def _create_policy_to_reply_arp_request(self):
ignore_action = app_testing_objects.IgnoreAction()
key1 = (self.subnet.subnet_id, self.port.port_id)
port_policies = {
key1: app_testing_objects.PortPolicy(
rules=[
app_testing_objects.PortPolicyRule(
# Detect arp requests
app_testing_objects.OsKenARPRequestFilter(
self.allowed_address_pair_ip_address
),
actions=[
app_testing_objects.SendAction(
self.subnet.subnet_id,
self.port.port_id,
self._create_arp_response
),
app_testing_objects.WaitAction(5),
app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction()
]
)
],
default_action=ignore_action
),
}
return port_policies
def _create_icmp_test_port_policies(self, icmp_filter):
ignore_action = app_testing_objects.IgnoreAction()
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
key = (self.subnet.subnet_id, self.port.port_id)
rules = [
app_testing_objects.PortPolicyRule(
# Detect ICMP, end simulation
icmp_filter(self._get_ip),
actions=[app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction()]
),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.RyuARPGratuitousFilter(),
actions=[
ignore_action
]
),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[
ignore_action
]
),
]
policy = app_testing_objects.PortPolicy(
rules=rules,
default_action=raise_action
)
return {key: policy}
def _create_extra_route_policies(self, nexthop_port):
ignore_action = app_testing_objects.IgnoreAction()
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
rules = [
app_testing_objects.PortPolicyRule(
# The nexthop lport should get the icmp echo request whose
# destination is the cidr of extra route.
app_testing_objects.RyuICMPPingFilter(self._get_ping),
actions=[
app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction()
]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.RyuARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
policy = app_testing_objects.PortPolicy(rules=rules,
default_action=raise_action)
key = (self.subnet1.subnet_id, nexthop_port.port_id)
return {key: policy}
def _create_port_policies(self, disable_rule=True):
ignore_action = app_testing_objects.IgnoreAction()
key1 = (self.subnet1.subnet_id, self.port1.port_id)
actions = [
app_testing_objects.SendAction(self.subnet1.subnet_id,
self.port1.port_id,
self._create_dhcp_request)
]
if disable_rule:
actions.append(app_testing_objects.DisableRuleAction())
rules1 = [
app_testing_objects.PortPolicyRule(
# Detect dhcp offer
app_testing_objects.RyuDHCPOfferFilter(),
actions),
app_testing_objects.PortPolicyRule(
# Detect dhcp acknowledge
app_testing_objects.RyuDHCPAckFilter(),
actions=[
app_testing_objects.DisableRuleAction(),
app_testing_objects.WaitAction(5),
app_testing_objects.SendAction(
self.subnet1.subnet_id, self.port1.port_id,
self._create_dhcp_renewal_request),
]),
app_testing_objects.PortPolicyRule(
# Detect dhcp acknowledge
app_testing_objects.RyuDHCPAckFilter(),
actions=[
app_testing_objects.StopSimulationAction(),
app_testing_objects.DisableRuleAction()
]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
key2 = (self.subnet1.subnet_id, self.port2.port_id)
rules2 = [
app_testing_objects.PortPolicyRule(
# Detect arp replies
app_testing_objects.RyuDHCPFilter(),
actions=[
app_testing_objects.RaiseAction("Received DHCP packet")
]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
policy1 = app_testing_objects.PortPolicy(rules=rules1,
default_action=raise_action)
policy2 = app_testing_objects.PortPolicy(rules=rules2,
default_action=raise_action)
return {
key1: policy1,
key2: policy2,
}
def _create_port_policies(self):
ignore_action = app_testing_objects.IgnoreAction()
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
key1 = (self.subnet1.subnet_id, self.port1.port_id)
actions = [
app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction()
]
rules1 = [
app_testing_objects.PortPolicyRule(
# Detect pong, end simulation
app_testing_objects.OsKenICMPPongFilter(self._get_ping),
actions=actions),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.OsKenARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.OsKenIPv6Filter(),
actions=[ignore_action]),
]
policy1 = app_testing_objects.PortPolicy(rules=rules1,
default_action=raise_action)
return {
key1: policy1,
}
def setUp(self):
super(TestArpResponder, self).setUp()
self.topology = None
self.policy = None
try:
self.topology = app_testing_objects.Topology(
self.neutron,
self.nb_api)
subnet1 = self.topology.create_subnet(cidr='192.168.10.0/24')
port1 = subnet1.create_port()
port2 = subnet1.create_port()
time.sleep(test_utils.DEFAULT_CMD_TIMEOUT)
# Create policy
arp_packet = self._create_arp_request(
src_port=port1.port.get_logical_port(),
dst_port=port2.port.get_logical_port(),
)
send_arp_request = app_testing_objects.SendAction(
subnet1.subnet_id,
port1.port_id,
str(arp_packet),
)
ignore_action = app_testing_objects.IgnoreAction()
log_action = app_testing_objects.LogAction()
key1 = (subnet1.subnet_id, port1.port_id)
port_policies = {
key1: app_testing_objects.PortPolicy(
rules=[
app_testing_objects.PortPolicyRule(
# Detect arp replies
app_testing_objects.RyuARPReplyFilter(),
actions=[
log_action,
app_testing_objects.StopSimulationAction()
]
),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[
ignore_action
]
),
],
default_action=app_testing_objects.RaiseAction(
"Unexpected packet"
)
),
}
self.policy = app_testing_objects.Policy(
initial_actions=[send_arp_request],
port_policies=port_policies,
unknown_port_action=ignore_action
)
except Exception:
if self.topology:
self.topology.close()
raise
self.store(self.topology)
self.store(self.policy)
def setUp(self):
super(TestNeighborAdvertiser, self).setUp()
self.topology = None
self.policy = None
# Disable Duplicate Address Detection requests from the interface
self.dad_conf = utils.execute(
['sysctl', '-n', 'net.ipv6.conf.default.accept_dad'])
utils.execute(['sysctl', '-w', 'net.ipv6.conf.default.accept_dad=0'],
run_as_root=True)
# Disable Router Solicitation requests from the interface
self.router_solicit_conf = utils.execute(
['sysctl', '-n', 'net.ipv6.conf.default.router_solicitations'])
utils.execute(
['sysctl', '-w', 'net.ipv6.conf.default.router_solicitations=0'],
run_as_root=True)
self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
self.addCleanup(self.topology.close)
subnet1 = self.topology.create_subnet(cidr='1111:1111:1111::/64')
port1 = subnet1.create_port()
port2 = subnet1.create_port()
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
# Create Neighbor Solicitation packet
ns_packet = self._create_ns_request(
src_port=port1.port.get_logical_port(),
dst_port=port2.port.get_logical_port(),
)
send_ns_request = app_testing_objects.SendAction(
subnet1.subnet_id,
port1.port_id,
ns_packet,
)
ignore_action = app_testing_objects.IgnoreAction()
log_action = app_testing_objects.LogAction()
key1 = (subnet1.subnet_id, port1.port_id)
adv_filter = app_testing_objects.RyuNeighborAdvertisementFilter()
port_policies = {
key1:
app_testing_objects.PortPolicy(
rules=[
app_testing_objects.PortPolicyRule(
# Detect advertisements
adv_filter,
actions=[
log_action,
app_testing_objects.StopSimulationAction()
]),
app_testing_objects.PortPolicyRule(
# Filter local VM's Multicast requests
app_testing_objects.RyuIpv6MulticastFilter(),
actions=[ignore_action])
],
default_action=app_testing_objects.RaiseAction(
"Unexpected packet")),
}
self.policy = app_testing_objects.Policy(
initial_actions=[send_ns_request],
port_policies=port_policies,
unknown_port_action=ignore_action)
self.addCleanup(self.policy.close)
def _create_port_policies(self):
key = (self.subnet.subnet_id, self.port2.port_id)
# when port2 receive both two packets (one using vm fixed ip and mac,
# another using one of the allowed address pairs),
# stop this simulation.
count_action = app_testing_objects.CountAction(
2, app_testing_objects.StopSimulationAction()
)
rules = [
app_testing_objects.PortPolicyRule(
app_testing_objects.OsKenICMPPingFilter(
self._get_ping_using_vm_ip_mac, self.ethertype),
actions=[
count_action,
app_testing_objects.DisableRuleAction(),
]
),
app_testing_objects.PortPolicyRule(
app_testing_objects.OsKenICMPPingFilter(
self._get_ping_using_allowed_address_pair_ip_mac,
self.ethertype),
actions=[
count_action,
app_testing_objects.DisableRuleAction(),
]
),
app_testing_objects.PortPolicyRule(
app_testing_objects.OsKenICMPPingFilter(
self._get_ping_using_fake_ip, self.ethertype),
actions=[
app_testing_objects.RaiseAction("a packet with a fake "
"ip passed")
]
),
app_testing_objects.PortPolicyRule(
app_testing_objects.OsKenICMPPingFilter(
self._get_ping_using_fake_mac, self.ethertype),
actions=[
app_testing_objects.RaiseAction("a packet with a fake "
"mac passed")
]
)
]
rules += self._get_filtering_rules()
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
policy = app_testing_objects.PortPolicy(
rules=rules,
default_action=raise_action
)
return {
key: policy
}
def _create_port_policies(self):
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
key1 = (self.subnet.subnet_id, self.permit_port.port_id)
rules1 = [
app_testing_objects.PortPolicyRule(
# Detect pong, end simulation
app_testing_objects.RyuICMPPongFilter(
self.permit_icmp_request, ethertype=self.ethertype),
actions=[
app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction(),
]),
]
key2 = (self.subnet.subnet_id, self.no_permit_port.port_id)
rules2 = [
app_testing_objects.PortPolicyRule(
# Detect pong, raise unexpected packet exception
app_testing_objects.RyuICMPPongFilter(
self.no_permit_icmp_request, self.ethertype),
actions=[raise_action]),
]
key3 = (self.subnet.subnet_id, self.port3.port_id)
rules3 = [
app_testing_objects.PortPolicyRule(
# Detect ping from port1, reply with pong
app_testing_objects.RyuICMPPingFilter(self.permit_icmp_request,
self.ethertype),
actions=[
app_testing_objects.SendAction(self.subnet.subnet_id,
self.port3.port_id,
self._create_pong_packet),
app_testing_objects.DisableRuleAction(),
]),
app_testing_objects.PortPolicyRule(
# Detect ping from port2, raise unexpected packet exception
app_testing_objects.RyuICMPPingFilter(
self.no_permit_icmp_request, self.ethertype),
actions=[raise_action])
]
filtering_rules = self._get_filtering_rules()
rules1 += filtering_rules
rules3 += filtering_rules
rules2 += filtering_rules
policy1 = app_testing_objects.PortPolicy(rules=rules1,
default_action=raise_action)
policy2 = app_testing_objects.PortPolicy(rules=rules2,
default_action=raise_action)
policy3 = app_testing_objects.PortPolicy(rules=rules3,
default_action=raise_action)
return {key1: policy1, key2: policy2, key3: policy3}
def _create_port_policies(self):
ignore_action = app_testing_objects.IgnoreAction()
key = (self.subnet.subnet_id, self.port2.port_id)
# when port2 receive both two packets (one using vm fixed ip and mac,
# another using one of the allowed address pairs),
# stop this simulation.
count_action = app_testing_objects.CountAction(
2, app_testing_objects.StopSimulationAction())
rules = [
app_testing_objects.PortPolicyRule(
app_testing_objects.RyuICMPPingFilter(
self._get_ping_using_vm_ip_mac),
actions=[
count_action,
app_testing_objects.DisableRuleAction(),
]),
app_testing_objects.PortPolicyRule(
app_testing_objects.RyuICMPPingFilter(
self._get_ping_using_allowed_address_pair_ip_mac),
actions=[
count_action,
app_testing_objects.DisableRuleAction(),
]),
app_testing_objects.PortPolicyRule(
app_testing_objects.RyuICMPPingFilter(
self._get_ping_using_fake_ip),
actions=[
app_testing_objects.RaiseAction("a packet with a fake "
"ip passed")
]),
app_testing_objects.PortPolicyRule(
app_testing_objects.RyuICMPPingFilter(
self._get_ping_using_fake_mac),
actions=[
app_testing_objects.RaiseAction("a packet with a fake "
"mac passed")
]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.RyuARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
policy = app_testing_objects.PortPolicy(rules=rules,
default_action=raise_action)
return {key: policy}
def _create_port_policies(self):
ignore_action = app_testing_objects.IgnoreAction()
key1 = (self.subnet1.subnet_id, self.port1.port_id)
rules1 = [
app_testing_objects.PortPolicyRule(
# Detect pong, end simulation
app_testing_objects.RyuICMPPongFilter(self._get_ping),
actions=[
app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction(),
]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.RyuARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
key2 = (self.subnet2.subnet_id, self.port2.port_id)
rules2 = [
app_testing_objects.PortPolicyRule(
# Detect ping, reply with pong
app_testing_objects.RyuICMPPingFilter(),
actions=[
app_testing_objects.SendAction(self.subnet2.subnet_id,
self.port2.port_id,
self._create_pong_packet),
app_testing_objects.DisableRuleAction(),
]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.RyuARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
policy1 = app_testing_objects.PortPolicy(rules=rules1,
default_action=raise_action)
policy2 = app_testing_objects.PortPolicy(rules=rules2,
default_action=raise_action)
return {
key1: policy1,
key2: policy2,
}
def test_sfc(self):
initial_packet = self._get_bytes(
self._gen_ethernet() / self._gen_ipv4(proto=inet.IPPROTO_UDP) /
self._gen_udp(src_port=SRC_PORT, dst_port=DST_PORT) / ('0' * 64))
final_packet = self._get_bytes(
self._gen_ethernet() / self._gen_ipv4(proto=inet.IPPROTO_UDP) /
self._gen_udp(src_port=SRC_PORT, dst_port=DST_PORT) /
('{len}'.format(len=len(self.layout)) * 64))
fc = self.store(
objects.FlowClassifierTestObj(self.neutron, self.nb_api), )
fc.create({'logical_source_port': self.src_port.port.port_id}, )
pc = self._create_pc(fc, self.layout)
time.sleep(_QUICK_RESOURCE_READY_TIMEOUT)
dst_key = (self.subnet.subnet_id, self.dst_port.port_id)
port_policies = {
dst_key:
app_testing_objects.PortPolicy(
rules=[
app_testing_objects.PortPolicyRule(
app_testing_objects.ExactMatchFilter(final_packet),
actions=[app_testing_objects.StopSimulationAction()],
),
],
default_action=app_testing_objects.IgnoreAction(),
),
}
port_policies.update(self._create_port_policies(pc))
policy = self.store(
app_testing_objects.Policy(
initial_actions=[
app_testing_objects.SendAction(
self.subnet.subnet_id,
self.src_port.port_id,
initial_packet,
),
],
port_policies=port_policies,
unknown_port_action=app_testing_objects.LogAction()), )
policy.start(self.topology)
policy.wait(10)
if policy.exceptions:
raise policy.exceptions[0]
def _create_allowed_address_pairs_port_policies(self):
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
key = (self.subnet.subnet_id, self.port3.port_id)
rules = [
app_testing_objects.PortPolicyRule(
# Detect ping from port4, end the test
app_testing_objects.RyuICMPPingFilter(
self._get_allowed_address_pairs_icmp_request,
self.ethertype),
actions=[
app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction()
]),
]
filtering_rules = self._get_filtering_rules()
rules += filtering_rules
policy1 = app_testing_objects.PortPolicy(rules=rules,
default_action=raise_action)
return {
key: policy1,
}
def test_fc(self):
fc = self.store(
objects.FlowClassifierTestObj(self.neutron, self.nb_api), )
fc.create(self._fc_params)
pc = self._create_pc(fc, [1])
time.sleep(_QUICK_RESOURCE_READY_TIMEOUT)
dst_key = (self.subnet.subnet_id, self.dst_port.port_id)
port_policies = {
dst_key:
app_testing_objects.PortPolicy(
rules=[
app_testing_objects.PortPolicyRule(
app_testing_objects.ExactMatchFilter(
self._final_packet, ),
actions=[app_testing_objects.StopSimulationAction()],
),
],
default_action=app_testing_objects.IgnoreAction(),
),
}
port_policies.update(self._create_port_policies(pc))
policy = self.store(
app_testing_objects.Policy(
initial_actions=[
app_testing_objects.SendAction(
self.subnet.subnet_id,
self.src_port.port_id,
self._initial_packet,
),
],
port_policies=port_policies,
unknown_port_action=app_testing_objects.LogAction()), )
policy.start(self.topology)
policy.wait(10)
if policy.exceptions:
raise policy.exceptions[0]
def _create_port_policies(self, disable_rule=True):
ignore_action = app_testing_objects.IgnoreAction()
key1 = (self.subnet1.subnet_id, self.port1.port_id)
actions = [
app_testing_objects.SendAction(self.subnet1.subnet_id,
self.port1.port_id,
self._create_dhcp_request)
]
if disable_rule:
actions.append(app_testing_objects.DisableRuleAction())
testclass = self
class DHCPAckFilterVerifiesMTU(app_testing_objects.RyuDHCPAckFilter):
def __init__(self, expected_mtu):
super(DHCPAckFilterVerifiesMTU, self).__init__()
self.expected_mtu = expected_mtu
def __call__(self, buf):
result = super(DHCPAckFilterVerifiesMTU, self).__call__(buf)
if not result:
return result
pkt = ryu.lib.packet.packet.Packet(buf)
pkt_dhcp_protocol = pkt.get_protocol(dhcp.dhcp)
for option in pkt_dhcp_protocol.options.option_list:
if option.tag == dhcp.DHCP_INTERFACE_MTU_OPT:
mtu = struct.unpack('!H', option.value)
testclass.assertEqual((self.expected_mtu, ), mtu)
return result
lport1 = self.port1.port.get_logical_port()
lswitch_ref = lport1.lswitch
lswitch = self.nb_api.get(lswitch_ref)
expected_mtu = lswitch.mtu
rules1 = [
app_testing_objects.PortPolicyRule(
# Detect dhcp offer
app_testing_objects.RyuDHCPOfferFilter(),
actions),
app_testing_objects.PortPolicyRule(
# Detect dhcp acknowledge
DHCPAckFilterVerifiesMTU(expected_mtu),
actions=[
app_testing_objects.DisableRuleAction(),
app_testing_objects.WaitAction(5),
app_testing_objects.SendAction(
self.subnet1.subnet_id, self.port1.port_id,
self._create_dhcp_renewal_request),
]),
app_testing_objects.PortPolicyRule(
# Detect dhcp acknowledge
DHCPAckFilterVerifiesMTU(expected_mtu),
actions=[
app_testing_objects.StopSimulationAction(),
app_testing_objects.DisableRuleAction()
]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
key2 = (self.subnet1.subnet_id, self.port2.port_id)
rules2 = [
app_testing_objects.PortPolicyRule(
# Detect arp replies
app_testing_objects.RyuDHCPFilter(),
actions=[
app_testing_objects.RaiseAction("Received DHCP packet")
]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
policy1 = app_testing_objects.PortPolicy(rules=rules1,
default_action=raise_action)
policy2 = app_testing_objects.PortPolicy(rules=rules2,
default_action=raise_action)
return {
key1: policy1,
key2: policy2,
}
def test_icmp_ping_pong(self):
# Setup base components - two ports on 1 network
self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
self.addCleanup(self.topology.close)
self.subnet1 = self.topology.create_subnet(cidr='192.168.12.0/24')
self.port1 = self.subnet1.create_port()
self.port2 = self.subnet1.create_port()
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
# Setup VLAN ports
self.network = objects.NetworkTestObj(self.neutron, self.nb_api)
self.addCleanup(self.network.close)
self.network.create()
self.subnet = objects.SubnetTestObj(self.neutron,
self.nb_api,
network_id=self.network.network_id)
self.addCleanup(self.subnet.close)
self.subnet.create()
self.vlan_port1 = objects.PortTestObj(
self.neutron, self.nb_api, network_id=self.network.network_id)
self.addCleanup(self.vlan_port1.close)
self.vlan_port1.create()
self.vlan_port2 = objects.PortTestObj(
self.neutron, self.nb_api, network_id=self.network.network_id)
self.addCleanup(self.vlan_port2.close)
self.vlan_port2.create()
self.cps1 = objects.ChildPortSegmentationTestObj(
self.neutron, self.nb_api)
self.addCleanup(self.cps1.close)
self.cps1.create(self.port1.port.port_id, self.vlan_port1.port_id,
'vlan', 7)
self.addCleanup(self.port1.unbind)
self.cps2 = objects.ChildPortSegmentationTestObj(
self.neutron, self.nb_api)
self.addCleanup(self.cps2.close)
self.cps2.create(self.port2.port.port_id, self.vlan_port2.port_id,
'vlan', 8)
self.addCleanup(self.port2.unbind)
# Setup policy
ignore_action = app_testing_objects.IgnoreAction()
key1 = (self.subnet1.subnet_id, self.port1.port_id)
rules1 = [
app_testing_objects.PortPolicyRule(
# Detect pong, end simulation
app_testing_objects.AndingFilter(
app_testing_objects.OsKenVLANTagFilter(7),
app_testing_objects.OsKenICMPPongFilter(self._get_ping)),
actions=[
app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction()
]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.OsKenARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.OsKenIPv6Filter(),
actions=[ignore_action]),
]
key2 = (self.subnet1.subnet_id, self.port2.port_id)
rules2 = [
app_testing_objects.PortPolicyRule(
# Detect ping, reply with pong
app_testing_objects.AndingFilter(
app_testing_objects.OsKenVLANTagFilter(8),
app_testing_objects.OsKenICMPPingFilter()),
actions=[
app_testing_objects.SendAction(self.subnet1.subnet_id,
self.port2.port_id,
self._create_pong_packet),
app_testing_objects.DisableRuleAction()
]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.OsKenARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.OsKenIPv6Filter(),
actions=[ignore_action]),
]
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
policy1 = app_testing_objects.PortPolicy(rules=rules1,
default_action=raise_action)
policy2 = app_testing_objects.PortPolicy(rules=rules2,
default_action=raise_action)
port_policies = {key1: policy1, key2: policy2}
initial_packet = self._create_ping_packet()
policy = app_testing_objects.Policy(
initial_actions=[
app_testing_objects.SendAction(
self.subnet1.subnet_id,
self.port1.port_id,
initial_packet,
),
],
port_policies=port_policies,
unknown_port_action=app_testing_objects.IgnoreAction())
self.addCleanup(policy.close)
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
# Verify port is up
neutron_vlan_port1 = objects.get_port_by_id(self.neutron,
self.vlan_port1.port_id)
self.assertEqual(n_const.PORT_STATUS_ACTIVE,
neutron_vlan_port1['status'])
neutron_vlan_port2 = objects.get_port_by_id(self.neutron,
self.vlan_port2.port_id)
self.assertEqual(n_const.PORT_STATUS_ACTIVE,
neutron_vlan_port2['status'])
# Verify connectivity
apps.start_policy(policy, self.topology,
const.DEFAULT_RESOURCE_READY_TIMEOUT)
def _create_port_policies(self, connected=True):
ignore_action = app_testing_objects.IgnoreAction()
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
key1 = (self.subnet1.subnet_id, self.port1.port_id)
if connected:
actions = [
app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction()
]
else:
actions = [raise_action]
rules1 = [
app_testing_objects.PortPolicyRule(
# Detect pong, end simulation
app_testing_objects.RyuICMPPongFilter(self._get_ping),
actions=actions),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.RyuARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
key2 = (self.subnet2.subnet_id, self.port2.port_id)
if connected:
actions = [
app_testing_objects.SendAction(self.subnet2.subnet_id,
self.port2.port_id,
self._create_pong_packet),
app_testing_objects.DisableRuleAction()
]
else:
actions = [raise_action]
rules2 = [
app_testing_objects.PortPolicyRule(
# Detect ping, reply with pong
app_testing_objects.RyuICMPPingFilter(),
actions=actions),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.RyuARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore ARP requests from active port detection app for
# ports with allowed_address_pairs
app_testing_objects.RyuARPRequestFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
policy1 = app_testing_objects.PortPolicy(rules=rules1,
default_action=raise_action)
policy2 = app_testing_objects.PortPolicy(rules=rules2,
default_action=raise_action)
return {
key1: policy1,
key2: policy2,
}
def _create_port_policies(self):
ignore_action = app_testing_objects.IgnoreAction()
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
key1 = (self.subnet.subnet_id, self.permit_port_id)
rules1 = [
app_testing_objects.PortPolicyRule(
# Detect pong, end simulation
app_testing_objects.RyuICMPPongFilter(self.permit_icmp_request
),
actions=[
app_testing_objects.DisableRuleAction(),
app_testing_objects.StopSimulationAction(),
]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.RyuARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
key2 = (self.subnet.subnet_id, self.no_permit_port_id)
rules2 = [
app_testing_objects.PortPolicyRule(
# Detect pong, raise unexpected packet exception
app_testing_objects.RyuICMPPongFilter(
self.no_permit_icmp_request),
actions=[raise_action]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.RyuARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
key3 = (self.subnet.subnet_id, self.port3.port_id)
rules3 = [
app_testing_objects.PortPolicyRule(
# Detect ping from port1, reply with pong
app_testing_objects.RyuICMPPingFilter(self.permit_icmp_request
),
actions=[
app_testing_objects.SendAction(self.subnet.subnet_id,
self.port3.port_id,
self._create_pong_packet),
app_testing_objects.DisableRuleAction(),
]),
app_testing_objects.PortPolicyRule(
# Detect ping from port2, raise unexpected packet exception
app_testing_objects.RyuICMPPingFilter(
self.no_permit_icmp_request),
actions=[raise_action]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.RyuARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
policy1 = app_testing_objects.PortPolicy(rules=rules1,
default_action=raise_action)
policy2 = app_testing_objects.PortPolicy(rules=rules2,
default_action=raise_action)
policy3 = app_testing_objects.PortPolicy(rules=rules3,
default_action=raise_action)
return {key1: policy1, key2: policy2, key3: policy3}
