def acl_ut_entry_delete_rollback(table_id, entry_id, counter_id):
global total, passed
total.append(sys._getframe().f_code.co_name)
# Transaction with multiple updates
upd = []
# Delete entry
e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id)
upd.append(('delete', e.data()))
# Delete counter
e = nas_acl.CounterCPSObj(table_id=table_id, counter_id=counter_id)
upd.append(('delete', e.data()))
# Delete table
e = nas_acl.TableCPSObj(table_id=table_id)
upd.append(('delete', e.data()))
# Delete entry again - should fail
e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id)
upd.append(('delete', e.data()))
print upd
r = cps_utils.CPSTransaction(upd).commit()
if r == False:
print "Error deleting entry twice (Expected) - Should have rolled back to create table, counter and entry again"
raw_input(
"Check table and entry is Roll back recreated and Press Enter to continue...")
passed.append(sys._getframe().f_code.co_name)
else:
print "#### Failed - Deleting twice did not give error"
def acl_ut_entry_incr_rollback(table_id, entry_id):
global total, passed
total.append(sys._getframe().f_code.co_name)
# Transaction with multiple updates
upd = []
# Modify inports
e = nas_acl.EntryCPSObj(
table_id=table_id,
entry_id=entry_id,
filter_type='IN_PORTS')
e.set_filter_val([a_utl.get_if_name(4), a_utl.get_if_name(8)])
upd.append(('set', e.data()))
# Delete Counter action
e = nas_acl.EntryCPSObj(
table_id=table_id,
entry_id=entry_id,
action_type='SET_COUNTER')
upd.append(('delete', e.data()))
# Modify mirror action
e = nas_acl.EntryCPSObj(
table_id=table_id,
entry_id=entry_id,
action_type='MIRROR_INGRESS')
e.set_action_val(
[{'index': mirror_id_2,
'data': mir_opq_2},
{'index': mirror_id_1,
'data': mir_opq_1}])
upd.append(('set', e.data()))
# Delete Meter
e = nas_acl.EntryCPSObj(
table_id=table_id,
entry_id=entry_id,
action_type='SET_POLICER')
upd.append(('delete', e.data()))
# Introduce error - Add IN_PORT filter even though IN_PORTS is already
# present
e = nas_acl.EntryCPSObj(
table_id=table_id,
entry_id=entry_id,
filter_type='IN_PORT')
e.set_filter_val(a_utl.get_if_name(1))
upd.append(('create', e.data()))
print upd
r = cps_utils.CPSTransaction(upd).commit()
if r == False:
print "Error adding inport filter (Expected) - Should have rolled back previous updates in transaction"
raw_input("Check entry is Rolled back and Press Enter to continue...")
passed.append(sys._getframe().f_code.co_name)
else:
print "#### Failed - Adding Inport filter did not give error"
def apply_entry_cfg(master_etree_entry, etree_entry, table_id, prio,
table_name):
entry_name = etree_entry.attrib['tag']
dbg_print("Creating entry ", entry_name, " in table_name = ", table_name)
dbg_print(" ... table_id = ", table_id, "prio = ", prio)
e = nas_acl.EntryCPSObj(table_id=table_id,
entry_id=entry_name,
priority=int(prio))
for match in etree_entry.findall('match'):
elem_type, elem_val = get_entry_elem(match)
e.add_match_filter(filter_type=elem_type, filter_val=elem_val)
for action in etree_entry.findall('action'):
elem_type, elem_val = get_entry_elem(action)
e.add_action(action_type=elem_type, action_val=elem_val)
if 'cpu-q' in master_etree_entry.attrib:
cpu_q = master_etree_entry.attrib['cpu-q']
qid, q_opq = get_cpu_q(cpu_q)
dbg_print("cpu q num = " + str(cpu_q))
dbg_print("nas cpu q id = " + str(qid))
dbg_print("q opq data = " + str(binascii.hexlify(q_opq)))
e.add_action(action_type='SET_CPU_QUEUE',
action_val={
'index': qid,
'data': q_opq
})
if 'action' in master_etree_entry.attrib:
e.add_action(action_type='PACKET_ACTION',
action_val=master_etree_entry.attrib['action'])
try:
counter_id = counter_create(table_id, types=['PACKET'])
except:
raise RuntimeError("ACL INIT - Counter creation failed for " +
entry_name + " in table: " + table_name)
e.add_action(action_type='SET_COUNTER', action_val=counter_id)
dbg_print(e.data())
cps_upd = ('create', e.data())
ret = cps_utils.CPSTransaction([cps_upd]).commit()
if ret == False:
raise RuntimeError("ACL INIT - Entry creation failed: " + entry_name +
" in table: " + table_name)
e = nas_acl.EntryCPSObj(cps_data=ret[0])
entry_id = e.extract_id()
print("Created Entry " + entry_name + "-" + str(entry_id))
return entry_id
def __get_acl_entries(table_id=None, entry_id=None):
e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id)
r = []
if not cps.get([e.data()], r):
print 'Failed to get acl entries' + str(entry_id)
return []
return r
def acl_ut_entry_modify1(table_id, entry_id):
global total, passed
total.append(sys._getframe().f_code.co_name)
e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id)
filters = {
'DST_IP': '56.0.0.1',
'IPV6_FLOW_LABEL': {'data': '34456', 'mask': '0xff'},
'TCP_FLAGS': {'data': '0x17', 'mask': '0x3f'},
'ECN': {'data': '0x2', 'mask': '0x2'},
'IP_TYPE': 'IP',
'IN_PORTS': [a_utl.get_if_name(3)],
}
actions = {
'SET_DST_MAC': '01:00:79:08:78:BC',
'MIRROR_INGRESS': {'index': mirror_id_1, 'data': mir_opq_1},
}
try:
nas_acl.replace_entry_filter_list(
table_id=table_id, entry_id=entry_id,
filter_map=filters)
nas_acl.replace_entry_action_list(
table_id=table_id, entry_id=entry_id,
action_map=actions)
except RuntimeError:
print (sys._getframe().f_code.co_name + " - Error Modifying Entry")
return None
print (sys._getframe().f_code.co_name +
" - Modified Entry " + str(entry_id))
raw_input(
"Check entry is modified (Del SRCIP,SRCMAC,Redirect port. Changed IPv6Flowlabel mask,IN PORTS,Packet Action. Add DSTIP, DST-MAC action. Press Enter to continue...")
passed.append(sys._getframe().f_code.co_name)
return entry_id
def acl_ut_entry_modify_rollback(table_id, entry_id):
global total, passed
total.append(sys._getframe().f_code.co_name)
e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id)
e.add_match_filter(
filter_type='ECN',
filter_val={
'data': '0x3',
'mask': '0x3'})
e.add_match_filter(filter_type='IP_TYPE', filter_val='IPV6ANY')
e.add_match_filter(
filter_type='IN_PORTS',
filter_val=[a_utl.get_if_name(1),
a_utl.get_if_name(5)])
e.add_action(action_type='SET_DST_MAC', action_val='01:00:79:08:78:BC')
e.add_action(
action_type='REDIRECT_PORT',
action_val=a_utl.get_if_name(6))
upd = []
upd.append(('set', e.data()))
e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id)
e.add_match_filter(
filter_type='IN_PORTS',
filter_val=[a_utl.get_if_name(1),
a_utl.get_if_name(5)])
e.add_match_filter(
filter_type='IN_PORT',
filter_val=a_utl.get_if_name(1))
upd.append(('set', e.data()))
r = cps_utils.CPSTransaction(upd).commit()
if r:
print (sys._getframe().f_code.co_name + " - NO Error Modifying Entry")
return None
print (sys._getframe().f_code.co_name +
" - Rolled back Entry " + str(entry_id))
raw_input("Check entry is reverted back. Press Enter to continue...")
passed.append(sys._getframe().f_code.co_name)
return entry_id
def test_check_entry():
ret_tlist = []
tid = 1
eid = "ospfv3-all-dr"
filt = nas_acl.TableCPSObj(table_id=tid)
if not cps.get([filt.data()], ret_tlist):
print "Error in Table Get"
exit()
print ""
print "Finding Entry in Table "
filt = nas_acl.EntryCPSObj(table_id=tid, entry_id=eid)
ret_elist = []
if not cps.get([filt.data()], ret_elist):
print "Error in Entry Get"
for entry in ret_elist:
e = nas_acl.EntryCPSObj(cps_data=entry)
cps_data = e.data()
print "The Entry ID is:" + str(e.extract_attr(cps_data, 'id'))
assert e.extract_attr(cps_data, 'match/IP_PROTOCOL_VALUE/data') == 89
def _add_filter(ports, udp_port, prio, entry_name, exclude=None):
'''Add a filter for a port which drops the packet to CPU so that
the DHCP agent can work on it'''
ifaces = []
for port in ports:
if exclude is not None and ifaces != exclude:
ifaces.append(nas_os_utils.if_nametoindex(port))
entry = nas_acl.EntryCPSObj(table_id=TBL_ID,
entry_id=entry_name,
priority=prio)
entry.add_match_filter(filter_type="IP_PROTOCOL", filter_val=UDP)
entry.add_match_filter(filter_type="L4_DST_PORT", filter_val=udp_port)
entry.add_match_filter(filter_type="IN_PORTS", filter_val=ifaces)
entry.add_action(action_type="PACKET_ACTION", action_val="TRAP_TO_CPU")
cps_upd = ({'operation': 'create', 'change': entry.data()})
return cps.transaction([cps_upd])
eid = None
ret_tlist = []
if len(sys.argv) > 1:
tid = sys.argv[1]
if len(sys.argv) > 2:
eid = sys.argv[2]
filt = nas_acl.TableCPSObj(table_id=tid)
if not cps.get([filt.data()], ret_tlist):
print "Error in Table Get"
exit()
for table in ret_tlist:
t = nas_acl.TableCPSObj(cps_data=table)
print ""
print "TABLE "
t.print_obj()
print ""
print "Entries in Table "
filt = nas_acl.EntryCPSObj(table_id=t.extract_id(), entry_id=eid)
ret_elist = []
if not cps.get([filt.data()], ret_elist):
print "Error in Entry Get"
continue
for entry in ret_elist:
e = nas_acl.EntryCPSObj(cps_data=entry)
e.print_obj()
def acl_ut_entry_incr_modify(table_id, entry_id):
global total, passed
total.append(sys._getframe().f_code.co_name)
# Transaction with multiple updates
upd = []
# First add DSCP filter
e = nas_acl.EntryCPSObj(
table_id=table_id,
entry_id=entry_id,
filter_type='DSCP')
e.set_filter_val({'data': '0x37'})
upd.append(('create', e.data()))
# Modify counter - use another counter object
new_counter_id = acl_ut_counter_create(table_id, ['BYTE'])
e = nas_acl.EntryCPSObj(
table_id=table_id,
entry_id=entry_id,
action_type='SET_COUNTER')
e.set_action_val(new_counter_id)
upd.append(('set', e.data()))
# Delete IP Type filter
e = nas_acl.EntryCPSObj(
table_id=table_id,
entry_id=entry_id,
filter_type='IP_TYPE')
upd.append(('delete', e.data()))
# Add mirror action
e = nas_acl.EntryCPSObj(
table_id=table_id,
entry_id=entry_id,
action_type='MIRROR_INGRESS')
e.set_action_val(
[{'index': mirror_id_1,
'data': mir_opq_1},
{'index': mirror_id_2,
'data': mir_opq_2}])
upd.append(('create', e.data()))
# Change meter
try:
new_meter_id, meter_opaque = a_utl.qos_meter_create(
m_type='BYTE', pir=40000,
cir=35000, cbs=85000, pbs=95000)
except:
print "Meter install Failed"
return
e = nas_acl.EntryCPSObj(
table_id=table_id,
entry_id=entry_id,
action_type='SET_POLICER')
e.set_action_val({'index': new_meter_id, 'data': meter_opaque})
upd.append(('set', e.data()))
print upd
r = cps_utils.CPSTransaction(upd).commit()
if r == False:
print sys._getframe().f_code.co_name + " - Error modifying Entry"
return None
global meter_id
a_utl.qos_meter_delete(meter_id)
meter_id = new_meter_id
raw_input(
"Check entry is modified (New DSCP, Changed Policer,Counter and Removed IPType - Press Enter to continue...")
passed.append(sys._getframe().f_code.co_name)
return new_counter_id
def acl_ut_entry_modify2(table_id, entry_id, counter_id):
global total, passed
total.append(sys._getframe().f_code.co_name)
# Using the internal CPS Obj instead of the convenience wrapper
e = nas_acl.EntryCPSObj(table_id=table_id, entry_id=entry_id)
e.add_match_filter(
filter_type='SRC_IP',
filter_val={
'addr': '23.0.0.1',
'mask': '255.0.0.255'})
e.add_match_filter(
filter_type='SRC_MAC',
filter_val={'addr': '01:80:c2:00:00:05'})
e.add_match_filter(
filter_type='IPV6_FLOW_LABEL',
filter_val={'data': '34456'})
e.add_match_filter(
filter_type='TCP_FLAGS',
filter_val={
'data': '0x17',
'mask': '0x3f'})
e.add_match_filter(
filter_type='ECN',
filter_val={
'data': '0x2',
'mask': '0x2'})
e.add_match_filter(filter_type='IP_TYPE', filter_val='IP')
e.add_match_filter(
filter_type='IN_PORTS',
filter_val=a_utl.get_if_name(2))
e.add_action(action_type='SET_SRC_MAC', action_val='01:00:79:08:78:BC')
e.add_action(action_type='PACKET_ACTION', action_val='COPY_TO_CPU')
e.add_action(
action_type='REDIRECT_PORT',
action_val=a_utl.get_if_name(4))
if (counter_id):
e.add_action(action_type='SET_COUNTER', action_val=counter_id)
global meter_id
meter_opaque = a_utl.qos_meter_get_opaque_data(meter_id)
if meter_opaque is None:
return
e.add_action(action_type='SET_POLICER',
action_val={'index': meter_id, 'data': meter_opaque})
print e.data()
upd = ('set', e.data())
r = cps_utils.CPSTransaction([upd]).commit()
if r == False:
print (sys._getframe().f_code.co_name + " - Error modifying Entry")
return None
e = nas_acl.EntryCPSObj(cps_data=r[0])
entry_id = e.extract_id()
print (sys._getframe().f_code.co_name +
" - Modified Entry " + str(entry_id))
raw_input(
"Check entry is modified (Add SRCIP,SRCMAC,Redirect port. Changed IPv6Flowlabel mask,IN PORTS,Packet Action. Del DSTIP, DST-MAC action. Press Enter to continue...")
passed.append(sys._getframe().f_code.co_name)
return entry_id
return True
tid = None
eid = None
out_entry = []
out_table = []
out_counter = []
if len(sys.argv) > 1:
tid = sys.argv[1]
if len(sys.argv) > 2:
eid = sys.argv[2]
if eid is None:
filt = nas_acl.EntryCPSObj(table_id=tid)
if cps.get([filt.data()], out_entry):
for e_cps in out_entry:
e = nas_acl.EntryCPSObj(cps_data=e_cps)
eid = e.extract_id()
print "Deleting entry ", eid, "in table ", e.extract('table-id')
e1 = nas_acl.EntryCPSObj(e.extract('table-id'), eid)
cps_delete(e1)
else:
print "No entries in table"
filt = nas_acl.CounterCPSObj(table_id=tid)
if cps.get([filt.data()], out_counter):
for e_cps in out_counter:
e = nas_acl.CounterCPSObj(cps_data=e_cps)
eid = e.extract_id()