def run_lldptool(self, args):
'''Function for invoking the lldptool utility'''
full_args = ['lldptool'] + args
try:
utils.execute(full_args, root_helper=self.root_helper)
except Exception as e:
LOG.error("Unable to execute %(cmd)s. "
"Exception: %(exception)s",
{'cmd': full_args, 'exception': e})
def run_vdptool(self, args, oui_args=[]):
'''Function that runs the vdptool utility'''
full_args = ['vdptool'] + args + oui_args
try:
return utils.execute(full_args, root_helper=self.root_helper)
except Exception as e:
LOG.error("Unable to execute %(cmd)s. "
"Exception: %(exception)s",
{'cmd': full_args, 'exception': e})
def program_rtr(self, args, rout_id, namespace=None):
''' Execute the command against the namespace '''
if namespace is None:
namespace = self.find_rtr_namespace(rout_id)
if namespace is None:
LOG.error("Unable to find namespace for router %s", rout_id)
return False
final_args = ['ip', 'netns', 'exec', namespace] + args
try:
utils.execute(final_args, root_helper=self.root_helper)
except Exception as e:
LOG.error("Unable to execute %(cmd)s. "
"Exception: %(exception)s", {
'cmd': final_args,
'exception': e
})
return False
return True
def update_iptables(self):
"""Update iptables based on information in the rule_info."""
# Read the iptables
iptables_cmds = ['iptables-save', '-c']
all_rules = dsl.execute(iptables_cmds,
root_helper=self._root_helper,
log_output=False)
# For each rule in rule_info update the rule if necessary.
new_rules = []
is_modified = False
for line in all_rules.split('\n'):
new_line = line
line_content = line.split()
# The spoofing rule which includes mac and ip should have
# -s cidr/32 option for ip address. Otherwise no rule
# will be modified.
if '-s' in line_content:
tmp_rule_info = list(self.rule_info)
for rule in tmp_rule_info:
if (rule.mac in line.lower()
and rule.chain.lower() in line.lower() and
not self._is_ip_in_rule(rule.ip, line_content)):
ip_loc = line_content.index('-s') + 1
line_content[ip_loc] = rule.ip + '/32'
new_line = ' '.join(line_content)
LOG.debug('Modified %(old_rule)s. '
'New rule is %(new_rule)s.' %
({
'old_rule': line,
'new_rule': new_line
}))
is_modified = True
new_rules.append(new_line)
if is_modified and new_rules:
# Updated all the rules. Now commit the new rules.
iptables_cmds = ['iptables-restore', '-c']
dsl.execute(iptables_cmds,
process_input='\n'.join(new_rules),
root_helper=self._root_helper,
log_output=False)
def update_ip_rule(self, ip, mac):
"""Update a rule associated with given ip and mac."""
rule_no = self._find_rule_no(mac)
chain = self._find_chain_name(mac)
if not rule_no or not chain:
LOG.error('Failed to update ip rule for %(ip)s %(mac)s', {
'ip': ip,
'mac': mac
})
return
update_cmd = [
'iptables', '-R',
'%s' % chain,
'%s' % rule_no, '-s',
'%s/32' % ip, '-m', 'mac', '--mac-source',
'%s' % mac, '-j', 'RETURN'
]
LOG.debug('Execute command: %s', update_cmd)
dsl.execute(update_cmd, self._root_helper, log_output=False)
def _find_rule_no(self, mac):
"""Find rule number associated with a given mac."""
ipt_cmd = ['iptables', '-L', '--line-numbers']
cmdo = dsl.execute(ipt_cmd, self._root_helper, log_output=False)
for o in cmdo.split('\n'):
if mac in o.lower():
rule_no = o.split()[0]
LOG.info('Found rule %(rule)s for %(mac)s.', {
'rule': rule_no,
'mac': mac
})
return rule_no
def find_rtr_namespace(self, rout_id):
''' Find the namespace associated with the router '''
if rout_id is None:
return None
args = ['ip', 'netns', 'list']
try:
ns_list = utils.execute(args, root_helper=self.root_helper)
except Exception as e:
LOG.error("Unable to find the namespace list")
return None
for ns in ns_list.split():
if 'router' in ns and rout_id in ns:
return ns
return None
def _find_chain_name(self, mac):
"""Find a rule associated with a given mac."""
ipt_cmd = ['iptables', '-t', 'filter', '-S']
cmdo = dsl.execute(ipt_cmd,
root_helper=self._root_helper,
log_output=False)
for o in cmdo.split('\n'):
if mac in o.lower():
chain = o.split()[1]
LOG.info('Find %(chain)s for %(mac)s.', {
'chain': chain,
'mac': mac
})
return chain