/** * The default rule is to match on anything. */ public FirewallRule() { this.dpid = DatapathId.NONE; this.in_port = OFPort.ANY; this.dl_src = MacAddress.NONE; this.dl_dst = MacAddress.NONE; this.dl_type = EthType.NONE; this.nw_src_prefix_and_mask = IPv4AddressWithMask.NONE; this.nw_dst_prefix_and_mask = IPv4AddressWithMask.NONE; this.nw_proto = IpProtocol.NONE; this.tp_src = TransportPort.NONE; this.tp_dst = TransportPort.NONE; this.any_dpid = true; this.any_in_port = true; this.any_dl_src = true; this.any_dl_dst = true; this.any_dl_type = true; this.any_nw_src = true; this.any_nw_dst = true; this.any_nw_proto = true; this.any_tp_src = true; this.any_tp_dst = true; this.priority = 0; this.action = FirewallAction.ALLOW; this.ruleid = 0; }
@Test public void testSimpleAllowRule() throws Exception { // enable firewall first firewall.enableFirewall(true); // add TCP rule FirewallRule rule = new FirewallRule(); rule.dl_type = EthType.IPv4; rule.any_dl_type = false; rule.nw_proto = IpProtocol.TCP; rule.any_nw_proto = false; // source is IP 192.168.1.2 rule.nw_src_prefix_and_mask = IPv4AddressWithMask.of("192.168.1.2/32"); rule.any_nw_src = false; // dest is network 192.168.1.0/24 rule.nw_dst_prefix_and_mask = IPv4AddressWithMask.of("192.168.1.0/24"); rule.any_nw_dst = false; rule.priority = 1; firewall.addRule(rule); // simulate a packet-in events this.setPacketIn(tcpPacketReply); firewall.receive(sw, this.packetIn, cntx); verify(sw); IRoutingDecision decision = IRoutingDecision.rtStore.get(cntx, IRoutingDecision.CONTEXT_DECISION); assertEquals(IRoutingDecision.RoutingAction.FORWARD_OR_FLOOD, decision.getRoutingAction()); // clear decision IRoutingDecision.rtStore.remove(cntx, IRoutingDecision.CONTEXT_DECISION); this.setPacketIn(tcpPacket); firewall.receive(sw, this.packetIn, cntx); verify(sw); decision = IRoutingDecision.rtStore.get(cntx, IRoutingDecision.CONTEXT_DECISION); assertEquals(IRoutingDecision.RoutingAction.DROP, decision.getRoutingAction()); }
@Test public void testGetCanonicalFullMask() { IPv4AddressWithMask empty = IPv4AddressWithMask.of("0.0.0.0/0"); assertEquals(IPv4Address.FULL_MASK, empty.getMask()); OFOxmIpv4SrcMasked ipv4SrcMasked = oxms.ipv4SrcMasked(empty.getValue(), empty.getMask()); // canonicalize should remove /0 assertNull(ipv4SrcMasked.getCanonical()); }
@Test public void testGetCanonicalNoMask() { IPv4AddressWithMask fullIp = IPv4AddressWithMask.of("1.2.3.4/32"); assertEquals(IPv4Address.NO_MASK, fullIp.getMask()); OFOxmIpv4SrcMasked ipv4SrcMasked = oxms.ipv4SrcMasked(fullIp.getValue(), fullIp.getMask()); assertTrue(ipv4SrcMasked.isMasked()); assertEquals(IPv4Address.NO_MASK, ipv4SrcMasked.getMask()); // canonicalize should convert the masked oxm to the non-masked one OFOxm<IPv4Address> canonical = ipv4SrcMasked.getCanonical(); assertThat(canonical, CoreMatchers.instanceOf(OFOxmIpv4Src.class)); assertFalse(canonical.isMasked()); }
@Test public void testGetCanonicalNormalMask() { IPv4AddressWithMask ip = IPv4AddressWithMask.of("1.2.3.0/24"); OFOxmIpv4SrcMasked ipv4SrcMasked = oxms.ipv4SrcMasked(ip.getValue(), ip.getMask()); assertTrue(ipv4SrcMasked.isMasked()); // canonicalize should convert the masked oxm to the non-masked one OFOxm<IPv4Address> canonical = ipv4SrcMasked.getCanonical(); assertEquals(ipv4SrcMasked, canonical); }