Python start_policy 예제들

예제 #1

 def test_simple_response(self):
     """
     2 ports on 1 subnet. 1 port asks for MAC of other.
     Policy:
         port1:
             Send ARP request
             Receive ARP response
         port2:
             Do nothing
     """
     apps.start_policy(self.policy, self.topology,
                       const.DEFAULT_RESOURCE_READY_TIMEOUT)

예제 #2

 def test_simple_response(self):
     """
     2 ports on 1 subnet. 1 port asks for MAC of other.
     Policy:
         port1:
             Send Neighbor Solicitation request
             Receive Neighbor Advertisement
         port2:
             Do nothing
     """
     apps.start_policy(self.policy, self.topology,
                       const.DEFAULT_RESOURCE_READY_TIMEOUT)

예제 #3

파일: test_allowed_address_pairs.py 프로젝트: rubiruchi/dragonflow

    def test_detected_active_port(self):
        apps.start_policy(self.policy, self.topology, 30)

        # check if the active port exists in DF DB
        self.assertTrue(self._if_the_expected_active_port_exists())

        # clear allowed address pairs configuration from the lport
        self.port.update({'allowed_address_pairs': []})
        time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)

        # check if the active port was removed from DF DB
        self.assertFalse(self._if_the_expected_active_port_exists())

예제 #4

파일: test_dhcp.py 프로젝트: eyalleshem/dragonflow

 def _test_enable_dhcp(self):
     # Create policy
     dhcp_packet = self._create_dhcp_discover()
     send_dhcp_offer = app_testing_objects.SendAction(
         self.subnet1.subnet_id,
         self.port1.port_id,
         dhcp_packet,
     )
     port_policies = self._create_port_policies()
     policy = app_testing_objects.Policy(
         initial_actions=[send_dhcp_offer],
         port_policies=port_policies,
         unknown_port_action=app_testing_objects.IgnoreAction())
     self.addCleanup(policy.close)
     apps.start_policy(policy, self.topology,
                       const.DEFAULT_RESOURCE_READY_TIMEOUT)

예제 #5

 def _test_icmp_address(self, dst_ip):
     port_policies = self._create_port_policies()
     initial_packet = self._create_packet(
         dst_ip, ryu.lib.packet.ipv4.inet.IPPROTO_ICMP)
     policy = self.store(
         app_testing_objects.Policy(
             initial_actions=[
                 app_testing_objects.SendAction(
                     self.subnet1.subnet_id,
                     self.port1.port_id,
                     initial_packet,
                 ),
             ],
             port_policies=port_policies,
             unknown_port_action=app_testing_objects.IgnoreAction()))
     apps.start_policy(policy, self.topology,
                       const.DEFAULT_RESOURCE_READY_TIMEOUT)

예제 #6

 def test_icmp_ttl_packet(self):
     ignore_action = app_testing_objects.IgnoreAction()
     initial_packet = self._create_packet(
         self.topology.external_network.get_gw_ip(),
         os_ken.lib.packet.ipv4.inet.IPPROTO_ICMP,
         ttl=1)
     policy = app_testing_objects.Policy(
         initial_actions=[
             app_testing_objects.SendAction(
                 self.subnet.subnet_id,
                 self.port.port_id,
                 initial_packet,
             ),
         ],
         port_policies=self._create_icmp_test_port_policies(
             app_testing_objects.OsKenICMPTimeExceedFilter),
         unknown_port_action=ignore_action)
     self.addCleanup(policy.close)
     apps.start_policy(policy, self.topology,
                       const.DEFAULT_RESOURCE_READY_TIMEOUT)

예제 #7

 def test_udp_concrete_router_interface(self):
     # By default, fullstack will start l3 agent. So there will be concrete
     # router interface.
     self.port1.port.update({"security_groups": []})
     ignore_action = app_testing_objects.IgnoreAction()
     port_policy = self._create_icmp_test_port_policies(
         app_testing_objects.RyuICMPUnreachFilter)
     initial_packet = self._create_packet(
         "192.168.12.1", ryu.lib.packet.ipv4.inet.IPPROTO_UDP)
     policy = self.store(
         app_testing_objects.Policy(initial_actions=[
             app_testing_objects.SendAction(
                 self.subnet1.subnet_id,
                 self.port1.port_id,
                 initial_packet,
             ),
         ],
                                    port_policies=port_policy,
                                    unknown_port_action=ignore_action))
     apps.start_policy(policy, self.topology,
                       const.DEFAULT_RESOURCE_READY_TIMEOUT)

예제 #8

 def test_router_extra_route(self):
     nexthop_port = self.subnet1.create_port()
     nexthop_ip = nexthop_port.port.get_logical_port().ip
     self.router.router.update({
         "routes": [{
             "nexthop": nexthop_ip,
             "destination": "30.0.0.0/24"
         }]
     })
     time.sleep(const.DEFAULT_CMD_TIMEOUT)
     ignore_action = app_testing_objects.IgnoreAction()
     port_policy = self._create_extra_route_policies(nexthop_port)
     initial_packet = self._create_packet(
         "30.0.0.12", ryu.lib.packet.ipv4.inet.IPPROTO_ICMP)
     send_action = app_testing_objects.SendAction(self.subnet1.subnet_id,
                                                  self.port1.port_id,
                                                  initial_packet)
     policy = self.store(
         app_testing_objects.Policy(initial_actions=[send_action],
                                    port_policies=port_policy,
                                    unknown_port_action=ignore_action))
     apps.start_policy(policy, self.topology,
                       const.DEFAULT_RESOURCE_READY_TIMEOUT)

예제 #9

    def _icmp_ping_pong(self):
        # the rules of the initial security group associated with port3
        # only let icmp echo requests from port1 pass.

        self._update_policy()
        self._create_allowed_address_pairs_policy()
        apps.start_policy(self.policy, self.topology,
                          const.DEFAULT_RESOURCE_READY_TIMEOUT)

        # switch the associated security group with port3 to a new security
        # group, and rules of this security group only let icmp echo requests
        # from port2 pass.
        self._switch_to_another_security_group()
        time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)

        apps.start_policy(self.policy, self.topology,
                          const.DEFAULT_RESOURCE_READY_TIMEOUT)

        # switch the associated security group with port3 to the initial
        # security group
        self._switch_to_another_security_group()
        time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)

        apps.start_policy(self.policy, self.topology,
                          const.DEFAULT_RESOURCE_READY_TIMEOUT)

        ovs = test_utils.OvsFlowsParser()
        LOG.info("flows are: %s",
                 ovs.get_ovs_flows(self.integration_bridge))

        if len(self.policy.exceptions) > 0:
            raise self.policy.exceptions[0]

        self.port3.update({"security_groups": [
            self.allowed_address_pairs_security_group_id]})
        time.sleep(const.DEFAULT_CMD_TIMEOUT)
        self.allowed_address_pairs_policy.start(self.topology)
        self.allowed_address_pairs_policy.wait(30)

        if len(self.allowed_address_pairs_policy.exceptions) > 0:
            raise self.allowed_address_pairs_policy.exceptions[0]

예제 #10

    def test_icmp_ping_pong(self):
        # Setup base components - two ports on 1 network
        self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
        self.addCleanup(self.topology.close)
        self.subnet1 = self.topology.create_subnet(cidr='192.168.12.0/24')
        self.port1 = self.subnet1.create_port()
        self.port2 = self.subnet1.create_port()
        time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)

        # Setup VLAN ports
        self.network = objects.NetworkTestObj(self.neutron, self.nb_api)
        self.addCleanup(self.network.close)
        self.network.create()
        self.subnet = objects.SubnetTestObj(self.neutron,
                                            self.nb_api,
                                            network_id=self.network.network_id)
        self.addCleanup(self.subnet.close)
        self.subnet.create()
        self.vlan_port1 = objects.PortTestObj(
            self.neutron, self.nb_api, network_id=self.network.network_id)
        self.addCleanup(self.vlan_port1.close)
        self.vlan_port1.create()
        self.vlan_port2 = objects.PortTestObj(
            self.neutron, self.nb_api, network_id=self.network.network_id)
        self.addCleanup(self.vlan_port2.close)
        self.vlan_port2.create()

        self.cps1 = objects.ChildPortSegmentationTestObj(
            self.neutron, self.nb_api)
        self.addCleanup(self.cps1.close)
        self.cps1.create(self.port1.port.port_id, self.vlan_port1.port_id,
                         'vlan', 7)
        self.addCleanup(self.port1.unbind)

        self.cps2 = objects.ChildPortSegmentationTestObj(
            self.neutron, self.nb_api)
        self.addCleanup(self.cps2.close)
        self.cps2.create(self.port2.port.port_id, self.vlan_port2.port_id,
                         'vlan', 8)
        self.addCleanup(self.port2.unbind)

        # Setup policy
        ignore_action = app_testing_objects.IgnoreAction()
        key1 = (self.subnet1.subnet_id, self.port1.port_id)
        rules1 = [
            app_testing_objects.PortPolicyRule(
                # Detect pong, end simulation
                app_testing_objects.AndingFilter(
                    app_testing_objects.OsKenVLANTagFilter(7),
                    app_testing_objects.OsKenICMPPongFilter(self._get_ping)),
                actions=[
                    app_testing_objects.DisableRuleAction(),
                    app_testing_objects.StopSimulationAction()
                ]),
            app_testing_objects.PortPolicyRule(
                # Ignore gratuitous ARP packets
                app_testing_objects.OsKenARPGratuitousFilter(),
                actions=[ignore_action]),
            app_testing_objects.PortPolicyRule(
                # Ignore IPv6 packets
                app_testing_objects.OsKenIPv6Filter(),
                actions=[ignore_action]),
        ]
        key2 = (self.subnet1.subnet_id, self.port2.port_id)
        rules2 = [
            app_testing_objects.PortPolicyRule(
                # Detect ping, reply with pong
                app_testing_objects.AndingFilter(
                    app_testing_objects.OsKenVLANTagFilter(8),
                    app_testing_objects.OsKenICMPPingFilter()),
                actions=[
                    app_testing_objects.SendAction(self.subnet1.subnet_id,
                                                   self.port2.port_id,
                                                   self._create_pong_packet),
                    app_testing_objects.DisableRuleAction()
                ]),
            app_testing_objects.PortPolicyRule(
                # Ignore gratuitous ARP packets
                app_testing_objects.OsKenARPGratuitousFilter(),
                actions=[ignore_action]),
            app_testing_objects.PortPolicyRule(
                # Ignore IPv6 packets
                app_testing_objects.OsKenIPv6Filter(),
                actions=[ignore_action]),
        ]
        raise_action = app_testing_objects.RaiseAction("Unexpected packet")
        policy1 = app_testing_objects.PortPolicy(rules=rules1,
                                                 default_action=raise_action)
        policy2 = app_testing_objects.PortPolicy(rules=rules2,
                                                 default_action=raise_action)
        port_policies = {key1: policy1, key2: policy2}
        initial_packet = self._create_ping_packet()
        policy = app_testing_objects.Policy(
            initial_actions=[
                app_testing_objects.SendAction(
                    self.subnet1.subnet_id,
                    self.port1.port_id,
                    initial_packet,
                ),
            ],
            port_policies=port_policies,
            unknown_port_action=app_testing_objects.IgnoreAction())
        self.addCleanup(policy.close)

        time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)

        # Verify port is up
        neutron_vlan_port1 = objects.get_port_by_id(self.neutron,
                                                    self.vlan_port1.port_id)
        self.assertEqual(n_const.PORT_STATUS_ACTIVE,
                         neutron_vlan_port1['status'])
        neutron_vlan_port2 = objects.get_port_by_id(self.neutron,
                                                    self.vlan_port2.port_id)
        self.assertEqual(n_const.PORT_STATUS_ACTIVE,
                         neutron_vlan_port2['status'])

        # Verify connectivity
        apps.start_policy(policy, self.topology,
                          const.DEFAULT_RESOURCE_READY_TIMEOUT)

예제 #11

파일: test_portsec.py 프로젝트: snapiri/dragonflow

 def test_icmp_ping_using_different_ip_mac(self):
     apps.start_policy(self.policy, self.topology,
                       const.DEFAULT_RESOURCE_READY_TIMEOUT)

예제 #12

파일: test_snat.py 프로젝트: rubiruchi/dragonflow

 def test_icmp_ping_pong_with_external_peer(self):
     self._create_topology()
     policy = self._create_policy()
     apps.start_policy(policy, self.topology,
                       const.DEFAULT_RESOURCE_READY_TIMEOUT)