def read_faucet_conf(self, config_file):
if not config_file:
config_file = self.DEFAULT_CONFIG_FILE
config_file = get_config_file(config_file)
faucet_conf = yaml_in(config_file)
if faucet_conf is None:
logging.error('Faucet config is empty, exiting.')
sys.exit(1)
if isinstance(faucet_conf, dict):
self.faucet_conf = faucet_conf
return self.faucet_conf
def clear_mirrors(config_file):
config_file = get_config_file(config_file)
obj_doc = yaml_in(config_file)
if obj_doc:
# TODO make this smarter about more complex configurations (backup original values, etc)
obj_copy = deepcopy(obj_doc)
if 'dps' in obj_copy:
for switch in obj_copy['dps']:
if 'interfaces' in obj_copy['dps'][switch]:
for port in obj_copy['dps'][switch]['interfaces']:
if 'mirror' in obj_copy['dps'][switch][
'interfaces'][port]:
del obj_doc['dps'][switch]['interfaces'][port][
'mirror']
if 'timeout' in obj_copy['dps'][switch]:
del obj_doc['dps'][switch]['timeout']
if 'arp_neighbor_timeout' in obj_copy['dps'][switch]:
del obj_doc['dps'][switch]['arp_neighbor_timeout']
return yaml_out(config_file, obj_doc)
return False
def config(self,
config_file,
action,
port,
switch,
rules_file=None,
endpoints=None,
force_apply_rules=None,
force_remove_rules=None,
coprocess_rules_files=None):
switch_found = None
config_file = get_config_file(config_file)
obj_doc = yaml_in(config_file)
switch_found = self.check_mirror(config_file, switch, port, obj_doc)
if action == 'mirror' or action == 'unmirror':
if switch_found:
interfaces = obj_doc['dps'][switch_found]['interfaces']
if 'mirror' in interfaces[self.mirror_ports[switch_found]]:
if not isinstance(
interfaces[self.mirror_ports[switch_found]]
['mirror'], list):
interfaces[
self.mirror_ports[switch_found]]['mirror'] = [
interfaces[self.mirror_ports[switch_found]]
['mirror']
]
else:
interfaces[self.mirror_ports[switch_found]]['mirror'] = []
if action == 'mirror':
# TODO make this smarter about more complex configurations (backup original values, etc)
if self.reinvestigation_frequency:
obj_doc['dps'][switch_found]['timeout'] = (
self.reinvestigation_frequency * 2) + 1
else:
obj_doc['dps'][switch_found][
'timeout'] = self.reinvestigation_frequency
obj_doc['dps'][switch_found][
'arp_neighbor_timeout'] = self.reinvestigation_frequency
if port not in interfaces[self.mirror_ports[switch_found]][
'mirror'] and port is not None:
interfaces[self.mirror_ports[switch_found]][
'mirror'].append(port)
elif action == 'unmirror':
try:
# TODO check for still running captures on this port
interfaces[self.mirror_ports[switch_found]][
'mirror'].remove(port)
except ValueError:
self.logger.warning(
'Port: {0} was not already '
'mirroring on this switch: {1}'.format(
str(port), str(switch_found)))
else:
self.logger.error('Unable to mirror due to warnings')
return switch_found
elif action == 'shutdown':
# TODO
pass
elif action == 'apply_acls':
rules_doc = parse_rules(rules_file)
obj_doc = ACLs().apply_acls(config_file, rules_file, endpoints,
force_apply_rules, force_remove_rules,
coprocess_rules_files, obj_doc,
rules_doc)
elif action == 'apply_routes':
# TODO
pass
else:
self.logger.warning('Unknown action: {0}'.format(action))
if switch_found:
try:
if len(obj_doc['dps'][switch_found]['interfaces'][
self.mirror_ports[switch_found]]['mirror']) == 0:
del obj_doc['dps'][switch_found]['interfaces'][
self.mirror_ports[switch_found]]['mirror']
# TODO make this smarter about more complex configurations (backup original values, etc)
if 'timeout' in obj_doc['dps'][switch_found]:
del obj_doc['dps'][switch_found]['timeout']
if 'arp_neighbor_timeout' in obj_doc['dps'][switch_found]:
del obj_doc['dps'][switch_found][
'arp_neighbor_timeout']
else:
ports = []
for p in obj_doc['dps'][switch_found]['interfaces'][
self.mirror_ports[switch_found]]['mirror']:
if p:
ports.append(p)
obj_doc['dps'][switch_found]['interfaces'][
self.mirror_ports[switch_found]]['mirror'] = ports
except Exception as e:
self.logger.warning(
'Unable to remove empty mirror list because: {0}'.format(
str(e)))
yaml_out(config_file, obj_doc)
return
def test_yaml_in():
with tempfile.TemporaryDirectory() as tmpdir:
test_yaml_file = os.path.join(tmpdir, 'test.yaml')
content = {'test': 'content'}
yaml_out(test_yaml_file, content)
assert yaml_in(test_yaml_file) == content
def include_acl_files(self, rules_doc, rules_file, coprocess_rules_files,
obj_doc, config_file):
files = rules_doc['include']
rules_path = rules_file.rsplit('/', 1)[0]
config_path = config_file.rsplit('/', 1)[0]
conf_files = []
acl_names = []
if 'include' in obj_doc:
conf_files = obj_doc['include']
acls_filenames = []
if coprocess_rules_files:
acls_filenames += coprocess_rules_files
for f in files:
if '/' in f:
acls_filenames.append(f.rsplit('/', 1)[1])
else:
acls_filenames.append(f)
for conf_file in conf_files:
if conf_file.startswith(
'poseidon') and conf_file not in acls_filenames:
obj_doc['include'].remove(conf_file)
self.logger.info(
'Removing {0} from config'.format(conf_file))
for f in files:
if '/' in f:
_, acls_filename = f.rsplit('/', 1)
else:
acls_filename = f
if 'poseidon_' + acls_filename not in conf_files:
obj_doc['include'].append('poseidon_' + acls_filename)
if f.startswith('/'):
acls_doc = yaml_in(f)
else:
acls_doc = yaml_in(rules_path + '/' + f)
yaml_out(config_path + '/poseidon_' + acls_filename,
acls_doc)
self.logger.info(
'Adding {0} to config'.format(acls_filename))
else:
for f in files:
if '/' in f:
_, acls_filename = f.rsplit('/', 1)
else:
acls_filename = f
if f.startswith('/'):
acls_doc = yaml_in(f)
else:
acls_doc = yaml_in(rules_path + '/' + f)
if isinstance(acls_doc, bool):
self.logger.warning(
'Include file {0} was not found, ACLs may not be working as expected'
.format(f))
else:
obj_doc['include'] = ['poseidon_' + acls_filename]
yaml_out(config_path + '/poseidon_' + acls_filename,
acls_doc)
self.logger.info(
'Adding {0} to config'.format(acls_filename))
# get defined ACL names from included files
for f in files:
acl_doc = yaml_in(f)
if isinstance(acl_doc, bool):
self.logger.warning(
'Include file {0} was not found, ACLs may not be working as expected'
.format(f))
else:
if 'acls' in acl_doc:
for acl in acl_doc['acls']:
acl_names.append(acl)
return obj_doc, acl_names