def test_AddAclFile_DelAclFile(self): rules = [] acl_rule0 = AclManager_pb2.AclRule() acl_rule0.protocol = "ALL" acl_rule0.src_ip = "192.168.25.10" acl_rule0.src_port = "58" acl_rule0.src_mask = "255.255.255.0" acl_rule0.action = "drop" rules.append(acl_rule0) acl_rule1 = AclManager_pb2.AclRule() acl_rule1.protocol = "UDP" acl_rule1.src_ip = "192.168.25.13" acl_rule1.action = "accept" rules.append(acl_rule1) response = self.acl_stub.AddAclFile( AclManager_pb2.AclFileAddRequest( filter_name="acl_test_0", acl_rules=rules, in_default_action="accept", out_default_action="accept", filter_type=AclManager_pb2.FILTER_BY_IP)) assert response.errno == ErrNo_pb2.SYS_OK response = self.acl_stub.AddAclFile( AclManager_pb2.AclFileAddRequest( filter_name="acl_test_0", acl_rules=rules, in_default_action="accept", out_default_action="accept", filter_type=AclManager_pb2.FILTER_BY_IP)) assert response.errno == ErrNo_pb2.SYS_FAIL response = self.acl_stub.DelAclFile( AclManager_pb2.AclFileDelRequest(filter_name="acl_test_0")) assert response.errno == ErrNo_pb2.SYS_OK response = self.acl_stub.AddAclFile( AclManager_pb2.AclFileAddRequest( filter_name="acl_test_0", acl_rules=rules, in_default_action="adf", out_default_action="accept", filter_type=AclManager_pb2.FILTER_BY_IP)) assert response.errno == ErrNo_pb2.SYS_FAIL response = self.acl_stub.AddAclFile( AclManager_pb2.AclFileAddRequest( filter_name="acl_test_0", acl_rules=rules, in_default_action="accept", out_default_action="adf", filter_type=AclManager_pb2.FILTER_BY_IP)) assert response.errno == ErrNo_pb2.SYS_FAIL
def test_ModifyAclFile(self): rules = [] acl_rule1 = AclManager_pb2.AclRule() acl_rule1.protocol = "TCP" acl_rule1.src_ip = "192.168.25.13" acl_rule1.action = "accept" rules.append(acl_rule1) response = self.acl_stub.ModifyAclFile( AclManager_pb2.AclFileModifyRequest( filter_name=self.filter_name, acl_rules=rules, in_default_action="accept", out_default_action="accept", filter_type=AclManager_pb2.FILTER_BY_IP)) assert response.errno == ErrNo_pb2.SYS_OK
def get_filter_rules(filter_name): rules = [] path = os.path.join(util.NET_AGENT_CONF_DIR, filter_name + '.xml') xml_tree = util.ReadXml(path) acl_rules = util.GetXmlElementByXpath(xml_tree, 'acl_rules') for acl_rule in acl_rules: rule = AclManager_pb2.AclRule() for item in acl_rule: if item.tag == "priority": rule.priority = item.text if item.tag == "direction": rule.direction = int(item.text) if item.tag == "protocol": rule.protocol = item.text if item.tag == "src_ip_addr": split = item.text.split('/', 1) rule.src_ip = split[0] if len(split) == 2: rule.src_mask = split[1] if item.tag == "src_port": rule.src_port = item.text if item.tag == "src_mac_addr": split = item.text.split('/', 1) rule.src_mac = split[0] if len(split) == 2: rule.src_mac_mask = split[1] if item.tag == "dst_ip_addr": split = item.text.split('/', 1) rule.dst_ip = split[0] if len(split) == 2: rule.dst_mask = split[1] if item.tag == "dst_port": rule.dst_port = item.text if item.tag == "dst_mac_addr": split = item.text.split('/', 1) rule.dst_mac = split[0] if len(split) == 2: rule.dst_mac_mask = split[1] if item.tag == "actions": rule.action = item.text rules.append(rule) return rules
def create_default_acl_file(cls): rules = [] acl_rule1 = AclManager_pb2.AclRule() acl_rule1.protocol = "UDP" acl_rule1.src_ip = "192.168.25.13" acl_rule1.action = "accept" rules.append(acl_rule1) response = cls.acl_stub.AddAclFile( AclManager_pb2.AclFileAddRequest( filter_name=cls.filter_name, acl_rules=rules, in_default_action="accept", out_default_action="accept", filter_type=AclManager_pb2.FILTER_BY_IP)) if response == ErrNo_pb2.SYS_FAIL: raise net_agentd_exception.NetAgentException( "create default acl file failed")