def test_arp_protection_removal(self): self._add_arp_protection(self.source, ['1.1.1.1']) self._add_arp_protection(self.destination, ['2.2.2.2']) no_arping(self.observer.namespace, self.destination.ip) no_arping(self.observer.namespace, self.source.ip) name = net_helpers.VethFixture.get_peer_name(self.source.port.name) arp_protect.delete_arp_spoofing_protection([name]) # spoofing should have been removed from source, but not dest arping(self.observer.namespace, self.source.ip) no_arping(self.observer.namespace, self.destination.ip)
def test_delete_arp_spoofing(self): # Note(cfb): We don't call this with contextlib.nested() because # arp_protect.delete_arp_spoofing_protection() has a decorator # which is a non-nested context manager and they don't play nice # together with mock at all. ebtables_p = mock.patch.object(arp_protect, 'ebtables') ebtables = ebtables_p.start() arp_protect.delete_arp_spoofing_protection( [self.VIF], current_rules=self.EBTABLES_LOADED_SAMPLE) expected = [ mock.call(['-D', 'FORWARD', '-i', self.VIF, '-j', self.CHAIN_NAME, '-p', 'ARP']), mock.call(['-X', self.CHAIN_NAME]), ] ebtables.assert_has_calls(expected)
def treat_devices_removed(self, devices): resync = False self.sg_agent.remove_devices_filter(devices) for device in devices: LOG.info(_LI("Attachment %s removed"), device) details = None try: details = self.plugin_rpc.update_device_down(self.context, device, self.agent_id, cfg.CONF.host) except Exception as e: LOG.debug("port_removed failed for %(device)s: %(e)s", {'device': device, 'e': e}) resync = True if details and details['exists']: LOG.info(_LI("Port %s updated."), device) else: LOG.debug("Device %s not defined on plugin", device) if self.prevent_arp_spoofing: arp_protect.delete_arp_spoofing_protection(devices) return resync