[acl_config_tests]: Fix ACL config tests.

ansible/roles/test/files/acstests/acl_port_range_traffic_test.py

@@ -10,7 +10,7 @@
 class SendTCP(acs_base_test.ACSDataplaneTest):
     def runTest(self):
         pkt = scapy2.Ether(src="e4:1d:2d:a5:f3:ac", dst="00:02:03:04:05:00")
-        pkt /= scapy2.IP(src="20.0.0.2", dst="20.0.0.1")
+        pkt /= scapy2.IP(src="10.0.0.1", dst="10.0.0.0")
 
         # get L4 port number
         port_number = testutils.test_params_get("port_number")

ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml

@@ -26,10 +26,6 @@
 #----------------------------------------
 # L3 TRAFFIC TESTING.
 #----------------------------------------
-    - name: Set host interface IP address.
-      shell: ifconfig {{ ptf_host_if }} 20.0.0.2
-      delegate_to: "{{ ptf_host }}"
-
     - name: Create an ACL L3 table.
       shell: docker exec -i {{ orchagent }} swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }}
 
@@ -94,6 +90,7 @@
         table_name_check: "{{ table_name }}"
         rule_name_check: "{{ rule_name }}"
         expect_data: false
+        expected_counter_value: 0
       include: "{{ acl_check_db }}"
 
 #--------------------
@@ -107,10 +104,10 @@
       shell: docker exec -i {{ orchagent }} swssconfig {{ docker_testdir }}/{{ config_table_type_mirror }}
 
     - name: Add neighbor.
-      shell: ip neigh add {{ switch_if1_ip }} lladdr 0e:9c:37:42:43:67 dev Ethernet0
+      shell: ip neigh replace {{ neighbor2_ip }} lladdr 0e:9c:37:42:43:67 dev Ethernet0
 
     - name: Add route.
-      shell: ip route add {{ dst_mirror_subnet }} via {{ switch_if1_ip }}
+      shell: ip route add {{ dst_mirror_subnet }} via {{ neighbor2_ip }}
 
     - name: Create a rule within mirror table.
       shell: docker exec -i {{ orchagent }} swssconfig {{ docker_testdir }}/{{ config_rule_mirror }}
@@ -152,13 +149,22 @@
         table_name_check: "{{ mirror_table_name }}"
         rule_name_check: "{{ mirror_rule_name }}"
         expect_data: false
+        expected_counter_value: 0
       include: "{{ acl_check_db }}"
 
       # CLEANUP.
     - name: Run config cleanup after {{ testname}}
       include: "{{ run_config_cleanup }}"
 
 - always:
+    - name: Delete neighbor.
+      shell: ip neigh del {{ neighbor2_ip }} dev Ethernet0
+      ignore_errors: yes
+
+    - name: Delete route.
+      shell: ip route del {{ dst_mirror_subnet }}
+      ignore_errors: yes
+
     - name: Remove all the temporary files created by the test.
       file: path="{{ run_dir }}/{{ item }}" state=absent
       with_items:

ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_mirror_session.json

@@ -1,7 +1,7 @@
 [
     {
         "MIRROR_SESSION_TABLE:session1": {
-            "src_ip": "20.0.0.2",
+            "src_ip": "10.0.0.1",
             "dst_ip": "2.2.2.4",
             "gre_type": "0x6558",
             "dscp": "50",

ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule.json

@@ -2,8 +2,8 @@
     {
         "ACL_RULE_TABLE:acl_test_table:acl_config_rule": {
     	    "priority" : "55",
-            "SRC_IP" : "20.0.0.2/24",
-            "DST_IP" : "20.0.0.1/24",
+            "SRC_IP" : "10.0.0.1/24",
+            "DST_IP" : "10.0.0.0/24",
             "PACKET_ACTION" : "FORWARD"
         },
         "OP": "SET"

ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror.json

@@ -2,8 +2,8 @@
     {
         "ACL_RULE_TABLE:acl_test_table_mirror:acl_config_rule_mirror": {
     	    "priority" : "55",
-            "SRC_IP" : "20.0.0.2/24",
-            "DST_IP" : "20.0.0.1/24",
+            "SRC_IP" : "10.0.0.1/24",
+            "DST_IP" : "10.0.0.0/24",
             "MIRROR_ACTION" : "session1"
         },
         "OP": "SET"

ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_l3.json

@@ -1,7 +1,7 @@
 [
     {
         "ACL_TABLE:acl_test_table": {
-            "policy_desc" : "Permit_some_traffic_from_20.0.0.2",
+            "policy_desc" : "Permit_some_traffic_from_10.0.0.1",
             "type" : "L3",
             "ports" : "Ethernet0"
         },

ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_mirror.json

@@ -1,7 +1,7 @@
 [
     {
         "ACL_TABLE:acl_test_table_mirror": {
-            "policy_desc" : "Permit_some_traffic_from_20.0.0.2",
+            "policy_desc" : "Permit_some_traffic_from_10.0.0.1",
             "type" : "MIRROR",
             "ports" : "Ethernet0"
         },

ansible/roles/test/tasks/acl/acl_input_test/acl_config_invalid.json

@@ -1,7 +1,7 @@
 [
     {
         "ACL_TABLE:555555739a2cc107": {
-            "policy_desc" : "Permit_some_traffic_from_20.0.0.2",
+            "policy_desc" : "Permit_some_traffic_from_10.0.0.1",
             "type" : "L3",
             "ports" : "Ethernet0"
         },
@@ -10,8 +10,8 @@
     {
         "ACL_RULE_TABLE:555555739a2cc107:3f8a10ff": {
 	    "priority" : "55",
-            "SRC_IP" : "20.0.0.2/24",
-            "DST_IP" : "21.0.0.2/24",
+            "SRC_IP" : "10.0.0.1/24",
+            "DST_IP" : "10.0.0.3/24",
             "PACKET_ACTION" : "FORWARD"
         },
         "OP": "SET"

ansible/roles/test/tasks/acl/acl_input_test/acl_config_valid.json

@@ -1,7 +1,7 @@
 [
     {
         "ACL_TABLE:555555739a2cc107": {
-            "policy_desc" : "Permit_some_traffic_from_20.0.0.2",
+            "policy_desc" : "Permit_some_traffic_from_10.0.0.1",
             "type" : "L3",
             "ports" : "Ethernet0"
         },
@@ -10,8 +10,8 @@
     {
         "ACL_RULE_TABLE:555555739a2cc107:3f8a10ff": {
 	    "priority" : "55",
-            "SRC_IP" : "20.0.0.2/24",
-            "DST_IP" : "21.0.0.2/24",
+            "SRC_IP" : "10.0.0.1/24",
+            "DST_IP" : "10.0.0.3/24",
             "PACKET_ACTION" : "FORWARD"
         },
         "OP": "SET"

ansible/roles/test/tasks/acl/acl_orchagent_logic_test/acl_orchagent_logic_test.yml

@@ -79,25 +79,6 @@
     - name: Run config cleanup after.
       include: "{{ run_config_cleanup }}"
 
-#-----------------------------------------
-# test duplicate table creation
-#-----------------------------------------
-    - name: Create L3 table.
-      vars:
-        config_file: "{{ config_table_type_l3 }}"
-        test_expect_file: "{{ config_empty_expect }}"
-        errors_expected: false
-        run_cleanup: false
-      include: "{{ run_config_test }}"
-
-    - name: Create duplicate L3 table.
-      vars:
-        config_file: "{{ config_table_type_l3 }}"
-        test_expect_file: "{{ config_table_type_expect }}"
-        errors_expected: true
-        run_cleanup: true
-      include: "{{ run_config_test }}"
-
 #------------------------------------------
 # RULES TESTING
 #------------------------------------------
@@ -479,13 +460,6 @@
         run_cleanup: false
       include: "{{ run_config_test }}"
 
-    - name: Rule test - empty rule with no expectes.
-      vars:
-        config_file: "{{ config_rule_empty_invalid }}"
-        test_expect_file: "{{ config_rule_empty_expect }}"
-        errors_expected: true
-        run_cleanup: false
-      include: "{{ run_config_test }}"
 
     - name: Rule test - create rule in non-existing table.
       vars:
@@ -495,35 +469,6 @@
         run_cleanup: true
       include: "{{ run_config_test }}"
 
-#----------------------------------------------
-# test duplicate rule creation
-#----------------------------------------------
-    - name: Create L3 table.
-      vars:
-        config_file: "{{ config_table_type_l3 }}"
-        test_expect_file: "{{ config_empty_expect }}"
-        errors_expected: false
-        run_cleanup: false
-      include: "{{ run_config_test }}"
-
-    - name: Rule test - valid rule.
-      vars:
-        config_file: "{{ config_rule }}"
-        test_expect_file: "{{ config_empty_expect }}"
-        errors_expected: false
-        run_cleanup: false
-      include: "{{ run_config_test }}"
-
-   # Duplicate rule!
-    - name: Rule test - duplicate rule creation.
-      vars:
-        config_file: "{{ config_rule }}"
-        test_expect_file: "{{ config_duplicate_rule_expect }}"
-        errors_expected: true
-        run_cleanup: true
-      include: "{{ run_config_test }}"
-
-
 #----------------------------------------------------------------------------------
 #----------------------------------------------------------------------------------
 # Delete-test uploads different valid and invalid configs with OP: "DEL" and checks for the errors.

ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_non_existing.json

@@ -2,8 +2,8 @@
     {
         "ACL_RULE_TABLE:acl_test_table:non_existing_rule": {
 	    "priority" : "55",
-            "SRC_IP" : "20.0.0.2/24",
-            "DST_IP" : "21.0.0.2/24",
+            "SRC_IP" : "10.0.0.1/24",
+            "DST_IP" : "10.0.0.3/24",
             "PACKET_ACTION" : "FORWARD"
         },
         "OP": "DEL"

ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_valid.json

@@ -2,8 +2,8 @@
     {
         "ACL_RULE_TABLE:acl_test_table:acl_test_rule": {
 	    "priority" : "55",
-            "SRC_IP" : "20.0.0.2/24",
-            "DST_IP" : "21.0.0.2/24",
+            "SRC_IP" : "10.0.0.1/24",
+            "DST_IP" : "10.0.0.3/24",
             "PACKET_ACTION" : "FORWARD"
         },
         "OP": "DEL"

ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_diff_fields.json

@@ -1,7 +1,7 @@
 [
     {
         "ACL_TABLE:acl_test_table": {
-            "policy_desc" : "Permit_some_traffic_from_20.0.0.2",
+            "policy_desc" : "Permit_some_traffic_from_10.0.0.1",
             "ports" : "Ethernet4"
         },
         "OP": "DEL"

ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_valid.json

@@ -1,7 +1,7 @@
 [
     {
         "ACL_TABLE:acl_test_table": {
-            "policy_desc" : "Permit_some_traffic_from_20.0.0.2",
+            "policy_desc" : "Permit_some_traffic_from_10.0.0.1",
             "type" : "L3",
             "ports" : "Ethernet0"
         },

ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_with_rules.json

@@ -1,7 +1,7 @@
 [
     {
         "ACL_TABLE:acl_test_table": {
-            "policy_desc" : "Permit_some_traffic_from_20.0.0.2",
+            "policy_desc" : "Permit_some_traffic_from_10.0.0.1",
             "type" : "L3",
             "ports" : "Ethernet0"
         },

ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table.json

@@ -2,8 +2,8 @@
     {
         "ACL_RULE_TABLE:acl_test_table:acl_test_dscp_rule": {
 	    "priority" : "55",
-            "SRC_IP" : "20.0.0.2/24",
-            "DST_IP" : "21.0.0.2/24",
+            "SRC_IP" : "10.0.0.1/24",
+            "DST_IP" : "10.0.0.3/24",
             "PACKET_ACTION" : "FORWARD",
             "dscp" : "0xFF"
         },

ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_expect_file

@@ -1 +1 @@
-r, ".*Failed to create.*rule. Rule configuration is invalid"
+r, ".*Failed to create ACL rule. Rule configuration is invalid"

ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule.json

@@ -2,8 +2,8 @@
     {
         "ACL_RULE_TABLE:acl_test_table:acl_test_rule": {
 	    "priority" : "55",
-            "SRC_IP" : "20.0.0.2/24",
-            "DST_IP" : "21.0.0.2/24",
+            "SRC_IP" : "10.0.0.1/24",
+            "DST_IP" : "10.0.0.3/24",
             "PACKET_ACTION" : "FORWARD"
         },
         "OP": "SET"

ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table.json

@@ -2,8 +2,8 @@
     {
         "ACL_RULE_TABLE:NON_EXISTING_TABLE:acl_test_rule": {
 	    "priority" : "55",
-            "SRC_IP" : "20.0.0.2/24",
-            "DST_IP" : "21.0.0.2/24",
+            "SRC_IP" : "10.0.0.1/24",
+            "DST_IP" : "10.0.0.3/24",
             "PACKET_ACTION" : "FORWARD"
         },
         "OP": "SET"

ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_l3.json

@@ -1,7 +1,7 @@
 [
     {
         "ACL_TABLE:acl_test_table": {
-            "policy_desc" : "Permit_some_traffic_from_20.0.0.2",
+            "policy_desc" : "Permit_some_traffic_from_10.0.0.1",
             "type" : "L3",
             "ports" : "Ethernet0"
         },

ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_1.json

@@ -3,7 +3,7 @@
         "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_1": {
 		    "priority" : "55",
 			"PACKET_ACTION" : "FORWARD",
-			"TCP_FLAGS" : "FA"
+			"TCP_FLAGS" : "0x1/0xFF"
         },
         "OP": "SET"
     }

ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_2.json

@@ -3,7 +3,7 @@
         "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_2": {
 		    "priority" : "55",
 			"PACKET_ACTION" : "FORWARD",
-			"TCP_FLAGS" : "0xFA"
+			"TCP_FLAGS" : "0xFA/0xFF"
         },
         "OP": "SET"
     }

ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port_expect_file

@@ -1 +1 @@
-r, ".*Failed to process port list. Duplicate port entry."
+r, ".*Failed to process port list. Duplicate port entry"