From ca7b72ad1a50c353b7ffc4e2934e654f73603c62 Mon Sep 17 00:00:00 2001
From: Juan Vidal <juan.vidal.allende@ericsson.com>
Date: Wed, 15 Feb 2017 09:55:11 +0000
Subject: Fix is_ssh_blocked and is_http_blocked

This patch fixes JIRA SFC-79

Previously, those functions used regex matching against the command output.
Now, the return code from netcat is used. It should be easier and more
relieable.

Change-Id: I639c64b3fe0a0e3c0b59f73e5615b8737e676849
Signed-off-by: Juan Vidal <juan.vidal.allende@ericsson.com>
---
 sfc/lib/utils.py                                   | 38 ++++++++++------------
 ...ain_two_service_functions_different_computes.py |  4 +--
 sfc/tests/functest/sfc_two_chains_SSH_and_HTTP.py  |  8 ++---
 3 files changed, 23 insertions(+), 27 deletions(-)

diff --git a/sfc/lib/utils.py b/sfc/lib/utils.py
index 8bd67e4f..5ca53077 100644
--- a/sfc/lib/utils.py
+++ b/sfc/lib/utils.py
@@ -238,32 +238,28 @@ def vxlan_tool_stop(sf):
     run_cmd_remote(sf, cmd)
 
 
-def netcat(s_ip, c_ip, port="80", timeout=5):
-    """Run netcat on a give machine, Can be VM"""
-    cmd = "nc -zv "
-    cmd = cmd + " -w %s %s %s" % (timeout, s_ip, port)
-    cmd = cmd + " 2>&1"
-    _, output, _ = run_cmd_remote(c_ip, cmd)
+def netcat(source_ip, destination_ip, port, timeout=5):
+    """
+    SSH into source_ip, and check the connectivity from there to destination_ip
+    on the specified port, using the netcat command.
+    Returns 0 on successful execution, != 0 on failure
+    """
+    cmd = "nc -zv -w %s %s %s 2>&1" % (timeout, destination_ip, port)
+    rc, output, _ = run_cmd_remote(source_ip, cmd)
+    logger.info("Running netcat from [%s] - connecting to [%s] on port [%s]" %
+                (source_ip, destination_ip, port))
     logger.info("%s" % output)
-    return output
+    return rc
 
 
-def is_ssh_blocked(srv_prv_ip, client_ip):
-    res = netcat(srv_prv_ip, client_ip, port="22")
-    match = re.search("nc:.*timed out:.*", res, re.M)
-    if match:
-        return True
-
-    return False
+def is_ssh_blocked(source_ip, destination_ip):
+    rc = netcat(source_ip, destination_ip, port="22")
+    return rc != 0
 
 
-def is_http_blocked(srv_prv_ip, client_ip):
-    res = netcat(srv_prv_ip, client_ip, port="80")
-    match = re.search(".* 80 port.* succeeded!", res, re.M)
-    if match:
-        return False
-
-    return True
+def is_http_blocked(source_ip, destination_ip):
+    rc = netcat(source_ip, destination_ip, port="80")
+    return rc != 0
 
 
 def capture_ovs_logs(ovs_logger, controller_clients, compute_clients, error):
diff --git a/sfc/tests/functest/sfc_one_chain_two_service_functions_different_computes.py b/sfc/tests/functest/sfc_one_chain_two_service_functions_different_computes.py
index 71b69dff..e5a9f206 100644
--- a/sfc/tests/functest/sfc_one_chain_two_service_functions_different_computes.py
+++ b/sfc/tests/functest/sfc_one_chain_two_service_functions_different_computes.py
@@ -218,7 +218,7 @@ def main():
     time.sleep(100)
 
     logger.info("Test HTTP")
-    if not test_utils.is_http_blocked(srv_prv_ip, client_ip):
+    if not test_utils.is_http_blocked(client_ip, srv_prv_ip):
         logger.info('\033[92mTEST 1 [PASSED] ==> HTTP WORKS\033[0m')
         update_json_results("Test 1: HTTP works", "Passed")
     else:
@@ -235,7 +235,7 @@ def main():
     test_utils.vxlan_firewall(sf1, port="80")
 
     logger.info("Test HTTP again")
-    if test_utils.is_http_blocked(srv_prv_ip, client_ip):
+    if test_utils.is_http_blocked(client_ip, srv_prv_ip):
         logger.info('\033[92mTEST 2 [PASSED] ==> HTTP Blocked\033[0m')
         update_json_results("Test 2: HTTP Blocked", "Passed")
     else:
diff --git a/sfc/tests/functest/sfc_two_chains_SSH_and_HTTP.py b/sfc/tests/functest/sfc_two_chains_SSH_and_HTTP.py
index 92ef9f16..4117b237 100644
--- a/sfc/tests/functest/sfc_two_chains_SSH_and_HTTP.py
+++ b/sfc/tests/functest/sfc_two_chains_SSH_and_HTTP.py
@@ -190,7 +190,7 @@ def main():
     t1.join()
 
     logger.info("Test SSH")
-    if test_utils.is_ssh_blocked(srv_prv_ip, client_ip):
+    if test_utils.is_ssh_blocked(client_ip, srv_prv_ip):
         results.add_to_summary(2, "PASS", "SSH Blocked")
     else:
         error = ('\033[91mTEST 1 [FAILED] ==> SSH NOT BLOCKED\033[0m')
@@ -200,7 +200,7 @@ def main():
         results.add_to_summary(2, "FAIL", "SSH Blocked")
 
     logger.info("Test HTTP")
-    if not test_utils.is_http_blocked(srv_prv_ip, client_ip):
+    if not test_utils.is_http_blocked(client_ip, srv_prv_ip):
         results.add_to_summary(2, "PASS", "HTTP works")
     else:
         error = ('\033[91mTEST 2 [FAILED] ==> HTTP BLOCKED\033[0m')
@@ -243,7 +243,7 @@ def main():
     t2.join()
 
     logger.info("Test HTTP")
-    if test_utils.is_http_blocked(srv_prv_ip, client_ip):
+    if test_utils.is_http_blocked(client_ip, srv_prv_ip):
         results.add_to_summary(2, "PASS", "HTTP Blocked")
     else:
         error = ('\033[91mTEST 3 [FAILED] ==> HTTP WORKS\033[0m')
@@ -253,7 +253,7 @@ def main():
         results.add_to_summary(2, "FAIL", "HTTP Blocked")
 
     logger.info("Test SSH")
-    if not test_utils.is_ssh_blocked(srv_prv_ip, client_ip):
+    if not test_utils.is_ssh_blocked(client_ip, srv_prv_ip):
         results.add_to_summary(2, "PASS", "SSH works")
     else:
         error = ('\033[91mTEST 4 [FAILED] ==> SSH BLOCKED\033[0m')
-- 
cgit 1.2.3-korg