def config_acls(self, rules_file, endpoints, force_apply_rules, force_remove_rules, coprocess_rules_files):
rules_doc = parse_rules(rules_file)
self._read_faucet_conf()
self.faucetconfgetsetter.faucet_conf = ACLs().apply_acls(
rules_file, endpoints,
force_apply_rules, force_remove_rules,
coprocess_rules_files, self.faucetconfgetsetter.faucet_conf, rules_doc)
self._write_faucet_conf()
def config(self,
config_file,
action,
port,
switch,
rules_file=None,
endpoints=None,
force_apply_rules=None,
force_remove_rules=None,
coprocess_rules_files=None):
switch_found = None
config_file = get_config_file(config_file)
obj_doc = yaml_in(config_file)
switch_found = self.check_mirror(config_file, switch, port, obj_doc)
if action == 'mirror' or action == 'unmirror':
if switch_found:
interfaces = obj_doc['dps'][switch_found]['interfaces']
if 'mirror' in interfaces[self.mirror_ports[switch_found]]:
if not isinstance(
interfaces[self.mirror_ports[switch_found]]
['mirror'], list):
interfaces[
self.mirror_ports[switch_found]]['mirror'] = [
interfaces[self.mirror_ports[switch_found]]
['mirror']
]
else:
interfaces[self.mirror_ports[switch_found]]['mirror'] = []
if action == 'mirror':
# TODO make this smarter about more complex configurations (backup original values, etc)
if self.reinvestigation_frequency:
obj_doc['dps'][switch_found]['timeout'] = (
self.reinvestigation_frequency * 2) + 1
else:
obj_doc['dps'][switch_found][
'timeout'] = self.reinvestigation_frequency
obj_doc['dps'][switch_found][
'arp_neighbor_timeout'] = self.reinvestigation_frequency
if port not in interfaces[self.mirror_ports[switch_found]][
'mirror'] and port is not None:
interfaces[self.mirror_ports[switch_found]][
'mirror'].append(port)
elif action == 'unmirror':
try:
# TODO check for still running captures on this port
interfaces[self.mirror_ports[switch_found]][
'mirror'].remove(port)
except ValueError:
self.logger.warning(
'Port: {0} was not already '
'mirroring on this switch: {1}'.format(
str(port), str(switch_found)))
else:
self.logger.error('Unable to mirror due to warnings')
return switch_found
elif action == 'shutdown':
# TODO
pass
elif action == 'apply_acls':
rules_doc = parse_rules(rules_file)
obj_doc = ACLs().apply_acls(config_file, rules_file, endpoints,
force_apply_rules, force_remove_rules,
coprocess_rules_files, obj_doc,
rules_doc)
elif action == 'apply_routes':
# TODO
pass
else:
self.logger.warning('Unknown action: {0}'.format(action))
if switch_found:
try:
if len(obj_doc['dps'][switch_found]['interfaces'][
self.mirror_ports[switch_found]]['mirror']) == 0:
del obj_doc['dps'][switch_found]['interfaces'][
self.mirror_ports[switch_found]]['mirror']
# TODO make this smarter about more complex configurations (backup original values, etc)
if 'timeout' in obj_doc['dps'][switch_found]:
del obj_doc['dps'][switch_found]['timeout']
if 'arp_neighbor_timeout' in obj_doc['dps'][switch_found]:
del obj_doc['dps'][switch_found][
'arp_neighbor_timeout']
else:
ports = []
for p in obj_doc['dps'][switch_found]['interfaces'][
self.mirror_ports[switch_found]]['mirror']:
if p:
ports.append(p)
obj_doc['dps'][switch_found]['interfaces'][
self.mirror_ports[switch_found]]['mirror'] = ports
except Exception as e:
self.logger.warning(
'Unable to remove empty mirror list because: {0}'.format(
str(e)))
yaml_out(config_file, obj_doc)
return
def test_parse_rules():
parse_rules(os.path.join(os.getcwd(),
'tests/sample_faucet_config.yaml'))
def test_parse_rules():
with tempfile.TemporaryDirectory() as tmpdir:
shutil.copy(SAMPLE_CONFIG, tmpdir)
parse_rules(os.path.join(tmpdir, os.path.basename(SAMPLE_CONFIG)))