Open Ethernet Networking (OpEN) API Guide and Reference Manual  3.11.1.2
acl_example.py
1 /*! \file acl_example.py
2  */
3 
4 #!/mnt/fastpath/usr/bin/python
5 
6 """acl_example.py: OpEN API Security Access Lists (ACL) configuration example"""
7 
8 import OpEN_py as OpEN
9 from OpENUtil import *
10 import socket
11 import struct
12 from sys import version_info
13 
14 open_ = OpENUtil()
15 
16 #
17 # Copyright 2016 Broadcom.
18 #
19 # Licensed under the Apache License, Version 2.0 (the "License")
20 # you may not use this file except in compliance with the License.
21 # You may obtain a copy of the License at
22 #
23 # http://www.apache.org/licenses/LICENSE-2.0
24 #
25 # Unless required by applicable law or agreed to in writing, software
26 # distributed under the License is distributed on an "AS IS" BASIS,
27 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
28 # See the License for the specific language governing permissions and
29 # limitations under the License.
30 #
31 
32 #
33 # Python 2.6.6
34 #
35 
36 # Define some constants for comparison convenience
37 ACL = 'acl'
38 INTF = 'intf'
39 VLAN = 'vlan'
40 
41 RULE = 'rule'
42 ACTION_PERMIT = 'permit'
43 ACTION_DENY = 'deny'
44 
45 MATCH_ASSIGN_QUEUE = 'assign-queue'
46 MATCH_COS = 'cos'
47 MATCH_COS2 = 'cos2'
48 MATCH_DSCP = 'dscp'
49 MATCH_ETHER_TYPE = 'ether-type'
50 MATCH_EVERY = 'every'
51 MATCH_FLOW_LABEL = 'flow-label'
52 MATCH_FRAGMENTS = 'fragments'
53 MATCH_ICMP_TYPE = 'icmp-type'
54 MATCH_IGMP_TYPE = 'igmp-type'
55 MATCH_IP_DST_MASK = 'ip-dst-mask'
56 MATCH_IP_SRC_MASK = 'ip-src-mask'
57 MATCH_IPV6_DST_PFX = 'ipv6-dst-pfx'
58 MATCH_IPV6_SRC_PFX = 'ipv6-src-pfx'
59 MATCH_L4_DST_PORT = 'l4-dst-port'
60 MATCH_L4_SRC_PORT = 'l4-src-port'
61 MATCH_LOGGING = 'logging'
62 MATCH_MAC_DST_MASK = 'mac-dst-mask'
63 MATCH_MAC_SRC_MASK = 'mac-src-mask'
64 MATCH_PACKET_MIRRORING = 'packet-mirroring'
65 MATCH_PACKET_REDIRECTION = 'packet-redirection'
66 MATCH_PRECEDENCE = 'precedence'
67 MATCH_PROTOCOL = 'protocol'
68 MATCH_RATE_LIMIT = 'rate-limit'
69 MATCH_REDIRECT_AGENT = 'redirect-agent'
70 MATCH_ROUTING_FLAG = 'routing-flag'
71 MATCH_TCP_FLAGS = 'tcp-flags'
72 MATCH_TIME_BASED = 'time-based'
73 MATCH_TOS = 'tos'
74 MATCH_VLAN = 'vlan'
75 MATCH_VLAN2 = 'vlan2'
76 
77 # Define ACL data for consumption.
78 # Note that the data is organized in an ACL, RULE, and MATCH sequence.
79 # This is the necessary sequence in order for creating an ACL
80 ACL_LIST = [
81  {ACL:['test_ip',OpEN.OPEN_ACL_TYPE_IP]},
82  {RULE:OpEN.OPEN_ACL_PERMIT},
83  {MATCH_EVERY:[True]},
84  {MATCH_ASSIGN_QUEUE:[]},
85  {MATCH_LOGGING:[True]},
86  {MATCH_PACKET_MIRRORING:[]},
87  {RULE:OpEN.OPEN_ACL_PERMIT},
88  {MATCH_IP_SRC_MASK:['10.10.10.1','255.0.0.0']},
89  {MATCH_IP_DST_MASK:['20.20.20.1','255.0.0.0']},
90  {MATCH_PROTOCOL:[OpEN.OPENAPI_ACL_PROTOCOL_PIM]},
91  {MATCH_DSCP:[OpEN.OPENAPI_ACL_IP_DSCP_AF11]},
92  {MATCH_FRAGMENTS:[True]},
93  {MATCH_PRECEDENCE:[7]},
94  {MATCH_TOS:['a0','a2']},
95  {MATCH_PACKET_REDIRECTION:[]},
96  {RULE:OpEN.OPEN_ACL_PERMIT},
97  {MATCH_PROTOCOL:[OpEN.OPENAPI_ACL_PROTOCOL_TCP]},
98  {MATCH_REDIRECT_AGENT:[100]},
99  {MATCH_RATE_LIMIT:[4294967295,128]},
100  {MATCH_TIME_BASED:['ipv4-time-range-name']},
101  {RULE:OpEN.OPEN_ACL_PERMIT},
102  {MATCH_PROTOCOL:[OpEN.OPENAPI_ACL_PROTOCOL_ICMP]},
103  {MATCH_ICMP_TYPE:[8,0,True]},
104  {RULE:OpEN.OPEN_ACL_PERMIT},
105  {MATCH_PROTOCOL:[OpEN.OPENAPI_ACL_PROTOCOL_IGMP]},
106  {MATCH_IGMP_TYPE:[30]},
107  {RULE:OpEN.OPEN_ACL_PERMIT},
108  {MATCH_PROTOCOL:[OpEN.OPENAPI_ACL_PROTOCOL_TCP]},
109  {MATCH_TCP_FLAGS:[OpEN.OPENAPI_ACL_TCP_FLAG_FIN,OpEN.OPENAPI_ACL_TCP_FLAG_SYN,OpEN.OPENAPI_ACL_TCP_FLAG_ACK]},
110  {MATCH_L4_SRC_PORT:[OpEN.OPEN_ACL_L4_PORT_OPERATOR_EQUAL_TO,80,0]},
111  {RULE:OpEN.OPEN_ACL_PERMIT},
112  {MATCH_PROTOCOL:[OpEN.OPENAPI_ACL_PROTOCOL_UDP]},
113  {MATCH_L4_SRC_PORT:[OpEN.OPEN_ACL_L4_PORT_OPERATOR_LESS_THAN,10000,0]},
114  {MATCH_L4_DST_PORT:[OpEN.OPEN_ACL_L4_PORT_OPERATOR_GREATER_THAN,20000,0]},
115  {RULE:OpEN.OPEN_ACL_DENY},
116 
117  {ACL:['test_ip6',OpEN.OPEN_ACL_TYPE_IPV6]},
118  {RULE:OpEN.OPEN_ACL_PERMIT},
119  {MATCH_EVERY:[True]},
120  {MATCH_ASSIGN_QUEUE:[3]},
121  {MATCH_LOGGING:[True]},
122  {MATCH_PACKET_MIRRORING:[]},
123  {RULE:OpEN.OPEN_ACL_PERMIT},
124  {MATCH_PROTOCOL:[OpEN.OPENAPI_ACL_PROTOCOL_PIM]},
125  {MATCH_IPV6_SRC_PFX:['1001::',24]},
126  {MATCH_IPV6_DST_PFX:['2001::',24]},
127  {MATCH_DSCP:[OpEN.OPENAPI_ACL_IP_DSCP_AF11]},
128  {MATCH_FRAGMENTS:[True]},
129  {MATCH_PACKET_REDIRECTION:[100]},
130  {RULE:OpEN.OPEN_ACL_PERMIT},
131  {MATCH_PROTOCOL:[OpEN.OPENAPI_ACL_PROTOCOL_TCP]},
132  {MATCH_REDIRECT_AGENT:[100]},
133  {MATCH_RATE_LIMIT:[4294967295,128]},
134  {MATCH_TIME_BASED:['ipv6-time-range-name']},
135  {MATCH_FLOW_LABEL:[1048575]},
136  {MATCH_ROUTING_FLAG:[True]},
137  {RULE:OpEN.OPEN_ACL_PERMIT},
138  {MATCH_PROTOCOL:[OpEN.OPENAPI_ACL_PROTOCOL_ICMPV6]},
139  {MATCH_ICMP_TYPE:[1,4,True]},
140  {RULE:OpEN.OPEN_ACL_PERMIT},
141  {MATCH_PROTOCOL:[OpEN.OPENAPI_ACL_PROTOCOL_TCP]},
142  {MATCH_TCP_FLAGS:[OpEN.OPENAPI_ACL_TCP_FLAG_RST,OpEN.OPENAPI_ACL_TCP_FLAG_PSH,OpEN.OPENAPI_ACL_TCP_FLAG_URG]},
143  {MATCH_L4_SRC_PORT:[OpEN.OPEN_ACL_L4_PORT_OPERATOR_RANGE,20000,20010]},
144  {MATCH_L4_DST_PORT:[OpEN.OPEN_ACL_L4_PORT_OPERATOR_GREATER_THAN,60000,0]},
145  {RULE:OpEN.OPEN_ACL_DENY},
146 
147  {ACL:['test_mac',OpEN.OPEN_ACL_TYPE_MAC]},
148  {RULE:OpEN.OPEN_ACL_PERMIT},
149  {MATCH_EVERY:[True]},
150  {MATCH_ASSIGN_QUEUE:[5]},
151  {MATCH_LOGGING:[True]},
152  {MATCH_PACKET_MIRRORING:[]},
153  {RULE:OpEN.OPEN_ACL_PERMIT},
154  {MATCH_MAC_SRC_MASK:['00:11:22:33:44:55','ff:ff:ff:00:00:00']},
155  {MATCH_MAC_DST_MASK:['55:44:33:22:11:00','00:00:00:ff:ff:ff']},
156  {MATCH_PACKET_REDIRECTION:[]},
157  {RULE:OpEN.OPEN_ACL_PERMIT},
158  {MATCH_REDIRECT_AGENT:[100]},
159  {MATCH_RATE_LIMIT:[4294967295,128]},
160  {MATCH_TIME_BASED:['mac-time-range-name']},
161  {MATCH_ETHER_TYPE:[0x809B]},
162  {MATCH_COS:[0]},
163  {MATCH_COS2:[7]},
164  {MATCH_VLAN:[OpEN.OPEN_ACL_VLAN_OPERATOR_RANGE,2,100]},
165  {MATCH_VLAN2:[OpEN.OPEN_ACL_VLAN_OPERATOR_EQUAL_TO,200,0]},
166  {RULE:OpEN.OPEN_ACL_DENY},
167 ]
168 
169 # Define some ACLs to rename.
170 ACL_RENAME_LIST = [
171  (OpEN.OPEN_ACL_TYPE_IP, 'test_ip', 'test_ip_renamed'),
172  (OpEN.OPEN_ACL_TYPE_IPV6, 'test_ip6', 'test_ip6_renamed'),
173  (OpEN.OPEN_ACL_TYPE_MAC, 'test_mac', 'test_mac_renamed'),
174 ]
175 
176 # Define some interfaces for creation.
177 INTERFACE_CREATE_LIST = [
178  {INTF:[OpEN.OPEN_ACL_TYPE_IP, 'test_ip_renamed', 1, OpEN.OPEN_ACL_INBOUND_ACL, 100]},
179  {INTF:[OpEN.OPEN_ACL_TYPE_IP, 'test_ip_renamed', 2, OpEN.OPEN_ACL_INBOUND_ACL, 200]},
180  {INTF:[OpEN.OPEN_ACL_TYPE_IPV6,'test_ip6_renamed',3, OpEN.OPEN_ACL_INBOUND_ACL, 300]},
181  {INTF:[OpEN.OPEN_ACL_TYPE_MAC, 'test_mac_renamed',4, OpEN.OPEN_ACL_INBOUND_ACL, 400]},
182  {VLAN:[OpEN.OPEN_ACL_TYPE_IP, 'test_ip_renamed', 5, OpEN.OPEN_ACL_INBOUND_ACL, 500]},
183  {VLAN:[OpEN.OPEN_ACL_TYPE_IP, 'test_ip_renamed', 6, OpEN.OPEN_ACL_INBOUND_ACL, 600]},
184  {VLAN:[OpEN.OPEN_ACL_TYPE_IPV6,'test_ip6_renamed',7, OpEN.OPEN_ACL_INBOUND_ACL, 700]},
185  {VLAN:[OpEN.OPEN_ACL_TYPE_MAC, 'test_mac_renamed',8, OpEN.OPEN_ACL_INBOUND_ACL, 800]},
186 
187  {INTF:[OpEN.OPEN_ACL_TYPE_IP, 'test_ip_renamed', 9, OpEN.OPEN_ACL_INBOUND_ACL, 900]},
188 ]
189 
190 # Define some interfaces for deletion.
191 INTERFACE_DELETE_LIST = [
192  {INTF:[OpEN.OPEN_ACL_TYPE_IP, 'test_ip_renamed', 2, OpEN.OPEN_ACL_INBOUND_ACL]},
193  {VLAN:[OpEN.OPEN_ACL_TYPE_IP, 'test_ip_renamed', 5, OpEN.OPEN_ACL_INBOUND_ACL]},
194 ]
195 
196 def ip_to_int(addr):
197  """Convert ipv4 string to integer"""
198 
199  return struct.unpack("!I", socket.inet_aton(addr))[0]
200 
201 def int_to_ip(addr):
202  """Convert ipv4 integer to string"""
203 
204  return socket.inet_ntoa(struct.pack("!I", addr))
205 
206 def ipv6_to_int(addr):
207  """Convert ipv6 string to integer"""
208 
209  str_ = socket.inet_pton(socket.AF_INET6, addr)
210  a, b = struct.unpack('!2Q', str_)
211  return (a << 64) | b
212 
213 def int_to_ipv6(addr):
214  """Convert ipv6 integer to string"""
215 
216  a = addr >> 64
217  b = addr & ((1 << 64) - 1)
218  return socket.inet_ntop(socket.AF_INET6, struct.pack('!2Q', a, b))
219 
220 def print_sanity_results(result, test, msg, feat):
221  """Print overall comparision results"""
222 
223  if result == OpEN.OPEN_E_UNAVAIL:
224  print ("Sanity test skipped.")
225  elif result == OpEN.OPEN_E_NONE and test == True:
226  print ("Sanity Success - %s - %s." % (msg, feat))
227  else:
228  print ("Sanity Failure - %s - %s." % (msg, feat))
229 
230 def print_bad_result(result, msg):
231  """Print some general error messages if the result is bad"""
232 
233  if result == OpEN.OPEN_E_UNAVAIL:
234  print ("Feature not supported - %s (err %d)." % (msg, result))
235  elif result != OpEN.OPEN_E_NONE:
236  print ("Test Failure - %s (err %d)." % (msg, result))
237 
238 class AclExample :
239  """Simple ACL class implementing basic CRUD examples """
240 
241  def __init__(self, client) :
242  self.m_client = client
243 
244  def create_acl(self, acl_name, acl_type, init=None):
245  """Create an ACL whose type is based on acl_type"""
246 
247  try:
248  name_string = open_.getStringBuffer(len(acl_name) + 1, acl_name)
249  except OpENBufferSizeError:
250  print("create_acl: getStringBuffer raised OpENBufferSizeError")
251  return
252  except TypeError:
253  print("create_acl: getStringBuffer raised TypeError")
254  return
255  name_buff = OpEN.open_buffdesc()
256  name_buff.pstart = name_string
257  name_buff.size = len(acl_name)+1
258 
259  # Delete previous ACL
260  if init != None:
261  OpEN.openapiAclDeleteByName(self.m_client, acl_type, name_buff)
262 
263  # Create new ACL
264  acl_p = OpEN.new_uint32_tp()
265  result = OpEN.openapiAclCreate(self.m_client, acl_type, name_buff, acl_p)
266  print_bad_result(result, 'openapiAclCreate')
267 
268  if result == OpEN.OPEN_E_NONE:
269  # Fetch newly created ACL for demonstration
270  acl_id = OpEN.uint32_tp_value(acl_p)
271  tmp_acl_p = OpEN.new_uint32_tp()
272  result = OpEN.openapiAclGet(self.m_client, acl_type, name_buff, tmp_acl_p)
273  print_bad_result(result, 'openapiAclGet')
274  print_sanity_results(result, acl_id==OpEN.uint32_tp_value(tmp_acl_p), 'create_acl', acl_name)
275  OpEN.delete_uint32_tp(tmp_acl_p)
276 
277  OpEN.delete_uint32_tp(acl_p)
278 
279  if result == OpEN.OPEN_E_NONE:
280  return acl_id
281  else:
282  return 0
283 
284  def create_rule(self, acl_id, rule_id, action):
285  """Create an action rule which is attached to the given acl_id"""
286 
287  if acl_id == 0:
288  return 0 # exit if invalid id
289  if rule_id != 0:
290  rule_id = rule_id+1 # increment if not first rule
291 
292  # Create new action rule
293  rule_p = OpEN.new_uint32_tp()
294  OpEN.uint32_tp_assign(rule_p, rule_id)
295  result = OpEN.openapiAclRuleActionAdd(self.m_client, acl_id, rule_p, action)
296  print_bad_result(result, 'openapiAclRuleActionAdd')
297 
298  if result == OpEN.OPEN_E_NONE:
299  # Fetch newly created rule for demonstration
300  rule_id = OpEN.uint32_tp_value(rule_p)
301  action_p = OpEN.new_OPEN_ACL_ACTION_tp()
302  result = OpEN.openapiAclRuleActionGet(self.m_client, acl_id, rule_id, action_p)
303  print_bad_result(result, 'openapiAclRuleActionGet')
304  print_sanity_results(result, action==OpEN.OPEN_ACL_ACTION_tp_value(action_p), 'create_rule', "")
305  OpEN.delete_OPEN_ACL_ACTION_tp(action_p)
306 
307  OpEN.delete_uint32_tp(rule_p)
308 
309  if result == OpEN.OPEN_E_NONE:
310  return rule_id
311  else:
312  return 0
313 
314  def create_match(self, acl_id, rule_id, match, conditions):
315  """Add a match-condition to the supplied acl and rule"""
316 
317  if acl_id == 0 or rule_id == 0:
318  return 0
319 
320  if match == MATCH_ASSIGN_QUEUE:
321  val_p = OpEN.new_uint32_tp()
322 
323  if len(conditions) == 1:
324  # Use rate if supplied
325  val = conditions[0]
326  else:
327  # Else retrieve maximum rate allowed for demonstration
328  OpEN.openapiAclMaxAssignQueueGet(self.m_client, val_p)
329  val = OpEN.uint32_tp_value(val_p)
330 
331  result = OpEN.openapiAclRuleMatchAssignQueueAdd(self.m_client, acl_id, rule_id, val)
332  print_bad_result(result, 'openapiAclRuleMatchAssignQueueAdd')
333 
334  if result == OpEN.OPEN_E_NONE:
335  # Fetch newly created match for comparison
336  val_p = OpEN.new_uint32_tp()
337  result = OpEN.openapiAclRuleMatchAssignQueueGet(self.m_client, acl_id, rule_id, val_p)
338  print_bad_result(result, 'openapiAclRuleMatchAssignQueueGet')
339  print_sanity_results(result, val==OpEN.uint32_tp_value(val_p), 'create_match', match)
340 
341  OpEN.delete_uint32_tp(val_p)
342 
343  elif match == MATCH_COS:
344  # MAC ACLs only
345  val = conditions[0]
346 
347  result = OpEN.openapiAclRuleMatchMacCosAdd(self.m_client, acl_id, rule_id, val)
348  print_bad_result(result, 'openapiAclRuleMatchMacCosAdd')
349 
350  if result == OpEN.OPEN_E_NONE:
351  # Fetch newly created match for comparison
352  val_p = OpEN.new_uint32_tp()
353  result = OpEN.openapiAclRuleMatchMacCosGet(self.m_client, acl_id, rule_id, val_p)
354  print_bad_result(result, 'openapiAclRuleMatchMacCosGet')
355  print_sanity_results(result, val==OpEN.uint32_tp_value(val_p), 'create_match', match)
356  OpEN.delete_uint32_tp(val_p)
357 
358  elif match == MATCH_COS2:
359  # MAC ACLs only
360  val = conditions[0]
361 
362  result = OpEN.openapiAclRuleMatchMacCos2Add(self.m_client, acl_id, rule_id, val)
363  print_bad_result(result, 'openapiAclRuleMatchMacCos2Add')
364 
365  if result == OpEN.OPEN_E_NONE:
366  # Fetch newly created match for comparison
367  val_p = OpEN.new_uint32_tp()
368  result = OpEN.openapiAclRuleMatchMacCos2Get(self.m_client, acl_id, rule_id, val_p)
369  print_bad_result(result, 'openapiAclRuleMatchMacCos2Get')
370  print_sanity_results(result, val == OpEN.uint32_tp_value(val_p), 'create_match', match)
371  OpEN.delete_uint32_tp(val_p)
372 
373  elif match == MATCH_DSCP:
374  val = conditions[0]
375 
376  result = OpEN.openapiAclRuleMatchDscpAdd(self.m_client, acl_id, rule_id, val)
377  print_bad_result(result, 'openapiAclRuleMatchDscpAdd')
378 
379  if result == OpEN.OPEN_E_NONE:
380  # Fetch newly created match for comparison
381  val_p = OpEN.new_uint32_tp()
382  result = OpEN.openapiAclRuleMatchDscpGet(self.m_client, acl_id, rule_id, val_p)
383  print_bad_result(result, 'openapiAclRuleMatchDscpGet')
384  print_sanity_results(result, val == OpEN.uint32_tp_value(val_p), 'create_match', match)
385  OpEN.delete_uint32_tp(val_p)
386 
387  elif match == MATCH_ETHER_TYPE:
388  val = conditions[0]
389 
390  result = OpEN.openapiAclRuleMatchMacEtherTypeAdd(self.m_client, acl_id, rule_id, val)
391  print_bad_result(result, 'openapiAclRuleMatchMacEtherTypeAdd')
392 
393  if result == OpEN.OPEN_E_NONE:
394  # Fetch newly created match for comparison
395  val_p = OpEN.new_uint32_tp()
396  result = OpEN.openapiAclRuleMatchMacEtherTypeGet(self.m_client, acl_id, rule_id, val_p)
397  print_bad_result(result, 'openapiAclRuleMatchMacEtherTypeGet')
398  print_sanity_results(result, val == OpEN.uint32_tp_value(val_p), 'create_match', match)
399  OpEN.delete_uint32_tp(val_p)
400 
401  elif match == MATCH_FLOW_LABEL:
402  # IPv6 ACLs only
403  val = conditions[0]
404 
405  result = OpEN.openapiAclRuleMatchFlowLabelAdd(self.m_client, acl_id, rule_id, val)
406  print_bad_result(result, 'openapiAclRuleMatchFlowLabelAdd')
407 
408  if result == OpEN.OPEN_E_NONE:
409  # Fetch newly created match for comparison
410  val_p = OpEN.new_uint32_tp()
411  result = OpEN.openapiAclRuleMatchFlowLabelGet(self.m_client, acl_id, rule_id, val_p)
412  print_bad_result(result, 'openapiAclRuleMatchFlowLabelGet')
413  print_sanity_results(result, val == OpEN.uint32_tp_value(val_p), 'create_match', match)
414  OpEN.delete_uint32_tp(val_p)
415 
416  elif match == MATCH_FRAGMENTS:
417  val = conditions[0]
418 
419  result = OpEN.openapiAclRuleMatchFragmentsAdd(self.m_client, acl_id, rule_id, val)
420  print_bad_result(result, 'openapiAclRuleMatchFragmentsAdd')
421 
422  if result == OpEN.OPEN_E_NONE:
423  # Fetch newly created match for comparison
424  val_p = OpEN.new_bool_tp()
425  result = OpEN.openapiAclRuleMatchFragmentsGet(self.m_client, acl_id, rule_id, val_p)
426  print_bad_result(result, 'openapiAclRuleMatchFragmentsGet')
427  print_sanity_results(result, val == OpEN.bool_tp_value(val_p), 'create_match', match)
428  OpEN.delete_bool_tp(val_p)
429 
430  elif match == MATCH_EVERY:
431  val = conditions[0]
432 
433  result = OpEN.openapiAclRuleMatchEveryAdd(self.m_client, acl_id, rule_id, val)
434  print_bad_result(result, 'openapiAclRuleMatchEveryAdd')
435 
436  if result == OpEN.OPEN_E_NONE:
437  # Fetch newly created match for comparison
438  val_p = OpEN.new_bool_tp()
439  result = OpEN.openapiAclRuleMatchEveryGet(self.m_client, acl_id, rule_id, val_p)
440  print_bad_result(result, 'openapiAclRuleMatchEveryGet')
441  print_sanity_results(result, val == OpEN.bool_tp_value(val_p), 'create_match', match)
442  OpEN.delete_bool_tp(val_p)
443 
444  elif match == MATCH_ICMP_TYPE:
445  type_ = conditions[0]
446  code = conditions[1]
447  bool_ = conditions[2]
448 
449  result = OpEN.openapiAclRuleMatchIcmpTypeCodeAdd(self.m_client, acl_id, rule_id, bool_, type_, code)
450  print_bad_result(result, 'openapiAclRuleMatchIcmpTypeCodeAdd')
451 
452  if result == OpEN.OPEN_E_NONE:
453  # Fetch newly created rule for comparison
454  type_p = OpEN.new_uint32_tp()
455  code_p = OpEN.new_uint32_tp()
456  result = OpEN.openapiAclRuleMatchIcmpTypeCodeGet(self.m_client, acl_id, rule_id, bool_, type_p, code_p)
457  print_bad_result(result, 'openapiAclRuleMatchIcmpTypeCodeGet')
458  tmp_type = OpEN.uint32_tp_value(type_p)
459  tmp_code = OpEN.uint32_tp_value(code_p)
460  print_sanity_results(result, type_ == tmp_type and code == tmp_code, 'create_match', match)
461  OpEN.delete_uint32_tp(type_p)
462  OpEN.delete_uint32_tp(code_p)
463 
464  elif match == MATCH_IGMP_TYPE:
465  type_ = conditions[0]
466 
467  result = OpEN.openapiAclRuleMatchIgmpTypeAdd(self.m_client, acl_id, rule_id, type_)
468  print_bad_result(result, 'openapiAclRuleMatchIgmpTypeAdd')
469 
470  if result == OpEN.OPEN_E_NONE:
471  # Fetch newly created rule for comparison
472  type_p = OpEN.new_uint32_tp()
473  result = OpEN.openapiAclRuleMatchIgmpTypeGet(self.m_client, acl_id, rule_id, type_p)
474  print_bad_result(result, 'openapiAclRuleMatchIgmpTypeGet')
475  tmp_type = OpEN.uint32_tp_value(type_p)
476  print_sanity_results(result, type_ == tmp_type, 'create_match', match)
477  OpEN.delete_uint32_tp(type_p)
478 
479  elif match == MATCH_IP_DST_MASK:
480  dst_addr = OpEN.open_inet_addr_t()
481  dst_addr.addr.ipv4 = socket.ntohl(ip_to_int(conditions[0]))
482  dst_addr.family = socket.AF_INET
483 
484  mask_addr = OpEN.open_inet_addr_t()
485  mask_addr.addr.ipv4 = socket.ntohl(ip_to_int(conditions[1]))
486  mask_addr.family = socket.AF_INET
487 
488  result = OpEN.openapiAclRuleMatchIpDstMaskAdd(self.m_client, acl_id, rule_id, dst_addr, mask_addr)
489  print_bad_result(result, 'openapiAclRuleMatchIpDstMaskAdd')
490 
491  if result == OpEN.OPEN_E_NONE:
492  # Fetch newly created match for comparison
493  tmp_dst_addr = OpEN.open_inet_addr_t()
494  tmp_dst_mask = OpEN.open_inet_addr_t()
495 
496  result = OpEN.openapiAclRuleMatchIpDstMaskGet(self.m_client, acl_id, rule_id, tmp_dst_addr, tmp_dst_mask)
497  print_bad_result(result, 'openapiAclRuleMatchIpDstMaskGet')
498  print_sanity_results(result, dst_addr.addr.ipv4 == tmp_dst_addr.addr.ipv4, 'create_match', match)
499 
500  elif match == MATCH_IP_SRC_MASK:
501  src_addr = OpEN.open_inet_addr_t()
502  src_addr.addr.ipv4 = socket.ntohl(ip_to_int(conditions[0]))
503  src_addr.family = socket.AF_INET
504 
505  mask_addr = OpEN.open_inet_addr_t()
506  mask_addr.addr.ipv4 = socket.ntohl(ip_to_int(conditions[1]))
507  mask_addr.family = socket.AF_INET
508 
509  result = OpEN.openapiAclRuleMatchIpSrcMaskAdd(self.m_client, acl_id, rule_id, src_addr, mask_addr)
510  print_bad_result(result, 'openapiAclRuleMatchIpSrcMaskAdd')
511 
512  if result == OpEN.OPEN_E_NONE:
513  # Fetch newly created match for comparison
514  tmp_src_addr = OpEN.open_inet_addr_t()
515  tmp_src_mask = OpEN.open_inet_addr_t()
516 
517  result = OpEN.openapiAclRuleMatchIpSrcMaskGet(self.m_client, acl_id, rule_id, tmp_src_addr, tmp_src_mask)
518  print_bad_result(result, 'openapiAclRuleMatchIpSrcMaskGet')
519  print_sanity_results(result, src_addr.addr.ipv4 == tmp_src_addr.addr.ipv4, 'create_match', match)
520 
521  elif match == MATCH_IPV6_DST_PFX:
522  if socket.has_ipv6:
523  addr = OpEN.open_inet_addr_t()
524  addr.addr.ipv6 = ipv6_to_int(conditions[0])
525  addr.family = socket.AF_INET6
526 
527  pfx = conditions[1]
528 
529  result = OpEN.openapiAclRuleMatchIpv6DstPfxAdd(self.m_client, acl_id, rule_id, addr, pfx)
530  print_bad_result(result, 'openapiAclRuleMatchIpv6DstPfxAdd')
531 
532  if result == OpEN.OPEN_E_NONE:
533  # Fetch newly created match for comparison
534  tmp_addr = OpEN.open_inet_addr_t()
535  tmp_pfx_p = OpEN.new_uint32_tp()
536 
537  result = OpEN.openapiAclRuleMatchIpv6DstPfxGet(self.m_client, acl_id, rule_id, tmp_addr, tmp_pfx_p)
538  print_bad_result(result, 'openapiAclRuleMatchIpv6DstPfxGet')
539  print_sanity_results(result, addr.addr.ipv6 == tmp_addr.addr.ipv6, 'create_match', match)
540  OpEN.delete_uint32_tp(tmp_pfx_p)
541 
542  elif match == MATCH_IPV6_SRC_PFX:
543  if socket.has_ipv6:
544  addr = OpEN.open_inet_addr_t()
545  addr.addr.ipv6 = ipv6_to_int(conditions[0])
546  addr.family = socket.AF_INET6
547 
548  pfx = conditions[1]
549 
550  result = OpEN.openapiAclRuleMatchIpv6SrcPfxAdd(self.m_client, acl_id, rule_id, dst_addr, pfx)
551  print_bad_result(result, 'openapiAclRuleMatchIpv6SrcPfxAdd')
552 
553  if result == OpEN.OPEN_E_NONE:
554  # Fetch newly created match for comparison
555  tmp_addr = OpEN.open_inet_addr_t()
556  tmp_pfx_p = OpEN.new_uint32_tp()
557 
558  result = OpEN.openapiAclRuleMatchIpv6SrcPfxGet(self.m_client, acl_id, rule_id, tmp_addr, tmp_pfx_p)
559  print_bad_result(result, 'openapiAclRuleMatchIpv6SrcPfxGet')
560  print_sanity_results(result, addr.addr.ipv6 == tmp_addr.addr.ipv6, 'create_match', match)
561  OpEN.delete_uint32_tp(tmp_pfx_p)
562 
563  elif match == MATCH_L4_DST_PORT:
564  oper = conditions[0]
565  start = conditions[1]
566  end = conditions[2]
567 
568  result = OpEN.openapiAclRuleMatchL4DstPortAdd(self.m_client, acl_id, rule_id, oper, start, end)
569  print_bad_result(result, 'openapiAclRuleMatchL4DstPortAdd')
570 
571  if result == OpEN.OPEN_E_NONE:
572  # Fetch newly created match for comparison
573  oper_p = OpEN.new_OPEN_ACL_L4_PORT_OPERATOR_tp()
574  start_p = OpEN.new_uint32_tp()
575  end_p = OpEN.new_uint32_tp()
576  result = OpEN.openapiAclRuleMatchL4DstPortGet(self.m_client, acl_id, rule_id, oper_p, start_p, end_p)
577  print_bad_result(result, 'openapiAclRuleMatchL4DstPortGet')
578  print_sanity_results(result, oper == OpEN.OPEN_ACL_L4_PORT_OPERATOR_tp_value(oper_p) and start == OpEN.uint32_tp_value(start_p), 'create_match', match)
579  OpEN.delete_OPEN_ACL_L4_PORT_OPERATOR_tp(oper_p)
580  OpEN.delete_uint32_tp(start_p)
581  OpEN.delete_uint32_tp(end_p)
582 
583  elif match == MATCH_L4_SRC_PORT:
584  oper = conditions[0]
585  start = conditions[1]
586  end = conditions[2]
587 
588  result = OpEN.openapiAclRuleMatchL4SrcPortAdd(self.m_client, acl_id, rule_id, oper, start, end)
589  print_bad_result(result, 'openapiAclRuleMatchL4SrcPortAdd')
590 
591  if result == OpEN.OPEN_E_NONE:
592  # Fetch newly created match for comparison
593  oper_p = OpEN.new_OPEN_ACL_L4_PORT_OPERATOR_tp()
594  start_p = OpEN.new_uint32_tp()
595  end_p = OpEN.new_uint32_tp()
596  result = OpEN.openapiAclRuleMatchL4SrcPortGet(self.m_client, acl_id, rule_id, oper_p, start_p, end_p)
597  print_bad_result(result, 'openapiAclRuleMatchL4SrcPortGet')
598  print_sanity_results(result, oper == OpEN.OPEN_ACL_L4_PORT_OPERATOR_tp_value(oper_p) and start == OpEN.uint32_tp_value(start_p), 'create_match', match)
599  OpEN.delete_OPEN_ACL_L4_PORT_OPERATOR_tp(oper_p)
600  OpEN.delete_uint32_tp(start_p)
601  OpEN.delete_uint32_tp(end_p)
602 
603  elif match == MATCH_LOGGING:
604  val = conditions[0]
605 
606  result = OpEN.openapiAclRuleMatchLoggingAdd(self.m_client, acl_id, rule_id, val)
607  print_bad_result(result, 'openapiAclRuleMatchLoggingAdd')
608 
609  if result == OpEN.OPEN_E_NONE:
610  # Fetch newly created match for comparison
611  val_p = OpEN.new_uint32_tp()
612  result = OpEN.openapiAclRuleMatchLoggingGet(self.m_client, acl_id, rule_id, val_p)
613  print_bad_result(result, 'openapiAclRuleMatchLoggingGet')
614  print_sanity_results(result, val == OpEN.uint32_tp_value(val_p), 'create_match', match)
615  OpEN.delete_uint32_tp(val_p)
616 
617  elif match == MATCH_MAC_DST_MASK:
618  # MAC ACLs only
619  mac = conditions[0]
620  mask = conditions[1]
621 
622  try:
623  mac_array = open_.getStringBuffer(len(mac) + 1, mac)
624  except OpENBufferSizeError:
625  print("create_match: getStringBuffer raised OpENBufferSizeError")
626  return
627  except TypeError:
628  print("create_match: getStringBuffer raised TypeError")
629  return
630  mac_buff = OpEN.open_buffdesc()
631  mac_buff.pstart = mac_array
632  mac_buff.size = len(mac)+1
633 
634  try:
635  mask_array = open_.getStringBuffer(len(mask) + 1, mask)
636  except OpENBufferSizeError:
637  print("create_match: getStringBuffer raised OpENBufferSizeError")
638  return
639  except TypeError:
640  print("create_match: getStringBuffer raised TypeError")
641  return
642  mask_buff = OpEN.open_buffdesc()
643  mask_buff.pstart = mask_array
644  mask_buff.size = len(mask)+1
645 
646  result = OpEN.openapiAclRuleMatchMacDstMacAdd(self.m_client, acl_id, rule_id, mac_buff, mask_buff)
647  print_bad_result(result, 'openapiAclRuleMatchMacDstMacAdd')
648 
649  if result == OpEN.OPEN_E_NONE:
650  # Fetch newly created rule for comparison
651  max_len = OpEN.OPENAPI_L7_MAC_ADDR_STRING_LEN + 1
652 
653  try:
654  tmp_mac_buff_string = open_.getStringBuffer(max_len)
655  except OpENBufferSizeError:
656  print("create_match: getStringBuffer raised OpENBufferSizeError")
657  return
658  except TypeError:
659  print("create_match: getStringBuffer raised TypeError")
660  return
661  tmpmac_buff = OpEN.open_buffdesc()
662  tmpmac_buff.pstart = tmp_mac_buff_string
663  tmpmac_buff.size = max_len
664 
665  try:
666  tmp_mask_buff_string = open_.getStringBuffer(max_len)
667  except OpENBufferSizeError:
668  print("create_match: getStringBuffer raised OpENBufferSizeError")
669  return
670  except TypeError:
671  print("create_match: getStringBuffer raised TypeError")
672  return
673  tmp_mask_buff = OpEN.open_buffdesc()
674  tmp_mask_buff.pstart = tmp_mask_buff_string
675  tmp_mask_buff.size = max_len
676 
677  result = OpEN.openapiAclRuleMatchMacDstMacGet(self.m_client, acl_id, rule_id, tmpmac_buff, tmp_mask_buff)
678  print_bad_result(result, 'openapiAclRuleMatchMacDstMacGet')
679  tmp_mac = tmp_mac_buff_string.cast()
680  tmp_mask = tmp_mask_buff_string.cast()
681  print_sanity_results(result, mac == tmp_mac and mask == tmp_mask, 'create_match', match)
682 
683  elif match == MATCH_MAC_SRC_MASK:
684  # MAC ACLs only
685  mac = conditions[0]
686  mask = conditions[1]
687 
688  try:
689  mac_array = open_.getStringBuffer(len(mac) + 1, mac)
690  except OpENBufferSizeError:
691  print("create_match: getStringBuffer raised OpENBufferSizeError")
692  return
693  except TypeError:
694  print("create_match: getStringBuffer raised TypeError")
695  return
696  mac_buff = OpEN.open_buffdesc()
697  mac_buff.pstart = mac_array
698  mac_buff.size = len(mac)+1
699 
700  try:
701  mask_array = open_.getStringBuffer(len(mask) + 1, mask)
702  except OpENBufferSizeError:
703  print("create_match: getStringBuffer raised OpENBufferSizeError")
704  return
705  except TypeError:
706  print("create_match: getStringBuffer raised TypeError")
707  return
708 
709  mask_buff = OpEN.open_buffdesc()
710  mask_buff.pstart = mask_array
711  mask_buff.size = len(mask)+1
712 
713  result = OpEN.openapiAclRuleMatchMacSrcMacAdd(self.m_client, acl_id, rule_id, mac_buff, mask_buff)
714  print_bad_result(result, 'openapiAclRuleMatchMacSrcMacAdd')
715 
716  if result == OpEN.OPEN_E_NONE:
717  # Fetch newly created rule for comparison
718  max_len = OpEN.OPENAPI_L7_MAC_ADDR_STRING_LEN + 1
719 
720  try:
721  tmp_mac_buff_string = open_.getStringBuffer(max_len)
722  except OpENBufferSizeError:
723  print("create_match: getStringBuffer raised OpENBufferSizeError")
724  return
725  except TypeError:
726  print("create_match: getStringBuffer raised TypeError")
727  return
728  tmpmac_buff = OpEN.open_buffdesc()
729  tmpmac_buff.pstart = tmp_mac_buff_string
730  tmpmac_buff.size = max_len
731 
732  try:
733  tmp_mask_buff_string = open_.getStringBuffer(max_len)
734  except OpENBufferSizeError:
735  print("create_match: getStringBuffer raised OpENBufferSizeError")
736  return
737  except TypeError:
738  print("create_match: getStringBuffer raised TypeError")
739  return
740  tmp_mask_buff = OpEN.open_buffdesc()
741  tmp_mask_buff.pstart = tmp_mask_buff_string
742  tmp_mask_buff.size = max_len
743 
744  result = OpEN.openapiAclRuleMatchMacSrcMacGet(self.m_client, acl_id, rule_id, tmpmac_buff, tmp_mask_buff)
745  print_bad_result(result, 'openapiAclRuleMatchMacSrcMacGet')
746  tmp_mac = tmp_mac_buff_string.cast()
747  tmp_mask = tmp_mask_buff_string.cast()
748  print_sanity_results(result, mac == tmp_mac and mask == tmp_mask, 'create_match', match)
749 
750  elif match == MATCH_PACKET_MIRRORING:
751  if len(conditions) == 1:
752  # Use interface if supplied
753  val = conditions[0]
754  else:
755  # Else retrieve first available physical interface for demonstration
756  val_p = OpEN.new_uint32_tp()
757  OpEN.openapiIfFirstGet(self.m_client, OpEN.OPEN_INTF_TYPE_PHY, val_p)
758  val = OpEN.uint32_tp_value(val_p)
759  OpEN.delete_uint32_tp(val_p)
760 
761  result = OpEN.openapiAclRuleMatchMirrorAdd(self.m_client, acl_id, rule_id, val)
762  print_bad_result(result, 'openapiAclRuleMatchMirrorAdd')
763 
764  if result == OpEN.OPEN_E_NONE:
765  # Fetch newly created match for comparison
766  val_p = OpEN.new_uint32_tp()
767  result = OpEN.openapiAclRuleMatchMirrorGet(self.m_client, acl_id, rule_id, val_p)
768  print_bad_result(result, 'openapiAclRuleMatchMirrorGet')
769  print_sanity_results(result, val == OpEN.uint32_tp_value(val_p), 'create_match', match)
770  OpEN.delete_uint32_tp(val_p)
771 
772  elif match == MATCH_PACKET_REDIRECTION:
773 
774  if len(conditions) == 1:
775  # Use interface if supplied
776  val = conditions[0]
777  else:
778  # Else retrieve first available physical interface for demonstration
779  val_p = OpEN.new_uint32_tp()
780  OpEN.openapiIfFirstGet(self.m_client, OpEN.OPEN_INTF_TYPE_PHY, val_p)
781  val = OpEN.uint32_tp_value(val_p)
782  OpEN.delete_uint32_tp(val_p)
783 
784  result = OpEN.openapiAclRuleMatchRedirectAdd(self.m_client, acl_id, rule_id, val)
785  print_bad_result(result, 'openapiAclRuleMatchRedirectAdd')
786 
787  if result == OpEN.OPEN_E_NONE:
788  # Fetch newly created match for comparison
789  val_p = OpEN.new_uint32_tp()
790  result = OpEN.openapiAclRuleMatchRedirectGet(self.m_client, acl_id, rule_id, val_p)
791  print_bad_result(result, 'openapiAclRuleMatchRedirectGet')
792  print_sanity_results(result, val == OpEN.uint32_tp_value(val_p), 'create_match', match)
793  OpEN.delete_uint32_tp(val_p)
794 
795  elif match == MATCH_PRECEDENCE:
796  val = conditions[0]
797 
798  result = OpEN.openapiAclRuleMatchPrecedenceAdd(self.m_client, acl_id, rule_id, val)
799  print_bad_result(result, 'openapiAclRuleMatchPrecedenceAdd')
800 
801  if result == OpEN.OPEN_E_NONE:
802  # Fetch newly created match for comparison
803  val_p = OpEN.new_uint32_tp()
804  result = OpEN.openapiAclRuleMatchPrecedenceGet(self.m_client, acl_id, rule_id, val_p)
805  print_bad_result(result, 'openapiAclRuleMatchPrecedenceGet')
806  print_sanity_results(result, val == OpEN.uint32_tp_value(val_p), 'create_match', match)
807  OpEN.delete_uint32_tp(val_p)
808 
809  elif match == MATCH_PROTOCOL:
810  val = conditions[0]
811 
812  result = OpEN.openapiAclRuleMatchProtocolAdd(self.m_client, acl_id, rule_id, val)
813  print_bad_result(result, 'openapiAclRuleMatchProtocolAdd')
814 
815  if result == OpEN.OPEN_E_NONE:
816  # Fetch newly created match for comparison
817  val_p = OpEN.new_uint32_tp()
818  result = OpEN.openapiAclRuleMatchProtocolGet(self.m_client, acl_id, rule_id, val_p)
819  print_bad_result(result, 'openapiAclRuleMatchProtocolGet')
820  print_sanity_results(result, val == OpEN.uint32_tp_value(val_p), 'create_match', match)
821  OpEN.delete_uint32_tp(val_p)
822 
823  elif match == MATCH_RATE_LIMIT:
824  val1 = conditions[0]
825  val2 = conditions[1]
826 
827  result = OpEN.openapiAclRuleMatchRateLimitAdd(self.m_client, acl_id, rule_id, val1, val2)
828  print_bad_result(result, 'openapiAclRuleMatchRateLimitAdd')
829 
830  if result == OpEN.OPEN_E_NONE:
831  # Fetch newly created rule for comparison
832  val1_p = OpEN.new_uint32_tp()
833  val2_p = OpEN.new_uint32_tp()
834  result = OpEN.openapiAclRuleMatchRateLimitGet(self.m_client, acl_id, rule_id, val1_p, val2_p)
835  print_bad_result(result, 'openapiAclRuleMatchRateLimitGet')
836  print_sanity_results(result, val1 == OpEN.uint32_tp_value(val1_p) and val2 == OpEN.uint32_tp_value(val2_p), 'create_match', match)
837  OpEN.delete_uint32_tp(val1_p)
838  OpEN.delete_uint32_tp(val2_p)
839 
840  elif match == MATCH_REDIRECT_AGENT:
841  val = conditions[0]
842 
843  result = OpEN.openapiAclRuleMatchRedirectAgentAdd(self.m_client, acl_id, rule_id, val)
844  print_bad_result(result, 'openapiAclRuleMatchRedirectAgentAdd')
845 
846  if result == OpEN.OPEN_E_NONE:
847  # Fetch newly created match for comparison
848  val_p = OpEN.new_uint32_tp()
849  result = OpEN.openapiAclRuleMatchRedirectAgentGet(self.m_client, acl_id, rule_id, val_p)
850  print_bad_result(result, 'openapiAclRuleMatchRedirectAgentGet')
851  print_sanity_results(result, val == OpEN.uint32_tp_value(val_p), 'create_match', match)
852  OpEN.delete_uint32_tp(val_p)
853 
854  elif match == MATCH_ROUTING_FLAG:
855  # IPv6 ACLs only
856  val = conditions[0]
857 
858  result = OpEN.openapiAclRuleMatchRoutingAdd(self.m_client, acl_id, rule_id, val)
859  print_bad_result(result, 'openapiAclRuleMatchRoutingAdd')
860 
861  if result == OpEN.OPEN_E_NONE:
862  # Fetch newly created match for comparison
863  val_p = OpEN.new_bool_tp()
864  result = OpEN.openapiAclRuleMatchRoutingGet(self.m_client, acl_id, rule_id, val_p)
865  print_bad_result(result, 'openapiAclRuleMatchRoutingGet')
866  print_sanity_results(result, val == OpEN.bool_tp_value(val_p), 'create_match', match)
867  OpEN.delete_bool_tp(val_p)
868 
869  elif match == MATCH_TCP_FLAGS:
870  flag_val = 0
871  flag_mask = 0
872 
873  if version_info >= (3,0,0):
874  for idx in range(0, len(conditions)) :
875  flag_val |= (True << conditions[idx])
876  flag_mask |= (True << conditions[idx])
877  else:
878  for idx in xrange(0, len(conditions)) :
879  flag_val |= (True << conditions[idx])
880  flag_mask |= (True << conditions[idx])
881 
882  result = OpEN.openapiAclRuleMatchTcpFlagsAdd(self.m_client, acl_id, rule_id, flag_val, flag_mask)
883  print_bad_result(result, 'openapiAclRuleMatchTcpFlagsAdd')
884 
885  if result == OpEN.OPEN_E_NONE:
886  # Fetch newly created match for comparison
887  flag_val_p = OpEN.new_uint32_tp()
888  flag_mask_p = OpEN.new_uint32_tp()
889  result = OpEN.openapiAclRuleMatchTcpFlagsGet(self.m_client, acl_id, rule_id, flag_val_p, flag_mask_p)
890  print_bad_result(result, 'openapiAclRuleMatchTcpFlagsGet')
891  print_sanity_results(result, flag_val == OpEN.uint32_tp_value(flag_val_p), 'create_match', match)
892  OpEN.delete_uint32_tp(flag_val_p)
893  OpEN.delete_uint32_tp(flag_mask_p)
894 
895  elif match == MATCH_TIME_BASED:
896  time_name = conditions[0]
897 
898  try:
899  name_array = open_.getStringBuffer(len(time_name) + 1, time_name)
900  except OpENBufferSizeError:
901  print("create_match: getStringBuffer raised OpENBufferSizeError")
902  return
903  except TypeError:
904  print("create_match: getStringBuffer raised TypeError")
905  return
906  name_buff = OpEN.open_buffdesc()
907  name_buff.pstart = name_array
908  name_buff.size = len(time_name)+1
909 
910  result = OpEN.openapiAclRuleMatchTimeRangeAdd(self.m_client, acl_id, rule_id, name_buff)
911  print_bad_result(result, 'openapiAclRuleMatchTimeRangeAdd')
912 
913  if result == OpEN.OPEN_E_NONE:
914  # Fetch newly created rule for comparison
915  max_len = OpEN.OPENAPI_TIME_RANGE_NAME_LEN_MAX + 1
916 
917  try:
918  tmp_name_string = open_.getStringBuffer(max_len)
919  except OpENBufferSizeError:
920  print("create_match: getStringBuffer raised OpENBufferSizeError")
921  return
922  except TypeError:
923  print("create_match: getStringBuffer raised TypeError")
924  return
925  tmp_name_buff = OpEN.open_buffdesc()
926  tmp_name_buff.pstart = tmp_name_string
927  tmp_name_buff.size = max_len
928 
929  result = OpEN.openapiAclRuleMatchTimeRangeGet(self.m_client, acl_id, rule_id, tmp_name_buff)
930  print_bad_result(result, 'openapiAclRuleMatchTimeRangeGet')
931  tmp_time_name = tmp_name_string.cast()
932  print_sanity_results(result, time_name == tmp_time_name, 'create_match', match)
933 
934  if result == OpEN.OPEN_E_NONE:
935  status_p = OpEN.new_OPEN_ACL_RULE_STATUS_tp()
936  result = OpEN.openapiAclRuleMatchTimeRangeStatusGet(self.m_client, acl_id, rule_id, status_p)
937  print_bad_result(result, 'openapiAclRuleMatchTimeRangeStatusGet')
938  print_sanity_results(result, True, 'create_match', match+' status')
939  OpEN.delete_OPEN_ACL_RULE_STATUS_tp(status_p)
940 
941  elif match == MATCH_TOS:
942  tos_val = conditions[0]
943  tos_mask = conditions[1]
944 
945  try:
946  tos_val_array = open_.getStringBuffer(len(tos_val) + 1, tos_val)
947  except OpENBufferSizeError:
948  print("create_match: getStringBuffer raised OpENBufferSizeError")
949  return
950  except TypeError:
951  print("create_match: getStringBuffer raised TypeError")
952  return
953  tos_val_buff = OpEN.open_buffdesc()
954  tos_val_buff.pstart = tos_val_array
955  tos_val_buff.size = len(tos_val) + 1
956 
957  try:
958  tos_mask_array = open_.getStringBuffer(len(tos_mask) + 1, tos_mask)
959  except OpENBufferSizeError:
960  print("create_match: getStringBuffer raised OpENBufferSizeError")
961  return
962  except TypeError:
963  print("create_match: getStringBuffer raised TypeError")
964  return
965  tos_mask_buff = OpEN.open_buffdesc()
966  tos_mask_buff.pstart = tos_mask_array
967  tos_mask_buff.size = len(tos_mask) + 1
968 
969  result = OpEN.openapiAclRuleMatchTosAdd(self.m_client, acl_id, rule_id, tos_val_buff, tos_mask_buff)
970  print_bad_result(result, 'openapiAclRuleMatchTosAdd')
971 
972  if result == OpEN.OPEN_E_NONE:
973  # Fetch newly created rule for comparison
974  max_len = 32
975 
976  try:
977  tmp_tos_buffstring = open_.getStringBuffer(max_len)
978  except OpENBufferSizeError:
979  print("create_match: getStringBuffer raised OpENBufferSizeError")
980  return
981  except TypeError:
982  print("create_match: getStringBuffer raised TypeError")
983  return
984  tmp_tos_buff = OpEN.open_buffdesc()
985  tmp_tos_buff.pstart = tmp_tos_buffstring
986  tmp_tos_buff.size = max_len
987 
988  try:
989  tmp_mask_buff_string = open_.getStringBuffer(max_len)
990  except OpENBufferSizeError:
991  print("create_match: getStringBuffer raised OpENBufferSizeError")
992  return
993  except TypeError:
994  print("create_match: getStringBuffer raised TypeError")
995  return
996  tmp_mask_buff = OpEN.open_buffdesc()
997  tmp_mask_buff.pstart = tmp_mask_buff_string
998  tmp_mask_buff.size = max_len
999 
1000  result = OpEN.openapiAclRuleMatchTosGet(self.m_client, acl_id, rule_id, tmp_tos_buff, tmp_mask_buff)
1001  print_bad_result(result, 'openapiAclRuleMatchTosGet')
1002  tmp_tos_val = tmp_tos_buffstring.cast()
1003  tmp_tos_mask = tmp_mask_buff_string.cast()
1004  print_sanity_results(result, tos_val == tmp_tos_val and tos_mask == tmp_tos_mask, 'create_match', match)
1005 
1006  elif match == MATCH_VLAN:
1007  # MAC ACLs only
1008  oper = conditions[0]
1009  start = conditions[1]
1010  end = conditions[2]
1011 
1012  result = OpEN.openapiAclRuleMatchMacVlanAdd(self.m_client, acl_id, rule_id, oper, start, end)
1013  print_bad_result(result, 'openapiAclRuleMatchMacVlanAdd')
1014 
1015  if result == OpEN.OPEN_E_NONE:
1016  # Fetch newly created match for comparison
1017  oper_p = OpEN.new_OPEN_ACL_VLAN_OPERATOR_tp()
1018  start_p = OpEN.new_uint32_tp()
1019  end_p = OpEN.new_uint32_tp()
1020  result = OpEN.openapiAclRuleMatchMacVlanGet(self.m_client, acl_id, rule_id, oper_p, start_p, end_p)
1021  print_bad_result(result, 'openapiAclRuleMatchMacVlanGet')
1022  print_sanity_results(result, oper == OpEN.OPEN_ACL_L4_PORT_OPERATOR_tp_value(oper_p) and start == OpEN.uint32_tp_value(start_p), 'create_match', match)
1023  OpEN.delete_OPEN_ACL_VLAN_OPERATOR_tp(oper_p)
1024  OpEN.delete_uint32_tp(start_p)
1025  OpEN.delete_uint32_tp(end_p)
1026 
1027  elif match == MATCH_VLAN2:
1028  # MAC ACLs only
1029  oper = conditions[0]
1030  start = conditions[1]
1031  end = conditions[2]
1032 
1033  result = OpEN.openapiAclRuleMatchMacSecondaryVlanAdd(self.m_client, acl_id, rule_id, oper, start, end)
1034  print_bad_result(result, 'openapiAclRuleMatchMacSecondaryVlanAdd')
1035 
1036  if result == OpEN.OPEN_E_NONE:
1037  # Fetch newly created match for comparison
1038  oper_p = OpEN.new_OPEN_ACL_VLAN_OPERATOR_tp()
1039  start_p = OpEN.new_uint32_tp()
1040  end_p = OpEN.new_uint32_tp()
1041  result = OpEN.openapiAclRuleMatchMacSecondaryVlanGet(self.m_client, acl_id, rule_id, oper_p, start_p, end_p)
1042  print_bad_result(result, 'openapiAclRuleMatchMacSecondaryVlanGet')
1043  print_sanity_results(result, oper == OpEN.OPEN_ACL_L4_PORT_OPERATOR_tp_value(oper_p) and start == OpEN.uint32_tp_value(start_p), 'create_match', match)
1044  OpEN.delete_OPEN_ACL_VLAN_OPERATOR_tp(oper_p)
1045  OpEN.delete_uint32_tp(start_p)
1046  OpEN.delete_uint32_tp(end_p)
1047 
1048  def test_acl_creation(self, acls):
1049  """Parse through the acls list and call acl functions based on keys"""
1050  acl_id = 0
1051  rule_id = 0
1052 
1053  for acl in acls:
1054  for key, val in acl.items():
1055  if key == ACL:
1056  acl_id = self.create_acl(val[0], val[1], True)
1057  elif key == RULE:
1058  rule_id = self.create_rule(acl_id, rule_id, val)
1059  else:
1060  self.create_match(acl_id, rule_id, key, val)
1061 
1062  def test_acl_retrieval(self):
1063  """Perform some generic ACL retrieval and iteration tests."""
1064  acl_p = OpEN.new_uint32_tp()
1065  acl_type = OpEN.OPEN_ACL_TYPE_IP
1066 
1067  # Get first named IP ACL created in the system
1068  result = OpEN.openapiAclGetFirst(self.m_client, acl_type, acl_p)
1069  print_bad_result(result, "openapiAclGetFirst - IP ACL")
1070  print_sanity_results(result, (OpEN.uint32_tp_value(acl_p)>0), "openapiAclGetFirst", "IP ACL")
1071 
1072  # Create temporary ACL for iteration purposes
1073  tmp_acl = self.create_acl("another_test_ip", acl_type, True)
1074 
1075  # Start from the beginning and iterate through the available named ACL type
1076  if (tmp_acl>0):
1077  tmp_acl = 0
1078  while OpEN.openapiAclGetNext(self.m_client, acl_type, tmp_acl, acl_p) == OpEN.OPEN_E_NONE:
1079  tmp_acl = OpEN.uint32_tp_value(acl_p)
1080  print_sanity_results(OpEN.OPEN_E_NONE, (tmp_acl>0), "openapiAclGetNext", "temporary")
1081 
1082  # Remove temporary ACL
1083  if (tmp_acl>0):
1084  result = OpEN.openapiAclDelete(self.m_client, tmp_acl)
1085  print_sanity_results(result, True, "openapiAclDelete", "temporary")
1086 
1087  OpEN.delete_uint32_tp(acl_p)
1088 
1089  def test_acl_rename(self, acls):
1090  """Rename an ACL and verify."""
1091 
1092  for val in acls:
1093  acl_type = val[0]
1094  name = val[1]
1095  new_name = val[2]
1096 
1097  acl_p = OpEN.new_uint32_tp()
1098 
1099  try:
1100  name_string = open_.getStringBuffer(len(name) + 1, name)
1101  except OpENBufferSizeError:
1102  print("test_acl_rename: getStringBuffer raised OpENBufferSizeError")
1103  return
1104  except TypeError:
1105  print("test_acl_rename: getStringBuffer raised TypeError")
1106  return
1107  name_buff = OpEN.open_buffdesc()
1108  name_buff.pstart = name_string
1109  name_buff.size = len(name)+1
1110 
1111  try:
1112  name_get_string = open_.getStringBuffer(OpEN.OPENAPI_ACL_NAME_LEN_MAX + 1)
1113  except OpENBufferSizeError:
1114  print("test_acl_rename: getStringBuffer raised OpENBufferSizeError")
1115  return
1116  except TypeError:
1117  print("test_acl_rename: getStringBuffer raised TypeError")
1118  return
1119  name_get_buff = OpEN.open_buffdesc()
1120  name_get_buff.pstart = name_get_string
1121  name_get_buff.size = OpEN.OPENAPI_ACL_NAME_LEN_MAX + 1
1122 
1123  try:
1124  new_name_string = open_.getStringBuffer(len(new_name) + 1, new_name)
1125  except OpENBufferSizeError:
1126  print("test_acl_rename: getStringBuffer raised OpENBufferSizeError")
1127  return
1128  except TypeError:
1129  print("test_acl_rename: getStringBuffer raised TypeError")
1130  return
1131  newname_buff = OpEN.open_buffdesc()
1132  newname_buff.pstart = new_name_string
1133  newname_buff.size = len(new_name)+1
1134 
1135  result = OpEN.openapiAclGet(self.m_client, acl_type, name_buff, acl_p)
1136  tmp_acl = OpEN.uint32_tp_value(acl_p)
1137  print_bad_result(result, "openapiAclGet - IP ACL")
1138 
1139  if (result == OpEN.OPEN_E_NONE):
1140  result = OpEN.openapiAclNameGet(self.m_client, tmp_acl, name_get_buff)
1141  print_bad_result(result, "openapiAclNameGet - IP ACL")
1142 
1143  if (result == OpEN.OPEN_E_NONE):
1144  result = OpEN.openapiAclRename(self.m_client, tmp_acl, newname_buff)
1145  print_bad_result(result, "openapiAclRename - IP ACL")
1146  print_sanity_results(result, (tmp_acl>0), "openapiAclRename", new_name_string.cast())
1147 
1148  OpEN.delete_uint32_tp(acl_p)
1149 
1150  def test_acl_traffic_filter_create(self, interfaces):
1151  """Parse through the interfaces list and call traffic filter functions based on keys"""
1152 
1153  for interface in interfaces:
1154  for key, val in interface.items():
1155  acl_p = OpEN.new_uint32_tp()
1156 
1157  type_ = val[0]
1158  name = val[1]
1159  intf = val[2]
1160  dir_ = val[3]
1161  seq = val[4]
1162 
1163  try:
1164  name_string = open_.getStringBuffer(len(name) + 1, name)
1165  except OpENBufferSizeError:
1166  print("test_acl_traffic_filter_create: getStringBuffer raised OpENBufferSizeError")
1167  return
1168  except TypeError:
1169  print("test_acl_traffic_filter_create: getStringBuffer raised TypeError")
1170  return
1171  name_buff = OpEN.open_buffdesc()
1172  name_buff.pstart = name_string
1173  name_buff.size = len(name)+1
1174 
1175  result = OpEN.openapiAclGet(self.m_client, type_, name_buff, acl_p)
1176  print_bad_result(result, "openapiAclGet - IP ACL")
1177 
1178  if result == OpEN.OPEN_E_NONE:
1179  acl = OpEN.uint32_tp_value(acl_p)
1180  if key == INTF:
1181  result = OpEN.openapiAclIntfDirAdd(self.m_client, intf, dir_, acl, seq)
1182  disp = "ACL:%s INTF:%d dir:%d seq:%d" % (name_string.cast(), intf, dir_, seq)
1183  print_sanity_results(result, True, "openapiAclIntfDirAdd", disp)
1184  elif key == VLAN:
1185  result = OpEN.openapiAclVlanDirAdd(self.m_client, intf, dir_, acl, seq)
1186  disp = "ACL:%s VLAN:%d dir:%d seq:%d" % (name_string.cast(), intf, dir_, seq)
1187  print_sanity_results(result, True, "openapiAclVlanDirAdd", disp)
1188 
1189  OpEN.delete_uint32_tp(acl_p)
1190 
1191  def test_acl_traffic_filter_delete(self, interfaces):
1192  """Parse through the interfaces list and call traffic filter functions based on keys"""
1193 
1194  for interface in interfaces:
1195  for key, val in interface.items():
1196  acl_p = OpEN.new_uint32_tp()
1197 
1198  type_ = val[0]
1199  name = val[1]
1200  intf = val[2]
1201  dir_ = val[3]
1202 
1203  try:
1204  name_string = open_.getStringBuffer(len(name) + 1, name)
1205  except OpENBufferSizeError:
1206  print("test_acl_traffic_filter_create: getStringBuffer raised OpENBufferSizeError")
1207  return
1208  except TypeError:
1209  print("test_acl_traffic_filter_create: getStringBuffer raised TypeError")
1210  return
1211  name_buff = OpEN.open_buffdesc()
1212  name_buff.pstart = name_string
1213  name_buff.size = len(name)+1
1214 
1215  result = OpEN.openapiAclGet(self.m_client, type_, name_buff, acl_p)
1216  print_bad_result(result, "openapiAclGet - IP ACL")
1217 
1218  if result == OpEN.OPEN_E_NONE:
1219  acl = OpEN.uint32_tp_value(acl_p)
1220  if key == INTF:
1221  result = OpEN.openapiAclIntfDirDelete(self.m_client, intf, dir_, acl)
1222  disp = "ACL:%s INTF:%d dir:%d" % (name_string.cast(), intf, dir_)
1223  print_sanity_results(result, True, "openapiAclIntfDirDelete", disp)
1224  elif key == VLAN:
1225  result = OpEN.openapiAclVlanDirDelete(self.m_client, intf, dir_, acl)
1226  disp = "ACL:%s VLAN:%d dir:%d" % (name_string.cast(), intf, dir_)
1227  print_sanity_results(result, True, "openapiAclVlanDirDelete", disp)
1228 
1229  OpEN.delete_uint32_tp(acl_p)
1230 
1231  def test_acl_route_filter(self, acl_type, name):
1232  """Apply an ACL as a route filter."""
1233 
1234  try:
1235  name_string = open_.getStringBuffer(len(name) + 1, name)
1236  except OpENBufferSizeError:
1237  print("test_acl_route_filter: getStringBuffer raised OpENBufferSizeError")
1238  return
1239  except TypeError:
1240  print("test_acl_route_filter: getStringBuffer raised TypeError")
1241  return
1242  name_buff = OpEN.open_buffdesc()
1243  name_buff.pstart = name_string
1244  name_buff.size = len(name)+1
1245 
1246  acl_p = OpEN.new_uint32_tp()
1247 
1248  result = OpEN.openapiAclGet(self.m_client, acl_type, name_buff, acl_p)
1249  print_bad_result(result, "openapiAclGet - IP ACL")
1250 
1251  if result == OpEN.OPEN_E_NONE:
1252  acl = OpEN.uint32_tp_value(acl_p)
1253  action_p = OpEN.new_OPEN_ACL_ACTION_tp()
1254  action_p = OpEN.copy_OPEN_ACL_ACTION_tp(OpEN.OPEN_ACL_DENY)
1255 
1256  routePrefix = socket.ntohl(ip_to_int('10.10.10.1'))
1257  routeMask = socket.ntohl(ip_to_int('255.0.0.0'))
1258 
1259  result = OpEN.openapiAclRouteFilter(self.m_client, acl, routePrefix, routeMask, action_p);
1260  print_sanity_results(result, OpEN.OPEN_ACL_PERMIT == OpEN.OPEN_ACL_ACTION_tp_value(action_p), "openapiAclRouteFilter", "permit")
1261 
1262  OpEN.delete_uint32_tp(acl_p)
1263  OpEN.delete_OPEN_ACL_ACTION_tp(action_p)
1264 
1265  def show_interface_summary(self, dir_):
1266  """Iterate and display interfaces that are inuse with matching direction"""
1267 
1268  print ("\nACL interface direction assignments")
1269  print ("Interface Direction")
1270  print ("--------- ---------")
1271 
1272  intf = 0
1273  intf_p = OpEN.new_uint32_tp()
1274  dir_p = OpEN.new_OPEN_ACL_DIRECTION_tp()
1275  inuse_p = OpEN.new_OPEN_CONTROL_tp()
1276 
1277  while OpEN.openapiAclIntfDirGetNext(self.m_client, intf, dir_, intf_p, dir_p) == OpEN.OPEN_E_NONE:
1278  # Capture all the interfaces with ACL assignments
1279  if OpEN.openapiAclIsIntfInUse(self.m_client, intf, dir_, inuse_p) == OpEN.OPEN_E_NONE:
1280  if OpEN.OPEN_CONTROL_tp_value(inuse_p) == OpEN.OPEN_ENABLE:
1281  print ("%9d " % (intf, 'Inbound' if dir_ == OpEN.OPEN_ACL_INBOUND_ACL else 'Outbound'))
1282  dir_ = OpEN.OPEN_ACL_DIRECTION_tp_value(dir_p)
1283  intf = OpEN.uint32_tp_value(intf_p)
1284 
1285  OpEN.delete_uint32_tp(intf_p)
1286  OpEN.delete_OPEN_ACL_DIRECTION_tp(dir_p)
1287  OpEN.delete_OPEN_CONTROL_tp(inuse_p)
1288 
1289  def show_interface_details(self, type_, intf, dir_):
1290  """Retrieve a list of ACLs for the given interface and direction and display its contents"""
1291 
1292  if type_ == VLAN:
1293  list_info = OpEN.OPEN_ACL_VLAN_DIR_LIST_t()
1294  result = OpEN.openapiAclVlanDirListGet(self.m_client, intf, dir_, list_info)
1295  print_bad_result(result, "openapiAclVlanDirListGet")
1296  print ("\nACL VLAN %d, %s details" % (intf, 'Inbound' if dir_ == OpEN.OPEN_ACL_INBOUND_ACL else 'Outbound'))
1297  print ("ACL id Type Seq Num")
1298  print ("------ ---- -------")
1299  for idx in range(list_info.count):
1300  info = OpEN.OPEN_ACL_VLAN_LIST_INFO_tArray_getitem(list_info.listEntry, idx)
1301  print ("%6d %4d %7d" % (info.aclId, info.aclType, info.seqNum))
1302  else:
1303  list_info = OpEN.OPEN_ACL_INTF_DIR_LIST_t()
1304  result = OpEN.openapiAclIntfDirListGet(self.m_client, intf, dir_, list_info)
1305  print_bad_result(result, "openapiAclIntfDirListGet")
1306  print ("\nACL Interface %d, %s details" % (intf, 'Inbound' if dir_ == OpEN.OPEN_ACL_INBOUND_ACL else 'Outbound'))
1307  print ("ACL id Type Seq Num")
1308  print ("------ ---- -------")
1309  for idx in range(list_info.count):
1310  info = OpEN.OPEN_ACL_INTF_LIST_INFO_tArray_getitem(list_info.listEntry, idx)
1311  print ("%6d %4d %7d" % (info.aclId, info.aclType, info.seqNum))
1312 
1313  def show_acl_details(self, interface_type, acl_type, name, dir_):
1314  """Retrieve a list of ACLs for the given acl name and direction and display its contents"""
1315 
1316  try:
1317  name_string = open_.getStringBuffer(len(name) + 1, name)
1318  except OpENBufferSizeError:
1319  print("show_acl_details: getStringBuffer raised OpENBufferSizeError")
1320  return
1321  except TypeError:
1322  print("show_acl_details: getStringBuffer raised TypeError")
1323  return
1324  name_buff = OpEN.open_buffdesc()
1325  name_buff.pstart = name_string
1326  name_buff.size = len(name)+1
1327 
1328  acl_p = OpEN.new_uint32_tp()
1329 
1330  result = OpEN.openapiAclGet(self.m_client, acl_type, name_buff, acl_p)
1331  acl = OpEN.uint32_tp_value(acl_p)
1332  print_bad_result(result, "openapiAclGet - IP ACL")
1333 
1334  if interface_type == VLAN:
1335  list_info = OpEN.OPEN_ACL_ASSIGNED_VLAN_LIST_t()
1336  result = OpEN.openapiAclAssignedVlanDirListGet(self.m_client, acl, dir_, list_info)
1337  print_bad_result(result, "openapiAclAssignedVlanDirListGet")
1338  print ("\nACL %s, %s VLANs" % (name_string.cast(), 'Inbound' if dir_ == OpEN.OPEN_ACL_INBOUND_ACL else 'Outbound'))
1339  if result == OpEN.OPEN_E_NONE:
1340  print ("Interface")
1341  print ("---------")
1342  for idx in range(list_info.count):
1343  print ("%d" % (OpEN.uint32_tArray_getitem(list_info.vlan, idx)))
1344  else:
1345  list_info = OpEN.OPEN_ACL_ASSIGNED_INTF_LIST_t()
1346  result = OpEN.openapiAclAssignedIntfDirListGet(self.m_client, acl, dir_, list_info)
1347  print_bad_result(result, "openapiAclAssignedIntfDirListGet")
1348  print '\nACL %s, %s Interfaces' % (name_string.cast(), 'Inbound' if dir_ == OpEN.OPEN_ACL_INBOUND_ACL else 'Outbound')
1349  if result == OpEN.OPEN_E_NONE:
1350  print 'Interface'
1351  print '---------'
1352  for idx in range(list_info.count):
1353  print ("%d" % (OpEN.uint32_tArray_getitem(list_info.intf, idx)))
1354 
1355  OpEN.delete_uint32_tp(acl_p)
1356 
1357  def show_summary(self):
1358  """Retrieve and display miscellaneous info"""
1359 
1360  val_p = OpEN.new_uint32_tp()
1361 
1362  print()
1363 
1364  result = OpEN.openapiCpuIntfGet(self.m_client, val_p)
1365  print_bad_result(result, "openapiCpuIntfGet")
1366  string = "CPU Control Plane Interface ... %d" % OpEN.uint32_tp_value(val_p)
1367  print_sanity_results(result, (1 == 1), "openapiCpuIntfGet", string)
1368 
1369  result = OpEN.openapiAclMaxAclIntfCountGet(self.m_client, val_p)
1370  print_bad_result(result, "openapiAclMaxAclIntfCountGet")
1371  string = "Number of allowed ACL Interfaces ... %d" % OpEN.uint32_tp_value(val_p)
1372  print_sanity_results(result, (1 == 1), "openapiAclMaxAclIntfCountGet", string)
1373 
1374  result = OpEN.openapiAclMaxAclVlanCountGet(self.m_client, val_p)
1375  print_bad_result(result, "openapiAclMaxAclVlanCountGet")
1376  string = "Number of allowed ACL VLANs ... %d" % OpEN.uint32_tp_value(val_p)
1377  print_sanity_results(result, (1 == 1), "openapiAclMaxAclVlanCountGet", string)
1378 
1379  result = OpEN.openapiAclCountGet(self.m_client, val_p)
1380  print_bad_result(result, "openapiAclCountGet")
1381  string = "Total number of configured ACLs ... %d" % OpEN.uint32_tp_value(val_p)
1382  print_sanity_results(result, (1 == 1), "openapiAclCountGet", string)
1383 
1384  result = OpEN.openapiAclMacCountGet(self.m_client, val_p)
1385  print_bad_result(result, "openapiAclMacCountGet")
1386  string = "Number of configured MAC ACLs ... %d" % OpEN.uint32_tp_value(val_p)
1387  print_sanity_results(result, (1 == 1), "openapiAclMacCountGet", string)
1388 
1389  OpEN.delete_uint32_tp(val_p)
1390 
1391 def main():
1392  """Demonstrate OpEN usage for ACL APIs"""
1393 
1394  ret = open_.connect("acl_example")
1395  if ret == OpEN.OPEN_E_NONE :
1396  open_.getNetworkOSVersion()
1397  client = open_.get_client()
1398  example = AclExample(client)
1399  example.test_acl_creation(ACL_LIST)
1400  example.test_acl_retrieval()
1401  example.test_acl_rename(ACL_RENAME_LIST)
1402  example.test_acl_traffic_filter_create(INTERFACE_CREATE_LIST)
1403  example.test_acl_traffic_filter_delete(INTERFACE_DELETE_LIST)
1404  example.test_acl_route_filter(OpEN.OPEN_ACL_TYPE_IP, 'test_ip_renamed')
1405  example.show_interface_summary(OpEN.OPEN_ACL_INBOUND_ACL)
1406  example.show_interface_details(INTF, 1, OpEN.OPEN_ACL_INBOUND_ACL)
1407  example.show_interface_details(VLAN, 6, OpEN.OPEN_ACL_INBOUND_ACL)
1408  example.show_acl_details(INTF, OpEN.OPEN_ACL_TYPE_IP, 'test_ip_renamed', OpEN.OPEN_ACL_INBOUND_ACL)
1409  example.show_acl_details(VLAN, OpEN.OPEN_ACL_TYPE_IP, 'test_ip_renamed', OpEN.OPEN_ACL_INBOUND_ACL)
1410  example.show_summary()
1411  open_.terminate()
1412  else :
1413  print ("Unable to connect")
1414 
1415 if __name__ == '__main__': main()
1416