def _create_port_policies(self):
ignore_action = app_testing_objects.IgnoreAction()
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
key1 = (self.subnet1.subnet_id, self.port1.port_id)
actions = [
app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction()
]
rules1 = [
app_testing_objects.PortPolicyRule(
# Detect pong, end simulation
app_testing_objects.OsKenICMPPongFilter(self._get_ping),
actions=actions),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.OsKenARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.OsKenIPv6Filter(),
actions=[ignore_action]),
]
policy1 = app_testing_objects.PortPolicy(rules=rules1,
default_action=raise_action)
return {
key1: policy1,
}
def _create_rate_limit_port_policies(self, rate, icmp_filter):
ignore_action = app_testing_objects.IgnoreAction()
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
# Disable port policy rule, so that any further packets will hit the
# default action, which is raise_action in this case.
count_action = app_testing_objects.CountAction(
rate, app_testing_objects.DisableRuleAction())
key = (self.subnet.subnet_id, self.port.port_id)
rules = [
app_testing_objects.PortPolicyRule(
# Detect ICMP, end simulation
icmp_filter(self._get_ip),
actions=[count_action]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.OsKenARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.OsKenIPv6Filter(),
actions=[ignore_action]),
]
policy = app_testing_objects.PortPolicy(rules=rules,
default_action=raise_action)
return {key: policy}
def _get_filtering_rules(self):
ignore_action = app_testing_objects.IgnoreAction()
rules = [
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.OsKenARPGratuitousFilter(),
actions=[
ignore_action
]
),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.OsKenIPv6Filter(),
actions=[
ignore_action
]
)
]
return rules
def _get_filtering_rules(self):
ignore_action = app_testing_objects.IgnoreAction()
rules = [
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.OsKenARPGratuitousFilter(),
actions=[
ignore_action
]
),
app_testing_objects.PortPolicyRule(
# Ignore Neighbor Advertisements
app_testing_objects.OsKenNeighborSolicitationFilter(),
actions=[
ignore_action
]
),
app_testing_objects.PortPolicyRule(
# Ignore Neighbor Advertisements
app_testing_objects.OsKenNeighborAdvertisementFilter(),
actions=[
ignore_action
]
),
app_testing_objects.PortPolicyRule(
# Ignore Neighbor Advertisements
app_testing_objects.OsKenRouterSolicitationFilter(),
actions=[
ignore_action
]
),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 multicast
app_testing_objects.OsKenIpv6MulticastFilter(),
actions=[
ignore_action
]
)
]
return rules
def _create_icmp_test_port_policies(self, icmp_filter):
ignore_action = app_testing_objects.IgnoreAction()
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
key = (self.subnet.subnet_id, self.port.port_id)
rules = [
app_testing_objects.PortPolicyRule(
# Detect ICMP, end simulation
icmp_filter(self._get_ip),
actions=[
app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction()
]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.OsKenARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.OsKenIPv6Filter(),
actions=[ignore_action]),
]
policy = app_testing_objects.PortPolicy(rules=rules,
default_action=raise_action)
return {key: policy}
def test_icmp_ping_pong(self):
# Setup base components - two ports on 1 network
self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
self.addCleanup(self.topology.close)
self.subnet1 = self.topology.create_subnet(cidr='192.168.12.0/24')
self.port1 = self.subnet1.create_port()
self.port2 = self.subnet1.create_port()
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
# Setup VLAN ports
self.network = objects.NetworkTestObj(self.neutron, self.nb_api)
self.addCleanup(self.network.close)
self.network.create()
self.subnet = objects.SubnetTestObj(self.neutron,
self.nb_api,
network_id=self.network.network_id)
self.addCleanup(self.subnet.close)
self.subnet.create()
self.vlan_port1 = objects.PortTestObj(
self.neutron, self.nb_api, network_id=self.network.network_id)
self.addCleanup(self.vlan_port1.close)
self.vlan_port1.create()
self.vlan_port2 = objects.PortTestObj(
self.neutron, self.nb_api, network_id=self.network.network_id)
self.addCleanup(self.vlan_port2.close)
self.vlan_port2.create()
self.cps1 = objects.ChildPortSegmentationTestObj(
self.neutron, self.nb_api)
self.addCleanup(self.cps1.close)
self.cps1.create(self.port1.port.port_id, self.vlan_port1.port_id,
'vlan', 7)
self.addCleanup(self.port1.unbind)
self.cps2 = objects.ChildPortSegmentationTestObj(
self.neutron, self.nb_api)
self.addCleanup(self.cps2.close)
self.cps2.create(self.port2.port.port_id, self.vlan_port2.port_id,
'vlan', 8)
self.addCleanup(self.port2.unbind)
# Setup policy
ignore_action = app_testing_objects.IgnoreAction()
key1 = (self.subnet1.subnet_id, self.port1.port_id)
rules1 = [
app_testing_objects.PortPolicyRule(
# Detect pong, end simulation
app_testing_objects.AndingFilter(
app_testing_objects.OsKenVLANTagFilter(7),
app_testing_objects.OsKenICMPPongFilter(self._get_ping)),
actions=[
app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction()
]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.OsKenARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.OsKenIPv6Filter(),
actions=[ignore_action]),
]
key2 = (self.subnet1.subnet_id, self.port2.port_id)
rules2 = [
app_testing_objects.PortPolicyRule(
# Detect ping, reply with pong
app_testing_objects.AndingFilter(
app_testing_objects.OsKenVLANTagFilter(8),
app_testing_objects.OsKenICMPPingFilter()),
actions=[
app_testing_objects.SendAction(self.subnet1.subnet_id,
self.port2.port_id,
self._create_pong_packet),
app_testing_objects.DisableRuleAction()
]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.OsKenARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.OsKenIPv6Filter(),
actions=[ignore_action]),
]
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
policy1 = app_testing_objects.PortPolicy(rules=rules1,
default_action=raise_action)
policy2 = app_testing_objects.PortPolicy(rules=rules2,
default_action=raise_action)
port_policies = {key1: policy1, key2: policy2}
initial_packet = self._create_ping_packet()
policy = app_testing_objects.Policy(
initial_actions=[
app_testing_objects.SendAction(
self.subnet1.subnet_id,
self.port1.port_id,
initial_packet,
),
],
port_policies=port_policies,
unknown_port_action=app_testing_objects.IgnoreAction())
self.addCleanup(policy.close)
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
# Verify port is up
neutron_vlan_port1 = objects.get_port_by_id(self.neutron,
self.vlan_port1.port_id)
self.assertEqual(n_const.PORT_STATUS_ACTIVE,
neutron_vlan_port1['status'])
neutron_vlan_port2 = objects.get_port_by_id(self.neutron,
self.vlan_port2.port_id)
self.assertEqual(n_const.PORT_STATUS_ACTIVE,
neutron_vlan_port2['status'])
# Verify connectivity
apps.start_policy(policy, self.topology,
const.DEFAULT_RESOURCE_READY_TIMEOUT)