The initial implementation of MACIP ACLs was done before the make test framework was fully ready, so at the moment there is no coverage at all for MACIP ACLs. This makes refactoring very risky. This JIRA is to develop the corresponding tests in the "make test" for MACIP ACL ACL-plugin.

The tests should verify (when written "IP" it is assumed both IPv4 and IPv6):

1) the addition and deletion of the MACIP ACLs

as part of addition/deletion there should be ACLs with one, two, three, 10 and 100 entries.

The possible entries should include: exact MAC + exact IP, exact MAC and subnet of IPs, wildcard MAC and subnet of IPs, specific MAC and wildcard IP, OUI-restricted MAC and subnet of IPs, OUI-restricted MAC and wildcard IPs.

The subnets should be sufficiently different and not be parts of each other, to avoid accidental false positives/negatives.

2) the traffic verification for the added and applied MACIP ACLs

• positive tests: verify that the data traffic with the legitimate IP/MAC source passes, as well as the legal ARP/ND requests and responses from the associated host pass
• negative tests: verify that the data traffic and the ARP/ND requests and responses that contain the violations of MAC and/or IP according to the rules are dropped

3) verify that the cleanup is done correctly if an interface containing the MACIP ACL gets deleted, and another interface is created in its place.

This list is not the fully definitive one, any more additions are welcome.