def test_arp_protection_removal(self):
self._add_arp_protection(self.source, ['1.1.1.1'])
self._add_arp_protection(self.destination, ['2.2.2.2'])
no_arping(self.observer.namespace, self.destination.ip)
no_arping(self.observer.namespace, self.source.ip)
name = net_helpers.VethFixture.get_peer_name(self.source.port.name)
arp_protect.delete_arp_spoofing_protection([name])
# spoofing should have been removed from source, but not dest
arping(self.observer.namespace, self.source.ip)
no_arping(self.observer.namespace, self.destination.ip)
def test_delete_arp_spoofing(self):
# Note(cfb): We don't call this with contextlib.nested() because
# arp_protect.delete_arp_spoofing_protection() has a decorator
# which is a non-nested context manager and they don't play nice
# together with mock at all.
ebtables_p = mock.patch.object(arp_protect, 'ebtables')
ebtables = ebtables_p.start()
arp_protect.delete_arp_spoofing_protection(
[self.VIF], current_rules=self.EBTABLES_LOADED_SAMPLE)
expected = [
mock.call(['-D', 'FORWARD', '-i', self.VIF, '-j',
self.CHAIN_NAME, '-p', 'ARP']),
mock.call(['-X', self.CHAIN_NAME]),
]
ebtables.assert_has_calls(expected)
def treat_devices_removed(self, devices):
resync = False
self.sg_agent.remove_devices_filter(devices)
for device in devices:
LOG.info(_LI("Attachment %s removed"), device)
details = None
try:
details = self.plugin_rpc.update_device_down(self.context,
device,
self.agent_id,
cfg.CONF.host)
except Exception as e:
LOG.debug("port_removed failed for %(device)s: %(e)s",
{'device': device, 'e': e})
resync = True
if details and details['exists']:
LOG.info(_LI("Port %s updated."), device)
else:
LOG.debug("Device %s not defined on plugin", device)
if self.prevent_arp_spoofing:
arp_protect.delete_arp_spoofing_protection(devices)
return resync
