def DetachAcl(self, request, context): errno = ErrNo_pb2.SYS_FAIL acl_object = AclManager.AclHandle(request.vswitch_name, request.filter_name) while True: if not os.path.exists(os.path.join(util.NET_AGENT_CONF_DIR, request.filter_name + '.xml')): logging.error("DelAcl: old acl_rules file doesn,t exist") break if acl_object.is_vswitch_exist() is False: logging.error("DelAcl: br %s doesnt exist" % request.vswitch_name) break try: ofport = acl_object.iface_to_ofport(request.tap_name) acl_object.detach_rules(ofport) except: logging.error("DelAcl: br %s del old Acl %s failed" % (request.vswitch_name, request.filter_name)) break errno = ErrNo_pb2.SYS_OK break return AclManager_pb2.AclDetachReply(errno=errno)
def test_QueryAclFile(self): response = self.acl_stub.QueryAclFile( AclManager_pb2.AclFileQueryRequest(filter_name=self.filter_name)) logging.info('QueryAclFile:filter_name: %s', response.filter_name) logging.info('QueryAclFile:filter_type: %d', response.filter_type) logging.info('QueryAclFile:in_default_action: %s', response.in_default_action) logging.info('QueryAclFile:out_default_action: %s', response.out_default_action) for acl_rule in response.acl_rules: logging.info('QueryAclFile:priority: %s', acl_rule.priority) logging.info('QueryAclFile:direction: %d', acl_rule.direction) logging.info('QueryAclFile:src_ip: %s', acl_rule.src_ip) logging.info('QueryAclFile:src_port: %s', acl_rule.src_port) logging.info('QueryAclFile:src_mask: %s', acl_rule.src_mask) logging.info('QueryAclFile:src_mac: %s', acl_rule.src_mac) logging.info('QueryAclFile:src_mac_mask: %s', acl_rule.src_mac_mask) logging.info('QueryAclFile:dst_ip: %s', acl_rule.dst_ip) logging.info('QueryAclFile:dst_port: %s', acl_rule.dst_port) logging.info('QueryAclFile:dst_mask: %s', acl_rule.dst_mask) logging.info('QueryAclFile:dst_mac: %s', acl_rule.dst_mac) logging.info('QueryAclFile:dst_mac_mask: %s', acl_rule.dst_mac_mask) logging.info('QueryAclFile:action: %s', acl_rule.action) logging.info('-----------------------------------------') logging.info('QueryAclFile:errno: %d', response.errno) assert response.errno == ErrNo_pb2.SYS_OK
def DelAclFile(self, request, context): errno = ErrNo_pb2.SYS_FAIL path = os.path.join(util.NET_AGENT_CONF_DIR, request.filter_name + '.xml') if AclManager.remove_acl_rules_file(path) is True: errno = ErrNo_pb2.SYS_OK return AclManager_pb2.AclFileDelReply(errno=errno)
def test_ModifyAclFile(self): rules = [] acl_rule1 = AclManager_pb2.AclRule() acl_rule1.protocol = "TCP" acl_rule1.src_ip = "192.168.25.13" acl_rule1.action = "accept" rules.append(acl_rule1) response = self.acl_stub.ModifyAclFile( AclManager_pb2.AclFileModifyRequest( filter_name=self.filter_name, acl_rules=rules, in_default_action="accept", out_default_action="accept", filter_type=AclManager_pb2.FILTER_BY_IP)) assert response.errno == ErrNo_pb2.SYS_OK
def create_default_acl_file(cls): rules = [] acl_rule1 = AclManager_pb2.AclRule() acl_rule1.protocol = "UDP" acl_rule1.src_ip = "192.168.25.13" acl_rule1.action = "accept" rules.append(acl_rule1) response = cls.acl_stub.AddAclFile( AclManager_pb2.AclFileAddRequest( filter_name=cls.filter_name, acl_rules=rules, in_default_action="accept", out_default_action="accept", filter_type=AclManager_pb2.FILTER_BY_IP)) if response == ErrNo_pb2.SYS_FAIL: raise net_agentd_exception.NetAgentException( "create default acl file failed")
def test_AddAclFile_DelAclFile(self): rules = [] acl_rule0 = AclManager_pb2.AclRule() acl_rule0.protocol = "ALL" acl_rule0.src_ip = "192.168.25.10" acl_rule0.src_port = "58" acl_rule0.src_mask = "255.255.255.0" acl_rule0.action = "drop" rules.append(acl_rule0) acl_rule1 = AclManager_pb2.AclRule() acl_rule1.protocol = "UDP" acl_rule1.src_ip = "192.168.25.13" acl_rule1.action = "accept" rules.append(acl_rule1) response = self.acl_stub.AddAclFile( AclManager_pb2.AclFileAddRequest( filter_name="acl_test_0", acl_rules=rules, in_default_action="accept", out_default_action="accept", filter_type=AclManager_pb2.FILTER_BY_IP)) assert response.errno == ErrNo_pb2.SYS_OK response = self.acl_stub.AddAclFile( AclManager_pb2.AclFileAddRequest( filter_name="acl_test_0", acl_rules=rules, in_default_action="accept", out_default_action="accept", filter_type=AclManager_pb2.FILTER_BY_IP)) assert response.errno == ErrNo_pb2.SYS_FAIL response = self.acl_stub.DelAclFile( AclManager_pb2.AclFileDelRequest(filter_name="acl_test_0")) assert response.errno == ErrNo_pb2.SYS_OK response = self.acl_stub.AddAclFile( AclManager_pb2.AclFileAddRequest( filter_name="acl_test_0", acl_rules=rules, in_default_action="adf", out_default_action="accept", filter_type=AclManager_pb2.FILTER_BY_IP)) assert response.errno == ErrNo_pb2.SYS_FAIL response = self.acl_stub.AddAclFile( AclManager_pb2.AclFileAddRequest( filter_name="acl_test_0", acl_rules=rules, in_default_action="accept", out_default_action="adf", filter_type=AclManager_pb2.FILTER_BY_IP)) assert response.errno == ErrNo_pb2.SYS_FAIL
def test_AttachAcl_DetachAcl(self): response = self.nic_stub.QueryNicInfo( NicManager_pb2.NicInfoQueryRequest(nic_names=[self.acl_nic])) assert response.nic_infos[0].errno == ErrNo_pb2.SYS_OK mac_addr = response.nic_infos[0].mac_address response = self.acl_stub.AttachAcl( AclManager_pb2.AclAttachRequest(vswitch_name=self.switch_name, tap_name=self.acl_nic, mac_addr=mac_addr, filter_name=self.filter_name)) assert response.errno == ErrNo_pb2.SYS_OK response = self.acl_stub.DetachAcl( AclManager_pb2.AclDetachRequest(vswitch_name=self.switch_name, tap_name=self.acl_nic, mac_addr=mac_addr, filter_name=self.filter_name)) assert response.errno == ErrNo_pb2.SYS_OK
def ModifyAclFile(self, request, context): errno = ErrNo_pb2.SYS_FAIL if os.path.exists(os.path.join(util.NET_AGENT_CONF_DIR, request.filter_name + '.xml')): try: AclManager.generate_acl_rules_file(request.filter_type, request.filter_name, request.in_default_action, request.out_default_action, request.acl_rules) errno = ErrNo_pb2.SYS_OK except: logging.error("ModifyAclFile: modify acl_rules file failed") else: logging.error("ModifyAclFile: acl_rules doesnt exist") return AclManager_pb2.AclFileModifyReply(errno=errno)
def get_filter_rules(filter_name): rules = [] path = os.path.join(util.NET_AGENT_CONF_DIR, filter_name + '.xml') xml_tree = util.ReadXml(path) acl_rules = util.GetXmlElementByXpath(xml_tree, 'acl_rules') for acl_rule in acl_rules: rule = AclManager_pb2.AclRule() for item in acl_rule: if item.tag == "priority": rule.priority = item.text if item.tag == "direction": rule.direction = int(item.text) if item.tag == "protocol": rule.protocol = item.text if item.tag == "src_ip_addr": split = item.text.split('/', 1) rule.src_ip = split[0] if len(split) == 2: rule.src_mask = split[1] if item.tag == "src_port": rule.src_port = item.text if item.tag == "src_mac_addr": split = item.text.split('/', 1) rule.src_mac = split[0] if len(split) == 2: rule.src_mac_mask = split[1] if item.tag == "dst_ip_addr": split = item.text.split('/', 1) rule.dst_ip = split[0] if len(split) == 2: rule.dst_mask = split[1] if item.tag == "dst_port": rule.dst_port = item.text if item.tag == "dst_mac_addr": split = item.text.split('/', 1) rule.dst_mac = split[0] if len(split) == 2: rule.dst_mac_mask = split[1] if item.tag == "actions": rule.action = item.text rules.append(rule) return rules
def AddAclFile(self, request, context): errno = ErrNo_pb2.SYS_FAIL if not os.path.exists(os.path.join(util.NET_AGENT_CONF_DIR, request.filter_name + '.xml')): try: AclManager.generate_acl_rules_file(request.filter_type, request.filter_name, request.in_default_action, request.out_default_action, request.acl_rules) errno = ErrNo_pb2.SYS_OK except: logging.critical(traceback.format_exc()) logging.error("AddAclFile: generate acl_rules file failed") else: logging.error("AddAclFile: acl_rules file already exist") return AclManager_pb2.AclFileAddReply(errno=errno)
def QueryAclFile(self, request, context): errno = ErrNo_pb2.SYS_FAIL try: filter_name = AclManager.get_filter_name(request.filter_name) filter_type = AclManager.get_filter_type(request.filter_name) in_default_action = AclManager.get_in_default_action(request.filter_name) out_default_action = AclManager.get_out_default_action(request.filter_name) filter_rules = AclManager.get_filter_rules(request.filter_name) errno = ErrNo_pb2.SYS_OK except: logging.critical(traceback.format_exc()) logging.error("%s QueryAclFile failed" % request.filter_name) return AclManager_pb2.AclFileQueryReply(acl_rules=filter_rules, filter_name=filter_name, filter_type=filter_type, in_default_action=in_default_action, out_default_action=out_default_action, errno=errno)
def destroy_default_acl_file(cls): response = cls.acl_stub.DelAclFile( AclManager_pb2.AclFileDelRequest(filter_name=cls.filter_name)) if response == ErrNo_pb2.SYS_FAIL: raise net_agentd_exception.NetAgentException( "del default acl file failed")