def createAction(outputIntfs=None,
ethSrc=None,
ethDst=None,
ipSrc=None,
ipDst=None):
action = eossdk.FlowAction()
actionSet = eossdk.FlowActionSet()
if outputIntfs is not None:
# Until we have correct swig support for std::set,
# need to add each interface individually
actionSet.set_output_intfs_is(True)
action.output_intfs_is(tuple([intfId for intfId in outputIntfs]))
if ethSrc is not None:
actionSet.set_eth_src_is(True)
newEthSrc = eossdk.EthAddr(ethSrc)
action.eth_src_is(newEthSrc)
if ethDst is not None:
actionSet.set_eth_dst_is(True)
newEthDst = eossdk.EthAddr(ethDst)
action.eth_dst_is(newEthDst)
if ipSrc is not None:
actionSet.set_ip_src_is(True)
newIpSrc = eossdk.IpAddr(ipSrc)
action.ip_src_is(newIpSrc)
if ipDst is not None:
actionSet.set_ip_dst_is(True)
newIpDst = eossdk.IpAddr(ipDst)
action.ip_dst_is(newIpDst)
action.action_set_is(actionSet)
return action
def _is_connection_allowed(self, src_addr):
"""Test connection against configure service ACL
Example:
ip access-list standard MY_AGENT_ACL
10 permit 192.168.0.0/16
daemon MyAgent
exec /path/to/myagent
ip access-group MY_AGENT_ACL [in]
no shutdown
"""
src_ip, src_port = src_addr
dst_ip, dst_port = self._server.getsockname()
src_ip = eossdk.IpAddr(src_ip)
dst_ip = eossdk.IpAddr(dst_ip)
if not self.acl_mgr.stream_allowed(src_ip, dst_ip, 0, src_port,
dst_port):
return False
return True
def on_route_set(self, route):
self.tracer.trace0("Last added hardware route entry %s" %
route.route_key().prefix().to_string())
syslog.syslog("Last Added Route %s" %
route.route_key().prefix().to_string())
cli = "show ip bgp %s" % route.route_key().prefix().to_string()
route_detail = self.eapi_execute(cli)
if self.community_list_check(route_detail):
self.update_acl(route.route_key().prefix().to_string())
self.aclMgr_.acl_commit()
syslog.syslog("ACL Commited")
#for acl_rule in self.aclMgr_.acl_rule_ip_iter(self.aclKey):
# syslog.syslog("%s"% (acl_rule[1].to_string(),))
if self.aclMgr_.acl_exists(self.aclKey):
syslog.syslog("ACL Key Created")
# Now build the class map for that ACL and commit it
self.classMapKey = eossdk.PolicyMapKey(
REDIRECTCLASS, eossdk.POLICY_FEATURE_PBR)
self.class_map = eossdk.ClassMap(self.classMapKey)
self.classMapRule = eossdk.ClassMapRule(self.aclKey)
self.class_map.rule_set(10, self.classMapRule)
self.classMapMgr_.class_map_is(self.class_map)
self.cm = self.classMapMgr_.class_map(self.classMapKey)
syslog.syslog("Set class map %s with %d rules" %
(REDIRECTCLASS, len(self.cm.rules())))
# Build the nexthop group that will setup the GRE tunnel
self.nhg = eossdk.NexthopGroup(REDIRECTNHG,
eossdk.NEXTHOP_GROUP_GRE)
self.nhgEntry1 = eossdk.NexthopGroupEntry(
eossdk.IpAddr(NHGDSTPREFIX))
self.nhg.nexthop_set(0, self.nhgEntry1)
self.nhg.source_ip_is(eossdk.IpAddr(NHGSRCPREFIX))
self.nexthopGroupMgr_.nexthop_group_set(self.nhg)
# Add the policy map rule matching our class map and tunnel the traffic
self.policyMapKey = eossdk.PolicyMapKey(
REDIRECTPOLICY, eossdk.POLICY_FEATURE_PBR)
self.policy_map = eossdk.PolicyMap(self.policyMapKey)
self.policyMapRule = eossdk.PolicyMapRule(self.classMapKey)
self.policyMapAction = eossdk.PolicyMapAction(
eossdk.POLICY_ACTION_NEXTHOP_GROUP)
self.policyMapAction.nexthop_group_name_is(REDIRECTNHG)
self.policyMapRule.action_set(self.policyMapAction)
self.policy_map.rule_set(1, self.policyMapRule)
self.policyMapMgr_.policy_map_is(self.policy_map)
self.policyMapMgr_.policy_map_apply(
self.policyMapKey, eossdk.IntfId(INTERFACENAME),
eossdk.ACL_IN, True)
syslog.syslog("Finished applying policy")
else:
syslog.syslog("ACL Key Not Created")
def insert_routes(self, start, end, newApi):
self.tracer.trace1("Starting to insert {} routes, \
starting at route# {}".format(end, start))
for i in range(start, end):
first = 200 + (i / 65536)
second = (i / 256) % 256
third = i % 256
addrStr = "%d.%d.%d.0" % (first, second, third)
prefix = eossdk.IpPrefix(eossdk.IpAddr(addrStr), 24)
if i % 2550 == 0:
self.tracer.trace3("Adding prefix " + prefix.to_string())
rkey = eossdk.IpRouteKey(prefix)
route = eossdk.IpRoute(rkey)
route.tag_is(self.tag)
via = eossdk.IpRouteVia(rkey)
via.nexthop_group_is("mpls_nhg")
if not newApi:
self.ipMgr.ip_route_set(route)
else:
self.ipMgr.ip_route_set(route,
eossdk.IP_ROUTE_ACTION_NEXTHOP_GROUP)
self.ipMgr.ip_route_via_set(via)
self.tracer.trace1("Finished inserting {} routes, \
starting at route# {}".format(end, start))
def _set_nexthop_group(self, name, entries=[]):
"""
{
"command": "set",
"type": "nexthop-group"
"name": "CYGNUS_NHG_1",
"entries": [
{
"nexthop": "172.16.130.1",
"label": [30, 31, 32]
},
{
"nexthop": "172.16.130.2",
"label": [40, 41, 42]
}
]
}
"""
nhg = eossdk.NexthopGroup(name, eossdk.NEXTHOP_GROUP_MPLS)
for index, entry in enumerate(entries):
labels = tuple([eossdk.MplsLabel(l) for l in entry["label"]])
action = eossdk.NexthopGroupMplsAction(eossdk.MPLS_ACTION_PUSH,
labels)
nhe = eossdk.NexthopGroupEntry(eossdk.IpAddr(entry["nexthop"]))
nhe.mpls_action_is(action)
nhg.nexthop_set(index, nhe)
self.nhg_mgr.nexthop_group_set(nhg)
def create_ip_v6_route_key(self, i):
first = (i / 65536) % 65536
second = i % 65536
addrStr = "%04x:%04x::" % (first, second)
ip = eossdk.IpAddr(addrStr)
prefix6 = eossdk.IpPrefix(ip, 64)
rkey6 = eossdk.IpRouteKey(prefix6)
return rkey6
def create_ip_route_key(self, i):
first = 200 + (i / 65536)
second = (i / 256) % 256
third = i % 256
addrStr = "%d.%d.%d.0" % (first, second, third)
prefix = eossdk.IpPrefix(eossdk.IpAddr(addrStr), 24)
if i % 2550 == 0:
self.tracer.trace3("Adding prefix %s" % prefix.to_string())
rkey = eossdk.IpRouteKey(prefix)
return rkey
def createMatch(inputIntfs=None,
ethSrc=None,
ethSrcMask="ff:ff:ff:ff:ff:ff",
ethDst=None,
ethDstMask="ff:ff:ff:ff:ff:ff",
ethType=None,
ipSrc=None,
ipSrcMask="255.255.255.255",
ipDst=None,
ipDstMask="255.255.255.255"):
match = eossdk.FlowMatch()
matchFieldSet = eossdk.FlowMatchFieldSet()
if inputIntfs is not None:
# Until we have correct swig support for std::set,
# need to add each interface individually
matchFieldSet.input_intfs_is(True)
match.input_intfs_is(tuple([intfId for intfId in inputIntfs]))
if ethSrc is not None:
matchFieldSet.eth_src_is(True)
ethSrc = eossdk.EthAddr(ethSrc)
ethSrcMask = eossdk.EthAddr(ethSrcMask)
match.eth_src_is(ethSrc, ethSrcMask)
if ethDst is not None:
matchFieldSet.eth_dst_is(True)
ethDst = eossdk.EthAddr(ethDst)
ethDstMask = eossdk.EthAddr(ethDstMask)
match.eth_dst_is(ethDst, ethDstMask)
if ethType is not None:
matchFieldSet.eth_type_is(True)
match.eth_type_is(ethType)
if ipSrc is not None:
matchFieldSet.ip_src_is(True)
ipSrc = eossdk.IpAddr(ipSrc)
ipSrcMask = eossdk.IpAddr(ipSrcMask)
match.ip_src_is(ipSrc, ipSrcMask)
if ipDst is not None:
matchFieldSet.ip_dst_is(True)
ipDst = eossdk.IpAddr(ipDst)
ipDstMask = eossdk.IpAddr(ipDstMask)
match.ip_dst_is(ipDst, ipDstMask)
match.match_field_set_is(matchFieldSet)
return match
def set_nexthop_group(self):
self.tracer.trace1("Setting nexthop group")
# Create a nexthop-group mpls_nhg:
# nexthop-group mpls_nhg type mpls
# size 256
# entry 0 push label-stack 16 nexthop 10.0.0.8
nhgName = "mpls_nhg"
label = 16
entry = 0
addrStr = "10.0.0.8"
nhg = eossdk.NexthopGroup(nhgName, eossdk.NEXTHOP_GROUP_MPLS)
nhge = eossdk.NexthopGroupEntry(eossdk.IpAddr(addrStr))
mplsAction = eossdk.NexthopGroupMplsAction(eossdk.MPLS_ACTION_PUSH,
(eossdk.MplsLabel(label), ))
nhge.mpls_action_is(mplsAction)
nhg.nexthop_set(entry, nhge)
self.nhgMgr.nexthop_group_set(nhg)
def resolve_egress_tunnel(self, tunnel):
self.tracer.trace8("Resolve the nexthop IP %s to an ethernet address" %
tunnel.nexthop_ip)
neighbor_key = eossdk.NeighborKey(eossdk.IpAddr(tunnel.nexthop_ip),
eossdk.IntfId())
neighbor_entry = self.neighbor_table_mgr.neighbor_entry_status(
neighbor_key)
if neighbor_entry == eossdk.NeighborEntry():
self.tracer.trace8("Checking static ARP entries")
neighbor_entry = self.neighbor_table_mgr.neighbor_entry(
neighbor_key)
if neighbor_entry == eossdk.NeighborEntry():
self.tracer.trace0("IP address %r has no ARP entry" %
tunnel.nexthop_ip)
assert False, "Unlearned nexthop IP %s" % tunnel.nexthop_ip
nexthop_eth_addr = neighbor_entry.eth_addr()
self.tracer.trace5("IP %s lives on %s" %
(tunnel.nexthop_ip, nexthop_eth_addr.to_string()))
tunnel.nexthop_eth_addr = nexthop_eth_addr.to_string()
self.tracer.trace8("Now resolving that MAC entry to an interface.")
# TODO: Is this necessary if we send it out of the "fabric"
# interface?
vlan_id = 1
mac_entry = self.mac_table_mgr.mac_entry(vlan_id, nexthop_eth_addr)
if mac_entry.intf() == eossdk.IntfId():
self.tracer.trace0("Mac entry %r not on any interface" %
tunnel.nexthop_eth_addr)
assert False, "Unlearned nexthop MAC %s" % tunnel.nexthop_eth_addr
intf = mac_entry.intf().to_string()
# Convert the interface names to the kernel interface names
intf = intf.replace("Ethernet", "et")
intf = intf.replace("Port-Channel", "po")
self.tracer.trace5("MAC entry %s is learned on inteface %r" %
(tunnel.nexthop_eth_addr, intf))
tunnel.egress_intf = intf
self.tracer.trace8("Looking up that interface's MAC address")
egress_eth_addr = self.eth_intf_mgr.eth_addr(mac_entry.intf())
if egress_eth_addr == eossdk.EthAddr():
assert False, "Interface %s has no MAC address" % intf
self.tracer.trace5("Intf %s has MAC address %s" %
(intf, egress_eth_addr.to_string()))
tunnel.egress_intf_eth_addr = egress_eth_addr.to_string()
def insert_v6_routes(self, start, end, newApi):
self.tracer.trace1("Starting to insert {} v6_routes, \
starting at route# {}".format(end, start))
for i in range(start, end):
first = (i / 65536) % 65536
second = i % 65536
addrStr = "%04x:%04x::" % (first, second)
ip = eossdk.IpAddr(addrStr)
prefix6 = eossdk.IpPrefix(ip, 64)
rkey6 = eossdk.IpRouteKey(prefix6)
route6 = eossdk.IpRoute(rkey6)
route6.tag_is(self.tag)
via6 = eossdk.IpRouteVia(rkey6)
via6.nexthop_group_is("mpls_nhg")
if not newApi:
self.ipMgr.ip_route_set(route6)
else:
self.ipMgr.ip_route_set(route6,
eossdk.IP_ROUTE_ACTION_NEXTHOP_GROUP)
self.ipMgr.ip_route_via_set(via6)
self.tracer.trace1("Finished inserting {} routes, \
starting at route# {}".format(end, start))
def get_ip_addr(ip_addr):
try:
return eossdk.IpAddr(ip_addr)
except eossdk.Error as e:
sys.stderr.write('Invalid IP address: %s (%s)' % (ip_addr, e))