blob: e25dfd43cde4c8f2975d3e9e179cbb5217e41e6d [file] [log] [blame]
Matteo Scandolo48d3d2d2017-08-08 13:05:27 -07001
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -070017#
18# Copyright 2016-present Ciena Corporation
19#
20# Licensed under the Apache License, Version 2.0 (the "License");
21# you may not use this file except in compliance with the License.
22# You may obtain a copy of the License at
23#
24# http://www.apache.org/licenses/LICENSE-2.0
25#
26# Unless required by applicable law or agreed to in writing, software
27# distributed under the License is distributed on an "AS IS" BASIS,
28# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
29# See the License for the specific language governing permissions and
30# limitations under the License.
31#
32import unittest
33from nose.tools import *
34from scapy.all import *
A.R Karthickbe7768c2017-03-17 11:39:41 -070035from OnosCtrl import OnosCtrl
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -070036from OltConfig import OltConfig
37from OnosFlowCtrl import OnosFlowCtrl
38from onosclidriver import OnosCliDriver
39from CordContainer import Container, Onos
40from portmaps import g_subscriber_port_map
41from CordTestServer import cord_test_onos_restart
42from ACL import ACLTest
A R Karthick9dc6e922017-07-12 14:40:16 -070043from CordTestConfig import setup_module, teardown_module
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -070044import threading
45import time
46import os
47import json
48import pexpect
49log.setLevel('INFO')
50
51class acl_exchange(unittest.TestCase):
52
53 app = ('org.onosproject.acl')
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -070054 test_path = os.path.dirname(os.path.realpath(__file__))
55 onos_config_path = os.path.join(test_path, '..', 'setup/onos-config')
56 GATEWAY = '192.168.10.50'
57 INGRESS_PORT = 1
58 EGRESS_PORT = 2
59 ingress_iface = 1
60 egress_iface = 2
61 MAX_PORTS = 100
A.R Karthickbe7768c2017-03-17 11:39:41 -070062 CURRENT_PORT_NUM = egress_iface
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -070063 ACL_SRC_IP = '192.168.20.3/32'
64 ACL_DST_IP = '192.168.30.2/32'
65 ACL_SRC_IP_RULE_2 = '192.168.40.3/32'
66 ACL_DST_IP_RULE_2 = '192.168.50.2/32'
67 ACL_SRC_IP_PREFIX_24 = '192.168.20.3/24'
68 ACL_DST_IP_PREFIX_24 = '192.168.30.2/24'
69 HOST_DST_IP = '192.168.30.0/24'
70 HOST_DST_IP_RULE_2 = '192.168.50.0/24'
71
72 @classmethod
73 def setUpClass(cls):
74 cls.olt = OltConfig()
75 cls.port_map,_ = cls.olt.olt_port_map()
76 if not cls.port_map:
77 cls.port_map = g_subscriber_port_map
78 time.sleep(3)
79 log.info('port_map = %s'%cls.port_map[1] )
80
81 @classmethod
82 def tearDownClass(cls):
83 '''Deactivate the acl app'''
84
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -070085 def setUp(self):
86 ''' Activate the acl app'''
87 self.maxDiff = None ##for assert_equal compare outputs on failure
88 self.onos_ctrl = OnosCtrl(self.app)
89 status, _ = self.onos_ctrl.activate()
90 assert_equal(status, True)
91 time.sleep(3)
92 status, _ = ACLTest.remove_acl_rule()
93 log.info('Start setup')
94 assert_equal(status, True)
95
96 def tearDown(self):
97 '''Deactivate the acl app'''
98 log.info('Tear down setup')
A.R Karthickbe7768c2017-03-17 11:39:41 -070099 self.CURRENT_PORT_NUM = 4
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -0700100
101 def cliEnter(self):
102 retries = 0
103 while retries < 3:
104 self.cli = OnosCliDriver(connect = True)
105 if self.cli.handle:
106 break
107 else:
108 retries += 1
109 time.sleep(2)
110
111 def cliExit(self):
112 self.cli.disconnect()
113
114 @classmethod
115 def acl_hosts_add(cls, dstHostIpMac, egress_iface_count = 1, egress_iface_num = None):
116 index = 0
117 if egress_iface_num is None:
118 egress_iface_num = cls.egress_iface
119 for ip,_ in dstHostIpMac:
120 egress = cls.port_map[egress_iface_num]
121 log.info('Assigning ip %s to interface %s' %(ip, egress))
122 config_cmds_egress = ( 'ifconfig {} 0'.format(egress),
123 'ifconfig {0} up'.format(egress),
124 'ifconfig {0} {1}'.format(egress, ip),
125 'arping -I {0} {1} -c 2'.format(egress, ip.split('/')[0]),
126 'ifconfig {0}'.format(egress),
127 )
128 for cmd in config_cmds_egress:
129 os.system(cmd)
130 index += 1
131 if index == egress_iface_count:
132 break
133 egress_iface_count += 1
134 egress_iface_num += 1
A.R Karthickbe7768c2017-03-17 11:39:41 -0700135
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -0700136
137 @classmethod
138 def acl_hosts_remove(cls, egress_iface_count = 1, egress_iface_num = None):
139 if egress_iface_num is None:
A.R Karthickbe7768c2017-03-17 11:39:41 -0700140 egress_iface_num = cls.egress_iface
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -0700141 n = 0
142 for n in range(egress_iface_count):
143 egress = cls.port_map[egress_iface_num]
144 config_cmds_egress = ('ifconfig {} 0'.format(egress))
145 os.system(config_cmds_egress)
146 egress_iface_num += 1
147
148# @classmethod
149 def acl_rule_traffic_send_recv(self, srcMac, dstMac, srcIp, dstIp, ingress =None, egress=None, ip_proto=None, dstPortNum = None, positive_test = True):
150 if ingress is None:
151 ingress = self.ingress_iface
152 if egress is None:
153 egress = self.egress_iface
154 ingress = self.port_map[ingress]
155 egress = self.port_map[egress]
156 self.success = False if positive_test else True
157 timeout = 10 if positive_test else 1
158 count = 2 if positive_test else 1
159 self.start_sending = True
160 def recv_task():
161 def recv_cb(pkt):
162 log.info('Pkt seen with ingress ip %s, egress ip %s' %(pkt[IP].src, pkt[IP].dst))
163 self.success = True if positive_test else False
164 sniff(count=count, timeout=timeout,
165 lfilter = lambda p: IP in p and p[IP].dst == dstIp.split('/')[0] and p[IP].src == srcIp.split('/')[0],
166 prn = recv_cb, iface = egress)
167 self.start_sending = False
168
169 t = threading.Thread(target = recv_task)
170 t.start()
171 L2 = Ether(src = srcMac, dst = dstMac)
172 L3 = IP(src = srcIp.split('/')[0], dst = dstIp.split('/')[0])
173 pkt = L2/L3
174 log.info('Sending a packet with dst ip %s, src ip %s , dst mac %s src mac %s on port %s to verify if flows are correct' %
175 (dstIp.split('/')[0], srcIp.split('/')[0], dstMac, srcMac, ingress))
176 while self.start_sending is True:
177 sendp(pkt, count=50, iface = ingress)
178 t.join()
179 assert_equal(self.success, True)
180
181 @classmethod
182 def onos_load_config(cls, config):
183 status, code = OnosCtrl.config(config)
184 if status is False:
185 log.info('JSON request returned status %d' %code)
186 assert_equal(status, True)
187
188 def test_acl_allow_rule(self):
189 acl_rule = ACLTest()
190 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
191 if status is False:
192 log.info('JSON request returned status %d' %code)
193 assert_equal(status, True)
194 result = acl_rule.get_acl_rules()
195 aclRules1 = result.json()['aclRules']
196 log.info('Added ACL rules = %s' %result.json()['aclRules'])
197 acl_Id = map(lambda d: d['id'], aclRules1)
198 assert_equal(len(acl_Id), 1)
199
200 def test_acl_allow_rule_with_24_bit_mask(self):
201 acl_rule = ACLTest()
202 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_PREFIX_24, dstIp =self.ACL_DST_IP_PREFIX_24, action = 'allow')
203 if status is False:
204 log.info('JSON request returned status %d' %code)
205 assert_equal(status, True)
206 result = acl_rule.get_acl_rules()
207 aclRules1 = result.json()['aclRules']
208 log.info('Added ACL rules = %s' %result.json()['aclRules'])
209 acl_Id = map(lambda d: d['id'], aclRules1)
210 assert_equal(len(acl_Id), 1)
211
212 def test_acl_deny_rule(self):
213 acl_rule = ACLTest()
214 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
215 if status is False:
216 log.info('JSON request returned status %d' %code)
217 assert_equal(status, True)
218 result = acl_rule.get_acl_rules()
219 aclRules1 = result.json()['aclRules']
220 log.info('Added ACL rules = %s' %result.json()['aclRules'])
221 acl_Id = map(lambda d: d['id'], aclRules1)
222 assert_equal(len(acl_Id), 1)
223
224 def test_acl_deny_rule_with_24_bit_mask(self):
225 acl_rule = ACLTest()
226 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_PREFIX_24, dstIp =self.ACL_DST_IP_PREFIX_24, action = 'deny')
227 if status is False:
228 log.info('JSON request returned status %d' %code)
229 assert_equal(status, True)
230 result = acl_rule.get_acl_rules()
231 aclRules1 = result.json()['aclRules']
232 log.info('Added ACL rules = %s' %result.json()['aclRules'])
233 acl_Id = map(lambda d: d['id'], aclRules1)
234 assert_equal(len(acl_Id), 1)
235
236 def test_acl_add_remove_rule(self):
237 acl_rule = ACLTest()
238 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
239 if status is False:
240 log.info('JSON request returned status %d' %code)
241 assert_equal(status, True)
242 result = acl_rule.get_acl_rules()
243 aclRules1 = result.json()['aclRules']
244 log.info('Added ACL rules = %s' %result.json()['aclRules'])
245 acl_Id = map(lambda d: d['id'], aclRules1)
246 status, code = acl_rule.remove_acl_rule(acl_Id[0])
247 if status is False:
248 log.info('JSON request returned status %d' %code)
249 assert_equal(status, True)
250
251 def test_acl_add_remove_all_rules(self):
252 acl_rule = ACLTest()
253 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
254 status,code = acl_rule.adding_acl_rule('v4', srcIp='10.10.10.10/24', dstIp ='20.20.20.20/24', action = 'deny')
255 if status is False:
256 log.info('JSON request returned status %d' %code)
257 assert_equal(status, True)
258 result = acl_rule.get_acl_rules()
259 aclRules1 = result.json()['aclRules']
260 log.info('Added ACL rules = %s' %result.json()['aclRules'])
261 acl_Id = map(lambda d: d['id'], aclRules1)
262 status, _ = ACLTest.remove_acl_rule()
263 if status is False:
264 log.info('JSON request returned status %d' %code)
265 assert_equal(status, True)
A.R Karthickbe7768c2017-03-17 11:39:41 -0700266
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -0700267 def test_acl_remove_all_rules_without_add(self):
268 status, _ = ACLTest.remove_acl_rule()
269 if status is False:
270 log.info('JSON request returned status %d' %code)
271 assert_equal(status, True)
272
273 def test_acl_allow_and_deny_rule_for_same_src_and_dst_ip(self):
274 acl_rule = ACLTest()
275 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
276 if status is False:
277 log.info('JSON request returned status %d' %code)
278 assert_equal(status, True)
279 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
280 if status is False:
281 log.info('JSON request returned status %d' %code)
282 assert_equal(status, False)
283 result = acl_rule.get_acl_rules()
284 aclRules1 = result.json()['aclRules']
285 log.info('Added ACL rules = %s' %result.json()['aclRules'])
286 acl_Id = map(lambda d: d['id'], aclRules1)
287 assert_equal(len(acl_Id), 1)
288 status, _ = ACLTest.remove_acl_rule()
289 if status is False:
290 log.info('JSON request returned status %d' %code)
291 assert_equal(status, True)
A.R Karthickbe7768c2017-03-17 11:39:41 -0700292
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -0700293 def test_acl_allow_rules_for_matched_dst_ips(self):
294 acl_rule = ACLTest()
295 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp ='192.168.30.2/24', action = 'allow')
296 if status is False:
297 log.info('JSON request returned status %d' %code)
298 assert_equal(status, True)
299 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
300 if status is False:
301 log.info('JSON request returned status %d' %code)
302 assert_equal(status, False)
303 result = acl_rule.get_acl_rules()
304 aclRules1 = result.json()['aclRules']
305 log.info('Added ACL rules = %s' %result.json()['aclRules'])
306 acl_Id = map(lambda d: d['id'], aclRules1)
307 assert_equal(len(acl_Id), 1)
308 status, _ = ACLTest.remove_acl_rule()
309 if status is False:
310 log.info('JSON request returned status %d' %code)
311 assert_equal(status, True)
312
313 def test_acl_with_matching_src_and_dst_ip_traffic(self):
314 ingress = self.ingress_iface
315 egress = self.CURRENT_PORT_NUM
316 acl_rule = ACLTest()
317 status, code, host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
318 self.CURRENT_PORT_NUM += 1
319 time.sleep(5)
320 if status is False:
321 log.info('JSON request returned status %d' %code)
322 assert_equal(status, True)
323 srcMac = '00:00:00:00:00:11'
324 dstMac = host_ip_mac[0][1]
325 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
326 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
327 time.sleep(10)
328 if status is False:
329 log.info('JSON request returned status %d' %code)
330 assert_equal(status, True)
331 result = acl_rule.get_acl_rules()
332 aclRules1 = result.json()['aclRules']
333 acl_Id = map(lambda d: d['id'], aclRules1)
334 assert_equal(len(acl_Id), 1)
335 log.info('Added ACL rules = %s' %result.json()['aclRules'])
336 self.cliEnter()
337 ##Now verify
338 hosts = json.loads(self.cli.hosts(jsonFormat = True))
339 log.info('Discovered hosts: %s' %hosts)
340 flows = json.loads(self.cli.flows(jsonFormat = True))
341 flows = filter(lambda f: f['flows'], flows)
342 #log.info('Flows: %s' %flows)
343 assert_not_equal(len(flows), 0)
344 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP')
345 self.cliExit()
346 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
347
348 def test_acl_with_matching_24bit_mask_src_and_dst_ip_traffic(self):
349 ingress = self.ingress_iface
350 egress = self.CURRENT_PORT_NUM
351 acl_rule = ACLTest()
352 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
353 self.CURRENT_PORT_NUM += 1
354 time.sleep(5)
355 if status is False:
356 log.info('JSON request returned status %d' %code)
357 assert_equal(status, True)
358 srcMac = '00:00:00:00:00:11'
359 dstMac = host_ip_mac[0][1]
360 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
361 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_PREFIX_24, dstIp =self.ACL_DST_IP_PREFIX_24, action = 'allow')
362 time.sleep(10)
363 if status is False:
364 log.info('JSON request returned status %d' %code)
365 assert_equal(status, True)
366 result = acl_rule.get_acl_rules()
367 aclRules1 = result.json()['aclRules']
368 acl_Id = map(lambda d: d['id'], aclRules1)
369 assert_equal(len(acl_Id), 1)
370 log.info('Added ACL rules = %s' %result.json()['aclRules'])
371 self.cliEnter()
372 ##Now verify
373 hosts = json.loads(self.cli.hosts(jsonFormat = True))
374 log.info('Discovered hosts: %s' %hosts)
375 flows = json.loads(self.cli.flows(jsonFormat = True))
376 flows = filter(lambda f: f['flows'], flows)
377 #log.info('Flows: %s' %flows)
378 assert_not_equal(len(flows), 0)
379 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP, ingress =ingress, egress = egress, ip_proto = 'UDP')
380 self.cliExit()
381 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
382
383 def test_acl_with_non_matching_src_and_dst_ip_traffic(self):
384 ingress = self.ingress_iface
385 egress = self.CURRENT_PORT_NUM
386 acl_rule = ACLTest()
387 status, code, host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
388 self.CURRENT_PORT_NUM += 1
389 time.sleep(5)
390 if status is False:
391 log.info('JSON request returned status %d' %code)
392 assert_equal(status, True)
393 srcMac = '00:00:00:00:00:11'
394 dstMac = host_ip_mac[0][1]
395 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
396 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
397 time.sleep(10)
398 if status is False:
399 log.info('JSON request returned status %d' %code)
400 assert_equal(status, True)
401 result = acl_rule.get_acl_rules()
402 aclRules1 = result.json()['aclRules']
403 acl_Id = map(lambda d: d['id'], aclRules1)
404 assert_equal(len(acl_Id), 1)
405 log.info('Added ACL rules = %s' %result.json()['aclRules'])
406 self.cliEnter()
407 ##Now verify
408 hosts = json.loads(self.cli.hosts(jsonFormat = True))
409 log.info('Discovered hosts: %s' %hosts)
410 flows = json.loads(self.cli.flows(jsonFormat = True))
411 flows = filter(lambda f: f['flows'], flows)
412 #log.info('Flows: %s' %flows)
413 assert_not_equal(len(flows), 0)
414 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac, srcIp ='192.168.40.1/24', dstIp = self.ACL_DST_IP, ingress=ingress, egress = egress, ip_proto = 'UDP', positive_test = False )
415 self.cliExit()
416 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
417
418 def test_acl_deny_rule_with_matching_src_and_dst_ip_traffic(self):
419 ingress = self.ingress_iface
420 egress = self.CURRENT_PORT_NUM
421 acl_rule = ACLTest()
422 status, code, host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
423 self.CURRENT_PORT_NUM += 1
424 time.sleep(5)
425 if status is False:
426 log.info('JSON request returned status %d' %code)
427 assert_equal(status, True)
428 srcMac = '00:00:00:00:00:11'
429 dstMac = host_ip_mac[0][1]
430 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
431 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
432 time.sleep(10)
433 if status is False:
434 log.info('JSON request returned status %d' %code)
435 assert_equal(status, True)
436 result = acl_rule.get_acl_rules()
437 aclRules1 = result.json()['aclRules']
438 acl_Id = map(lambda d: d['id'], aclRules1)
439 assert_equal(len(acl_Id), 1)
440 log.info('Added ACL rules = %s' %result.json()['aclRules'])
441 self.cliEnter()
442 ##Now verify
443 hosts = json.loads(self.cli.hosts(jsonFormat = True))
444 log.info('Discovered hosts: %s' %hosts)
445 flows = json.loads(self.cli.flows(jsonFormat = True))
446 flows = filter(lambda f: f['flows'], flows)
447 #log.info('Flows: %s' %flows)
448 assert_not_equal(len(flows), 0)
449 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
450 self.cliExit()
451 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
452
453 def test_acl_deny_rule_with_src_and_dst_ip_applying_24_bit_mask_for_matching_traffic(self):
454 ingress = self.ingress_iface
455 egress = self.CURRENT_PORT_NUM
456 acl_rule = ACLTest()
457 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
458 self.CURRENT_PORT_NUM += 1
459 time.sleep(5)
460 if status is False:
461 log.info('JSON request returned status %d' %code)
462 assert_equal(status, True)
463 srcMac = '00:00:00:00:00:11'
464 dstMac = host_ip_mac[0][1]
465 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
466 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_PREFIX_24, dstIp =self.ACL_DST_IP_PREFIX_24, action = 'deny')
467 time.sleep(10)
468 if status is False:
469 log.info('JSON request returned status %d' %code)
470 assert_equal(status, True)
471 result = acl_rule.get_acl_rules()
472 aclRules1 = result.json()['aclRules']
473 acl_Id = map(lambda d: d['id'], aclRules1)
474 assert_equal(len(acl_Id), 1)
475 log.info('Added ACL rules = %s' %result.json()['aclRules'])
476 self.cliEnter()
477 ##Now verify
478 hosts = json.loads(self.cli.hosts(jsonFormat = True))
479 log.info('Discovered hosts: %s' %hosts)
480 flows = json.loads(self.cli.flows(jsonFormat = True))
481 flows = filter(lambda f: f['flows'], flows)
482 #log.info('Flows: %s' %flows)
483 assert_not_equal(len(flows), 0)
484 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_PREFIX_24, dstIp = self.ACL_DST_IP_PREFIX_24,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
485 self.cliExit()
486 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
487
488 def test_acl_deny_rule_with_non_matching_src_and_dst_ip_traffic(self):
489 ingress = self.ingress_iface
490 egress = self.CURRENT_PORT_NUM
491 acl_rule = ACLTest()
492 status, code, host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
493 self.CURRENT_PORT_NUM += 1
494 time.sleep(5)
495 if status is False:
496 log.info('JSON request returned status %d' %code)
497 assert_equal(status, True)
498 srcMac = '00:00:00:00:00:11'
499 dstMac = host_ip_mac[0][1]
500 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
501 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
502 time.sleep(10)
503 if status is False:
504 log.info('JSON request returned status %d' %code)
505 assert_equal(status, True)
506 result = acl_rule.get_acl_rules()
507 aclRules1 = result.json()['aclRules']
508 acl_Id = map(lambda d: d['id'], aclRules1)
509 assert_equal(len(acl_Id), 1)
510 log.info('Added ACL rules = %s' %result.json()['aclRules'])
511 self.cliEnter()
512 ##Now verify
513 hosts = json.loads(self.cli.hosts(jsonFormat = True))
514 log.info('Discovered hosts: %s' %hosts)
515 flows = json.loads(self.cli.flows(jsonFormat = True))
516 flows = filter(lambda f: f['flows'], flows)
517 #log.info('Flows: %s' %flows)
518 assert_not_equal(len(flows), 0)
519 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp ='192.168.40.1/24', dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
520 self.cliExit()
521 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
522
523 def test_acl_allow_and_deny_rules_with_matching_src_and_dst_ip_traffic(self):
524 ingress = self.ingress_iface
525 egress = self.CURRENT_PORT_NUM
526 acl_rule = ACLTest()
527 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
528 self.CURRENT_PORT_NUM += 1
529 time.sleep(5)
530 if status is False:
531 log.info('JSON request returned status %d' %code)
532 assert_equal(status, True)
533 srcMac = '00:00:00:00:00:11'
534 dstMac = host_ip_mac[0][1]
535 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
536 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
537 time.sleep(10)
538 if status is False:
539 log.info('JSON request returned status %d' %code)
540 assert_equal(status, True)
541 result = acl_rule.get_acl_rules()
542 aclRules1 = result.json()['aclRules']
543 acl_Id = map(lambda d: d['id'], aclRules1)
544 assert_equal(len(acl_Id), 1)
545 log.info('Added ACL rules = %s' %result.json()['aclRules'])
546 self.cliEnter()
547 ##Now verify
548 hosts = json.loads(self.cli.hosts(jsonFormat = True))
549 log.info('Discovered hosts: %s' %hosts)
550 flows = json.loads(self.cli.flows(jsonFormat = True))
551 flows = filter(lambda f: f['flows'], flows)
552 #log.info('Flows: %s' %flows)
553 assert_not_equal(len(flows), 0)
554 egress = self.CURRENT_PORT_NUM
555 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress ,ip_proto = 'UDP')
556 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
557 self.CURRENT_PORT_NUM += 1
558 time.sleep(5)
559 if status is False:
560 log.info('JSON request returned status %d' %code)
561 assert_equal(status, True)
562 dstMac = host_ip_mac[0][1]
563 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
564 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, action = 'deny')
565 time.sleep(10)
566 if status is False:
567 log.info('JSON request returned status %d' %code)
568 assert_equal(status, True)
569 result = acl_rule.get_acl_rules()
570 aclRules1 = result.json()['aclRules']
571 acl_Id = map(lambda d: d['id'], aclRules1)
572 assert_equal(len(acl_Id), 2)
573 log.info('Added ACL rules = %s' %result.json()['aclRules'])
574 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
575 ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
576 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, positive_test = False)
577 self.cliExit()
578 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
579
580 def test_acl_for_l4_acl_rule(self):
581 acl_rule = ACLTest()
582 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'allow')
583 if status is False:
584 log.info('JSON request returned status %d' %code)
585 assert_equal(status, True)
586 result = acl_rule.get_acl_rules()
587 aclRules1 = result.json()['aclRules']
588 log.info('Added ACL rules = %s' %result.json()['aclRules'])
589 acl_Id = map(lambda d: d['id'], aclRules1)
590 assert_equal(len(acl_Id), 1)
591
592 def test_acl_for_remove_l4_rule(self):
593 acl_rule = ACLTest()
594 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='245', action = 'allow')
595 if status is False:
596 log.info('JSON request returned status %d' %code)
597 assert_equal(status, True)
598 result = acl_rule.get_acl_rules()
599 aclRules1 = result.json()['aclRules']
600 log.info('Added ACL rules = %s' %result.json()['aclRules'])
601 acl_Id = map(lambda d: d['id'], aclRules1)
602 status, code = acl_rule.remove_acl_rule(acl_Id[0])
603 if status is False:
604 log.info('JSON request returned status %d' %code)
605 assert_equal(status, True)
606
607 def test_acl_for_remove_l4_rules(self):
608 acl_rule = ACLTest()
609 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='567', action = 'allow')
610 if status is False:
611 log.info('JSON request returned status %d' %code)
612 assert_equal(status, True)
613 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='245', action = 'deny')
614 if status is False:
615 log.info('JSON request returned status %d' %code)
616 assert_equal(status, True)
617 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='ICMP', dstTpPort ='1',action = 'allow')
618 if status is False:
619 log.info('JSON request returned status %d' %code)
620 assert_equal(status, True)
621 result = acl_rule.get_acl_rules()
622 aclRules1 = result.json()['aclRules']
623 log.info('Added ACL rules = %s' %result.json()['aclRules'])
624 acl_Id = map(lambda d: d['id'], aclRules1)
625 assert_equal(len(acl_Id), 3)
626 status, _ = ACLTest.remove_acl_rule()
627 if status is False:
628 log.info('JSON request returned status %d' %code)
629 assert_equal(status, True)
630
631 def test_acl_adding_specific_l4_and_all_l4_allow_rule(self):
632 acl_rule = ACLTest()
633 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'allow')
634 if status is False:
635 log.info('JSON request returned status %d' %code)
636 assert_equal(status, True)
637 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
638 if status is False:
639 log.info('JSON request returned status %d' %code)
640 assert_equal(status, True)
641 result = acl_rule.get_acl_rules()
642 aclRules1 = result.json()['aclRules']
643 log.info('Added ACL rules = %s' %result.json()['aclRules'])
644 acl_Id = map(lambda d: d['id'], aclRules1)
645 assert_equal(len(acl_Id), 2)
646
647 def test_acl_adding_all_l4_and_specific_l4_allow_rule(self):
648 acl_rule = ACLTest()
649 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
650 if status is False:
651 log.info('JSON request returned status %d' %code)
652 assert_equal(status, True)
653 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='345', action = 'allow')
654 if status is True:
655 log.info('JSON request returned status %d' %code)
656 assert_equal(status, True)
657 result = acl_rule.get_acl_rules()
658 aclRules1 = result.json()['aclRules']
659 log.info('Added ACL rules = %s' %result.json()['aclRules'])
660 acl_Id = map(lambda d: d['id'], aclRules1)
661 assert_equal(len(acl_Id), 1)
662
663 def test_acl_with_specific_l4_and_all_l4_deny_rule(self):
664 acl_rule = ACLTest()
665 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'deny')
666 if status is False:
667 log.info('JSON request returned status %d' %code)
668 assert_equal(status, True)
669 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
670 if status is False:
671 log.info('JSON request returned status %d' %code)
672 assert_equal(status, True)
673 result = acl_rule.get_acl_rules()
674 aclRules1 = result.json()['aclRules']
675 log.info('Added ACL rules = %s' %result.json()['aclRules'])
676 acl_Id = map(lambda d: d['id'], aclRules1)
677 assert_equal(len(acl_Id), 2)
678
679 def test_acl_with_all_l4_and_specific_l4_deny_rule(self):
680 acl_rule = ACLTest()
681 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
682 if status is False:
683 log.info('JSON request returned status %d' %code)
684 assert_equal(status, True)
685 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='345', action = 'deny')
686 if status is True:
687 log.info('JSON request returned status %d' %code)
688 assert_equal(status, True)
689 result = acl_rule.get_acl_rules()
690 aclRules1 = result.json()['aclRules']
691 log.info('Added ACL rules = %s' %result.json()['aclRules'])
692 acl_Id = map(lambda d: d['id'], aclRules1)
693 assert_equal(len(acl_Id), 1)
694
695 def test_acl_with_specific_l4_deny_and_all_l4_allow_rule(self):
696 acl_rule = ACLTest()
697 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'deny')
698 if status is False:
699 log.info('JSON request returned status %d' %code)
700 assert_equal(status, True)
701 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
702 if status is False:
703 log.info('JSON request returned status %d' %code)
704 assert_equal(status, True)
705 result = acl_rule.get_acl_rules()
706 aclRules1 = result.json()['aclRules']
707 log.info('Added ACL rules = %s' %result.json()['aclRules'])
708 acl_Id = map(lambda d: d['id'], aclRules1)
709 assert_equal(len(acl_Id), 2)
710
711 def test_acl_deny_all_l4_and_allow_specific_l4_rule(self):
712 acl_rule = ACLTest()
713 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
714 if status is False:
715 log.info('JSON request returned status %d' %code)
716 assert_equal(status, True)
717 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='345', action = 'allow')
718 if status is True:
719 log.info('JSON request returned status %d' %code)
720 assert_equal(status, True)
721 result = acl_rule.get_acl_rules()
722 aclRules1 = result.json()['aclRules']
723 log.info('Added ACL rules = %s' %result.json()['aclRules'])
724 acl_Id = map(lambda d: d['id'], aclRules1)
725 assert_equal(len(acl_Id), 1)
726
727 def test_acl_tcp_port_allow_rule_for_matching_and_non_matching_traffic(self):
728 ingress = self.ingress_iface
729 egress = self.CURRENT_PORT_NUM
730 acl_rule = ACLTest()
731 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
732 self.CURRENT_PORT_NUM += 1
733 time.sleep(5)
734 if status is False:
735 log.info('JSON request returned status %d' %code)
736 assert_equal(status, True)
737 srcMac = '00:00:00:00:00:11'
738 dstMac = host_ip_mac[0][1]
739 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
740 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'allow')
741 time.sleep(20)
742 if status is False:
743 log.info('JSON request returned status %d' %code)
744 assert_equal(status, True)
745 result = acl_rule.get_acl_rules()
746 aclRules1 = result.json()['aclRules']
747 acl_Id = map(lambda d: d['id'], aclRules1)
748 assert_equal(len(acl_Id), 1)
749 log.info('Added ACL Rules = %s' %result.json()['aclRules'])
750 self.cliEnter()
751 ##Now verify
752 hosts = json.loads(self.cli.hosts(jsonFormat = True))
753 log.info('Discovered hosts: %s' %hosts)
754 flows = json.loads(self.cli.flows(jsonFormat = True))
755 flows = filter(lambda f: f['flows'], flows)
756 #log.info('Flows: %s' %flows)
757 assert_not_equal(len(flows), 0)
758 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 222)
759 ## Non-matching traffic for TCP portocol testing
760 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 444, positive_test = False)
761 self.cliExit()
762 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
763
764 def test_acl_udp_port_allow_rule_for_matching_and_non_matching_traffic(self):
765 ingress = self.ingress_iface
766 egress = self.CURRENT_PORT_NUM
767 acl_rule = ACLTest()
768 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
769 self.CURRENT_PORT_NUM += 1
770 time.sleep(5)
771 if status is False:
772 log.info('JSON request returned status %d' %code)
773 assert_equal(status, True)
774 srcMac = '00:00:00:00:00:11'
775 dstMac = host_ip_mac[0][1]
776 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
777 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='456', action = 'allow')
778 time.sleep(20)
779 if status is False:
780 log.info('JSON request returned status %d' %code)
781 assert_equal(status, True)
782 result = acl_rule.get_acl_rules()
783 aclRules1 = result.json()['aclRules']
784 acl_Id = map(lambda d: d['id'], aclRules1)
785 assert_equal(len(acl_Id), 1)
786 log.info('Added ACL Rules = %s' %result.json()['aclRules'])
787 self.cliEnter()
788 ##Now verify
789 hosts = json.loads(self.cli.hosts(jsonFormat = True))
790 log.info('Discovered hosts: %s' %hosts)
791 flows = json.loads(self.cli.flows(jsonFormat = True))
792 flows = filter(lambda f: f['flows'], flows)
793 #log.info('Flows: %s' %flows)
794 assert_not_equal(len(flows), 0)
795 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 456)
796 ## Non-matching traffic for TCP portocol testing
797 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 654, positive_test = False)
798 self.cliExit()
799 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
800
801 def test_acl_icmp_port_allow_rule_for_matching_and_non_matching_traffic(self):
802 ingress = self.ingress_iface
803 egress = self.CURRENT_PORT_NUM
804 acl_rule = ACLTest()
805 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
806 self.CURRENT_PORT_NUM += 1
807 time.sleep(5)
808 if status is False:
809 log.info('JSON request returned status %d' %code)
810 assert_equal(status, True)
811 srcMac = '00:00:00:00:00:11'
812 dstMac = host_ip_mac[0][1]
813 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
814 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='ICMP', dstTpPort ='1', action = 'allow')
815 time.sleep(20)
816 if status is False:
817 log.info('JSON request returned status %d' %code)
818 assert_equal(status, True)
819 result = acl_rule.get_acl_rules()
820 aclRules1 = result.json()['aclRules']
821 acl_Id = map(lambda d: d['id'], aclRules1)
822 assert_equal(len(acl_Id), 1)
823 log.info('Added ACL Rules = %s' %result.json()['aclRules'])
824 self.cliEnter()
825 ##Now verify
826 hosts = json.loads(self.cli.hosts(jsonFormat = True))
827 log.info('Discovered hosts: %s' %hosts)
828 flows = json.loads(self.cli.flows(jsonFormat = True))
829 flows = filter(lambda f: f['flows'], flows)
830 #log.info('Flows: %s' %flows)
831 assert_not_equal(len(flows), 0)
832 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'ICMP', dstPortNum = 1)
833 ## Non-matching traffic for TCP portocol testing
834 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'ICMP', dstPortNum = 2, positive_test = False)
835 self.cliExit()
836 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
837
838 def test_acl_tcp_port_deny_rule_for_matching_and_non_matching_traffic(self):
839 ingress = self.ingress_iface
840 egress = self.CURRENT_PORT_NUM
841 acl_rule = ACLTest()
842 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
843 self.CURRENT_PORT_NUM += 1
844 time.sleep(5)
845 if status is False:
846 log.info('JSON request returned status %d' %code)
847 assert_equal(status, True)
848 srcMac = '00:00:00:00:00:11'
849 dstMac = host_ip_mac[0][1]
850 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
851 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'deny')
852 time.sleep(20)
853 if status is False:
854 log.info('JSON request returned status %d' %code)
855 assert_equal(status, True)
856 result = acl_rule.get_acl_rules()
857 aclRules1 = result.json()['aclRules']
858 acl_Id = map(lambda d: d['id'], aclRules1)
859 assert_equal(len(acl_Id), 1)
860 log.info('Added ACL Rules = %s' %result.json()['aclRules'])
861 self.cliEnter()
862 ##Now verify
863 hosts = json.loads(self.cli.hosts(jsonFormat = True))
864 log.info('Discovered hosts: %s' %hosts)
865 flows = json.loads(self.cli.flows(jsonFormat = True))
866 flows = filter(lambda f: f['flows'], flows)
867 #log.info('Flows: %s' %flows)
868 assert_not_equal(len(flows), 0)
869 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 222, positive_test = False)
870 ## Non-matching traffic for TCP portocol testing
871 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 444, positive_test = False)
872 self.cliExit()
873 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
874
875 def test_acl_udp_port_deny_rule_for_matching_and_non_matching_traffic(self):
876 ingress = self.ingress_iface
877 egress = self.CURRENT_PORT_NUM
878 acl_rule = ACLTest()
879 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
880 self.CURRENT_PORT_NUM += 1
881 time.sleep(5)
882 if status is False:
883 log.info('JSON request returned status %d' %code)
884 assert_equal(status, True)
885 srcMac = '00:00:00:00:00:11'
886 dstMac = host_ip_mac[0][1]
887 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
888 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='654', action = 'deny')
889 time.sleep(20)
890 if status is False:
891 log.info('JSON request returned status %d' %code)
892 assert_equal(status, True)
893 result = acl_rule.get_acl_rules()
894 aclRules1 = result.json()['aclRules']
895 acl_Id = map(lambda d: d['id'], aclRules1)
896 assert_equal(len(acl_Id), 1)
897 log.info('Added ACL Rules = %s' %result.json()['aclRules'])
898 self.cliEnter()
899 ##Now verify
900 hosts = json.loads(self.cli.hosts(jsonFormat = True))
901 log.info('Discovered hosts: %s' %hosts)
902 flows = json.loads(self.cli.flows(jsonFormat = True))
903 flows = filter(lambda f: f['flows'], flows)
904 #log.info('Flows: %s' %flows)
905 assert_not_equal(len(flows), 0)
906 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 654, positive_test = False)
907 ## Non-matching traffic for TCP portocol testing
908 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 444, positive_test = False)
909 self.cliExit()
910 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
911
912 def test_acl_icmp_port_deny_rule_for_matching_and_non_matching_traffic(self):
913 ingress = self.ingress_iface
914 egress = self.CURRENT_PORT_NUM
915 acl_rule = ACLTest()
916 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
917 self.CURRENT_PORT_NUM += 1
918 time.sleep(5)
919 if status is False:
920 log.info('JSON request returned status %d' %code)
921 assert_equal(status, True)
922 srcMac = '00:00:00:00:00:11'
923 dstMac = host_ip_mac[0][1]
924 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
925 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='ICMP', dstTpPort ='1', action = 'deny')
926 time.sleep(20)
927 if status is False:
928 log.info('JSON request returned status %d' %code)
929 assert_equal(status, True)
930 result = acl_rule.get_acl_rules()
931 aclRules1 = result.json()['aclRules']
932 acl_Id = map(lambda d: d['id'], aclRules1)
933 assert_equal(len(acl_Id), 1)
934 log.info('Added ACL Rules = %s' %result.json()['aclRules'])
935 self.cliEnter()
936 ##Now verify
937 hosts = json.loads(self.cli.hosts(jsonFormat = True))
938 log.info('Discovered hosts: %s' %hosts)
939 flows = json.loads(self.cli.flows(jsonFormat = True))
940 flows = filter(lambda f: f['flows'], flows)
941 #log.info('Flows: %s' %flows)
942 assert_not_equal(len(flows), 0)
943 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'ICMP', dstPortNum = 1, positive_test = False)
944 ## Non-matching traffic for TCP portocol testing
945 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'ICMP', dstPortNum = 2, positive_test = False)
946 self.cliExit()
947 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
948
949 def test_acl_two_allow_rules_for_tcp_port_matching_traffic(self):
950 ingress = self.ingress_iface
951 egress = self.CURRENT_PORT_NUM
952 acl_rule = ACLTest()
953 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
954 self.CURRENT_PORT_NUM += 1
955 time.sleep(5)
956 if status is False:
957 log.info('JSON request returned status %d' %code)
958 assert_equal(status, True)
959 srcMac = '00:00:00:00:00:11'
960 dstMac = host_ip_mac[0][1]
961 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
962 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'allow')
963 time.sleep(10)
964 if status is False:
965 log.info('JSON request returned status %d' %code)
966 assert_equal(status, True)
967 result = acl_rule.get_acl_rules()
968 aclRules1 = result.json()['aclRules']
969 acl_Id = map(lambda d: d['id'], aclRules1)
970 assert_equal(len(acl_Id), 1)
971 log.info('Added ACL rules = %s' %result.json()['aclRules'])
972 self.cliEnter()
973 ##Now verify
974 hosts = json.loads(self.cli.hosts(jsonFormat = True))
975 log.info('Discovered hosts: %s' %hosts)
976 flows = json.loads(self.cli.flows(jsonFormat = True))
977 flows = filter(lambda f: f['flows'], flows)
978 #log.info('Flows: %s' %flows)
979 assert_not_equal(len(flows), 0)
980 egress = self.CURRENT_PORT_NUM
981 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 222)
982 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
983 self.CURRENT_PORT_NUM += 1
984 time.sleep(5)
985 if status is False:
986 log.info('JSON request returned status %d' %code)
987 assert_equal(status, True)
988 dstMac = host_ip_mac[0][1]
989 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
990 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, ipProto ='TCP', dstTpPort ='345', action = 'allow')
991 time.sleep(10)
992 if status is False:
993 log.info('JSON request returned status %d' %code)
994 assert_equal(status, True)
995 result = acl_rule.get_acl_rules()
996 aclRules1 = result.json()['aclRules']
997 acl_Id = map(lambda d: d['id'], aclRules1)
998 assert_equal(len(acl_Id), 2)
999 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 345)
1000 ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
1001 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 222, positive_test = False)
1002 self.cliExit()
1003 self.acl_hosts_remove(egress_iface_count = 2, egress_iface_num = egress-1)
1004
1005 def test_acl_two_allow_rules_for_udp_ports_matching_traffic(self):
1006 ingress = self.ingress_iface
1007 egress = self.CURRENT_PORT_NUM
1008 acl_rule = ACLTest()
1009 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
1010 self.CURRENT_PORT_NUM += 1
1011 time.sleep(5)
1012 if status is False:
1013 log.info('JSON request returned status %d' %code)
1014 assert_equal(status, True)
1015 srcMac = '00:00:00:00:00:11'
1016 dstMac = host_ip_mac[0][1]
1017 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
1018 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='987', action = 'allow')
1019 time.sleep(10)
1020 if status is False:
1021 log.info('JSON request returned status %d' %code)
1022 assert_equal(status, True)
1023 result = acl_rule.get_acl_rules()
1024 aclRules1 = result.json()['aclRules']
1025 acl_Id = map(lambda d: d['id'], aclRules1)
1026 assert_equal(len(acl_Id), 1)
1027 log.info('Added ACL rules = %s' %result.json()['aclRules'])
1028 self.cliEnter()
1029 ##Now verify
1030 hosts = json.loads(self.cli.hosts(jsonFormat = True))
1031 log.info('Discovered hosts: %s' %hosts)
1032 flows = json.loads(self.cli.flows(jsonFormat = True))
1033 flows = filter(lambda f: f['flows'], flows)
1034 #log.info('Flows: %s' %flows)
1035 assert_not_equal(len(flows), 0)
1036 egress = self.CURRENT_PORT_NUM
1037 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 987)
1038 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
1039 self.CURRENT_PORT_NUM += 1
1040 time.sleep(5)
1041 if status is False:
1042 log.info('JSON request returned status %d' %code)
1043 assert_equal(status, True)
1044 dstMac = host_ip_mac[0][1]
1045 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
1046 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, ipProto ='TCP', dstTpPort ='345', action = 'allow')
1047 time.sleep(10)
1048 if status is False:
1049 log.info('JSON request returned status %d' %code)
1050 assert_equal(status, True)
1051 result = acl_rule.get_acl_rules()
1052 aclRules1 = result.json()['aclRules']
1053 acl_Id = map(lambda d: d['id'], aclRules1)
1054 assert_equal(len(acl_Id), 2)
1055 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 345)
1056 ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
1057 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 987, positive_test = False)
1058 self.cliExit()
1059 self.acl_hosts_remove(egress_iface_count = 2, egress_iface_num = egress-1)
1060
1061 def test_acl_two_allow_rules_for_src_ips_dst_ips_and_l4_ports_matching_traffic(self):
1062 ingress = self.ingress_iface
1063 egress = self.CURRENT_PORT_NUM
1064 acl_rule = ACLTest()
1065 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
1066 self.CURRENT_PORT_NUM += 1
1067 time.sleep(5)
1068 if status is False:
1069 log.info('JSON request returned status %d' %code)
1070 assert_equal(status, True)
1071 srcMac = '00:00:00:00:00:11'
1072 dstMac = host_ip_mac[0][1]
1073 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
1074 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
1075 time.sleep(10)
1076 if status is False:
1077 log.info('JSON request returned status %d' %code)
1078 assert_equal(status, True)
1079 result = acl_rule.get_acl_rules()
1080 aclRules1 = result.json()['aclRules']
1081 acl_Id = map(lambda d: d['id'], aclRules1)
1082 assert_equal(len(acl_Id), 1)
1083 log.info('Added ACL rules = %s' %result.json()['aclRules'])
1084 self.cliEnter()
1085 ##Now verify
1086 hosts = json.loads(self.cli.hosts(jsonFormat = True))
1087 log.info('Discovered hosts: %s' %hosts)
1088 flows = json.loads(self.cli.flows(jsonFormat = True))
1089 flows = filter(lambda f: f['flows'], flows)
1090 #log.info('Flows: %s' %flows)
1091 assert_not_equal(len(flows), 0)
1092 egress = self.CURRENT_PORT_NUM
1093 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP')
1094 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
1095 self.CURRENT_PORT_NUM += 1
1096 time.sleep(5)
1097 if status is False:
1098 log.info('JSON request returned status %d' %code)
1099 assert_equal(status, True)
1100 dstMac = host_ip_mac[0][1]
1101 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
1102 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, ipProto ='TCP', dstTpPort ='345', action = 'allow')
1103 time.sleep(10)
1104 if status is False:
1105 log.info('JSON request returned status %d' %code)
1106 assert_equal(status, True)
1107 result = acl_rule.get_acl_rules()
1108 aclRules1 = result.json()['aclRules']
1109 acl_Id = map(lambda d: d['id'], aclRules1)
1110 assert_equal(len(acl_Id), 2)
1111 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 345)
1112 ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
1113 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 987, positive_test = False)
1114 self.cliExit()
1115 self.acl_hosts_remove(egress_iface_count = 2, egress_iface_num = egress-1)
1116
1117 def test_acl_allow_and_deny_rules_for_src_ips_dst_ips_and_l4_ports_matching_traffic(self):
1118 ingress = self.ingress_iface
1119 egress = self.CURRENT_PORT_NUM
1120 acl_rule = ACLTest()
1121 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
1122 self.CURRENT_PORT_NUM += 1
1123 time.sleep(5)
1124 if status is False:
1125 log.info('JSON request returned status %d' %code)
1126 assert_equal(status, True)
1127 srcMac = '00:00:00:00:00:11'
1128 dstMac = host_ip_mac[0][1]
1129 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
1130 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
1131 time.sleep(10)
1132 if status is False:
1133 log.info('JSON request returned status %d' %code)
1134 assert_equal(status, True)
1135 result = acl_rule.get_acl_rules()
1136 aclRules1 = result.json()['aclRules']
1137 acl_Id = map(lambda d: d['id'], aclRules1)
1138 assert_equal(len(acl_Id), 1)
1139 log.info('Added ACL rules = %s' %result.json()['aclRules'])
1140 self.cliEnter()
1141 ##Now verify
1142 hosts = json.loads(self.cli.hosts(jsonFormat = True))
1143 log.info('Discovered hosts: %s' %hosts)
1144 flows = json.loads(self.cli.flows(jsonFormat = True))
1145 flows = filter(lambda f: f['flows'], flows)
1146 #log.info('Flows: %s' %flows)
1147 assert_not_equal(len(flows), 0)
1148 egress = self.CURRENT_PORT_NUM
1149 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
1150 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
1151 self.CURRENT_PORT_NUM += 1
1152 time.sleep(5)
1153 if status is False:
1154 log.info('JSON request returned status %d' %code)
1155 assert_equal(status, True)
1156 dstMac = host_ip_mac[0][1]
1157 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
1158 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, ipProto ='UDP', dstTpPort ='345', action = 'allow')
1159 time.sleep(10)
1160 if status is False:
1161 log.info('JSON request returned status %d' %code)
1162 assert_equal(status, True)
1163 result = acl_rule.get_acl_rules()
1164 aclRules1 = result.json()['aclRules']
1165 acl_Id = map(lambda d: d['id'], aclRules1)
1166 assert_equal(len(acl_Id), 2)
1167 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 345)
1168 ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
1169 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 987, positive_test = False)
1170 self.cliExit()
1171 self.acl_hosts_remove(egress_iface_count = 2, egress_iface_num = egress-1)