def acl_replace_with_icmp_traffic(self, step, step_num):
        self._check_basic_private_variables(step_num)

        acl_name = 'test'

        action = 'permit'
        src_ip = self._tx_host_ip
        dst_ip = self._rx_host_ip

        seq_num = '1'
        proto = 'icmp'
        src_port = ''
        dst_port = ''
        count_str = ''

        step(str(step_num) +
             '.a Configure an ACL with a %s icmp %s %s rule'
             % (action, src_ip, dst_ip))
        configure_acl_l3(
            self._sw1, self._aclAddrType, acl_name, seq_num, action, proto,
            src_ip, src_port, dst_ip, dst_port, count_str
        )

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._pri_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name,
                  direction=self._aclDir)

        step(str(step_num) + '.b Create and verify ICMP packets')
        rx_expect = True
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        step(str(step_num) +
             '.c Create new ACL with a %s icmp %s %s rule and apply to same'
             'port'
             % (action, src_ip, dst_ip))
        acl_name2 = 'test2'
        action = 'deny'
        configure_acl_l3(
            self._sw1, self._aclAddrType, acl_name2, seq_num, action, proto,
            src_ip, src_port, dst_ip, dst_port, count_str
        )

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._pri_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name2,
                  direction=self._aclDir)

        step(str(step_num) + '.b Create and verify ICMP packets')
        rx_expect = False
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        step(str(step_num) + '.f Remove the configured ACL')
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name2)
    def acl_deny_udp_on_multiple_ports(self, step, step_num):
        self._check_basic_private_variables(step_num)
        assert self._sec_int is not None

        acl_name = 'test'

        step(
            str(step_num) +
            '.a Configure an ACL with a deny udp and permit icmp rule')

        seq_num = '1'
        action = 'deny'
        proto = 'udp'
        src_ip = self._tx_host_ip
        src_port = ''
        dst_ip = self._rx_host_ip
        dst_port = ''
        count_str = ''
        configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num,
                         action, proto, src_ip, src_port, dst_ip, dst_port,
                         count_str)

        seq_num = '2'
        action = 'permit'
        proto = 'icmp'
        src_ip = 'any'
        dst_ip = 'any'
        configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num,
                         action, proto, src_ip, src_port, dst_ip, dst_port,
                         count_str)

        for inter_num in (self._pri_int, self._sec_int):
            apply_acl(sw=self._sw1,
                      app_type=self._aclApp,
                      interface_num=inter_num,
                      acl_addr_type=self._aclAddrType,
                      acl_name=acl_name,
                      direction=self._aclDir)

        step(str(step_num) + '.b Create and verify UDP packets')
        rx_expect = False
        self._create_and_verify_traffic_l3('UDP', rx_expect)

        step(str(step_num) + '.c Create and verify reverse UDP packets')
        self._create_and_verify_traffic_l3('UDP',
                                           rx_expect,
                                           direction='reverse')

        step(str(step_num) + '.d Create and verify ICMP packets')
        rx_expect = True
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        step(str(step_num) + '.e Create and verify reverse ICMP packets')
        self._create_and_verify_traffic_l3('ICMP',
                                           rx_expect,
                                           direction='reverse')

        step(str(step_num) + '.f Remove the configured ACL')
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
    def acl_permit_icmp_on_multiple_ports(self, step, step_num):
        self._check_basic_private_variables(step_num)

        acl_name = 'test'

        action = 'permit'
        src_ip = self._tx_host_ip
        dst_ip = self._rx_host_ip
        step(str(step_num) +
             '.a Configure an ACL with a %s icmp %s %s rule'
             % (action, src_ip, dst_ip))

        seq_num = '11'
        proto = 'icmp'
        src_port = ''
        dst_port = ''
        count_str = ''
        configure_acl_l3(
            self._sw1, self._aclAddrType, acl_name, seq_num, action, proto,
            src_ip, src_port, dst_ip, dst_port, count_str
        )

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._pri_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name,
                  direction=self._aclDir)

        # Switching the src_ip and the dst_ip
        src_ip = self._rx_host_ip
        dst_ip = self._tx_host_ip
        step(str(step_num) +
             '.b Add to an ACL with a %s icmp %s %s rule'
             % (action, src_ip, dst_ip))
        seq_num = '12'
        configure_acl_l3(
            self._sw1, self._aclAddrType, acl_name, seq_num, action, proto,
            src_ip, src_port, dst_ip, dst_port, count_str
        )

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._sec_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name,
                  direction=self._aclDir)

        step(str(step_num) + '.d Create and verify ICMP packets')
        rx_expect = True
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        step(str(step_num) + '.e Create and verify reverse ICMP packets')
        self._create_and_verify_traffic_l3('ICMP', rx_expect,
                                           direction='reverse')

        step(str(step_num) + '.f Remove the configured ACL')
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
    def acl_deny_udp_on_multiple_ports(self, step, step_num):
        self._check_basic_private_variables(step_num)
        assert self._sec_int is not None

        acl_name = 'test'

        step(str(step_num) +
             '.a Configure an ACL with a deny udp and permit icmp rule')

        seq_num = '1'
        action = 'deny'
        proto = 'udp'
        src_ip = self._tx_host_ip
        src_port = ''
        dst_ip = self._rx_host_ip
        dst_port = ''
        count_str = ''
        configure_acl_l3(
            self._sw1, self._aclAddrType, acl_name, seq_num, action, proto,
            src_ip, src_port, dst_ip, dst_port, count_str
        )

        seq_num = '2'
        action = 'permit'
        proto = 'icmp'
        src_ip = 'any'
        dst_ip = 'any'
        configure_acl_l3(
            self._sw1, self._aclAddrType, acl_name, seq_num, action, proto,
            src_ip, src_port, dst_ip, dst_port, count_str
        )

        for inter_num in (self._pri_int, self._sec_int):
            apply_acl(sw=self._sw1,
                      app_type=self._aclApp,
                      interface_num=inter_num,
                      acl_addr_type=self._aclAddrType,
                      acl_name=acl_name,
                      direction=self._aclDir)

        step(str(step_num) + '.b Create and verify UDP packets')
        rx_expect = False
        self._create_and_verify_traffic_l3('UDP', rx_expect)

        step(str(step_num) + '.c Create and verify reverse UDP packets')
        self._create_and_verify_traffic_l3('UDP', rx_expect,
                                           direction='reverse')

        step(str(step_num) + '.d Create and verify ICMP packets')
        rx_expect = True
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        step(str(step_num) + '.e Create and verify reverse ICMP packets')
        self._create_and_verify_traffic_l3('ICMP', rx_expect,
                                           direction='reverse')

        step(str(step_num) + '.f Remove the configured ACL')
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
    def acl_replace_with_icmp_traffic(self, step, step_num):
        self._check_basic_private_variables(step_num)

        acl_name = 'test'

        action = 'permit'
        src_ip = self._tx_host_ip
        dst_ip = self._rx_host_ip

        seq_num = '1'
        proto = 'icmp'
        src_port = ''
        dst_port = ''
        count_str = ''

        step(
            str(step_num) + '.a Configure an ACL with a %s icmp %s %s rule' %
            (action, src_ip, dst_ip))
        configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num,
                         action, proto, src_ip, src_port, dst_ip, dst_port,
                         count_str)

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._pri_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name,
                  direction=self._aclDir)

        step(str(step_num) + '.b Create and verify ICMP packets')
        rx_expect = True
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        step(
            str(step_num) +
            '.c Create new ACL with a %s icmp %s %s rule and apply to same'
            'port' % (action, src_ip, dst_ip))
        acl_name2 = 'test2'
        action = 'deny'
        configure_acl_l3(self._sw1, self._aclAddrType, acl_name2, seq_num,
                         action, proto, src_ip, src_port, dst_ip, dst_port,
                         count_str)

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._pri_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name2,
                  direction=self._aclDir)

        step(str(step_num) + '.b Create and verify ICMP packets')
        rx_expect = False
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        step(str(step_num) + '.f Remove the configured ACL')
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name2)
    def acl_permit_icmp_on_multiple_ports(self, step, step_num):
        self._check_basic_private_variables(step_num)

        acl_name = 'test'

        action = 'permit'
        src_ip = self._tx_host_ip
        dst_ip = self._rx_host_ip
        step(
            str(step_num) + '.a Configure an ACL with a %s icmp %s %s rule' %
            (action, src_ip, dst_ip))

        seq_num = '11'
        proto = 'icmp'
        src_port = ''
        dst_port = ''
        count_str = ''
        configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num,
                         action, proto, src_ip, src_port, dst_ip, dst_port,
                         count_str)

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._pri_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name,
                  direction=self._aclDir)

        # Switching the src_ip and the dst_ip
        src_ip = self._rx_host_ip
        dst_ip = self._tx_host_ip
        step(
            str(step_num) + '.b Add to an ACL with a %s icmp %s %s rule' %
            (action, src_ip, dst_ip))
        seq_num = '12'
        configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num,
                         action, proto, src_ip, src_port, dst_ip, dst_port,
                         count_str)

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._sec_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name,
                  direction=self._aclDir)

        step(str(step_num) + '.d Create and verify ICMP packets')
        rx_expect = True
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        step(str(step_num) + '.e Create and verify reverse ICMP packets')
        self._create_and_verify_traffic_l3('ICMP',
                                           rx_expect,
                                           direction='reverse')

        step(str(step_num) + '.f Remove the configured ACL')
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
    def acl_modify_after_sending_udp_traffic(self, step, step_num):
        self._check_basic_private_variables(step_num)

        acl_name = 'test'

        action = 'permit'
        src_ip = self._tx_host_ip
        dst_ip = self._rx_host_ip
        step(str(step_num) +
             '.a Configure an ACL with 1 %s udp %s %s rule'
             % (action, src_ip, dst_ip))

        seq_num = '1'
        proto = 'udp'
        src_port = ''
        dst_port = ''
        count_str = ''
        configure_acl_l3(
            self._sw1, self._aclAddrType, acl_name, seq_num, action, proto,
            src_ip, src_port, dst_ip, dst_port, count_str
        )

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._pri_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name,
                  direction=self._aclDir)

        step(str(step_num) + '.b Create and verify UDP packets')
        rx_expect = True
        self._create_and_verify_traffic_l3('UDP', rx_expect)

        step(str(step_num) + '.c Create and verify other UDP packets')
        rx_expect = False
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        action = 'deny'
        step(str(step_num) +
             '.d Modify ACL with 1 %s udp %s %s rule'
             % (action, src_ip, dst_ip))
        configure_acl_l3(
            self._sw1, self._aclAddrType, acl_name, seq_num, action, proto,
            src_ip, src_port, dst_ip, dst_port, count_str
        )

        step(str(step_num) + '.e Create and verify UDP packets')
        rx_expect = False
        self._create_and_verify_traffic_l3('UDP', rx_expect)

        step(str(step_num) + '.f Create and verify other UDP packets')
        rx_expect = False
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        step(str(step_num) + '.g Remove the configured ACL')
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
    def acl_modify_after_sending_udp_traffic(self, step, step_num):
        self._check_basic_private_variables(step_num)

        acl_name = 'test'

        action = 'permit'
        src_ip = self._tx_host_ip
        dst_ip = self._rx_host_ip
        step(
            str(step_num) + '.a Configure an ACL with 1 %s udp %s %s rule' %
            (action, src_ip, dst_ip))

        seq_num = '1'
        proto = 'udp'
        src_port = ''
        dst_port = ''
        count_str = ''
        configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num,
                         action, proto, src_ip, src_port, dst_ip, dst_port,
                         count_str)

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._pri_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name,
                  direction=self._aclDir)

        step(str(step_num) + '.b Create and verify UDP packets')
        rx_expect = True
        self._create_and_verify_traffic_l3('UDP', rx_expect)

        step(str(step_num) + '.c Create and verify other UDP packets')
        rx_expect = False
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        action = 'deny'
        step(
            str(step_num) + '.d Modify ACL with 1 %s udp %s %s rule' %
            (action, src_ip, dst_ip))
        configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num,
                         action, proto, src_ip, src_port, dst_ip, dst_port,
                         count_str)

        step(str(step_num) + '.e Create and verify UDP packets')
        rx_expect = False
        self._create_and_verify_traffic_l3('UDP', rx_expect)

        step(str(step_num) + '.f Create and verify other UDP packets')
        rx_expect = False
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        step(str(step_num) + '.g Remove the configured ACL')
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
    def acl_permit_icmp_hitcount(self, step, step_num):
        self._check_basic_private_variables(step_num)

        acl_name = 'test'

        action = 'permit'
        src_ip = self._tx_host_ip
        dst_ip = self._rx_host_ip
        count_str = 'count'
        step(
            str(step_num) +
            '.a Configure an ACL with a %s icmp %s %s %s rule' %
            (action, src_ip, dst_ip, count_str))

        seq_num = '50'
        proto = 'icmp'
        src_port = ''
        dst_port = ''
        configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num,
                         action, proto, src_ip, src_port, dst_ip, dst_port,
                         count_str)

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._pri_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name,
                  direction=self._aclDir)

        step(str(step_num) + '.b Create and verify ICMP packets')
        self._clear_hitcounts(acl_name, self._pri_int)
        self.print_clr("INFO", "Delaying 6 seconds to allow the acl to be"
                       " applied")
        sleep(6)
        rx_expect = True
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        # delay added to retrieve correct hitcount
        self.print_clr(
            "INFO", "Delaying 6 seconds to allow the hits to show"
            " up in the osvdb")
        sleep(6)
        assert (self._get_hitcount(
            sw=self._sw1,
            acl_name=acl_name,
            inter_num=self._pri_int,
            target_ace_str='%s %s %s %s %s count' %
            (seq_num, action, proto, src_ip, dst_ip)) == '10')

        step(str(step_num) + '.f Remove the configured ACL')
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
    def acl_permit_icmp_hitcount(self, step, step_num):
        self._check_basic_private_variables(step_num)

        acl_name = 'test'

        action = 'permit'
        src_ip = self._tx_host_ip
        dst_ip = self._rx_host_ip
        count_str = 'count'
        step(str(step_num) +
             '.a Configure an ACL with a %s icmp %s %s %s rule'
             % (action, src_ip, dst_ip, count_str))

        seq_num = '50'
        proto = 'icmp'
        src_port = ''
        dst_port = ''
        configure_acl_l3(
            self._sw1, self._aclAddrType, acl_name, seq_num, action, proto,
            src_ip, src_port, dst_ip, dst_port, count_str
        )

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._pri_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name,
                  direction=self._aclDir)

        step(str(step_num) + '.b Create and verify ICMP packets')
        self._clear_hitcounts(acl_name, self._pri_int)
        self.print_clr("INFO", "Delaying 6 seconds to allow the acl to be"
                       " applied")
        sleep(6)
        rx_expect = True
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        # delay added to retrieve correct hitcount
        self.print_clr("INFO", "Delaying 6 seconds to allow the hits to show"
                       " up in the osvdb")
        sleep(6)
        assert(self._get_hitcount(sw=self._sw1, acl_name=acl_name,
                                  inter_num=self._pri_int,
                                  target_ace_str='%s %s %s %s %s count'
                                  % (seq_num, action, proto, src_ip, dst_ip))
               == '10')

        step(str(step_num) + '.f Remove the configured ACL')
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
def common_in_out_apply_one_acl_one_ace_test(
        sw, acl_addr_type, acl_name, seq_num, action, proto,
        src_ip, src_port, dst_ip, dst_port, app_type, interface_num,
        dir_list, count, log
        ):

    assert sw is not None
    assert acl_addr_type in ('ip', 'ipv6', 'mac')
    assert isinstance(acl_name, str)
    assert isinstance(seq_num, str)
    assert action in ('permit', 'deny')
    assert isinstance(proto, str)
    assert isinstance(src_ip, str)
    assert isinstance(src_port, str)
    assert isinstance(dst_ip, str)
    assert isinstance(dst_port, str)
    assert app_type in ('port', 'vlan')
    assert isinstance(interface_num, str)
    assert isinstance(dir_list, list)
    assert count in ('count', '')
    assert log in ('log', '')

    for direction in dir_list:
        assert direction in ['in', 'out']

    configure_acl_l3(
        sw=sw, acl_addr_type=acl_addr_type, acl_name=acl_name, seq_num=seq_num,
        action=action, proto=proto, src_ip=src_ip,
        src_port=src_port, dst_ip=dst_ip, dst_port=dst_port, count=count,
        log=log
        )
    for direction in dir_list:
        apply_acl(
            sw=sw, app_type=app_type, interface_num=interface_num,
            acl_addr_type=acl_addr_type, acl_name=acl_name, direction=direction
            )
    for direction in dir_list:
        no_apply_interface(
            sw=sw, app_type=app_type, interface_num=interface_num,
            acl_addr_type=acl_addr_type, acl_name=acl_name, direction=direction
            )
    unconfigure_ace(
        sw=sw, acl_addr_type=acl_addr_type, acl_name=acl_name,
        seq_num=seq_num
        )
    def acl_action_udp_dotted_netmask(self, step, step_num, action_str):
        self._check_basic_private_variables(step_num)

        assert isinstance(action_str, str) and \
            action_str in ('permit', 'deny')

        acl_name = 'test'

        src_ip = self._rm_host_num_and_add_prefix(self._tx_host_ip,
                                                  '255.255.255.254')
        dst_ip = self._rm_host_num_and_add_prefix(self._rx_host_ip,
                                                  '255.255.255.0')
        step(str(step_num) +
             '.a Configure an ACL with 1 %s udp %s %s rule'
             % (action_str, src_ip, dst_ip))

        seq_num = '1'
        action = action_str
        proto = 'udp'
        src_port = ''
        dst_port = ''
        count_str = ''
        configure_acl_l3(
            self._sw1, self._aclAddrType, acl_name, seq_num, action, proto,
            src_ip, src_port, dst_ip, dst_port, count_str
        )

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._pri_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name,
                  direction=self._aclDir)

        step(str(step_num) + '.b Create and verify UDP packets')
        rx_expect = True if action_str == 'permit' else False
        self._create_and_verify_traffic_l3('UDP', rx_expect)

        step(str(step_num) + '.c Create and verify ICMP packets')
        rx_expect = False
        self._create_and_verify_traffic_l3('ICMP', rx_expect)

        step(str(step_num) + '.d Remove the configured ACL')
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
예제 #13
0
    def acl_action_udp_sport_eq_param(self, step, step_num, action_str):
        self._check_basic_private_variables(step_num)

        assert isinstance(action_str, str) and \
            action_str in ('permit', 'deny')

        acl_name = 'test'

        src_ip = self._tx_host_ip
        src_port = 'eq 5555'
        dst_ip = self._rx_host_ip
        step(
            str(step_num) + '.a Configure an ACL with 1 %s udp %s %s %s rule' %
            (action_str, src_ip, src_port, dst_ip))

        seq_num = '1'
        action = action_str
        proto = 'udp'
        dst_port = ''
        count_str = ''
        configure_acl_l3(self._sw1, self._aclAddrType, acl_name, seq_num,
                         action, proto, src_ip, src_port, dst_ip, dst_port,
                         count_str)

        apply_acl(sw=self._sw1,
                  app_type=self._aclApp,
                  interface_num=self._pri_int,
                  acl_addr_type=self._aclAddrType,
                  acl_name=acl_name,
                  direction=self._aclDir)

        step(str(step_num) + '.b Create and verify UDP packets')
        rx_expect = True if action_str == 'permit' else False
        self._create_and_verify_traffic_l3('UDP', rx_expect)

        step(str(step_num) + '.c Create and verify other UDP packets')
        rx_expect = False
        self._create_and_verify_traffic_l3('UDP',
                                           rx_expect,
                                           src_port='1000',
                                           dst_port='5555')

        step(str(step_num) + '.d Remove the configured ACL')
        unconfigure_acl(self._sw1, self._aclAddrType, acl_name)
    def acl_config_persistance(self, step, step_num, entries_list):
        self._check_basic_private_variables(step_num)

        # Verify entries_list is a list of integers with no more than 2 entries
        # (for now).
        assert isinstance(entries_list, list) and\
            len(entries_list) <= 2
        for i in list(range(len(entries_list))):
            assert isinstance(entries_list[i], int)

        seq_num = '1'
        action = 'permit'
        proto = 'icmp'
        src_port = ''
        dst_port = ''
        count_str = 'count'

        tx_dir = ['forward', 'reverse']
        interface_num_list = [self._pri_int, self._sec_int]
        acl_name = ['test', 'test2']
        range_lt_gt_count = 0
        target_ace_list = []
        for i in list(range(len(entries_list))):
            if tx_dir[i] == 'forward':
                src_ip, dst_ip = self._tx_host_ip, self._rx_host_ip
            else:
                dst_ip, src_ip = self._tx_host_ip, self._rx_host_ip
            step(str(step_num) +
                 '.a Configure an ACL with a %s %s %s %s %s rule'
                 % (action, proto, src_ip, dst_ip, count_str))

            configure_acl_l3(
                self._sw1, self._aclAddrType, acl_name[i], seq_num, action,
                proto, src_ip, src_port, dst_ip, dst_port, count_str
            )

            step(str(step_num) +
                 '.b Configure the ACL another %s random rules (off by one'
                 ' because we already\nconfigured one rule that we will use'
                 ' for traffic tests later)' % (str(entries_list[i] - 1)))
            for seq in list(range(2, entries_list[i] + 1)):
                r_action = choice(["permit", "deny"])
                r_proto = choice([str(randrange(1, 255)), 'tcp', 'udp',
                                  'sctp'])
                r_src_ip = self._rand_ip_address_with_prefix()
                r_dst_ip = self._rand_ip_address_with_prefix()
                r_src_port, range_lt_gt_count = self._rand_port(
                                                    r_proto,
                                                    range_lt_gt_count
                                                    )
                r_dst_port, range_lt_gt_count = self._rand_port(
                                                    r_proto,
                                                    range_lt_gt_count
                                                    )
                r_count_str = choice(['count', ''])
                configure_acl_l3(
                    self._sw1, self._aclAddrType,
                    acl_name[i], str(seq),
                    r_action, r_proto,
                    r_src_ip, r_src_port,
                    r_dst_ip, r_dst_port,
                    r_count_str
                )

            apply_acl(sw=self._sw1,
                      app_type=self._aclApp,
                      interface_num=interface_num_list[i],
                      acl_addr_type=self._aclAddrType,
                      acl_name=acl_name[i],
                      direction=self._aclDir)

            self._clear_hitcounts(acl_name[i], interface_num_list[i])
            step(str(step_num) + '.c Create and verify ICMP packets')
            sleep(6)
            rx_expect = True
            self._create_and_verify_traffic_l3('ICMP', rx_expect,
                                               direction=tx_dir[i])
            sleep(6)  # delay to retrieve correct hitcount
            target_ace_list.append('%s %s %s %s %s count'
                                   % (seq_num, action, proto, src_ip, dst_ip))
            assert(self._get_hitcount(sw=self._sw1, acl_name=acl_name[i],
                                      inter_num=interface_num_list[i],
                                      target_ace_str=target_ace_list[i])
                   == '10')

        # Check the running and startup config are the same before reboot
        self.print_clr("INFO", "Copying the running config to the startup"
                       " config")
        self._sw1._shells['vtysh']._timeout = 1500
        self._sw1.libs.vtysh.copy_running_config_startup_config()
        run_res_before_boot = self._sw1.libs.vtysh.show_running_config()
        start_res_before_boot = self._sw1.libs.vtysh.show_startup_config()
        assert(run_res_before_boot == start_res_before_boot)

        self.print_clr("INFO", "Rebooting Switch")
        reboot_switch(self._sw1)
        self.print_clr("INFO", "Delaying 60 seconds while switch inits")
        sleep(60)

        # Check the running config is still the same as before
        run_res_after_boot = self._sw1.libs.vtysh.show_running_config()
        assert(run_res_before_boot == run_res_after_boot)

        # Check the startup config is the same and the current running
        start_res_after_boot = self._sw1.libs.vtysh.show_startup_config()
        assert(run_res_after_boot == start_res_after_boot)

        # Check that the applied ACL still works along with logging
        step(str(step_num) + '.d Create and verify ICMP packets')
        for i in list(range(len(entries_list))):
            self._clear_hitcounts(acl_name[i], interface_num_list[i])
            rx_expect = True
            self._create_and_verify_traffic_l3('ICMP', rx_expect,
                                               direction=tx_dir[i])
            sleep(6)  # delay tp retrieve correct hitcount
            assert(self._get_hitcount(sw=self._sw1, acl_name=acl_name[i],
                                      inter_num=interface_num_list[i],
                                      target_ace_str=target_ace_list[i])
                   == '10')

        step(str(step_num) + '.e Remove the configured ACL(s)')
        for i in list(range(len(entries_list))):
            unconfigure_acl(self._sw1, self._aclAddrType, acl_name[i])
def test_ace_apply(topology, step):
    test_num = 0

    """
    Test apply of ACEs to ports.

    Build a topology of one switch. Tested the ability to properly add ACL,
    delete ACL.
    """
    ops1 = topology.get('ops1')
    assert ops1 is not None

    acl_name = 'test1'
    seq_num = '1'

    test_num += 1
    step(
        '#### T{test_num} Add Permit ACE ####\n'
        '#### to existing IPv4 ACL ####'
        .format(**locals())
        )
    configure_acl_l3(
        sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num,
        action='permit', proto='pim', src_ip='1.2.3.4', src_port='',
        dst_ip='5.6.7.8', dst_port='', count='', log=''
        )

    test_num += 1
    step(
        '#### T{test_num} Add Deny ACE ####\n'
        '#### to existing IPv4 ACL ####'
        .format(**locals())
        )
    configure_acl_l3(
        sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num,
        action='deny', proto='igmp', src_ip='1.2.3.4', src_port='',
        dst_ip='5.6.7.8', dst_port='', count='', log=''
        )

    test_num += 1
    step(
        '#### T{test_num} Add Permit ACE ####\n'
        '#### to existing IPv4 ACL ####\n'
        '#### with just count ####'
        .format(**locals())
        )
    configure_acl_l3(
        sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num,
        action='permit', proto='igmp', src_ip='9.10.11.12', src_port='',
        dst_ip='13.14.15.16', dst_port='', count='count', log=''
        )

    test_num += 1
    step(
        '#### T{test_num} Add Permit ACE ####\n'
        '#### to existing IPv4 ACL ####\n'
        '#### with count and log ####'
        .format(**locals())
        )
    configure_acl_l3(
        sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num,
        action='permit', proto='igmp', src_ip='17.18.19.20', src_port='',
        dst_ip='21.22.23.24', dst_port='', count='count', log='log'
        )

    test_num += 1
    step(
        '#### T{test_num} Add Permit ACE ####\n'
        '#### to existing IPv4 ACL ####\n'
        '#### with just log ####'
        .format(**locals())
        )
    configure_acl_l3(
        sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num,
        action='permit', proto='igmp', src_ip='25.26.27.28', src_port='',
        dst_ip='29.30.31.32', dst_port='', count='', log='log'
        )

    test_num += 1
    step(
        '#### T{test_num} Remove ACE ####\n'
        '#### from existing IPv4 ACL ####'
        .format(**locals())
        )
    unconfigure_ace(
        sw=ops1, acl_addr_type='ip', acl_name=acl_name,
        seq_num=seq_num
        )

    test_num += 1
    step(
        '#### T{test_num} Remove IPv4 ACL ####'
        .format(**locals())
        )
    unconfigure_acl(sw=ops1, acl_addr_type='ip', acl_name=acl_name)

    for direction in ['in', 'out']:

        dir_synonym = "Ingress" if direction == 'in' else "Egress"
        acl_name = 'testApplyACL_{dir_synonym}'.format(**locals())

        test_num += 1
        step(
            '## T{test_num} Applying {dir_synonym} IPV4 ACL  ##\n'
            '#### T{test_num}a Apply {dir_synonym} IPV4 ACL ####\n'
            '#### to interface ####\n'
            '#### ACL does not exist ####'
            .format(**locals())
            )
        with pytest.raises(exceptions.AclDoesNotExistException):
            apply_acl(
                sw=ops1, app_type='port', interface_num='4',
                acl_addr_type='ip', acl_name=acl_name, direction=direction
                )

        step(
            '#### T{test_num}b Apply {dir_synonym} IPV4 ACL ####\n'
            '#### to interface ####\n'
            '#### igmp protocol ####'
            .format(**locals())
            )
        seq_num = '4'
        configure_acl_l3(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num,
            action='permit', proto='igmp', src_ip='1.2.3.4/255.0.0.0',
            src_port='', dst_ip='5.6.7.8/255.255.0.0', dst_port='', count='',
            log=''
            )
        interface_num = '4'
        apply_acl(
            sw=ops1, app_type='port', interface_num='4', acl_addr_type='ip',
            acl_name=acl_name, direction=direction
            )
        unconfigure_ace(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num=seq_num
            )

        test_num += 1
        step(
            '#### T{test_num} Apply {dir_synonym} no ACL ####\n'
            '#### on interface 4 ####'
            .format(**locals())
            )
        no_apply_interface(
            sw=ops1, app_type='port', interface_num=interface_num,
            acl_addr_type='ip', acl_name=acl_name, direction=direction
            )

        test_num += 1
        step(
            '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n'
            '#### to interface ####\n'
            '#### A.B.C.D/M Network ####'
            .format(**locals())
            )
        common_apply_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='6',
            action='permit', proto='igmp',
            src_ip='1.2.3.4/8', src_port='',
            dst_ip='5.6.7.8/24', dst_port='',
            app_type='port', interface_num='5', direction=direction,
            count='', log=''
            )

        test_num += 1
        step(
            '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n'
            '#### to interface ####\n'
            '#### A.B.C.D Host count ####'
            .format(**locals())
            )
        common_apply_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='7',
            action='permit', proto='igmp',
            src_ip='1.2.3.4', src_port='',
            dst_ip='5.6.7.8', dst_port='',
            app_type='port', interface_num='7', direction=direction,
            count='count', log=''
            )

        test_num += 1
        step(
            '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n'
            '#### to interface ####\n'
            '#### Numbered proto and any host log ####'
            .format(**locals())
            )
        common_apply_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='8',
            action='permit', proto='4',
            src_ip='any', src_port='',
            dst_ip='any', dst_port='',
            app_type='port', interface_num='8', direction=direction,
            count='', log='log'
            )

        test_num += 1
        step(
            '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n'
            '#### to interface ####\n'
            '#### sctp eq L4 count log####'
            .format(**locals())
            )
        common_apply_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='9',
            action='permit', proto='sctp',
            src_ip='172.21.30.4', src_port='eq 10',
            dst_ip='5.6.7.8/24', dst_port='eq 11',
            app_type='port', interface_num='9', direction=direction,
            count='count', log='log'
            )

        test_num += 1
        step(
            '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n'
            '#### to interface ####\n'
            '#### sctp eq L4 ####'
            .format(**locals())
            )
        common_apply_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='10',
            action='permit', proto='sctp',
            src_ip='172.21.30.4', src_port='eq 10',
            dst_ip='5.6.7.8/24', dst_port='eq 11',
            app_type='port', interface_num='10', direction=direction,
            count='', log=''
            )

        test_num += 1
        step(
            '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n'
            '#### to interface ####\n'
            '#### sctp gt L4 count ####'
            .format(**locals())
            )
        common_apply_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='11',
            action='permit', proto='sctp',
            src_ip='172.21.30.4/24', src_port='gt 10',
            dst_ip='5.6.7.8/24', dst_port='gt 11',
            app_type='port', interface_num='11', direction=direction,
            count='count', log=''
            )

        test_num += 1
        step(
            '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n'
            '#### to interface ####\n'
            '#### sctp lt L4 log ####'
            .format(**locals())
            )
        common_apply_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='12',
            action='permit', proto='sctp',
            src_ip='172.21.30.4/24', src_port='lt 10',
            dst_ip='5.6.7.8/24', dst_port='lt 11',
            app_type='port', interface_num='12', direction=direction,
            count='', log='log'
            )

        test_num += 1
        step(
            '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n'
            '#### to interface ####\n'
            '#### sctp range L4 count log ####'
            .format(**locals())
            )
        common_apply_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='13',
            action='permit', proto='sctp',
            src_ip='1.2.3.4/1', src_port='range 100 500',
            dst_ip='5.6.7.8/32', dst_port='range 40 50',
            app_type='port', interface_num='13', direction=direction,
            count='count', log='log'
            )

        test_num += 1
        step(
            '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n'
            '#### to interface ####\n'
            '#### tcp deny eq L4 ####'
            .format(**locals())
            )
        common_apply_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='14',
            action='deny', proto='tcp',
            src_ip='1.2.3.4/8', src_port='eq 4',
            dst_ip='5.6.7.8/24', dst_port='eq 40',
            app_type='port', interface_num='14', direction=direction,
            count='', log=''
            )

        test_num += 1
        step(
            '#### T{test_num} Apply {dir_synonym} IPV4 ACL ####\n'
            '#### to interface ####\n'
            '#### tcp deny range L4 count ####'
            .format(**locals())
            )
        common_apply_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name, seq_num='15',
            action='deny', proto='tcp',
            src_ip='1.2.3.4/8', src_port='range 4 6',
            dst_ip='5.6.7.8/24', dst_port='range 40 60',
            app_type='port', interface_num='15', direction=direction,
            count='count', log=''
            )

        test_num += 1
        step(
            '#### T{test_num} Remove {dir_synonym} IPV4 ACL ####'
            .format(**locals())
            )
        unconfigure_acl(sw=ops1, acl_addr_type='ip', acl_name=acl_name)
    # END for direction in ['in' : 'out']:

    # Beginning of mixing ingress with egress using a single ACL
    acl_name = "testIngressEgressOneACL"
    for dir_list in [['in', 'out'], ['out', 'in']]:
        test_num += 1
        step(
            '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n'
            '#### On one port, ACL, and ACE ####\n'
            '#### deny udp any Host L4 range ####'
            .format(**locals())
            )
        common_in_out_apply_one_acl_one_ace_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name,
            seq_num='1', action='deny', proto='udp',
            src_ip='any', src_port='',
            dst_ip='1.1.1.1', dst_port='range 0 65535',
            app_type='port', interface_num='1', dir_list=dir_list,
            count='', log=''
            )

        test_num += 1
        step(
            '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n'
            '#### On one port, ACL, and ACE ####\n'
            '#### permit tcp Network L4 lt Non-contiguous L4 gt count ####'
            .format(**locals())
            )
        common_in_out_apply_one_acl_one_ace_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name,
            seq_num='2', action='permit', proto='tcp',
            src_ip='1.1.1.0/24', src_port='lt 42',
            dst_ip='1.1.0.0/255.0.255.255', dst_port='gt 50',
            app_type='port', interface_num='2', dir_list=dir_list,
            count='count', log=''
            )

        test_num += 1
        step(
            '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n'
            '#### On one port, ACL, and ACE ####\n'
            '#### deny sctp Host L4 eq any log ####'
            .format(**locals())
            )
        common_in_out_apply_one_acl_one_ace_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name,
            seq_num='3', action='deny', proto='sctp',
            src_ip='1.1.1.1', src_port='eq 1000',
            dst_ip='any', dst_port='',
            app_type='port', interface_num='3', dir_list=dir_list,
            count='', log='log'
            )

        test_num += 1
        step(
            '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n'
            '#### On one port, ACL, and ACE ####\n'
            '#### permit udp Host L4 range Network L4 lt count log ####'
            .format(**locals())
            )
        common_in_out_apply_one_acl_one_ace_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name,
            seq_num='4', action='permit', proto='udp',
            src_ip='1.1.1.1', src_port='range 1 65534',
            dst_ip='1.1.1.0/255.255.255.0', dst_port='lt 65535',
            app_type='port', interface_num='4', dir_list=dir_list,
            count='count', log='log'
            )

        test_num += 1
        step(
            '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n'
            '#### On one port, ACL, and ACE ####\n'
            '#### deny tcp non-contiguous Network gt Network eq ####'
            .format(**locals())
            )
        common_in_out_apply_one_acl_one_ace_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name,
            seq_num='5', action='deny', proto='tcp',
            src_ip='18.32.144.40/254.228.144.172', src_port='gt 0',
            dst_ip='1.1.0.0/16', dst_port='eq 42',
            app_type='port', interface_num='5', dir_list=dir_list,
            count='', log=''
            )

        test_num += 1
        step(
            '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n'
            '#### On one port, ACL, and ACE ####\n'
            '#### permit sctp any Host count ####'
            .format(**locals())
            )
        common_in_out_apply_one_acl_one_ace_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name,
            seq_num='6', action='permit', proto='sctp',
            src_ip='any', src_port='',
            dst_ip='1.1.1.1', dst_port='',
            app_type='port', interface_num='6', dir_list=dir_list,
            count='count', log=''
            )

        test_num += 1
        step(
            '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n'
            '#### On one port, ACL, and ACE ####\n'
            '#### deny icmp any Host log ####'
            .format(**locals())
            )
        common_in_out_apply_one_acl_one_ace_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name,
            seq_num='7', action='deny', proto='icmp',
            src_ip='any', src_port='',
            dst_ip='1.1.1.1', dst_port='',
            app_type='port', interface_num='7', dir_list=dir_list,
            count='', log='log'
            )

        test_num += 1
        step(
            '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n'
            '#### On one port, ACL, and ACE ####\n'
            '#### permit 255 Network Network count log ####'
            .format(**locals())
            )
        common_in_out_apply_one_acl_one_ace_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name,
            seq_num='8', action='permit', proto='255',
            src_ip='1.1.1.0/24', src_port='',
            dst_ip='1.1.0.0/255.255.0.0', dst_port='',
            app_type='port', interface_num='8', dir_list=dir_list,
            count='count', log='log'
            )

        test_num += 1
        step(
            '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n'
            '#### On one port, ACL, and ACE ####\n'
            '#### deny 0 Non-contiguous any ####'
            .format(**locals())
            )
        common_in_out_apply_one_acl_one_ace_test(
            sw=ops1, acl_addr_type='ip', acl_name=acl_name,
            seq_num='9', action='deny', proto='0',
            src_ip='255.0.255.255/255.0.255.255', src_port='',
            dst_ip='any', dst_port='',
            app_type='port', interface_num='9', dir_list=dir_list,
            count='', log=''
            )
    # End for dir_list in [['in', 'out'], ['out', 'in']]:

    test_num += 1
    step(
        '#### T{test_num} Remove Ingress Egress IPV4 ACL ####'
        .format(**locals())
        )
    unconfigure_acl(sw=ops1, acl_addr_type='ip', acl_name=acl_name)

    # Begin testing different Ingress and Egress ACLs applied to one port
    acl_name_in = 'testIngress'
    acl_name_out = 'testEgress'
    test_num += 1
    step(
        '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n'
        '#### On one port with two ACLs with one ACE each ####\n'
        '#### Ingress permit udp any Network L4 lt ####\n'
        '#### Egress deny tcp Host L4 range Network L4 gt ####'
        .format(**locals())
        )
    common_in_out_apply_different_acl_test(
        sw=ops1, acl_addr_type='ip',
        acl_name_list=[acl_name_in, acl_name_out],
        seq_num_list=['1', '1'],
        action_list=['permit', 'deny'],
        proto_list=['udp', 'tcp'],
        src_ip_list=['any', '1.1.1.1'],
        src_port_list=['', 'range 1 2'],
        dst_ip_list=['1.1.1.0/24', '1.1.0.0/255.255.0.0'],
        dst_port_list=['lt 42', 'gt 50'],
        app_type='port', interface_num='1',
        dir_list=['in', 'out'],
        count_list=['', ''],
        log_list=['', '']
        )

    test_num += 1
    step(
        '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n'
        '#### On one port with two ACLs with one ACE each count ####\n'
        '#### Egress deny sctp non-contiguous L4 eq any log ####\n'
        '#### Ingress permit 250 any Host ####'
        .format(**locals())
        )
    common_in_out_apply_different_acl_test(
        sw=ops1, acl_addr_type='ip',
        acl_name_list=[acl_name_out, acl_name_in],
        seq_num_list=['2', '500'],
        action_list=['deny', 'permit'],
        proto_list=['sctp', '250'],
        src_ip_list=['1.0.1.1/255.0.255.255', 'any'],
        src_port_list=['eq 1024', ''],
        dst_ip_list=['any', '1.1.1.2'],
        dst_port_list=['', ''],
        app_type='port', interface_num='2',
        dir_list=['out', 'in'],
        count_list=['count', ''],
        log_list=['', 'log']
        )

    test_num += 1
    step(
        '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n'
        '#### On one port with two ACLs with one ACE each ####\n'
        '#### Ingress permit icmp any any log ####\n'
        '#### Egress permit icmp any any count ####'
        .format(**locals())
        )
    common_in_out_apply_different_acl_test(
        sw=ops1, acl_addr_type='ip',
        acl_name_list=[acl_name_in, acl_name_out],
        seq_num_list=['4', '4'],
        action_list=['permit', 'permit'],
        proto_list=['icmp', 'icmp'],
        src_ip_list=['any', 'any'],
        src_port_list=['', ''],
        dst_ip_list=['any', 'any'],
        dst_port_list=['', ''],
        app_type='port', interface_num='3',
        dir_list=['in', 'out'],
        count_list=['', 'count'],
        log_list=['log', '']
        )

    test_num += 1
    step(
        '#### T{test_num} Mix Ingress and Egress IPV4 ACL ####\n'
        '#### On one port with two ACLs with one ACE each ####\n'
        '#### Egress deny igmp Network Network count log ####\n'
        '#### Ingress deny pim non-contiguous any count log ####'
        .format(**locals())
        )
    common_in_out_apply_different_acl_test(
        sw=ops1, acl_addr_type='ip',
        acl_name_list=[acl_name_out, acl_name_in],
        seq_num_list=['4', '5'],
        action_list=['deny', 'deny'],
        proto_list=['igmp', 'pim'],
        src_ip_list=['1.1.1.0/24', '1.0.1.1/255.0.255.255'],
        src_port_list=['', ''],
        dst_ip_list=['1.1.0.0/255.255.0.0', 'any'],
        dst_port_list=['', ''],
        app_type='port', interface_num='4',
        dir_list=['out', 'in'],
        count_list=['count', 'count'],
        log_list=['log', 'log']
        )

    test_num += 1
    step(
        '#### T{test_num} Remove Ingress IPV4 ACL ####'
        .format(**locals())
        )
    unconfigure_acl(sw=ops1, acl_addr_type='ip', acl_name=acl_name_in)

    test_num += 1
    step(
        '#### T{test_num} Remove Ingress IPV4 ACL ####'
        .format(**locals())
        )
    unconfigure_acl(sw=ops1, acl_addr_type='ip', acl_name=acl_name_out)
예제 #16
0
    def acl_config_persistance(self, step, step_num, entries_list):
        self._check_basic_private_variables(step_num)

        # Verify entries_list is a list of integers with no more than 2 entries
        # (for now).
        assert isinstance(entries_list, list) and\
            len(entries_list) <= 2
        for i in list(range(len(entries_list))):
            assert isinstance(entries_list[i], int)

        seq_num = '1'
        action = 'permit'
        proto = 'icmp'
        src_port = ''
        dst_port = ''
        count_str = 'count'

        tx_dir = ['forward', 'reverse']
        interface_num_list = [self._pri_int, self._sec_int]
        acl_name = ['test', 'test2']
        range_lt_gt_count = 0
        target_ace_list = []
        for i in list(range(len(entries_list))):
            if tx_dir[i] == 'forward':
                src_ip, dst_ip = self._tx_host_ip, self._rx_host_ip
            else:
                dst_ip, src_ip = self._tx_host_ip, self._rx_host_ip
            step(
                str(step_num) +
                '.a Configure an ACL with a %s %s %s %s %s rule' %
                (action, proto, src_ip, dst_ip, count_str))

            configure_acl_l3(self._sw1, self._aclAddrType, acl_name[i],
                             seq_num, action, proto, src_ip, src_port, dst_ip,
                             dst_port, count_str)

            step(
                str(step_num) +
                '.b Configure the ACL another %s random rules (off by one'
                ' because we already\nconfigured one rule that we will use'
                ' for traffic tests later)' % (str(entries_list[i] - 1)))
            for seq in list(range(2, entries_list[i] + 1)):
                r_action = choice(["permit", "deny"])
                r_proto = choice(
                    [str(randrange(1, 255)), 'tcp', 'udp', 'sctp'])
                r_src_ip = self._rand_ip_address_with_prefix()
                r_dst_ip = self._rand_ip_address_with_prefix()
                r_src_port, range_lt_gt_count = self._rand_port(
                    r_proto, range_lt_gt_count)
                r_dst_port, range_lt_gt_count = self._rand_port(
                    r_proto, range_lt_gt_count)
                r_count_str = choice(['count', ''])
                configure_acl_l3(self._sw1, self._aclAddrType, acl_name[i],
                                 str(seq), r_action, r_proto, r_src_ip,
                                 r_src_port, r_dst_ip, r_dst_port, r_count_str)

            apply_acl(sw=self._sw1,
                      app_type=self._aclApp,
                      interface_num=interface_num_list[i],
                      acl_addr_type=self._aclAddrType,
                      acl_name=acl_name[i],
                      direction=self._aclDir)

            self._clear_hitcounts(acl_name[i], interface_num_list[i])
            step(str(step_num) + '.c Create and verify ICMP packets')
            sleep(6)
            rx_expect = True
            self._create_and_verify_traffic_l3('ICMP',
                                               rx_expect,
                                               direction=tx_dir[i])
            sleep(6)  # delay to retrieve correct hitcount
            target_ace_list.append('%s %s %s %s %s count' %
                                   (seq_num, action, proto, src_ip, dst_ip))
            assert (self._get_hitcount(
                sw=self._sw1,
                acl_name=acl_name[i],
                inter_num=interface_num_list[i],
                target_ace_str=target_ace_list[i]) == '10')

        # Check the running and startup config are the same before reboot
        self.print_clr("INFO", "Copying the running config to the startup"
                       " config")
        self._sw1._shells['vtysh']._timeout = 1500
        self._sw1.libs.vtysh.copy_running_config_startup_config()
        run_res_before_boot = self._sw1.libs.vtysh.show_running_config()
        start_res_before_boot = self._sw1.libs.vtysh.show_startup_config()
        assert (run_res_before_boot == start_res_before_boot)

        self.print_clr("INFO", "Rebooting Switch")
        reboot_switch(self._sw1)
        self.print_clr("INFO", "Delaying 60 seconds while switch inits")
        sleep(60)

        # Check the running config is still the same as before
        run_res_after_boot = self._sw1.libs.vtysh.show_running_config()
        assert (run_res_before_boot == run_res_after_boot)

        # Check the startup config is the same and the current running
        start_res_after_boot = self._sw1.libs.vtysh.show_startup_config()
        assert (run_res_after_boot == start_res_after_boot)

        # Check that the applied ACL still works along with logging
        step(str(step_num) + '.d Create and verify ICMP packets')
        for i in list(range(len(entries_list))):
            self._clear_hitcounts(acl_name[i], interface_num_list[i])
            rx_expect = True
            self._create_and_verify_traffic_l3('ICMP',
                                               rx_expect,
                                               direction=tx_dir[i])
            sleep(6)  # delay tp retrieve correct hitcount
            assert (self._get_hitcount(
                sw=self._sw1,
                acl_name=acl_name[i],
                inter_num=interface_num_list[i],
                target_ace_str=target_ace_list[i]) == '10')

        step(str(step_num) + '.e Remove the configured ACL(s)')
        for i in list(range(len(entries_list))):
            unconfigure_acl(self._sw1, self._aclAddrType, acl_name[i])
def common_in_out_apply_different_acl_test(
        sw, acl_addr_type, acl_name_list, seq_num_list, action_list,
        proto_list, src_ip_list, src_port_list, dst_ip_list, dst_port_list,
        app_type, interface_num, dir_list, count_list, log_list
        ):

    assert sw is not None
    assert acl_addr_type in ('ip', 'ipv6', 'mac')
    assert isinstance(acl_name_list, list)
    for acl_name in acl_name_list:
        assert isinstance(acl_name, str)
    assert isinstance(seq_num_list, list)
    for seq_num in seq_num_list:
        assert isinstance(seq_num, str)
    assert isinstance(action_list, list)
    for action in action_list:
        assert action in ('permit', 'deny')
    assert isinstance(proto_list, list)
    for proto in proto_list:
        assert isinstance(proto, str)
    assert isinstance(src_ip_list, list)
    for src_ip in src_ip_list:
        assert isinstance(src_ip, str)
    assert isinstance(src_port_list, list)
    for src_port in src_port_list:
        assert isinstance(src_port, str)
    assert isinstance(dst_ip_list, list)
    for dst_ip in dst_ip_list:
        assert isinstance(dst_ip, str)
    assert app_type in ('port', 'vlan')
    assert isinstance(interface_num, str)
    assert isinstance(dir_list, list)
    for direction in dir_list:
        assert direction in ['in', 'out']
    assert isinstance(count_list, list)
    for count in count_list:
        assert count in ('count', '')
    assert isinstance(log_list, list)
    for log in log_list:
        assert log in ('log', '')

    # For each acl named, there needs to be one ACE and one direction for the
    # acl to applied to the one interface
    for i in list(range(len(acl_name_list))):
        configure_acl_l3(
            sw=sw, acl_addr_type=acl_addr_type, acl_name=acl_name_list[i],
            seq_num=seq_num_list[i], action=action_list[i],
            proto=proto_list[i], src_ip=src_ip_list[i],
            src_port=src_port_list[i], dst_ip=dst_ip_list[i],
            dst_port=dst_port_list[i], count=count_list[i], log=log_list[i]
            )
    for i in list(range(len(acl_name_list))):
        apply_acl(
            sw=sw, app_type=app_type, interface_num=interface_num,
            acl_addr_type=acl_addr_type, acl_name=acl_name_list[i],
            direction=dir_list[i]
            )
    for i in list(range(len(acl_name_list))):
        no_apply_interface(
            sw=sw, app_type=app_type, interface_num=interface_num,
            acl_addr_type=acl_addr_type, acl_name=acl_name_list[i],
            direction=dir_list[i]
            )
    for i in list(range(len(acl_name_list))):
        unconfigure_ace(
            sw=sw, acl_addr_type=acl_addr_type, acl_name=acl_name_list[i],
            seq_num=seq_num_list[i]
            )