def test_arp_protection_dead_reference_removal(self): self._add_arp_protection(self.source, ['1.1.1.1']) self._add_arp_protection(self.destination, ['2.2.2.2']) no_arping(self.observer.namespace, self.destination.ip) no_arping(self.observer.namespace, self.source.ip) name = net_helpers.VethFixture.get_peer_name(self.source.port.name) # This should remove all arp protect rules that aren't source port arp_protect.delete_unreferenced_arp_protection([name]) no_arping(self.observer.namespace, self.source.ip) arping(self.observer.namespace, self.destination.ip)
def test_delete_unreferenced_arp(self): with contextlib.nested( mock.patch.object( arp_protect, 'ebtables', return_value='\n'.join(self.EBTABLES_LOADED_SAMPLE)), mock.patch.object(arp_protect, 'delete_arp_spoofing_protection'), ) as (ebtables_fn, delete_fn): arp_protect.delete_unreferenced_arp_protection([]) delete_fn.assert_called_once_with([self.VIF], self.EBTABLES_LOADED_SAMPLE)
def scan_devices(self, previous, sync): device_info = {} # Save and reinitialise the set variable that the port_update RPC uses. # This should be thread-safe as the greenthread should not yield # between these two statements. updated_devices = self.updated_devices self.updated_devices = set() current_devices = self.br_mgr.get_tap_devices() device_info['current'] = current_devices if previous is None: # This is the first iteration of daemon_loop(). previous = { 'added': set(), 'current': set(), 'updated': set(), 'removed': set() } # clear any orphaned ARP spoofing rules (e.g. interface was # manually deleted) if self.prevent_arp_spoofing: arp_protect.delete_unreferenced_arp_protection(current_devices) if sync: # This is the first iteration, or the previous one had a problem. # Re-add all existing devices. device_info['added'] = current_devices # Retry cleaning devices that may not have been cleaned properly. # And clean any that disappeared since the previous iteration. device_info['removed'] = (previous['removed'] | previous['current'] - current_devices) # Retry updating devices that may not have been updated properly. # And any that were updated since the previous iteration. # Only update devices that currently exist. device_info['updated'] = (previous['updated'] | updated_devices & current_devices) else: device_info['added'] = current_devices - previous['current'] device_info['removed'] = previous['current'] - current_devices device_info['updated'] = updated_devices & current_devices return device_info
def scan_devices(self, previous, sync): device_info = {} # Save and reinitialise the set variable that the port_update RPC uses. # This should be thread-safe as the greenthread should not yield # between these two statements. updated_devices = self.updated_devices self.updated_devices = set() current_devices = self.br_mgr.get_tap_devices() device_info['current'] = current_devices if previous is None: # This is the first iteration of daemon_loop(). previous = {'added': set(), 'current': set(), 'updated': set(), 'removed': set()} # clear any orphaned ARP spoofing rules (e.g. interface was # manually deleted) if self.prevent_arp_spoofing: arp_protect.delete_unreferenced_arp_protection(current_devices) if sync: # This is the first iteration, or the previous one had a problem. # Re-add all existing devices. device_info['added'] = current_devices # Retry cleaning devices that may not have been cleaned properly. # And clean any that disappeared since the previous iteration. device_info['removed'] = (previous['removed'] | previous['current'] - current_devices) # Retry updating devices that may not have been updated properly. # And any that were updated since the previous iteration. # Only update devices that currently exist. device_info['updated'] = (previous['updated'] | updated_devices & current_devices) else: device_info['added'] = current_devices - previous['current'] device_info['removed'] = previous['current'] - current_devices device_info['updated'] = updated_devices & current_devices return device_info