private static final int DHCPV6_DESTINATION_PORT = 546;
private static final String HOST_MASK = "/32";
private static final String V6_HOST_MASK = "/128";
+ private static final String IP_VERSION_4 = "IPv4";
+ private static final String IP_VERSION_6 = "IPv6";
private static final int PORT_RANGE_MIN = 1;
private static final int PORT_RANGE_MAX = 65535;
public void programPortSecurityRule(Long dpid, String segmentationId, String attachedMac,
long localPort, NeutronSecurityRule portSecurityRule,
Neutron_IPs vmIp, boolean write) {
+ String securityRuleEtherType = portSecurityRule.getSecurityRuleEthertype();
+ boolean isIpv6 = securityRuleEtherType.equals(IP_VERSION_6);
+ if (!securityRuleEtherType.equals(IP_VERSION_6) && !securityRuleEtherType.equals(IP_VERSION_4)) {
+ LOG.debug("programPortSecurityRule: SecurityRuleEthertype {} does not match IPv4/v6.", securityRuleEtherType);
+ return;
+ }
+
if (null == portSecurityRule.getSecurityRuleProtocol()) {
/* TODO Rework on the priority values */
- boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals("IPv6");
egressAclIP(dpid, isIpv6, segmentationId, attachedMac,
write, Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY);
} else {
String ipaddress = null;
if (null != vmIp) {
ipaddress = vmIp.getIpAddress();
+ try {
+ InetAddress address = InetAddress.getByName(ipaddress);
+ if ((isIpv6 && (address instanceof Inet4Address)) || (!isIpv6 && address instanceof Inet6Address)) {
+ LOG.debug("programPortSecurityRule: Remote vmIP {} does not match with SecurityRuleEthertype {}.", ipaddress, securityRuleEtherType);
+ return;
+ }
+ } catch (UnknownHostException e) {
+ LOG.warn("Invalid IP address {}", ipaddress);
+ return;
+ }
}
switch (portSecurityRule.getSecurityRuleProtocol()) {
boolean portRange = false;
MatchBuilder matchBuilder = new MatchBuilder();
String flowId = "Egress_TCP_" + segmentationId + "_" + srcMac + "_";
- boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals("IPv6");
+ boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals(IP_VERSION_6);
if (isIpv6) {
matchBuilder = MatchUtils.createV6EtherMatchWithType(matchBuilder,srcMac,null);
} else {
NeutronSecurityRule portSecurityRule, String dstAddress,
boolean write, Integer protoPortMatchPriority) {
- boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals("IPv6");
+ boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals(IP_VERSION_6);
if (isIpv6) {
egressAclIcmpV6(dpidLong, segmentationId, srcMac, portSecurityRule, dstAddress, write, protoPortMatchPriority);
} else {
boolean portRange = false;
MatchBuilder matchBuilder = new MatchBuilder();
String flowId = "Egress_UDP_" + segmentationId + "_" + srcMac + "_";
- boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals("IPv6");
+ boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals(IP_VERSION_6);
if (isIpv6) {
- matchBuilder = MatchUtils.createV6EtherMatchWithType(matchBuilder,srcMac,null);
+ matchBuilder = MatchUtils.createV6EtherMatchWithType(matchBuilder,srcMac,null);
} else {
matchBuilder = MatchUtils.createV4EtherMatchWithType(matchBuilder,srcMac,null);
}
import org.slf4j.LoggerFactory;
import java.math.BigInteger;
+import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
private volatile SecurityGroupCacheManger securityGroupCacheManger;
private static final int PORT_RANGE_MIN = 1;
private static final int PORT_RANGE_MAX = 65535;
+ private static final String IP_VERSION_4 = "IPv4";
+ private static final String IP_VERSION_6 = "IPv6";
public IngressAclService() {
super(Service.INGRESS_ACL);
public void programPortSecurityRule(Long dpid, String segmentationId, String attachedMac,
long localPort, NeutronSecurityRule portSecurityRule,
Neutron_IPs vmIp, boolean write) {
+ String securityRuleEtherType = portSecurityRule.getSecurityRuleEthertype();
+ boolean isIpv6 = securityRuleEtherType.equals(IP_VERSION_6);
+ if (!securityRuleEtherType.equals(IP_VERSION_6) && !securityRuleEtherType.equals(IP_VERSION_4)) {
+ LOG.debug("programPortSecurityRule: SecurityRuleEthertype {} does not match IPv4/v6.", securityRuleEtherType);
+ return;
+ }
+
if (null == portSecurityRule.getSecurityRuleProtocol()) {
- boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals("IPv6");
ingressAclIP(dpid, isIpv6, segmentationId, attachedMac,
write, Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY);
} else {
String ipaddress = null;
if (null != vmIp) {
ipaddress = vmIp.getIpAddress();
- }
+ try {
+ InetAddress address = InetAddress.getByName(vmIp.getIpAddress());
+ if ((isIpv6 && (address instanceof Inet4Address)) || (!isIpv6 && address instanceof Inet6Address)) {
+ LOG.debug("programPortSecurityRule: Remote vmIP {} does not match with SecurityRuleEthertype {}.", ipaddress, securityRuleEtherType);
+ return;
+ }
+ } catch(UnknownHostException e) {
+ LOG.warn("Invalid IP address {}", ipaddress);
+ return;
+ }
+ }
switch (portSecurityRule.getSecurityRuleProtocol()) {
case MatchUtils.TCP:
boolean portRange = false;
MatchBuilder matchBuilder = new MatchBuilder();
String flowId = "Ingress_TCP_" + segmentationId + "_" + dstMac + "_";
- boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals("IPv6");
+ boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals(IP_VERSION_6);
if (isIpv6) {
matchBuilder = MatchUtils.createV6EtherMatchWithType(matchBuilder,null,dstMac);
} else {
NeutronSecurityRule portSecurityRule, String srcAddress,
boolean write, Integer protoPortMatchPriority ) {
boolean portRange = false;
- boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals("IPv6");
+ boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals(IP_VERSION_6);
MatchBuilder matchBuilder = new MatchBuilder();
String flowId = "Ingress_UDP_" + segmentationId + "_" + dstMac + "_";
if (isIpv6) {
NeutronSecurityRule portSecurityRule, String srcAddress,
boolean write, Integer protoPortMatchPriority) {
- boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals("IPv6");
+ boolean isIpv6 = portSecurityRule.getSecurityRuleEthertype().equals(IP_VERSION_6);
if (isIpv6) {
ingressAclIcmpV6(dpidLong, segmentationId, dstMac, portSecurityRule, srcAddress, write, protoPortMatchPriority);
} else {
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv6Match;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
@Mock private NeutronSecurityGroup securityGroup;
@Mock private NeutronSecurityRule portSecurityRule;
+ @Mock private NeutronSecurityGroup securityGroupIpv6;
+ @Mock private NeutronSecurityRule portSecurityIpv6Rule;
@Mock private SecurityServicesManager securityServices;
@Mock private SecurityGroupCacheManger securityGroupCacheManger;
private Neutron_IPs neutron_ip_src;
private Neutron_IPs neutron_ip_dest_1;
private Neutron_IPs neutron_ip_dest_2;
+ private Neutron_IPs neutron_ipv6_dest_1;
+ private Neutron_IPs neutron_ipv6_dest_2;
private List<Neutron_IPs> neutronSrcIpList = new ArrayList<>();
private List<Neutron_IPs> neutronDestIpList = new ArrayList<>();
private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
private static final String SRC_IP = "192.168.0.1";
private static final String DEST_IP_1 = "192.169.0.1";
private static final String DEST_IP_2 = "192.169.0.2";
+ private static final String IPV6_DEST_IP_1 = "2001:db8:2::200";
+ private static final String IPV6_DEST_IP_2 = "2001:db8:2::201";
private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
+ private static final Long IPV6_ETHER_TYPE = (long) 0x86DD;
+ private static final Long IPV4_ETHER_TYPE = (long) 0x0800;
private static final String SEGMENT_ID = "2";
private static final Long DP_ID_LONG = (long) 1554;
private static final Long LOCAL_PORT = (long) 124;
when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
portSecurityRule = mock(NeutronSecurityRule.class);
+ portSecurityIpv6Rule = mock(NeutronSecurityRule.class);
when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
+ when(portSecurityIpv6Rule.getSecurityRuleEthertype()).thenReturn("IPv6");
+ when(portSecurityIpv6Rule.getSecurityRuleDirection()).thenReturn("egress");
List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
portSecurityList.add(portSecurityRule);
neutron_ip_dest_2.setIpAddress(DEST_IP_2);
neutronDestIpList.add(neutron_ip_dest_2);
+ List<NeutronSecurityRule> portSecurityIpv6List = new ArrayList<>();
+ portSecurityIpv6List.add(portSecurityIpv6Rule);
+ when(securityGroupIpv6.getSecurityRules()).thenReturn(portSecurityIpv6List);
+
+ neutron_ipv6_dest_1 = new Neutron_IPs();
+ neutron_ipv6_dest_1.setIpAddress(IPV6_DEST_IP_1);
+ neutronDestIpList.add(neutron_ipv6_dest_1);
+
+ neutron_ipv6_dest_2 = new Neutron_IPs();
+ neutron_ipv6_dest_2.setIpAddress(IPV6_DEST_IP_2);
+ neutronDestIpList.add(neutron_ipv6_dest_2);
+
when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
when(securityServices.getVmListForSecurityGroup(PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
- verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
+ verify(writeTransaction, times(1)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
+ verify(writeTransaction, times(1)).submit();
+ verify(commitFuture, times(1)).checkedGet();
+ }
+
+ /**
+ * Test IPv6 add test case.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddIpv6() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(null);
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(null);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(null);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
+
+ egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroupIpv6, PORT_UUID, true);
+
+ verify(writeTransaction, times(1)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
verify(writeTransaction, times(1)).submit();
verify(commitFuture, times(1)).checkedGet();
}
}
/**
- * Test TCP add with port no and CIDR selected.
+ * Test IPv6 remove test case.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveIpv6() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(null);
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(null);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(null);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
+
+ egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroupIpv6, PORT_UUID, false);
+ verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
+ verify(writeTransaction, times(1)).submit();
+ verify(commitFuture, times(1)).get();
+ }
+
+ /**
+ * Test IPv4 TCP add with port no and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
}
/**
- * Test TCP remove with port no and CIDR selected.
+ * Test IPv6 TCP add with port no and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddTcp1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(20);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(20);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port=portSecurityIpv6Rule.getSecurityRulePortMin();
+ Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 TCP remove with port no and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
}
/**
- * Test TCP add with port no and remote SG selected.
+ * Test IPv6 TCP remove with port no and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveTcp1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(30);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(30);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port=portSecurityIpv6Rule.getSecurityRulePortMin();
+ Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 TCP add with port no and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
}
/**
- * Test TCP remove with port no and remote SG selected.
+ * Test IPv6 TCP add with port no and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddTcp2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(40);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(40);
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
+ int port=portSecurityIpv6Rule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + IPV6_DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + IPV6_DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 TCP remove with port no and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
}
/**
- * Test TCP add with port range (All TCP) and CIDR selected.
+ * Test IPv6 TCP remove with port no and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveTcp2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
+ int port=portSecurityIpv6Rule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 TCP add with port range (All TCP) and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+ }
+
+ /**
+ * Test IPv6 TCP add with port range (All TCP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddTcpAll1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
}
/**
- * Test TCP remove with port range (All TCP) and CIDR selected.
+ * Test IPv4 TCP remove with port range (All TCP) and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
-
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
}
/**
- * Test TCP add with port range (All TCP) and remote SG selected.
+ * Test IPv6 TCP remove with port range (All TCP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveTcpAll1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 TCP add with port range (All TCP) and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
}
/**
- * Test TCP remove with port range (All TCP) and remote SG selected.
+ * Test IPv6 TCP add with port range (All TCP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddTcpAll2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 TCP remove with port range (All TCP) and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
}
/**
- * Test UDP add with port no and CIDR selected.
+ * Test IPv6 TCP remove with port range (All TCP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveTcpAll2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 UDP add with port no and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
}
/**
- * Test UDP remove with port no and CIDR selected.
+ * Test IPv6 UDP add with port no and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddUdp1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityIpv6Rule.getSecurityRulePortMin();
+ Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 UDP remove with port no and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
}
/**
- * Test UDP add with port no and remote SG selected.
+ * Test IPv6 UDP remove with port no and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveUdp1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityIpv6Rule.getSecurityRulePortMin();
+ Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 UDP add with port no and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
}
/**
- * Test UDP remove with port no and remote SG selected.
+ * Test IPv6 UDP add with port no and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddUdp2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityIpv6Rule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + IPV6_DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + IPV6_DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 UDP remove with port no and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
}
/**
- * Test UDP add with port (All UDP) and CIDR selected.
+ * Test IPv6 UDP remove with port no and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveUdp2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityIpv6Rule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + IPV6_DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + IPV6_DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 UDP add with port (All UDP) and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
}
/**
- * Test UDP remove with port (All UDP) and CIDR selected.
+ * Test IPv6 UDP add with port (All UDP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddUdpAll1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 UDP remove with port (All UDP) and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
}
/**
- * Test UDP add with port (All UDP) and remote SG selected.
+ * Test IPv6 UDP remove with port (All UDP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveUdpAll1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 UDP add with port (All UDP) and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
}
/**
- * Test UDP remove with port (All UDP) and remote SG selected.
+ * Test IPv6 UDP add with port (All UDP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddUdpAll2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 UDP remove with port (All UDP) and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
}
}
+ /**
+ * Test IPv6 UDP remove with port (All UDP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveUdpAll2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
/**
* Test ICMP add with code, type and CIDR selected.
*/
Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
"_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
}
+ /**
+ * Test ICMPv6 add with code, type and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddIcmp1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("icmpv6");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(10);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(10);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ Icmpv6Match icmpv6Match = match.getIcmpv6Match();
+ Assert.assertEquals(10, icmpv6Match.getIcmpv6Type().shortValue());
+ Assert.assertEquals(10, icmpv6Match.getIcmpv6Code().shortValue());
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+ Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
+ Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
+ Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + type + "_" + code + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
/**
* Test ICMP remove with code, type and CIDR selected.
*/
Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
"_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
}
+ /**
+ * Test ICMPv6 remove with code, type and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveIcmp1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("icmpv6");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(20);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(20);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ Icmpv6Match icmpv6Match = match.getIcmpv6Match();
+ Assert.assertEquals(20, icmpv6Match.getIcmpv6Type().shortValue());
+ Assert.assertEquals(20, icmpv6Match.getIcmpv6Code().shortValue());
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+ Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
+ Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
+ Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + type + "_" + code + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
/**
* Test ICMP add with code, type and remote SG selected.
*/
Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
}
}
+ /**
+ * Test ICMPv6 add with code, type and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddIcmp2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("icmpv6");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(30);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(30);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ Icmpv6Match icmpv6Match = match.getIcmpv6Match();
+ Assert.assertEquals(30, icmpv6Match.getIcmpv6Type().shortValue());
+ Assert.assertEquals(30, icmpv6Match.getIcmpv6Code().shortValue());
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+ Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
+ Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
+ String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
+ + IPV6_DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
+ + IPV6_DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
/**
* Test ICMP remove with code, type and remote SG selected.
*/
Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
}
}
+ /**
+ * Test ICMPv6 remove with code, type and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveIcmp2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("icmpv6");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(40);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(40);
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ Icmpv6Match icmpv6Match = match.getIcmpv6Match();
+ Assert.assertEquals(40, icmpv6Match.getIcmpv6Type().shortValue());
+ Assert.assertEquals(40, icmpv6Match.getIcmpv6Code().shortValue());
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+ Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
+ Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
+ String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
+ + IPV6_DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
+ + IPV6_DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
/**
* Test IPv4 invalid ether type test case.
*/
@Test
public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
- when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
+ when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IP");
egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
- verify(writeTransaction, times(1)).submit();
- verify(commitFuture, times(1)).checkedGet();
+ verify(writeTransaction, times(2)).submit();
+ verify(commitFuture, times(2)).checkedGet();
}
/**
* Test With isConntrackEnabled false isComputeNode false
egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
- verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
- verify(writeTransaction, times(1)).submit();
- verify(commitFuture, times(1)).get();
+ verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
+ verify(writeTransaction, times(2)).submit();
+ verify(commitFuture, times(2)).get();
}
/**
egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
- verify(writeTransaction, times(10)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
- verify(writeTransaction, times(5)).submit();
- verify(commitFuture, times(5)).checkedGet();
+ verify(writeTransaction, times(9)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
+ verify(writeTransaction, times(9)).submit();
+ verify(commitFuture, times(9)).checkedGet();
}
/**
egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
- verify(writeTransaction, times(5)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
- verify(writeTransaction, times(5)).submit();
- verify(commitFuture, times(5)).get();
+ verify(writeTransaction, times(9)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
+ verify(writeTransaction, times(9)).submit();
+ verify(commitFuture, times(9)).get();
}
/**
egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
- verify(writeTransaction, times(1)).submit();
- verify(commitFuture, times(1)).checkedGet();
+ verify(writeTransaction, times(2)).submit();
+ verify(commitFuture, times(2)).checkedGet();
}
/**
egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
- verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
- verify(writeTransaction, times(1)).submit();
- verify(commitFuture, times(1)).get();
+ verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
+ verify(writeTransaction, times(2)).submit();
+ verify(commitFuture, times(2)).get();
}
/**
egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
- verify(writeTransaction, times(16)).put(any(LogicalDatastoreType.class),
+ verify(writeTransaction, times(12)).put(any(LogicalDatastoreType.class),
any(InstanceIdentifier.class), any(Node.class), eq(true));
- verify(writeTransaction, times(8)).submit();
- verify(commitFuture, times(8)).checkedGet();
+ verify(writeTransaction, times(12)).submit();
+ verify(commitFuture, times(12)).checkedGet();
}
/**
egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
- verify(writeTransaction, times(8)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
- verify(writeTransaction, times(8)).submit();
- verify(commitFuture, times(8)).get();
+ verify(writeTransaction, times(12)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
+ verify(writeTransaction, times(12)).submit();
+ verify(commitFuture, times(12)).get();
}
}
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv6Match;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
@Mock private NeutronSecurityGroup securityGroup;
@Mock private NeutronSecurityRule portSecurityRule;
+ @Mock private NeutronSecurityGroup securityGroupIpv6;
+ @Mock private NeutronSecurityRule portSecurityIpv6Rule;
@Mock private SecurityServicesManager securityServices;
@Mock private SecurityGroupCacheManger securityGroupCacheManger;
private Neutron_IPs neutron_ip_src;
private Neutron_IPs neutron_ip_dest_1;
private Neutron_IPs neutron_ip_dest_2;
+ private Neutron_IPs neutron_ipv6_dest_1;
+ private Neutron_IPs neutron_ipv6_dest_2;
private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
private static final String DHCP_MAC_ADDRESS = "87:1D:5E:02:40:B9";
private static final String SRC_IP = "192.168.0.1";
private static final String DEST_IP_1 = "192.169.0.1";
private static final String DEST_IP_2 = "192.169.0.2";
+ private static final String IPV6_DEST_IP_1 = "2001:db8:2::200";
+ private static final String IPV6_DEST_IP_2 = "2001:db8:2::201";
+ private static final Long IPV6_ETHER_TYPE = (long) 0x86DD;
+ private static final Long IPV4_ETHER_TYPE = (long) 0x0800;
private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
private static final String SEGMENT_ID = "2";
neutron_ip_dest_2.setIpAddress(DEST_IP_2);
neutronDestIpList.add(neutron_ip_dest_2);
+ portSecurityIpv6Rule = mock(NeutronSecurityRule.class);
+ when(portSecurityIpv6Rule.getSecurityRuleEthertype()).thenReturn("IPv6");
+ when(portSecurityIpv6Rule.getSecurityRuleDirection()).thenReturn("ingress");
+
+ List<NeutronSecurityRule> portSecurityIpv6List = new ArrayList<>();
+ portSecurityIpv6List.add(portSecurityIpv6Rule);
+ when(securityGroupIpv6.getSecurityRules()).thenReturn(portSecurityIpv6List);
+
+ neutron_ipv6_dest_1 = new Neutron_IPs();
+ neutron_ipv6_dest_1.setIpAddress(IPV6_DEST_IP_1);
+ neutronDestIpList.add(neutron_ipv6_dest_1);
+
+ neutron_ipv6_dest_2 = new Neutron_IPs();
+ neutron_ipv6_dest_2.setIpAddress(IPV6_DEST_IP_2);
+ neutronDestIpList.add(neutron_ipv6_dest_2);
when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
when(securityServices.getVmListForSecurityGroup
ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
- verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
+ verify(writeTransaction, times(1)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
+ verify(writeTransaction, times(1)).submit();
+ verify(commitFuture, times(1)).checkedGet();
+ }
+
+ /**
+ * Test IPv6 add test case.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddIpv6() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(null);
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(null);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(null);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
+
+ ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroupIpv6, PORT_UUID, true);
+
+ verify(writeTransaction, times(1)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
verify(writeTransaction, times(1)).submit();
verify(commitFuture, times(1)).checkedGet();
}
}
/**
- * Test TCP add with port no and CIDR selected.
+ * Test IPv6 remove test case.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveIpv6() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(null);
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(null);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(null);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
+
+ ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroupIpv6, PORT_UUID, false);
+
+ verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
+ verify(writeTransaction, times(1)).submit();
+ verify(commitFuture, times(1)).get();
+ }
+
+ /**
+ * Test IPv4 TCP add with port no and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
}
/**
- * Test TCP remove with port no and CIDR selected.
+ * Test IPv6 TCP add with port no and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddTcp1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(20);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(20);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port = portSecurityIpv6Rule.getSecurityRulePortMin();
+ Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 TCP remove with port no and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
}
/**
- * Test TCP add with port no and remote SG selected.
+ * Test IPv6 TCP remove with port no and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveTcp1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(15);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(15);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(15, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port = portSecurityIpv6Rule.getSecurityRulePortMin();
+ Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 TCP add with port no and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
}
/**
- * Test TCP remove with port no and remote SG selected.
+ * Test IPv6 TCP add with port no and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddTcp2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port = portSecurityIpv6Rule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 TCP remove with port no and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
/**
- * Test TCP add with port (All TCP) and CIDR selected.
+ * Test IPv6 TCP remove with port no and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveTcp2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port = portSecurityIpv6Rule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 TCP add with port (All TCP) and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
}
/**
- * Test TCP remove with port (All TCP) and CIDR selected.
+ * Test IPv6 TCP add with port (All TCP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddTcpAll1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 TCP remove with port (All TCP) and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
}
/**
- * Test TCP add with port (All TCP) and remote SG selected.
+ * Test IPv6 TCP remove with port (All TCP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveTcpAll1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 TCP add with port (All TCP) and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
}
/**
- * Test TCP remove with port (All TCP) and remote SG selected.
+ * Test IPv6 TCP add with port (All TCP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddTcpAll2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 TCP remove with port (All TCP) and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
}
/**
- * Test UDP add with port no and CIDR selected.
+ * Test IPv6 TCP remove with port (All TCP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveTcpAll2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
+ String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 UDP add with port no and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
}
/**
- * Test UDP remove with port no and CIDR selected.
+ * Test IPv6 UDP add with port no and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddUdp1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityIpv6Rule.getSecurityRulePortMin();
+ Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 UDP remove with port no and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
}
/**
- * Test UDP add with port no and remote SG selected.
+ * Test IPv6 UDP remove with port no and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveUdp1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityIpv6Rule.getSecurityRulePortMin();
+ Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 UDP add with port no and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
}
/**
- * Test UDP remove with port no and remote SG selected.
+ * Test IPv6 UDP add with port no and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddUdp2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityIpv6Rule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 UDP remove with port no and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
}
/**
- * Test UDP add with ports (All UDP) and CIDR selected.
+ * Test IPv6 UDP remove with port no and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveUdp2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityIpv6Rule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 UDP add with ports (All UDP) and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
}
/**
- * Test UDP remove with ports (All UDP) and CIDR selected.
+ * Test IPv6 UDP add with ports (All UDP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIPv6AddUdpAll1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 UDP remove with ports (All UDP) and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
}
/**
- * Test UDP add with ports (All UDP) and remote SG selected.
+ * Test IPv6 UDP remove with ports (All UDP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveUdpAll1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test IPv4 UDP add with ports (All UDP) and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
}
/**
- * Test UDP remove with ports (All UDP) and remote SG selected.
+ * Test IPv6 UDP add with ports (All UDP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddUdpAll2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 UDP remove with ports (All UDP) and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
Match match = flowBuilder.getMatch();
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
}
}
+ /**
+ * Test IPv6 UDP remove with ports (All UDP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveUdpAll2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
/**
* Test ICMP add with code, type and CIDR selected.
*/
Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
flowBuilder.getFlowName());
}
+ /**
+ * Test ICMPv6 add with code, type and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddIcmp1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("icmpv6");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(10);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(10);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
+ MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6, PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ Icmpv6Match icmpv6Match = match.getIcmpv6Match();
+ Assert.assertEquals(10, icmpv6Match.getIcmpv6Type().shortValue());
+ Assert.assertEquals(10, icmpv6Match.getIcmpv6Code().shortValue());
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+ Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
+ Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
+ Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
+ + "_::/64_Permit",
+ flowBuilder.getFlowName());
+ }
+
/**
* Test ICMP remove with code, type and CIDR selected.
*/
Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
flowBuilder.getFlowName());
}
+ /**
+ * Test ICMPv6 remove with code, type and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveIcmp1() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("icmpv6");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(20);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(20);
+ when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
+ MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6, PORT_UUID, false);
+ Match match = flowBuilder.getMatch();
+ Icmpv6Match icmpv6Match = match.getIcmpv6Match();
+ Assert.assertEquals(20, icmpv6Match.getIcmpv6Type().shortValue());
+ Assert.assertEquals(20, icmpv6Match.getIcmpv6Code().shortValue());
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+ Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
+ Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
+ Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
+ + "_::/64_Permit",
+ flowBuilder.getFlowName());
+ }
+
/**
* Test ICMP add with code, type and remote SG selected.
*/
Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
}
}
+ /**
+ * Test ICMPv6 add with code, type and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6AddIcmp2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("icmpv6");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(30);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(30);
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
+ MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6, PORT_UUID, true);
+ Match match = flowBuilder.getMatch();
+ Icmpv6Match icmpv6Match =match.getIcmpv6Match();
+ Assert.assertEquals(30, icmpv6Match.getIcmpv6Type().shortValue());
+ Assert.assertEquals(30, icmpv6Match.getIcmpv6Code().shortValue());
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+
+ Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
+ Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
+ String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
+ + IPV6_DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
+ + IPV6_DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
/**
* Test ICMP remove with code, type and remote SG selected.
*/
Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
EthernetMatch ethMatch = match.getEthernetMatch();
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
}
}
+ /**
+ * Test ICMPv6 remove with code, type and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleIpv6RemoveIcmp2() throws Exception {
+ when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn("icmpv6");
+ when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(40);
+ when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(40);
+ when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer())
+ .when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class), any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
+ MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6, PORT_UUID, false);
+ Match match = flowBuilder.getMatch();
+ Icmpv6Match icmpv6Match = match.getIcmpv6Match();
+ Assert.assertEquals(40, icmpv6Match.getIcmpv6Type().shortValue());
+ Assert.assertEquals(40, icmpv6Match.getIcmpv6Code().shortValue());
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+ Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
+ Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
+ Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
+ String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
+ + IPV6_DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
+ + IPV6_DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
/**
* Test IPv4 invalid ether type test case.
*/
@Test
public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
- when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
+ when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IP");
ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", DHCP_MAC_ADDRESS, 1, false, true, MAC_ADDRESS, true);
- verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
+ verify(writeTransaction, times(1)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
verify(writeTransaction, times(1)).submit();
verify(commitFuture, times(1)).checkedGet();
}
ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", DHCP_MAC_ADDRESS, 1, false, true, MAC_ADDRESS, true);
- verify(writeTransaction, times(8)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
+ verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
verify(writeTransaction, times(4)).submit();
verify(commitFuture, times(4)).checkedGet();
}