def DetachAcl(self, request, context):
errno = ErrNo_pb2.SYS_FAIL
acl_object = AclManager.AclHandle(request.vswitch_name,
request.filter_name)
while True:
if not os.path.exists(os.path.join(util.NET_AGENT_CONF_DIR, request.filter_name + '.xml')):
logging.error("DelAcl: old acl_rules file doesn,t exist")
break
if acl_object.is_vswitch_exist() is False:
logging.error("DelAcl: br %s doesnt exist" % request.vswitch_name)
break
try:
ofport = acl_object.iface_to_ofport(request.tap_name)
acl_object.detach_rules(ofport)
except:
logging.error("DelAcl: br %s del old Acl %s failed" % (request.vswitch_name, request.filter_name))
break
errno = ErrNo_pb2.SYS_OK
break
return AclManager_pb2.AclDetachReply(errno=errno)
def test_QueryAclFile(self):
response = self.acl_stub.QueryAclFile(
AclManager_pb2.AclFileQueryRequest(filter_name=self.filter_name))
logging.info('QueryAclFile:filter_name: %s', response.filter_name)
logging.info('QueryAclFile:filter_type: %d', response.filter_type)
logging.info('QueryAclFile:in_default_action: %s',
response.in_default_action)
logging.info('QueryAclFile:out_default_action: %s',
response.out_default_action)
for acl_rule in response.acl_rules:
logging.info('QueryAclFile:priority: %s', acl_rule.priority)
logging.info('QueryAclFile:direction: %d', acl_rule.direction)
logging.info('QueryAclFile:src_ip: %s', acl_rule.src_ip)
logging.info('QueryAclFile:src_port: %s', acl_rule.src_port)
logging.info('QueryAclFile:src_mask: %s', acl_rule.src_mask)
logging.info('QueryAclFile:src_mac: %s', acl_rule.src_mac)
logging.info('QueryAclFile:src_mac_mask: %s',
acl_rule.src_mac_mask)
logging.info('QueryAclFile:dst_ip: %s', acl_rule.dst_ip)
logging.info('QueryAclFile:dst_port: %s', acl_rule.dst_port)
logging.info('QueryAclFile:dst_mask: %s', acl_rule.dst_mask)
logging.info('QueryAclFile:dst_mac: %s', acl_rule.dst_mac)
logging.info('QueryAclFile:dst_mac_mask: %s',
acl_rule.dst_mac_mask)
logging.info('QueryAclFile:action: %s', acl_rule.action)
logging.info('-----------------------------------------')
logging.info('QueryAclFile:errno: %d', response.errno)
assert response.errno == ErrNo_pb2.SYS_OK
def DelAclFile(self, request, context):
errno = ErrNo_pb2.SYS_FAIL
path = os.path.join(util.NET_AGENT_CONF_DIR, request.filter_name + '.xml')
if AclManager.remove_acl_rules_file(path) is True:
errno = ErrNo_pb2.SYS_OK
return AclManager_pb2.AclFileDelReply(errno=errno)
def test_ModifyAclFile(self):
rules = []
acl_rule1 = AclManager_pb2.AclRule()
acl_rule1.protocol = "TCP"
acl_rule1.src_ip = "192.168.25.13"
acl_rule1.action = "accept"
rules.append(acl_rule1)
response = self.acl_stub.ModifyAclFile(
AclManager_pb2.AclFileModifyRequest(
filter_name=self.filter_name,
acl_rules=rules,
in_default_action="accept",
out_default_action="accept",
filter_type=AclManager_pb2.FILTER_BY_IP))
assert response.errno == ErrNo_pb2.SYS_OK
def create_default_acl_file(cls):
rules = []
acl_rule1 = AclManager_pb2.AclRule()
acl_rule1.protocol = "UDP"
acl_rule1.src_ip = "192.168.25.13"
acl_rule1.action = "accept"
rules.append(acl_rule1)
response = cls.acl_stub.AddAclFile(
AclManager_pb2.AclFileAddRequest(
filter_name=cls.filter_name,
acl_rules=rules,
in_default_action="accept",
out_default_action="accept",
filter_type=AclManager_pb2.FILTER_BY_IP))
if response == ErrNo_pb2.SYS_FAIL:
raise net_agentd_exception.NetAgentException(
"create default acl file failed")
def test_AddAclFile_DelAclFile(self):
rules = []
acl_rule0 = AclManager_pb2.AclRule()
acl_rule0.protocol = "ALL"
acl_rule0.src_ip = "192.168.25.10"
acl_rule0.src_port = "58"
acl_rule0.src_mask = "255.255.255.0"
acl_rule0.action = "drop"
rules.append(acl_rule0)
acl_rule1 = AclManager_pb2.AclRule()
acl_rule1.protocol = "UDP"
acl_rule1.src_ip = "192.168.25.13"
acl_rule1.action = "accept"
rules.append(acl_rule1)
response = self.acl_stub.AddAclFile(
AclManager_pb2.AclFileAddRequest(
filter_name="acl_test_0",
acl_rules=rules,
in_default_action="accept",
out_default_action="accept",
filter_type=AclManager_pb2.FILTER_BY_IP))
assert response.errno == ErrNo_pb2.SYS_OK
response = self.acl_stub.AddAclFile(
AclManager_pb2.AclFileAddRequest(
filter_name="acl_test_0",
acl_rules=rules,
in_default_action="accept",
out_default_action="accept",
filter_type=AclManager_pb2.FILTER_BY_IP))
assert response.errno == ErrNo_pb2.SYS_FAIL
response = self.acl_stub.DelAclFile(
AclManager_pb2.AclFileDelRequest(filter_name="acl_test_0"))
assert response.errno == ErrNo_pb2.SYS_OK
response = self.acl_stub.AddAclFile(
AclManager_pb2.AclFileAddRequest(
filter_name="acl_test_0",
acl_rules=rules,
in_default_action="adf",
out_default_action="accept",
filter_type=AclManager_pb2.FILTER_BY_IP))
assert response.errno == ErrNo_pb2.SYS_FAIL
response = self.acl_stub.AddAclFile(
AclManager_pb2.AclFileAddRequest(
filter_name="acl_test_0",
acl_rules=rules,
in_default_action="accept",
out_default_action="adf",
filter_type=AclManager_pb2.FILTER_BY_IP))
assert response.errno == ErrNo_pb2.SYS_FAIL
def test_AttachAcl_DetachAcl(self):
response = self.nic_stub.QueryNicInfo(
NicManager_pb2.NicInfoQueryRequest(nic_names=[self.acl_nic]))
assert response.nic_infos[0].errno == ErrNo_pb2.SYS_OK
mac_addr = response.nic_infos[0].mac_address
response = self.acl_stub.AttachAcl(
AclManager_pb2.AclAttachRequest(vswitch_name=self.switch_name,
tap_name=self.acl_nic,
mac_addr=mac_addr,
filter_name=self.filter_name))
assert response.errno == ErrNo_pb2.SYS_OK
response = self.acl_stub.DetachAcl(
AclManager_pb2.AclDetachRequest(vswitch_name=self.switch_name,
tap_name=self.acl_nic,
mac_addr=mac_addr,
filter_name=self.filter_name))
assert response.errno == ErrNo_pb2.SYS_OK
def ModifyAclFile(self, request, context):
errno = ErrNo_pb2.SYS_FAIL
if os.path.exists(os.path.join(util.NET_AGENT_CONF_DIR, request.filter_name + '.xml')):
try:
AclManager.generate_acl_rules_file(request.filter_type,
request.filter_name,
request.in_default_action,
request.out_default_action,
request.acl_rules)
errno = ErrNo_pb2.SYS_OK
except:
logging.error("ModifyAclFile: modify acl_rules file failed")
else:
logging.error("ModifyAclFile: acl_rules doesnt exist")
return AclManager_pb2.AclFileModifyReply(errno=errno)
def get_filter_rules(filter_name):
rules = []
path = os.path.join(util.NET_AGENT_CONF_DIR, filter_name + '.xml')
xml_tree = util.ReadXml(path)
acl_rules = util.GetXmlElementByXpath(xml_tree, 'acl_rules')
for acl_rule in acl_rules:
rule = AclManager_pb2.AclRule()
for item in acl_rule:
if item.tag == "priority":
rule.priority = item.text
if item.tag == "direction":
rule.direction = int(item.text)
if item.tag == "protocol":
rule.protocol = item.text
if item.tag == "src_ip_addr":
split = item.text.split('/', 1)
rule.src_ip = split[0]
if len(split) == 2:
rule.src_mask = split[1]
if item.tag == "src_port":
rule.src_port = item.text
if item.tag == "src_mac_addr":
split = item.text.split('/', 1)
rule.src_mac = split[0]
if len(split) == 2:
rule.src_mac_mask = split[1]
if item.tag == "dst_ip_addr":
split = item.text.split('/', 1)
rule.dst_ip = split[0]
if len(split) == 2:
rule.dst_mask = split[1]
if item.tag == "dst_port":
rule.dst_port = item.text
if item.tag == "dst_mac_addr":
split = item.text.split('/', 1)
rule.dst_mac = split[0]
if len(split) == 2:
rule.dst_mac_mask = split[1]
if item.tag == "actions":
rule.action = item.text
rules.append(rule)
return rules
def AddAclFile(self, request, context):
errno = ErrNo_pb2.SYS_FAIL
if not os.path.exists(os.path.join(util.NET_AGENT_CONF_DIR, request.filter_name + '.xml')):
try:
AclManager.generate_acl_rules_file(request.filter_type,
request.filter_name,
request.in_default_action,
request.out_default_action,
request.acl_rules)
errno = ErrNo_pb2.SYS_OK
except:
logging.critical(traceback.format_exc())
logging.error("AddAclFile: generate acl_rules file failed")
else:
logging.error("AddAclFile: acl_rules file already exist")
return AclManager_pb2.AclFileAddReply(errno=errno)
def QueryAclFile(self, request, context):
errno = ErrNo_pb2.SYS_FAIL
try:
filter_name = AclManager.get_filter_name(request.filter_name)
filter_type = AclManager.get_filter_type(request.filter_name)
in_default_action = AclManager.get_in_default_action(request.filter_name)
out_default_action = AclManager.get_out_default_action(request.filter_name)
filter_rules = AclManager.get_filter_rules(request.filter_name)
errno = ErrNo_pb2.SYS_OK
except:
logging.critical(traceback.format_exc())
logging.error("%s QueryAclFile failed" % request.filter_name)
return AclManager_pb2.AclFileQueryReply(acl_rules=filter_rules,
filter_name=filter_name,
filter_type=filter_type,
in_default_action=in_default_action,
out_default_action=out_default_action,
errno=errno)
def destroy_default_acl_file(cls):
response = cls.acl_stub.DelAclFile(
AclManager_pb2.AclFileDelRequest(filter_name=cls.filter_name))
if response == ErrNo_pb2.SYS_FAIL:
raise net_agentd_exception.NetAgentException(
"del default acl file failed")