Exemple #1
0
def __resync():

    _db = __get_db_objs()

    _entries = __get_acl_entries( __table_in.extract_id()) + \
        __get_acl_entries( __table_out.extract_id())

    _m = {}

    for _i in _entries:
        print(_i)
        _o = cps_object.CPSObject(obj=_i)
        _acl = _o.get_attr_data('base-acl/entry/id')
        _table = _o.get_attr_data('base-acl/entry/table-id')
        __mark_dirty(_o.get())
        _m[(_table, _acl)] = _i

    for _i in _db:
        _entry = cps_object.CPSObject(obj=__acl_cfg_to_acl_entry(_i, True))
        if _entry is None:
            print(
                'Error creating ACL entries.  Consult the logs for more details.'
            )

        _table = _entry.get_attr_data('base-acl/table/id')
        _entry = _entry.get_attr_data('base-acl/entry/id')
        _i['operation'] = 'set'
        cps.db_commit(_i, None, True)

        if (_table, _entry) in _m:
            del _m[(_table, _entry)]

    for (table, entry) in _m.keys():
        nas_acl.delete_entry(table, entry)
Exemple #2
0
def __sync_file_to_db(filename):
    __objs = __load_file(filename)
    _objs = __array_to_map(__objs)

    _db = __get_db_objs()

    _db_map = {}

    for _i in _db:
        _o = cps_object.CPSObject(obj=_i)
        _name = _o.get_attr_data('name')
        _rule = _o.get_attr_data('rule')

        if _name in _objs:
            if _rule == _objs[_name].get_attr_data('rule'):
                #print(_objs[_name].get(), "And ", _i, "Are the same")
                _db_map[_name] = _i
                continue
            #print('Entries are different ' , _i,_objs[_name].get())
        #print('Existing DB entry targeted to be removed ' , _i)
        __mark_dirty(_i)

    for _i in _db:
        #_entry = __find_entry(_i)
        if __is_dirty(_i):
            _i['operation'] = 'delete'
            cps.db_commit(_i, None, True)

    for _i in __objs:
        _i['operation'] = 'create'
        _o = cps_object.CPSObject(obj=_i)
        _name = _o.get_attr_data('name')
        if _name in _db_map:
            continue
        cps.db_commit(_i, None, True)
def gen_cps_obj_status():
    if check_fault_state() == False:
        return
    cur_status = get_status_call()
    _obj = cps_object.CPSObject(module=STATUS_KEY, qual='observed')
    _obj.add_attr('status', cur_status)
    _obj.add_attr('node-id',get_node_id())
    for i in range(len(sensor_list)):
        _retDict = sys_status.get_sensor(sensor_list[i])
        if _retDict != None:
            _obj.add_embed_attr(['sensor', str(i), 'name'], sensor_map[sensor_list[i]])
            _obj.add_embed_attr(['sensor', str(i), 'value-type'], 2)
            if _retDict['fault-state'] != None:
                _obj.add_embed_attr(['sensor', str(i), 'fault-state'], _retDict['fault-state'])
            if _retDict['value'] != None:
                _obj.add_embed_attr(['sensor', str(i), 'value'], str(round(_retDict['value'], 2)))
            if _retDict['threshold'] != None:
                _obj.add_embed_attr(['sensor', str(i), 'threshold'], str(round(_retDict['threshold'],2)))
            if _retDict['description'] != None:
                _obj.add_embed_attr(['sensor', str(i), 'description'],_retDict['description'])
    obj = _obj.get()
    obj['operation'] = 'set'
    # publish to db
    ev.logging('SYS_STAT', ev.DEBUG, '', 'system_status_db.py', '', 0, 'Overall system status is %d' % cur_status)
    global overall_status
    if overall_status != cur_status:
        ev.logging('SYS_STAT', ev.DEBUG, '', 'system_status_db.py', '', 0, 'Overall system status change detected: %d to %d' % (overall_status, cur_status))
        overall_status = cur_status
        cps.db_commit(obj, None, True)
    else:
        cps.db_commit(obj, None, False)
def cps_gen_ut_data( amount, persist=False):
    _keys = [ 'base-ip/ipv6','base-ip/ipv6/address',
              'base-ip/ipv4','base-ip/ipv4/address' ]

    _qual = [ 'target', 'observed' ]
    
    _attrs={'base-ip/ipv6/vrf-id': 1, 'base-ip/ipv6/ifindex':0 }    

    l=[]
    for _k in _keys :
        for _q in _qual:
            for i in range(0,amount):
                l.append(_gen_cps_obj(_q, _k,_attrs,random_ifindex))
    
    if persist==True:
        for _o in l:
            _o['operation'] = 'create'
            cps.db_commit(_o,None,False)
    return l    
def commit_obj(op, data):
    log_funcname = sys._getframe().f_code.co_name

    ch = {'change': {}, 'prev': {}}
    ch['change'] = data
    ch['change']['operation'] = op

    if cps.db_commit(ch['change'], ch['prev'], True):
        log_msg(
            3, " Transaction Failure with operation %s for data %s" %
            (str(op), str(data)), log_funcname,
            sys._getframe().f_lineno)
    else:
        log_msg(
            6, " Transaction Success with operation %s for data %s " %
            (str(op), str(data)), log_funcname,
            sys._getframe().f_lineno)
        return True
    return False
Exemple #6
0
def __acl_cfg_to_acl_entry(obj, create_if_not_there=False):
    obj = cps_object.CPSObject(obj=obj)

    _name = obj.get_attr_data('name')
    _rule = obj.get_attr_data('rule')
    try:
        _entry_id = obj.get_attr_data('base-acl/entry/id')
        _table_id = obj.get_attr_data('base-acl/table/id')
        _lst = __get_acl_entries(_table_id, _entry_id)
        if _lst:
            return obj.get()
        print('Invalid ACL entry details - %d and %d' % (_table_id, _entry_id))
    except:
        print('Not created yet...')
        _entry_id = None
        _table_id = None

    l = _rule.strip().split(' ')
    _parser = argparse.ArgumentParser('Process ACL rules')

    _parser.add_argument('-prio',
                         '--priority',
                         help='The rule priority',
                         action='store',
                         required=False)
    _parser.add_argument('-i',
                         '--in-interface',
                         help='The incoming interface name',
                         action='append',
                         required=False)
    _parser.add_argument(
        '-o',
        '--out-interface',
        help=
        'The outgoing interface name (same as the -i option) at this point',
        action='append',
        required=False)
    _parser.add_argument(
        '-j',
        '--jump',
        help='The action assocaiated with the rule ACCEPT or DROP',
        choices=['DROP', 'ACCEPT', 'ACCEPT-TRAP', 'TRAP'],
        action='store',
        required=True)
    _parser.add_argument(
        '-I',
        '-A',
        help=
        'The INPUT or OUTPUT chain which maps to the INGRESS or EGRESS tables',
        choices=['INPUT', 'OUTPUT'],
        required=True)
    _parser.add_argument('-p',
                         '--protocol',
                         help='The IP protocol type (TCP/UDP/ICMP)',
                         action='store')
    _parser.add_argument('-d',
                         '--destination',
                         help='Specify the destination IPv4/IPv6 address',
                         action='store')
    _parser.add_argument('--dport',
                         help='Specify the destination port number',
                         action='store')
    _parser.add_argument('--sport',
                         help='Specify the source port number',
                         action='store')
    _parser.add_argument('-s',
                         '--source',
                         help='Specify the source IPv4/IPv6 address',
                         action='store')
    _parser.add_argument('--mac-source',
                         help='The source MAC address',
                         action='store')
    _parser.add_argument('--mac-destination',
                         help='The destination MAC address',
                         action='store')
    _parser.add_argument(
        '-m',
        help='Module loading (depreciated at this point but ignored)',
        action='store')

    _args = vars(_parser.parse_args(l))
    print "***"
    print _args
    if 'A' in _args:
        _args['I'] = _args['A']
    _table = None
    if 'I' in _args:
        if _args['I'] == 'INPUT':
            _table = __table_in
        else:
            _table = __table_out
    if _table is None:
        print('Invalid table specified.')
        raise Exception('Failed to create table - no table specified (in/out)')

    _filters = {}
    if _args['source'] != None:
        if '.' in _args['source']:
            _addrs = _args['source'].split('/')
            _mask = '255.255.255.255'
            if len(_addrs) == 1:
                _addrs.append(_mask)
            _filters['SRC_IP'] = {'addr': _addrs[0], 'mask': _addrs[1]}
    if _args['destination'] != None:
        if '.' in _args['destination']:
            _addrs = _args['destination'].split('/')
            _mask = '255.255.255.255'
            if len(_addrs) == 1:
                _addrs.append(_mask)
            _filters['DST_IP'] = {'addr': _addrs[0], 'mask': _addrs[1]}

    if _args['mac_source'] != None:
        _addrs = _args['mac_source'].split('/')
        _mask = 'ff:ff:ff:ff:ff:ff'
        if len(_addrs) == 1:
            _addrs.append(_mask)
        _filters['SRC_MAC'] = {'addr': _addrs[0], 'mask': _addrs[1]}

    if _args['mac_destination'] != None:
        _addrs = _args['mac_destination'].split('/')
        _mask = 'ff:ff:ff:ff:ff:ff'
        if len(_addrs) == 1:
            _addrs.append(_mask)
        _filters['DST_MAC'] = {'addr': _addrs[0], 'mask': _addrs[1]}

    if _args['sport'] != None:
        _filters['L4_SRC_PORT'] = _args['sport']

    if _args['dport'] != None:
        _filters['L4_DST_PORT'] = _args['dport']

    _actions = {}
    if _args['jump'] != None and _args['jump'] == 'DROP':
        _actions['PACKET_ACTION'] = 'DROP'
    if _args['jump'] != None and _args['jump'] == 'ACCEPT':
        _actions['PACKET_ACTION'] = 'FORWARD'
    if _args['jump'] != None and _args['jump'] == 'ACCEPT-TRAP':
        _actions['PACKET_ACTION'] = 'COPY_TO_CPU_AND_FORWARD'
    if _args['jump'] != None and _args['jump'] == 'TRAP':
        _actions['PACKET_ACTION'] = 'COPY_TO_CPU'

    _prio = None
    if _args['priority']:
        _prio = int(_args['priority'])
    else:
        _prio = _default_entry_prio

    print('Attempting to local ACL entry')
    _entry = nas_acl.find_entry(table_id=_table.extract_id(),priority=_prio,\
                filter_map=_filters,action_map=_actions)
    if _entry != None:
        _obj = cps_object.CPSObject(obj=_entry.data())
        #_entry_id = _obj.get_attr_data('base-acl/entry/id')
        #_table_id = _obj.get_attr_data('base-acl/table/id')
        obj.add_attr('base-acl/entry/id',
                     _obj.get_attr_data('base-acl/entry/id'))
        obj.add_attr('base-acl/table/id', _table.extract_id())

        _obj = obj.get()
        _obj['operation'] = 'set'
        cps.db_commit(_obj, None, True)
        return _obj

    if _entry is None and create_if_not_there:
        _entry_id = None
        try:
            _entry_id = nas_acl.create_entry(table_id=_table.extract_id(),
                                             prio=_prio,
                                             filter_map=_filters,
                                             action_map=_actions)
            obj.add_attr('base-acl/entry/id', _entry_id)
            obj.add_attr('base-acl/table/id', _table.extract_id())
            _obj = obj.get()
            _obj['operation'] = 'set'
            cps.db_commit(_obj, None, True)
            return _obj
        except Exception as err:
            print(err)
            print('Failed to create acl entry')
            return None

    return None