def test_vlan_id_filter():
print 'Creating ACL table'
table_id = nas_acl.create_table('INGRESS', 100,
['OUTER_VLAN_ID', 'INNER_VLAN_ID'])
print 'Table ID: %d' % table_id
print 'Creating ACL entry'
entry_id_1 = nas_acl.create_entry(table_id, 1, {
'OUTER_VLAN_ID': {
'data': 0
},
'INNER_VLAN_ID': {
'data': 0
}
}, {'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id_1
entry_id_2 = nas_acl.create_entry(table_id, 2, {
'OUTER_VLAN_ID': {
'data': 100
},
'INNER_VLAN_ID': {
'data': 200
}
}, {'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id_2
nas_acl.print_entry(table_id)
print 'Deleting ACL entry'
nas_acl.delete_entry(table_id, entry_id_1)
nas_acl.delete_entry(table_id, entry_id_2)
print 'Deleting ACL table'
nas_acl.delete_table(table_id)
def test_update_entry_action():
print 'Creating ACL table'
table_id = nas_acl.create_table('INGRESS', 100, ['IN_INTF'])
print 'Table ID: %d' % table_id
print 'Creating ACL entry'
entry_id = nas_acl.create_entry(table_id, 1, {'IN_INTF': 'e101-001-0'},
{'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id
print 'Trying to set user trap ID with drop action (expected fail)'
with pytest.raises(RuntimeError):
nas_acl.replace_entry_action_list(table_id, entry_id, {
'PACKET_ACTION': 'DROP',
'SET_USER_TRAP_ID': 2
})
nas_acl.print_entry(table_id, entry_id)
print 'Trying to set user trap ID with trap to CPU action'
try:
nas_acl.replace_entry_action_list(table_id, entry_id, {
'PACKET_ACTION': 'TRAP_TO_CPU',
'SET_USER_TRAP_ID': 2
})
except RuntimeError:
assert False
nas_acl.print_entry(table_id, entry_id)
print 'Restoring ACL entry actions'
try:
nas_acl.replace_entry_action_list(table_id, entry_id,
{'PACKET_ACTION': 'DROP'})
except RuntimeError:
assert False
nas_acl.print_entry(table_id, entry_id)
print 'Deleting ACL entry'
nas_acl.delete_entry(table_id, entry_id)
print 'Deleting ACL table'
nas_acl.delete_table(table_id)
def __get_table(type, fields):
_table_id = nas_acl.create_table(stage=type,\
prio=_default_table_prio, allow_filters=fields,only_if_not_exist=True)
out = []
if cps.get([nas_acl.TableCPSObj(table_id=_table_id).data()], out) == True:
if out:
return nas_acl.TableCPSObj(cps_data=out[0])
return None
def test_bridge_type_filter():
print 'Createing Ingress ACL table'
ing_table_id = nas_acl.create_table('INGRESS', 101, ['BRIDGE_TYPE'])
print 'Table ID: %d' % ing_table_id
print 'Creating Ingress ACL entry'
entry_id_1 = nas_acl.create_entry(ing_table_id, 1,
{'BRIDGE_TYPE': 'BRIDGE_1Q'},
{'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id_1
entry_id_2 = nas_acl.create_entry(ing_table_id, 2,
{'BRIDGE_TYPE': 'BRIDGE_1D'},
{'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id_2
nas_acl.print_entry(ing_table_id)
print 'Createing Egress ACL table'
eg_table_id = nas_acl.create_table('EGRESS', 101, ['BRIDGE_TYPE'])
print 'Table ID: %d' % eg_table_id
print 'Creating Egress ACL entry'
entry_id_3 = nas_acl.create_entry(eg_table_id, 1,
{'BRIDGE_TYPE': 'BRIDGE_1Q'},
{'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id_3
entry_id_4 = nas_acl.create_entry(eg_table_id, 2,
{'BRIDGE_TYPE': 'BRIDGE_1D'},
{'PACKET_ACTION': 'DROP'})
print 'Entry ID: %d' % entry_id_4
nas_acl.print_entry(eg_table_id)
print 'Deleting ACL entry'
nas_acl.delete_entry(ing_table_id, entry_id_1)
nas_acl.delete_entry(ing_table_id, entry_id_2)
nas_acl.delete_entry(eg_table_id, entry_id_3)
nas_acl.delete_entry(eg_table_id, entry_id_4)
print 'Deleting ACL table'
nas_acl.delete_table(ing_table_id)
nas_acl.delete_table(eg_table_id)
def acl_ut_table_create(prio=None):
global total, passed
total.append(sys._getframe().f_code.co_name)
try:
tid = nas_acl.create_table(stage='INGRESS', prio=prio,
allow_filters=[
'SRC_IP', 'SRC_MAC', 'DST_IP', 'IP_TYPE',
'TCP_FLAGS', 'DSCP', 'ECN', 'IPV6_FLOW_LABEL',
'IN_PORTS', 'IN_PORT'])
except RuntimeError as r:
print (sys._getframe().f_code.co_name + ": Error creating Table")
return None
print (sys._getframe().f_code.co_name + " - Created Table " + str(tid))
passed.append(sys._getframe().f_code.co_name)
return tid
def __create_table():
if _args['table_stage'] == None or _args[
'table_priority'] == None or _args['table_match'] == None:
print('Missing manditory attributes to create table')
sys.exit(1)
_table_id = nas_acl.create_table(stage=_args['table_stage'],prio=_args['table_priority'],\
allow_filters=_args['table_match'],only_if_not_exist=True)
_table = nas_acl.TableCPSObj(table_id=_table_id)
out = []
if cps.get([_table.data()], out) == True:
for t_cps in out:
t = nas_acl.TableCPSObj(cps_data=t_cps)
_table = t
return _table
def acl_ut_table_create(prio=None):
global total, passed
total.append(sys._getframe().f_code.co_name)
try:
tid = nas_acl.create_table(stage='INGRESS', prio=prio,
allow_filters=[
'SRC_IP', 'SRC_MAC', 'DST_IP', 'IP_TYPE',
'TCP_FLAGS', 'DSCP', 'ECN', 'IPV6_FLOW_LABEL',
'IN_PORTS', 'IN_PORT'])
except RuntimeError as r:
print (sys._getframe().f_code.co_name + ": Error creating Table")
return None
print (sys._getframe().f_code.co_name + " - Created Table " + str(tid))
passed.append(sys._getframe().f_code.co_name)
return tid
def main():
tid = nas_acl.create_table(stage='EGRESS',
prio=99,
allow_filters=[
'SRC_IP', 'DST_IP', 'IN_PORT', 'OUT_PORT',
'L4_SRC_PORT', 'L4_DST_PORT'
])
#
# ACL Entry to drop all packets received from DST_IP on L4_DST_PORT
#
# ACL counter to count number of dropped packets
#counter_mac = nas_acl.create_counter(table_id=tid, types=['PACKET'])
# CPS Create the ACL entry
eid_tcp = nas_acl.create_entry(table_id=tid,
prio=512,
filter_map={
'SRC_IP': {
'addr': '23.0.0.1',
'mask': '255.0.0.0'
},
'L4_SRC_PORT': 443,
},
action_map={'PACKET_ACTION': 'DROP'})
"""
eid_ip = nas_acl.create_entry(table_id=tid,
prio=511,
filter_map={'DST_IP': '23.0.0.1',
'DSCP': {'data':0x08, 'mask':0x38}},
action_map={'SET_TC': 4,
'SET_COUNTER': counter_ip})
"""
# Print both entries in ACL table
nas_acl.print_entry(tid)
#return tid,eid_mac
#raw_input("Press Enter to clean up the ACL entries and table ...")
# Print the ACL stats object
#nas_acl.print_stats(tid, counter_ip)
nas_acl.print_stats(tid)
ACL Entry 1 -
Drop all packets received on specific port from specific range of Src MACs
ACL Entry 2 -
Assign traffic-class to all packets that are destined to specific IP
and contain a specific range of DSCP marking values.
Compare with the steps in nas_acl_generic_cps_example.py
"""
import nas_acl
#
# ACL Table to hold the ACL Entries.
#
tid = nas_acl.create_table(
stage='INGRESS',
prio=99,
allow_filters=['DST_IP', 'SRC_MAC', 'IN_PORT', 'DSCP'])
#
# ACL Entry to drop all packets received from MAC 50:10:6e:xx:xx:xx on port 23
#
# ACL counter to count number of dropped packets
counter_mac = nas_acl.create_counter(table_id=tid, types=['PACKET'])
# CPS Create the ACL entry
eid_mac = nas_acl.create_entry(table_id=tid,
prio=512,
filter_map={
'SRC_MAC': {
'addr': '50:10:6e:00:00:00',
'mask': 'ff:ff:ff:00:00:00'
},
"""
A more extensive example of the NAS ACL wrapper utility module to
show all possible CPS CRUD operations available with this module
"""
import nas_acl
import sys
import nas_acl_utils as a_utl
if len(sys.argv) <= 1:
print "Usage ./nas_acl_example.py <table-priority> <entry-priority>"
sys.exit(0)
# Create ACL Table with a list of allowed filters
tid = nas_acl.create_table(stage='INGRESS', prio=sys.argv[1],
allow_filters=[
'SRC_IP', 'SRC_MAC', 'DST_MAC', 'DST_IP', 'IP_TYPE',
'TCP_FLAGS', 'ECN', 'IPV6_FLOW_LABEL', 'IN_PORT'])
if len(sys.argv) < 3:
sys.exit(0)
# Create ACL counter for this Table
counter_id = nas_acl.create_counter(table_id=tid)
# Create Mirroring sessions
mirr_id_1, mirr_opq_1 = a_utl.mirror_create(15)
mirr_id_2, mirr_opq_2 = a_utl.mirror_create(16)
#
# Example shows how various filters and actions can be specified for ACL entry create
show all possible CPS CRUD operations available with this module
"""
import nas_acl
import sys
import nas_acl_utils as a_utl
if len(sys.argv) <= 1:
print "Usage ./nas_acl_example.py <table-priority> <entry-priority>"
sys.exit(0)
# Create ACL Table with a list of allowed filters
tid = nas_acl.create_table(stage='INGRESS',
prio=sys.argv[1],
allow_filters=[
'SRC_IP', 'SRC_MAC', 'DST_MAC', 'DST_IP',
'IP_TYPE', 'TCP_FLAGS', 'ECN',
'IPV6_FLOW_LABEL', 'IN_PORT'
])
if len(sys.argv) < 3:
sys.exit(0)
# Create ACL counter for this Table
counter_id = nas_acl.create_counter(table_id=tid)
# Create Mirroring sessions
mirr_id_1, mirr_opq_1 = a_utl.mirror_create(15)
mirr_id_2, mirr_opq_2 = a_utl.mirror_create(16)
#
ACL Entry 1 -
Drop all packets received on specific port from specific range of Src MACs
ACL Entry 2 -
Assign traffic-class to all packets that are destined to specific IP
and contain a specific range of DSCP marking values.
Compare with the steps in nas_acl_generic_cps_example.py
"""
import nas_acl
#
# ACL Table to hold the ACL Entries.
#
tid = nas_acl.create_table(stage='INGRESS',
prio=99,
allow_filters=['DST_IP', 'SRC_MAC',
'IN_PORT', 'DSCP'])
#
# ACL Entry to drop all packets received from MAC 50:10:6e:xx:xx:xx on port 23
#
# ACL counter to count number of dropped packets
counter_mac = nas_acl.create_counter(table_id=tid, types=['PACKET'])
# CPS Create the ACL entry
eid_mac = nas_acl.create_entry(table_id=tid,
prio=512,
filter_map={'SRC_MAC': {'addr':'50:10:6e:00:00:00',
'mask':'ff:ff:ff:00:00:00'},
'IN_PORT': 23},
action_map={'PACKET_ACTION': 'DROP',
'SET_COUNTER': counter_mac})