Exemplo n.º 1
0
def fake_controller_setup(enf_controller,
                          enf_stats_controller=None,
                          startup_flow_controller=None,
                          setup_flows_request=None):
    """
    Immitate contoller restart. This is done by manually setting contoller init
    fields back to False, and restarting the startup stats controller(optional)

    If no stats controller is given this means a clean restart, if clean restart
    flag is not set fail the test case.
    """
    if setup_flows_request is None:
        setup_flows_request = SetupFlowsRequest(requests=[],
                                                epoch=global_epoch)
    enf_controller.init_finished = False
    if startup_flow_controller:
        startup_flow_controller._flows_received = False
        startup_flow_controller._table_flows.clear()
        hub.spawn(startup_flow_controller._poll_startup_flows, 1)
    else:
        TestCase().assertEqual(enf_controller._clean_restart, True)
        if enf_stats_controller:
            TestCase().assertEqual(enf_stats_controller._clean_restart, True)
    TestCase().assertEqual(
        setup_controller(enf_controller, setup_flows_request),
        SetupFlowsResult.SUCCESS)
    if enf_stats_controller:
        enf_stats_controller.init_finished = False
        TestCase().assertEqual(
            setup_controller(enf_stats_controller, setup_flows_request),
            SetupFlowsResult.SUCCESS)
Exemplo n.º 2
0
    def test_enforcement_restart(self):
        """
        Adds rules using the setup feature

        1) Empty SetupFlowsRequest
            - assert default flows
        2) Add 2 imsis, add 2 policies(sub1_rule_temp, sub2_rule_keep),
            - assert everything is properly added
        3) Same imsis 1 new policy, 1 old (sub2_new_rule, sub2_rule_keep)
            - assert everything is properly added
        4) Empty SetupFlowsRequest
            - assert default flows
        """
        self.enforcement_controller._rule_mapper = RuleIDToNumMapper()
        self.enforcement_stats_controller._rule_mapper = RuleIDToNumMapper()
        fake_controller_setup(
            enf_controller=self.enforcement_controller,
            enf_stats_controller=self.enforcement_stats_controller,
            startup_flow_controller=self.startup_flows_contoller,
        )
        snapshot_verifier = SnapshotVerifier(
            self,
            self.BRIDGE,
            self.service_manager,
            'default_flows',
        )
        with snapshot_verifier:
            pass

        imsi1 = 'IMSI010000000088888'
        imsi2 = 'IMSI010000000012345'
        sub2_ip = '192.168.128.74'
        flow_list1 = [
            FlowDescription(
                match=FlowMatch(
                    ip_dst=convert_ipv4_str_to_ip_proto('45.10.0.0/24'),
                    direction=FlowMatch.UPLINK,
                ),
                action=FlowDescription.PERMIT,
            ),
            FlowDescription(
                match=FlowMatch(
                    ip_dst=convert_ipv4_str_to_ip_proto('45.11.0.0/24'),
                    direction=FlowMatch.UPLINK,
                ),
                action=FlowDescription.PERMIT,
            ),
        ]
        flow_list2 = [
            FlowDescription(
                match=FlowMatch(
                    ip_dst=convert_ipv4_str_to_ip_proto('10.10.1.0/24'),
                    direction=FlowMatch.UPLINK,
                ),
                action=FlowDescription.PERMIT,
            ),
        ]
        policies1 = [
            VersionedPolicy(
                rule=PolicyRule(id='sub1_rule_temp',
                                priority=2,
                                flow_list=flow_list1),
                version=1,
            ),
        ]
        policies2 = [
            VersionedPolicy(
                rule=PolicyRule(id='sub2_rule_keep',
                                priority=3,
                                flow_list=flow_list2),
                version=1,
            ),
        ]
        enf_stat_name = [
            imsi1 + '|sub1_rule_temp' + '|' + sub2_ip,
            imsi2 + '|sub2_rule_keep' + '|' + sub2_ip,
        ]

        self.service_manager.session_rule_version_mapper.save_version(
            imsi1,
            convert_ipv4_str_to_ip_proto(sub2_ip),
            'sub1_rule_temp',
            1,
        )
        self.service_manager.session_rule_version_mapper.save_version(
            imsi2,
            convert_ipv4_str_to_ip_proto(sub2_ip),
            'sub2_rule_keep',
            1,
        )

        setup_flows_request = SetupFlowsRequest(
            requests=[
                ActivateFlowsRequest(
                    sid=SIDUtils.to_pb(imsi1),
                    ip_addr=sub2_ip,
                    policies=policies1,
                ),
                ActivateFlowsRequest(
                    sid=SIDUtils.to_pb(imsi2),
                    ip_addr=sub2_ip,
                    policies=policies2,
                ),
            ],
            epoch=global_epoch,
        )

        # Simulate clearing the dict
        self.service_manager.session_rule_version_mapper\
            ._version_by_imsi_and_rule = {}

        fake_controller_setup(
            enf_controller=self.enforcement_controller,
            enf_stats_controller=self.enforcement_stats_controller,
            startup_flow_controller=self.startup_flows_contoller,
            setup_flows_request=setup_flows_request,
        )
        sub_context = RyuDirectSubscriberContext(
            imsi2,
            sub2_ip,
            self.enforcement_controller,
            self._enforcement_tbl_num,
        )
        isolator = RyuDirectTableIsolator(
            RyuForwardFlowArgsBuilder.from_subscriber(
                sub_context.cfg).build_requests(),
            self.testing_controller,
        )
        pkt_sender = ScapyPacketInjector(self.IFACE)
        packets = IPPacketBuilder()\
            .set_ip_layer('10.10.1.8/20', sub2_ip)\
            .set_ether_layer(self.MAC_DEST, "00:00:00:00:00:00")\
            .build()
        snapshot_verifier = SnapshotVerifier(
            self,
            self.BRIDGE,
            self.service_manager,
            'before_restart',
        )
        with isolator, snapshot_verifier:
            pkt_sender.send(packets)

        flow_list1 = [
            FlowDescription(
                match=FlowMatch(
                    ip_dst=convert_ipv4_str_to_ip_proto('24.10.0.0/24'),
                    direction=FlowMatch.UPLINK,
                ),
                action=FlowDescription.PERMIT,
            ),
        ]
        policies = [
            VersionedPolicy(
                rule=PolicyRule(id='sub2_new_rule',
                                priority=2,
                                flow_list=flow_list1),
                version=1,
            ),
            VersionedPolicy(
                rule=PolicyRule(id='sub2_rule_keep',
                                priority=3,
                                flow_list=flow_list2),
                version=1,
            ),
        ]
        enf_stat_name = [
            imsi2 + '|sub2_new_rule' + '|' + sub2_ip + "|" + "1",
            imsi2 + '|sub2_rule_keep' + '|' + sub2_ip + "|" + "1",
        ]
        setup_flows_request = SetupFlowsRequest(
            requests=[
                ActivateFlowsRequest(
                    sid=SIDUtils.to_pb(imsi2),
                    ip_addr=sub2_ip,
                    policies=policies,
                ),
            ],
            epoch=global_epoch,
        )

        fake_controller_setup(
            enf_controller=self.enforcement_controller,
            enf_stats_controller=self.enforcement_stats_controller,
            startup_flow_controller=self.startup_flows_contoller,
            setup_flows_request=setup_flows_request,
        )
        snapshot_verifier = SnapshotVerifier(
            self,
            self.BRIDGE,
            self.service_manager,
            'after_restart',
        )
        with snapshot_verifier:
            pass

        fake_controller_setup(
            enf_controller=self.enforcement_controller,
            enf_stats_controller=self.enforcement_stats_controller,
            startup_flow_controller=self.startup_flows_contoller,
        )
        snapshot_verifier = SnapshotVerifier(
            self,
            self.BRIDGE,
            self.service_manager,
            'default_flows_w_packets',
        )

        with snapshot_verifier:
            pass
Exemplo n.º 3
0
    def test_enforcement_ipv6_restart(self):
        """
        Adds rules using the setup feature

        1) Empty SetupFlowsRequest
            - assert default flows
        2) Add imsi with ipv6 policy
            - assert everything is properly added
        """
        fake_controller_setup(
            enf_controller=self.enforcement_controller,
            enf_stats_controller=self.enforcement_stats_controller,
            startup_flow_controller=self.startup_flows_contoller,
        )
        snapshot_verifier = SnapshotVerifier(
            self,
            self.BRIDGE,
            self.service_manager,
            'default_flows',
        )
        with snapshot_verifier:
            pass

        imsi = 'IMSI010000002388888'
        sub_ip = b'fe80:24c3:d0ff:fef3:9d21:4407:d337:1928'

        flow_list = [
            FlowDescription(
                match=FlowMatch(
                    ip_dst=convert_ipv6_bytes_to_ip_proto(b'fe80::'),
                    direction=FlowMatch.UPLINK,
                ),
                action=FlowDescription.PERMIT,
            ),
        ]
        policies = [
            VersionedPolicy(
                rule=PolicyRule(id='ipv6_rule',
                                priority=2,
                                flow_list=flow_list),
                version=1,
            ),
        ]
        enf_stat_name = [imsi + '|ipv6_rule' + '|' + str(sub_ip) + "|" + "1"]
        setup_flows_request = SetupFlowsRequest(
            requests=[
                ActivateFlowsRequest(
                    sid=SIDUtils.to_pb(imsi),
                    ipv6_addr=sub_ip,
                    policies=policies,
                ),
            ],
            epoch=global_epoch,
        )

        fake_controller_setup(
            enf_controller=self.enforcement_controller,
            enf_stats_controller=self.enforcement_stats_controller,
            startup_flow_controller=self.startup_flows_contoller,
            setup_flows_request=setup_flows_request,
        )
        snapshot_verifier = SnapshotVerifier(
            self,
            self.BRIDGE,
            self.service_manager,
            'after_restart',
        )
        with snapshot_verifier:
            pass

        fake_controller_setup(
            enf_controller=self.enforcement_controller,
            enf_stats_controller=self.enforcement_stats_controller,
            startup_flow_controller=self.startup_flows_contoller,
        )
        snapshot_verifier = SnapshotVerifier(
            self,
            self.BRIDGE,
            self.service_manager,
            'default_flows',
        )

        with snapshot_verifier:
            pass