def fake_controller_setup(enf_controller, enf_stats_controller=None, startup_flow_controller=None, setup_flows_request=None): """ Immitate contoller restart. This is done by manually setting contoller init fields back to False, and restarting the startup stats controller(optional) If no stats controller is given this means a clean restart, if clean restart flag is not set fail the test case. """ if setup_flows_request is None: setup_flows_request = SetupFlowsRequest(requests=[], epoch=global_epoch) enf_controller.init_finished = False if startup_flow_controller: startup_flow_controller._flows_received = False startup_flow_controller._table_flows.clear() hub.spawn(startup_flow_controller._poll_startup_flows, 1) else: TestCase().assertEqual(enf_controller._clean_restart, True) if enf_stats_controller: TestCase().assertEqual(enf_stats_controller._clean_restart, True) TestCase().assertEqual( setup_controller(enf_controller, setup_flows_request), SetupFlowsResult.SUCCESS) if enf_stats_controller: enf_stats_controller.init_finished = False TestCase().assertEqual( setup_controller(enf_stats_controller, setup_flows_request), SetupFlowsResult.SUCCESS)
def test_enforcement_restart(self): """ Adds rules using the setup feature 1) Empty SetupFlowsRequest - assert default flows 2) Add 2 imsis, add 2 policies(sub1_rule_temp, sub2_rule_keep), - assert everything is properly added 3) Same imsis 1 new policy, 1 old (sub2_new_rule, sub2_rule_keep) - assert everything is properly added 4) Empty SetupFlowsRequest - assert default flows """ self.enforcement_controller._rule_mapper = RuleIDToNumMapper() self.enforcement_stats_controller._rule_mapper = RuleIDToNumMapper() fake_controller_setup( enf_controller=self.enforcement_controller, enf_stats_controller=self.enforcement_stats_controller, startup_flow_controller=self.startup_flows_contoller, ) snapshot_verifier = SnapshotVerifier( self, self.BRIDGE, self.service_manager, 'default_flows', ) with snapshot_verifier: pass imsi1 = 'IMSI010000000088888' imsi2 = 'IMSI010000000012345' sub2_ip = '192.168.128.74' flow_list1 = [ FlowDescription( match=FlowMatch( ip_dst=convert_ipv4_str_to_ip_proto('45.10.0.0/24'), direction=FlowMatch.UPLINK, ), action=FlowDescription.PERMIT, ), FlowDescription( match=FlowMatch( ip_dst=convert_ipv4_str_to_ip_proto('45.11.0.0/24'), direction=FlowMatch.UPLINK, ), action=FlowDescription.PERMIT, ), ] flow_list2 = [ FlowDescription( match=FlowMatch( ip_dst=convert_ipv4_str_to_ip_proto('10.10.1.0/24'), direction=FlowMatch.UPLINK, ), action=FlowDescription.PERMIT, ), ] policies1 = [ VersionedPolicy( rule=PolicyRule(id='sub1_rule_temp', priority=2, flow_list=flow_list1), version=1, ), ] policies2 = [ VersionedPolicy( rule=PolicyRule(id='sub2_rule_keep', priority=3, flow_list=flow_list2), version=1, ), ] enf_stat_name = [ imsi1 + '|sub1_rule_temp' + '|' + sub2_ip, imsi2 + '|sub2_rule_keep' + '|' + sub2_ip, ] self.service_manager.session_rule_version_mapper.save_version( imsi1, convert_ipv4_str_to_ip_proto(sub2_ip), 'sub1_rule_temp', 1, ) self.service_manager.session_rule_version_mapper.save_version( imsi2, convert_ipv4_str_to_ip_proto(sub2_ip), 'sub2_rule_keep', 1, ) setup_flows_request = SetupFlowsRequest( requests=[ ActivateFlowsRequest( sid=SIDUtils.to_pb(imsi1), ip_addr=sub2_ip, policies=policies1, ), ActivateFlowsRequest( sid=SIDUtils.to_pb(imsi2), ip_addr=sub2_ip, policies=policies2, ), ], epoch=global_epoch, ) # Simulate clearing the dict self.service_manager.session_rule_version_mapper\ ._version_by_imsi_and_rule = {} fake_controller_setup( enf_controller=self.enforcement_controller, enf_stats_controller=self.enforcement_stats_controller, startup_flow_controller=self.startup_flows_contoller, setup_flows_request=setup_flows_request, ) sub_context = RyuDirectSubscriberContext( imsi2, sub2_ip, self.enforcement_controller, self._enforcement_tbl_num, ) isolator = RyuDirectTableIsolator( RyuForwardFlowArgsBuilder.from_subscriber( sub_context.cfg).build_requests(), self.testing_controller, ) pkt_sender = ScapyPacketInjector(self.IFACE) packets = IPPacketBuilder()\ .set_ip_layer('10.10.1.8/20', sub2_ip)\ .set_ether_layer(self.MAC_DEST, "00:00:00:00:00:00")\ .build() snapshot_verifier = SnapshotVerifier( self, self.BRIDGE, self.service_manager, 'before_restart', ) with isolator, snapshot_verifier: pkt_sender.send(packets) flow_list1 = [ FlowDescription( match=FlowMatch( ip_dst=convert_ipv4_str_to_ip_proto('24.10.0.0/24'), direction=FlowMatch.UPLINK, ), action=FlowDescription.PERMIT, ), ] policies = [ VersionedPolicy( rule=PolicyRule(id='sub2_new_rule', priority=2, flow_list=flow_list1), version=1, ), VersionedPolicy( rule=PolicyRule(id='sub2_rule_keep', priority=3, flow_list=flow_list2), version=1, ), ] enf_stat_name = [ imsi2 + '|sub2_new_rule' + '|' + sub2_ip + "|" + "1", imsi2 + '|sub2_rule_keep' + '|' + sub2_ip + "|" + "1", ] setup_flows_request = SetupFlowsRequest( requests=[ ActivateFlowsRequest( sid=SIDUtils.to_pb(imsi2), ip_addr=sub2_ip, policies=policies, ), ], epoch=global_epoch, ) fake_controller_setup( enf_controller=self.enforcement_controller, enf_stats_controller=self.enforcement_stats_controller, startup_flow_controller=self.startup_flows_contoller, setup_flows_request=setup_flows_request, ) snapshot_verifier = SnapshotVerifier( self, self.BRIDGE, self.service_manager, 'after_restart', ) with snapshot_verifier: pass fake_controller_setup( enf_controller=self.enforcement_controller, enf_stats_controller=self.enforcement_stats_controller, startup_flow_controller=self.startup_flows_contoller, ) snapshot_verifier = SnapshotVerifier( self, self.BRIDGE, self.service_manager, 'default_flows_w_packets', ) with snapshot_verifier: pass
def test_enforcement_ipv6_restart(self): """ Adds rules using the setup feature 1) Empty SetupFlowsRequest - assert default flows 2) Add imsi with ipv6 policy - assert everything is properly added """ fake_controller_setup( enf_controller=self.enforcement_controller, enf_stats_controller=self.enforcement_stats_controller, startup_flow_controller=self.startup_flows_contoller, ) snapshot_verifier = SnapshotVerifier( self, self.BRIDGE, self.service_manager, 'default_flows', ) with snapshot_verifier: pass imsi = 'IMSI010000002388888' sub_ip = b'fe80:24c3:d0ff:fef3:9d21:4407:d337:1928' flow_list = [ FlowDescription( match=FlowMatch( ip_dst=convert_ipv6_bytes_to_ip_proto(b'fe80::'), direction=FlowMatch.UPLINK, ), action=FlowDescription.PERMIT, ), ] policies = [ VersionedPolicy( rule=PolicyRule(id='ipv6_rule', priority=2, flow_list=flow_list), version=1, ), ] enf_stat_name = [imsi + '|ipv6_rule' + '|' + str(sub_ip) + "|" + "1"] setup_flows_request = SetupFlowsRequest( requests=[ ActivateFlowsRequest( sid=SIDUtils.to_pb(imsi), ipv6_addr=sub_ip, policies=policies, ), ], epoch=global_epoch, ) fake_controller_setup( enf_controller=self.enforcement_controller, enf_stats_controller=self.enforcement_stats_controller, startup_flow_controller=self.startup_flows_contoller, setup_flows_request=setup_flows_request, ) snapshot_verifier = SnapshotVerifier( self, self.BRIDGE, self.service_manager, 'after_restart', ) with snapshot_verifier: pass fake_controller_setup( enf_controller=self.enforcement_controller, enf_stats_controller=self.enforcement_stats_controller, startup_flow_controller=self.startup_flows_contoller, ) snapshot_verifier = SnapshotVerifier( self, self.BRIDGE, self.service_manager, 'default_flows', ) with snapshot_verifier: pass