def test_AddAclFile_DelAclFile(self):
rules = []
acl_rule0 = AclManager_pb2.AclRule()
acl_rule0.protocol = "ALL"
acl_rule0.src_ip = "192.168.25.10"
acl_rule0.src_port = "58"
acl_rule0.src_mask = "255.255.255.0"
acl_rule0.action = "drop"
rules.append(acl_rule0)
acl_rule1 = AclManager_pb2.AclRule()
acl_rule1.protocol = "UDP"
acl_rule1.src_ip = "192.168.25.13"
acl_rule1.action = "accept"
rules.append(acl_rule1)
response = self.acl_stub.AddAclFile(
AclManager_pb2.AclFileAddRequest(
filter_name="acl_test_0",
acl_rules=rules,
in_default_action="accept",
out_default_action="accept",
filter_type=AclManager_pb2.FILTER_BY_IP))
assert response.errno == ErrNo_pb2.SYS_OK
response = self.acl_stub.AddAclFile(
AclManager_pb2.AclFileAddRequest(
filter_name="acl_test_0",
acl_rules=rules,
in_default_action="accept",
out_default_action="accept",
filter_type=AclManager_pb2.FILTER_BY_IP))
assert response.errno == ErrNo_pb2.SYS_FAIL
response = self.acl_stub.DelAclFile(
AclManager_pb2.AclFileDelRequest(filter_name="acl_test_0"))
assert response.errno == ErrNo_pb2.SYS_OK
response = self.acl_stub.AddAclFile(
AclManager_pb2.AclFileAddRequest(
filter_name="acl_test_0",
acl_rules=rules,
in_default_action="adf",
out_default_action="accept",
filter_type=AclManager_pb2.FILTER_BY_IP))
assert response.errno == ErrNo_pb2.SYS_FAIL
response = self.acl_stub.AddAclFile(
AclManager_pb2.AclFileAddRequest(
filter_name="acl_test_0",
acl_rules=rules,
in_default_action="accept",
out_default_action="adf",
filter_type=AclManager_pb2.FILTER_BY_IP))
assert response.errno == ErrNo_pb2.SYS_FAIL
def test_ModifyAclFile(self):
rules = []
acl_rule1 = AclManager_pb2.AclRule()
acl_rule1.protocol = "TCP"
acl_rule1.src_ip = "192.168.25.13"
acl_rule1.action = "accept"
rules.append(acl_rule1)
response = self.acl_stub.ModifyAclFile(
AclManager_pb2.AclFileModifyRequest(
filter_name=self.filter_name,
acl_rules=rules,
in_default_action="accept",
out_default_action="accept",
filter_type=AclManager_pb2.FILTER_BY_IP))
assert response.errno == ErrNo_pb2.SYS_OK
def get_filter_rules(filter_name):
rules = []
path = os.path.join(util.NET_AGENT_CONF_DIR, filter_name + '.xml')
xml_tree = util.ReadXml(path)
acl_rules = util.GetXmlElementByXpath(xml_tree, 'acl_rules')
for acl_rule in acl_rules:
rule = AclManager_pb2.AclRule()
for item in acl_rule:
if item.tag == "priority":
rule.priority = item.text
if item.tag == "direction":
rule.direction = int(item.text)
if item.tag == "protocol":
rule.protocol = item.text
if item.tag == "src_ip_addr":
split = item.text.split('/', 1)
rule.src_ip = split[0]
if len(split) == 2:
rule.src_mask = split[1]
if item.tag == "src_port":
rule.src_port = item.text
if item.tag == "src_mac_addr":
split = item.text.split('/', 1)
rule.src_mac = split[0]
if len(split) == 2:
rule.src_mac_mask = split[1]
if item.tag == "dst_ip_addr":
split = item.text.split('/', 1)
rule.dst_ip = split[0]
if len(split) == 2:
rule.dst_mask = split[1]
if item.tag == "dst_port":
rule.dst_port = item.text
if item.tag == "dst_mac_addr":
split = item.text.split('/', 1)
rule.dst_mac = split[0]
if len(split) == 2:
rule.dst_mac_mask = split[1]
if item.tag == "actions":
rule.action = item.text
rules.append(rule)
return rules
def create_default_acl_file(cls):
rules = []
acl_rule1 = AclManager_pb2.AclRule()
acl_rule1.protocol = "UDP"
acl_rule1.src_ip = "192.168.25.13"
acl_rule1.action = "accept"
rules.append(acl_rule1)
response = cls.acl_stub.AddAclFile(
AclManager_pb2.AclFileAddRequest(
filter_name=cls.filter_name,
acl_rules=rules,
in_default_action="accept",
out_default_action="accept",
filter_type=AclManager_pb2.FILTER_BY_IP))
if response == ErrNo_pb2.SYS_FAIL:
raise net_agentd_exception.NetAgentException(
"create default acl file failed")