def _create_rate_limit_port_policies(self, rate, icmp_filter):
ignore_action = app_testing_objects.IgnoreAction()
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
# Disable port policy rule, so that any further packets will hit the
# default action, which is raise_action in this case.
count_action = app_testing_objects.CountAction(
rate, app_testing_objects.DisableRuleAction())
key = (self.subnet1.subnet_id, self.port1.port_id)
rules = [
app_testing_objects.PortPolicyRule(
# Detect ICMP, end simulation
icmp_filter(self._get_ip),
actions=[count_action]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.RyuARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
policy = app_testing_objects.PortPolicy(rules=rules,
default_action=raise_action)
return {key: policy}
def _create_port_policies(self):
key = (self.subnet.subnet_id, self.port2.port_id)
# when port2 receive both two packets (one using vm fixed ip and mac,
# another using one of the allowed address pairs),
# stop this simulation.
count_action = app_testing_objects.CountAction(
2, app_testing_objects.StopSimulationAction()
)
rules = [
app_testing_objects.PortPolicyRule(
app_testing_objects.OsKenICMPPingFilter(
self._get_ping_using_vm_ip_mac, self.ethertype),
actions=[
count_action,
app_testing_objects.DisableRuleAction(),
]
),
app_testing_objects.PortPolicyRule(
app_testing_objects.OsKenICMPPingFilter(
self._get_ping_using_allowed_address_pair_ip_mac,
self.ethertype),
actions=[
count_action,
app_testing_objects.DisableRuleAction(),
]
),
app_testing_objects.PortPolicyRule(
app_testing_objects.OsKenICMPPingFilter(
self._get_ping_using_fake_ip, self.ethertype),
actions=[
app_testing_objects.RaiseAction("a packet with a fake "
"ip passed")
]
),
app_testing_objects.PortPolicyRule(
app_testing_objects.OsKenICMPPingFilter(
self._get_ping_using_fake_mac, self.ethertype),
actions=[
app_testing_objects.RaiseAction("a packet with a fake "
"mac passed")
]
)
]
rules += self._get_filtering_rules()
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
policy = app_testing_objects.PortPolicy(
rules=rules,
default_action=raise_action
)
return {
key: policy
}
def _create_port_policies(self):
ignore_action = app_testing_objects.IgnoreAction()
key = (self.subnet.subnet_id, self.port2.port_id)
# when port2 receive both two packets (one using vm fixed ip and mac,
# another using one of the allowed address pairs),
# stop this simulation.
count_action = app_testing_objects.CountAction(
2, app_testing_objects.StopSimulationAction())
rules = [
app_testing_objects.PortPolicyRule(
app_testing_objects.RyuICMPPingFilter(
self._get_ping_using_vm_ip_mac),
actions=[
count_action,
app_testing_objects.DisableRuleAction(),
]),
app_testing_objects.PortPolicyRule(
app_testing_objects.RyuICMPPingFilter(
self._get_ping_using_allowed_address_pair_ip_mac),
actions=[
count_action,
app_testing_objects.DisableRuleAction(),
]),
app_testing_objects.PortPolicyRule(
app_testing_objects.RyuICMPPingFilter(
self._get_ping_using_fake_ip),
actions=[
app_testing_objects.RaiseAction("a packet with a fake "
"ip passed")
]),
app_testing_objects.PortPolicyRule(
app_testing_objects.RyuICMPPingFilter(
self._get_ping_using_fake_mac),
actions=[
app_testing_objects.RaiseAction("a packet with a fake "
"mac passed")
]),
app_testing_objects.PortPolicyRule(
# Ignore gratuitous ARP packets
app_testing_objects.RyuARPGratuitousFilter(),
actions=[ignore_action]),
app_testing_objects.PortPolicyRule(
# Ignore IPv6 packets
app_testing_objects.RyuIPv6Filter(),
actions=[ignore_action]),
]
raise_action = app_testing_objects.RaiseAction("Unexpected packet")
policy = app_testing_objects.PortPolicy(rules=rules,
default_action=raise_action)
return {key: policy}