp', '250'], src_ip_list=['1.0.1.1/255.0.255.255', 'any'], src_port_list=['eq 1024', ''], dst_ip_list=['any', '1.1.1.2'], dst_port_list=['', ''], app_type='port', interface_num='2', dir_list=['out', 'in'], count_list=['count', ''], log_list=['', 'log'] ) test_num += 1 step( '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n' '#### On one port with two ACLs with one ACE each ####\n' '#### Ingress permit icmp any any log ####\n' '#### Egress permit icmp any any count ####' .format(**locals()) ) common_in_out_apply_different_acl_test( sw=ops1, acl_addr_type='ip', acl_name_list=[acl_name_in, acl_name_out], seq_num_list=['4', '4'], action_list=['permit', 'permit'], proto_list=['icmp', 'icmp'], src_ip_list=['any', 'any'], src_port_list=['', ''], dst_ip_list=['any', 'any'], dst_port_list=['', ''], app_type='port', interface_num='3', dir_list=['in', 'out'], count_list=['', 'count'], log_list=['log', ''] ) test_num += 1 step( '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n' '#### On one port with two ACLs with one ACE each ####\n' '#### Egress deny igmp Network Network count log ####\n' '#### Ingress deny pim non-contiguous any count log ####' .format(**locals()) ) common_in_out_apply_different_acl_test( sw=ops1, acl_addr_type='ip', acl_name_list=[acl_name_out, acl_name_in], seq_num_list=['4', '5'], action_list=['deny', 'deny'], proto_list=['igmp', 'pim'], src_ip_list=['1.1.1.0/24', '1.0.1.1/255.0.255.255'], src_port_list=['', ''], dst_ip_list=['1.1.0.0/255.255.0.0', 'any'], dst_port_list=['', ''], app_type='port', interface_num='4', dir_list=['out', 'in'], count_list=['count', 'count'], log_list=['log', 'log'] ) test_num += 1 step( '#### T{test_num} Remove Ingress IPV4 ACL ####' .format(**locals()) ) unconfigure_acl(sw=ops1, acl_addr_type='ip', acl_name=acl_name_in) test_num += 1 step( '#### T{test_num} Remove Ingress IPV4 ACL ####' .format(**locals()) ) unconfigure_acl(sw=ops1, acl_addr_type='ip', acl_name=acl_name_out)
def acl_config_persistance(self, step, step_num, entries_list): self._check_basic_private_variables(step_num) # Verify entries_list is a list of integers with no more than 2 entries # (for now). assert isinstance(entries_list, list) and\ len(entries_list) <= 2 for i in list(range(len(entries_list))): assert isinstance(entries_list[i], int) seq_num = '1' action = 'permit' proto = 'icmp' src_port = '' dst_port = '' count_str = 'count' tx_dir = ['forward', 'reverse'] interface_num_list = [self._pri_int, self._sec_int] acl_name = ['test', 'test2'] range_lt_gt_count = 0 target_ace_list = [] for i in list(range(len(entries_list))): if tx_dir[i] == 'forward': src_ip, dst_ip = self._tx_host_ip, self._rx_host_ip else: dst_ip, src_ip = self._tx_host_ip, self._rx_host_ip step( str(step_num) + '.a Configure an ACL with a %s %s %s %s %s rule' % (action, proto, src_ip, dst_ip, count_str)) configure_acl_l3(self._sw1, self._aclAddrType, acl_name[i], seq_num, action, proto, src_ip, src_port, dst_ip, dst_port, count_str) step( str(step_num) + '.b Configure the ACL another %s random rules (off by one' ' because we already\nconfigured one rule that we will use' ' for traffic tests later)' % (str(entries_list[i] - 1))) for seq in list(range(2, entries_list[i] + 1)): r_action = choice(["permit", "deny"]) r_proto = choice( [str(randrange(1, 255)), 'tcp', 'udp', 'sctp']) r_src_ip = self._rand_ip_address_with_prefix() r_dst_ip = self._rand_ip_address_with_prefix() r_src_port, range_lt_gt_count = self._rand_port( r_proto, range_lt_gt_count) r_dst_port, range_lt_gt_count = self._rand_port( r_proto, range_lt_gt_count) r_count_str = choice(['count', '']) configure_acl_l3(self._sw1, self._aclAddrType, acl_name[i], str(seq), r_action, r_proto, r_src_ip, r_src_port, r_dst_ip, r_dst_port, r_count_str) apply_acl(sw=self._sw1, app_type=self._aclApp, interface_num=interface_num_list[i], acl_addr_type=self._aclAddrType, acl_name=acl_name[i], direction=self._aclDir) self._clear_hitcounts(acl_name[i], interface_num_list[i]) step(str(step_num) + '.c Create and verify ICMP packets') sleep(6) rx_expect = True self._create_and_verify_traffic_l3('ICMP', rx_expect, direction=tx_dir[i]) sleep(6) # delay to retrieve correct hitcount target_ace_list.append('%s %s %s %s %s count' % (seq_num, action, proto, src_ip, dst_ip)) assert (self._get_hitcount( sw=self._sw1, acl_name=acl_name[i], inter_num=interface_num_list[i], target_ace_str=target_ace_list[i]) == '10') # Check the running and startup config are the same before reboot self.print_clr("INFO", "Copying the running config to the startup" " config") self._sw1._shells['vtysh']._timeout = 1500 self._sw1.libs.vtysh.copy_running_config_startup_config() run_res_before_boot = self._sw1.libs.vtysh.show_running_config() start_res_before_boot = self._sw1.libs.vtysh.show_startup_config() assert (run_res_before_boot == start_res_before_boot) self.print_clr("INFO", "Rebooting Switch") reboot_switch(self._sw1) self.print_clr("INFO", "Delaying 60 seconds while switch inits") sleep(60) # Check the running config is still the same as before run_res_after_boot = self._sw1.libs.vtysh.show_running_config() assert (run_res_before_boot == run_res_after_boot) # Check the startup config is the same and the current running start_res_after_boot = self._sw1.libs.vtysh.show_startup_config() assert (run_res_after_boot == start_res_after_boot) # Check that the applied ACL still works along with logging step(str(step_num) + '.d Create and verify ICMP packets') for i in list(range(len(entries_list))): self._clear_hitcounts(acl_name[i], interface_num_list[i]) rx_expect = True self._create_and_verify_traffic_l3('ICMP', rx_expect, direction=tx_dir[i]) sleep(6) # delay tp retrieve correct hitcount assert (self._get_hitcount( sw=self._sw1, acl_name=acl_name[i], inter_num=interface_num_list[i], target_ace_str=target_ace_list[i]) == '10') step(str(step_num) + '.e Remove the configured ACL(s)') for i in list(range(len(entries_list))): unconfigure_acl(self._sw1, self._aclAddrType, acl_name[i])
def common_in_out_apply_different_acl_test( sw, acl_addr_type, acl_name_list, seq_num_list, action_list, proto_list, src_ip_list, src_port_list, dst_ip_list, dst_port_list, app_type, interface_num, dir_list, count_list, log_list ): assert sw is not None assert acl_addr_type in ('ip', 'ipv6', 'mac') assert isinstance(acl_name_list, list) for acl_name in acl_name_list: assert isinstance(acl_name, str) assert isinstance(seq_num_list, list) for seq_num in seq_num_list: assert isinstance(seq_num, str) assert isinstance(action_list, list) for action in action_list: assert action in ('permit', 'deny') assert isinstance(proto_list, list) for proto in proto_list: assert isinstance(proto, str) assert isinstance(src_ip_list, list) for src_ip in src_ip_list: assert isinstance(src_ip, str) assert isinstance(src_port_list, list) for src_port in src_port_list: assert isinstance(src_port, str) assert isinstance(dst_ip_list, list) for dst_ip in dst_ip_list: assert isinstance(dst_ip, str) assert app_type in ('port', 'vlan') assert isinstance(interface_num, str) assert isinstance(dir_list, list) for direction in dir_list: assert direction in ['in', 'out'] assert isinstance(count_list, list) for count in count_list: assert count in ('count', '') assert isinstance(log_list, list) for log in log_list: assert log in ('log', '') # For each acl named, there needs to be one ACE and one direction for the # acl to applied to the one interface for i in list(range(len(acl_name_list))): configure_acl_l3( sw=sw, acl_addr_type=acl_addr_type, acl_name=acl_name_list[i], seq_num=seq_num_list[i], action=action_list[i], proto=proto_list[i], src_ip=src_ip_list[i], src_port=src_port_list[i], dst_ip=dst_ip_list[i], dst_port=dst_port_list[i], count=count_list[i], log=log_list[i] ) for i in list(range(len(acl_name_list))): apply_acl( sw=sw, app_type=app_type, interface_num=interface_num, acl_addr_type=acl_addr_type, acl_name=acl_name_list[i], direction=dir_list[i] ) for i in list(range(len(acl_name_list))): no_apply_interface( sw=sw, app_type=app_type, interface_num=interface_num, acl_addr_type=acl_addr_type, acl_name=acl_name_list[i], direction=dir_list[i] ) for i in list(range(len(acl_name_list))): unconfigure_ace( sw=sw, acl_addr_type=acl_addr_type, acl_name=acl_name_list[i], seq_num=seq_num_list[i] )