2 * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
\r
4 * This program and the accompanying materials are made available under the
\r
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
\r
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
\r
9 package org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow;
\r
11 import java.util.Collections;
\r
12 import java.util.HashMap;
\r
13 import java.util.List;
\r
14 import java.util.Map;
\r
15 import java.util.Objects;
\r
16 import java.util.Set;
\r
18 import org.junit.Before;
\r
19 import org.junit.Test;
\r
20 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.PolicyManager.FlowMap;
\r
21 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpAddress;
\r
22 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Address;
\r
23 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv6Address;
\r
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow;
\r
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoint.fields.L3Address;
\r
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoint.fields.L3AddressBuilder;
\r
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.Endpoint;
\r
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.OfOverlayContext;
\r
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.OfOverlayNodeConfigBuilder;
\r
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.nodes.node.TunnelBuilder;
\r
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
\r
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId;
\r
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.ArpMatch;
\r
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv4Match;
\r
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv6Match;
\r
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.overlay.rev150105.TunnelTypeVxlan;
\r
37 import org.slf4j.Logger;
\r
38 import org.slf4j.LoggerFactory;
\r
40 import com.google.common.collect.ImmutableList;
\r
41 import com.google.common.collect.ImmutableSet;
\r
43 import static org.junit.Assert.*;
\r
45 public class PortSecurityTest extends FlowTableTest {
\r
46 protected static final Logger LOG =
\r
47 LoggerFactory.getLogger(PortSecurityTest.class);
\r
51 public void setup() throws Exception {
\r
53 table = new PortSecurity(ctx,ctx.getPolicyManager().getTABLEID_PORTSECURITY());
\r
58 public void testDefaultDeny() throws Exception {
\r
59 FlowMap fm = dosync(null);
\r
61 Map<String, Flow> flowMap = new HashMap<>();
\r
62 for (Flow f : fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow()) {
\r
63 flowMap.put(f.getId().getValue(), f);
\r
64 Long etherType = null;
\r
65 if (f.getMatch() != null && f.getMatch().getEthernetMatch() !=null) {
\r
66 etherType = f.getMatch().getEthernetMatch().getEthernetType().getType().getValue();
\r
68 if (f.getMatch() == null || FlowUtils.ARP.equals(etherType) || FlowUtils.IPv4.equals(etherType)
\r
69 || FlowUtils.IPv6.equals(etherType)) {
\r
71 assertEquals(FlowUtils.dropInstructions(), f.getInstructions());
\r
74 assertEquals(4, count);
\r
75 int numberOfFlows = fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size();
\r
76 fm = dosync(flowMap);
\r
77 assertEquals(numberOfFlows, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
81 public void testNonLocalAllow() throws Exception {
\r
83 .addSwitch(new NodeId("openflow:1"),
\r
84 new NodeConnectorId("openflow:1:1"),
\r
85 ImmutableSet.of(new NodeConnectorId("openflow:1:2")),
\r
86 new OfOverlayNodeConfigBuilder().setTunnel(
\r
87 ImmutableList.of(new TunnelBuilder()
\r
88 .setTunnelType(TunnelTypeVxlan.class)
\r
89 .setNodeConnectorId(new NodeConnectorId("openflow:1:1"))
\r
90 .build())).build());
\r
91 FlowMap fm = dosync(null);
\r
92 assertNotEquals(0 ,fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
95 HashMap<String, Flow> flowMap = new HashMap<>();
\r
96 Set<String> ncs = ImmutableSet.of("openflow:1:1", "openflow:1:2");
\r
97 for (Flow f : fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow()) {
\r
98 flowMap.put(f.getId().getValue(), f);
\r
99 if (f.getMatch() != null && f.getMatch().getInPort() != null &&
\r
100 ncs.contains(f.getMatch().getInPort().getValue())) {
\r
101 assertTrue(f.getInstructions().equals(
\r
102 FlowUtils.gotoTableInstructions(ctx.getPolicyManager().getTABLEID_INGRESS_NAT()))
\r
103 || f.getInstructions().equals(
\r
104 FlowUtils.gotoTableInstructions(ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER())));
\r
108 assertEquals(2, count);
\r
109 int numberOfFlows = fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size();
\r
110 fm = dosync(flowMap);
\r
111 assertEquals(numberOfFlows, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
115 public void testL2() throws Exception {
\r
116 List<L3Address> l3 = Collections.emptyList();
\r
117 Endpoint ep = localEP()
\r
121 endpointManager.addEndpoint(ep);
\r
123 FlowMap fm = dosync(null);
\r
124 assertNotEquals(0 ,fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
127 HashMap<String, Flow> flowMap = new HashMap<>();
\r
128 for (Flow f : fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow()) {
\r
129 flowMap.put(f.getId().getValue(), f);
\r
130 if (f.getMatch() != null &&
\r
131 f.getMatch().getEthernetMatch() != null &&
\r
132 f.getMatch().getEthernetMatch().getEthernetSource() != null &&
\r
133 Objects.equals(ep.getMacAddress(),
\r
134 f.getMatch().getEthernetMatch()
\r
135 .getEthernetSource().getAddress()) &&
\r
136 Objects.equals(ep.getAugmentation(OfOverlayContext.class).getNodeConnectorId(),
\r
137 f.getMatch().getInPort())) {
\r
139 assertEquals(FlowUtils.gotoTableInstructions(ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER()),
\r
140 f.getInstructions());
\r
143 assertEquals(2, count);
\r
144 int numberOfFlows = fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size();
\r
145 fm = dosync(flowMap);
\r
146 assertEquals(numberOfFlows, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
150 public void testL3() throws Exception {
\r
151 Endpoint ep = localEP()
\r
152 .setL3Address(ImmutableList.of(new L3AddressBuilder()
\r
153 .setIpAddress(new IpAddress(new Ipv4Address("10.10.10.10")))
\r
155 new L3AddressBuilder()
\r
156 .setIpAddress(new IpAddress(new Ipv6Address("2001:db8:85a3::8a2e:370:7334")))
\r
160 endpointManager.addEndpoint(ep);
\r
162 FlowMap fm = dosync(null);
\r
163 assertNotEquals(0 ,fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
166 HashMap<String, Flow> flowMap = new HashMap<>();
\r
167 for (Flow f : fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow()) {
\r
168 flowMap.put(f.getId().getValue(), f);
\r
169 if (f.getMatch() != null &&
\r
170 Objects.equals(ep.getAugmentation(OfOverlayContext.class).getNodeConnectorId(),
\r
171 f.getMatch().getInPort()) &&
\r
172 ((f.getMatch().getLayer3Match() != null &&
\r
173 f.getMatch().getLayer3Match() instanceof Ipv4Match &&
\r
174 ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Source() != null &&
\r
175 Objects.equals(ep.getL3Address().get(0).getIpAddress().getIpv4Address().getValue(),
\r
176 ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Source().getValue().split("/")[0])) ||
\r
177 (f.getMatch().getLayer3Match() != null &&
\r
178 f.getMatch().getLayer3Match() instanceof Ipv4Match &&
\r
179 ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Destination() != null &&
\r
180 Objects.equals("255.255.255.255",
\r
181 ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Destination().getValue().split("/")[0])) ||
\r
182 (f.getMatch().getLayer3Match() != null &&
\r
183 f.getMatch().getLayer3Match() instanceof ArpMatch &&
\r
184 Objects.equals(ep.getL3Address().get(0).getIpAddress().getIpv4Address().getValue(),
\r
185 ((ArpMatch)f.getMatch().getLayer3Match()).getArpSourceTransportAddress().getValue().split("/")[0])) ||
\r
186 (f.getMatch().getLayer3Match() != null &&
\r
187 f.getMatch().getLayer3Match() instanceof Ipv6Match &&
\r
188 Objects.equals(ep.getL3Address().get(1).getIpAddress().getIpv6Address().getValue(),
\r
189 ((Ipv6Match)f.getMatch().getLayer3Match()).getIpv6Source().getValue().split("/")[0])))) {
\r
191 assertEquals(FlowUtils.gotoTableInstructions(ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER()),
\r
192 f.getInstructions());
\r
195 assertEquals(4, count);
\r
196 int numberOfFlows = fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size();
\r
197 fm = dosync(flowMap);
\r
198 assertEquals(numberOfFlows, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY()).getFlow().size());
\r
Code Review / groupbasedpolicy.git / blob