def test_simple_response(self): """ 2 ports on 1 subnet. 1 port asks for MAC of other. Policy: port1: Send ARP request Receive ARP response port2: Do nothing """ apps.start_policy(self.policy, self.topology, const.DEFAULT_RESOURCE_READY_TIMEOUT)
def test_simple_response(self): """ 2 ports on 1 subnet. 1 port asks for MAC of other. Policy: port1: Send Neighbor Solicitation request Receive Neighbor Advertisement port2: Do nothing """ apps.start_policy(self.policy, self.topology, const.DEFAULT_RESOURCE_READY_TIMEOUT)
def test_detected_active_port(self): apps.start_policy(self.policy, self.topology, 30) # check if the active port exists in DF DB self.assertTrue(self._if_the_expected_active_port_exists()) # clear allowed address pairs configuration from the lport self.port.update({'allowed_address_pairs': []}) time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT) # check if the active port was removed from DF DB self.assertFalse(self._if_the_expected_active_port_exists())
def _test_enable_dhcp(self): # Create policy dhcp_packet = self._create_dhcp_discover() send_dhcp_offer = app_testing_objects.SendAction( self.subnet1.subnet_id, self.port1.port_id, dhcp_packet, ) port_policies = self._create_port_policies() policy = app_testing_objects.Policy( initial_actions=[send_dhcp_offer], port_policies=port_policies, unknown_port_action=app_testing_objects.IgnoreAction()) self.addCleanup(policy.close) apps.start_policy(policy, self.topology, const.DEFAULT_RESOURCE_READY_TIMEOUT)
def _test_icmp_address(self, dst_ip): port_policies = self._create_port_policies() initial_packet = self._create_packet( dst_ip, ryu.lib.packet.ipv4.inet.IPPROTO_ICMP) policy = self.store( app_testing_objects.Policy( initial_actions=[ app_testing_objects.SendAction( self.subnet1.subnet_id, self.port1.port_id, initial_packet, ), ], port_policies=port_policies, unknown_port_action=app_testing_objects.IgnoreAction())) apps.start_policy(policy, self.topology, const.DEFAULT_RESOURCE_READY_TIMEOUT)
def test_icmp_ttl_packet(self): ignore_action = app_testing_objects.IgnoreAction() initial_packet = self._create_packet( self.topology.external_network.get_gw_ip(), os_ken.lib.packet.ipv4.inet.IPPROTO_ICMP, ttl=1) policy = app_testing_objects.Policy( initial_actions=[ app_testing_objects.SendAction( self.subnet.subnet_id, self.port.port_id, initial_packet, ), ], port_policies=self._create_icmp_test_port_policies( app_testing_objects.OsKenICMPTimeExceedFilter), unknown_port_action=ignore_action) self.addCleanup(policy.close) apps.start_policy(policy, self.topology, const.DEFAULT_RESOURCE_READY_TIMEOUT)
def test_udp_concrete_router_interface(self): # By default, fullstack will start l3 agent. So there will be concrete # router interface. self.port1.port.update({"security_groups": []}) ignore_action = app_testing_objects.IgnoreAction() port_policy = self._create_icmp_test_port_policies( app_testing_objects.RyuICMPUnreachFilter) initial_packet = self._create_packet( "192.168.12.1", ryu.lib.packet.ipv4.inet.IPPROTO_UDP) policy = self.store( app_testing_objects.Policy(initial_actions=[ app_testing_objects.SendAction( self.subnet1.subnet_id, self.port1.port_id, initial_packet, ), ], port_policies=port_policy, unknown_port_action=ignore_action)) apps.start_policy(policy, self.topology, const.DEFAULT_RESOURCE_READY_TIMEOUT)
def test_router_extra_route(self): nexthop_port = self.subnet1.create_port() nexthop_ip = nexthop_port.port.get_logical_port().ip self.router.router.update({ "routes": [{ "nexthop": nexthop_ip, "destination": "30.0.0.0/24" }] }) time.sleep(const.DEFAULT_CMD_TIMEOUT) ignore_action = app_testing_objects.IgnoreAction() port_policy = self._create_extra_route_policies(nexthop_port) initial_packet = self._create_packet( "30.0.0.12", ryu.lib.packet.ipv4.inet.IPPROTO_ICMP) send_action = app_testing_objects.SendAction(self.subnet1.subnet_id, self.port1.port_id, initial_packet) policy = self.store( app_testing_objects.Policy(initial_actions=[send_action], port_policies=port_policy, unknown_port_action=ignore_action)) apps.start_policy(policy, self.topology, const.DEFAULT_RESOURCE_READY_TIMEOUT)
def _icmp_ping_pong(self): # the rules of the initial security group associated with port3 # only let icmp echo requests from port1 pass. self._update_policy() self._create_allowed_address_pairs_policy() apps.start_policy(self.policy, self.topology, const.DEFAULT_RESOURCE_READY_TIMEOUT) # switch the associated security group with port3 to a new security # group, and rules of this security group only let icmp echo requests # from port2 pass. self._switch_to_another_security_group() time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT) apps.start_policy(self.policy, self.topology, const.DEFAULT_RESOURCE_READY_TIMEOUT) # switch the associated security group with port3 to the initial # security group self._switch_to_another_security_group() time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT) apps.start_policy(self.policy, self.topology, const.DEFAULT_RESOURCE_READY_TIMEOUT) ovs = test_utils.OvsFlowsParser() LOG.info("flows are: %s", ovs.get_ovs_flows(self.integration_bridge)) if len(self.policy.exceptions) > 0: raise self.policy.exceptions[0] self.port3.update({"security_groups": [ self.allowed_address_pairs_security_group_id]}) time.sleep(const.DEFAULT_CMD_TIMEOUT) self.allowed_address_pairs_policy.start(self.topology) self.allowed_address_pairs_policy.wait(30) if len(self.allowed_address_pairs_policy.exceptions) > 0: raise self.allowed_address_pairs_policy.exceptions[0]
def test_icmp_ping_pong(self): # Setup base components - two ports on 1 network self.topology = app_testing_objects.Topology(self.neutron, self.nb_api) self.addCleanup(self.topology.close) self.subnet1 = self.topology.create_subnet(cidr='192.168.12.0/24') self.port1 = self.subnet1.create_port() self.port2 = self.subnet1.create_port() time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT) # Setup VLAN ports self.network = objects.NetworkTestObj(self.neutron, self.nb_api) self.addCleanup(self.network.close) self.network.create() self.subnet = objects.SubnetTestObj(self.neutron, self.nb_api, network_id=self.network.network_id) self.addCleanup(self.subnet.close) self.subnet.create() self.vlan_port1 = objects.PortTestObj( self.neutron, self.nb_api, network_id=self.network.network_id) self.addCleanup(self.vlan_port1.close) self.vlan_port1.create() self.vlan_port2 = objects.PortTestObj( self.neutron, self.nb_api, network_id=self.network.network_id) self.addCleanup(self.vlan_port2.close) self.vlan_port2.create() self.cps1 = objects.ChildPortSegmentationTestObj( self.neutron, self.nb_api) self.addCleanup(self.cps1.close) self.cps1.create(self.port1.port.port_id, self.vlan_port1.port_id, 'vlan', 7) self.addCleanup(self.port1.unbind) self.cps2 = objects.ChildPortSegmentationTestObj( self.neutron, self.nb_api) self.addCleanup(self.cps2.close) self.cps2.create(self.port2.port.port_id, self.vlan_port2.port_id, 'vlan', 8) self.addCleanup(self.port2.unbind) # Setup policy ignore_action = app_testing_objects.IgnoreAction() key1 = (self.subnet1.subnet_id, self.port1.port_id) rules1 = [ app_testing_objects.PortPolicyRule( # Detect pong, end simulation app_testing_objects.AndingFilter( app_testing_objects.OsKenVLANTagFilter(7), app_testing_objects.OsKenICMPPongFilter(self._get_ping)), actions=[ app_testing_objects.DisableRuleAction(), app_testing_objects.StopSimulationAction() ]), app_testing_objects.PortPolicyRule( # Ignore gratuitous ARP packets app_testing_objects.OsKenARPGratuitousFilter(), actions=[ignore_action]), app_testing_objects.PortPolicyRule( # Ignore IPv6 packets app_testing_objects.OsKenIPv6Filter(), actions=[ignore_action]), ] key2 = (self.subnet1.subnet_id, self.port2.port_id) rules2 = [ app_testing_objects.PortPolicyRule( # Detect ping, reply with pong app_testing_objects.AndingFilter( app_testing_objects.OsKenVLANTagFilter(8), app_testing_objects.OsKenICMPPingFilter()), actions=[ app_testing_objects.SendAction(self.subnet1.subnet_id, self.port2.port_id, self._create_pong_packet), app_testing_objects.DisableRuleAction() ]), app_testing_objects.PortPolicyRule( # Ignore gratuitous ARP packets app_testing_objects.OsKenARPGratuitousFilter(), actions=[ignore_action]), app_testing_objects.PortPolicyRule( # Ignore IPv6 packets app_testing_objects.OsKenIPv6Filter(), actions=[ignore_action]), ] raise_action = app_testing_objects.RaiseAction("Unexpected packet") policy1 = app_testing_objects.PortPolicy(rules=rules1, default_action=raise_action) policy2 = app_testing_objects.PortPolicy(rules=rules2, default_action=raise_action) port_policies = {key1: policy1, key2: policy2} initial_packet = self._create_ping_packet() policy = app_testing_objects.Policy( initial_actions=[ app_testing_objects.SendAction( self.subnet1.subnet_id, self.port1.port_id, initial_packet, ), ], port_policies=port_policies, unknown_port_action=app_testing_objects.IgnoreAction()) self.addCleanup(policy.close) time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT) # Verify port is up neutron_vlan_port1 = objects.get_port_by_id(self.neutron, self.vlan_port1.port_id) self.assertEqual(n_const.PORT_STATUS_ACTIVE, neutron_vlan_port1['status']) neutron_vlan_port2 = objects.get_port_by_id(self.neutron, self.vlan_port2.port_id) self.assertEqual(n_const.PORT_STATUS_ACTIVE, neutron_vlan_port2['status']) # Verify connectivity apps.start_policy(policy, self.topology, const.DEFAULT_RESOURCE_READY_TIMEOUT)
def test_icmp_ping_using_different_ip_mac(self): apps.start_policy(self.policy, self.topology, const.DEFAULT_RESOURCE_READY_TIMEOUT)
def test_icmp_ping_pong_with_external_peer(self): self._create_topology() policy = self._create_policy() apps.start_policy(policy, self.topology, const.DEFAULT_RESOURCE_READY_TIMEOUT)