2 * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
\r
4 * This program and the accompanying materials are made available under the
\r
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
\r
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
\r
9 package org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow;
\r
11 import java.util.Collections;
\r
12 import java.util.HashMap;
\r
13 import java.util.List;
\r
14 import java.util.Map;
\r
15 import java.util.Objects;
\r
16 import java.util.Set;
\r
18 import org.junit.Before;
\r
19 import org.junit.Test;
\r
20 import org.junit.runner.RunWith;
\r
21 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.OfWriter;
\r
22 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.PolicyManager;
\r
23 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpAddress;
\r
24 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Address;
\r
25 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv6Address;
\r
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow;
\r
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoint.fields.L3Address;
\r
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoint.fields.L3AddressBuilder;
\r
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.Endpoint;
\r
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.OfOverlayContext;
\r
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.OfOverlayNodeConfigBuilder;
\r
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.nodes.node.TunnelBuilder;
\r
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
\r
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId;
\r
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.ArpMatch;
\r
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv4Match;
\r
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv6Match;
\r
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.overlay.rev150105.TunnelTypeVxlan;
\r
39 import org.powermock.api.mockito.PowerMockito;
\r
40 import org.powermock.core.classloader.annotations.PrepareForTest;
\r
41 import org.powermock.modules.junit4.PowerMockRunner;
\r
43 import com.google.common.collect.ImmutableList;
\r
44 import com.google.common.collect.ImmutableSet;
\r
46 import static org.junit.Assert.*;
\r
48 @RunWith(PowerMockRunner.class)
\r
49 @PrepareForTest({PolicyManager.class})
\r
50 public class PortSecurityTest extends FlowTableTest {
\r
52 private Endpoint ep = localEP()
\r
53 .setL3Address(ImmutableList.of(new L3AddressBuilder()
\r
54 .setIpAddress(new IpAddress(new Ipv4Address("10.10.10.10")))
\r
56 new L3AddressBuilder()
\r
57 .setIpAddress(new IpAddress(new Ipv6Address("2001:db8:85a3::8a2e:370:7334")))
\r
62 public void setup() throws Exception {
\r
63 PowerMockito.stub(PowerMockito.method(PolicyManager.class, "setSfcTableOffset")).toReturn(true);
\r
66 table = new PortSecurity(ctx,ctx.getPolicyManager().getTABLEID_PORTSECURITY());
\r
71 public void testDefaultDeny() throws Exception {
\r
72 OfWriter fm = dosync(null);
\r
74 Map<String, Flow> flowMap = new HashMap<>();
\r
75 for (Flow f : fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow()) {
\r
76 flowMap.put(f.getId().getValue(), f);
\r
77 Long etherType = null;
\r
78 if (f.getMatch() != null && f.getMatch().getEthernetMatch() !=null) {
\r
79 etherType = f.getMatch().getEthernetMatch().getEthernetType().getType().getValue();
\r
81 if (f.getMatch() == null || FlowUtils.ARP.equals(etherType) || FlowUtils.IPv4.equals(etherType)
\r
82 || FlowUtils.IPv6.equals(etherType)) {
\r
84 assertEquals(FlowUtils.dropInstructions(), f.getInstructions());
\r
87 assertEquals(4, count);
\r
88 int numberOfFlows = fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size();
\r
89 fm = dosync(flowMap);
\r
90 assertEquals(numberOfFlows, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
94 public void testNonLocalAllow() throws Exception {
\r
96 .addSwitch(new NodeId("openflow:1"),
\r
97 new NodeConnectorId("openflow:1:1"),
\r
98 ImmutableSet.of(new NodeConnectorId("openflow:1:2")),
\r
99 new OfOverlayNodeConfigBuilder().setTunnel(
\r
100 ImmutableList.of(new TunnelBuilder()
\r
101 .setTunnelType(TunnelTypeVxlan.class)
\r
102 .setNodeConnectorId(new NodeConnectorId("openflow:1:1"))
\r
103 .build())).build());
\r
104 OfWriter fm = dosync(null);
\r
105 assertNotEquals(0 ,fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
108 HashMap<String, Flow> flowMap = new HashMap<>();
\r
109 Set<String> ncs = ImmutableSet.of("openflow:1:1", "openflow:1:2");
\r
110 for (Flow f : fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow()) {
\r
111 flowMap.put(f.getId().getValue(), f);
\r
112 if (f.getMatch() != null && f.getMatch().getInPort() != null &&
\r
113 (ncs.contains(f.getMatch().getInPort().getValue()))) {
\r
114 assertTrue(f.getInstructions().equals(
\r
115 FlowUtils.gotoTableInstructions(ctx.getPolicyManager().getTABLEID_INGRESS_NAT()))
\r
116 || f.getInstructions().equals(
\r
117 FlowUtils.gotoTableInstructions(ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER())));
\r
121 assertEquals(1, count);
\r
122 int numberOfFlows = fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size();
\r
123 fm = dosync(flowMap);
\r
124 assertEquals(numberOfFlows, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
128 public void testL2() throws Exception {
\r
129 List<L3Address> l3 = Collections.emptyList();
\r
130 Endpoint ep = localEP()
\r
134 endpointManager.addEndpoint(ep);
\r
136 OfWriter fm = dosync(null);
\r
137 assertNotEquals(0 ,fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
140 HashMap<String, Flow> flowMap = new HashMap<>();
\r
141 for (Flow f : fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow()) {
\r
142 flowMap.put(f.getId().getValue(), f);
\r
143 if (f.getMatch() != null &&
\r
144 f.getMatch().getEthernetMatch() != null &&
\r
145 f.getMatch().getEthernetMatch().getEthernetSource() != null &&
\r
146 Objects.equals(ep.getMacAddress(),
\r
147 f.getMatch().getEthernetMatch()
\r
148 .getEthernetSource().getAddress()) &&
\r
149 Objects.equals(ep.getAugmentation(OfOverlayContext.class).getNodeConnectorId(),
\r
150 f.getMatch().getInPort())) {
\r
152 assertEquals(FlowUtils.gotoTableInstructions(ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER()),
\r
153 f.getInstructions());
\r
156 assertEquals(2, count);
\r
157 int numberOfFlows = fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size();
\r
158 fm = dosync(flowMap);
\r
159 assertEquals(numberOfFlows, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
163 public void testL3() throws Exception {
\r
164 endpointManager.addEndpoint(ep);
\r
166 OfWriter fm = dosync(null);
\r
167 assertNotEquals(0 ,fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
170 HashMap<String, Flow> flowMap = new HashMap<>();
\r
171 for (Flow f : fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow()) {
\r
172 flowMap.put(f.getId().getValue(), f);
\r
173 if (f.getMatch() != null &&
\r
174 Objects.equals(ep.getAugmentation(OfOverlayContext.class).getNodeConnectorId(),
\r
175 f.getMatch().getInPort()) &&
\r
176 ((f.getMatch().getLayer3Match() != null &&
\r
177 f.getMatch().getLayer3Match() instanceof Ipv4Match &&
\r
178 ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Source() != null &&
\r
179 Objects.equals(ep.getL3Address().get(0).getIpAddress().getIpv4Address().getValue(),
\r
180 ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Source().getValue().split("/")[0])) ||
\r
181 (f.getMatch().getLayer3Match() != null &&
\r
182 f.getMatch().getLayer3Match() instanceof Ipv4Match &&
\r
183 ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Destination() != null &&
\r
184 Objects.equals("255.255.255.255",
\r
185 ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Destination().getValue().split("/")[0])) ||
\r
186 (f.getMatch().getLayer3Match() != null &&
\r
187 f.getMatch().getLayer3Match() instanceof ArpMatch &&
\r
188 Objects.equals(ep.getL3Address().get(0).getIpAddress().getIpv4Address().getValue(),
\r
189 ((ArpMatch)f.getMatch().getLayer3Match()).getArpSourceTransportAddress().getValue().split("/")[0])) ||
\r
190 (f.getMatch().getLayer3Match() != null &&
\r
191 f.getMatch().getLayer3Match() instanceof Ipv6Match &&
\r
192 Objects.equals(ep.getL3Address().get(1).getIpAddress().getIpv6Address().getValue(),
\r
193 ((Ipv6Match)f.getMatch().getLayer3Match()).getIpv6Source().getValue().split("/")[0])))) {
\r
195 assertEquals(FlowUtils.gotoTableInstructions(ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER()),
\r
196 f.getInstructions());
\r
199 assertEquals(4, count);
\r
200 int numberOfFlows = fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size();
\r
201 fm = dosync(flowMap);
\r
202 assertEquals(numberOfFlows, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
206 public void testExternal() throws Exception {
\r
207 endpointManager.addEndpoint(ep);
\r
208 switchManager.addSwitch(
\r
209 new NodeId("openflow:12"),
\r
210 new NodeConnectorId("openflow:12:1"),
\r
211 ImmutableSet.of(new NodeConnectorId("openflow:12:2")),
\r
212 new OfOverlayNodeConfigBuilder().setTunnel(
\r
213 ImmutableList.of(new TunnelBuilder().setTunnelType(TunnelTypeVxlan.class)
\r
214 .setNodeConnectorId(new NodeConnectorId("openflow:12:1"))
\r
215 .build())).build());
\r
216 ctx.addTenant(baseTenant().build());
\r
Code Review / groupbasedpolicy.git / blob