def _get_instance_and_tenant_id_helper(self, headers, list_ports_retval,
networks=None, router_id=None,
remote_address='192.168.1.1'):
headers['X-Forwarded-For'] = remote_address
req = mock.Mock(headers=headers)
def mock_get_ports(*args, **kwargs):
return list_ports_retval.pop(0)
self.handler.plugin_rpc.get_ports.side_effect = mock_get_ports
instance_id, tenant_id = self.handler._get_instance_and_tenant_id(req)
expected = []
if networks and router_id:
return (instance_id, tenant_id)
if router_id:
expected.append(
mock.call(
mock.ANY,
{'device_id': [router_id],
'device_owner': n_const.ROUTER_INTERFACE_OWNERS}
)
)
remote_ip = netaddr.IPAddress(remote_address)
if remote_ip.is_link_local():
expected.append(
mock.call(
mock.ANY,
{'network_id': networks,
'mac_address': [netutils.get_mac_addr_by_ipv6(remote_ip)]}
)
)
else:
expected.append(
mock.call(
mock.ANY,
{'network_id': networks,
'fixed_ips': {'ip_address': ['192.168.1.1']}}
)
)
self.handler.plugin_rpc.get_ports.assert_has_calls(expected)
return (instance_id, tenant_id)
def _get_instance_and_tenant_id(self, req, skip_cache=False):
forwarded_for = req.headers.get('X-Forwarded-For')
network_id = req.headers.get('X-Neutron-Network-ID')
router_id = req.headers.get('X-Neutron-Router-ID')
# Only one should be given, drop since it could be spoofed
if network_id and router_id:
LOG.debug("Both network and router IDs were specified in proxy "
"request, but only a single one of the two is allowed, "
"dropping")
return None, None
remote_mac = None
remote_ip = netaddr.IPAddress(forwarded_for)
if remote_ip.version == constants.IP_VERSION_6:
if remote_ip.is_ipv4_mapped():
# When haproxy listens on v4 AND v6 then it inserts ipv4
# addresses as ipv4-mapped v6 addresses into X-Forwarded-For.
forwarded_for = str(remote_ip.ipv4())
if remote_ip.is_link_local():
# When haproxy sees an ipv6 link-local client address
# (and sends that to us in X-Forwarded-For) we must rely
# on the EUI encoded in it, because that's all we can
# recognize.
remote_mac = str(netutils.get_mac_addr_by_ipv6(remote_ip))
ports = self._get_ports(forwarded_for,
network_id,
router_id,
skip_cache=skip_cache,
remote_mac=remote_mac)
LOG.debug(
"Gotten ports for remote_address %(remote_address)s, "
"network_id %(network_id)s, router_id %(router_id)s are: "
"%(ports)s", {
"remote_address": forwarded_for,
"network_id": network_id,
"router_id": router_id,
"ports": ports
})
if len(ports) == 1:
return ports[0]['device_id'], ports[0]['tenant_id']
return None, None
def test_universal(self):
self.assertEqual(
netaddr.EUI('00:00:00:00:00:00'),
netutils.get_mac_addr_by_ipv6(
netaddr.IPAddress('fe80::200:ff:fe00:0')),
)
def test_random_qemu_mac(self):
self.assertEqual(
netaddr.EUI('52:54:00:42:02:19'),
netutils.get_mac_addr_by_ipv6(
netaddr.IPAddress('fe80::5054:ff:fe42:219')),
)
def test_reverse_generate_IPv6_by_EUI64(self):
self.assertEqual(
netaddr.EUI('00:16:3e:33:44:55'),
netutils.get_mac_addr_by_ipv6(
netaddr.IPAddress('2001:db8::216:3eff:fe33:4455')),
)
