def _remove_from_acl(self, acl):
"""
"""
if acl._acl_header:
try:
self.log.debug('Delete named ACE=%d from ACL' % self._sequence)
self._ace_handle = acl._acl_client.deleteNamedAce_IDL(
acl._acl_header.name, acl._acl_handle,
c_int(self._sequence).value, acl._acl_header.lifetime,
acl._acl_header.addrFamily)
self.log.info(
'Returned from deleteNamedAce_IDL idl call to remove a L3-ace from L3-acl'
)
except ExceptionIDL as e:
raise OnepRemoteProcedureException(e)
except TException as e:
raise OnepConnectionException(e.message, e)
else:
try:
self.log.debug('Deleted ACE from ACL')
self._ace_handle = acl._acl_client.deleteAce_IDL(
acl._acl_handle, self._ace_handle)
self.log.info(
'Returned from deleteAce_IDL idl call to remove a L3-ace from L3-acl'
)
except ExceptionIDL as e:
raise OnepRemoteProcedureException(e)
except TException as e:
raise OnepConnectionException(e.message, e)
self._acl = None
def trace_request(element, profile, path_spec, timeout):
"""
Trace request allows applications to gather network device information along
a path without addressing each device directly.
@param element: NetworkElement class
@type element: {NetworkElement<onep.element.NetworkElement>}
@param profile: mtrace.ProfileType of trace
@type profile: {ProfileType<onep.mediatrace.mtrace.ProfileType>}
@param path_spec: PathSpecifier class
@type path_spec: {PathSpecifier<onep.mediatrace.mtrace.PathSpecifier>}
@param timeout: Timeout value of trace
@type timeout: C{int}
"""
if not ProfileType._is_valid(profile):
raise OnepIllegalArgumentException('Invalid profile type ' +
str(profile))
if not isinstance(path_spec, PathSpecifier):
raise OnepIllegalArgumentException('Invalid path spec ' +
str(path_spec))
if timeout < 0:
raise OnepIllegalArgumentException('Invalid timeout ' + str(timeout))
try:
client = PathTraceIDL.Client(element.api_protocol)
ptreq_idl = PathTraceRequestIDL(profile, timeout, path_spec._to_idl())
graph_idl = client.PathTrace_executeRequestIDL(
element.session_handle._id, ptreq_idl)
return MediatraceRoute(graph_idl)
except ExceptionIDL as e:
return OnepRemoteProcedureException(e)
def get_match(self):
""" Get ACE match count.
Get the count of matches for this ACE.
@return: Count Match.
@rtype: C{int}
@raise OnepRemoteProcedureException: If error occurs when remote procedure call is made to network element.
@raise OnepConnectionException: If connection to network element fails.
"""
count = 0
try:
if self._acl._acl_header:
self.log.debug('Get named ACE match count')
count = self._acl._acl_client.getNamedAceMatch_IDL(
self._acl._acl_header.name, self._acl._acl_handle,
c_int(self._sequence).value,
self._acl._acl_header.lifetime,
self._acl._acl_header.addrFamily)
else:
self.log.debug('Get ACE match count')
count = self._acl._acl_client.getAceMatch_IDL(
self._acl._acl_handle, self._ace_handle)
self.log.debug('Returned ace match count %s', str(count))
except ExceptionIDL as e:
raise OnepRemoteProcedureException(e)
except TException as e:
raise OnepConnectionException(e.message, e)
return count
def get_capabilities(self, element):
"""
***DEPRECATED***
Please use caps.get_table_capabilities()
****************
-----------------------------------------------------------------------------------
Returns a list of PolicyTable classes containing all capabilities on network element
@param NetworkElement class
@type element: {NetworkElement<onep.element.NetworkElement>}
@return PolicyTable classes
@rtype: list of L{PolicyTable<onep.policyservice.caps.PolicyTable>}
"""
self.log.warning(
'PolicyCapabilities.get_capabilities classmethod is deprecated, Please use caps.get_table_capabilities'
)
try:
tables = Client(element.api_protocol).Policy_getGlobalCapIDL(
element.session_handle._id).tables
except ExceptionIDL as e:
raise OnepRemoteProcedureException(e)
table_classes = []
for table in tables:
pt = PolicyTable(table)
pt.actions = _translate_action_enums(table)
pt.matches = _translate_match_enums(table)
table_classes.append(pt)
return table_classes
def get_global_capabilities(element):
"""
Return a PolicyGlobal class specific to network element
@param NetworkElement class
@type element: {NetworkElement<onep.element.NetworkElement>}
@return PolicyGlobal class
@rtype: {PolicyGlobal<onep.policyservice.caps.PolicyGlobal>}
"""
try:
global_caps = Client(element.api_protocol).Policy_getGlobalCapIDL(
element.session_handle._id)
except ExceptionIDL as e:
raise OnepRemoteProcedureException(e)
return PolicyGlobal(global_caps)
def __init__(self, type, element):
"""
Class PolicyCapabilities.
@param type: PolicyCapabilitiesType for type of policy
@type type: {PolicyCapabilitiesType<onep.policyservice.caps.PolicyCapabilitiesType>}
@param element: NetworkElement instance.
@type element: {NetworkElement<onep.element.NetworkElement>}
@raise OnepIllegalArgumentException: If any of the constructor argument is invalid.
"""
if not PolicyCapabilitiesType._is_valid(type):
raise OnepIllegalArgumentException('invalid policy type')
self.policy_type = type
self.network_element = element
self.session_id = element.session_handle._id
self.client = Client(element.api_protocol)
self.table = {'type': None, 'actions': [], 'matches': []}
self.table['matches'] = self.matches = []
self.table['actions'] = self.actions = []
self.table_classes = []
try:
self.all = self.client.Policy_getGlobalCapIDL(self.session_id)
except ExceptionIDL as e:
raise OnepRemoteProcedureException(e)
type_supported = False
for tbl in self.all.tables:
if tbl.type == type:
self.table['type'] = type
self.table['actions'] = self.actions = _translate_action_enums(
tbl)
self.table['matches'] = self.matches = _translate_match_enums(
tbl)
pt = PolicyTable(tbl)
pt.actions = self.actions
pt.matches = self.matches
self.table_classes.append(pt)
break
if not self.table['type']:
raise OnepNotSupportedException(
'Policy type ' + PolicyCapabilitiesType.enumval(type))
def get_table_capabilities(element):
"""
Returns a list of PolicyTable classes with capabilities per policy type
@param NetworkElement class
@type element: {NetworkElement<onep.element.NetworkElement>}
@return PolicyTable classes
@rtype: list of L{PolicyClass<onep.policyservice.caps.PolicyTable>}
"""
try:
tables = Client(element.api_protocol).Policy_getGlobalCapIDL(
element.session_handle._id).tables
except ExceptionIDL as e:
raise OnepRemoteProcedureException(e)
table_classes = []
for table in tables:
pt = PolicyTable(table)
pt.actions = _translate_action_enums(table)
pt.matches = _translate_match_enums(table)
table_classes.append(pt)
return table_classes
def get_table_capabilities(self, element):
"""
***DEPRECATED***
Please use caps.get_table_capabilities()
****************
-----------------------------------------------------------------------------------
Returns a list of PolicyQuery.PolicyCapabilitiesType supported on network element
@param NetworkElement class
@type element: {NetworkElement<onep.policy.element.NetworkElement>}
@return PolicyCapabilitiesType enums
@rtype: list of L{PolicyCapabilitiesType<onep.policyservice.caps.PolicyCapabilitiesType>}
"""
self.log.warning(
'PolicyCapabilities.get_table_capabilities classmethod is deprecated. Please use caps.get_table_capabilities'
)
try:
tables = Client(element.api_protocol).Policy_getGlobalCapIDL(
element.session_handle._id).tables
except ExceptionIDL as e:
raise OnepRemoteProcedureException(e)
return [table.type for table in tables]
def _add_to_acl(self, acl):
"""
"""
self._validate_prefix(self.src_prefix, 'Source')
self._validate_prefix_len(self.src_prefix_len, 'Source',
HostIpCheck(self.src_prefix).is_ipv4())
self._validate_prefix(self.dst_prefix, 'Destination')
self._validate_prefix_len(self.dst_prefix_len, 'Destination',
HostIpCheck(self.dst_prefix).is_ipv4())
src_addr_type = self._af_check(self.src_prefix)
if src_addr_type == self._AF_INET:
if self.src_prefix_len > 32:
raise OnepIllegalArgumentException(
'Source prefix length for AF_INET source prefix > 32')
elif self.src_prefix_len == None:
self.src_prefix_len = 32
src_prefix_af = OnepConstants.OnepAddressFamilyType.ONEP_AF_INET
elif src_addr_type == self._AF_INET6:
if self.src_prefix_len > 128:
raise OnepIllegalArgumentException(
'Source prefix length for AF_INET6 source prefix > 128')
elif self.src_prefix_len == None:
self.src_prefix_len = 128
src_prefix_af = OnepConstants.OnepAddressFamilyType.ONEP_AF_INET6
else:
raise OnepIllegalArgumentException('Invalid Source prefix Address')
dst_addr_type = self._af_check(self._dst_prefix)
if dst_addr_type == self._AF_INET:
if self.dst_prefix_len > 32:
raise OnepIllegalArgumentException(
'Destination prefix length for AF_INET destination prefix > 32'
)
elif self.dst_prefix_len == None:
self.dst_prefix_len = 32
dst_prefix_af = OnepConstants.OnepAddressFamilyType.ONEP_AF_INET
elif dst_addr_type == self._AF_INET6:
if self.dst_prefix_len > 128:
raise OnepIllegalArgumentException(
'Destination prefix length for AF_INET6 destination prefix > 128'
)
elif self.dst_prefix_len == None:
self.dst_prefix_len = 128
dst_prefix_af = OnepConstants.OnepAddressFamilyType.ONEP_AF_INET6
else:
raise OnepIllegalArgumentException(
'Invalid Destination prefix Address')
if self.dst_prefix_len == 0:
dst_prefix_af = src_prefix_af
if self.src_prefix_len == 0:
src_prefix_af = dst_prefix_af
if not src_prefix_af == dst_prefix_af:
raise OnepIllegalArgumentException(
'Source prefix address family and Destination prefix address family are not same.'
)
if self.src_prefix_len != 0 and src_prefix_af != acl._afi:
raise OnepIllegalArgumentException(
'L3-Ace address family not same as L3-Acl address family')
if self.dst_prefix_len != 0 and dst_prefix_af != acl._afi:
raise OnepIllegalArgumentException(
'L3-Ace address family not same as L3-Acl address family')
if not self._acl == None:
raise OnepIllegalArgumentException(
'L3 Access Control Element(ACE) already added to L3 Access Control List(ACL)'
)
self.log.info('Basic Validation of all L3-ace parameters completed.')
self._acl = acl
ace_param = L3AceParam_IDL(
c_int(self._sequence).value, self.permit, src_prefix_af,
self.src_prefix, self.src_prefix_len, self.dst_prefix,
self.dst_prefix_len, self.protocol, self.src_port_oper,
c_short(self.src_port1).value,
c_short(self._src_port2).value, self.dst_port_oper,
c_short(self.dst_port1).value,
c_short(self._dst_port2).value, self._tcp_flag_value,
self._tcp_flag_mask, self._tcp_flag_match, self._dscp, self._flags,
self._ttl, acl._app_id, acl._app_id, self._dscp_v2)
self.log.info(
'Successfully created L3-ace parameters through idl call L3AceParam_IDL'
)
if acl._acl_header:
try:
self.log.debug('Added named ACE to ACL')
self._ace_handle = acl._acl_client.addNamedL3Ace_IDL(
acl._acl_header.name, acl._acl_handle,
acl._acl_header.lifetime, acl._acl_header.addrFamily,
ace_param)
self.log.info(
'Returned from addNamedL3Ace_IDL idl call to add a L3-ace in L3-acl'
)
except ExceptionIDL as e:
raise OnepRemoteProcedureException(e)
except TException as e:
raise OnepConnectionException(e.message, e)
else:
try:
self.log.debug('Added ACE to ACL')
self._ace_handle = acl._acl_client.addL3Ace_IDL(
acl._acl_handle, ace_param)
self.log.info(
'Returned from addL3Ace_IDL idl call to add a L3-ace in L3-acl'
)
except ExceptionIDL as e:
raise OnepRemoteProcedureException(e)
except TException as e:
raise OnepConnectionException(e.message, e)