def test_add_rule_priority_table_iif(self): table = 213 priority = 12346 iif = 'iif_device_2' priv_ip_lib.create_interface(iif, self.namespace, 'dummy') priv_ip_lib.add_ip_rule(self.namespace, priority=priority, iifname=iif, table=table) rules = ip_lib.list_ip_rules(self.namespace, 4) self._check_rules( rules, ['priority', 'iif', 'table'], [str(priority), iif, str(table)], 'priority %s, table %s and iif name %s' % (priority, table, iif)) priv_ip_lib.delete_ip_rule(self.namespace, priority=priority, iifname=iif, table=table) rules = ip_lib.list_ip_rules(self.namespace, 4) self.assertFalse( self._check_rules( rules, ['priority', 'iif', 'table'], [str(priority), iif, str(table)], raise_exception=False))
def test_add_rule_table(self): table = 212 ip_addresses = ['192.168.200.251', '2001::251'] for ip_address in ip_addresses: ip_version = common_utils.get_ip_version(ip_address) ip_lenght = common_utils.get_network_length(ip_version) ip_family = common_utils.get_socket_address_family(ip_version) priv_ip_lib.add_ip_rule(self.namespace, table=table, src=ip_address, src_len=ip_lenght, family=ip_family) rules = ip_lib.list_ip_rules(self.namespace, ip_version) self._check_rules( rules, ['table', 'from'], [str(table), ip_address], 'table %s and "from" IP address %s' % (table, ip_address)) priv_ip_lib.delete_ip_rule(self.namespace, table=table, src=ip_address, src_len=ip_lenght, family=ip_family) rules = ip_lib.list_ip_rules(self.namespace, ip_version) self.assertFalse( self._check_rules(rules, ['table', 'from'], [str(table), ip_address], raise_exception=False))
def test_add_rule_priority(self): priority = 12345 ip_addresses = ['192.168.200.252', '2001::252'] for ip_address in ip_addresses: ip_version = common_utils.get_ip_version(ip_address) ip_lenght = common_utils.get_network_length(ip_version) ip_family = common_utils.get_socket_address_family(ip_version) priv_ip_lib.add_ip_rule(self.namespace, priority=priority, src=ip_address, src_len=ip_lenght, family=ip_family) rules = ip_lib.list_ip_rules(self.namespace, ip_version) self._check_rules( rules, ['priority', 'from'], [str(priority), ip_address], 'priority %s and "from" IP address %s' % (priority, ip_address)) priv_ip_lib.delete_ip_rule(self.namespace, priority=priority, src=ip_address, src_len=ip_lenght, family=ip_family) rules = ip_lib.list_ip_rules(self.namespace, ip_version) self.assertFalse( self._check_rules(rules, ['priority', 'from'], [str(priority), ip_address], raise_exception=False))
def test_add_rule_iif(self): iif = 'iif_device_1' priv_ip_lib.create_interface(iif, self.namespace, 'dummy') priv_ip_lib.add_ip_rule(self.namespace, iifname=iif) rules = ip_lib.list_ip_rules(self.namespace, 4) self._check_rules(rules, ['iif'], [iif], 'iif name %s' % iif) priv_ip_lib.delete_ip_rule(self.namespace, iifname=iif) rules = ip_lib.list_ip_rules(self.namespace, 4) self.assertFalse( self._check_rules(rules, ['iif'], [iif], raise_exception=False))
def test_add_rule_exists(self): iif = 'iif_device_1' priv_ip_lib.create_interface(iif, self.namespace, 'dummy') priv_ip_lib.add_ip_rule(self.namespace, iifname=iif) rules = ip_lib.list_ip_rules(self.namespace, 4) self._check_rules(rules, ['iif'], [iif], 'iif name %s' % iif) self.assertEqual(4, len(rules)) # pyroute2.netlink.exceptions.NetlinkError(17, 'File exists') # exception is catch. priv_ip_lib.add_ip_rule(self.namespace, iifname=iif) rules = ip_lib.list_ip_rules(self.namespace, 4) self._check_rules(rules, ['iif'], [iif], 'iif name %s' % iif) self.assertEqual(4, len(rules))
def test_add_rule_ip(self): ip_addresses = ['192.168.200.250', '2001::250'] for ip_address in ip_addresses: ip_version = common_utils.get_ip_version(ip_address) ip_lenght = common_utils.get_network_length(ip_version) ip_family = common_utils.get_socket_address_family(ip_version) priv_ip_lib.add_ip_rule(self.namespace, src=ip_address, src_len=ip_lenght, family=ip_family) rules = ip_lib.list_ip_rules(self.namespace, ip_version) self._check_rules(rules, ['from'], [ip_address], '"from" IP address %s' % ip_address) priv_ip_lib.delete_ip_rule(self.namespace, family=ip_family, src=ip_address, src_len=ip_lenght) rules = ip_lib.list_ip_rules(self.namespace, ip_version) self.assertFalse( self._check_rules(rules, ['from'], [ip_address], raise_exception=False))
def get_fip_table_indexes(self, ip_version): ip_rules_list = ip_lib.list_ip_rules(self.get_name(), ip_version) tbl_index_list = [] for ip_rule in ip_rules_list: tbl_index = ip_rule['table'] if tbl_index in ['local', 'default', 'main']: continue tbl_index_list.append(tbl_index) return tbl_index_list
def test_add_rule_priority_table_iif(self): table = 213 priority = 12346 iif = 'iif_device_2' priv_ip_lib.create_interface(iif, self.namespace, 'dummy') priv_ip_lib.add_ip_rule(self.namespace, priority=priority, iifname=iif, table=table) rules = ip_lib.list_ip_rules(self.namespace, 4) self._check_rules( rules, ['priority', 'iif', 'table'], [str(priority), iif, str(table)], 'priority %s, table %s and iif name %s' % (priority, table, iif)) priv_ip_lib.delete_ip_rule(self.namespace, priority=priority, iifname=iif, table=table) rules = ip_lib.list_ip_rules(self.namespace, 4) self.assertFalse( self._check_rules(rules, ['priority', 'iif', 'table'], [str(priority), iif, str(table)], raise_exception=False))
def _stale_ip_rule_cleanup(self, namespace, ns_ipd, ip_version): ip_rules_list = ip_lib.list_ip_rules(namespace, ip_version) snat_table_list = [] for ip_rule in ip_rules_list: snat_table = ip_rule['table'] priority = ip_rule['priority'] if snat_table in ['local', 'default', 'main']: continue if (ip_version == lib_constants.IP_VERSION_4 and snat_table in range(dvr_fip_ns.FIP_PR_START, dvr_fip_ns.FIP_PR_END)): continue gateway_cidr = ip_rule['from'] ip_lib.delete_ip_rule(namespace, ip=gateway_cidr, table=snat_table, priority=priority) snat_table_list.append(snat_table) for tb in snat_table_list: ns_ipd.route.flush(ip_version, table=tb)
def _cleanup_unused_fip_ip_rules(self): if not self.router_namespace.exists(): # It could be a new router, thus the namespace is not created yet. return ip_rules = ip_lib.list_ip_rules(self.ns_name, lib_constants.IP_VERSION_4) ip_rules = [ ipr for ipr in ip_rules if ipr['table'] == dvr_fip_ns.FIP_RT_TBL ] for ip_rule in ip_rules: for fixed_ip, rule_pr in self.floating_ips_dict.values(): if (ip_rule['from'] == fixed_ip and ip_rule['priority'] == rule_pr): break else: ip_lib.delete_ip_rule(self.ns_name, ip_rule['from'], table=dvr_fip_ns.FIP_RT_TBL, priority=ip_rule['priority'])
def test_rules_lifecycle(self): PRIORITY = 32768 TABLE = 16 attr = self.generate_device_details() device = self.manage_device(attr) test_cases = { constants.IP_VERSION_4: [{ 'ip': '1.1.1.1', 'to': '8.8.8.0/24' }, { 'ip': '1.1.1.1', 'iif': device.name, 'to': '7.7.7.0/24' }], constants.IP_VERSION_6: [{ 'ip': 'abcd::1', 'to': '1234::/64' }, { 'ip': 'abcd::1', 'iif': device.name, 'to': '4567::/64' }] } expected_rules = { constants.IP_VERSION_4: [{ 'from': '1.1.1.1', 'to': '8.8.8.0/24', 'priority': str(PRIORITY), 'table': str(TABLE), 'type': 'unicast' }, { 'from': '0.0.0.0/0', 'to': '7.7.7.0/24', 'iif': device.name, 'priority': str(PRIORITY), 'table': str(TABLE), 'type': 'unicast' }], constants.IP_VERSION_6: [{ 'from': 'abcd::1', 'to': '1234::/64', 'priority': str(PRIORITY), 'table': str(TABLE), 'type': 'unicast' }, { 'from': '::/0', 'to': '4567::/64', 'iif': device.name, 'priority': str(PRIORITY), 'table': str(TABLE), 'type': 'unicast', }] } for ip_version, test_case in test_cases.items(): for rule in test_case: ip_lib.add_ip_rule(namespace=device.namespace, table=TABLE, priority=PRIORITY, **rule) rules = ip_lib.list_ip_rules(device.namespace, ip_version) for expected_rule in expected_rules[ip_version]: self.assertIn(expected_rule, rules) for rule in test_case: ip_lib.delete_ip_rule(device.namespace, table=TABLE, priority=PRIORITY, **rule) rules = priv_ip_lib.list_ip_rules(device.namespace, ip_version) for expected_rule in expected_rules[ip_version]: self.assertNotIn(expected_rule, rules)
def test_rules_lifecycle(self): PRIORITY = 32768 TABLE = 16 attr = self.generate_device_details() device = self.manage_device(attr) test_cases = { constants.IP_VERSION_4: [ { 'ip': '1.1.1.1', 'to': '8.8.8.0/24' }, { 'ip': '1.1.1.1', 'iif': device.name, 'to': '7.7.7.0/24' } ], constants.IP_VERSION_6: [ { 'ip': 'abcd::1', 'to': '1234::/64' }, { 'ip': 'abcd::1', 'iif': device.name, 'to': '4567::/64' } ] } expected_rules = { constants.IP_VERSION_4: [ { 'from': '1.1.1.1', 'to': '8.8.8.0/24', 'priority': str(PRIORITY), 'table': str(TABLE), 'type': 'unicast' }, { 'from': '0.0.0.0/0', 'to': '7.7.7.0/24', 'iif': device.name, 'priority': str(PRIORITY), 'table': str(TABLE), 'type': 'unicast' } ], constants.IP_VERSION_6: [ { 'from': 'abcd::1', 'to': '1234::/64', 'priority': str(PRIORITY), 'table': str(TABLE), 'type': 'unicast' }, { 'from': '::/0', 'to': '4567::/64', 'iif': device.name, 'priority': str(PRIORITY), 'table': str(TABLE), 'type': 'unicast', } ] } for ip_version, test_case in test_cases.items(): for rule in test_case: ip_lib.add_ip_rule(namespace=device.namespace, table=TABLE, priority=PRIORITY, **rule) rules = ip_lib.list_ip_rules(device.namespace, ip_version) for expected_rule in expected_rules[ip_version]: self.assertIn(expected_rule, rules) for rule in test_case: ip_lib.delete_ip_rule(device.namespace, table=TABLE, priority=PRIORITY, **rule) rules = priv_ip_lib.list_ip_rules(device.namespace, ip_version) for expected_rule in expected_rules[ip_version]: self.assertNotIn(expected_rule, rules)
def test_add_rule_iif(self): iif = 'iif_device_1' priv_ip_lib.create_interface(iif, self.namespace, 'dummy') priv_ip_lib.add_ip_rule(self.namespace, iifname=iif) rules = ip_lib.list_ip_rules(self.namespace, 4) self._check_rules(rules, ['iif'], [iif], 'iif name %s' % iif)