def create_acls_for_a_stream(self, stream_dict, test_l2_action, is_reflect): r = stream_dict['rules'] r_permit = stream_dict['permit_rules'] r_permit_reflect = stream_dict['permit_and_reflect_rules'] r_action = r_permit_reflect if is_reflect else r action_acl = VppAcl(self, rules=r_action, tag="act. acl") action_acl.add_vpp_config() permit_acl = VppAcl(self, rules=r_permit, tag="perm. acl") permit_acl.add_vpp_config() return {'L2': action_acl if test_l2_action else permit_acl, 'L3': permit_acl if test_l2_action else action_acl, 'permit': permit_acl, 'action': action_acl}
def create_acls_for_a_stream(self, stream_dict, test_l2_action, is_reflect): r = stream_dict["rules"] r_permit = stream_dict["permit_rules"] r_permit_reflect = stream_dict["permit_and_reflect_rules"] r_action = r_permit_reflect if is_reflect else r action_acl = VppAcl(self, rules=r_action, tag="act. acl") action_acl.add_vpp_config() permit_acl = VppAcl(self, rules=r_permit, tag="perm. acl") permit_acl.add_vpp_config() return { "L2": action_acl if test_l2_action else permit_acl, "L3": permit_acl if test_l2_action else action_acl, "permit": permit_acl, "action": action_acl, }
def test_abf6(self): """ IPv6 ACL Based Forwarding """ # # Simple test for matching IPv6 packets # # # Rule 1 # rule_1 = AclRule(is_permit=1, proto=17, ports=1234, src_prefix=IPv6Network("2001::2/128"), dst_prefix=IPv6Network("2001::1/128")) acl_1 = VppAcl(self, rules=[rule_1]) acl_1.add_vpp_config() # # ABF policy for ACL 1 - path via interface 1 # abf_1 = VppAbfPolicy(self, 10, acl_1, [VppRoutePath("3001::1", 0xffffffff)]) abf_1.add_vpp_config() attach_1 = VppAbfAttach(self, 10, self.pg0.sw_if_index, 45, is_ipv6=True) attach_1.add_vpp_config() # # a packet matching the rule # p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IPv6(src="2001::2", dst="2001::1") / UDP(sport=1234, dport=1234) / Raw(b'\xa5' * 100)) # # packets are dropped because there is no route to the policy's # next hop # self.send_and_assert_no_replies(self.pg1, p * NUM_PKTS, "no route") # # add a route resolving the next-hop # route = VppIpRoute(self, "3001::1", 32, [VppRoutePath(self.pg1.remote_ip6, self.pg1.sw_if_index)]) route.add_vpp_config() # # now expect packets forwarded. # self.send_and_expect(self.pg0, p * NUM_PKTS, self.pg1)
def apply_acls(self, reflect_side, acl_side): pkts = [] pkts.append(self.pkt(0)) pkts.append(self.pkt(1)) pkt = pkts[reflect_side] r = [] r.append(pkt.to_acl_rule(2, wildcard_sport=True)) r.append(self.wildcard_rule(0)) reflect_acl = VppAcl(self.testcase, r) reflect_acl.add_vpp_config() r = [] r.append(self.wildcard_rule(0)) deny_acl = VppAcl(self.testcase, r) deny_acl.add_vpp_config() if reflect_side == acl_side: acl_if0 = VppAclInterface( self.testcase, self.ifs[acl_side].sw_if_index, [reflect_acl, deny_acl], n_input=1, ) acl_if1 = VppAclInterface(self.testcase, self.ifs[1 - acl_side].sw_if_index, [], n_input=0) acl_if0.add_vpp_config() acl_if1.add_vpp_config() else: acl_if0 = VppAclInterface( self.testcase, self.ifs[acl_side].sw_if_index, [deny_acl, reflect_acl], n_input=1, ) acl_if1 = VppAclInterface(self.testcase, self.ifs[1 - acl_side].sw_if_index, [], n_input=0) acl_if0.add_vpp_config() acl_if1.add_vpp_config()
def test_abf4(self): """ IPv4 ACL Based Forwarding """ # # We are not testing the various matching capabilities # of ACLs, that's done elsewhere. Here ware are testing # the application of ACLs to a forwarding path to achieve # ABF # So we construct just a few ACLs to ensure the ABF policies # are correctly constructed and used. And a few path types # to test the API path decoding. # # # Rule 1 # rule_1 = AclRule(is_permit=1, proto=17, ports=1234, src_prefix=IPv4Network("1.1.1.1/32"), dst_prefix=IPv4Network("1.1.1.2/32")) acl_1 = VppAcl(self, rules=[rule_1]) acl_1.add_vpp_config() # # ABF policy for ACL 1 - path via interface 1 # abf_1 = VppAbfPolicy(self, 10, acl_1, [VppRoutePath(self.pg1.remote_ip4, self.pg1.sw_if_index)]) abf_1.add_vpp_config() # # Attach the policy to input interface Pg0 # attach_1 = VppAbfAttach(self, 10, self.pg0.sw_if_index, 50) attach_1.add_vpp_config() # # fire in packet matching the ACL src,dst. If it's forwarded # then the ABF was successful, since default routing will drop it # p_1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src="1.1.1.1", dst="1.1.1.2") / UDP(sport=1234, dport=1234) / Raw(b'\xa5' * 100)) self.send_and_expect(self.pg0, p_1*NUM_PKTS, self.pg1) # # Attach a 'better' priority policy to the same interface # abf_2 = VppAbfPolicy(self, 11, acl_1, [VppRoutePath(self.pg2.remote_ip4, self.pg2.sw_if_index)]) abf_2.add_vpp_config() attach_2 = VppAbfAttach(self, 11, self.pg0.sw_if_index, 40) attach_2.add_vpp_config() self.send_and_expect(self.pg0, p_1*NUM_PKTS, self.pg2) # # Attach a policy with priority in the middle # abf_3 = VppAbfPolicy(self, 12, acl_1, [VppRoutePath(self.pg3.remote_ip4, self.pg3.sw_if_index)]) abf_3.add_vpp_config() attach_3 = VppAbfAttach(self, 12, self.pg0.sw_if_index, 45) attach_3.add_vpp_config() self.send_and_expect(self.pg0, p_1*NUM_PKTS, self.pg2) # # remove the best priority # attach_2.remove_vpp_config() self.send_and_expect(self.pg0, p_1*NUM_PKTS, self.pg3) # # Attach one of the same policies to Pg1 # attach_4 = VppAbfAttach(self, 12, self.pg1.sw_if_index, 45) attach_4.add_vpp_config() p_2 = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / IP(src="1.1.1.1", dst="1.1.1.2") / UDP(sport=1234, dport=1234) / Raw(b'\xa5' * 100)) self.send_and_expect(self.pg1, p_2 * NUM_PKTS, self.pg3) # # detach the policy from PG1, now expect traffic to be dropped # attach_4.remove_vpp_config() self.send_and_assert_no_replies(self.pg1, p_2 * NUM_PKTS, "Detached") # # Swap to route via a next-hop in the non-default table # table_20 = VppIpTable(self, 20) table_20.add_vpp_config() self.pg4.set_table_ip4(table_20.table_id) self.pg4.admin_up() self.pg4.config_ip4() self.pg4.resolve_arp() abf_13 = VppAbfPolicy(self, 13, acl_1, [VppRoutePath(self.pg4.remote_ip4, 0xffffffff, nh_table_id=table_20.table_id)]) abf_13.add_vpp_config() attach_5 = VppAbfAttach(self, 13, self.pg0.sw_if_index, 30) attach_5.add_vpp_config() self.send_and_expect(self.pg0, p_1*NUM_PKTS, self.pg4) self.pg4.unconfig_ip4() self.pg4.set_table_ip4(0)
def test_pipe(self): """Pipes""" pipes = [VppPipe(self), VppPipe(self, 10)] for p in pipes: p.add_vpp_config() p.admin_up() # # L2 cross-connect pipe0 east with pg0 and west with pg1 # self.vapi.sw_interface_set_l2_xconnect(self.pg0.sw_if_index, pipes[0].east, enable=1) self.vapi.sw_interface_set_l2_xconnect(pipes[0].east, self.pg0.sw_if_index, enable=1) self.vapi.sw_interface_set_l2_xconnect(self.pg1.sw_if_index, pipes[0].west, enable=1) self.vapi.sw_interface_set_l2_xconnect(pipes[0].west, self.pg1.sw_if_index, enable=1) # test bi-directional L2 flow pg0<->pg1 p = (Ether(src=self.pg0.remote_mac, dst=self.pg1.remote_mac) / IP(src="1.1.1.1", dst="1.1.1.2") / UDP(sport=1234, dport=1234) / Raw(b"\xa5" * 100)) self.send_and_expect(self.pg0, p * NUM_PKTS, self.pg1) self.send_and_expect(self.pg1, p * NUM_PKTS, self.pg0) # # Attach ACL to ensure features are run on the pipe # rule_1 = AclRule( is_permit=0, proto=17, src_prefix=IPv4Network("1.1.1.1/32"), dst_prefix=IPv4Network("1.1.1.2/32"), ports=1234, ) acl = VppAcl(self, rules=[rule_1]) acl.add_vpp_config() # Apply the ACL on the pipe on output acl_if_e = VppAclInterface(self, sw_if_index=pipes[0].east, n_input=0, acls=[acl]) acl_if_e.add_vpp_config() self.send_and_assert_no_replies(self.pg0, p * NUM_PKTS) self.send_and_expect(self.pg1, p * NUM_PKTS, self.pg0) # remove from output and apply on input acl_if_e.remove_vpp_config() acl_if_w = VppAclInterface(self, sw_if_index=pipes[0].west, n_input=1, acls=[acl]) acl_if_w.add_vpp_config() self.send_and_assert_no_replies(self.pg0, p * NUM_PKTS) self.send_and_expect(self.pg1, p * NUM_PKTS, self.pg0) acl_if_w.remove_vpp_config() self.send_and_expect(self.pg0, p * NUM_PKTS, self.pg1) self.send_and_expect(self.pg1, p * NUM_PKTS, self.pg0) # # L3 routes in two separate tables so a pipe can be used to L3 # x-connect # tables = [] tables.append(VppIpTable(self, 1)) tables.append(VppIpTable(self, 2)) for t in tables: t.add_vpp_config() self.pg2.set_table_ip4(1) self.pg2.config_ip4() self.pg2.resolve_arp() self.pg3.set_table_ip4(2) self.pg3.config_ip4() self.pg3.resolve_arp() routes = [] routes.append( VppIpRoute( self, "1.1.1.1", 32, [VppRoutePath(self.pg3.remote_ip4, self.pg3.sw_if_index)], table_id=2, )) routes.append( VppIpRoute( self, "1.1.1.1", 32, [VppRoutePath("0.0.0.0", pipes[1].east)], table_id=1, )) routes.append( VppIpRoute( self, "1.1.1.2", 32, [VppRoutePath("0.0.0.0", pipes[1].west)], table_id=2, )) routes.append( VppIpRoute( self, "1.1.1.2", 32, [VppRoutePath(self.pg2.remote_ip4, self.pg2.sw_if_index)], table_id=1, )) for r in routes: r.add_vpp_config() p_east = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) / IP(src="1.1.1.2", dst="1.1.1.1") / UDP(sport=1234, dport=1234) / Raw(b"\xa5" * 100)) # bind the pipe ends to the correct tables self.vapi.sw_interface_set_table(pipes[1].west, 0, 2) self.vapi.sw_interface_set_table(pipes[1].east, 0, 1) # IP is not enabled on the pipes at this point self.send_and_assert_no_replies(self.pg2, p_east * NUM_PKTS) # IP enable the Pipes by making them unnumbered pipes[1].set_unnumbered(self.pg2.sw_if_index, True) pipes[1].set_unnumbered(self.pg3.sw_if_index, False) self.send_and_expect(self.pg2, p_east * NUM_PKTS, self.pg3) # and the return path p_west = (Ether(src=self.pg3.remote_mac, dst=self.pg3.local_mac) / IP(src="1.1.1.1", dst="1.1.1.2") / UDP(sport=1234, dport=1234) / Raw(b"\xa5" * 100)) self.send_and_expect(self.pg3, p_west * NUM_PKTS, self.pg2) # # Use ACLs to test features run on the Pipes # acl_if_e1 = VppAclInterface(self, sw_if_index=pipes[1].east, n_input=0, acls=[acl]) acl_if_e1.add_vpp_config() self.send_and_assert_no_replies(self.pg2, p_east * NUM_PKTS) self.send_and_expect(self.pg3, p_west * NUM_PKTS, self.pg2) # remove from output and apply on input acl_if_e1.remove_vpp_config() acl_if_w1 = VppAclInterface(self, sw_if_index=pipes[1].west, n_input=1, acls=[acl]) acl_if_w1.add_vpp_config() self.send_and_assert_no_replies(self.pg2, p_east * NUM_PKTS) self.send_and_expect(self.pg3, p_west * NUM_PKTS, self.pg2) acl_if_w1.remove_vpp_config() self.send_and_expect(self.pg2, p_east * NUM_PKTS, self.pg3) self.send_and_expect(self.pg3, p_west * NUM_PKTS, self.pg2) # cleanup (so the tables delete) self.pg2.unconfig_ip4() self.pg2.set_table_ip4(0) self.pg3.unconfig_ip4() self.pg3.set_table_ip4(0) self.vapi.sw_interface_set_table(pipes[1].west, 0, 0) self.vapi.sw_interface_set_table(pipes[1].east, 0, 0)
def test_dvr(self): """ Distributed Virtual Router """ # # A packet destined to an IP address that is L2 bridged via # a non-tag interface # ip_non_tag_bridged = "10.10.10.10" ip_tag_bridged = "10.10.10.11" any_src_addr = "1.1.1.1" pkt_no_tag = ( Ether(src=self.pg0.remote_mac, dst=self.loop0.local_mac) / IP(src=any_src_addr, dst=ip_non_tag_bridged) / UDP(sport=1234, dport=1234) / Raw(b'\xa5' * 100)) pkt_tag = (Ether(src=self.pg0.remote_mac, dst=self.loop0.local_mac) / IP(src=any_src_addr, dst=ip_tag_bridged) / UDP(sport=1234, dport=1234) / Raw(b'\xa5' * 100)) # # Two sub-interfaces so we can test VLAN tag push/pop # sub_if_on_pg2 = VppDot1QSubint(self, self.pg2, 92) sub_if_on_pg3 = VppDot1QSubint(self, self.pg3, 93) sub_if_on_pg2.admin_up() sub_if_on_pg3.admin_up() # # Put all the interfaces into a new bridge domain # self.vapi.sw_interface_set_l2_bridge( rx_sw_if_index=self.pg0.sw_if_index, bd_id=1) self.vapi.sw_interface_set_l2_bridge( rx_sw_if_index=self.pg1.sw_if_index, bd_id=1) self.vapi.sw_interface_set_l2_bridge( rx_sw_if_index=sub_if_on_pg2.sw_if_index, bd_id=1) self.vapi.sw_interface_set_l2_bridge( rx_sw_if_index=sub_if_on_pg3.sw_if_index, bd_id=1) self.vapi.sw_interface_set_l2_bridge( rx_sw_if_index=self.loop0.sw_if_index, bd_id=1, port_type=L2_PORT_TYPE.BVI) self.vapi.l2_interface_vlan_tag_rewrite( sw_if_index=sub_if_on_pg2.sw_if_index, vtr_op=L2_VTR_OP.L2_POP_1, push_dot1q=92) self.vapi.l2_interface_vlan_tag_rewrite( sw_if_index=sub_if_on_pg3.sw_if_index, vtr_op=L2_VTR_OP.L2_POP_1, push_dot1q=93) # # Add routes to bridge the traffic via a tagged an nontagged interface # route_no_tag = VppIpRoute(self, ip_non_tag_bridged, 32, [ VppRoutePath("0.0.0.0", self.pg1.sw_if_index, type=FibPathType.FIB_PATH_TYPE_DVR) ]) route_no_tag.add_vpp_config() # # Inject the packet that arrives and leaves on a non-tagged interface # Since it's 'bridged' expect that the MAC headed is unchanged. # rx = self.send_and_expect(self.pg0, pkt_no_tag * NUM_PKTS, self.pg1) self.assert_same_mac_addr(pkt_no_tag, rx) self.assert_has_no_tag(rx) # # Add routes to bridge the traffic via a tagged interface # route_with_tag = VppIpRoute(self, ip_tag_bridged, 32, [ VppRoutePath("0.0.0.0", sub_if_on_pg3.sw_if_index, type=FibPathType.FIB_PATH_TYPE_DVR) ]) route_with_tag.add_vpp_config() # # Inject the packet that arrives non-tag and leaves on a tagged # interface # rx = self.send_and_expect(self.pg0, pkt_tag * NUM_PKTS, self.pg3) self.assert_same_mac_addr(pkt_tag, rx) self.assert_has_vlan_tag(93, rx) # # Tag to tag # pkt_tag_to_tag = ( Ether(src=self.pg2.remote_mac, dst=self.loop0.local_mac) / Dot1Q(vlan=92) / IP(src=any_src_addr, dst=ip_tag_bridged) / UDP(sport=1234, dport=1234) / Raw(b'\xa5' * 100)) rx = self.send_and_expect(self.pg2, pkt_tag_to_tag * NUM_PKTS, self.pg3) self.assert_same_mac_addr(pkt_tag_to_tag, rx) self.assert_has_vlan_tag(93, rx) # # Tag to non-Tag # pkt_tag_to_non_tag = ( Ether(src=self.pg2.remote_mac, dst=self.loop0.local_mac) / Dot1Q(vlan=92) / IP(src=any_src_addr, dst=ip_non_tag_bridged) / UDP(sport=1234, dport=1234) / Raw(b'\xa5' * 100)) rx = self.send_and_expect(self.pg2, pkt_tag_to_non_tag * NUM_PKTS, self.pg1) self.assert_same_mac_addr(pkt_tag_to_tag, rx) self.assert_has_no_tag(rx) # # Add an output L3 ACL that will block the traffic # rule_1 = AclRule(is_permit=0, proto=17, ports=1234, src_prefix=IPv4Network((any_src_addr, 32)), dst_prefix=IPv4Network((ip_non_tag_bridged, 32))) acl = VppAcl(self, rules=[rule_1]) acl.add_vpp_config() # # Apply the ACL on the output interface # acl_if1 = VppAclInterface(self, sw_if_index=self.pg1.sw_if_index, n_input=0, acls=[acl]) acl_if1.add_vpp_config() # # Send packet's that should match the ACL and be dropped # rx = self.send_and_assert_no_replies(self.pg2, pkt_tag_to_non_tag * NUM_PKTS) # # cleanup # acl_if1.remove_vpp_config() acl.remove_vpp_config() self.vapi.sw_interface_set_l2_bridge( rx_sw_if_index=self.pg0.sw_if_index, bd_id=1, enable=0) self.vapi.sw_interface_set_l2_bridge( rx_sw_if_index=self.pg1.sw_if_index, bd_id=1, enable=0) self.vapi.sw_interface_set_l2_bridge( rx_sw_if_index=sub_if_on_pg2.sw_if_index, bd_id=1, enable=0) self.vapi.sw_interface_set_l2_bridge( rx_sw_if_index=sub_if_on_pg3.sw_if_index, bd_id=1, enable=0) self.vapi.sw_interface_set_l2_bridge( rx_sw_if_index=self.loop0.sw_if_index, bd_id=1, port_type=L2_PORT_TYPE.BVI, enable=0) # # Do a FIB dump to make sure the paths are correctly reported as DVR # routes = self.vapi.ip_route_dump(0) for r in routes: if (ip_tag_bridged == str(r.route.prefix.network_address)): self.assertEqual(r.route.paths[0].sw_if_index, sub_if_on_pg3.sw_if_index) self.assertEqual(r.route.paths[0].type, FibPathType.FIB_PATH_TYPE_DVR) if (ip_non_tag_bridged == str(r.route.prefix.network_address)): self.assertEqual(r.route.paths[0].sw_if_index, self.pg1.sw_if_index) self.assertEqual(r.route.paths[0].type, FibPathType.FIB_PATH_TYPE_DVR) # # the explicit route delete is require so it happens before # the sbu-interface delete. subinterface delete is required # because that object type does not use the object registry # route_no_tag.remove_vpp_config() route_with_tag.remove_vpp_config() sub_if_on_pg3.remove_vpp_config() sub_if_on_pg2.remove_vpp_config()
def applied_acl_shuffle(self, acl_if): saved_n_input = acl_if.n_input # TOTO: maybe copy each one?? saved_acls = acl_if.acls # now create a list of all the rules in all ACLs all_rules = [] for old_acl in saved_acls: for rule in old_acl.rules: all_rules.append(rule) # Add a few ACLs made from shuffled rules shuffle(all_rules) acl1 = VppAcl(self, rules=all_rules[::2], tag="shuffle 1. acl") acl1.add_vpp_config() shuffle(all_rules) acl2 = VppAcl(self, rules=all_rules[::3], tag="shuffle 2. acl") acl2.add_vpp_config() shuffle(all_rules) acl3 = VppAcl(self, rules=all_rules[::2], tag="shuffle 3. acl") acl3.add_vpp_config() # apply the shuffle ACLs in front input_acls = [acl1, acl2] output_acls = [acl1, acl2] # add the currently applied ACLs n_input = acl_if.n_input input_acls.extend(saved_acls[:n_input]) output_acls.extend(saved_acls[n_input:]) # and the trailing shuffle ACL(s) input_acls.extend([acl3]) output_acls.extend([acl3]) # set the interface ACL list to the result acl_if.n_input = len(input_acls) acl_if.acls = input_acls + output_acls acl_if.add_vpp_config() # change the ACLs a few times for i in range(1, 10): shuffle(all_rules) acl1.modify_vpp_config(all_rules[::1 + (i % 2)]) shuffle(all_rules) acl2.modify_vpp_config(all_rules[::1 + (i % 3)]) shuffle(all_rules) acl3.modify_vpp_config(all_rules[::1 + (i % 5)]) # restore to how it was before and clean up acl_if.n_input = saved_n_input acl_if.acls = saved_acls acl_if.add_vpp_config() acl1.remove_vpp_config() acl2.remove_vpp_config() acl3.remove_vpp_config()
def run_traffic( self, mac_type, ip_type, traffic, is_ip6, packets, do_not_expected_capture=False, tags=None, apply_rules=True, isMACIP=True, permit_tags=PERMIT_TAGS, try_replace=False, ): self.reset_packet_infos() if tags is None: tx_if = self.pg0 if traffic == self.BRIDGED else self.pg3 rx_if = self.pg3 if traffic == self.BRIDGED else self.pg0 src_if = self.pg3 dst_if = self.loop0 else: if tags == self.DOT1Q: if traffic == self.BRIDGED: tx_if = self.subifs[0] rx_if = self.pg0 src_if = self.subifs[0] dst_if = self.loop0 else: tx_if = self.subifs[2] rx_if = self.pg0 src_if = self.subifs[2] dst_if = self.loop0 elif tags == self.DOT1AD: if traffic == self.BRIDGED: tx_if = self.subifs[1] rx_if = self.pg0 src_if = self.subifs[1] dst_if = self.loop0 else: tx_if = self.subifs[3] rx_if = self.pg0 src_if = self.subifs[3] dst_if = self.loop0 else: return test_dict = self.create_stream( mac_type, ip_type, packets, src_if, dst_if, traffic, is_ip6, tags=permit_tags, ) if apply_rules: if isMACIP: self.acl = VppMacipAcl(self, rules=test_dict["macip_rules"]) else: self.acl = VppAcl(self, rules=test_dict["acl_rules"]) self.acl.add_vpp_config() if isMACIP: self.acl_if = VppMacipAclInterface( self, sw_if_index=tx_if.sw_if_index, acls=[self.acl] ) self.acl_if.add_vpp_config() dump = self.acl_if.dump() self.assertTrue(dump) self.assertEqual(dump[0].acls[0], self.acl.acl_index) else: self.acl_if = VppAclInterface( self, sw_if_index=tx_if.sw_if_index, n_input=1, acls=[self.acl] ) self.acl_if.add_vpp_config() else: if hasattr(self, "acl_if"): self.acl_if.remove_vpp_config() if try_replace and hasattr(self, "acl"): if isMACIP: self.acl.modify_vpp_config(test_dict["macip_rules"]) else: self.acl.modify_vpp_config(test_dict["acl_rules"]) if not isinstance(src_if, VppSubInterface): tx_if.add_stream(test_dict["stream"]) else: tx_if.parent.add_stream(test_dict["stream"]) self.pg_enable_capture(self.pg_interfaces) self.pg_start() if do_not_expected_capture: rx_if.get_capture(0) else: if ( traffic == self.BRIDGED and mac_type == self.WILD_MAC and ip_type == self.WILD_IP ): capture = rx_if.get_capture(packets) else: capture = rx_if.get_capture( self.get_packet_count_for_if_idx(dst_if.sw_if_index) ) self.verify_capture(test_dict["stream"], capture, is_ip6) if not isMACIP: if hasattr(self, "acl_if"): self.acl_if.remove_vpp_config() if hasattr(self, "acl"): self.acl.remove_vpp_config()