def __getTunObject(nh_type, id):
if nh_type == "tep":
objtype = ObjectTypes.TUNNEL
else:
#TODO: Handle nh, nhgroup, vpc_peer
assert (0)
return utils.GetConfigObjectById(objtype, id)
def GetERSPANSrcMac(testcase, inpkt, args=None):
mirrorObj = __get_mirror_object(testcase, args)
if not mirrorObj or mirrorObj.SpanType != 'ERSPAN':
return "00:00:00:00:00:00"
# underlay vpc, return TEP MAC
spanvpc = vpc.client.GetVpcObject(mirrorObj.Node, mirrorObj.VPCId)
if spanvpc.IsUnderlayVPC():
if mirrorObj.ErSpanDstType == 'tep':
spantunnel = utils.GetConfigObjectById(ObjectTypes.TUNNEL,
mirrorObj.TunnelId)
if spantunnel.IsUnderlay():
nh = spantunnel.NEXTHOP
l3if = nh.L3Interface
return l3if.GetInterfaceMac().get()
elif spanvpc.IsTenantVPC() and mirrorObj.ErSpanDstType == 'ip':
lmappingclient = utils.GetClientObject(ObjectTypes.LMAPPING)
lmapping = lmappingclient.GetLMapObjByEpIpKey(mirrorObj.Node,
str(mirrorObj.DstIP),
spanvpc.UUID.GetUuid())
rmappingclient = utils.GetClientObject(ObjectTypes.RMAPPING)
rmapping = rmappingclient.GetRMapObjByEpIpKey(mirrorObj.Node,
str(mirrorObj.DstIP),
spanvpc.UUID.GetUuid())
if lmapping != None:
return lmapping.VNIC.SUBNET.GetVRMacAddr()
elif rmapping != None:
return rmapping.SUBNET.GetVRMacAddr()
return "00:00:00:00:00:00"
def GetExpectedCPSPacket(testcase, args):
device = testcase.config.devicecfg
tc_rule = getattr(testcase.config, 'tc_rule', None)
# get nacl which we selected for testing
policy = getattr(testcase.config, 'policy', None)
direction = None
if policy:
direction = policy.Direction
else:
if args.direction == 'TX':
direction = 'egress'
elif args.direction == 'RX':
direction = 'ingress'
# get all security policies which needs to be applied
policies = __get_security_policies_from_lmapping(
testcase.config.localmapping, direction)
if not len(policies):
# 'allow' if there is no policy attached
return testcase.packets.Get(args.epkt_pass)
pkt = testcase.packets.Get(args.ipkt).GetScapyPacket()
if device.PolicyAnyDeny:
final_result = __match_and_get_final_result(policies, pkt, direction,
testcase)
else:
match_rule = __get_matching_rule(policies, pkt, direction, testcase)
policyobj = utils.GetConfigObjectById(ObjectTypes.POLICY, policies[0])
final_result = __get_final_result(tc_rule, match_rule, testcase,
policyobj)
if final_result == types_pb2.SECURITY_RULE_ACTION_DENY:
logger.info("GetExpectedCPSPacket: packet denied")
return None
logger.info("GetExpectedCPSPacket: packet allowed")
return testcase.packets.Get(args.epkt_pass)
def GetSPANPortID(testcase, args=None):
mirrorObj = __get_mirror_object(testcase, args)
if not mirrorObj:
return topo.PortTypes.NONE
if mirrorObj.SpanType == 'RSPAN':
return utils.GetPortIDfromInterface(mirrorObj.Interface)
elif mirrorObj.SpanType == 'ERSPAN':
spanvpc = vpc.client.GetVpcObject(mirrorObj.Node, mirrorObj.VPCId)
spantunnel = None
nh = None
if spanvpc.IsUnderlayVPC() and mirrorObj.ErSpanDstType == 'tep':
spantunnel = utils.GetConfigObjectById(ObjectTypes.TUNNEL,
mirrorObj.TunnelId)
elif spanvpc.IsTenantVPC() and mirrorObj.ErSpanDstType == 'ip':
rmappingclient = utils.GetClientObject(ObjectTypes.RMAPPING)
rmapping = rmappingclient.GetRMapObjByEpIpKey(
mirrorObj.Node, str(mirrorObj.DstIP), spanvpc.UUID.GetUuid())
if rmapping != None:
spantunnel = rmapping.TUNNEL
if spantunnel != None and spantunnel.IsUnderlay():
nh = spantunnel.NEXTHOP
if nh != None:
l3if = nh.L3Interface
return utils.GetPortIDfromInterface(l3if.EthIfIdx)
return topo.PortTypes.NONE
def GetERSPANDstMac(testcase, packet, args=None):
mirrorObj = __get_mirror_object(testcase, args)
if not mirrorObj or mirrorObj.SpanType != 'ERSPAN':
return "00:00:00:00:00:00"
# underlay vpc, return TEP MAC
spanvpc = vpc.client.GetVpcObject(mirrorObj.Node, mirrorObj.VPCId)
if spanvpc.IsUnderlayVPC():
if mirrorObj.ErSpanDstType == 'tep':
spantunnel = utils.GetConfigObjectById(ObjectTypes.TUNNEL,
mirrorObj.TunnelId)
return str(spantunnel.NEXTHOP.GetUnderlayMacAddr())
elif mirrorObj.ErSpanDstType == 'ip':
return "00:00:00:00:00:00"
elif spanvpc.IsTenantVPC() and mirrorObj.ErSpanDstType == 'ip':
lmappingclient = utils.GetClientObject(ObjectTypes.LMAPPING)
lmapping = lmappingclient.GetLMapObjByEpIpKey(mirrorObj.Node,
str(mirrorObj.DstIP),
spanvpc.UUID.GetUuid())
rmappingclient = utils.GetClientObject(ObjectTypes.RMAPPING)
rmapping = rmappingclient.GetRMapObjByEpIpKey(mirrorObj.Node,
str(mirrorObj.DstIP),
spanvpc.UUID.GetUuid())
if lmapping != None:
return lmapping.VNIC.MACAddr
elif rmapping != None:
return rmapping.MACAddr
return "00:00:00:00:00:00"
def __get_matching_rule(policies, pkt, direction, testcase):
packet_tuples = __get_packet_tuples(pkt)
rules = []
for policyid in policies:
policyobj = utils.GetConfigObjectById(ObjectTypes.POLICY, policyid)
rules.extend(policyobj.rules)
# Get a new copy of stable sorted (based on priority) rules
# Note: lower the value of rule.Priority higher the Priority
rules = sorted(rules, key=lambda x: x.Priority)
match_rule = None
for rule in rules:
if __is_matching_rule(packet_tuples, rule, direction, testcase):
# if priorities are same for multiple rules, choose the first
match_rule = rule
break
return match_rule
def __match_and_get_final_result(policies, pkt, direction, testcase):
packet_tuples = __get_packet_tuples(pkt)
tc_rule = getattr(testcase.config, 'tc_rule', None)
rules = []
for policyid in policies:
policyobj = utils.GetConfigObjectById(ObjectTypes.POLICY, policyid)
rules = sorted(policyobj.rules, key=lambda x: x.Priority)
match_rule = None
for rule in rules:
if __is_matching_rule(packet_tuples, rule, direction, testcase):
match_rule = rule
break
final_result = __get_final_result(tc_rule, match_rule, testcase,
policyobj)
if final_result is types_pb2.SECURITY_RULE_ACTION_DENY:
break
__rule_dump(tc_rule, match_rule)
return final_result
def GetERSPANSrcIP(testcase, packet, args=None):
mirrorObj = __get_mirror_object(testcase, args)
if not mirrorObj or mirrorObj.SpanType != "ERSPAN":
return "0"
spanvpc = vpc.client.GetVpcObject(mirrorObj.Node, mirrorObj.VPCId)
if spanvpc.IsUnderlayVPC():
if mirrorObj.ErSpanDstType == 'tep':
spantunnel = utils.GetConfigObjectById(ObjectTypes.TUNNEL,
mirrorObj.TunnelId)
return str(spantunnel.LocalIPAddr)
elif spanvpc.IsTenantVPC() and mirrorObj.ErSpanDstType == 'ip':
lmappingclient = utils.GetClientObject(ObjectTypes.LMAPPING)
lmapping = lmappingclient.GetLMapObjByEpIpKey(mirrorObj.Node,
str(mirrorObj.DstIP),
spanvpc.UUID.GetUuid())
rmappingclient = utils.GetClientObject(ObjectTypes.RMAPPING)
rmapping = rmappingclient.GetRMapObjByEpIpKey(mirrorObj.Node,
str(mirrorObj.DstIP),
spanvpc.UUID.GetUuid())
if lmapping != None:
return str(lmapping.VNIC.SUBNET.VirtualRouterIPAddr[1])
elif rmapping != None:
return rmapping.SUBNET.GetIPv4VRIP()
return "0"