Issues in flow.py - All Issues - Inspection of "add pdb for decode" - Exa-Networks/exabgp - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 229cac...232edf )

by Thomas

created 2020-05-16 18:54 UTC

lib/exabgp/application/flow.py (4 issues)

Labels

Severity

Minor 4

#!/usr/bin/python
"""
flow.py

Created by Thomas Mangin on 2017-07-06.
Copyright (c) 2009-2017 Exa Networks. All rights reserved.
License: 3-clause BSD. (See the COPYRIGHT file)
"""

# based on the blog at: http://blog.sflow.com/2017/07/bgp-flowspec-on-white-box-switch.html

import os
import sys
import json
import re
import subprocess
import signal


class ACL(object):
    dry = os.environ.get('CUMULUS_FLOW_RIB', False)


    path = '/etc/cumulus/acl/policy.d/'
    priority = '60'
    prefix = 'flowspec'
    bld = '.bld'
    suffix = '.rules'

    __uid = 0
    _known = dict()

    @classmethod
    def _uid(cls):
        cls.__uid += 1
        return cls.__uid

    @classmethod
    def _file(cls, name):
        return cls.path + cls.priority + cls.prefix + str(name) + cls.suffix

    @classmethod
    def _delete(cls, key):
        if key not in cls._known:
            return
        # removing key first so the call to clear never loops forever
        uid, acl = cls._known.pop(key)
        try:
            filename = cls._file(uid)
            if os.path.isfile(filename):

                os.unlink(filename)
        except Exception:
            pass

    @classmethod
    def _commit(cls):
        if cls.dry:
            cls.show()
            return
        try:
            return subprocess.Popen(

                ['cl-acltool', '-i'], stderr=subprocess.STDOUT, stdout=subprocess.PIPE
            ).communicate()[0]
        except Exception:
            pass

    @staticmethod
    def _build(flow, action):
        acl = '[iptables]\n-A FORWARD --in-interface swp+'
        if 'protocol' in flow:
            acl += ' -p ' + re.sub('[!<>=]', '', flow['protocol'][0])

        if 'source-ipv4' in flow:
            acl += ' -s ' + flow['source-ipv4'][0]
        if 'destination-ipv4' in flow:
            acl += ' -d ' + flow['destination-ipv4'][0]
        if 'source-port' in flow:
            acl += ' --sport ' + re.sub('[!<>=]', '', flow['source-port'][0])
        if 'destination-port' in flow:
            acl += ' --dport ' + re.sub('[!<>=]', '', flow['destination-port'][0])
        acl = acl + ' -j DROP\n'
        return acl

    @classmethod
    def insert(cls, flow, action):
        key = flow['string']
        if key in cls._known:
            return
        uid = cls._uid()
        acl = cls._build(flow, action)
        cls._known[key] = (uid, acl)
        try:
            with open(cls._file(uid), 'w') as f:
                f.write(acl)
            cls._commit()
        except Exception:
            cls.end()

    @classmethod
    def remove(cls, flow):
        key = flow['string']
        if key not in cls._known:
            return
        uid, _ = cls._known[key]
        cls._delete(key)

    @classmethod
    def clear(cls):
        for key in cls._known:
            cls._delete(key)
        cls._commit()

    @classmethod
    def end(cls):
        cls.clear()
        sys.exit(1)

    @classmethod
    def show(cls):
        for key, (uid, _) in cls._known.items():
            sys.stderr.write('%d %s\n' % (uid, key))
        for _, acl in cls._known.values():
            sys.stderr.write('%s' % acl)
        sys.stderr.flush()


signal.signal(signal.SIGTERM, ACL.end)


opened = 0
buffered = ''

while True:
    try:
        line = sys.stdin.readline()
        if not line or 'shutdown' in line:
            ACL.end()
        buffered += line
        opened += line.count('{')
        opened -= line.count('}')
        if opened:
            continue
        line, buffered = buffered, ''
        message = json.loads(line)

        if message['type'] == 'state' and message['neighbor']['state'] == 'down':
            ACL.clear()
            continue

        if message['type'] != 'update':
            continue

        update = message['neighbor']['message']['update']

        if 'announce' in update:
            flow = update['announce']['ipv4 flow']
            # The RFC allows both encoding
            flow = flow['no-nexthop'][0] if 'no-nexthop' in flow else flow[0]

            community = update['attribute']['extended-community'][0]
            ACL.insert(flow, community)
            continue

        if 'withdraw' in update:
            flow = update['withdraw']['ipv4 flow'][0]
            ACL.remove(flow)
            continue

    except KeyboardInterrupt:
        ACL.end()
    except Exception:
        pass


1			#!/usr/bin/python
2			"""
3			flow.py
4
5			Created by Thomas Mangin on 2017-07-06.
6			Copyright (c) 2009-2017 Exa Networks. All rights reserved.
7			License: 3-clause BSD. (See the COPYRIGHT file)
8			"""
9
10			# based on the blog at: http://blog.sflow.com/2017/07/bgp-flowspec-on-white-box-switch.html
11
12			import os
13			import sys
14			import json
15			import re
16			import subprocess
17			import signal
18
19
20			class ACL(object):
21			dry = os.environ.get('CUMULUS_FLOW_RIB', False)
			0 ignored issues – show Comprehensibility Best Practice introduced 2019-07-17 07:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `os` does not seem to be defined. Loading history...
22
23			path = '/etc/cumulus/acl/policy.d/'
24			priority = '60'
25			prefix = 'flowspec'
26			bld = '.bld'
27			suffix = '.rules'
28
29			__uid = 0
30			_known = dict()
31
32			@classmethod
33			def _uid(cls):
34			cls.__uid += 1
35			return cls.__uid
36
37			@classmethod
38			def _file(cls, name):
39			return cls.path + cls.priority + cls.prefix + str(name) + cls.suffix
40
41			@classmethod
42			def _delete(cls, key):
43			if key not in cls._known:
44			return
45			# removing key first so the call to clear never loops forever
46			uid, acl = cls._known.pop(key)
47			try:
48			filename = cls._file(uid)
49			if os.path.isfile(filename):
			0 ignored issues – show Comprehensibility Best Practice introduced 2019-07-17 07:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `os` does not seem to be defined. Loading history...
50			os.unlink(filename)
51			except Exception:
52			pass
53
54			@classmethod
55			def _commit(cls):
56			if cls.dry:
57			cls.show()
58			return
59			try:
60			return subprocess.Popen(
			0 ignored issues – show Comprehensibility Best Practice introduced 2020-05-08 12:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `subprocess` does not seem to be defined. Loading history...
61			['cl-acltool', '-i'], stderr=subprocess.STDOUT, stdout=subprocess.PIPE
62			).communicate()[0]
63			except Exception:
64			pass
65
66			@staticmethod
67			def _build(flow, action):
68			acl = '[iptables]\n-A FORWARD --in-interface swp+'
69			if 'protocol' in flow:
70			acl += ' -p ' + re.sub('[!<>=]', '', flow['protocol'][0])
			0 ignored issues – show Comprehensibility Best Practice introduced 2019-07-17 07:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `re` does not seem to be defined. Loading history...
71			if 'source-ipv4' in flow:
72			acl += ' -s ' + flow['source-ipv4'][0]
73			if 'destination-ipv4' in flow:
74			acl += ' -d ' + flow['destination-ipv4'][0]
75			if 'source-port' in flow:
76			acl += ' --sport ' + re.sub('[!<>=]', '', flow['source-port'][0])
77			if 'destination-port' in flow:
78			acl += ' --dport ' + re.sub('[!<>=]', '', flow['destination-port'][0])
79			acl = acl + ' -j DROP\n'
80			return acl
81
82			@classmethod
83			def insert(cls, flow, action):
84			key = flow['string']
85			if key in cls._known:
86			return
87			uid = cls._uid()
88			acl = cls._build(flow, action)
89			cls._known[key] = (uid, acl)
90			try:
91			with open(cls._file(uid), 'w') as f:
92			f.write(acl)
93			cls._commit()
94			except Exception:
95			cls.end()
96
97			@classmethod
98			def remove(cls, flow):
99			key = flow['string']
100			if key not in cls._known:
101			return
102			uid, _ = cls._known[key]
103			cls._delete(key)
104
105			@classmethod
106			def clear(cls):
107			for key in cls._known:
108			cls._delete(key)
109			cls._commit()
110
111			@classmethod
112			def end(cls):
113			cls.clear()
114			sys.exit(1)
115
116			@classmethod
117			def show(cls):
118			for key, (uid, _) in cls._known.items():
119			sys.stderr.write('%d %s\n' % (uid, key))
120			for _, acl in cls._known.values():
121			sys.stderr.write('%s' % acl)
122			sys.stderr.flush()
123
124
125			signal.signal(signal.SIGTERM, ACL.end)
126
127
128			opened = 0
129			buffered = ''
130
131			while True:
132			try:
133			line = sys.stdin.readline()
134			if not line or 'shutdown' in line:
135			ACL.end()
136			buffered += line
137			opened += line.count('{')
138			opened -= line.count('}')
139			if opened:
140			continue
141			line, buffered = buffered, ''
142			message = json.loads(line)
143
144			if message['type'] == 'state' and message['neighbor']['state'] == 'down':
145			ACL.clear()
146			continue
147
148			if message['type'] != 'update':
149			continue
150
151			update = message['neighbor']['message']['update']
152
153			if 'announce' in update:
154			flow = update['announce']['ipv4 flow']
155			# The RFC allows both encoding
156			flow = flow['no-nexthop'][0] if 'no-nexthop' in flow else flow[0]
157
158			community = update['attribute']['extended-community'][0]
159			ACL.insert(flow, community)
160			continue
161
162			if 'withdraw' in update:
163			flow = update['withdraw']['ipv4 flow'][0]
164			ACL.remove(flow)
165			continue
166
167			except KeyboardInterrupt:
168			ACL.end()
169			except Exception:
170			pass
171

Exa-Networks / exabgp

Push — master ( 229cac...232edf )

lib/exabgp/application/flow.py (4 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like