add Ether check in macsec_dp_poll#6828
Conversation
|
|
|
The pre-commit check detected issues in the files touched by this pull request. For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame Detailed pre-commit check results: To run the pre-commit checks locally, you can follow below steps:
|
…ic-mgmt into internal-202205 Fix merge conflicts. - [pre-commit] Fix style issues in test scripts under `tests/acl` folder (sonic-net#6679) - Moving check for reboot cause after interface status check (sonic-net#6721) - Adding watchdog timeout values for Cisco 8808 Supervisor and Different LCs (sonic-net#6776) - add Ether check in macsec_dp_poll (sonic-net#6828) - Disable PFC watchdog in test_cpu_memory_usage_counterpoll (sonic-net#6851) - Testcase to verify that lossless traffic is not dropped during congesion. (sonic-net#6853) - Ignore Broadcom sai sai unbind ERR log for now (sonic-net#6539) - [chassis][multi-asic] update the loganalyser regex for multi asic (sonic-net#6885) - [mx] Fix test_acl failed on mx topo (sonic-net#6971) (sonic-net#6983) - [202205][mx] Add support for mx in test_null_route_helper (sonic-net#6967) (sonic-net#6982) - [m0][everflow] Add m0 support for everflow and refactor everflow setup_info (sonic-net#6900) - [ACL] Add acl stress test (sonic-net#6903) - Enhance test_tor_ecn (sonic-net#6906) - Fix erros - Added unique IPV6 address for the missed ACL rules PR sonic-net#6390 (sonic-net#6909) - enabled bfd tests (sonic-net#6919) - Skip bgp speaker test on backend topo (sonic-net#6922) - [advanced-reboot] Handle logs in tmpfs: backup two log files before reboot (sonic-net#6923) - Fix missing definition (sonic-net#6930) - [Mellanox] Add minimal table definition for SN2201 (sonic-net#6943) - Update qos test param for dualtor topology (sonic-net#6948) - fix setup for single asic lc (sonic-net#6951) - Fix QoS sai test for running with python3 (sonic-net#6961) - Don't fail if logrotate cron job file isn't present (sonic-net#6964) - Disable post sanity check for vxlan test (sonic-net#6980) - Merge branch 'azure-202205' into dev/yaqiangzhu/202205_merge
4 participants
Description of PR
#6459
When run "test_acl.py" based on the master branch of sonic-mgmt in Cisco Lab, we hit the following error:
19:01:00 init.pytest_runtest_call L0040 ERROR | Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/_pytest/python.py", line 1464, in runtest
self.ihook.pytest_pyfunc_call(pyfuncitem=self)
File "/usr/local/lib/python2.7/dist-packages/pluggy/hooks.py", line 286, in call
return self._hookexec(self, self.get_hookimpls(), kwargs)
File "/usr/local/lib/python2.7/dist-packages/pluggy/manager.py", line 93, in _hookexec
return self._inner_hookexec(hook, methods, kwargs)
File "/usr/local/lib/python2.7/dist-packages/pluggy/manager.py", line 87, in
firstresult=hook.spec.opts.get("firstresult") if hook.spec else False,
File "/usr/local/lib/python2.7/dist-packages/pluggy/callers.py", line 208, in _multicall
return outcome.get_result()
File "/usr/local/lib/python2.7/dist-packages/pluggy/callers.py", line 81, in get_result
_reraise(*ex) # noqa
File "/usr/local/lib/python2.7/dist-packages/pluggy/callers.py", line 187, in _multicall
res = hook_impl.function(*args)
File "/usr/local/lib/python2.7/dist-packages/_pytest/python.py", line 174, in pytest_pyfunc_call
testfunction(**testargs)
File "/data/tests/acl/test_acl.py", line 710, in test_ingress_unmatched_blocked
self._verify_acl_traffic(setup, direction, ptfadapter, pkt, True, ip_version)
File "/data/tests/acl/test_acl.py", line 908, in _verify_acl_traffic
testutils.verify_no_packet_any(ptfadapter, exp_pkt, ports=self.get_dst_ports(setup, direction))
File "/usr/lib/python2.7/dist-packages/ptf/testutils.py", line 2476, in verify_no_packet_any
verify_no_packet(test, pkt, (device, port))
File "/usr/lib/python2.7/dist-packages/ptf/testutils.py", line 2418, in verify_no_packet
test, device_number=device, port_number=port, exp_pkt=pkt, timeout=timeout
File "/data/tests/common/plugins/ptfadapter/init.py", line 48, in _dp_poll
return origin_dp_poll(test, device_number=device_number, port_number=port_number, timeout=timeout, exp_pkt=exp_pkt)
File "/data/tests/macsec/macsec_helper.py", line 378, in macsec_dp_poll
if pkt[scapy.Ether].type != 0x88e5:
File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 1344, in getitem
raise IndexError("Layer [%s] not found" % name)
IndexError: Layer [Ether] not found
Steps to reproduce the issue:
based on master branch of sonic-mgmt, run "test_acl.py" in local T1 testbed.
Describe the results you received:
The error is due to the "macsec_dp_poll" doesn't skip the non-ether l2 packet.
In our test network, it has STP packet as follows:
19:01:00 macsec_helper.macsec_dp_poll L0374 WARNING| George pkt:###[ 802.3 ]###
dst = 01:00:0c:cc:cc:cd
src = 64:3a:ea:e5:33:d0
len = 50
###[ LLC ]###
dsap = 0xaa
ssap = 0xaa
ctrl = 3
###[ SNAP ]###
OUI = 00:00:0c
code = 0x10b
###[ Spanning Tree Protocol ]###
proto = 0
version = 2
bpdutype = 2
bpduflags = 60
rootid = 34768
rootmac = 64:3a:ea:e5:33:43
pathcost = 0
bridgeid = 34768
bridgemac = 64:3a:ea:e5:33:43
portid = 32909
age = 0.0
maxage = 20.0
hellotime = 2.0
fwddelay = 15.0
###[ Raw ]###
load = '\x00\x00\x00\x00\x02\x07\xd0'
Solution
The poll function should skip non-ether pkt.
We need add a check func before handle it.