def test_vlan_id_filter():
print 'Creating ACL table'
table_id = nas_acl.create_table('INGRESS', 100,
['OUTER_VLAN_ID', 'INNER_VLAN_ID'])
print 'Table ID: %d' % table_id
print 'Creating ACL entry'
entry_id_1 = nas_acl.create_entry(table_id, 1, {
'OUTER_VLAN_ID': {
'data': 0
},
'INNER_VLAN_ID': {
'data': 0
}
}, {'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id_1
entry_id_2 = nas_acl.create_entry(table_id, 2, {
'OUTER_VLAN_ID': {
'data': 100
},
'INNER_VLAN_ID': {
'data': 200
}
}, {'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id_2
nas_acl.print_entry(table_id)
print 'Deleting ACL entry'
nas_acl.delete_entry(table_id, entry_id_1)
nas_acl.delete_entry(table_id, entry_id_2)
print 'Deleting ACL table'
nas_acl.delete_table(table_id)
def acl_ut_entry_get(table_id=None, entry_id=None):
global total, passed
total.append(sys._getframe().f_code.co_name)
try:
print '#### Entry Show ####'
nas_acl.print_entry(table_id, entry_id)
passed.append(sys._getframe().f_code.co_name)
except RuntimeError:
print (sys._getframe().f_code.co_name + ": Error in Get")
def acl_ut_entry_get(table_id=None, entry_id=None):
global total, passed
total.append(sys._getframe().f_code.co_name)
try:
print '#### Entry Show ####'
nas_acl.print_entry(table_id, entry_id)
passed.append(sys._getframe().f_code.co_name)
except RuntimeError:
print (sys._getframe().f_code.co_name + ": Error in Get")
def main():
tid = nas_acl.create_table(stage='EGRESS',
prio=99,
allow_filters=[
'SRC_IP', 'DST_IP', 'IN_PORT', 'OUT_PORT',
'L4_SRC_PORT', 'L4_DST_PORT'
])
#
# ACL Entry to drop all packets received from DST_IP on L4_DST_PORT
#
# ACL counter to count number of dropped packets
#counter_mac = nas_acl.create_counter(table_id=tid, types=['PACKET'])
# CPS Create the ACL entry
eid_tcp = nas_acl.create_entry(table_id=tid,
prio=512,
filter_map={
'SRC_IP': {
'addr': '23.0.0.1',
'mask': '255.0.0.0'
},
'L4_SRC_PORT': 443,
},
action_map={'PACKET_ACTION': 'DROP'})
"""
eid_ip = nas_acl.create_entry(table_id=tid,
prio=511,
filter_map={'DST_IP': '23.0.0.1',
'DSCP': {'data':0x08, 'mask':0x38}},
action_map={'SET_TC': 4,
'SET_COUNTER': counter_ip})
"""
# Print both entries in ACL table
nas_acl.print_entry(tid)
#return tid,eid_mac
#raw_input("Press Enter to clean up the ACL entries and table ...")
# Print the ACL stats object
#nas_acl.print_stats(tid, counter_ip)
nas_acl.print_stats(tid)
def test_update_entry_action():
print 'Creating ACL table'
table_id = nas_acl.create_table('INGRESS', 100, ['IN_INTF'])
print 'Table ID: %d' % table_id
print 'Creating ACL entry'
entry_id = nas_acl.create_entry(table_id, 1, {'IN_INTF': 'e101-001-0'},
{'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id
print 'Trying to set user trap ID with drop action (expected fail)'
with pytest.raises(RuntimeError):
nas_acl.replace_entry_action_list(table_id, entry_id, {
'PACKET_ACTION': 'DROP',
'SET_USER_TRAP_ID': 2
})
nas_acl.print_entry(table_id, entry_id)
print 'Trying to set user trap ID with trap to CPU action'
try:
nas_acl.replace_entry_action_list(table_id, entry_id, {
'PACKET_ACTION': 'TRAP_TO_CPU',
'SET_USER_TRAP_ID': 2
})
except RuntimeError:
assert False
nas_acl.print_entry(table_id, entry_id)
print 'Restoring ACL entry actions'
try:
nas_acl.replace_entry_action_list(table_id, entry_id,
{'PACKET_ACTION': 'DROP'})
except RuntimeError:
assert False
nas_acl.print_entry(table_id, entry_id)
print 'Deleting ACL entry'
nas_acl.delete_entry(table_id, entry_id)
print 'Deleting ACL table'
nas_acl.delete_table(table_id)
def test_bridge_type_filter():
print 'Createing Ingress ACL table'
ing_table_id = nas_acl.create_table('INGRESS', 101, ['BRIDGE_TYPE'])
print 'Table ID: %d' % ing_table_id
print 'Creating Ingress ACL entry'
entry_id_1 = nas_acl.create_entry(ing_table_id, 1,
{'BRIDGE_TYPE': 'BRIDGE_1Q'},
{'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id_1
entry_id_2 = nas_acl.create_entry(ing_table_id, 2,
{'BRIDGE_TYPE': 'BRIDGE_1D'},
{'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id_2
nas_acl.print_entry(ing_table_id)
print 'Createing Egress ACL table'
eg_table_id = nas_acl.create_table('EGRESS', 101, ['BRIDGE_TYPE'])
print 'Table ID: %d' % eg_table_id
print 'Creating Egress ACL entry'
entry_id_3 = nas_acl.create_entry(eg_table_id, 1,
{'BRIDGE_TYPE': 'BRIDGE_1Q'},
{'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id_3
entry_id_4 = nas_acl.create_entry(eg_table_id, 2,
{'BRIDGE_TYPE': 'BRIDGE_1D'},
{'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id_4
nas_acl.print_entry(eg_table_id)
print 'Deleting ACL entry'
nas_acl.delete_entry(ing_table_id, entry_id_1)
nas_acl.delete_entry(ing_table_id, entry_id_2)
nas_acl.delete_entry(eg_table_id, entry_id_3)
nas_acl.delete_entry(eg_table_id, entry_id_4)
print 'Deleting ACL table'
nas_acl.delete_table(ing_table_id)
nas_acl.delete_table(eg_table_id)
eid_ip = nas_acl.create_entry(table_id=tid,
prio=511,
filter_map={
'DST_IP': '23.0.0.1',
'DSCP': {
'data': 0x08,
'mask': 0x38
}
},
action_map={
'SET_TC': 4,
'SET_COUNTER': counter_ip
})
# Print both entries in ACL table
nas_acl.print_entry(tid)
raw_input("Press Enter to clean up the ACL entries and table ...")
# Print the ACL stats object
nas_acl.print_stats(tid, counter_ip)
nas_acl.print_stats(tid, counter_mac)
# Clean up
nas_acl.delete_entry(tid, eid_ip)
nas_acl.delete_entry(tid, eid_mac)
nas_acl.delete_counter(tid, counter_ip)
nas_acl.delete_counter(tid, counter_mac)
nas_acl.delete_table(tid)
print "Clean up Successful"
'PACKET_ACTION': 'COPY_TO_CPU',
'SET_COUNTER': counter_id,
# Attach internal object to
# ACL action
'MIRROR_INGRESS':
{'index': mirr_id_1, 'data': mirr_opq_1} # Attaching external obj
# to ACL action
}
# Create an ACL entry with above filters and actions
eid = nas_acl.create_entry(
table_id=tid,
prio=sys.argv[2],
filter_map=filters,
action_map=actions)
nas_acl.print_entry(tid, eid)
try:
# Add another filter to the ACL entry
nas_acl.append_entry_filter(
table_id=tid,
entry_id=eid,
filter_type='DST_IP',
filter_val={
'addr': '23.0.0.1',
'mask': '255.0.0.255'})
print "Added new DST IP filter"
nas_acl.print_entry(tid, eid)
# Or change value of existing filter
nas_acl.mod_entry_filter(
def __show_entry():
nas_acl.print_entry()
