ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 1 | # |
| 2 | # Copyright 2016-present Ciena Corporation |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | # you may not use this file except in compliance with the License. |
| 6 | # You may obtain a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | # See the License for the specific language governing permissions and |
| 14 | # limitations under the License. |
| 15 | # |
| 16 | import json |
| 17 | import requests |
| 18 | import os,sys,time |
A.R Karthick | 2e99c47 | 2017-03-22 19:13:51 -0700 | [diff] [blame] | 19 | import logging |
| 20 | logging.getLogger('scapy.runtime').setLevel(logging.ERROR) |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 21 | from scapy.all import * |
A.R Karthick | be7768c | 2017-03-17 11:39:41 -0700 | [diff] [blame] | 22 | from CordTestUtils import get_mac, get_controller |
| 23 | from OnosCtrl import OnosCtrl |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 24 | from OnosFlowCtrl import OnosFlowCtrl |
ChetanGaonker | 689b386 | 2016-10-17 16:25:01 -0700 | [diff] [blame] | 25 | log.setLevel('INFO') |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 26 | |
| 27 | conf.verb = 0 # Disable Scapy verbosity |
| 28 | conf.checkIPaddr = 0 # Don't check response packets for matching destination IPs |
| 29 | |
| 30 | class ACLTest: |
| 31 | |
| 32 | auth = ('karaf', 'karaf') |
A R Karthick | 456e9cf | 2016-10-03 14:37:44 -0700 | [diff] [blame] | 33 | controller = get_controller() |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 34 | add_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules' %(controller) |
| 35 | remove_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules/%s' %(controller, id) |
| 36 | clear_all_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules' %(controller) |
| 37 | iface_create_onos_url = 'http://%s:8181/onos/v1/network/configuration' %(controller) |
A R Karthick | a337f4d | 2016-10-06 13:53:15 -0700 | [diff] [blame] | 38 | device_id = 'of:' + get_mac() |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 39 | MAX_PORTS = 100 |
| 40 | |
| 41 | def __init__(self, ipv4Prefix ='v4', srcIp ='null', dstIp ='null', ipProto = 'null', dstTpPort = 0, action = 'null', ingress_iface = 1, egress_iface = 2,iface_num = 0, iface_name = 'null', iface_count = 0, iface_ip = 'null'): |
| 42 | self.ipv4Prefix = ipv4Prefix |
| 43 | self.srcIp = srcIp |
| 44 | self.ingress_iface = ingress_iface |
| 45 | self.egress_iface = egress_iface |
| 46 | self.dstIp = dstIp |
| 47 | self.ipProto = ipProto |
| 48 | self.dstTpPort = dstTpPort |
| 49 | self.action = action |
| 50 | self.iface_count = iface_count |
| 51 | self.iface_num = iface_num |
| 52 | self.iface_name = iface_name |
| 53 | self.iface_ip = iface_ip |
A R Karthick | a337f4d | 2016-10-06 13:53:15 -0700 | [diff] [blame] | 54 | self.device_id = OnosCtrl.get_device_id() |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 55 | |
ChetanGaonker | 689b386 | 2016-10-17 16:25:01 -0700 | [diff] [blame] | 56 | def adding_acl_rule(self, ipv4Prefix, srcIp, dstIp, ipProto ='null', dstTpPort='null', action= 'include',controller=None): |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 57 | '''This function is generating ACL json file and post to ONOS for creating a ACL rule''' |
| 58 | if ipv4Prefix is 'v4': |
A R Karthick | 2b93d6a | 2016-09-06 15:19:09 -0700 | [diff] [blame] | 59 | acl_dict = {} |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 60 | if srcIp and dstIp and action: |
| 61 | acl_dict['srcIp'] = '{}'.format(srcIp) |
| 62 | acl_dict['dstIp'] = '{}'.format(dstIp) |
| 63 | acl_dict['action'] = '{}'.format(action) |
| 64 | if ipProto is not 'null': |
| 65 | acl_dict['ipProto'] = '{}'.format(ipProto) |
| 66 | if dstTpPort is not 'null': |
| 67 | acl_dict['dstTpPort'] = '{}'.format(dstTpPort) |
| 68 | json_data = json.dumps(acl_dict) |
ChetanGaonker | 689b386 | 2016-10-17 16:25:01 -0700 | [diff] [blame] | 69 | if controller is None: |
| 70 | # if controller ip is not passed, it will default controller ip |
| 71 | resp = requests.post(self.add_acl_rule_url, auth = self.auth, data = json_data) |
| 72 | else: |
| 73 | add_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules' %(controller) |
| 74 | log.info('add_acl_rule_acl url is %s'%add_acl_rule_url) |
| 75 | resp = requests.post(add_acl_rule_url, auth = self.auth, data = json_data) |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 76 | return resp.ok, resp.status_code |
| 77 | |
ChetanGaonker | 689b386 | 2016-10-17 16:25:01 -0700 | [diff] [blame] | 78 | def get_acl_rules(self,controller=None): |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 79 | '''This function is getting a ACL rules from ONOS with json formate''' |
ChetanGaonker | 689b386 | 2016-10-17 16:25:01 -0700 | [diff] [blame] | 80 | if controller is None: |
| 81 | resp = requests.get(self.add_acl_rule_url, auth = self.auth) |
| 82 | else: |
| 83 | add_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules' %(controller) |
| 84 | log.info('get_acl_rule_url is %s'%add_acl_rule_url) |
| 85 | resp = requests.get(add_acl_rule_url, auth = self.auth) |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 86 | return resp |
| 87 | |
| 88 | @classmethod |
ChetanGaonker | 689b386 | 2016-10-17 16:25:01 -0700 | [diff] [blame] | 89 | def remove_acl_rule(cls,id = None,controller=None): |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 90 | '''This function is delete one or all ACL rules in ONOS''' |
| 91 | if id is None: |
ChetanGaonker | 689b386 | 2016-10-17 16:25:01 -0700 | [diff] [blame] | 92 | if controller is None: |
| 93 | remove_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules' %(cls.controller) |
| 94 | else: |
| 95 | remove_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules' %(controller) |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 96 | else: |
ChetanGaonker | 689b386 | 2016-10-17 16:25:01 -0700 | [diff] [blame] | 97 | if controller is None: |
| 98 | remove_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules/%s' %(cls.controller, id) |
| 99 | else: |
| 100 | remove_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules/%s' %(controller, id) |
| 101 | log.info('remove_acl_rule_url is %s'%remove_acl_rule_url) |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 102 | resp = requests.delete(remove_acl_rule_url, auth = cls.auth) |
| 103 | return resp.ok, resp.status_code |
A R Karthick | 2b93d6a | 2016-09-06 15:19:09 -0700 | [diff] [blame] | 104 | |
ChetanGaonker | f0dd5bb | 2016-07-28 16:22:06 -0700 | [diff] [blame] | 105 | def generate_onos_interface_config(self,iface_num = 4, iface_name = 'null',iface_count = 1,iface_ip = '198.162.10.1'): |
| 106 | '''This function is generate interface config data in json format and post to ONOS for creating it ''' |
| 107 | ''' To add interfaces on ONOS to test acl with trffic''' |
| 108 | num = 0 |
| 109 | egress_host_list = [] |
| 110 | interface_list = [] |
| 111 | ip = iface_ip.split('/')[0] |
| 112 | start_iface_ip = ip.split('.') |
| 113 | start_ip = ( int(start_iface_ip[0]) << 24) | ( int(start_iface_ip[1]) << 16) | ( int(start_iface_ip[2]) << 8) | 0 |
| 114 | end_ip = ( 200 << 24 ) | (168 << 16) | (10 << 8) | 0 |
| 115 | ports_dict = { 'ports' : {} } |
| 116 | for n in xrange(start_ip, end_ip, 256): |
| 117 | port_map = ports_dict['ports'] |
| 118 | port = iface_num if num < self.MAX_PORTS - 1 else self.MAX_PORTS - 1 |
| 119 | device_port_key = '{0}/{1}'.format(self.device_id, port) |
| 120 | try: |
| 121 | interfaces = port_map[device_port_key]['interfaces'] |
| 122 | except: |
| 123 | port_map[device_port_key] = { 'interfaces' : [] } |
| 124 | interfaces = port_map[device_port_key]['interfaces'] |
| 125 | ip = n + 2 |
| 126 | peer_ip = n + 1 |
| 127 | ips = '%d.%d.%d.%d/%d'%( (ip >> 24) & 0xff, ( (ip >> 16) & 0xff ), ( (ip >> 8 ) & 0xff ), ip & 0xff, int(iface_ip.split('/')[1])) |
| 128 | peer = '%d.%d.%d.%d' % ( (peer_ip >> 24) & 0xff, ( ( peer_ip >> 16) & 0xff ), ( (peer_ip >> 8 ) & 0xff ), peer_ip & 0xff ) |
| 129 | mac = RandMAC()._fix() |
| 130 | egress_host_list.append((peer, mac)) |
| 131 | if num < self.MAX_PORTS - 1: |
| 132 | interface_dict = { 'name' : '{0}-{1}'.format(iface_name,port), 'ips': [ips], 'mac' : mac } |
| 133 | interfaces.append(interface_dict) |
| 134 | interface_list.append(interface_dict['name']) |
| 135 | else: |
| 136 | interfaces[0]['ips'].append(ips) |
| 137 | num += 1 |
| 138 | if num == iface_count: |
| 139 | break |
| 140 | json_data = json.dumps(ports_dict) |
| 141 | resp = requests.post(self.iface_create_onos_url, auth = self.auth, data = json_data) |
| 142 | return resp.ok, resp.status_code, egress_host_list |