aboutsummaryrefslogtreecommitdiffstats
path: root/resources/libraries/python/Classify.py
diff options
context:
space:
mode:
authorJan Gelety <jgelety@cisco.com>2020-03-21 09:41:46 +0100
committerJan Gelety <jgelety@cisco.com>2020-03-27 14:20:14 +0000
commitbb7d2f0580429eb17d048f484f25c05bb257b64c (patch)
tree30ae46049bd5dc7e0320ef4ce1362e9bbf1ef272 /resources/libraries/python/Classify.py
parent3d06f64a50f03c3c859eb36e279a24f27aa1b107 (diff)
CSIT-1597 API cleanup: acl
- cover API changes in VPP: https://gerrit.fd.io/r/c/vpp/+/26184 - update vpp stable to version 20.05-rc0~424 Change-Id: Ie621a29db25755151bfee76a045a423fd1267ada Signed-off-by: Jan Gelety <jgelety@cisco.com>
Diffstat (limited to 'resources/libraries/python/Classify.py')
-rw-r--r--resources/libraries/python/Classify.py85
1 files changed, 42 insertions, 43 deletions
diff --git a/resources/libraries/python/Classify.py b/resources/libraries/python/Classify.py
index 016dc572b5..13472617f2 100644
--- a/resources/libraries/python/Classify.py
+++ b/resources/libraries/python/Classify.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 Cisco and/or its affiliates.
+# Copyright (c) 2020 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
@@ -20,8 +20,9 @@ from ipaddress import ip_address
from robot.api import logger
from resources.libraries.python.Constants import Constants
+from resources.libraries.python.InterfaceUtil import InterfaceUtil
+from resources.libraries.python.IPUtil import IPUtil
from resources.libraries.python.PapiExecutor import PapiSocketExecutor
-from resources.libraries.python.topology import Topology
class Classify:
@@ -332,11 +333,10 @@ class Classify:
:type acls: list
"""
cmd = u"acl_interface_set_acl_list"
- n_input = len(acls) if acl_type == u"input" else 0
args = dict(
sw_if_index=sw_if_index,
acls=acls,
- n_input=n_input,
+ n_input=len(acls) if acl_type == u"input" else 0,
count=len(acls)
)
@@ -361,7 +361,7 @@ class Classify:
"""
cmd = u"acl_add_replace"
args = dict(
- tag=tag.encode("utf-8"),
+ tag=tag,
acl_index=4294967295 if acl_idx is None else acl_idx,
count=len(rules),
r=rules
@@ -606,15 +606,11 @@ class Classify:
:type acl_type: str
:type acl_idx: list
"""
- if isinstance(interface, str):
- sw_if_index = Topology.get_interface_sw_index(node, interface)
- else:
- sw_if_index = int(interface)
-
- acls = acl_idx if isinstance(acl_idx, list) else list()
-
Classify._acl_interface_set_acl_list(
- node=node, sw_if_index=sw_if_index, acl_type=acl_type, acls=acls
+ node=node,
+ sw_if_index=int(InterfaceUtil.get_interface_index(node, interface)),
+ acl_type=acl_type,
+ acls=acl_idx if isinstance(acl_idx, list) else list()
)
@staticmethod
@@ -639,51 +635,56 @@ class Classify:
acl_rules = list()
for rule in rules.split(u", "):
- acl_rule = dict()
- acl_rule[u"is_permit"] = 1 if u"permit" in rule else 0
- acl_rule[u"is_ipv6"] = 1 if u"ipv6" in rule else 0
+ acl_rule = dict(
+ is_permit=2 if u"permit+reflect" in rule
+ else 1 if u"permit" in rule else 0,
+ src_prefix=0,
+ dst_prefix=0,
+ proto=0,
+ srcport_or_icmptype_first=0,
+ srcport_or_icmptype_last=65535,
+ dstport_or_icmpcode_first=0,
+ dstport_or_icmpcode_last=65535,
+ tcp_flags_mask=0,
+ tcp_flags_value=0
+ )
groups = re.search(reg_ex_src_ip, rule)
if groups:
grp = groups.group(1).split(u" ")[1].split(u"/")
- acl_rule[u"src_ip_addr"] = ip_address(grp[0]).packed
- acl_rule[u"src_ip_prefix_len"] = int(grp[1])
+ acl_rule[u"src_prefix"] = IPUtil.create_prefix_object(
+ ip_address(grp[0]), int(grp[1])
+ )
groups = re.search(reg_ex_dst_ip, rule)
if groups:
grp = groups.group(1).split(u" ")[1].split(u"/")
- acl_rule[u"dst_ip_addr"] = ip_address(grp[0]).packed
- acl_rule[u"dst_ip_prefix_len"] = int(grp[1])
+ acl_rule[u"dst_prefix"] = IPUtil.create_prefix_object(
+ ip_address(grp[0]), int(grp[1])
+ )
groups = re.search(reg_ex_sport, rule)
if groups:
port = int(groups.group(1).split(u" ")[1])
acl_rule[u"srcport_or_icmptype_first"] = port
acl_rule[u"srcport_or_icmptype_last"] = port
- else:
- acl_rule[u"srcport_or_icmptype_first"] = 0
- acl_rule[u"srcport_or_icmptype_last"] = 65535
groups = re.search(reg_ex_dport, rule)
if groups:
port = int(groups.group(1).split(u" ")[1])
acl_rule[u"dstport_or_icmpcode_first"] = port
acl_rule[u"dstport_or_icmpcode_last"] = port
- else:
- acl_rule[u"dstport_or_icmpcode_first"] = 0
- acl_rule[u"dstport_or_icmpcode_last"] = 65535
groups = re.search(reg_ex_proto, rule)
if groups:
proto = int(groups.group(1).split(' ')[1])
acl_rule[u"proto"] = proto
- else:
- acl_rule[u"proto"] = 0
acl_rules.append(acl_rule)
Classify._acl_add_replace(
- node, acl_idx=acl_idx, rules=acl_rules, tag=tag)
+ node, acl_idx=acl_idx, rules=acl_rules, tag=tag
+ )
@staticmethod
def add_macip_acl_multi_entries(node, rules=u""):
@@ -700,9 +701,13 @@ class Classify:
acl_rules = list()
for rule in rules.split(u", "):
- acl_rule = dict()
- acl_rule[u"is_permit"] = 1 if u"permit" in rule else 0
- acl_rule[u"is_ipv6"] = 1 if u"ipv6" in rule else 0
+ acl_rule = dict(
+ is_permit=2 if u"permit+reflect" in rule
+ else 1 if u"permit" in rule else 0,
+ src_mac=6*b'0',
+ src_mac_mask=6*b'0',
+ prefix=0
+ )
groups = re.search(reg_ex_mac, rule)
if groups:
@@ -717,8 +722,9 @@ class Classify:
groups = re.search(reg_ex_ip, rule)
if groups:
grp = groups.group(1).split(u" ")[1].split(u"/")
- acl_rule[u"src_ip_addr"] = ip_address((grp[0])).packed
- acl_rule[u"src_ip_prefix_len"] = int(grp[1])
+ acl_rule[u"src_prefix"] = IPUtil.create_prefix_object(
+ ip_address((grp[0])), int(grp[1])
+ )
acl_rules.append(acl_rule)
@@ -748,18 +754,11 @@ class Classify:
:type acl_idx: str or int
:raises RuntimeError: If unable to set MACIP ACL for the interface.
"""
- if isinstance(interface, str):
- sw_if_index = Topology.get_interface_sw_index(node, interface)
- else:
- sw_if_index = interface
-
- is_add = 1 if action == u"add" else 0
-
cmd = u"macip_acl_interface_add_del"
err_msg = f"Failed to get 'macip_acl_interface' on host {node[u'host']}"
args = dict(
- is_add=is_add,
- sw_if_index=int(sw_if_index),
+ is_add=bool(action == u"add"),
+ sw_if_index=int(InterfaceUtil.get_interface_index(node, interface)),
acl_index=int(acl_idx)
)
with PapiSocketExecutor(node) as papi_exec:
an> ; then sign="+" let tz_hour=$tz_hour+1 if [[ $tz_hour -ge "24" ]] ; then tz_hour=0 fi else sign="-" let tz_hour=$tz_hour-1 || true if [[ $tz_hour -lt "0" ]] ; then tz_hour=23 fi fi # Timestamp, an hour ago: ts_begin=`TZ=UTC${sign}${tz_hour} date +%Y%m%d%H%M.%S` # break into constituent parts year=`echo $ts_begin | sed -n -e 's/^\(.\{4\}\).*$/\1/p'` t=`echo $ts_begin | sed -n -e 's/^\(.\{4\}\)//p'` month=`echo $t | sed -n -e 's/^\(.\{2\}\).*$/\1/p'` t=`echo $t | sed -n -e 's/^\(.\{2\}\)//p'` day=`echo $t | sed -n -e 's/^\(.\{2\}\).*$/\1/p'` t=`echo $t | sed -n -e 's/^\(.\{2\}\)//p'` hour=`echo $t | sed -n -e 's/^\(.\{2\}\).*$/\1/p'` t=`echo $t | sed -n -e 's/^\(.\{2\}\)//p'` min=`echo $t | sed -n -e 's/^\(.\{2\}\).*$/\1/p'` t=`echo $t | sed -n -e 's/^\(.\{2\}\)//p'` sec=`echo $t | sed -n -e 's/\.//p'` # How many days in the current month? # Good until someone changes the calendar rules days_in_current_month() { if [[ $month -eq 9 || $month -eq 4 \ || $month -eq 6 || $month -eq 11 ]] ; then return 30; fi if [[ $month -eq 2 ]] ; then let t=($year/400)*400 if [[ $t -eq $year ]] ; then return 29; fi let t=($year/100)*100 if [[ $t -eq $year ]] ; then return 28; fi let t=($year/4)*4 if [[ $t -eq $year ]] ; then return 29; fi return 28; fi return 31; } # The next timestamp to issue via touch # A real hemorrhoid because bash isnt easily convinced # that 08 is a decimal number next_ts() { sec=`echo $sec | sed 's/^0//'` let sec=$sec+1 if [[ "$sec" -lt "60" ]] ; then if [[ "$sec" -lt "10" ]] ; then sec=0$sec fi return 0; fi sec="00" min=`echo $min | sed 's/^0//'` let min=$min+1 if [[ "$min" -lt "60" ]] ; then if [[ "$min" -lt "10" ]] ; then min=0$min fi return 0; fi min="00" hour=`echo $hour | sed 's/^0//'` let hour=$hour+1 if [[ "$hour" -lt "24" ]] ; then if [[ "$hour" -lt "10" ]] ; then hour=0$hour fi return 0; fi hour="00" days_in_current_month days_in_month=$? if [[ "$day" -lt "$days_in_month" ]] ; then day=`echo $day | sed 's/^0//'` let day=$day+1 if [[ "$day" -lt "10" ]] ; then day=0$day fi return 0; fi day="01" month=`echo $month | sed 's/^0//'` let month=$month+1 if [[ "$month" -lt "13" ]] ; then if [[ "$month" -lt "10" ]] ; then month=0$month fi return 0; fi month="01" let year=$year+1 return 0; } while [ $# != 0 ] ; do case "$1" in (--commav) comma_v=",v" ;; (--touch) touch=yes ;; (--aclocal) aclocal=yes ;; (--nooptimize) optimize="" ;; (--commit=*) commit="$1" ;; (*) echo "$0: usage [--touch|--commit|]" > /dev/stderr exit 17 ;; esac shift done if [ "${aclocal}" != "" ] ; then if [ -f aclocal.m4 ] ; then echo touching aclocal.m4 sleep 1 touch aclocal.m4 else echo aclocal.m4 not found fi fi if [ "${comma_v}" != "" -a "${commit}" != "" ] ; then echo "No, you may NOT molest ,v files directly. Go away." > /dev/stderr exit 1 fi function touchme () { local victim="${1}" shift local touchmebaby="" local sein="is" local newer="no" local older="no" if [ ! -r "$victim" ] ; then return fi while [ $# != 0 ] ; do if [ "${1}" -nt "${victim}" ] ; then newer="yes" fi if [ "${1}" -ot "${victim}" ] ; then older="yes" fi if [ "${newer}" = "no" -a "${older}" = "no" ] ; then newer="yes" fi if [ "${newer}" = "yes" ] ; then if [ "${touchmebaby}" = "" ] ; then touchmebaby="${1}" else sein="are" touchmebaby="${touchmebaby} ${1}" fi fi shift done if [ -n "${touchmebaby}" ] ; then echo "*** ${touchmebaby} ${sein} newer than ${victim} " if [ -n "${touch}" ] ; then # # This is the old version, in case something backfires... if [ "${optimize}" != "yes" ] ; then echo "Fixing " ;touch -c "$victim" ; sleep 1 else echo "Fixing " # echo touch -c -t $year$month$day$hour$min.$sec "$victim" touch -c -t $year$month$day$hour$min.$sec "$victim" next_ts fi fi fi } makefileins="`/usr/bin/find . -name Attic -prune -o -name Makefile.in${comma_v}`" # aclocal.m4 depends on ***/Makefile.am, configure.ac, acinclude.m4, *.m4 crap touchme aclocal.m4${comma_v} \ `/usr/bin/find . -name Attic -prune -o -name Makefile.am${comma_v}` \ "configure.in${comma_v}" "configure.ac${comma_v}" \ "acinclude.m4${comma_v}" # Makefile.in must be newer than Makefile.am for f in $makefileins ; do d="`dirname ${f}`" touchme "${d}/Makefile.in${comma_v}" "${d}/Makefile.am${comma_v}" done # Makefile.in depends on aclocal.m4 for f in $makefileins ; do d="`dirname $f`" touchme "${d}/Makefile.in${comma_v}" "aclocal.m4${comma_v}" done # config.in must be newer than aclocal.m4 and configure.ac if [ -f "config.in${comma_v}" ] ; then touchme "config.in${comma_v}" "aclocal.m4${comma_v}" \ "configure.ac${comma_v}" \ "configure.in${comma_v}" fi # config.h.in (or More Thoroughly Modern configh.in) # must be newer than aclocal.m4 and (obsolete) acconfig.h for c_h_in in config.h.in configh.in ; do if [ -f "${c_h_in}${comma_v}" ]; then touchme "${c_h_in}${comma_v}" "aclocal.m4${comma_v}" "acconfig.h${comma_v}" #>>>> WTF? Why? This is nonsensical ## ***/Makefile.in must be newer than config.h.in #for f in $makefileins ; do # touchme "$f" "${c_h_in}${comma_v}" #done fi done # configure must be newer than everything # touchme configure $makefileins -- why would this be needed? touchme "configure${comma_v}" "aclocal.m4${comma_v}" "acconfig.h${comma_v}" \ "config.in${comma_v}" "config.h.in${comma_v}" \ "configh.in${comma_v}" if [ -n "${commit}" ] ; then commit="${commit:9}" # strip off "--commit=" # First ***/Makefile.am, # configure.in, configure.ac, # ***/*.m4 # acconfig.h cvs commit -m "${commit}" \ `for f in ${makefileins} ; do \ [ -f "$${f%.in}.am" ] && echo "$${f%.in}.am" ; \ done` \ `[ -f configure.in ] && echo configure.in` \ `[ -f configure.ac ] && echo configure.ac` \ `[ -f acconfig.h ] && echo acconfig.h` \ `/usr/bin/find . -name '*.m4' -mindepth 2` # Next aclocal.m4 [ -f "aclocal.m4" ] && cvs commit -m "${commit}" aclocal.m4 # Next config.in, config.h.in, configh.in [ -f "config.in" ] && cvs commit -m "${commit}" config.in [ -f "config.h.in" ] && cvs commit -m "${commit}" config.h.in [ -f "configh.in" ] && cvs commit -m "${commit}" configh.in # Last ***/Makefile.in, configure cvs commit -m "${commit}" ${makefileins} configure fi