def acl_ut_entry_delete_rollback(table_id, entry_id, counter_id): global total, passed total.append(sys._getframe().f_code.co_name) # Transaction with multiple updates upd = [] # Delete entry e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id) upd.append(('delete', e.data())) # Delete counter e = nas_acl.CounterCPSObj(table_id=table_id, counter_id=counter_id) upd.append(('delete', e.data())) # Delete table e = nas_acl.TableCPSObj(table_id=table_id) upd.append(('delete', e.data())) # Delete entry again - should fail e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id) upd.append(('delete', e.data())) print upd r = cps_utils.CPSTransaction(upd).commit() if r == False: print "Error deleting entry twice (Expected) - Should have rolled back to create table, counter and entry again" raw_input( "Check table and entry is Roll back recreated and Press Enter to continue...") passed.append(sys._getframe().f_code.co_name) else: print "#### Failed - Deleting twice did not give error"
def acl_ut_entry_incr_rollback(table_id, entry_id): global total, passed total.append(sys._getframe().f_code.co_name) # Transaction with multiple updates upd = [] # Modify inports e = nas_acl.EntryCPSObj( table_id=table_id, entry_id=entry_id, filter_type='IN_PORTS') e.set_filter_val([a_utl.get_if_name(4), a_utl.get_if_name(8)]) upd.append(('set', e.data())) # Delete Counter action e = nas_acl.EntryCPSObj( table_id=table_id, entry_id=entry_id, action_type='SET_COUNTER') upd.append(('delete', e.data())) # Modify mirror action e = nas_acl.EntryCPSObj( table_id=table_id, entry_id=entry_id, action_type='MIRROR_INGRESS') e.set_action_val( [{'index': mirror_id_2, 'data': mir_opq_2}, {'index': mirror_id_1, 'data': mir_opq_1}]) upd.append(('set', e.data())) # Delete Meter e = nas_acl.EntryCPSObj( table_id=table_id, entry_id=entry_id, action_type='SET_POLICER') upd.append(('delete', e.data())) # Introduce error - Add IN_PORT filter even though IN_PORTS is already # present e = nas_acl.EntryCPSObj( table_id=table_id, entry_id=entry_id, filter_type='IN_PORT') e.set_filter_val(a_utl.get_if_name(1)) upd.append(('create', e.data())) print upd r = cps_utils.CPSTransaction(upd).commit() if r == False: print "Error adding inport filter (Expected) - Should have rolled back previous updates in transaction" raw_input("Check entry is Rolled back and Press Enter to continue...") passed.append(sys._getframe().f_code.co_name) else: print "#### Failed - Adding Inport filter did not give error"
def apply_entry_cfg(master_etree_entry, etree_entry, table_id, prio, table_name): entry_name = etree_entry.attrib['tag'] dbg_print("Creating entry ", entry_name, " in table_name = ", table_name) dbg_print(" ... table_id = ", table_id, "prio = ", prio) e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_name, priority=int(prio)) for match in etree_entry.findall('match'): elem_type, elem_val = get_entry_elem(match) e.add_match_filter(filter_type=elem_type, filter_val=elem_val) for action in etree_entry.findall('action'): elem_type, elem_val = get_entry_elem(action) e.add_action(action_type=elem_type, action_val=elem_val) if 'cpu-q' in master_etree_entry.attrib: cpu_q = master_etree_entry.attrib['cpu-q'] qid, q_opq = get_cpu_q(cpu_q) dbg_print("cpu q num = " + str(cpu_q)) dbg_print("nas cpu q id = " + str(qid)) dbg_print("q opq data = " + str(binascii.hexlify(q_opq))) e.add_action(action_type='SET_CPU_QUEUE', action_val={ 'index': qid, 'data': q_opq }) if 'action' in master_etree_entry.attrib: e.add_action(action_type='PACKET_ACTION', action_val=master_etree_entry.attrib['action']) try: counter_id = counter_create(table_id, types=['PACKET']) except: raise RuntimeError("ACL INIT - Counter creation failed for " + entry_name + " in table: " + table_name) e.add_action(action_type='SET_COUNTER', action_val=counter_id) dbg_print(e.data()) cps_upd = ('create', e.data()) ret = cps_utils.CPSTransaction([cps_upd]).commit() if ret == False: raise RuntimeError("ACL INIT - Entry creation failed: " + entry_name + " in table: " + table_name) e = nas_acl.EntryCPSObj(cps_data=ret[0]) entry_id = e.extract_id() print("Created Entry " + entry_name + "-" + str(entry_id)) return entry_id
def __get_acl_entries(table_id=None, entry_id=None): e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id) r = [] if not cps.get([e.data()], r): print 'Failed to get acl entries' + str(entry_id) return [] return r
def acl_ut_entry_modify1(table_id, entry_id): global total, passed total.append(sys._getframe().f_code.co_name) e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id) filters = { 'DST_IP': '56.0.0.1', 'IPV6_FLOW_LABEL': {'data': '34456', 'mask': '0xff'}, 'TCP_FLAGS': {'data': '0x17', 'mask': '0x3f'}, 'ECN': {'data': '0x2', 'mask': '0x2'}, 'IP_TYPE': 'IP', 'IN_PORTS': [a_utl.get_if_name(3)], } actions = { 'SET_DST_MAC': '01:00:79:08:78:BC', 'MIRROR_INGRESS': {'index': mirror_id_1, 'data': mir_opq_1}, } try: nas_acl.replace_entry_filter_list( table_id=table_id, entry_id=entry_id, filter_map=filters) nas_acl.replace_entry_action_list( table_id=table_id, entry_id=entry_id, action_map=actions) except RuntimeError: print (sys._getframe().f_code.co_name + " - Error Modifying Entry") return None print (sys._getframe().f_code.co_name + " - Modified Entry " + str(entry_id)) raw_input( "Check entry is modified (Del SRCIP,SRCMAC,Redirect port. Changed IPv6Flowlabel mask,IN PORTS,Packet Action. Add DSTIP, DST-MAC action. Press Enter to continue...") passed.append(sys._getframe().f_code.co_name) return entry_id
def acl_ut_entry_modify_rollback(table_id, entry_id): global total, passed total.append(sys._getframe().f_code.co_name) e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id) e.add_match_filter( filter_type='ECN', filter_val={ 'data': '0x3', 'mask': '0x3'}) e.add_match_filter(filter_type='IP_TYPE', filter_val='IPV6ANY') e.add_match_filter( filter_type='IN_PORTS', filter_val=[a_utl.get_if_name(1), a_utl.get_if_name(5)]) e.add_action(action_type='SET_DST_MAC', action_val='01:00:79:08:78:BC') e.add_action( action_type='REDIRECT_PORT', action_val=a_utl.get_if_name(6)) upd = [] upd.append(('set', e.data())) e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id) e.add_match_filter( filter_type='IN_PORTS', filter_val=[a_utl.get_if_name(1), a_utl.get_if_name(5)]) e.add_match_filter( filter_type='IN_PORT', filter_val=a_utl.get_if_name(1)) upd.append(('set', e.data())) r = cps_utils.CPSTransaction(upd).commit() if r: print (sys._getframe().f_code.co_name + " - NO Error Modifying Entry") return None print (sys._getframe().f_code.co_name + " - Rolled back Entry " + str(entry_id)) raw_input("Check entry is reverted back. Press Enter to continue...") passed.append(sys._getframe().f_code.co_name) return entry_id
def test_check_entry(): ret_tlist = [] tid = 1 eid = "ospfv3-all-dr" filt = nas_acl.TableCPSObj(table_id=tid) if not cps.get([filt.data()], ret_tlist): print "Error in Table Get" exit() print "" print "Finding Entry in Table " filt = nas_acl.EntryCPSObj(table_id=tid, entry_id=eid) ret_elist = [] if not cps.get([filt.data()], ret_elist): print "Error in Entry Get" for entry in ret_elist: e = nas_acl.EntryCPSObj(cps_data=entry) cps_data = e.data() print "The Entry ID is:" + str(e.extract_attr(cps_data, 'id')) assert e.extract_attr(cps_data, 'match/IP_PROTOCOL_VALUE/data') == 89
def _add_filter(ports, udp_port, prio, entry_name, exclude=None): '''Add a filter for a port which drops the packet to CPU so that the DHCP agent can work on it''' ifaces = [] for port in ports: if exclude is not None and ifaces != exclude: ifaces.append(nas_os_utils.if_nametoindex(port)) entry = nas_acl.EntryCPSObj(table_id=TBL_ID, entry_id=entry_name, priority=prio) entry.add_match_filter(filter_type="IP_PROTOCOL", filter_val=UDP) entry.add_match_filter(filter_type="L4_DST_PORT", filter_val=udp_port) entry.add_match_filter(filter_type="IN_PORTS", filter_val=ifaces) entry.add_action(action_type="PACKET_ACTION", action_val="TRAP_TO_CPU") cps_upd = ({'operation': 'create', 'change': entry.data()}) return cps.transaction([cps_upd])
eid = None ret_tlist = [] if len(sys.argv) > 1: tid = sys.argv[1] if len(sys.argv) > 2: eid = sys.argv[2] filt = nas_acl.TableCPSObj(table_id=tid) if not cps.get([filt.data()], ret_tlist): print "Error in Table Get" exit() for table in ret_tlist: t = nas_acl.TableCPSObj(cps_data=table) print "" print "TABLE " t.print_obj() print "" print "Entries in Table " filt = nas_acl.EntryCPSObj(table_id=t.extract_id(), entry_id=eid) ret_elist = [] if not cps.get([filt.data()], ret_elist): print "Error in Entry Get" continue for entry in ret_elist: e = nas_acl.EntryCPSObj(cps_data=entry) e.print_obj()
def acl_ut_entry_incr_modify(table_id, entry_id): global total, passed total.append(sys._getframe().f_code.co_name) # Transaction with multiple updates upd = [] # First add DSCP filter e = nas_acl.EntryCPSObj( table_id=table_id, entry_id=entry_id, filter_type='DSCP') e.set_filter_val({'data': '0x37'}) upd.append(('create', e.data())) # Modify counter - use another counter object new_counter_id = acl_ut_counter_create(table_id, ['BYTE']) e = nas_acl.EntryCPSObj( table_id=table_id, entry_id=entry_id, action_type='SET_COUNTER') e.set_action_val(new_counter_id) upd.append(('set', e.data())) # Delete IP Type filter e = nas_acl.EntryCPSObj( table_id=table_id, entry_id=entry_id, filter_type='IP_TYPE') upd.append(('delete', e.data())) # Add mirror action e = nas_acl.EntryCPSObj( table_id=table_id, entry_id=entry_id, action_type='MIRROR_INGRESS') e.set_action_val( [{'index': mirror_id_1, 'data': mir_opq_1}, {'index': mirror_id_2, 'data': mir_opq_2}]) upd.append(('create', e.data())) # Change meter try: new_meter_id, meter_opaque = a_utl.qos_meter_create( m_type='BYTE', pir=40000, cir=35000, cbs=85000, pbs=95000) except: print "Meter install Failed" return e = nas_acl.EntryCPSObj( table_id=table_id, entry_id=entry_id, action_type='SET_POLICER') e.set_action_val({'index': new_meter_id, 'data': meter_opaque}) upd.append(('set', e.data())) print upd r = cps_utils.CPSTransaction(upd).commit() if r == False: print sys._getframe().f_code.co_name + " - Error modifying Entry" return None global meter_id a_utl.qos_meter_delete(meter_id) meter_id = new_meter_id raw_input( "Check entry is modified (New DSCP, Changed Policer,Counter and Removed IPType - Press Enter to continue...") passed.append(sys._getframe().f_code.co_name) return new_counter_id
def acl_ut_entry_modify2(table_id, entry_id, counter_id): global total, passed total.append(sys._getframe().f_code.co_name) # Using the internal CPS Obj instead of the convenience wrapper e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id) e.add_match_filter( filter_type='SRC_IP', filter_val={ 'addr': '23.0.0.1', 'mask': '255.0.0.255'}) e.add_match_filter( filter_type='SRC_MAC', filter_val={'addr': '01:80:c2:00:00:05'}) e.add_match_filter( filter_type='IPV6_FLOW_LABEL', filter_val={'data': '34456'}) e.add_match_filter( filter_type='TCP_FLAGS', filter_val={ 'data': '0x17', 'mask': '0x3f'}) e.add_match_filter( filter_type='ECN', filter_val={ 'data': '0x2', 'mask': '0x2'}) e.add_match_filter(filter_type='IP_TYPE', filter_val='IP') e.add_match_filter( filter_type='IN_PORTS', filter_val=a_utl.get_if_name(2)) e.add_action(action_type='SET_SRC_MAC', action_val='01:00:79:08:78:BC') e.add_action(action_type='PACKET_ACTION', action_val='COPY_TO_CPU') e.add_action( action_type='REDIRECT_PORT', action_val=a_utl.get_if_name(4)) if (counter_id): e.add_action(action_type='SET_COUNTER', action_val=counter_id) global meter_id meter_opaque = a_utl.qos_meter_get_opaque_data(meter_id) if meter_opaque is None: return e.add_action(action_type='SET_POLICER', action_val={'index': meter_id, 'data': meter_opaque}) print e.data() upd = ('set', e.data()) r = cps_utils.CPSTransaction([upd]).commit() if r == False: print (sys._getframe().f_code.co_name + " - Error modifying Entry") return None e = nas_acl.EntryCPSObj(cps_data=r[0]) entry_id = e.extract_id() print (sys._getframe().f_code.co_name + " - Modified Entry " + str(entry_id)) raw_input( "Check entry is modified (Add SRCIP,SRCMAC,Redirect port. Changed IPv6Flowlabel mask,IN PORTS,Packet Action. Del DSTIP, DST-MAC action. Press Enter to continue...") passed.append(sys._getframe().f_code.co_name) return entry_id
return True tid = None eid = None out_entry = [] out_table = [] out_counter = [] if len(sys.argv) > 1: tid = sys.argv[1] if len(sys.argv) > 2: eid = sys.argv[2] if eid is None: filt = nas_acl.EntryCPSObj(table_id=tid) if cps.get([filt.data()], out_entry): for e_cps in out_entry: e = nas_acl.EntryCPSObj(cps_data=e_cps) eid = e.extract_id() print "Deleting entry ", eid, "in table ", e.extract('table-id') e1 = nas_acl.EntryCPSObj(e.extract('table-id'), eid) cps_delete(e1) else: print "No entries in table" filt = nas_acl.CounterCPSObj(table_id=tid) if cps.get([filt.data()], out_counter): for e_cps in out_counter: e = nas_acl.CounterCPSObj(cps_data=e_cps) eid = e.extract_id()