[groupbasedpolicy.git] / renderers / ofoverlay / src / test / java / org / opendaylight / groupbasedpolicy / renderer / ofoverlay / flow / PortSecurityTest.java

/*\r
 * Copyright (c) 2014 Cisco Systems, Inc. and others.  All rights reserved.\r
 *\r
 * This program and the accompanying materials are made available under the\r
 * terms of the Eclipse Public License v1.0 which accompanies this distribution,\r
 * and is available at http://www.eclipse.org/legal/epl-v10.html\r
 */\r
\r
package org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow;\r
\r
import java.util.Collections;\r
import java.util.HashMap;\r
import java.util.List;\r
import java.util.Map;\r
import java.util.Objects;\r
import java.util.Set;\r
\r
import org.junit.Before;\r
import org.junit.Test;\r
import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.PolicyManager.FlowMap;\r
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpAddress;\r
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Address;\r
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv6Address;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoint.fields.L3Address;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoint.fields.L3AddressBuilder;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.Endpoint;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.OfOverlayContext;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.ArpMatch;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv4Match;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv6Match;\r
import org.slf4j.Logger;\r
import org.slf4j.LoggerFactory;\r
\r
import com.google.common.collect.ImmutableList;\r
import com.google.common.collect.ImmutableSet;\r
\r
import static org.junit.Assert.*;\r
\r
public class PortSecurityTest extends FlowTableTest {\r
    protected static final Logger LOG =\r
            LoggerFactory.getLogger(PortSecurityTest.class);\r
\r
    @Override\r
    @Before\r
    public void setup() throws Exception {\r
        initCtx();\r
        table = new PortSecurity(ctx);\r
        super.setup();\r
    }\r
\r
    @Test\r
    public void testDefaultDeny() throws Exception {\r
        FlowMap fm = dosync(null);\r
        int count = 0;\r
        Map<String, Flow> flowMap = new HashMap<>();\r
        for (Flow f : fm.getTableForNode(nodeId, (short) 0).getFlow()) {\r
            flowMap.put(f.getId().getValue(), f);\r
            Long etherType = null;\r
            if (f.getMatch() != null) {\r
                etherType = f.getMatch().getEthernetMatch().getEthernetType().getType().getValue();\r
            }\r
            if (f.getMatch() == null || FlowUtils.ARP.equals(etherType) || FlowUtils.IPv4.equals(etherType)\r
                    || FlowUtils.IPv6.equals(etherType)) {\r
                count += 1;\r
                assertEquals(FlowUtils.dropInstructions(), f.getInstructions());\r
            }\r
        }\r
        assertEquals(4, count);\r
        int numberOfFlows = fm.getTableForNode(nodeId, (short) 0).getFlow().size();\r
        fm = dosync(flowMap);\r
        assertEquals(numberOfFlows, fm.getTableForNode(nodeId, (short) 0).getFlow().size());\r
    }\r
\r
    @Test\r
    public void testNonLocalAllow() throws Exception {\r
        switchManager\r
            .addSwitch(new NodeId("openflow:1"),\r
                       new NodeConnectorId("openflow:1:1"),\r
                       ImmutableSet.of(new NodeConnectorId("openflow:1:2")),\r
                       null);\r
        FlowMap fm = dosync(null);\r
        assertNotEquals(0 ,fm.getTableForNode(nodeId, (short) 0).getFlow().size());\r
\r
        int count = 0;\r
        HashMap<String, Flow> flowMap = new HashMap<>();\r
        Set<String> ncs = ImmutableSet.of("openflow:1:1", "openflow:1:2");\r
        for (Flow f : fm.getTableForNode(nodeId, (short) 0).getFlow()) {\r
            flowMap.put(f.getId().getValue(), f);\r
            if (f.getMatch() != null && f.getMatch().getInPort() != null &&\r
                ncs.contains(f.getMatch().getInPort().getValue())) {\r
                assertEquals(f.getInstructions(),\r
                             FlowUtils.gotoTableInstructions((short)(table.getTableId()+1)));\r
                count += 1;\r
            }\r
        }\r
        assertEquals(2, count);\r
        int numberOfFlows = fm.getTableForNode(nodeId, (short) 0).getFlow().size();\r
        fm = dosync(flowMap);\r
        assertEquals(numberOfFlows, fm.getTableForNode(nodeId, (short) 0).getFlow().size());\r
    }\r
\r
    @Test\r
    public void testL2() throws Exception {\r
        List<L3Address> l3 = Collections.emptyList();\r
        Endpoint ep = localEP()\r
            .setL3Address(l3)\r
            .build();\r
\r
        endpointManager.addEndpoint(ep);\r
\r
        FlowMap fm = dosync(null);\r
        assertNotEquals(0 ,fm.getTableForNode(nodeId, (short) 0).getFlow().size());\r
\r
        int count = 0;\r
        HashMap<String, Flow> flowMap = new HashMap<>();\r
        for (Flow f : fm.getTableForNode(nodeId, (short) 0).getFlow()) {\r
            flowMap.put(f.getId().getValue(), f);\r
            if (f.getMatch() != null &&\r
                f.getMatch().getEthernetMatch() != null &&\r
                f.getMatch().getEthernetMatch().getEthernetSource() != null &&\r
                Objects.equals(ep.getMacAddress(),\r
                               f.getMatch().getEthernetMatch()\r
                                   .getEthernetSource().getAddress()) &&\r
                Objects.equals(ep.getAugmentation(OfOverlayContext.class).getNodeConnectorId(),\r
                               f.getMatch().getInPort())) {\r
                count += 1;\r
                assertEquals(FlowUtils.gotoTableInstructions((short)(table.getTableId()+1)),\r
                             f.getInstructions());\r
            }\r
        }\r
        assertEquals(2, count);\r
        int numberOfFlows = fm.getTableForNode(nodeId, (short) 0).getFlow().size();\r
        fm = dosync(flowMap);\r
        assertEquals(numberOfFlows, fm.getTableForNode(nodeId, (short) 0).getFlow().size());\r
    }\r
\r
    @Test\r
    public void testL3() throws Exception {\r
        Endpoint ep = localEP()\r
            .setL3Address(ImmutableList.of(new L3AddressBuilder()\r
                .setIpAddress(new IpAddress(new Ipv4Address("10.10.10.10")))\r
                .build(),\r
                new L3AddressBuilder()\r
                .setIpAddress(new IpAddress(new Ipv6Address("2001:db8:85a3::8a2e:370:7334")))\r
                .build()))\r
            .build();\r
\r
        endpointManager.addEndpoint(ep);\r
\r
        FlowMap fm = dosync(null);\r
        assertNotEquals(0 ,fm.getTableForNode(nodeId, (short) 0).getFlow().size());\r
\r
        int count = 0;\r
        HashMap<String, Flow> flowMap = new HashMap<>();\r
        for (Flow f : fm.getTableForNode(nodeId, (short) 0).getFlow()) {\r
            flowMap.put(f.getId().getValue(), f);\r
            if (f.getMatch() != null &&\r
                Objects.equals(ep.getAugmentation(OfOverlayContext.class).getNodeConnectorId(),\r
                               f.getMatch().getInPort()) &&\r
                ((f.getMatch().getLayer3Match() != null &&\r
                  f.getMatch().getLayer3Match() instanceof Ipv4Match &&\r
                  ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Source() != null &&\r
                  Objects.equals(ep.getL3Address().get(0).getIpAddress().getIpv4Address().getValue(),\r
                          ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Source().getValue().split("/")[0])) ||\r
                 (f.getMatch().getLayer3Match() != null &&\r
                         f.getMatch().getLayer3Match() instanceof Ipv4Match &&\r
                         ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Destination() != null &&\r
                  Objects.equals("255.255.255.255",\r
                          ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Destination().getValue().split("/")[0]))     ||\r
                 (f.getMatch().getLayer3Match() != null &&\r
                  f.getMatch().getLayer3Match() instanceof ArpMatch &&\r
                  Objects.equals(ep.getL3Address().get(0).getIpAddress().getIpv4Address().getValue(),\r
                                 ((ArpMatch)f.getMatch().getLayer3Match()).getArpSourceTransportAddress().getValue().split("/")[0])) ||\r
                 (f.getMatch().getLayer3Match() != null &&\r
                  f.getMatch().getLayer3Match() instanceof Ipv6Match &&\r
                  Objects.equals(ep.getL3Address().get(1).getIpAddress().getIpv6Address().getValue(),\r
                                 ((Ipv6Match)f.getMatch().getLayer3Match()).getIpv6Source().getValue().split("/")[0])))) {\r
                count += 1;\r
                assertEquals(FlowUtils.gotoTableInstructions((short)(table.getTableId()+1)),\r
                             f.getInstructions());\r
            }\r
        }\r
        assertEquals(4, count);\r
        int numberOfFlows = fm.getTableForNode(nodeId, (short) 0).getFlow().size();\r
        fm = dosync(flowMap);\r
        assertEquals(numberOfFlows, fm.getTableForNode(nodeId, (short) 0).getFlow().size());\r
    }\r
}\r