def test_port_rule_masking(self):
compare_rules = lambda x, y: set(x) == set(y) and len(x) == len(y)
# Test 1.
port_min = 5
port_max = 12
expected_rules = ['0x0005', '0x000c', '0x0006/0xfffe', '0x0008/0xfffc']
rules = utils.port_rule_masking(port_min, port_max)
self.assertTrue(compare_rules(rules, expected_rules))
# Test 2.
port_min = 20
port_max = 130
expected_rules = [
'0x0014/0xfffe', '0x0016/0xfffe', '0x0018/0xfff8', '0x0020/0xffe0',
'0x0040/0xffc0', '0x0080/0xfffe', '0x0082'
]
rules = utils.port_rule_masking(port_min, port_max)
self.assertEqual(expected_rules, rules)
# Test 3.
port_min = 4501
port_max = 33057
expected_rules = [
'0x1195', '0x1196/0xfffe', '0x1198/0xfff8', '0x11a0/0xffe0',
'0x11c0/0xffc0', '0x1200/0xfe00', '0x1400/0xfc00', '0x1800/0xf800',
'0x2000/0xe000', '0x4000/0xc000', '0x8021/0xff00', '0x8101/0xffe0',
'0x8120/0xfffe'
]
rules = utils.port_rule_masking(port_min, port_max)
self.assertEqual(expected_rules, rules)
def test_port_rule_masking(self):
compare_rules = lambda x, y: set(x) == set(y) and len(x) == len(y)
# Test 1.
port_min = 5
port_max = 12
expected_rules = ['0x0005', '0x000c', '0x0006/0xfffe',
'0x0008/0xfffc']
rules = utils.port_rule_masking(port_min, port_max)
self.assertTrue(compare_rules(rules, expected_rules))
# Test 2.
port_min = 20
port_max = 130
expected_rules = ['0x0014/0xfffe', '0x0016/0xfffe', '0x0018/0xfff8',
'0x0020/0xffe0', '0x0040/0xffc0', '0x0080/0xfffe',
'0x0082']
rules = utils.port_rule_masking(port_min, port_max)
self.assertEqual(expected_rules, rules)
# Test 3.
port_min = 4501
port_max = 33057
expected_rules = ['0x1195', '0x1196/0xfffe', '0x1198/0xfff8',
'0x11a0/0xffe0', '0x11c0/0xffc0', '0x1200/0xfe00',
'0x1400/0xfc00', '0x1800/0xf800', '0x2000/0xe000',
'0x4000/0xc000', '0x8021/0xff00', '0x8101/0xffe0',
'0x8120/0xfffe']
rules = utils.port_rule_masking(port_min, port_max)
self.assertEqual(expected_rules, rules)
def test_port_rule_masking(self):
if (inspect.isclass(self.expected)
and issubclass(self.expected, Exception)):
with testtools.ExpectedException(self.expected):
utils.port_rule_masking(self.port_min, self.port_max)
else:
rules = utils.port_rule_masking(self.port_min, self.port_max)
self.assertItemsEqual(self.expected, rules)
def test_port_rule_masking(self):
if (inspect.isclass(self.expected)
and issubclass(self.expected, Exception)):
with testtools.ExpectedException(self.expected):
utils.port_rule_masking(self.port_min, self.port_max)
else:
rules = utils.port_rule_masking(self.port_min, self.port_max)
self.assertItemsEqual(self.expected, rules)
def create_port_range_flows(flow_template, rule):
protocol = fwaas_ovs_consts.REVERSE_IP_PROTOCOL_MAP_WITH_PORTS.get(
rule.get('protocol'))
if protocol is None:
return []
flows = []
src_port_match = '{:s}_src'.format(protocol)
src_port_min = rule.get('source_port_range_min')
src_port_max = rule.get('source_port_range_max')
dst_port_match = '{:s}_dst'.format(protocol)
dst_port_min = rule.get('port_range_min')
dst_port_max = rule.get('port_range_max')
dst_port_range = []
if dst_port_min and dst_port_max:
dst_port_range = utils.port_rule_masking(dst_port_min, dst_port_max)
src_port_range = []
if src_port_min and src_port_max:
src_port_range = utils.port_rule_masking(src_port_min, src_port_max)
for port in src_port_range:
flow = flow_template.copy()
flow[src_port_match] = port
if dst_port_range:
for port in dst_port_range:
dst_flow = flow.copy()
dst_flow[dst_port_match] = port
flows.append(dst_flow)
else:
flows.append(flow)
else:
for port in dst_port_range:
flow = flow_template.copy()
flow[dst_port_match] = port
flows.append(flow)
return flows
def create_port_range_flows(flow_template, rule):
protocol = ovsfw_consts.REVERSE_IP_PROTOCOL_MAP_WITH_PORTS.get(
rule.get('protocol'))
if protocol is None:
return []
flows = []
src_port_match = '{:s}_src'.format(protocol)
src_port_min = rule.get('source_port_range_min')
src_port_max = rule.get('source_port_range_max')
dst_port_match = '{:s}_dst'.format(protocol)
dst_port_min = rule.get('port_range_min')
dst_port_max = rule.get('port_range_max')
dst_port_range = []
if dst_port_min and dst_port_max:
dst_port_range = utils.port_rule_masking(dst_port_min, dst_port_max)
src_port_range = []
if src_port_min and src_port_max:
src_port_range = utils.port_rule_masking(src_port_min, src_port_max)
for port in src_port_range:
flow = flow_template.copy()
flow[src_port_match] = port
if dst_port_range:
for port in dst_port_range:
dst_flow = flow.copy()
dst_flow[dst_port_match] = port
flows.append(dst_flow)
else:
flows.append(flow)
else:
for port in dst_port_range:
flow = flow_template.copy()
flow[dst_port_match] = port
flows.append(flow)
return flows
def _add_rules_flows(self, port):
rules = self._select_sg_rules_for_port(port)
for rule in rules:
ethertype = rule['ethertype']
direction = rule['direction']
protocol = rule.get('protocol')
port_range_min = rule.get('port_range_min')
port_range_max = rule.get('port_range_max')
source_ip_prefix = rule.get('source_ip_prefix')
dest_ip_prefix = rule.get('dest_ip_prefix')
flow = {}
# Direcction.
if direction == EGRESS_DIRECTION:
flow['priority'] = OF_EGRESS_PORT_RULE_PRIO
flow['table'] = OF_EGRESS_TABLE
flow["dl_src"] = port["mac_address"]
elif direction == INGRESS_DIRECTION:
flow['priority'] = OF_INGRESS_PORT_RULE_PRIO
flow['table'] = OF_INGRESS_TABLE
flow["dl_dst"] = port["mac_address"]
# Protocol.
flow['proto'] = self._write_proto(ethertype, protocol)
# Port range.
port_match = ""
if (port_range_min and port_range_max and
protocol in [constants.PROTO_NAME_TCP,
constants.PROTO_NAME_UDP]):
port_match = "%s_dst" % protocol
if port_range_max > port_range_min:
flow[port_match] = neutron_utils.port_rule_masking(
port_range_min,
port_range_max)
else:
flow[port_match] = int(port_range_min)
# Destination and source address.
if dest_ip_prefix and dest_ip_prefix != "0.0.0.0/0":
flow[OF_MNEMONICS[ethertype]["ip_dst"]] = dest_ip_prefix
if source_ip_prefix and source_ip_prefix != "0.0.0.0/0":
flow[OF_MNEMONICS[ethertype]["ip_src"]] = source_ip_prefix
# Write flow.
self._write_flows_per_ip(flow, rule, port, port_match, protocol)
def compare_port_ranges_results(self, port_min, port_max):
observed = utils.port_rule_masking(port_min, port_max)
expected = _port_rule_masking(port_min, port_max)
self.assertCountEqual(expected, observed)
def test_port_rule_wrong_input(self):
with testtools.ExpectedException(ValueError):
utils.port_rule_masking(12, 5)
def test_port_rule_masking_min_higher_than_max(self):
port_min = 10
port_max = 5
with testtools.ExpectedException(ValueError):
utils.port_rule_masking(port_min, port_max)
def test_port_rule_masking_min_higher_than_max(self):
port_min = 10
port_max = 5
with testtools.ExpectedException(ValueError):
utils.port_rule_masking(port_min, port_max)
def compare_port_ranges_results(self, port_min, port_max):
observed = utils.port_rule_masking(port_min, port_max)
expected = _port_rule_masking(port_min, port_max)
self.assertItemsEqual(expected, observed)
def test_port_rule_wrong_input(self):
with testtools.ExpectedException(ValueError):
utils.port_rule_masking(12, 5)
