diff --git a/ansible/roles/test/files/acstests/acltb_test.py b/ansible/roles/test/files/acstests/acltb_test.py index 48ac86263c4..02be7303cd5 100644 --- a/ansible/roles/test/files/acstests/acltb_test.py +++ b/ansible/roles/test/files/acstests/acltb_test.py @@ -271,6 +271,37 @@ def runAclTests(self, dst_ip, dst_ip_blocked, src_port, dst_ports): tests_passed += (0 if res else 1) print "Test #12 %s" % ("FAILED" if res else "PASSED") + pkt0 = simple_udp_packet( + eth_dst = self.router_mac, + eth_src = self.dataplane.get_mac(0, 0), + ip_src = "10.0.0.1", + ip_dst = dst_ip, + udp_sport = 1234, + udp_dport = 80, + ip_ttl = 64 + ) + #exp_pkt = pkt.deepcopy() + exp_pkt0 = simple_udp_packet( + eth_dst = self.dataplane.get_mac(0, 0), + eth_src = self.router_mac, + ip_src = "10.0.0.1", + ip_dst = dst_ip, + udp_sport = 1234, + udp_dport = 80, + ip_ttl = 63 + ) + + # Test #13 - Verify source IP match - UDP packet and UDP protocol + pkt = pkt0.copy() + exp_pkt = exp_pkt0.copy() + pkt['IP'].src = "10.0.0.2" + exp_pkt['IP'].src = "10.0.0.2" + pkt['IP'].proto=0x11 + exp_pkt['IP'].proto=0x11 + res = self.runSendReceiveTest(pkt, src_port, exp_pkt, dst_ports) + tests_passed += (0 if res else 1) + print "Test #13 %s" % ("FAILED" if res else "PASSED") + return tests_passed, self.tests_total #--------------------------------------------------------------------- diff --git a/ansible/roles/test/tasks/acl/acltb_test_rules.json b/ansible/roles/test/tasks/acl/acltb_test_rules.json index 9d948704691..8206dcdb181 100644 --- a/ansible/roles/test/tasks/acl/acltb_test_rules.json +++ b/ansible/roles/test/tasks/acl/acltb_test_rules.json @@ -196,7 +196,23 @@ }, "ip": { "config": { - "protocol":1, + "protocol":1, + "source-ip-address": "10.0.0.2/32" + } + } + }, + "14": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 14 + }, + "ip": { + "config": { + "protocol":17, "source-ip-address": "10.0.0.2/32" } } diff --git a/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json b/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json index 9d948704691..8206dcdb181 100644 --- a/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json +++ b/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json @@ -196,7 +196,23 @@ }, "ip": { "config": { - "protocol":1, + "protocol":1, + "source-ip-address": "10.0.0.2/32" + } + } + }, + "14": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 14 + }, + "ip": { + "config": { + "protocol":17, "source-ip-address": "10.0.0.2/32" } }