def test_new_interface_becomes_visible():
"""
Title: Test new interface becomes visible
Scenario:
When: On start up, a Midolman sees no interface,
Then: adds a new interface,
And: Midolman detects a new interface.
"""
midonet_api = get_midonet_api()
new_interface = get_interface(midonet_api,
'00000000-0000-0000-0000-000000000001',
'interface_01')
# Test that no interface with name 'interface_01' exists.
assert_that(new_interface, none(), 'interface interface_01')
# Create a new interface 'interface_01'.
PTM.build()
time.sleep(5)
new_interface = get_interface(midonet_api,
'00000000-0000-0000-0000-000000000001',
'interface_01')
# Test that the created interface is visible.
assert_that(new_interface, not_none(), 'interface interface_01.')
def bind(self, filename=None, data=None):
self._data = self._get_data(filename, data)
# Get a new api ref to workaround previous zk failures
self._api = get_midonet_api()
bindings = self._data['bindings']
for b in bindings:
binding = b['binding']
host_id = binding['host_id']
iface_id = binding['interface_id']
device_name = binding['device_name']
port_id = binding['port_id']
self._port_if_map[(device_name, port_id)] = (host_id, iface_id)
device_port = self._vtm.get_device_port(device_name, port_id)
mn_vport = device_port._mn_resource
if mn_vport.get_type() == 'InteriorRouter' or \
mn_vport.get_type() == 'InteriorBridge':
LOG.error("Cannot bind interior port")
sys.exit(-1) # TODO: make this fancier
mn_vport_id = mn_vport.get_id()
iface = self._ptm.get_interface(host_id, iface_id)
iface.clear_arp(sync=True)
iface_name = iface.interface['ifname']
mn_host_id = iface.host['mn_host_id']
iface.vport_id = mn_vport_id
self._api.get_host(mn_host_id).add_host_interface_port()\
.port_id(mn_vport_id)\
.interface_name(iface_name).create()
await_port_active(mn_vport_id)
def test_new_interface_becomes_visible():
"""
mdts.tests.functional_tests.test_midolman_and_interfaces.test_new_interface_becomes_visible
Scenario:
When: On start up, a Midolman sees no interface,
Then: adds a new interface,
And: Midolman detects a new interface.
"""
# FIXME: pick the midonet-agent from binding manager (when parallel)
midonet_api = get_midonet_api()
agent = service.get_container_by_hostname('midolman1')
iface_name = 'interface%d' % random.randint(1, 100)
new_interface = get_interface(midonet_api, agent.get_midonet_host_id(),
iface_name)
# Test that no interface with name 'interface_01' exists.
assert_that(new_interface, none(), iface_name)
# Create a new interface 'interface_01'.
iface = agent.create_vmguest(ifname=iface_name)
time.sleep(5)
new_interface = get_interface(midonet_api, agent.get_midonet_host_id(),
iface_name)
# Test that the created interface is visible.
assert_that(new_interface, not_none(), iface_name)
agent.destroy_vmguest(iface)
def bind(self, filename=None, data=None):
self._data = self._get_data(filename, data)
# Get a new api ref to workaround previous zk failures
self._api = get_midonet_api()
bindings = self._data['bindings']
for b in bindings:
binding = b['binding']
host_id = binding['host_id']
iface_id = binding['interface_id']
device_name = binding['device_name']
port_id = binding['port_id']
self._port_if_map[(device_name, port_id)] = (host_id, iface_id)
device_port = self._vtm.get_device_port(device_name, port_id)
mn_vport = device_port._mn_resource
if mn_vport.get_type() == 'InteriorRouter' or \
mn_vport.get_type() == 'InteriorBridge':
LOG.error("Cannot bind interior port")
sys.exit(-1) # TODO: make this fancier
mn_vport_id = mn_vport.get_id()
iface = self._ptm.get_interface(host_id, iface_id)
iface.clear_arp(sync=True)
iface_name = iface.interface['ifname']
mn_host_id = iface.host['mn_host_id']
iface.vport_id = mn_vport_id
self._api.get_host(mn_host_id).add_host_interface_port()\
.port_id(mn_vport_id)\
.interface_name(iface_name).create()
await_port_active(mn_vport_id)
def test_new_interface_becomes_visible():
"""
mdts.tests.functional_tests.test_midolman_and_interfaces.test_new_interface_becomes_visible
Scenario:
When: On start up, a Midolman sees no interface,
Then: adds a new interface,
And: Midolman detects a new interface.
"""
# FIXME: pick the midonet-agent from binding manager (when parallel)
midonet_api = get_midonet_api()
agent = service.get_container_by_hostname('midolman1')
iface_name = 'interface%d' % random.randint(1, 100)
new_interface = get_interface(
midonet_api,
agent.get_midonet_host_id(),
iface_name)
# Test that no interface with name 'interface_01' exists.
assert_that(new_interface, none(), iface_name)
# Create a new interface 'interface_01'.
iface = agent.create_vmguest(ifname=iface_name)
time.sleep(5)
new_interface = get_interface(
midonet_api,
agent.get_midonet_host_id(),
iface_name)
# Test that the created interface is visible.
assert_that(new_interface, not_none(), iface_name)
agent.destroy_vmguest(iface)
def bind(self, filename=None, data=None):
# Build a new virtual topology at every binding, destroy at the end
self._ptm.build()
self._vtm.build()
self._data = self._get_data(filename, data)
# Get a new api ref to workaround previous zk failures
self._api = get_midonet_api()
bindings = self._data['bindings']
for b in bindings:
binding = b['binding']
host_id = binding['host_id']
iface_id = binding['interface_id']
device_name = binding['device_name']
port_id = binding['port_id']
self._port_if_map[(device_name, port_id)] = \
(host_id, iface_id)
device_port = self._vtm.get_device_port(device_name, port_id)
mn_vport = device_port._mn_resource
if mn_vport.get_type() == 'InteriorRouter' or \
mn_vport.get_type() == 'InteriorBridge':
LOG.error("Cannot bind interior port")
sys.exit(-1) # TODO: make this fancier
mn_vport_id = mn_vport.get_id()
host = service.get_container('midolman', host_id)
# Clean up yamls or remove them completely, this is so ugly
_host = filter(
lambda x: x['host']['id'] == host_id,
self._ptm._hosts)[0]['host']
_interface = filter(
lambda x: x['interface']['id'] == iface_id,
_host['interfaces']
)[0]['interface']
# Remove kwargs we are not interested in
_interface_vm = dict(_interface)
del _interface_vm['ipv6_addr']
del _interface_vm['type']
del _interface_vm['id']
iface = host.create_vmguest(**_interface_vm)
self._port_if_map[(device_name, port_id)] = iface
iface.vport_id = mn_vport_id
self._vms.append(iface)
iface.clear_arp(sync=True)
iface_name = iface.get_host_ifname()
#iface.interface['ifname']
mn_host_id = host.get_midonet_host_id()
#iface.host['mn_host_id']
iface.vport_id = mn_vport_id
host.bind_port(iface, mn_vport_id)
await_port_active(mn_vport_id)
def __init__(self, filename=None, data=None, midonet_api=None):
super(TopologyManager, self).__init__()
# deprecate
self._data = self._get_data(filename, data)
self._midonet_api_host = service.get_container_by_hostname('cluster1')
# New model
self._midonet_api = utils.get_midonet_api()
self._cleanups = callmany.CallMany()
self._resources = {}
def __init__(self, filename=None, data=None, midonet_api=None):
super(TopologyManager, self).__init__()
# deprecate
self._data = self._get_data(filename, data)
self._midonet_api_host = service.get_container_by_hostname('cluster1')
# New model
self._midonet_api = utils.get_midonet_api()
self._cleanups = callmany.CallMany()
self._resources = {}
def reboot_agents(sleep_secs):
midonet_api = get_midonet_api()
stop_midolman_agents()
time.sleep(5)
check_all_midolman_hosts(midonet_api, alive=False)
time.sleep(sleep_secs)
start_midolman_agents()
time.sleep(30)
check_all_midolman_hosts(midonet_api, alive=True)
def reboot_agents(sleep_secs):
midonet_api = get_midonet_api()
stop_midolman_agents()
time.sleep(5)
check_all_midolman_hosts(midonet_api, alive=False)
time.sleep(sleep_secs)
start_midolman_agents()
time.sleep(30)
check_all_midolman_hosts(midonet_api, alive=True)
def setup():
# disable ipv6 to avoid mac learning with automatically sent
# ipv6 packets e.g. autoconf upon "ip link set up"
subprocess.call(
['sysctl -w net.ipv6.conf.default.disable_ipv6=1 >/dev/null'],
shell=True)
midonet_api = get_midonet_api()
check_all_midolman_hosts(midonet_api, True)
clear_physical_topology()
clear_virtual_topology_for_tenants(
tenant_name_prefix=TEST_TENANT_NAME_PREFIX)
def setup():
# disable ipv6 to avoid mac learning with automatically sent
# ipv6 packets e.g. autoconf upon "ip link set up"
subprocess.call(
['sysctl -w net.ipv6.conf.default.disable_ipv6=1 >/dev/null'],
shell=True)
midonet_api = get_midonet_api()
check_all_midolman_hosts(midonet_api, True)
clear_physical_topology()
clear_virtual_topology_for_tenants(
tenant_name_prefix=TEST_TENANT_NAME_PREFIX)
def test_host_status():
"""
Title: Test host status update
Scenario:
When: The test starts up,
Then: check if all Midolman agents are alive,
Then: stops all Midolman agents,
Then: check if all Midolman agents are now dead,
Then: restarts all Midolman agetns,
And: check again if all Midolman agents are alive,
"""
midonet_api = get_midonet_api()
check_all_midolman_hosts(midonet_api, alive=True)
stop_midolman_agents()
time.sleep(5)
check_all_midolman_hosts(midonet_api, alive=False)
start_midolman_agents()
time.sleep(30)
check_all_midolman_hosts(midonet_api, alive=True)
def test_host_status():
"""
Title: Test host status update
Scenario:
When: The test starts up,
Then: check if all Midolman agents are alive,
Then: stops all Midolman agents,
Then: check if all Midolman agents are now dead,
Then: restarts all Midolman agetns,
And: check again if all Midolman agents are alive,
"""
midonet_api = get_midonet_api()
check_all_midolman_hosts(midonet_api, alive=True)
stop_midolman_agents()
time.sleep(5)
check_all_midolman_hosts(midonet_api, alive=False)
start_midolman_agents()
time.sleep(30)
check_all_midolman_hosts(midonet_api, alive=True)
def test_new_interface_becomes_visible():
"""
Title: Test new interface becomes visible
Scenario:
When: On start up, a Midolman sees no interface,
Then: adds a new interface,
And: Midolman detects a new interface.
"""
midonet_api = get_midonet_api()
new_interface = get_interface(
midonet_api, '00000000-0000-0000-0000-000000000001', 'interface_01')
# Test that no interface with name 'interface_01' exists.
assert_that(new_interface, none(), 'interface interface_01')
# Create a new interface 'interface_01'.
PTM.build()
time.sleep(5)
new_interface = get_interface(
midonet_api, '00000000-0000-0000-0000-000000000001', 'interface_01')
# Test that the created interface is visible.
assert_that(new_interface, not_none(), 'interface interface_01.')
def bind(self, filename=None):
self._ptm.build()
self._vtm.build()
# Get a new api ref to workaround previous zk failures
self._api = get_midonet_api()
bindings = self._data['bindings']
for b in bindings:
binding = b['binding']
host_id = binding['host_id']
iface_id = binding['interface_id']
device_name = binding['device_name']
port_id = binding['port_id']
device_port = self._vtm.get_device_port(device_name, port_id)
mn_vport = device_port._mn_resource
if mn_vport.get_type() == 'InteriorRouter' or \
mn_vport.get_type() == 'InteriorBridge':
LOG.error("Cannot bind interior port")
sys.exit(-1) # TODO: make this fancier
# FIXME: some hosts are specified by midonet host_id while others
# are referenced by hostname. Need a coherent mechanism
# Cleanup everything not related to bindings from here
if 'host_id' in binding:
host_id = binding['host_id']
# FIXME:
# Clean up yamls or remove them completely, this is so ugly
_host = filter(lambda x: x['host']['id'] == host_id,
self._ptm._hosts)[0]['host']
elif 'hostname' in binding:
hostname = binding['hostname']
_host = filter(lambda x: x['host']['hostname'] == hostname,
self._ptm._hosts)[0]['host']
else:
raise RuntimeError("Hosts in the binding should have a"
"host_id or a hostname property")
_interface = filter(lambda x: x['interface']['id'] == iface_id,
_host['interfaces'])[0]['interface']
mn_vport_id = mn_vport.get_id()
host = service.get_container_by_hostname('midolman%s' % host_id)
if _interface['type'] == 'netns':
iface = host.create_vmguest(**_interface)
elif _interface['type'] == 'trunk':
iface = host.create_trunk(**_interface)
else: # provided
iface = host.create_provided(**_interface)
self._port_if_map[(device_name, port_id)] = iface
iface.vport_id = mn_vport_id
self._interfaces.append((iface, host))
iface.clear_arp(sync=True)
iface.vport_id = mn_vport_id
host.bind_port(iface, mn_vport_id)
await_port_active(mn_vport_id)
def bind(self, filename=None):
self._ptm.build()
self._vtm.build()
# Get a new api ref to workaround previous zk failures
self._api = get_midonet_api()
bindings = self._data['bindings']
for b in bindings:
binding = b['binding']
host_id = binding['host_id']
iface_id = binding['interface_id']
device_name = binding['device_name']
port_id = binding['port_id']
device_port = self._vtm.get_device_port(device_name, port_id)
mn_vport = device_port._mn_resource
if mn_vport.get_type() == 'InteriorRouter' or \
mn_vport.get_type() == 'InteriorBridge':
LOG.error("Cannot bind interior port")
sys.exit(-1) # TODO: make this fancier
# FIXME: some hosts are specified by midonet host_id while others
# are referenced by hostname. Need a coherent mechanism
# Cleanup everything not related to bindings from here
if 'host_id' in binding:
host_id = binding['host_id']
# FIXME:
# Clean up yamls or remove them completely, this is so ugly
_host = filter(
lambda x: x['host']['id'] == host_id,
self._ptm._hosts)[0]['host']
elif 'hostname' in binding:
hostname = binding['hostname']
_host = filter(
lambda x: x['host']['hostname'] == hostname,
self._ptm._hosts)[0]['host']
else:
raise RuntimeError("Hosts in the binding should have a"
"host_id or a hostname property")
_interface = filter(
lambda x: x['interface']['id'] == iface_id,
_host['interfaces']
)[0]['interface']
mn_vport_id = mn_vport.get_id()
host = service.get_container_by_hostname('midolman%s' % host_id)
if _interface['type'] == 'netns':
iface = host.create_vmguest(**_interface)
elif _interface['type'] == 'trunk':
iface = host.create_trunk(**_interface)
else: # provided
iface = host.create_provided(**_interface)
self._port_if_map[(device_name, port_id)] = iface
iface.vport_id = mn_vport_id
self._interfaces.append((iface, host))
iface.clear_arp(sync=True)
iface.vport_id = mn_vport_id
host.bind_port(iface, mn_vport_id)
await_port_active(mn_vport_id)
def test_l2insertion_both_ends_protected():
"""
Title: Test insertions with both ends protected
2 L2 insertions on 2 ports, each insertion with a different bad pattern.
The bad packets matching the different patterns should be blocked at
different insertions depending on the direction of the packet.
Verify that packets are blocked in the same order regardless of the
direction.
"""
api = get_midonet_api()
service_port1 = BM.get_iface_for_port('bridge-000-001', 2)
service_port2 = BM.get_iface_for_port('bridge-000-001', 3)
fakesnort1 = FakeSnort(service_port1, "deadbeef")
fakesnort2 = FakeSnort(service_port2, "cafef00d")
try:
fakesnort1.run()
fakesnort2.run()
insertion_port1 = BM.get_iface_for_port('bridge-000-001', 1)
insertion_port2 = BM.get_iface_for_port('bridge-000-001', 4)
insertion1 = api.add_l2insertion()
insertion1.srv_port(service_port1.vport_id)
insertion1.port(insertion_port1.vport_id)
insertion1.position(1)
insertion1.fail_open(False)
insertion1.vlan(1)
insertion1.mac(insertion_port1.get_mac_addr())
insertion1.create()
insertion2 = api.add_l2insertion()
insertion2.srv_port(service_port2.vport_id)
insertion2.port(insertion_port1.vport_id)
insertion2.position(2)
insertion2.fail_open(False)
insertion2.vlan(2)
insertion2.mac(insertion_port1.get_mac_addr())
insertion2.create()
insertion3 = api.add_l2insertion()
insertion3.srv_port(service_port1.vport_id)
insertion3.port(insertion_port2.vport_id)
insertion3.position(1)
insertion3.fail_open(False)
insertion3.vlan(3)
insertion3.mac(insertion_port2.get_mac_addr())
insertion3.create()
insertion4 = api.add_l2insertion()
insertion4.srv_port(service_port2.vport_id)
insertion4.port(insertion_port2.vport_id)
insertion4.position(2)
insertion4.fail_open(False)
insertion4.vlan(4)
insertion4.mac(insertion_port2.get_mac_addr())
insertion4.create()
time.sleep(5)
rcv_filter = 'ip dst %s and icmp[icmptype] == 8' % insertion_port2.get_ip()
LOG.info("Sending good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10), count=2))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10), count=2))
f3 = async_assert_that(insertion_port2,
receives(rcv_filter, within_sec(10)))
ping_port(insertion_port1, insertion_port2, data="f00b4c")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(insertion_port1, insertion_port2,
data="deadbeef", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(insertion_port1, insertion_port2,
data="cafef00d", should_succeed=False)
wait_on_futures([f1, f2, f3])
finally:
fakesnort2.kill()
fakesnort1.kill()
def test_multi_l2insertion():
"""
Title: Multiple insertions on a port
2 L2 insertions on a port, each with a different bad pattern.
The bad packets matching the different patterns should be blocked at
different points.
Verify that packets are blocked in the same order regardless of the
direction.
"""
api = get_midonet_api()
service_port1 = BM.get_iface_for_port('bridge-000-001', 2)
service_port2 = BM.get_iface_for_port('bridge-000-001', 3)
fakesnort1 = FakeSnort(service_port1, "deadbeef")
fakesnort2 = FakeSnort(service_port2, "cafef00d")
try:
fakesnort1.run()
fakesnort2.run()
insertion_port = BM.get_iface_for_port('bridge-000-001', 1)
insertion1 = api.add_l2insertion()
insertion1.srv_port(service_port1.vport_id)
insertion1.port(insertion_port.vport_id)
insertion1.position(1)
insertion1.fail_open(False)
insertion1.vlan(1)
insertion1.mac(insertion_port.get_mac_addr())
insertion1.create()
insertion2 = api.add_l2insertion()
insertion2.srv_port(service_port2.vport_id)
insertion2.port(insertion_port.vport_id)
insertion2.position(2)
insertion2.fail_open(False)
insertion2.vlan(2)
insertion2.mac(insertion_port.get_mac_addr())
insertion2.create()
time.sleep(5)
rcv_filter = 'ether dst %s and icmp[icmptype] == 8' % insertion_port.get_mac_addr()
rcv_filter_ret = 'ether src %s and icmp[icmptype] == 8' % insertion_port.get_mac_addr()
other_port = BM.get_iface_for_port('bridge-000-001', 4)
LOG.info("Sending good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="deadbeef", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="cafef00d", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending another good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="beeff00d")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef the other way")
f1 = async_assert_that(service_port1,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
f3 = async_assert_that(other_port,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="deadbeef", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food the other way")
f1 = async_assert_that(service_port1,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter_ret, within_sec(10)))
f3 = async_assert_that(other_port,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="cafef00d", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending another good packet the other way")
f1 = async_assert_that(service_port1,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter_ret, within_sec(10)))
f3 = async_assert_that(other_port,
receives(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="beeff00d")
wait_on_futures([f1, f2, f3])
finally:
fakesnort1.kill()
fakesnort2.kill()
def test_l2insertion_fail_open():
"""
Title: Test insertions with fail open
2 L2 insertions on a port, each insertion with a different bad pattern.
One of the insertions is set to fail open.
Test both bad patterns can't get through.
Take down the fail open insertion.
Verify that that bad pattern can now get through.
Take down the non fail open insertion.
Verify that no traffic can get through.
Also verify both directions
"""
api = get_midonet_api()
service_port1 = BM.get_iface_for_port('bridge-000-001', 2)
service_port2 = BM.get_iface_for_port('bridge-000-001', 3)
fakesnort1 = FakeSnort(service_port1, "deadbeef")
fakesnort2 = FakeSnort(service_port2, "cafef00d")
try:
fakesnort1.run()
fakesnort2.run()
insertion_port = BM.get_iface_for_port('bridge-000-001', 1)
other_port = BM.get_iface_for_port('bridge-000-001', 4)
insertion1 = api.add_l2insertion()
insertion1.srv_port(service_port1.vport_id)
insertion1.port(insertion_port.vport_id)
insertion1.position(1)
insertion1.fail_open(True)
insertion1.vlan(1)
insertion1.mac(insertion_port.get_mac_addr())
insertion1.create()
insertion2 = api.add_l2insertion()
insertion2.srv_port(service_port2.vport_id)
insertion2.port(insertion_port.vport_id)
insertion2.position(2)
insertion2.fail_open(False)
insertion2.vlan(2)
insertion2.mac(insertion_port.get_mac_addr())
insertion2.create()
time.sleep(5)
rcv_filter = 'ip dst %s and icmp[icmptype] == 8' % insertion_port.get_ip(
)
rcv_filter_ret = 'ip src %s and icmp[icmptype] == 8' % insertion_port.get_ip(
)
LOG.info("Sending good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port,
insertion_port,
data="deadbeef",
should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port,
insertion_port,
data="cafef00d",
should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef the other way")
f1 = async_assert_that(service_port1,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(
service_port2, should_NOT_receive(rcv_filter_ret, within_sec(10)))
f3 = async_assert_that(
other_port, should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port,
other_port,
data="deadbeef",
should_succeed=False)
wait_on_futures([f1, f2, f3])
set_interface_admin_down(service_port1)
time.sleep(5) # give midolman a chance to see it
LOG.info("Sending dead beef again")
f1 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="deadbeef")
wait_on_futures([f1, f2])
LOG.info("Sending dead beef the other way again")
f1 = async_assert_that(service_port2,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(other_port,
receives(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="deadbeef")
wait_on_futures([f1, f2])
LOG.info("Sending cafe food again")
f1 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port,
insertion_port,
data="cafef00d",
should_succeed=False)
wait_on_futures([f1, f2])
set_interface_admin_down(service_port2)
time.sleep(5)
# nothing should get through
LOG.info("Sending good packet")
f1 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port,
insertion_port,
data="f00b4c",
should_succeed=False)
wait_on_futures([f1])
LOG.info("Sending good packet the other way")
f1 = async_assert_that(
other_port, should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port,
other_port,
data="f00b4c",
should_succeed=False)
wait_on_futures([f1])
finally:
fakesnort2.kill()
fakesnort1.kill()
def test_basic_l2insertion():
"""
Title: Basic insertion functionallity
L2Service insertion on 1, which redirects traffic through port 3.
Good traffic should go through. Traffic that matches the bad pattern
should be dropped.
"""
api = get_midonet_api()
service_port = BM.get_iface_for_port('bridge-000-001', 2)
fakesnort = FakeSnort(service_port, "deadbeef")
fakesnort.run()
try:
insertion_port = BM.get_iface_for_port('bridge-000-001', 1)
insertion = api.add_l2insertion()
insertion.srv_port(service_port.vport_id)
insertion.port(insertion_port.vport_id)
insertion.position(1)
insertion.fail_open(False)
insertion.mac(insertion_port.get_mac_addr())
insertion.create()
time.sleep(5)
other_port = BM.get_iface_for_port('bridge-000-001', 3)
rcv_filter = 'ether dst %s and icmp[icmptype] == 8' % insertion_port.get_mac_addr(
)
rcv_filter_ret = 'ether src %s and icmp[icmptype] == 8' % insertion_port.get_mac_addr(
)
LOG.info("Sending good packet")
f1 = async_assert_that(service_port,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port,
insertion_port,
data="deadbeef",
should_succeed=False)
wait_on_futures([f1, f2])
LOG.info("Sending another good packet")
f1 = async_assert_that(service_port,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2])
LOG.info("Sending bad packet the other way")
f1 = async_assert_that(service_port,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(
other_port, should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port,
other_port,
data="deadbeef",
should_succeed=False)
wait_on_futures([f1, f2])
LOG.info("Sending good packet the other way")
f1 = async_assert_that(service_port,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(other_port,
receives(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="b00f00")
wait_on_futures([f1, f2])
finally:
fakesnort.kill()
def test_multi_l2insertion():
"""
Title: Multiple insertions on a port
2 L2 insertions on a port, each with a different bad pattern.
The bad packets matching the different patterns should be blocked at
different points.
Verify that packets are blocked in the same order regardless of the
direction.
"""
api = get_midonet_api()
service_port1 = BM.get_iface_for_port('bridge-000-001', 2)
service_port2 = BM.get_iface_for_port('bridge-000-001', 3)
fakesnort1 = FakeSnort(service_port1, "deadbeef")
fakesnort2 = FakeSnort(service_port2, "cafef00d")
try:
fakesnort1.run()
fakesnort2.run()
insertion_port = BM.get_iface_for_port('bridge-000-001', 1)
insertion1 = api.add_l2insertion()
insertion1.srv_port(service_port1.vport_id)
insertion1.port(insertion_port.vport_id)
insertion1.position(1)
insertion1.fail_open(False)
insertion1.vlan(1)
insertion1.mac(insertion_port.get_mac_addr())
insertion1.create()
insertion2 = api.add_l2insertion()
insertion2.srv_port(service_port2.vport_id)
insertion2.port(insertion_port.vport_id)
insertion2.position(2)
insertion2.fail_open(False)
insertion2.vlan(2)
insertion2.mac(insertion_port.get_mac_addr())
insertion2.create()
time.sleep(5)
rcv_filter = 'ether dst %s and icmp[icmptype] == 8' % insertion_port.get_mac_addr(
)
rcv_filter_ret = 'ether src %s and icmp[icmptype] == 8' % insertion_port.get_mac_addr(
)
other_port = BM.get_iface_for_port('bridge-000-001', 4)
LOG.info("Sending good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port,
insertion_port,
data="deadbeef",
should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port,
insertion_port,
data="cafef00d",
should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending another good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="beeff00d")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef the other way")
f1 = async_assert_that(service_port1,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(
service_port2, should_NOT_receive(rcv_filter_ret, within_sec(10)))
f3 = async_assert_that(
other_port, should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port,
other_port,
data="deadbeef",
should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food the other way")
f1 = async_assert_that(service_port1,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter_ret, within_sec(10)))
f3 = async_assert_that(
other_port, should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port,
other_port,
data="cafef00d",
should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending another good packet the other way")
f1 = async_assert_that(service_port1,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter_ret, within_sec(10)))
f3 = async_assert_that(other_port,
receives(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="beeff00d")
wait_on_futures([f1, f2, f3])
finally:
fakesnort1.kill()
fakesnort2.kill()
def test_basic_l2insertion():
"""
Title: Basic insertion functionallity
L2Service insertion on 1, which redirects traffic through port 3.
Good traffic should go through. Traffic that matches the bad pattern
should be dropped.
"""
api = get_midonet_api()
service_port = BM.get_iface_for_port('bridge-000-001', 2)
fakesnort = FakeSnort(service_port, "deadbeef")
fakesnort.run()
try:
insertion_port = BM.get_iface_for_port('bridge-000-001', 1)
insertion = api.add_l2insertion()
insertion.srv_port(service_port.vport_id)
insertion.port(insertion_port.vport_id)
insertion.position(1)
insertion.fail_open(False)
insertion.mac(insertion_port.get_mac_addr())
insertion.create()
time.sleep(5)
other_port = BM.get_iface_for_port('bridge-000-001', 3)
rcv_filter = 'ether dst %s and icmp[icmptype] == 8' % insertion_port.get_mac_addr()
rcv_filter_ret = 'ether src %s and icmp[icmptype] == 8' % insertion_port.get_mac_addr()
LOG.info("Sending good packet")
f1 = async_assert_that(service_port,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="deadbeef",
should_succeed=False)
wait_on_futures([f1, f2])
LOG.info("Sending another good packet")
f1 = async_assert_that(service_port,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2])
LOG.info("Sending bad packet the other way")
f1 = async_assert_that(service_port,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(other_port,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="deadbeef",
should_succeed=False)
wait_on_futures([f1, f2])
LOG.info("Sending good packet the other way")
f1 = async_assert_that(service_port,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(other_port,
receives(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="b00f00")
wait_on_futures([f1, f2])
finally:
fakesnort.kill()
def test_l2insertion_with_flowstate():
"""
Title: Test insertions with flow state
2 L2 insertions on a port, each with a different bad pattern.
Packets are sent over DNAT so that flow state is generated and necessary to
return the packet.
The bad packets matching the different patterns should be blocked at
different points.
Verify that packets are blocked in the same order regardless of the
direction.
"""
api = get_midonet_api()
router = VTM.get_router('router-000-001')
conntrack_filter = VTM.get_chain('conntrack_filter_001')
router.set_inbound_filter(conntrack_filter)
# Sleep here to make sure that the settings have been propagated.
time.sleep(5)
service_port1 = BM.get_iface_for_port('bridge-000-001', 2)
service_port2 = BM.get_iface_for_port('bridge-000-001', 3)
fakesnort1 = FakeSnort(service_port1, "deadbeef")
fakesnort2 = FakeSnort(service_port2, "cafef00d")
try:
fakesnort1.run()
fakesnort2.run()
insertion_port = BM.get_iface_for_port('bridge-000-001', 1)
other_port = BM.get_iface_for_port('bridge-000-002', 1)
insertion1 = api.add_l2insertion()
insertion1.srv_port(service_port1.vport_id)
insertion1.port(insertion_port.vport_id)
insertion1.position(1)
insertion1.fail_open(False)
insertion1.vlan(1)
insertion1.mac(insertion_port.get_mac_addr())
insertion1.create()
insertion2 = api.add_l2insertion()
insertion2.srv_port(service_port2.vport_id)
insertion2.port(insertion_port.vport_id)
insertion2.position(2)
insertion2.fail_open(False)
insertion2.vlan(2)
insertion2.mac(insertion_port.get_mac_addr())
insertion2.create()
time.sleep(5)
rcv_filter = 'ip dst %s and icmp[icmptype] == 8' % insertion_port.get_ip(
)
rcv_filter_ret = 'ip src %s and icmp[icmptype] == 8' % insertion_port.get_ip(
)
LOG.info("Sending good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port,
insertion_port,
data="deadbeef",
should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port,
insertion_port,
data="cafef00d",
should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending another good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="beeff00d")
wait_on_futures([f1, f2, f3])
finally:
fakesnort1.kill()
fakesnort2.kill()
def test_l2insertion_with_flowstate():
"""
Title: Test insertions with flow state
2 L2 insertions on a port, each with a different bad pattern.
Packets are sent over DNAT so that flow state is generated and necessary to
return the packet.
The bad packets matching the different patterns should be blocked at
different points.
Verify that packets are blocked in the same order regardless of the
direction.
"""
api = get_midonet_api()
router = VTM.get_router('router-000-001')
conntrack_filter = VTM.get_chain('conntrack_filter_001')
router.set_inbound_filter(conntrack_filter)
# Sleep here to make sure that the settings have been propagated.
time.sleep(5)
service_port1 = BM.get_iface_for_port('bridge-000-001', 2)
service_port2 = BM.get_iface_for_port('bridge-000-001', 3)
fakesnort1 = FakeSnort(service_port1, "deadbeef")
fakesnort2 = FakeSnort(service_port2, "cafef00d")
try:
fakesnort1.run()
fakesnort2.run()
insertion_port = BM.get_iface_for_port('bridge-000-001', 1)
other_port = BM.get_iface_for_port('bridge-000-002', 1)
insertion1 = api.add_l2insertion()
insertion1.srv_port(service_port1.vport_id)
insertion1.port(insertion_port.vport_id)
insertion1.position(1)
insertion1.fail_open(False)
insertion1.vlan(1)
insertion1.mac(insertion_port.get_mac_addr())
insertion1.create()
insertion2 = api.add_l2insertion()
insertion2.srv_port(service_port2.vport_id)
insertion2.port(insertion_port.vport_id)
insertion2.position(2)
insertion2.fail_open(False)
insertion2.vlan(2)
insertion2.mac(insertion_port.get_mac_addr())
insertion2.create()
time.sleep(5)
rcv_filter = 'ip dst %s and icmp[icmptype] == 8' % insertion_port.get_ip()
LOG.info("Sending good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port,
data="deadbeef", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port,
data="cafef00d", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending another good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="beeff00d")
wait_on_futures([f1, f2, f3])
finally:
fakesnort1.kill()
fakesnort2.kill()
def test_l2insertion_both_ends_protected():
"""
Title: Test insertions with both ends protected
2 L2 insertions on 2 ports, each insertion with a different bad pattern.
The bad packets matching the different patterns should be blocked at
different insertions depending on the direction of the packet.
Verify that packets are blocked in the same order regardless of the
direction.
"""
api = get_midonet_api()
service_port1 = BM.get_iface_for_port('bridge-000-001', 2)
service_port2 = BM.get_iface_for_port('bridge-000-001', 3)
fakesnort1 = FakeSnort(service_port1, "deadbeef")
fakesnort2 = FakeSnort(service_port2, "cafef00d")
try:
fakesnort1.run()
fakesnort2.run()
insertion_port1 = BM.get_iface_for_port('bridge-000-001', 1)
insertion_port2 = BM.get_iface_for_port('bridge-000-001', 4)
insertion1 = api.add_l2insertion()
insertion1.srv_port(service_port1.vport_id)
insertion1.port(insertion_port1.vport_id)
insertion1.position(1)
insertion1.fail_open(False)
insertion1.vlan(1)
insertion1.mac(insertion_port1.get_mac_addr())
insertion1.create()
insertion2 = api.add_l2insertion()
insertion2.srv_port(service_port2.vport_id)
insertion2.port(insertion_port1.vport_id)
insertion2.position(2)
insertion2.fail_open(False)
insertion2.vlan(2)
insertion2.mac(insertion_port1.get_mac_addr())
insertion2.create()
insertion3 = api.add_l2insertion()
insertion3.srv_port(service_port1.vport_id)
insertion3.port(insertion_port2.vport_id)
insertion3.position(1)
insertion3.fail_open(False)
insertion3.vlan(3)
insertion3.mac(insertion_port2.get_mac_addr())
insertion3.create()
insertion4 = api.add_l2insertion()
insertion4.srv_port(service_port2.vport_id)
insertion4.port(insertion_port2.vport_id)
insertion4.position(2)
insertion4.fail_open(False)
insertion4.vlan(4)
insertion4.mac(insertion_port2.get_mac_addr())
insertion4.create()
time.sleep(5)
rcv_filter = 'ip dst %s and icmp[icmptype] == 8' % insertion_port2.get_ip(
)
rcv_filter_ret = 'ip src %s and icmp[icmptype] == 8' % insertion_port2.get_ip(
)
LOG.info("Sending good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10), count=2))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10), count=2))
f3 = async_assert_that(insertion_port2,
receives(rcv_filter, within_sec(10)))
ping_port(insertion_port1, insertion_port2, data="f00b4c")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(insertion_port1,
insertion_port2,
data="deadbeef",
should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(insertion_port1,
insertion_port2,
data="cafef00d",
should_succeed=False)
wait_on_futures([f1, f2, f3])
finally:
fakesnort2.kill()
fakesnort1.kill()
def test_l2insertion_fail_open():
"""
Title: Test insertions with fail open
2 L2 insertions on a port, each insertion with a different bad pattern.
One of the insertions is set to fail open.
Test both bad patterns can't get through.
Take down the fail open insertion.
Verify that that bad pattern can now get through.
Take down the non fail open insertion.
Verify that no traffic can get through.
Also verify both directions
"""
api = get_midonet_api()
service_port1 = BM.get_iface_for_port('bridge-000-001', 2)
service_port2 = BM.get_iface_for_port('bridge-000-001', 3)
fakesnort1 = FakeSnort(service_port1, "deadbeef")
fakesnort2 = FakeSnort(service_port2, "cafef00d")
try:
fakesnort1.run()
fakesnort2.run()
insertion_port = BM.get_iface_for_port('bridge-000-001', 1)
other_port = BM.get_iface_for_port('bridge-000-001', 4)
insertion1 = api.add_l2insertion()
insertion1.srv_port(service_port1.vport_id)
insertion1.port(insertion_port.vport_id)
insertion1.position(1)
insertion1.fail_open(True)
insertion1.vlan(1)
insertion1.mac(insertion_port.get_mac_addr())
insertion1.create()
insertion2 = api.add_l2insertion()
insertion2.srv_port(service_port2.vport_id)
insertion2.port(insertion_port.vport_id)
insertion2.position(2)
insertion2.fail_open(False)
insertion2.vlan(2)
insertion2.mac(insertion_port.get_mac_addr())
insertion2.create()
time.sleep(5)
rcv_filter = 'ip dst %s and icmp[icmptype] == 8' % insertion_port.get_ip()
rcv_filter_ret = 'ip src %s and icmp[icmptype] == 8' % insertion_port.get_ip()
LOG.info("Sending good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port,
data="deadbeef", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port,
data="cafef00d", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef the other way")
f1 = async_assert_that(service_port1,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
f3 = async_assert_that(other_port,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port,
data="deadbeef", should_succeed=False)
wait_on_futures([f1, f2, f3])
set_interface_admin_down(service_port1)
time.sleep(5) # give midolman a chance to see it
LOG.info("Sending dead beef again")
f1 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="deadbeef")
wait_on_futures([f1, f2])
LOG.info("Sending dead beef the other way again")
f1 = async_assert_that(service_port2,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(other_port,
receives(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="deadbeef")
wait_on_futures([f1, f2])
LOG.info("Sending cafe food again")
f1 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port,
data="cafef00d", should_succeed=False)
wait_on_futures([f1, f2])
set_interface_admin_down(service_port2)
time.sleep(5)
# nothing should get through
LOG.info("Sending good packet")
f1 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port,
data="f00b4c", should_succeed=False)
wait_on_futures([f1])
LOG.info("Sending good packet the other way")
f1 = async_assert_that(other_port,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port,
data="f00b4c", should_succeed=False)
wait_on_futures([f1])
finally:
fakesnort2.kill()
fakesnort1.kill()
def __init__(self, filename=None, data=None, midonet_api=None):
self._data = self._get_data(filename, data)
if not midonet_api:
self._api = get_midonet_api()
