2 * Copyright (c) 2015 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.groupbasedpolicy.renderer.ofoverlay.mapper.policyenforcer;
11 import static org.junit.Assert.assertEquals;
12 import static org.junit.Assert.assertNotEquals;
13 import static org.junit.Assert.assertTrue;
14 import static org.mockito.Mockito.when;
15 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.applyActionIns;
16 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.instructions;
17 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxOutputRegAction;
19 import java.util.ArrayList;
20 import java.util.Collections;
21 import java.util.List;
23 import java.util.Objects;
25 import com.google.common.collect.ImmutableList;
26 import com.google.common.collect.ImmutableMap;
27 import org.junit.Before;
28 import org.junit.Test;
29 import org.junit.runner.RunWith;
30 import org.opendaylight.groupbasedpolicy.api.sf.ChainActionDefinition;
31 import org.opendaylight.groupbasedpolicy.dto.ConditionGroup;
32 import org.opendaylight.groupbasedpolicy.dto.EgKey;
33 import org.opendaylight.groupbasedpolicy.dto.PolicyInfo;
34 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.MockOfContext;
35 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.MockPolicyManager;
36 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.OfWriter;
37 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.PolicyManager;
38 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.endpoint.MockEndpointManager;
39 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils;
40 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.RegMatch;
41 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.OrdinalFactory;
42 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.mapper.MapperUtilsTest;
43 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.node.MockSwitchManager;
44 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.AllowAction;
45 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.ChainAction;
46 import org.opendaylight.sfc.provider.api.SfcProviderServicePathAPI;
47 import org.opendaylight.yang.gen.v1.urn.cisco.params.xml.ns.yang.sfc.common.rev151017.SfcName;
48 import org.opendaylight.yang.gen.v1.urn.cisco.params.xml.ns.yang.sfc.common.rev151017.SfpName;
49 import org.opendaylight.yang.gen.v1.urn.cisco.params.xml.ns.yang.sfc.sfp.rev140701.ServiceFunctionPaths;
50 import org.opendaylight.yang.gen.v1.urn.cisco.params.xml.ns.yang.sfc.sfp.rev140701.ServiceFunctionPathsBuilder;
51 import org.opendaylight.yang.gen.v1.urn.cisco.params.xml.ns.yang.sfc.sfp.rev140701.service.function.paths.ServiceFunctionPath;
52 import org.opendaylight.yang.gen.v1.urn.cisco.params.xml.ns.yang.sfc.sfp.rev140701.service.function.paths.ServiceFunctionPathBuilder;
53 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpAddress;
54 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Address;
55 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.PortNumber;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ActionName;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ConditionMatcherName;
62 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ConditionName;
63 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
64 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
65 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.Endpoint;
66 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.EndpointBuilder;
67 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.OfOverlayNodeConfigBuilder;
68 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.nodes.node.TunnelBuilder;
69 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
70 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.Matcher.MatchType;
71 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRefBuilder;
72 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
73 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRefBuilder;
74 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.condition.matchers.ConditionMatcherBuilder;
75 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.conditions.Condition;
76 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.conditions.ConditionBuilder;
77 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
78 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;
79 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.TenantBuilder;
80 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.PolicyBuilder;
81 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.ContractBuilder;
82 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.ClauseBuilder;
83 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.Subject;
84 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.SubjectBuilder;
85 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ConsumerMatchersBuilder;
86 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ProviderMatchersBuilder;
87 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.subject.Rule;
88 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.subject.RuleBuilder;
89 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ActionInstance;
90 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ActionInstanceBuilder;
91 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
92 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
93 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg0;
94 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg1;
95 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg2;
96 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg3;
97 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg7;
98 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowplugin.extension.general.rev140714.ExtensionKey;
99 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowplugin.extension.general.rev140714.GeneralAugMatchNodesNodeTableFlow;
100 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowplugin.extension.general.rev140714.general.extension.grouping.Extension;
101 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowplugin.extension.general.rev140714.general.extension.list.grouping.ExtensionList;
102 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowplugin.extension.nicira.match.rev140714.NxAugMatchNodesNodeTableFlow;
103 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowplugin.extension.nicira.match.rev140714.NxmNxReg0Key;
104 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowplugin.extension.nicira.match.rev140714.NxmNxReg2Key;
105 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.overlay.rev150105.TunnelTypeVxlan;
106 import org.powermock.api.mockito.PowerMockito;
107 import org.powermock.core.classloader.annotations.PrepareForTest;
108 import org.powermock.modules.junit4.PowerMockRunner;
110 @RunWith(PowerMockRunner.class)
111 @PrepareForTest({PolicyManager.class, SfcProviderServicePathAPI.class})
112 public class PolicyEnforcerTest extends MapperUtilsTest {
114 private static final String SFC_CHAIN = "sfc-chain";
115 private static final String TCP_DST = "tcp_dst_80";
116 private static final int sameEpgFlows = 1;
117 private static final int allowTunnelFlows = 1;
118 private static final int layer4flowsIPv4 = 1;
119 private static final int layer4flowsIPv6 = 1;
121 private NodeConnectorId tunnelId = new NodeConnectorId(NODE_ID.getValue() + ":42");
122 private NodeConnectorId nodeConnector = new NodeConnectorId(NODE_ID.getValue() + CONNECTOR_0);
124 // custom mock instances to avoid downcasting of parent's fields
125 private MockEndpointManager endpointManagerMock;
126 private MockPolicyManager policyManagerMock;
127 private MockSwitchManager switchManagerMock;
128 private MockOfContext ctxMock;
130 private ActionInstance allowActionInstance;
131 private ActionInstance chainActionInstance;
135 PowerMockito.stub(PowerMockito.method(PolicyManager.class, "setSfcTableOffset")).toReturn(true);
137 endpointManagerMock = new MockEndpointManager();
138 policyManagerMock = new MockPolicyManager(endpointManagerMock);
139 switchManagerMock = new MockSwitchManager();
140 ctxMock = new MockOfContext(null, policyManagerMock, switchManagerMock, endpointManagerMock, null);
141 table = new PolicyEnforcer(ctxMock, ctxMock.getPolicyManager().getTABLEID_POLICY_ENFORCER());
143 ServiceFunctionPath path = new ServiceFunctionPathBuilder().setName(new SfpName("sfp-name"))
144 .setServiceChainName(new SfcName(SFC_CHAIN))
147 ServiceFunctionPaths paths =
148 new ServiceFunctionPathsBuilder().setServiceFunctionPath(ImmutableList.of(path)).build();
150 PowerMockito.mockStatic(SfcProviderServicePathAPI.class);
151 when(SfcProviderServicePathAPI.readAllServiceFunctionPaths()).thenReturn(paths);
153 allowActionInstance = new ActionInstanceBuilder().setName(new ActionName("allow"))
154 .setActionDefinitionId(new AllowAction().getId())
157 ParameterValue pv = new ParameterValueBuilder().setName(new ParameterName(ChainActionDefinition.SFC_CHAIN_NAME))
158 .setStringValue(SFC_CHAIN)
160 chainActionInstance = new ActionInstanceBuilder().setName(new ActionName("chain"))
161 .setActionDefinitionId(new ChainAction().getId())
162 .setParameterValue(ImmutableList.of(pv))
166 .addSwitch(NODE_ID, tunnelId,
169 new OfOverlayNodeConfigBuilder()
170 .setTunnel(ImmutableList.of(new TunnelBuilder().setIp(new IpAddress(new Ipv4Address("1.2.3.4")))
171 .setTunnelType(TunnelTypeVxlan.class)
172 .setNodeConnectorId(tunnelId)
178 public void test_SameEg() throws Exception {
179 EndpointBuilder ep1Builder = buildEndpoint(IPV4_0, MAC_0, nodeConnector);
180 ep1Builder.setEndpointGroup(ENDPOINT_GROUP_0);
181 ep1Builder.setL2Context(L2BD_ID);
182 Endpoint ep1 = ep1Builder.build();
183 endpointManagerMock.addEndpoint(ep1);
184 EndpointBuilder ep2Builder = buildEndpoint(IPV4_1, MAC_1, nodeConnector);
185 ep2Builder.setEndpointGroup(ENDPOINT_GROUP_1);
186 ep2Builder.setL2Context(L2BD_ID);
187 Endpoint ep2 = ep2Builder.build();
188 endpointManagerMock.addEndpoint(ep2);
189 ctxMock.addTenant(buildTenant().setPolicy(new PolicyBuilder(buildTenant().getPolicy())
190 .setContract(ImmutableList.of(baseContract(null).build())).build()).build());
192 ofWriter = new OfWriter();
193 table.sync(ep1, ofWriter);
195 assertTrue(!ofWriter.getTableForNode(NODE_ID, ctxMock.getPolicyManager().getTABLEID_POLICY_ENFORCER())
200 for (Flow f : ofWriter.getTableForNode(NODE_ID, ctxMock.getPolicyManager().getTABLEID_POLICY_ENFORCER())
202 if (isAllowSameEpg(f)) {
206 assertEquals(sameEpgFlows, count);
208 int totalFlows = sameEpgFlows + allowTunnelFlows + layer4flowsIPv4 + layer4flowsIPv6;
209 assertEquals(totalFlows, ofWriter
210 .getTableForNode(NODE_ID, ctxMock.getPolicyManager().getTABLEID_POLICY_ENFORCER()).getFlow().size());
214 public void test_DifferentEg() throws Exception {
215 int totalFlows = sameEpgFlows + allowTunnelFlows;
216 assertEquals(totalFlows, doTestDifferentEg(ImmutableList.of(baseSubject(null).build()), allowActionInstance));
217 // one layer4 flow for each direction
218 totalFlows = sameEpgFlows + allowTunnelFlows + (2 * layer4flowsIPv4) + (2 * layer4flowsIPv6);
219 assertEquals(totalFlows,
220 doTestDifferentEg(ImmutableList.of(baseSubject(Direction.Bidirectional).build()), allowActionInstance));
221 totalFlows = sameEpgFlows + allowTunnelFlows + layer4flowsIPv4 + layer4flowsIPv6;
222 assertEquals(totalFlows,
223 doTestDifferentEg(ImmutableList.of(baseSubject(Direction.In).build()), allowActionInstance));
224 assertEquals(totalFlows,
225 doTestDifferentEg(ImmutableList.of(baseSubject(Direction.Out).build()), allowActionInstance));
229 public void test_Rules() throws Exception {
230 Rule rule1 = new RuleBuilder()
231 .setActionRef(ImmutableList.of(new ActionRefBuilder().setName(new ActionName(ALLOW)).build()))
232 .setClassifierRef(createClassifierRefs(ImmutableMap.of(TCP_DST, Direction.In, TCP_SRC, Direction.In)))
234 Rule rule2 = new RuleBuilder()
235 .setActionRef(ImmutableList.of(new ActionRefBuilder().setName(new ActionName(ALLOW)).build()))
236 .setClassifierRef(createClassifierRefs(ImmutableMap.of(TCP_DST, Direction.In, TCP_SRC, Direction.Out)))
238 Rule rule3 = new RuleBuilder()
239 .setActionRef(ImmutableList.of(new ActionRefBuilder().setName(new ActionName(ALLOW)).build()))
240 .setClassifierRef(createClassifierRefs(
241 ImmutableMap.of(TCP_DST, Direction.In, TCP_SRC, Direction.Out, "ether_type", Direction.In)))
243 Rule rule4 = new RuleBuilder()
244 .setActionRef(ImmutableList.of(new ActionRefBuilder().setName(new ActionName(ALLOW)).build()))
245 .setClassifierRef(createClassifierRefs(ImmutableMap.of(TCP_DST, Direction.In, "tcp_dst_90", Direction.In)))
248 int totalFlows = sameEpgFlows + allowTunnelFlows + layer4flowsIPv4 + layer4flowsIPv6;
249 assertEquals(totalFlows,
250 doTestDifferentEg(ImmutableList.of(createSubject("s1", ImmutableList.of(rule1))), allowActionInstance));
251 // one layer4 flow for each direction
252 totalFlows = sameEpgFlows + allowTunnelFlows + (2 * layer4flowsIPv4) + (2 * layer4flowsIPv6);
253 assertEquals(totalFlows,
254 doTestDifferentEg(ImmutableList.of(createSubject("s2", ImmutableList.of(rule2))), allowActionInstance));
255 // only one ether_type for out direction
256 totalFlows = sameEpgFlows + allowTunnelFlows + (2 * layer4flowsIPv4) + layer4flowsIPv6;
257 assertEquals(totalFlows,
258 doTestDifferentEg(ImmutableList.of(createSubject("s3", ImmutableList.of(rule3))), allowActionInstance));
259 totalFlows = sameEpgFlows + allowTunnelFlows;
260 assertEquals(totalFlows,
261 doTestDifferentEg(ImmutableList.of(createSubject("s4", ImmutableList.of(rule4))), allowActionInstance));
265 public void test_Rules_ChainAction() throws Exception {
266 Rule rule1 = new RuleBuilder()
267 .setActionRef(ImmutableList.of(new ActionRefBuilder().setName(new ActionName(CHAIN)).build()))
268 .setClassifierRef(createClassifierRefs(ImmutableMap.of(TCP_DST, Direction.In, TCP_SRC, Direction.In)))
270 Rule rule2 = new RuleBuilder()
271 .setActionRef(ImmutableList.of(new ActionRefBuilder().setName(new ActionName(CHAIN)).build()))
272 .setClassifierRef(createClassifierRefs(ImmutableMap.of(TCP_DST, Direction.In, TCP_SRC, Direction.Out)))
274 Rule rule3 = new RuleBuilder()
275 .setActionRef(ImmutableList.of(new ActionRefBuilder().setName(new ActionName(CHAIN)).build()))
276 .setClassifierRef(createClassifierRefs(
277 ImmutableMap.of(TCP_DST, Direction.In, TCP_SRC, Direction.Out, "ether_type", Direction.In)))
279 Rule rule4 = new RuleBuilder()
280 .setActionRef(ImmutableList.of(new ActionRefBuilder().setName(new ActionName(CHAIN)).build()))
281 .setClassifierRef(createClassifierRefs(ImmutableMap.of(TCP_DST, Direction.In, "tcp_dst_90", Direction.In)))
285 doTestDifferentEg(ImmutableList.of(createSubject("s1", ImmutableList.of(rule1))), chainActionInstance));
287 doTestDifferentEg(ImmutableList.of(createSubject("s2", ImmutableList.of(rule2))), chainActionInstance));
289 doTestDifferentEg(ImmutableList.of(createSubject("s3", ImmutableList.of(rule3))), chainActionInstance));
291 doTestDifferentEg(ImmutableList.of(createSubject("s4", ImmutableList.of(rule4))), chainActionInstance));
294 private int doTestDifferentEg(List<Subject> subjects, ActionInstance actionInstance) throws Exception {
295 EndpointBuilder ep1Builder = buildEndpoint(IPV4_0, MAC_0, nodeConnector);
296 ep1Builder.setEndpointGroup(ENDPOINT_GROUP_0);
297 ep1Builder.setL2Context(L2BD_ID);
298 Endpoint ep1 = ep1Builder.build();
299 endpointManagerMock.addEndpoint(ep1);
300 EndpointBuilder ep2Builder = buildEndpoint(IPV4_1, MAC_1, nodeConnector);
301 ep2Builder.setEndpointGroup(ENDPOINT_GROUP_1);
302 ep2Builder.setL2Context(L2BD_ID);
303 Endpoint ep2 = ep2Builder.build();
304 endpointManagerMock.addEndpoint(ep2);
306 TenantBuilder tb = buildTenant(actionInstance);
307 ctxMock.addTenant(tb.setPolicy(
308 new PolicyBuilder(tb.getPolicy()).setContract(ImmutableList.of(baseContract(subjects).build())).build())
311 ofWriter = new OfWriter();
312 table.sync(ep1, ofWriter);
314 assertTrue(!ofWriter.getTableForNode(NODE_ID, ctxMock.getPolicyManager().getTABLEID_POLICY_ENFORCER())
319 for (Flow f : ofWriter.getTableForNode(NODE_ID, ctxMock.getPolicyManager().getTABLEID_POLICY_ENFORCER())
321 if (isAllowSameEpg(f)) {
323 } else if (f.getMatch() != null && Objects.equals(tunnelId, f.getMatch().getInPort())) {
324 assertEquals(instructions(applyActionIns(nxOutputRegAction(NxmNxReg7.class))), f.getInstructions());
326 } else if (f.getMatch() != null && f.getMatch().getEthernetMatch() != null
327 && Objects.equals(FlowUtils.IPv4,
328 f.getMatch().getEthernetMatch().getEthernetType().getType().getValue())
329 && f.getMatch().getIpMatch() != null
330 && Objects.equals((short) 6, f.getMatch().getIpMatch().getIpProtocol())
331 && f.getMatch().getLayer4Match() != null
332 && (Objects.equals(new PortNumber(80),
333 ((TcpMatch) f.getMatch().getLayer4Match()).getTcpSourcePort())
334 || Objects.equals(new PortNumber(80),
335 ((TcpMatch) f.getMatch().getLayer4Match()).getTcpDestinationPort()))) {
337 } else if (f.getMatch() != null && f.getMatch().getEthernetMatch() != null
338 && Objects.equals(FlowUtils.IPv6,
339 f.getMatch().getEthernetMatch().getEthernetType().getType().getValue())
340 && f.getMatch().getIpMatch() != null
341 && Objects.equals((short) 6, f.getMatch().getIpMatch().getIpProtocol())
342 && f.getMatch().getLayer4Match() != null
343 && (Objects.equals(new PortNumber(80),
344 ((TcpMatch) f.getMatch().getLayer4Match()).getTcpSourcePort())
345 || Objects.equals(new PortNumber(80),
346 ((TcpMatch) f.getMatch().getLayer4Match()).getTcpDestinationPort()))) {
354 public void test_Conditions() throws Exception {
355 Condition cond1 = new ConditionBuilder().setName(new ConditionName("cond1")).build();
356 Condition cond2 = new ConditionBuilder().setName(new ConditionName("cond2")).build();
358 EndpointBuilder ep1Builder = buildEndpoint(IPV4_0, MAC_0, nodeConnector);
359 ep1Builder.setEndpointGroup(ENDPOINT_GROUP_0);
360 ep1Builder.setL2Context(L2BD_ID);
361 ep1Builder.setCondition(ImmutableList.of(cond1.getName())).build();
362 Endpoint ep1 = ep1Builder.build();
363 endpointManagerMock.addEndpoint(ep1);
364 EndpointBuilder ep2Builder = buildEndpoint(IPV4_1, MAC_1, nodeConnector);
365 ep2Builder.setEndpointGroup(ENDPOINT_GROUP_1);
366 ep2Builder.setL2Context(L2BD_ID);
367 ep2Builder.setCondition(ImmutableList.of(cond1.getName(), cond2.getName())).build();
368 Endpoint ep2 = ep2Builder.build();
369 endpointManagerMock.addEndpoint(ep2);
371 TenantBuilder tb = buildTenant().setPolicy(new PolicyBuilder(buildTenant().getPolicy())
372 .setContract(ImmutableList.of(new ContractBuilder().setId(CONTRACT_ID)
373 .setSubject(ImmutableList.of(baseSubject(Direction.Out).build()))
374 .setClause(ImmutableList.of(new ClauseBuilder().setName(new ClauseName("test"))
375 .setSubjectRefs(ImmutableList.of(new SubjectName("s1")))
376 .setConsumerMatchers(new ConsumerMatchersBuilder().setConditionMatcher(
377 ImmutableList.of(new ConditionMatcherBuilder().setName(new ConditionMatcherName("m1"))
378 .setCondition(ImmutableList.of(cond1, cond2))
379 .setMatchType(MatchType.Any)
382 .setProviderMatchers(new ProviderMatchersBuilder()
383 .setConditionMatcher(
384 ImmutableList.of(new ConditionMatcherBuilder().setName(new ConditionMatcherName("m2"))
385 .setCondition(ImmutableList.of(cond1, cond2))
386 .setMatchType(MatchType.All)
392 ctxMock.addTenant(tb.build());
394 PolicyInfo policy = ctxMock.getCurrentPolicy();
395 List<ConditionName> ep1c = endpointManagerMock.getConditionsForEndpoint(ep1);
396 ConditionGroup cg1 = policy.getEgCondGroup(new EgKey(tb.getId(), ep1.getEndpointGroup()), ep1c);
397 List<ConditionName> ep2c = endpointManagerMock.getConditionsForEndpoint(ep2);
398 ConditionGroup cg2 = policy.getEgCondGroup(new EgKey(tb.getId(), ep2.getEndpointGroup()), ep2c);
399 int cg1Id = OrdinalFactory.getCondGroupOrdinal(cg1);
400 int cg2Id = OrdinalFactory.getCondGroupOrdinal(cg2);
401 int eg1Id = OrdinalFactory.getContextOrdinal(ep1.getTenant(), ep1.getEndpointGroup());
402 int eg2Id = OrdinalFactory.getContextOrdinal(ep1.getTenant(), ep2.getEndpointGroup());
404 assertNotEquals(cg1Id, cg2Id);
406 MatchBuilder mb = new MatchBuilder();
407 FlowUtils.addNxRegMatch(mb, RegMatch.of(NxmNxReg0.class, (long) eg1Id),
408 RegMatch.of(NxmNxReg1.class, (long) cg1Id), RegMatch.of(NxmNxReg2.class, (long) eg2Id),
409 RegMatch.of(NxmNxReg3.class, (long) cg2Id));
411 ofWriter = new OfWriter();
412 table.sync(ep1, ofWriter);
413 // one layer4 flow for each direction
416 int totalFlows = sameEpgFlows + allowTunnelFlows + layer4flowsIPv4 + layer4flowsIPv6 + arpFlows + dropAllFlow;
417 assertEquals(totalFlows, ofWriter
418 .getTableForNode(NODE_ID, ctxMock.getPolicyManager().getTABLEID_POLICY_ENFORCER()).getFlow().size());
419 for (Flow f : ofWriter.getTableForNode(NODE_ID, ctxMock.getPolicyManager().getTABLEID_POLICY_ENFORCER())
421 if (f.getMatch() != null && f.getMatch().getEthernetMatch() != null) {
425 // flows with ether_type match
426 totalFlows = layer4flowsIPv4 + layer4flowsIPv6 + arpFlows;
427 assertEquals(totalFlows, count);
430 private boolean isAllowSameEpg(Flow flow) {
431 // flow has to have exactly 2 registers set, namely NxmNxReg0 and NxmNxReg2
432 // (these register values don't have to be equal)
434 if (flow != null && flow.getMatch() != null) {
435 GeneralAugMatchNodesNodeTableFlow genAug =
436 flow.getMatch().getAugmentation(GeneralAugMatchNodesNodeTableFlow.class);
437 if (genAug != null) {
438 List<ExtensionList> extensions = genAug.getExtensionList();
439 if (extensions != null && extensions.size() == 2) {
442 for (ExtensionList extensionList : extensions) {
443 Class<? extends ExtensionKey> extensionKey = extensionList.getExtensionKey();
444 Extension extension = extensionList.getExtension();
445 if (extensionKey != null && extension != null) {
446 NxAugMatchNodesNodeTableFlow nxAugMatch =
447 extension.getAugmentation(NxAugMatchNodesNodeTableFlow.class);
448 if (nxAugMatch != null && nxAugMatch.getNxmNxReg() != null) {
449 if (extensionKey.equals(NxmNxReg0Key.class)) {
450 reg0 = nxAugMatch.getNxmNxReg().getValue();
451 } else if (extensionKey.equals(NxmNxReg2Key.class)) {
452 reg2 = nxAugMatch.getNxmNxReg().getValue();
457 if (reg0 != null && reg2 != null) {
466 private ContractBuilder baseContract(List<Subject> subjects) {
467 ContractBuilder contractBuilder = new ContractBuilder().setId(CONTRACT_ID).setSubject(subjects);
468 if (subjects == null) {
469 return contractBuilder.setClause(ImmutableList.of(new ClauseBuilder().setName(new ClauseName("test"))
470 .setSubjectRefs(ImmutableList.of(new SubjectName("s1")))
473 List<SubjectName> subjectNames = new ArrayList<>();
474 for (Subject subject : subjects) {
475 subjectNames.add(subject.getName());
477 return contractBuilder.setClause(ImmutableList
478 .of(new ClauseBuilder().setName(new ClauseName("test")).setSubjectRefs(subjectNames).build()));
481 private SubjectBuilder baseSubject(Direction direction) {
482 return new SubjectBuilder().setName(new SubjectName("s1"))
483 .setRule(ImmutableList.of(new RuleBuilder()
484 .setActionRef(ImmutableList.of(new ActionRefBuilder().setName(new ActionName(ALLOW)).build()))
485 .setClassifierRef(ImmutableList.of(new ClassifierRefBuilder().setName(new ClassifierName(TCP_DST))
486 .setDirection(direction)
487 .setInstanceName(new ClassifierName(TCP_DST))
492 private Subject createSubject(String name, List<Rule> rules) {
493 return new SubjectBuilder().setName(new SubjectName(name)).setRule(rules).build();
496 private List<ClassifierRef> createClassifierRefs(Map<String, Direction> refNamesAndDirections) {
497 List<ClassifierRef> refs = new ArrayList<>();
498 for (String refName : refNamesAndDirections.keySet()) {
499 refs.add(new ClassifierRefBuilder().setName(new ClassifierName(refName))
500 .setDirection(refNamesAndDirections.get(refName))
501 .setInstanceName(new ClassifierName(refName))