def __resync():
_db = __get_db_objs()
_entries = __get_acl_entries( __table_in.extract_id()) + \
__get_acl_entries( __table_out.extract_id())
_m = {}
for _i in _entries:
print(_i)
_o = cps_object.CPSObject(obj=_i)
_acl = _o.get_attr_data('base-acl/entry/id')
_table = _o.get_attr_data('base-acl/entry/table-id')
__mark_dirty(_o.get())
_m[(_table, _acl)] = _i
for _i in _db:
_entry = cps_object.CPSObject(obj=__acl_cfg_to_acl_entry(_i, True))
if _entry is None:
print(
'Error creating ACL entries. Consult the logs for more details.'
)
_table = _entry.get_attr_data('base-acl/table/id')
_entry = _entry.get_attr_data('base-acl/entry/id')
_i['operation'] = 'set'
cps.db_commit(_i, None, True)
if (_table, _entry) in _m:
del _m[(_table, _entry)]
for (table, entry) in _m.keys():
nas_acl.delete_entry(table, entry)
def __sync_file_to_db(filename):
__objs = __load_file(filename)
_objs = __array_to_map(__objs)
_db = __get_db_objs()
_db_map = {}
for _i in _db:
_o = cps_object.CPSObject(obj=_i)
_name = _o.get_attr_data('name')
_rule = _o.get_attr_data('rule')
if _name in _objs:
if _rule == _objs[_name].get_attr_data('rule'):
#print(_objs[_name].get(), "And ", _i, "Are the same")
_db_map[_name] = _i
continue
#print('Entries are different ' , _i,_objs[_name].get())
#print('Existing DB entry targeted to be removed ' , _i)
__mark_dirty(_i)
for _i in _db:
#_entry = __find_entry(_i)
if __is_dirty(_i):
_i['operation'] = 'delete'
cps.db_commit(_i, None, True)
for _i in __objs:
_i['operation'] = 'create'
_o = cps_object.CPSObject(obj=_i)
_name = _o.get_attr_data('name')
if _name in _db_map:
continue
cps.db_commit(_i, None, True)
def gen_cps_obj_status():
if check_fault_state() == False:
return
cur_status = get_status_call()
_obj = cps_object.CPSObject(module=STATUS_KEY, qual='observed')
_obj.add_attr('status', cur_status)
_obj.add_attr('node-id',get_node_id())
for i in range(len(sensor_list)):
_retDict = sys_status.get_sensor(sensor_list[i])
if _retDict != None:
_obj.add_embed_attr(['sensor', str(i), 'name'], sensor_map[sensor_list[i]])
_obj.add_embed_attr(['sensor', str(i), 'value-type'], 2)
if _retDict['fault-state'] != None:
_obj.add_embed_attr(['sensor', str(i), 'fault-state'], _retDict['fault-state'])
if _retDict['value'] != None:
_obj.add_embed_attr(['sensor', str(i), 'value'], str(round(_retDict['value'], 2)))
if _retDict['threshold'] != None:
_obj.add_embed_attr(['sensor', str(i), 'threshold'], str(round(_retDict['threshold'],2)))
if _retDict['description'] != None:
_obj.add_embed_attr(['sensor', str(i), 'description'],_retDict['description'])
obj = _obj.get()
obj['operation'] = 'set'
# publish to db
ev.logging('SYS_STAT', ev.DEBUG, '', 'system_status_db.py', '', 0, 'Overall system status is %d' % cur_status)
global overall_status
if overall_status != cur_status:
ev.logging('SYS_STAT', ev.DEBUG, '', 'system_status_db.py', '', 0, 'Overall system status change detected: %d to %d' % (overall_status, cur_status))
overall_status = cur_status
cps.db_commit(obj, None, True)
else:
cps.db_commit(obj, None, False)
def cps_gen_ut_data( amount, persist=False):
_keys = [ 'base-ip/ipv6','base-ip/ipv6/address',
'base-ip/ipv4','base-ip/ipv4/address' ]
_qual = [ 'target', 'observed' ]
_attrs={'base-ip/ipv6/vrf-id': 1, 'base-ip/ipv6/ifindex':0 }
l=[]
for _k in _keys :
for _q in _qual:
for i in range(0,amount):
l.append(_gen_cps_obj(_q, _k,_attrs,random_ifindex))
if persist==True:
for _o in l:
_o['operation'] = 'create'
cps.db_commit(_o,None,False)
return l
def commit_obj(op, data):
log_funcname = sys._getframe().f_code.co_name
ch = {'change': {}, 'prev': {}}
ch['change'] = data
ch['change']['operation'] = op
if cps.db_commit(ch['change'], ch['prev'], True):
log_msg(
3, " Transaction Failure with operation %s for data %s" %
(str(op), str(data)), log_funcname,
sys._getframe().f_lineno)
else:
log_msg(
6, " Transaction Success with operation %s for data %s " %
(str(op), str(data)), log_funcname,
sys._getframe().f_lineno)
return True
return False
def __acl_cfg_to_acl_entry(obj, create_if_not_there=False):
obj = cps_object.CPSObject(obj=obj)
_name = obj.get_attr_data('name')
_rule = obj.get_attr_data('rule')
try:
_entry_id = obj.get_attr_data('base-acl/entry/id')
_table_id = obj.get_attr_data('base-acl/table/id')
_lst = __get_acl_entries(_table_id, _entry_id)
if _lst:
return obj.get()
print('Invalid ACL entry details - %d and %d' % (_table_id, _entry_id))
except:
print('Not created yet...')
_entry_id = None
_table_id = None
l = _rule.strip().split(' ')
_parser = argparse.ArgumentParser('Process ACL rules')
_parser.add_argument('-prio',
'--priority',
help='The rule priority',
action='store',
required=False)
_parser.add_argument('-i',
'--in-interface',
help='The incoming interface name',
action='append',
required=False)
_parser.add_argument(
'-o',
'--out-interface',
help=
'The outgoing interface name (same as the -i option) at this point',
action='append',
required=False)
_parser.add_argument(
'-j',
'--jump',
help='The action assocaiated with the rule ACCEPT or DROP',
choices=['DROP', 'ACCEPT', 'ACCEPT-TRAP', 'TRAP'],
action='store',
required=True)
_parser.add_argument(
'-I',
'-A',
help=
'The INPUT or OUTPUT chain which maps to the INGRESS or EGRESS tables',
choices=['INPUT', 'OUTPUT'],
required=True)
_parser.add_argument('-p',
'--protocol',
help='The IP protocol type (TCP/UDP/ICMP)',
action='store')
_parser.add_argument('-d',
'--destination',
help='Specify the destination IPv4/IPv6 address',
action='store')
_parser.add_argument('--dport',
help='Specify the destination port number',
action='store')
_parser.add_argument('--sport',
help='Specify the source port number',
action='store')
_parser.add_argument('-s',
'--source',
help='Specify the source IPv4/IPv6 address',
action='store')
_parser.add_argument('--mac-source',
help='The source MAC address',
action='store')
_parser.add_argument('--mac-destination',
help='The destination MAC address',
action='store')
_parser.add_argument(
'-m',
help='Module loading (depreciated at this point but ignored)',
action='store')
_args = vars(_parser.parse_args(l))
print "***"
print _args
if 'A' in _args:
_args['I'] = _args['A']
_table = None
if 'I' in _args:
if _args['I'] == 'INPUT':
_table = __table_in
else:
_table = __table_out
if _table is None:
print('Invalid table specified.')
raise Exception('Failed to create table - no table specified (in/out)')
_filters = {}
if _args['source'] != None:
if '.' in _args['source']:
_addrs = _args['source'].split('/')
_mask = '255.255.255.255'
if len(_addrs) == 1:
_addrs.append(_mask)
_filters['SRC_IP'] = {'addr': _addrs[0], 'mask': _addrs[1]}
if _args['destination'] != None:
if '.' in _args['destination']:
_addrs = _args['destination'].split('/')
_mask = '255.255.255.255'
if len(_addrs) == 1:
_addrs.append(_mask)
_filters['DST_IP'] = {'addr': _addrs[0], 'mask': _addrs[1]}
if _args['mac_source'] != None:
_addrs = _args['mac_source'].split('/')
_mask = 'ff:ff:ff:ff:ff:ff'
if len(_addrs) == 1:
_addrs.append(_mask)
_filters['SRC_MAC'] = {'addr': _addrs[0], 'mask': _addrs[1]}
if _args['mac_destination'] != None:
_addrs = _args['mac_destination'].split('/')
_mask = 'ff:ff:ff:ff:ff:ff'
if len(_addrs) == 1:
_addrs.append(_mask)
_filters['DST_MAC'] = {'addr': _addrs[0], 'mask': _addrs[1]}
if _args['sport'] != None:
_filters['L4_SRC_PORT'] = _args['sport']
if _args['dport'] != None:
_filters['L4_DST_PORT'] = _args['dport']
_actions = {}
if _args['jump'] != None and _args['jump'] == 'DROP':
_actions['PACKET_ACTION'] = 'DROP'
if _args['jump'] != None and _args['jump'] == 'ACCEPT':
_actions['PACKET_ACTION'] = 'FORWARD'
if _args['jump'] != None and _args['jump'] == 'ACCEPT-TRAP':
_actions['PACKET_ACTION'] = 'COPY_TO_CPU_AND_FORWARD'
if _args['jump'] != None and _args['jump'] == 'TRAP':
_actions['PACKET_ACTION'] = 'COPY_TO_CPU'
_prio = None
if _args['priority']:
_prio = int(_args['priority'])
else:
_prio = _default_entry_prio
print('Attempting to local ACL entry')
_entry = nas_acl.find_entry(table_id=_table.extract_id(),priority=_prio,\
filter_map=_filters,action_map=_actions)
if _entry != None:
_obj = cps_object.CPSObject(obj=_entry.data())
#_entry_id = _obj.get_attr_data('base-acl/entry/id')
#_table_id = _obj.get_attr_data('base-acl/table/id')
obj.add_attr('base-acl/entry/id',
_obj.get_attr_data('base-acl/entry/id'))
obj.add_attr('base-acl/table/id', _table.extract_id())
_obj = obj.get()
_obj['operation'] = 'set'
cps.db_commit(_obj, None, True)
return _obj
if _entry is None and create_if_not_there:
_entry_id = None
try:
_entry_id = nas_acl.create_entry(table_id=_table.extract_id(),
prio=_prio,
filter_map=_filters,
action_map=_actions)
obj.add_attr('base-acl/entry/id', _entry_id)
obj.add_attr('base-acl/table/id', _table.extract_id())
_obj = obj.get()
_obj['operation'] = 'set'
cps.db_commit(_obj, None, True)
return _obj
except Exception as err:
print(err)
print('Failed to create acl entry')
return None
return None