def send_cmd_on_threshold_limit(namespace_dict):
master_iplist = []
total_ips = 0
result = None
cmdstr =""
#Loop through the dictionary and log it in mfc_accesslog_analyzer.log
for items in sorted(namespace_dict):
iplist = namespace_dict[items]
#put this list in a unique aggregated list for generating the command that is going to be dumped to a file
master_iplist.extend(x for x in iplist if x not in master_iplist)
if result != None:
result += "Namespace: %s No of server ips: %d"%(items, len(iplist))
else:
result = "Namespace: %s No of server ips: %d"%(items, len(iplist))
total_ips += len(iplist)
ipstr = "\n".join(sorted(iplist, reverse=True))
if result != None:
result += "\n"+ipstr + "\n"
if result != None:
result += "\n" + "TOTAL NO OF IP'S: %d"% total_ips + "\n"
fp_log = open(mfc_result_file, 'w')
fp_log.write(result)
fp_log.close()
#Go through the sorted aggreaged list of dest ip's to generate the MX router command
for item in sorted(master_iplist, reverse=True):
cmdstr += "set policy-options prefix-list redirect-to-proxy %s\n"% item
#Send the cmd to be dumped in a file
if len(master_iplist) > 0:
del master_iplist[:]
mfcloganalyzer_log.info("Firing/Saving PBR rules to router/file")
#print cmdstr
gen_utils.sendCmd(cmdstr, "no", mfc_pbr_file, 'w')
else:
mfcloganalyzer_log.info("No PBR rules available in the processed log files")
def sendPbrs(cmds_list):
err = 0
if len(cmds_list) > 0:
# Get the commands to be fired to the router
cmdstr = "\n".join(cmds_list)
# print cmdstr
# dpiloganalyzer_log.info("The transaction to be fired is \n%s\n", cmdstr)
if fire_to_router.lower() == "yes":
dpiloganalyzer_log.info("FIRING THE FILTER-RULES TO THE ROUTER\n")
else:
dpiloganalyzer_log.info("FIRING THE FILTER-RULES TO THE FILE\n")
# Fire the transaction to the router or to a file
err = gen_utils.sendCmd(cmdstr, fire_to_router, header.DPI_ANALYZER_RESULT_FILE, "a+", dpiloganalyzer_log)
if err == 0:
# Persist with the dictionary of destination-ip's
with open(header.DEST_IP_PICKLE, "wb") as f:
if not os.path.isfile(header.CLEAR_FILTER_RULES_FILE):
pickle.dump(dest_ips, f)
del cmds_list[:]
# Clear the dictionary if it has more than 25000 entries
if len(dest_ips) > header.MAX_DICT_SIZE:
dest_ips.clear()
else:
dpiloganalyzer_log.error("The 'commit' of the filter-rules failed in the device")
else:
dpiloganalyzer_log.info("No unique pbr's available to be fired to the router")
def sendPbrs(cmds_list):
err = 0
if len(cmds_list) > 0:
#Get the commands to be fired to the router
cmdstr = "\n".join(cmds_list)
#print cmdstr
#dpiloganalyzer_log.info("The transaction to be fired is \n%s\n", cmdstr)
if fire_to_router.lower() == 'yes':
dpiloganalyzer_log.info("FIRING THE FILTER-RULES TO THE ROUTER\n")
else:
dpiloganalyzer_log.info("FIRING THE FILTER-RULES TO THE FILE\n")
#Fire the transaction to the router or to a file
err = gen_utils.sendCmd(cmdstr, fire_to_router,
header.DPI_ANALYZER_RESULT_FILE, 'a+',
dpiloganalyzer_log)
if err == 0:
#Persist with the dictionary of destination-ip's
with open(header.DEST_IP_PICKLE, 'wb') as f:
if not os.path.isfile(header.CLEAR_FILTER_RULES_FILE):
pickle.dump(dest_ips, f)
del cmds_list[:]
#Clear the dictionary if it has more than 25000 entries
if len(dest_ips) > header.MAX_DICT_SIZE:
dest_ips.clear()
else:
dpiloganalyzer_log.error(
"The 'commit' of the filter-rules failed in the device")
else:
dpiloganalyzer_log.info(
"No unique pbr's available to be fired to the router")
def fireOneTimeCommands(analyzer_conf_dict):
try:
mfc_interface_ip = analyzer_conf_dict["mfc_interface_ip"]
mx_client_interface = analyzer_conf_dict["mx_client_interface"]
mx_server_interface = analyzer_conf_dict["mx_server_interface"]
mx_mfc_interface = analyzer_conf_dict["mx_mfc_interface"]
mx_mfc_interface_ip_mask = analyzer_conf_dict["mx_mfc_interface_ip_mask"]
except KeyError as e:
dpiloganalyzer_log.info(
"Mandatory onetime configuration entry %s is missing in the analyzer.conf file. Nothing will be configured in the router",
e,
)
return
# Validate if all the MX router mirror configuration entries are entered in the router.
# If not given a message will be logged and the one time configuration will not be configured in the router
if (
mfc_interface_ip == ""
or mx_client_interface == ""
or mx_server_interface == ""
or mx_mfc_interface == ""
or mx_mfc_interface_ip_mask == ""
):
dpiloganalyzer_log.info(
"Please make sure all the router one time configuration entries for applying the PBR are given in the analyzer.conf file. One time configuration is not configured in the router now"
)
return
cmd_list = [
"set firewall family inet filter media_flow term to_mfc from prefix-list redirect-to-proxy",
"set firewall family inet filter media_flow term to_mfc then routing-instance media_flow",
"set policy-options prefix-list redirect-to-proxy",
"set routing-instances media_flow instance-type forwarding",
"set routing-options interface-routes rib-group inet dpi",
"set routing-options rib-groups dpi import-rib inet.0",
"set routing-options rib-groups dpi import-rib media_flow.inet.0",
"set routing-instances media_flow routing-options static route 0.0.0.0/0 next-hop %s" % mfc_interface_ip,
"set interfaces %s description client-interface unit 0 family inet filter input-list media_flow"
% mx_client_interface,
"set interfaces %s description server-interface unit 0 family inet filter input-list media_flow"
% mx_server_interface,
"set interfaces %s description mfc_tproxy_interface unit 0 family inet address %s"
% (mx_mfc_interface, mx_mfc_interface_ip_mask),
]
cmdstr = "\n".join(cmd_list)
# Fire the transaction to the router
gen_utils.sendCmd(cmdstr, "yes", "", "")
def fireMirrorConfiguration(analyzer_conf_dict):
try:
fpc_slot = analyzer_conf_dict["fpc_slot"]
output_interface_name = analyzer_conf_dict["output_interface_name"]
next_hop_ip = analyzer_conf_dict["next_hop_ip"]
output_interface_name = analyzer_conf_dict["output_interface_name"]
output_interface_ip_mask = analyzer_conf_dict["output_interface_ip_mask"]
mfc_mirror_interface_ip = analyzer_conf_dict["mfc_mirror_interface_ip"]
mac_address = analyzer_conf_dict["mac_address"]
except KeyError as e:
dpiloganalyzer_log.info(
"Mandatory mirror configuration entry %s is missing in the analyzer.conf file. Mirror configuration will not be fired",
e,
)
return
# Validate if all the MX router mirror configuration entries are entered in the router.
# If not given a message will be logged and the mirror configuration will not be configured in the router
if (
fpc_slot == ""
or output_interface_name == ""
or next_hop_ip == ""
or output_interface_name == ""
or output_interface_ip_mask == ""
or mfc_mirror_interface_ip == ""
or mac_address == ""
):
dpiloganalyzer_log.info(
"Please make sure all the router mirror configuration entries are given in the analyzer.conf file. No configuration done in the router"
)
return
# MX router mirror configuration commands
cmd_list = [
"set firewall family inet filter media_flow term HTTP_mirror from port http",
"set firewall family inet filter media_flow term HTTP_mirror then port-mirror-instance one",
"set firewall family inet filter media_flow term media_flow_default then accept",
"set chassis fpc %s port-mirror-instance one" % fpc_slot,
"set forwarding-options port-mirroring instance one input rate 1",
"set forwarding-options port-mirroring instance one family inet output interface %s next-hop %s"
% (output_interface_name, next_hop_ip),
"set interface %s description mirror-destination-interface unit 0 family inet address %s arp %s mac %s"
% (output_interface_name, output_interface_ip_mask, mfc_mirror_interface_ip, mac_address),
]
cmdstr = "\n".join(cmd_list)
# Fire the transaction to the router
gen_utils.sendCmd(cmdstr, "yes", "", "")
def fireOneTimeCommands(analyzer_conf_dict):
try:
mfc_interface_ip = analyzer_conf_dict['mfc_interface_ip']
mx_client_interface = analyzer_conf_dict['mx_client_interface']
mx_server_interface = analyzer_conf_dict['mx_server_interface']
mx_mfc_interface = analyzer_conf_dict['mx_mfc_interface']
mx_mfc_interface_ip_mask = analyzer_conf_dict[
'mx_mfc_interface_ip_mask']
except KeyError as e:
dpiloganalyzer_log.info(
"Mandatory onetime configuration entry %s is missing in the analyzer.conf file. Nothing will be configured in the router",
e)
return
#Validate if all the MX router mirror configuration entries are entered in the router.
#If not given a message will be logged and the one time configuration will not be configured in the router
if mfc_interface_ip == "" or mx_client_interface == "" or mx_server_interface == "" or mx_mfc_interface == "" or mx_mfc_interface_ip_mask == "":
dpiloganalyzer_log.info(
"Please make sure all the router one time configuration entries for applying the PBR are given in the analyzer.conf file. One time configuration is not configured in the router now"
)
return
cmd_list = [
'set firewall family inet filter media_flow term to_mfc from prefix-list redirect-to-proxy',
'set firewall family inet filter media_flow term to_mfc then routing-instance media_flow',
'set policy-options prefix-list redirect-to-proxy',
'set routing-instances media_flow instance-type forwarding',
'set routing-options interface-routes rib-group inet dpi',
'set routing-options rib-groups dpi import-rib inet.0',
'set routing-options rib-groups dpi import-rib media_flow.inet.0',
'set routing-instances media_flow routing-options static route 0.0.0.0/0 next-hop %s'
% mfc_interface_ip,
'set interfaces %s description client-interface unit 0 family inet filter input-list media_flow'
% mx_client_interface,
'set interfaces %s description server-interface unit 0 family inet filter input-list media_flow'
% mx_server_interface,
'set interfaces %s description mfc_tproxy_interface unit 0 family inet address %s'
% (mx_mfc_interface, mx_mfc_interface_ip_mask)
]
cmdstr = "\n".join(cmd_list)
#Fire the transaction to the router
gen_utils.sendCmd(cmdstr, "yes", "", "")
def fireMirrorConfiguration(analyzer_conf_dict):
try:
fpc_slot = analyzer_conf_dict['fpc_slot']
output_interface_name = analyzer_conf_dict['output_interface_name']
next_hop_ip = analyzer_conf_dict['next_hop_ip']
output_interface_name = analyzer_conf_dict['output_interface_name']
output_interface_ip_mask = analyzer_conf_dict[
'output_interface_ip_mask']
mfc_mirror_interface_ip = analyzer_conf_dict['mfc_mirror_interface_ip']
mac_address = analyzer_conf_dict['mac_address']
except KeyError as e:
dpiloganalyzer_log.info(
"Mandatory mirror configuration entry %s is missing in the analyzer.conf file. Mirror configuration will not be fired",
e)
return
#Validate if all the MX router mirror configuration entries are entered in the router.
#If not given a message will be logged and the mirror configuration will not be configured in the router
if fpc_slot == "" or output_interface_name == "" or next_hop_ip == "" or output_interface_name == "" or output_interface_ip_mask == "" or mfc_mirror_interface_ip == "" or mac_address == "":
dpiloganalyzer_log.info(
"Please make sure all the router mirror configuration entries are given in the analyzer.conf file. No configuration done in the router"
)
return
#MX router mirror configuration commands
cmd_list = [
'set firewall family inet filter media_flow term HTTP_mirror from port http',
'set firewall family inet filter media_flow term HTTP_mirror then port-mirror-instance one',
'set firewall family inet filter media_flow term media_flow_default then accept',
'set chassis fpc %s port-mirror-instance one' % fpc_slot,
'set forwarding-options port-mirroring instance one input rate 1',
'set forwarding-options port-mirroring instance one family inet output interface %s next-hop %s'
% (output_interface_name, next_hop_ip),
'set interface %s description mirror-destination-interface unit 0 family inet address %s arp %s mac %s'
% (output_interface_name, output_interface_ip_mask,
mfc_mirror_interface_ip, mac_address)
]
cmdstr = "\n".join(cmd_list)
#Fire the transaction to the router
gen_utils.sendCmd(cmdstr, "yes", "", "")
def main():
err = 0
#Logger settings
logging.basicConfig(filename=header.MFC_LOG_FILE, format='%(asctime)s %(message)s',level=logging.DEBUG)
mdreq = MdReq()
#Get the device map name
device_map_name = str(sys.argv[1])
NODE_DEVICE_MAP_FQDN = '/nkn/device_map/config/' + device_map_name + '/device_info/fqdn'
NODE_DEVICE_MAP_USERNAME = '******' + device_map_name + '/device_info/username'
NODE_DEVICE_MAP_PASSWORD = '******' + device_map_name + '/device_info/password'
#Get the fqdn, username and password
fqdn = mdreq.query(NODE_DEVICE_MAP_FQDN)
username = mdreq.query(NODE_DEVICE_MAP_USERNAME)
password = mdreq.queryCleartext(NODE_DEVICE_MAP_PASSWORD)
#First connect to the MX router
err = gen_utils.Connect_Router(fqdn,username, password, logging);
#Check if the connection to the router succeeded
if err == 1:
logging.error("The command 'clear log-analyzer filter-rules %s' failed. Cannot connect to the device %s", device_map_name,fqdn);
else:
#Construct the command to delete the pbr from the router
set_commands = """
delete policy-options prefix-list redirect-to-proxy
set policy-options prefix-list redirect-to-proxy
"""
#Fire the command to the router
err = gen_utils.sendCmd(set_commands, "yes", "","", logging)
#Check if the commit succeeded
if err == 0:
#Create a empty file so that the log-analyzer tool knows the 'clear' command has been fired
open(header.CLEAR_FILTER_RULES_FILE, 'w').close()
#If the commit is successful remove the persisted file rules file as well
pickle_file = '/var/log/'+header.DEST_IP_PICKLE
tmp_pickle_file = '/var/log/'+header.TMP_DEST_IP_PICKLE
if os.path.isfile(pickle_file):
shutil.copyfile(pickle_file, tmp_pickle_file)
os.remove(pickle_file)
logging.error("The command 'clear log-analyzer filter-rules %s' succeeded", device_map_name);
else:
logging.error("The command 'clear log-analyzer filter-rules %s' failed. Commit failed in the device %s", device_map_name, fqdn);
return err
