blob: fdc6b1d6f4ac52a9160f1ce463a27d2b439db174 [file] [log] [blame]
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -07001#
2# Copyright 2016-present Ciena Corporation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16import unittest
17from nose.tools import *
18from scapy.all import *
A.R Karthickbe7768c2017-03-17 11:39:41 -070019from OnosCtrl import OnosCtrl
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -070020from OltConfig import OltConfig
21from OnosFlowCtrl import OnosFlowCtrl
22from onosclidriver import OnosCliDriver
23from CordContainer import Container, Onos
24from portmaps import g_subscriber_port_map
25from CordTestServer import cord_test_onos_restart
26from ACL import ACLTest
A R Karthick9dc6e922017-07-12 14:40:16 -070027from CordTestConfig import setup_module, teardown_module
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -070028import threading
29import time
30import os
31import json
32import pexpect
33log.setLevel('INFO')
34
35class acl_exchange(unittest.TestCase):
36
37 app = ('org.onosproject.acl')
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -070038 test_path = os.path.dirname(os.path.realpath(__file__))
39 onos_config_path = os.path.join(test_path, '..', 'setup/onos-config')
40 GATEWAY = '192.168.10.50'
41 INGRESS_PORT = 1
42 EGRESS_PORT = 2
43 ingress_iface = 1
44 egress_iface = 2
45 MAX_PORTS = 100
A.R Karthickbe7768c2017-03-17 11:39:41 -070046 CURRENT_PORT_NUM = egress_iface
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -070047 ACL_SRC_IP = '192.168.20.3/32'
48 ACL_DST_IP = '192.168.30.2/32'
49 ACL_SRC_IP_RULE_2 = '192.168.40.3/32'
50 ACL_DST_IP_RULE_2 = '192.168.50.2/32'
51 ACL_SRC_IP_PREFIX_24 = '192.168.20.3/24'
52 ACL_DST_IP_PREFIX_24 = '192.168.30.2/24'
53 HOST_DST_IP = '192.168.30.0/24'
54 HOST_DST_IP_RULE_2 = '192.168.50.0/24'
55
56 @classmethod
57 def setUpClass(cls):
58 cls.olt = OltConfig()
59 cls.port_map,_ = cls.olt.olt_port_map()
60 if not cls.port_map:
61 cls.port_map = g_subscriber_port_map
62 time.sleep(3)
63 log.info('port_map = %s'%cls.port_map[1] )
64
65 @classmethod
66 def tearDownClass(cls):
67 '''Deactivate the acl app'''
68
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -070069 def setUp(self):
70 ''' Activate the acl app'''
71 self.maxDiff = None ##for assert_equal compare outputs on failure
72 self.onos_ctrl = OnosCtrl(self.app)
73 status, _ = self.onos_ctrl.activate()
74 assert_equal(status, True)
75 time.sleep(3)
76 status, _ = ACLTest.remove_acl_rule()
77 log.info('Start setup')
78 assert_equal(status, True)
79
80 def tearDown(self):
81 '''Deactivate the acl app'''
82 log.info('Tear down setup')
A.R Karthickbe7768c2017-03-17 11:39:41 -070083 self.CURRENT_PORT_NUM = 4
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -070084
85 def cliEnter(self):
86 retries = 0
87 while retries < 3:
88 self.cli = OnosCliDriver(connect = True)
89 if self.cli.handle:
90 break
91 else:
92 retries += 1
93 time.sleep(2)
94
95 def cliExit(self):
96 self.cli.disconnect()
97
98 @classmethod
99 def acl_hosts_add(cls, dstHostIpMac, egress_iface_count = 1, egress_iface_num = None):
100 index = 0
101 if egress_iface_num is None:
102 egress_iface_num = cls.egress_iface
103 for ip,_ in dstHostIpMac:
104 egress = cls.port_map[egress_iface_num]
105 log.info('Assigning ip %s to interface %s' %(ip, egress))
106 config_cmds_egress = ( 'ifconfig {} 0'.format(egress),
107 'ifconfig {0} up'.format(egress),
108 'ifconfig {0} {1}'.format(egress, ip),
109 'arping -I {0} {1} -c 2'.format(egress, ip.split('/')[0]),
110 'ifconfig {0}'.format(egress),
111 )
112 for cmd in config_cmds_egress:
113 os.system(cmd)
114 index += 1
115 if index == egress_iface_count:
116 break
117 egress_iface_count += 1
118 egress_iface_num += 1
A.R Karthickbe7768c2017-03-17 11:39:41 -0700119
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -0700120
121 @classmethod
122 def acl_hosts_remove(cls, egress_iface_count = 1, egress_iface_num = None):
123 if egress_iface_num is None:
A.R Karthickbe7768c2017-03-17 11:39:41 -0700124 egress_iface_num = cls.egress_iface
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -0700125 n = 0
126 for n in range(egress_iface_count):
127 egress = cls.port_map[egress_iface_num]
128 config_cmds_egress = ('ifconfig {} 0'.format(egress))
129 os.system(config_cmds_egress)
130 egress_iface_num += 1
131
132# @classmethod
133 def acl_rule_traffic_send_recv(self, srcMac, dstMac, srcIp, dstIp, ingress =None, egress=None, ip_proto=None, dstPortNum = None, positive_test = True):
134 if ingress is None:
135 ingress = self.ingress_iface
136 if egress is None:
137 egress = self.egress_iface
138 ingress = self.port_map[ingress]
139 egress = self.port_map[egress]
140 self.success = False if positive_test else True
141 timeout = 10 if positive_test else 1
142 count = 2 if positive_test else 1
143 self.start_sending = True
144 def recv_task():
145 def recv_cb(pkt):
146 log.info('Pkt seen with ingress ip %s, egress ip %s' %(pkt[IP].src, pkt[IP].dst))
147 self.success = True if positive_test else False
148 sniff(count=count, timeout=timeout,
149 lfilter = lambda p: IP in p and p[IP].dst == dstIp.split('/')[0] and p[IP].src == srcIp.split('/')[0],
150 prn = recv_cb, iface = egress)
151 self.start_sending = False
152
153 t = threading.Thread(target = recv_task)
154 t.start()
155 L2 = Ether(src = srcMac, dst = dstMac)
156 L3 = IP(src = srcIp.split('/')[0], dst = dstIp.split('/')[0])
157 pkt = L2/L3
158 log.info('Sending a packet with dst ip %s, src ip %s , dst mac %s src mac %s on port %s to verify if flows are correct' %
159 (dstIp.split('/')[0], srcIp.split('/')[0], dstMac, srcMac, ingress))
160 while self.start_sending is True:
161 sendp(pkt, count=50, iface = ingress)
162 t.join()
163 assert_equal(self.success, True)
164
165 @classmethod
166 def onos_load_config(cls, config):
167 status, code = OnosCtrl.config(config)
168 if status is False:
169 log.info('JSON request returned status %d' %code)
170 assert_equal(status, True)
171
172 def test_acl_allow_rule(self):
173 acl_rule = ACLTest()
174 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
175 if status is False:
176 log.info('JSON request returned status %d' %code)
177 assert_equal(status, True)
178 result = acl_rule.get_acl_rules()
179 aclRules1 = result.json()['aclRules']
180 log.info('Added ACL rules = %s' %result.json()['aclRules'])
181 acl_Id = map(lambda d: d['id'], aclRules1)
182 assert_equal(len(acl_Id), 1)
183
184 def test_acl_allow_rule_with_24_bit_mask(self):
185 acl_rule = ACLTest()
186 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_PREFIX_24, dstIp =self.ACL_DST_IP_PREFIX_24, action = 'allow')
187 if status is False:
188 log.info('JSON request returned status %d' %code)
189 assert_equal(status, True)
190 result = acl_rule.get_acl_rules()
191 aclRules1 = result.json()['aclRules']
192 log.info('Added ACL rules = %s' %result.json()['aclRules'])
193 acl_Id = map(lambda d: d['id'], aclRules1)
194 assert_equal(len(acl_Id), 1)
195
196 def test_acl_deny_rule(self):
197 acl_rule = ACLTest()
198 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
199 if status is False:
200 log.info('JSON request returned status %d' %code)
201 assert_equal(status, True)
202 result = acl_rule.get_acl_rules()
203 aclRules1 = result.json()['aclRules']
204 log.info('Added ACL rules = %s' %result.json()['aclRules'])
205 acl_Id = map(lambda d: d['id'], aclRules1)
206 assert_equal(len(acl_Id), 1)
207
208 def test_acl_deny_rule_with_24_bit_mask(self):
209 acl_rule = ACLTest()
210 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_PREFIX_24, dstIp =self.ACL_DST_IP_PREFIX_24, action = 'deny')
211 if status is False:
212 log.info('JSON request returned status %d' %code)
213 assert_equal(status, True)
214 result = acl_rule.get_acl_rules()
215 aclRules1 = result.json()['aclRules']
216 log.info('Added ACL rules = %s' %result.json()['aclRules'])
217 acl_Id = map(lambda d: d['id'], aclRules1)
218 assert_equal(len(acl_Id), 1)
219
220 def test_acl_add_remove_rule(self):
221 acl_rule = ACLTest()
222 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
223 if status is False:
224 log.info('JSON request returned status %d' %code)
225 assert_equal(status, True)
226 result = acl_rule.get_acl_rules()
227 aclRules1 = result.json()['aclRules']
228 log.info('Added ACL rules = %s' %result.json()['aclRules'])
229 acl_Id = map(lambda d: d['id'], aclRules1)
230 status, code = acl_rule.remove_acl_rule(acl_Id[0])
231 if status is False:
232 log.info('JSON request returned status %d' %code)
233 assert_equal(status, True)
234
235 def test_acl_add_remove_all_rules(self):
236 acl_rule = ACLTest()
237 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
238 status,code = acl_rule.adding_acl_rule('v4', srcIp='10.10.10.10/24', dstIp ='20.20.20.20/24', action = 'deny')
239 if status is False:
240 log.info('JSON request returned status %d' %code)
241 assert_equal(status, True)
242 result = acl_rule.get_acl_rules()
243 aclRules1 = result.json()['aclRules']
244 log.info('Added ACL rules = %s' %result.json()['aclRules'])
245 acl_Id = map(lambda d: d['id'], aclRules1)
246 status, _ = ACLTest.remove_acl_rule()
247 if status is False:
248 log.info('JSON request returned status %d' %code)
249 assert_equal(status, True)
A.R Karthickbe7768c2017-03-17 11:39:41 -0700250
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -0700251 def test_acl_remove_all_rules_without_add(self):
252 status, _ = ACLTest.remove_acl_rule()
253 if status is False:
254 log.info('JSON request returned status %d' %code)
255 assert_equal(status, True)
256
257 def test_acl_allow_and_deny_rule_for_same_src_and_dst_ip(self):
258 acl_rule = ACLTest()
259 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
260 if status is False:
261 log.info('JSON request returned status %d' %code)
262 assert_equal(status, True)
263 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
264 if status is False:
265 log.info('JSON request returned status %d' %code)
266 assert_equal(status, False)
267 result = acl_rule.get_acl_rules()
268 aclRules1 = result.json()['aclRules']
269 log.info('Added ACL rules = %s' %result.json()['aclRules'])
270 acl_Id = map(lambda d: d['id'], aclRules1)
271 assert_equal(len(acl_Id), 1)
272 status, _ = ACLTest.remove_acl_rule()
273 if status is False:
274 log.info('JSON request returned status %d' %code)
275 assert_equal(status, True)
A.R Karthickbe7768c2017-03-17 11:39:41 -0700276
ChetanGaonkerf0dd5bb2016-07-28 16:22:06 -0700277 def test_acl_allow_rules_for_matched_dst_ips(self):
278 acl_rule = ACLTest()
279 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp ='192.168.30.2/24', action = 'allow')
280 if status is False:
281 log.info('JSON request returned status %d' %code)
282 assert_equal(status, True)
283 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
284 if status is False:
285 log.info('JSON request returned status %d' %code)
286 assert_equal(status, False)
287 result = acl_rule.get_acl_rules()
288 aclRules1 = result.json()['aclRules']
289 log.info('Added ACL rules = %s' %result.json()['aclRules'])
290 acl_Id = map(lambda d: d['id'], aclRules1)
291 assert_equal(len(acl_Id), 1)
292 status, _ = ACLTest.remove_acl_rule()
293 if status is False:
294 log.info('JSON request returned status %d' %code)
295 assert_equal(status, True)
296
297 def test_acl_with_matching_src_and_dst_ip_traffic(self):
298 ingress = self.ingress_iface
299 egress = self.CURRENT_PORT_NUM
300 acl_rule = ACLTest()
301 status, code, host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
302 self.CURRENT_PORT_NUM += 1
303 time.sleep(5)
304 if status is False:
305 log.info('JSON request returned status %d' %code)
306 assert_equal(status, True)
307 srcMac = '00:00:00:00:00:11'
308 dstMac = host_ip_mac[0][1]
309 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
310 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
311 time.sleep(10)
312 if status is False:
313 log.info('JSON request returned status %d' %code)
314 assert_equal(status, True)
315 result = acl_rule.get_acl_rules()
316 aclRules1 = result.json()['aclRules']
317 acl_Id = map(lambda d: d['id'], aclRules1)
318 assert_equal(len(acl_Id), 1)
319 log.info('Added ACL rules = %s' %result.json()['aclRules'])
320 self.cliEnter()
321 ##Now verify
322 hosts = json.loads(self.cli.hosts(jsonFormat = True))
323 log.info('Discovered hosts: %s' %hosts)
324 flows = json.loads(self.cli.flows(jsonFormat = True))
325 flows = filter(lambda f: f['flows'], flows)
326 #log.info('Flows: %s' %flows)
327 assert_not_equal(len(flows), 0)
328 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP')
329 self.cliExit()
330 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
331
332 def test_acl_with_matching_24bit_mask_src_and_dst_ip_traffic(self):
333 ingress = self.ingress_iface
334 egress = self.CURRENT_PORT_NUM
335 acl_rule = ACLTest()
336 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
337 self.CURRENT_PORT_NUM += 1
338 time.sleep(5)
339 if status is False:
340 log.info('JSON request returned status %d' %code)
341 assert_equal(status, True)
342 srcMac = '00:00:00:00:00:11'
343 dstMac = host_ip_mac[0][1]
344 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
345 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_PREFIX_24, dstIp =self.ACL_DST_IP_PREFIX_24, action = 'allow')
346 time.sleep(10)
347 if status is False:
348 log.info('JSON request returned status %d' %code)
349 assert_equal(status, True)
350 result = acl_rule.get_acl_rules()
351 aclRules1 = result.json()['aclRules']
352 acl_Id = map(lambda d: d['id'], aclRules1)
353 assert_equal(len(acl_Id), 1)
354 log.info('Added ACL rules = %s' %result.json()['aclRules'])
355 self.cliEnter()
356 ##Now verify
357 hosts = json.loads(self.cli.hosts(jsonFormat = True))
358 log.info('Discovered hosts: %s' %hosts)
359 flows = json.loads(self.cli.flows(jsonFormat = True))
360 flows = filter(lambda f: f['flows'], flows)
361 #log.info('Flows: %s' %flows)
362 assert_not_equal(len(flows), 0)
363 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP, ingress =ingress, egress = egress, ip_proto = 'UDP')
364 self.cliExit()
365 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
366
367 def test_acl_with_non_matching_src_and_dst_ip_traffic(self):
368 ingress = self.ingress_iface
369 egress = self.CURRENT_PORT_NUM
370 acl_rule = ACLTest()
371 status, code, host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
372 self.CURRENT_PORT_NUM += 1
373 time.sleep(5)
374 if status is False:
375 log.info('JSON request returned status %d' %code)
376 assert_equal(status, True)
377 srcMac = '00:00:00:00:00:11'
378 dstMac = host_ip_mac[0][1]
379 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
380 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
381 time.sleep(10)
382 if status is False:
383 log.info('JSON request returned status %d' %code)
384 assert_equal(status, True)
385 result = acl_rule.get_acl_rules()
386 aclRules1 = result.json()['aclRules']
387 acl_Id = map(lambda d: d['id'], aclRules1)
388 assert_equal(len(acl_Id), 1)
389 log.info('Added ACL rules = %s' %result.json()['aclRules'])
390 self.cliEnter()
391 ##Now verify
392 hosts = json.loads(self.cli.hosts(jsonFormat = True))
393 log.info('Discovered hosts: %s' %hosts)
394 flows = json.loads(self.cli.flows(jsonFormat = True))
395 flows = filter(lambda f: f['flows'], flows)
396 #log.info('Flows: %s' %flows)
397 assert_not_equal(len(flows), 0)
398 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac, srcIp ='192.168.40.1/24', dstIp = self.ACL_DST_IP, ingress=ingress, egress = egress, ip_proto = 'UDP', positive_test = False )
399 self.cliExit()
400 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
401
402 def test_acl_deny_rule_with_matching_src_and_dst_ip_traffic(self):
403 ingress = self.ingress_iface
404 egress = self.CURRENT_PORT_NUM
405 acl_rule = ACLTest()
406 status, code, host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
407 self.CURRENT_PORT_NUM += 1
408 time.sleep(5)
409 if status is False:
410 log.info('JSON request returned status %d' %code)
411 assert_equal(status, True)
412 srcMac = '00:00:00:00:00:11'
413 dstMac = host_ip_mac[0][1]
414 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
415 status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
416 time.sleep(10)
417 if status is False:
418 log.info('JSON request returned status %d' %code)
419 assert_equal(status, True)
420 result = acl_rule.get_acl_rules()
421 aclRules1 = result.json()['aclRules']
422 acl_Id = map(lambda d: d['id'], aclRules1)
423 assert_equal(len(acl_Id), 1)
424 log.info('Added ACL rules = %s' %result.json()['aclRules'])
425 self.cliEnter()
426 ##Now verify
427 hosts = json.loads(self.cli.hosts(jsonFormat = True))
428 log.info('Discovered hosts: %s' %hosts)
429 flows = json.loads(self.cli.flows(jsonFormat = True))
430 flows = filter(lambda f: f['flows'], flows)
431 #log.info('Flows: %s' %flows)
432 assert_not_equal(len(flows), 0)
433 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
434 self.cliExit()
435 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
436
437 def test_acl_deny_rule_with_src_and_dst_ip_applying_24_bit_mask_for_matching_traffic(self):
438 ingress = self.ingress_iface
439 egress = self.CURRENT_PORT_NUM
440 acl_rule = ACLTest()
441 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
442 self.CURRENT_PORT_NUM += 1
443 time.sleep(5)
444 if status is False:
445 log.info('JSON request returned status %d' %code)
446 assert_equal(status, True)
447 srcMac = '00:00:00:00:00:11'
448 dstMac = host_ip_mac[0][1]
449 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
450 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_PREFIX_24, dstIp =self.ACL_DST_IP_PREFIX_24, action = 'deny')
451 time.sleep(10)
452 if status is False:
453 log.info('JSON request returned status %d' %code)
454 assert_equal(status, True)
455 result = acl_rule.get_acl_rules()
456 aclRules1 = result.json()['aclRules']
457 acl_Id = map(lambda d: d['id'], aclRules1)
458 assert_equal(len(acl_Id), 1)
459 log.info('Added ACL rules = %s' %result.json()['aclRules'])
460 self.cliEnter()
461 ##Now verify
462 hosts = json.loads(self.cli.hosts(jsonFormat = True))
463 log.info('Discovered hosts: %s' %hosts)
464 flows = json.loads(self.cli.flows(jsonFormat = True))
465 flows = filter(lambda f: f['flows'], flows)
466 #log.info('Flows: %s' %flows)
467 assert_not_equal(len(flows), 0)
468 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_PREFIX_24, dstIp = self.ACL_DST_IP_PREFIX_24,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
469 self.cliExit()
470 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
471
472 def test_acl_deny_rule_with_non_matching_src_and_dst_ip_traffic(self):
473 ingress = self.ingress_iface
474 egress = self.CURRENT_PORT_NUM
475 acl_rule = ACLTest()
476 status, code, host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
477 self.CURRENT_PORT_NUM += 1
478 time.sleep(5)
479 if status is False:
480 log.info('JSON request returned status %d' %code)
481 assert_equal(status, True)
482 srcMac = '00:00:00:00:00:11'
483 dstMac = host_ip_mac[0][1]
484 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
485 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
486 time.sleep(10)
487 if status is False:
488 log.info('JSON request returned status %d' %code)
489 assert_equal(status, True)
490 result = acl_rule.get_acl_rules()
491 aclRules1 = result.json()['aclRules']
492 acl_Id = map(lambda d: d['id'], aclRules1)
493 assert_equal(len(acl_Id), 1)
494 log.info('Added ACL rules = %s' %result.json()['aclRules'])
495 self.cliEnter()
496 ##Now verify
497 hosts = json.loads(self.cli.hosts(jsonFormat = True))
498 log.info('Discovered hosts: %s' %hosts)
499 flows = json.loads(self.cli.flows(jsonFormat = True))
500 flows = filter(lambda f: f['flows'], flows)
501 #log.info('Flows: %s' %flows)
502 assert_not_equal(len(flows), 0)
503 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp ='192.168.40.1/24', dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
504 self.cliExit()
505 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
506
507 def test_acl_allow_and_deny_rules_with_matching_src_and_dst_ip_traffic(self):
508 ingress = self.ingress_iface
509 egress = self.CURRENT_PORT_NUM
510 acl_rule = ACLTest()
511 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
512 self.CURRENT_PORT_NUM += 1
513 time.sleep(5)
514 if status is False:
515 log.info('JSON request returned status %d' %code)
516 assert_equal(status, True)
517 srcMac = '00:00:00:00:00:11'
518 dstMac = host_ip_mac[0][1]
519 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
520 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
521 time.sleep(10)
522 if status is False:
523 log.info('JSON request returned status %d' %code)
524 assert_equal(status, True)
525 result = acl_rule.get_acl_rules()
526 aclRules1 = result.json()['aclRules']
527 acl_Id = map(lambda d: d['id'], aclRules1)
528 assert_equal(len(acl_Id), 1)
529 log.info('Added ACL rules = %s' %result.json()['aclRules'])
530 self.cliEnter()
531 ##Now verify
532 hosts = json.loads(self.cli.hosts(jsonFormat = True))
533 log.info('Discovered hosts: %s' %hosts)
534 flows = json.loads(self.cli.flows(jsonFormat = True))
535 flows = filter(lambda f: f['flows'], flows)
536 #log.info('Flows: %s' %flows)
537 assert_not_equal(len(flows), 0)
538 egress = self.CURRENT_PORT_NUM
539 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress ,ip_proto = 'UDP')
540 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
541 self.CURRENT_PORT_NUM += 1
542 time.sleep(5)
543 if status is False:
544 log.info('JSON request returned status %d' %code)
545 assert_equal(status, True)
546 dstMac = host_ip_mac[0][1]
547 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
548 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, action = 'deny')
549 time.sleep(10)
550 if status is False:
551 log.info('JSON request returned status %d' %code)
552 assert_equal(status, True)
553 result = acl_rule.get_acl_rules()
554 aclRules1 = result.json()['aclRules']
555 acl_Id = map(lambda d: d['id'], aclRules1)
556 assert_equal(len(acl_Id), 2)
557 log.info('Added ACL rules = %s' %result.json()['aclRules'])
558 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
559 ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
560 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, positive_test = False)
561 self.cliExit()
562 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
563
564 def test_acl_for_l4_acl_rule(self):
565 acl_rule = ACLTest()
566 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'allow')
567 if status is False:
568 log.info('JSON request returned status %d' %code)
569 assert_equal(status, True)
570 result = acl_rule.get_acl_rules()
571 aclRules1 = result.json()['aclRules']
572 log.info('Added ACL rules = %s' %result.json()['aclRules'])
573 acl_Id = map(lambda d: d['id'], aclRules1)
574 assert_equal(len(acl_Id), 1)
575
576 def test_acl_for_remove_l4_rule(self):
577 acl_rule = ACLTest()
578 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='245', action = 'allow')
579 if status is False:
580 log.info('JSON request returned status %d' %code)
581 assert_equal(status, True)
582 result = acl_rule.get_acl_rules()
583 aclRules1 = result.json()['aclRules']
584 log.info('Added ACL rules = %s' %result.json()['aclRules'])
585 acl_Id = map(lambda d: d['id'], aclRules1)
586 status, code = acl_rule.remove_acl_rule(acl_Id[0])
587 if status is False:
588 log.info('JSON request returned status %d' %code)
589 assert_equal(status, True)
590
591 def test_acl_for_remove_l4_rules(self):
592 acl_rule = ACLTest()
593 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='567', action = 'allow')
594 if status is False:
595 log.info('JSON request returned status %d' %code)
596 assert_equal(status, True)
597 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='245', action = 'deny')
598 if status is False:
599 log.info('JSON request returned status %d' %code)
600 assert_equal(status, True)
601 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='ICMP', dstTpPort ='1',action = 'allow')
602 if status is False:
603 log.info('JSON request returned status %d' %code)
604 assert_equal(status, True)
605 result = acl_rule.get_acl_rules()
606 aclRules1 = result.json()['aclRules']
607 log.info('Added ACL rules = %s' %result.json()['aclRules'])
608 acl_Id = map(lambda d: d['id'], aclRules1)
609 assert_equal(len(acl_Id), 3)
610 status, _ = ACLTest.remove_acl_rule()
611 if status is False:
612 log.info('JSON request returned status %d' %code)
613 assert_equal(status, True)
614
615 def test_acl_adding_specific_l4_and_all_l4_allow_rule(self):
616 acl_rule = ACLTest()
617 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'allow')
618 if status is False:
619 log.info('JSON request returned status %d' %code)
620 assert_equal(status, True)
621 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
622 if status is False:
623 log.info('JSON request returned status %d' %code)
624 assert_equal(status, True)
625 result = acl_rule.get_acl_rules()
626 aclRules1 = result.json()['aclRules']
627 log.info('Added ACL rules = %s' %result.json()['aclRules'])
628 acl_Id = map(lambda d: d['id'], aclRules1)
629 assert_equal(len(acl_Id), 2)
630
631 def test_acl_adding_all_l4_and_specific_l4_allow_rule(self):
632 acl_rule = ACLTest()
633 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
634 if status is False:
635 log.info('JSON request returned status %d' %code)
636 assert_equal(status, True)
637 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='345', action = 'allow')
638 if status is True:
639 log.info('JSON request returned status %d' %code)
640 assert_equal(status, True)
641 result = acl_rule.get_acl_rules()
642 aclRules1 = result.json()['aclRules']
643 log.info('Added ACL rules = %s' %result.json()['aclRules'])
644 acl_Id = map(lambda d: d['id'], aclRules1)
645 assert_equal(len(acl_Id), 1)
646
647 def test_acl_with_specific_l4_and_all_l4_deny_rule(self):
648 acl_rule = ACLTest()
649 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'deny')
650 if status is False:
651 log.info('JSON request returned status %d' %code)
652 assert_equal(status, True)
653 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
654 if status is False:
655 log.info('JSON request returned status %d' %code)
656 assert_equal(status, True)
657 result = acl_rule.get_acl_rules()
658 aclRules1 = result.json()['aclRules']
659 log.info('Added ACL rules = %s' %result.json()['aclRules'])
660 acl_Id = map(lambda d: d['id'], aclRules1)
661 assert_equal(len(acl_Id), 2)
662
663 def test_acl_with_all_l4_and_specific_l4_deny_rule(self):
664 acl_rule = ACLTest()
665 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
666 if status is False:
667 log.info('JSON request returned status %d' %code)
668 assert_equal(status, True)
669 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='345', action = 'deny')
670 if status is True:
671 log.info('JSON request returned status %d' %code)
672 assert_equal(status, True)
673 result = acl_rule.get_acl_rules()
674 aclRules1 = result.json()['aclRules']
675 log.info('Added ACL rules = %s' %result.json()['aclRules'])
676 acl_Id = map(lambda d: d['id'], aclRules1)
677 assert_equal(len(acl_Id), 1)
678
679 def test_acl_with_specific_l4_deny_and_all_l4_allow_rule(self):
680 acl_rule = ACLTest()
681 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'deny')
682 if status is False:
683 log.info('JSON request returned status %d' %code)
684 assert_equal(status, True)
685 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
686 if status is False:
687 log.info('JSON request returned status %d' %code)
688 assert_equal(status, True)
689 result = acl_rule.get_acl_rules()
690 aclRules1 = result.json()['aclRules']
691 log.info('Added ACL rules = %s' %result.json()['aclRules'])
692 acl_Id = map(lambda d: d['id'], aclRules1)
693 assert_equal(len(acl_Id), 2)
694
695 def test_acl_deny_all_l4_and_allow_specific_l4_rule(self):
696 acl_rule = ACLTest()
697 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
698 if status is False:
699 log.info('JSON request returned status %d' %code)
700 assert_equal(status, True)
701 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='345', action = 'allow')
702 if status is True:
703 log.info('JSON request returned status %d' %code)
704 assert_equal(status, True)
705 result = acl_rule.get_acl_rules()
706 aclRules1 = result.json()['aclRules']
707 log.info('Added ACL rules = %s' %result.json()['aclRules'])
708 acl_Id = map(lambda d: d['id'], aclRules1)
709 assert_equal(len(acl_Id), 1)
710
711 def test_acl_tcp_port_allow_rule_for_matching_and_non_matching_traffic(self):
712 ingress = self.ingress_iface
713 egress = self.CURRENT_PORT_NUM
714 acl_rule = ACLTest()
715 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
716 self.CURRENT_PORT_NUM += 1
717 time.sleep(5)
718 if status is False:
719 log.info('JSON request returned status %d' %code)
720 assert_equal(status, True)
721 srcMac = '00:00:00:00:00:11'
722 dstMac = host_ip_mac[0][1]
723 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
724 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'allow')
725 time.sleep(20)
726 if status is False:
727 log.info('JSON request returned status %d' %code)
728 assert_equal(status, True)
729 result = acl_rule.get_acl_rules()
730 aclRules1 = result.json()['aclRules']
731 acl_Id = map(lambda d: d['id'], aclRules1)
732 assert_equal(len(acl_Id), 1)
733 log.info('Added ACL Rules = %s' %result.json()['aclRules'])
734 self.cliEnter()
735 ##Now verify
736 hosts = json.loads(self.cli.hosts(jsonFormat = True))
737 log.info('Discovered hosts: %s' %hosts)
738 flows = json.loads(self.cli.flows(jsonFormat = True))
739 flows = filter(lambda f: f['flows'], flows)
740 #log.info('Flows: %s' %flows)
741 assert_not_equal(len(flows), 0)
742 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 222)
743 ## Non-matching traffic for TCP portocol testing
744 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 444, positive_test = False)
745 self.cliExit()
746 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
747
748 def test_acl_udp_port_allow_rule_for_matching_and_non_matching_traffic(self):
749 ingress = self.ingress_iface
750 egress = self.CURRENT_PORT_NUM
751 acl_rule = ACLTest()
752 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
753 self.CURRENT_PORT_NUM += 1
754 time.sleep(5)
755 if status is False:
756 log.info('JSON request returned status %d' %code)
757 assert_equal(status, True)
758 srcMac = '00:00:00:00:00:11'
759 dstMac = host_ip_mac[0][1]
760 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
761 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='456', action = 'allow')
762 time.sleep(20)
763 if status is False:
764 log.info('JSON request returned status %d' %code)
765 assert_equal(status, True)
766 result = acl_rule.get_acl_rules()
767 aclRules1 = result.json()['aclRules']
768 acl_Id = map(lambda d: d['id'], aclRules1)
769 assert_equal(len(acl_Id), 1)
770 log.info('Added ACL Rules = %s' %result.json()['aclRules'])
771 self.cliEnter()
772 ##Now verify
773 hosts = json.loads(self.cli.hosts(jsonFormat = True))
774 log.info('Discovered hosts: %s' %hosts)
775 flows = json.loads(self.cli.flows(jsonFormat = True))
776 flows = filter(lambda f: f['flows'], flows)
777 #log.info('Flows: %s' %flows)
778 assert_not_equal(len(flows), 0)
779 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 456)
780 ## Non-matching traffic for TCP portocol testing
781 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 654, positive_test = False)
782 self.cliExit()
783 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
784
785 def test_acl_icmp_port_allow_rule_for_matching_and_non_matching_traffic(self):
786 ingress = self.ingress_iface
787 egress = self.CURRENT_PORT_NUM
788 acl_rule = ACLTest()
789 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
790 self.CURRENT_PORT_NUM += 1
791 time.sleep(5)
792 if status is False:
793 log.info('JSON request returned status %d' %code)
794 assert_equal(status, True)
795 srcMac = '00:00:00:00:00:11'
796 dstMac = host_ip_mac[0][1]
797 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
798 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='ICMP', dstTpPort ='1', action = 'allow')
799 time.sleep(20)
800 if status is False:
801 log.info('JSON request returned status %d' %code)
802 assert_equal(status, True)
803 result = acl_rule.get_acl_rules()
804 aclRules1 = result.json()['aclRules']
805 acl_Id = map(lambda d: d['id'], aclRules1)
806 assert_equal(len(acl_Id), 1)
807 log.info('Added ACL Rules = %s' %result.json()['aclRules'])
808 self.cliEnter()
809 ##Now verify
810 hosts = json.loads(self.cli.hosts(jsonFormat = True))
811 log.info('Discovered hosts: %s' %hosts)
812 flows = json.loads(self.cli.flows(jsonFormat = True))
813 flows = filter(lambda f: f['flows'], flows)
814 #log.info('Flows: %s' %flows)
815 assert_not_equal(len(flows), 0)
816 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'ICMP', dstPortNum = 1)
817 ## Non-matching traffic for TCP portocol testing
818 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'ICMP', dstPortNum = 2, positive_test = False)
819 self.cliExit()
820 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
821
822 def test_acl_tcp_port_deny_rule_for_matching_and_non_matching_traffic(self):
823 ingress = self.ingress_iface
824 egress = self.CURRENT_PORT_NUM
825 acl_rule = ACLTest()
826 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
827 self.CURRENT_PORT_NUM += 1
828 time.sleep(5)
829 if status is False:
830 log.info('JSON request returned status %d' %code)
831 assert_equal(status, True)
832 srcMac = '00:00:00:00:00:11'
833 dstMac = host_ip_mac[0][1]
834 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
835 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'deny')
836 time.sleep(20)
837 if status is False:
838 log.info('JSON request returned status %d' %code)
839 assert_equal(status, True)
840 result = acl_rule.get_acl_rules()
841 aclRules1 = result.json()['aclRules']
842 acl_Id = map(lambda d: d['id'], aclRules1)
843 assert_equal(len(acl_Id), 1)
844 log.info('Added ACL Rules = %s' %result.json()['aclRules'])
845 self.cliEnter()
846 ##Now verify
847 hosts = json.loads(self.cli.hosts(jsonFormat = True))
848 log.info('Discovered hosts: %s' %hosts)
849 flows = json.loads(self.cli.flows(jsonFormat = True))
850 flows = filter(lambda f: f['flows'], flows)
851 #log.info('Flows: %s' %flows)
852 assert_not_equal(len(flows), 0)
853 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 222, positive_test = False)
854 ## Non-matching traffic for TCP portocol testing
855 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 444, positive_test = False)
856 self.cliExit()
857 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
858
859 def test_acl_udp_port_deny_rule_for_matching_and_non_matching_traffic(self):
860 ingress = self.ingress_iface
861 egress = self.CURRENT_PORT_NUM
862 acl_rule = ACLTest()
863 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
864 self.CURRENT_PORT_NUM += 1
865 time.sleep(5)
866 if status is False:
867 log.info('JSON request returned status %d' %code)
868 assert_equal(status, True)
869 srcMac = '00:00:00:00:00:11'
870 dstMac = host_ip_mac[0][1]
871 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
872 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='654', action = 'deny')
873 time.sleep(20)
874 if status is False:
875 log.info('JSON request returned status %d' %code)
876 assert_equal(status, True)
877 result = acl_rule.get_acl_rules()
878 aclRules1 = result.json()['aclRules']
879 acl_Id = map(lambda d: d['id'], aclRules1)
880 assert_equal(len(acl_Id), 1)
881 log.info('Added ACL Rules = %s' %result.json()['aclRules'])
882 self.cliEnter()
883 ##Now verify
884 hosts = json.loads(self.cli.hosts(jsonFormat = True))
885 log.info('Discovered hosts: %s' %hosts)
886 flows = json.loads(self.cli.flows(jsonFormat = True))
887 flows = filter(lambda f: f['flows'], flows)
888 #log.info('Flows: %s' %flows)
889 assert_not_equal(len(flows), 0)
890 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 654, positive_test = False)
891 ## Non-matching traffic for TCP portocol testing
892 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 444, positive_test = False)
893 self.cliExit()
894 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
895
896 def test_acl_icmp_port_deny_rule_for_matching_and_non_matching_traffic(self):
897 ingress = self.ingress_iface
898 egress = self.CURRENT_PORT_NUM
899 acl_rule = ACLTest()
900 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
901 self.CURRENT_PORT_NUM += 1
902 time.sleep(5)
903 if status is False:
904 log.info('JSON request returned status %d' %code)
905 assert_equal(status, True)
906 srcMac = '00:00:00:00:00:11'
907 dstMac = host_ip_mac[0][1]
908 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
909 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='ICMP', dstTpPort ='1', action = 'deny')
910 time.sleep(20)
911 if status is False:
912 log.info('JSON request returned status %d' %code)
913 assert_equal(status, True)
914 result = acl_rule.get_acl_rules()
915 aclRules1 = result.json()['aclRules']
916 acl_Id = map(lambda d: d['id'], aclRules1)
917 assert_equal(len(acl_Id), 1)
918 log.info('Added ACL Rules = %s' %result.json()['aclRules'])
919 self.cliEnter()
920 ##Now verify
921 hosts = json.loads(self.cli.hosts(jsonFormat = True))
922 log.info('Discovered hosts: %s' %hosts)
923 flows = json.loads(self.cli.flows(jsonFormat = True))
924 flows = filter(lambda f: f['flows'], flows)
925 #log.info('Flows: %s' %flows)
926 assert_not_equal(len(flows), 0)
927 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'ICMP', dstPortNum = 1, positive_test = False)
928 ## Non-matching traffic for TCP portocol testing
929 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'ICMP', dstPortNum = 2, positive_test = False)
930 self.cliExit()
931 self.acl_hosts_remove(egress_iface_count = 1, egress_iface_num = egress)
932
933 def test_acl_two_allow_rules_for_tcp_port_matching_traffic(self):
934 ingress = self.ingress_iface
935 egress = self.CURRENT_PORT_NUM
936 acl_rule = ACLTest()
937 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
938 self.CURRENT_PORT_NUM += 1
939 time.sleep(5)
940 if status is False:
941 log.info('JSON request returned status %d' %code)
942 assert_equal(status, True)
943 srcMac = '00:00:00:00:00:11'
944 dstMac = host_ip_mac[0][1]
945 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
946 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'allow')
947 time.sleep(10)
948 if status is False:
949 log.info('JSON request returned status %d' %code)
950 assert_equal(status, True)
951 result = acl_rule.get_acl_rules()
952 aclRules1 = result.json()['aclRules']
953 acl_Id = map(lambda d: d['id'], aclRules1)
954 assert_equal(len(acl_Id), 1)
955 log.info('Added ACL rules = %s' %result.json()['aclRules'])
956 self.cliEnter()
957 ##Now verify
958 hosts = json.loads(self.cli.hosts(jsonFormat = True))
959 log.info('Discovered hosts: %s' %hosts)
960 flows = json.loads(self.cli.flows(jsonFormat = True))
961 flows = filter(lambda f: f['flows'], flows)
962 #log.info('Flows: %s' %flows)
963 assert_not_equal(len(flows), 0)
964 egress = self.CURRENT_PORT_NUM
965 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 222)
966 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
967 self.CURRENT_PORT_NUM += 1
968 time.sleep(5)
969 if status is False:
970 log.info('JSON request returned status %d' %code)
971 assert_equal(status, True)
972 dstMac = host_ip_mac[0][1]
973 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
974 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, ipProto ='TCP', dstTpPort ='345', action = 'allow')
975 time.sleep(10)
976 if status is False:
977 log.info('JSON request returned status %d' %code)
978 assert_equal(status, True)
979 result = acl_rule.get_acl_rules()
980 aclRules1 = result.json()['aclRules']
981 acl_Id = map(lambda d: d['id'], aclRules1)
982 assert_equal(len(acl_Id), 2)
983 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 345)
984 ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
985 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 222, positive_test = False)
986 self.cliExit()
987 self.acl_hosts_remove(egress_iface_count = 2, egress_iface_num = egress-1)
988
989 def test_acl_two_allow_rules_for_udp_ports_matching_traffic(self):
990 ingress = self.ingress_iface
991 egress = self.CURRENT_PORT_NUM
992 acl_rule = ACLTest()
993 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
994 self.CURRENT_PORT_NUM += 1
995 time.sleep(5)
996 if status is False:
997 log.info('JSON request returned status %d' %code)
998 assert_equal(status, True)
999 srcMac = '00:00:00:00:00:11'
1000 dstMac = host_ip_mac[0][1]
1001 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
1002 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='987', action = 'allow')
1003 time.sleep(10)
1004 if status is False:
1005 log.info('JSON request returned status %d' %code)
1006 assert_equal(status, True)
1007 result = acl_rule.get_acl_rules()
1008 aclRules1 = result.json()['aclRules']
1009 acl_Id = map(lambda d: d['id'], aclRules1)
1010 assert_equal(len(acl_Id), 1)
1011 log.info('Added ACL rules = %s' %result.json()['aclRules'])
1012 self.cliEnter()
1013 ##Now verify
1014 hosts = json.loads(self.cli.hosts(jsonFormat = True))
1015 log.info('Discovered hosts: %s' %hosts)
1016 flows = json.loads(self.cli.flows(jsonFormat = True))
1017 flows = filter(lambda f: f['flows'], flows)
1018 #log.info('Flows: %s' %flows)
1019 assert_not_equal(len(flows), 0)
1020 egress = self.CURRENT_PORT_NUM
1021 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 987)
1022 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
1023 self.CURRENT_PORT_NUM += 1
1024 time.sleep(5)
1025 if status is False:
1026 log.info('JSON request returned status %d' %code)
1027 assert_equal(status, True)
1028 dstMac = host_ip_mac[0][1]
1029 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
1030 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, ipProto ='TCP', dstTpPort ='345', action = 'allow')
1031 time.sleep(10)
1032 if status is False:
1033 log.info('JSON request returned status %d' %code)
1034 assert_equal(status, True)
1035 result = acl_rule.get_acl_rules()
1036 aclRules1 = result.json()['aclRules']
1037 acl_Id = map(lambda d: d['id'], aclRules1)
1038 assert_equal(len(acl_Id), 2)
1039 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 345)
1040 ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
1041 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 987, positive_test = False)
1042 self.cliExit()
1043 self.acl_hosts_remove(egress_iface_count = 2, egress_iface_num = egress-1)
1044
1045 def test_acl_two_allow_rules_for_src_ips_dst_ips_and_l4_ports_matching_traffic(self):
1046 ingress = self.ingress_iface
1047 egress = self.CURRENT_PORT_NUM
1048 acl_rule = ACLTest()
1049 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
1050 self.CURRENT_PORT_NUM += 1
1051 time.sleep(5)
1052 if status is False:
1053 log.info('JSON request returned status %d' %code)
1054 assert_equal(status, True)
1055 srcMac = '00:00:00:00:00:11'
1056 dstMac = host_ip_mac[0][1]
1057 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
1058 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
1059 time.sleep(10)
1060 if status is False:
1061 log.info('JSON request returned status %d' %code)
1062 assert_equal(status, True)
1063 result = acl_rule.get_acl_rules()
1064 aclRules1 = result.json()['aclRules']
1065 acl_Id = map(lambda d: d['id'], aclRules1)
1066 assert_equal(len(acl_Id), 1)
1067 log.info('Added ACL rules = %s' %result.json()['aclRules'])
1068 self.cliEnter()
1069 ##Now verify
1070 hosts = json.loads(self.cli.hosts(jsonFormat = True))
1071 log.info('Discovered hosts: %s' %hosts)
1072 flows = json.loads(self.cli.flows(jsonFormat = True))
1073 flows = filter(lambda f: f['flows'], flows)
1074 #log.info('Flows: %s' %flows)
1075 assert_not_equal(len(flows), 0)
1076 egress = self.CURRENT_PORT_NUM
1077 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP')
1078 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
1079 self.CURRENT_PORT_NUM += 1
1080 time.sleep(5)
1081 if status is False:
1082 log.info('JSON request returned status %d' %code)
1083 assert_equal(status, True)
1084 dstMac = host_ip_mac[0][1]
1085 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
1086 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, ipProto ='TCP', dstTpPort ='345', action = 'allow')
1087 time.sleep(10)
1088 if status is False:
1089 log.info('JSON request returned status %d' %code)
1090 assert_equal(status, True)
1091 result = acl_rule.get_acl_rules()
1092 aclRules1 = result.json()['aclRules']
1093 acl_Id = map(lambda d: d['id'], aclRules1)
1094 assert_equal(len(acl_Id), 2)
1095 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 345)
1096 ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
1097 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 987, positive_test = False)
1098 self.cliExit()
1099 self.acl_hosts_remove(egress_iface_count = 2, egress_iface_num = egress-1)
1100
1101 def test_acl_allow_and_deny_rules_for_src_ips_dst_ips_and_l4_ports_matching_traffic(self):
1102 ingress = self.ingress_iface
1103 egress = self.CURRENT_PORT_NUM
1104 acl_rule = ACLTest()
1105 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
1106 self.CURRENT_PORT_NUM += 1
1107 time.sleep(5)
1108 if status is False:
1109 log.info('JSON request returned status %d' %code)
1110 assert_equal(status, True)
1111 srcMac = '00:00:00:00:00:11'
1112 dstMac = host_ip_mac[0][1]
1113 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
1114 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
1115 time.sleep(10)
1116 if status is False:
1117 log.info('JSON request returned status %d' %code)
1118 assert_equal(status, True)
1119 result = acl_rule.get_acl_rules()
1120 aclRules1 = result.json()['aclRules']
1121 acl_Id = map(lambda d: d['id'], aclRules1)
1122 assert_equal(len(acl_Id), 1)
1123 log.info('Added ACL rules = %s' %result.json()['aclRules'])
1124 self.cliEnter()
1125 ##Now verify
1126 hosts = json.loads(self.cli.hosts(jsonFormat = True))
1127 log.info('Discovered hosts: %s' %hosts)
1128 flows = json.loads(self.cli.flows(jsonFormat = True))
1129 flows = filter(lambda f: f['flows'], flows)
1130 #log.info('Flows: %s' %flows)
1131 assert_not_equal(len(flows), 0)
1132 egress = self.CURRENT_PORT_NUM
1133 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
1134 status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
1135 self.CURRENT_PORT_NUM += 1
1136 time.sleep(5)
1137 if status is False:
1138 log.info('JSON request returned status %d' %code)
1139 assert_equal(status, True)
1140 dstMac = host_ip_mac[0][1]
1141 self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1, egress_iface_num = egress )
1142 status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, ipProto ='UDP', dstTpPort ='345', action = 'allow')
1143 time.sleep(10)
1144 if status is False:
1145 log.info('JSON request returned status %d' %code)
1146 assert_equal(status, True)
1147 result = acl_rule.get_acl_rules()
1148 aclRules1 = result.json()['aclRules']
1149 acl_Id = map(lambda d: d['id'], aclRules1)
1150 assert_equal(len(acl_Id), 2)
1151 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 345)
1152 ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
1153 self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 987, positive_test = False)
1154 self.cliExit()
1155 self.acl_hosts_remove(egress_iface_count = 2, egress_iface_num = egress-1)