2 * Copyright © 2016, 2017 Red Hat, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netvirt.aclservice.tests;
10 import static org.opendaylight.mdsal.common.api.LogicalDatastoreType.CONFIGURATION;
11 import static org.opendaylight.netvirt.aclservice.tests.StateInterfaceBuilderHelper.putNewStateInterface;
13 import java.math.BigInteger;
14 import java.util.ArrayList;
15 import java.util.Arrays;
16 import java.util.Collections;
17 import java.util.List;
18 import java.util.stream.Collectors;
19 import javax.inject.Inject;
20 import org.eclipse.xtext.xbase.lib.Pair;
21 import org.junit.Before;
22 import org.junit.Rule;
23 import org.junit.Test;
24 import org.opendaylight.genius.datastoreutils.SingleTransactionDataBroker;
25 import org.opendaylight.genius.datastoreutils.testutils.AsyncEventsWaiter;
26 import org.opendaylight.genius.datastoreutils.testutils.JobCoordinatorEventsWaiter;
27 import org.opendaylight.genius.interfacemanager.globals.InterfaceInfo;
28 import org.opendaylight.genius.mdsalutil.FlowEntity;
29 import org.opendaylight.genius.mdsalutil.NwConstants;
30 import org.opendaylight.genius.mdsalutil.interfaces.testutils.TestIMdsalApiManager;
31 import org.opendaylight.genius.testutils.TestInterfaceManager;
32 import org.opendaylight.infrautils.testutils.LogCaptureRule;
33 import org.opendaylight.infrautils.testutils.LogRule;
34 import org.opendaylight.mdsal.binding.api.DataBroker;
35 import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
36 import org.opendaylight.mdsal.common.api.TransactionCommitFailedException;
37 import org.opendaylight.netvirt.aclservice.tests.infra.DataBrokerPairsUtil;
38 import org.opendaylight.netvirt.aclservice.utils.AclConstants;
39 import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
40 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches;
41 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.MatchesBuilder;
42 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder;
43 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4Builder;
44 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddressBuilder;
45 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefixBuilder;
46 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
47 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
48 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
49 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRangeBuilder;
50 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
51 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddressBuilder;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionBase;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionV4;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairsBuilder;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.SubnetInfo;
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.SubnetInfoBuilder;
62 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.SubnetInfoKey;
63 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.instances.ElanInstance;
64 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.instances.ElanInstanceBuilder;
65 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.interfaces.ElanInterface;
66 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.interfaces.ElanInterfaceBuilder;
67 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
68 import org.opendaylight.yangtools.yang.common.Uint64;
69 import org.slf4j.Logger;
70 import org.slf4j.LoggerFactory;
72 public abstract class AclServiceTestBase {
73 private static final Logger LOG = LoggerFactory.getLogger(AclServiceTestBase.class);
75 public @Rule LogRule logRule = new LogRule();
76 public @Rule LogCaptureRule logCaptureRule = new LogCaptureRule();
78 // public static @ClassRule RunUntilFailureClassRule classRepeater = new RunUntilFailureClassRule();
79 // public @Rule RunUntilFailureRule repeater = new RunUntilFailureRule(classRepeater);
81 static final String PORT_MAC_1 = "0D:AA:D8:42:30:F3";
82 static final String PORT_MAC_2 = "0D:AA:D8:42:30:F4";
83 static final String PORT_MAC_3 = "0D:AA:D8:42:30:F5";
84 static final String PORT_MAC_4 = "0D:AA:D8:42:30:F6";
85 static final String PORT_1 = "port1";
86 static final String PORT_2 = "port2";
87 static final String PORT_3 = "port3";
88 static final String PORT_4 = "port4";
89 static String SG_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
90 static String SR_UUID_1 = "85cc3048-abc3-43cc-89b3-377341426ac6";
91 static String SR_UUID_2 = "85cc3048-abc3-43cc-89b3-377341426ac7";
92 static String SG_UUID_1 = "85cc3048-abc3-43cc-89b3-377341426ac5";
93 static String SG_UUID_2 = "85cc3048-abc3-43cc-89b3-377341426ac8";
94 static String SR_UUID_1_1 = "85cc3048-abc3-43cc-89b3-377341426ac6";
95 static String SR_UUID_1_2 = "85cc3048-abc3-43cc-89b3-377341426ac7";
96 static String SR_UUID_2_1 = "85cc3048-abc3-43cc-89b3-377341426a21";
97 static String SR_UUID_2_2 = "85cc3048-abc3-43cc-89b3-377341426a22";
98 static String ELAN = "elan1";
99 static String IP_PREFIX_1 = "10.0.0.1/32";
100 static String IP_PREFIX_2 = "10.0.0.2/32";
101 static String IP_PREFIX_3 = "10.0.0.3/32";
102 static String IP_PREFIX_4 = "10.0.0.4/32";
103 static String IP_100_PREFIX = "10.0.0.100/32";
104 static String IP_101_PREFIX = "10.0.0.101/32";
105 static long ELAN_TAG = 5000L;
107 static String SUBNET_IP_PREFIX_1 = "10.0.0.0/24";
108 static Uuid SUBNET_ID_1 = new Uuid("39add98b-63b7-42e6-8368-ff807eee165e");
109 static SubnetInfo SUBNET_INFO_1 = buildSubnetInfo(SUBNET_ID_1, SUBNET_IP_PREFIX_1, IpVersionV4.class, "10.0.0.1");
111 static AllowedAddressPairs AAP_PORT_1;
112 static AllowedAddressPairs AAP_PORT_2;
113 static AllowedAddressPairs AAP_PORT_3;
114 static AllowedAddressPairs AAP_PORT_4;
115 static AllowedAddressPairs AAP_PORT_100;
116 static AllowedAddressPairs AAP_PORT_101;
118 @Inject DataBroker dataBroker;
119 @Inject DataBrokerPairsUtil dataBrokerUtil;
120 SingleTransactionDataBroker singleTransactionDataBroker;
121 @Inject TestIMdsalApiManager mdsalApiManager;
122 @Inject AsyncEventsWaiter asyncEventsWaiter;
123 @Inject JobCoordinatorEventsWaiter coordinatorEventsWaiter;
124 @Inject TestInterfaceManager testInterfaceManager;
127 public void beforeEachTest() throws Exception {
128 singleTransactionDataBroker = new SingleTransactionDataBroker(dataBroker);
132 private InterfaceInfo newInterfaceInfo(String testInterfaceName) {
133 InterfaceInfo interfaceInfo = new InterfaceInfo(Uint64.valueOf(BigInteger.valueOf(789)), "port1");
134 interfaceInfo.setInterfaceName(testInterfaceName);
135 return interfaceInfo;
139 public void newInterface() throws Exception {
140 LOG.info("newInterface - start");
142 newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
143 Collections.singletonList(SUBNET_INFO_1));
144 testInterfaceManager.addInterfaceInfo(newInterfaceInfo("port1"));
147 putNewStateInterface(dataBroker, "port1", PORT_MAC_1);
149 asyncEventsWaiter.awaitEventsConsumption();
153 LOG.info("newInterface - end");
156 abstract void newInterfaceCheck();
159 public void newInterfaceWithEtherTypeAcl() throws Exception {
160 LOG.info("newInterfaceWithEtherTypeAcl - start");
162 newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
163 Collections.singletonList(SUBNET_INFO_1));
164 asyncEventsWaiter.awaitEventsConsumption();
165 newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2),
166 Collections.singletonList(SUBNET_INFO_1));
167 asyncEventsWaiter.awaitEventsConsumption();
169 Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
170 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_UNSPECIFIED,
171 AclConstants.DEST_UPPER_PORT_UNSPECIFIED, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
172 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) -1);
173 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
174 .newMatches(matches).newDirection(DirectionEgress.class).build());
175 asyncEventsWaiter.awaitEventsConsumption();
176 matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
177 AclConstants.DEST_LOWER_PORT_UNSPECIFIED, AclConstants.DEST_UPPER_PORT_UNSPECIFIED,
178 AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
181 new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches)
182 .newDirection(DirectionIngress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
183 asyncEventsWaiter.awaitEventsConsumption();
185 putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
186 asyncEventsWaiter.awaitEventsConsumption();
187 putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
188 asyncEventsWaiter.awaitEventsConsumption();
190 asyncEventsWaiter.awaitEventsConsumption();
193 newInterfaceWithEtherTypeAclCheck();
194 LOG.info("newInterfaceWithEtherTypeAcl - end");
197 abstract void newInterfaceWithEtherTypeAclCheck();
200 public void newInterfaceWithMultipleAcl() throws Exception {
201 LOG.info("newInterfaceWithEtherTypeAcl - start");
203 newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
204 Collections.singletonList(SUBNET_INFO_1));
205 asyncEventsWaiter.awaitEventsConsumption();
206 newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2),
207 Collections.singletonList(SUBNET_INFO_1));
208 asyncEventsWaiter.awaitEventsConsumption();
210 Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
211 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_UNSPECIFIED,
212 AclConstants.DEST_UPPER_PORT_UNSPECIFIED, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
213 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) -1);
214 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
215 .newMatches(matches).newDirection(DirectionEgress.class).build());
216 asyncEventsWaiter.awaitEventsConsumption();
217 matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
218 AclConstants.DEST_LOWER_PORT_UNSPECIFIED, AclConstants.DEST_UPPER_PORT_UNSPECIFIED,
219 AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
222 new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches)
223 .newDirection(DirectionIngress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
224 asyncEventsWaiter.awaitEventsConsumption();
226 putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
227 asyncEventsWaiter.awaitEventsConsumption();
228 putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
229 asyncEventsWaiter.awaitEventsConsumption();
231 asyncEventsWaiter.awaitEventsConsumption();
234 newInterfaceWithEtherTypeAclCheck();
236 LOG.info("newInterfaceWithEtherTypeAcl - end");
239 matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
240 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP,
241 AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
242 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
243 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_1)
244 .newMatches(matches).newDirection(DirectionEgress.class).newRemoteGroupId(new Uuid(SG_UUID_2)).build());
245 asyncEventsWaiter.awaitEventsConsumption();
246 matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
247 AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP,
248 AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
249 (short) NwConstants.IP_PROT_TCP);
251 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_2)
252 .newMatches(matches).newDirection(DirectionIngress.class).build());
253 asyncEventsWaiter.awaitEventsConsumption();
254 List<String> sgList = new ArrayList<>();
255 sgList.add(SG_UUID_1);
256 sgList.add(SG_UUID_2);
257 newAllowedAddressPair(PORT_1, sgList, Collections.singletonList(AAP_PORT_1),
258 Collections.singletonList(SUBNET_INFO_1));
259 asyncEventsWaiter.awaitEventsConsumption();
260 newAllowedAddressPair(PORT_2, sgList, Collections.singletonList(AAP_PORT_2),
261 Collections.singletonList(SUBNET_INFO_1));
262 asyncEventsWaiter.awaitEventsConsumption();
264 asyncEventsWaiter.awaitEventsConsumption();
266 newInterfaceWithMultipleAclCheck();
269 abstract void newInterfaceWithMultipleAclCheck();
272 public void newInterfaceWithTcpDstAcl() throws Exception {
273 LOG.info("newInterfaceWithTcpDstAcl - start");
275 newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
276 Collections.singletonList(SUBNET_INFO_1));
277 asyncEventsWaiter.awaitEventsConsumption();
278 newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2),
279 Collections.singletonList(SUBNET_INFO_1));
280 asyncEventsWaiter.awaitEventsConsumption();
283 Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
284 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP,
285 AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
286 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
287 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
288 .newMatches(matches).newDirection(DirectionEgress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
289 asyncEventsWaiter.awaitEventsConsumption();
290 matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
291 AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP,
292 AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
293 (short) NwConstants.IP_PROT_TCP);
295 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
296 .newMatches(matches).newDirection(DirectionIngress.class).build());
297 asyncEventsWaiter.awaitEventsConsumption();
300 putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
301 asyncEventsWaiter.awaitEventsConsumption();
302 putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
303 asyncEventsWaiter.awaitEventsConsumption();
305 asyncEventsWaiter.awaitEventsConsumption();
308 newInterfaceWithTcpDstAclCheck();
309 LOG.info("newInterfaceWithTcpDstAcl - end");
312 abstract void newInterfaceWithTcpDstAclCheck();
315 public void newInterfaceWithUdpDstAcl() throws Exception {
316 LOG.info("newInterfaceWithUdpDstAcl - start");
318 newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
319 Collections.singletonList(SUBNET_INFO_1));
320 asyncEventsWaiter.awaitEventsConsumption();
321 newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2),
322 Collections.singletonList(SUBNET_INFO_1));
323 asyncEventsWaiter.awaitEventsConsumption();
326 Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
327 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP,
328 AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
329 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_UDP);
330 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
331 .newMatches(matches).newDirection(DirectionEgress.class).build());
332 asyncEventsWaiter.awaitEventsConsumption();
334 matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
335 AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP,
336 AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
337 (short) NwConstants.IP_PROT_UDP);
339 new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches)
340 .newDirection(DirectionIngress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
341 asyncEventsWaiter.awaitEventsConsumption();
344 putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
345 asyncEventsWaiter.awaitEventsConsumption();
346 putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
347 asyncEventsWaiter.awaitEventsConsumption();
349 asyncEventsWaiter.awaitEventsConsumption();
352 newInterfaceWithUdpDstAclCheck();
353 LOG.info("newInterfaceWithUdpDstAcl - end");
356 abstract void newInterfaceWithUdpDstAclCheck();
359 public void newInterfaceWithIcmpAcl() throws Exception {
360 LOG.info("newInterfaceWithIcmpAcl - start");
362 newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
363 Collections.singletonList(SUBNET_INFO_1));
364 asyncEventsWaiter.awaitEventsConsumption();
365 newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2),
366 Collections.singletonList(SUBNET_INFO_1));
367 asyncEventsWaiter.awaitEventsConsumption();
369 prepareInterfaceWithIcmpAcl();
372 putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
373 asyncEventsWaiter.awaitEventsConsumption();
374 putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
375 asyncEventsWaiter.awaitEventsConsumption();
377 asyncEventsWaiter.awaitEventsConsumption();
380 newInterfaceWithIcmpAclCheck();
381 LOG.info("newInterfaceWithIcmpAcl - end");
384 abstract void newInterfaceWithIcmpAclCheck();
387 public void newInterfaceWithDstPortRange() throws Exception {
388 LOG.info("newInterfaceWithDstPortRange - start");
390 newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
391 Collections.singletonList(SUBNET_INFO_1));
392 asyncEventsWaiter.awaitEventsConsumption();
394 Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
395 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 333, 777, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
396 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
397 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
398 .newMatches(matches).newDirection(DirectionEgress.class).build());
399 asyncEventsWaiter.awaitEventsConsumption();
400 matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 2000,
401 2003, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
402 (short) NwConstants.IP_PROT_UDP);
404 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
405 .newMatches(matches).newDirection(DirectionIngress.class).build());
406 asyncEventsWaiter.awaitEventsConsumption();
409 putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
410 asyncEventsWaiter.awaitEventsConsumption();
412 asyncEventsWaiter.awaitEventsConsumption();
415 newInterfaceWithDstPortRangeCheck();
416 LOG.info("newInterfaceWithDstPortRange - end");
419 abstract void newInterfaceWithDstPortRangeCheck();
422 public void newInterfaceWithDstAllPorts() throws Exception {
423 LOG.info("newInterfaceWithDstAllPorts - start");
425 newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
426 Collections.singletonList(SUBNET_INFO_1));
427 asyncEventsWaiter.awaitEventsConsumption();
429 Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
430 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 1, 65535, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
431 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
432 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
433 .newMatches(matches).newDirection(DirectionEgress.class).build());
434 asyncEventsWaiter.awaitEventsConsumption();
435 matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 1,
436 65535, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
437 (short) NwConstants.IP_PROT_UDP);
439 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
440 .newMatches(matches).newDirection(DirectionIngress.class).build());
441 asyncEventsWaiter.awaitEventsConsumption();
444 putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
445 asyncEventsWaiter.awaitEventsConsumption();
447 asyncEventsWaiter.awaitEventsConsumption();
450 newInterfaceWithDstAllPortsCheck();
451 LOG.info("newInterfaceWithDstAllPorts - end");
454 abstract void newInterfaceWithDstAllPortsCheck();
457 public void newInterfaceWithTwoAclsHavingSameRules() throws Exception {
458 LOG.info("newInterfaceWithTwoAclsHavingSameRules - start");
460 newAllowedAddressPair(PORT_3, Arrays.asList(SG_UUID_1, SG_UUID_2), Collections.singletonList(AAP_PORT_3),
461 Collections.singletonList(SUBNET_INFO_1));
462 asyncEventsWaiter.awaitEventsConsumption();
464 Matches icmpEgressMatches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
465 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_2,
466 AclConstants.DEST_UPPER_PORT_3, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
467 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_ICMP);
468 Matches icmpIngressMatches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
469 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_2,
470 AclConstants.DEST_UPPER_PORT_3, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED,
471 AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED, (short) NwConstants.IP_PROT_ICMP);
473 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
474 .newMatches(icmpEgressMatches).newDirection(DirectionEgress.class).build());
475 asyncEventsWaiter.awaitEventsConsumption();
477 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
478 .newMatches(icmpIngressMatches).newDirection(DirectionIngress.class).build());
479 asyncEventsWaiter.awaitEventsConsumption();
481 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_1)
482 .newMatches(icmpEgressMatches).newDirection(DirectionEgress.class).build());
483 asyncEventsWaiter.awaitEventsConsumption();
485 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_2)
486 .newMatches(icmpIngressMatches).newDirection(DirectionIngress.class).build());
487 asyncEventsWaiter.awaitEventsConsumption();
490 putNewStateInterface(dataBroker, PORT_3, PORT_MAC_3);
491 asyncEventsWaiter.awaitEventsConsumption();
493 asyncEventsWaiter.awaitEventsConsumption();
496 newInterfaceWithTwoAclsHavingSameRulesCheck();
497 LOG.info("newInterfaceWithTwoAclsHavingSameRules - end");
500 abstract void newInterfaceWithTwoAclsHavingSameRulesCheck();
503 public void newInterfaceWithIcmpAclHavingOverlappingMac() throws Exception {
504 newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
505 Collections.singletonList(SUBNET_INFO_1));
506 asyncEventsWaiter.awaitEventsConsumption();
507 newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2),
508 Collections.singletonList(SUBNET_INFO_1));
509 asyncEventsWaiter.awaitEventsConsumption();
511 prepareInterfaceWithIcmpAcl();
514 putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
515 asyncEventsWaiter.awaitEventsConsumption();
516 putNewStateInterface(dataBroker, PORT_2, PORT_MAC_1);
517 asyncEventsWaiter.awaitEventsConsumption();
519 asyncEventsWaiter.awaitEventsConsumption();
522 newInterfaceWithIcmpAclCheck();
526 public void newInterfaceWithAapIpv4All() throws Exception {
527 LOG.info("newInterfaceWithAapIpv4All test - start");
528 newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
529 Collections.singletonList(SUBNET_INFO_1));
530 asyncEventsWaiter.awaitEventsConsumption();
531 List<AllowedAddressPairs> aapList = new ArrayList<>();
532 aapList.add(AAP_PORT_2);
533 aapList.add(buildAap("0.0.0.0/0", PORT_MAC_2));
534 newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), aapList,
535 Collections.singletonList(SUBNET_INFO_1));
536 asyncEventsWaiter.awaitEventsConsumption();
538 prepareInterfaceWithIcmpAcl();
540 putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
541 asyncEventsWaiter.awaitEventsConsumption();
542 putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
543 asyncEventsWaiter.awaitEventsConsumption();
545 asyncEventsWaiter.awaitEventsConsumption();
548 newInterfaceWithAapIpv4AllCheck();
549 LOG.info("newInterfaceWithAapIpv4All test - end");
552 abstract void newInterfaceWithAapIpv4AllCheck();
555 public void newInterfaceWithAap() throws Exception {
556 LOG.info("newInterfaceWithAap test - start");
558 newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
559 Collections.singletonList(SUBNET_INFO_1));
560 asyncEventsWaiter.awaitEventsConsumption();
561 newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1),
562 Arrays.asList(AAP_PORT_2, AAP_PORT_100, AAP_PORT_101), Collections.singletonList(SUBNET_INFO_1));
563 asyncEventsWaiter.awaitEventsConsumption();
565 prepareInterfaceWithIcmpAcl();
567 putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
568 asyncEventsWaiter.awaitEventsConsumption();
569 putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
570 asyncEventsWaiter.awaitEventsConsumption();
572 asyncEventsWaiter.awaitEventsConsumption();
575 newInterfaceWithAapCheck();
576 LOG.info("newInterfaceWithAap test - end");
579 abstract void newInterfaceWithAapCheck();
581 protected void assertFlowsInAnyOrder(Iterable<FlowEntity> expectedFlows) {
582 coordinatorEventsWaiter.awaitEventsConsumption();
583 asyncEventsWaiter.awaitEventsConsumption();
584 mdsalApiManager.assertFlowsInAnyOrder(expectedFlows);
587 protected void prepareInterfaceWithIcmpAcl() throws TransactionCommitFailedException {
589 Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
590 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_2,
591 AclConstants.DEST_UPPER_PORT_3, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
592 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_ICMP);
593 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
594 .newMatches(matches).newDirection(DirectionEgress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
595 asyncEventsWaiter.awaitEventsConsumption();
597 matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
598 AclConstants.DEST_LOWER_PORT_2, AclConstants.DEST_UPPER_PORT_3,
599 AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
600 (short) NwConstants.IP_PROT_ICMP);
601 dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
602 .newMatches(matches).newDirection(DirectionIngress.class).build());
603 asyncEventsWaiter.awaitEventsConsumption();
606 protected void newAllowedAddressPair(String portName, List<String> sgUuidList, List<AllowedAddressPairs> aapList,
607 List<SubnetInfo> subnetInfo)
608 throws TransactionCommitFailedException {
609 List<Uuid> sgList = sgUuidList.stream().map(Uuid::new).collect(Collectors.toList());
610 Pair<DataTreeIdentifier<Interface>, Interface> port = new IdentifiedInterfaceWithAclBuilder()
611 .interfaceName(portName)
613 .addAllNewSecurityGroups(sgList)
614 .addAllIfAllowedAddressPairs(aapList)
615 .addAllIfSubnetInfo(subnetInfo).build();
616 dataBrokerUtil.put(port);
617 testInterfaceManager.addInterface(port.getValue());
620 protected void newElan(String elanName, long elanId) throws TransactionCommitFailedException {
621 ElanInstance elan = new ElanInstanceBuilder().setElanInstanceName(elanName).setElanTag(5000L).build();
622 singleTransactionDataBroker.syncWrite(CONFIGURATION,
623 AclServiceUtils.getElanInstanceConfigurationDataPath(elanName), elan);
626 protected void newElanInterface(String elanName, String portName, boolean isWrite)
627 throws TransactionCommitFailedException {
628 ElanInterface elanInterface =
629 new ElanInterfaceBuilder().setName(portName).setElanInstanceName(elanName).build();
630 InstanceIdentifier<ElanInterface> id = AclServiceUtils.getElanInterfaceConfigurationDataPathId(portName);
632 singleTransactionDataBroker.syncWrite(CONFIGURATION, id, elanInterface);
634 singleTransactionDataBroker.syncDelete(CONFIGURATION, id);
638 // TODO refactor this instead of stealing it from org.opendaylight.netvirt.neutronvpn.NeutronSecurityRuleListener
639 protected Matches newMatch(int srcLowerPort, int srcUpperPort, int destLowerPort, int destupperPort,
640 int srcRemoteIpPrefix, int dstRemoteIpPrefix, short protocol) {
642 AceIpBuilder aceIpBuilder = new AceIpBuilder();
643 if (destLowerPort != -1) {
644 DestinationPortRangeBuilder destinationPortRangeBuilder = new DestinationPortRangeBuilder();
645 destinationPortRangeBuilder.setLowerPort(new PortNumber(destLowerPort));
646 destinationPortRangeBuilder.setUpperPort(new PortNumber(destupperPort));
647 aceIpBuilder.setDestinationPortRange(destinationPortRangeBuilder.build());
649 AceIpv4Builder aceIpv4Builder = new AceIpv4Builder();
650 if (srcRemoteIpPrefix == AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED) {
651 aceIpv4Builder.setSourceIpv4Network(new Ipv4Prefix(AclConstants.IPV4_ALL_NETWORK));
653 if (dstRemoteIpPrefix == AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED) {
654 aceIpv4Builder.setSourceIpv4Network(new Ipv4Prefix(AclConstants.IPV4_ALL_NETWORK));
656 if (protocol != -1) {
657 aceIpBuilder.setProtocol(protocol);
659 aceIpBuilder.setAceIpVersion(aceIpv4Builder.build());
661 MatchesBuilder matchesBuilder = new MatchesBuilder();
662 matchesBuilder.setAceType(aceIpBuilder.build());
663 return matchesBuilder.build();
666 protected static AllowedAddressPairs buildAap(String ipAddress, String macAddress) {
667 return new AllowedAddressPairsBuilder()
668 .setIpAddress(new IpPrefixOrAddress(IpPrefixBuilder.getDefaultInstance(ipAddress)))
669 .setMacAddress(new MacAddress(macAddress)).build();
672 protected static SubnetInfo buildSubnetInfo(Uuid subnetId, String ipPrefix,
673 Class<? extends IpVersionBase> ipVersion, String gwIp) {
674 return new SubnetInfoBuilder().withKey(new SubnetInfoKey(subnetId)).setIpVersion(ipVersion)
675 .setIpPrefix(IpPrefixOrAddressBuilder.getDefaultInstance(ipPrefix))
676 .setGatewayIp(IpAddressBuilder.getDefaultInstance(gwIp)).build();
679 protected void setUpData() throws Exception {
680 newElan(ELAN, ELAN_TAG);
681 newElanInterface(ELAN, PORT_1, true);
682 newElanInterface(ELAN, PORT_2, true);
683 newElanInterface(ELAN, PORT_3, true);
684 newElanInterface(ELAN, PORT_4, true);
686 AAP_PORT_1 = buildAap(IP_PREFIX_1, PORT_MAC_1);
687 AAP_PORT_2 = buildAap(IP_PREFIX_2, PORT_MAC_2);
688 AAP_PORT_3 = buildAap(IP_PREFIX_3, PORT_MAC_3);
689 AAP_PORT_4 = buildAap(IP_PREFIX_4, PORT_MAC_4);
690 AAP_PORT_100 = buildAap(IP_100_PREFIX, PORT_MAC_2);
691 AAP_PORT_101 = buildAap(IP_101_PREFIX, "0D:AA:D8:42:30:A4");