From 60fc5a748dc69e81dca62ca3eadac56299b43812 Mon Sep 17 00:00:00 2001 From: Adit Sarfaty Date: Sun, 9 Jul 2017 12:19:01 +0300 Subject: [PATCH] NSX|V: support large port ranges in service insertion Adding a range of source/destination ports in a flow classifier rule should not be done by adding each specific port, but sending it to the NSX as a range. This fix allows us to remove the restriction of only 15 ports in a range. Change-Id: Ie6ccd8a2932bc1e75ed380c176f79008a46b4c59 --- .../services/flowclassifier/nsx_v/driver.py | 29 ++----------- .../flowclassifier/test_nsxv_driver.py | 42 ++++--------------- 2 files changed, 12 insertions(+), 59 deletions(-) diff --git a/vmware_nsx/services/flowclassifier/nsx_v/driver.py b/vmware_nsx/services/flowclassifier/nsx_v/driver.py index 7b3f205194..1319c84e50 100644 --- a/vmware_nsx/services/flowclassifier/nsx_v/driver.py +++ b/vmware_nsx/services/flowclassifier/nsx_v/driver.py @@ -40,7 +40,6 @@ from vmware_nsx.services.flowclassifier.nsx_v import utils as fc_utils LOG = logging.getLogger(__name__) REDIRECT_FW_SECTION_NAME = 'OS Flow Classifier Rules' -MAX_PORTS_IN_RANGE = 15 class NsxvFlowClassifierDriver(fc_driver.FlowClassifierDriverBase): @@ -206,10 +205,10 @@ class NsxvFlowClassifierDriver(fc_driver.FlowClassifierDriverBase): return self._ports_list(min_port, max_port) def _ports_list(self, min_port, max_port): - """Return a string of comma separated ports. i.e. '80,81' - """ - # convert the range into a string, and remove the '[]' around it - return str(range(min_port, max_port + 1))[1:-1] + """Return a string representing the port/range""" + if min_port == max_port: + return str(min_port) + return "%s-%s" % (min_port, max_port) def _rule_name(self, flow_classifier): # The name of the rule will include the name & id of the classifier @@ -370,23 +369,3 @@ class NsxvFlowClassifierDriver(fc_driver.FlowClassifierDriverBase): msg = _('The NSXv driver does not support setting ' 'L7 parameters in FlowClassifier') raise exc.FlowClassifierBadRequest(message=msg) - - # Source ports range - up to 15 ports. - sport_min = flow_classifier['source_port_range_min'] - sport_max = flow_classifier['source_port_range_max'] - if (sport_min is not None and sport_max is not None and - (sport_max + 1 - sport_min) > MAX_PORTS_IN_RANGE): - msg = _('The NSXv driver does not support setting ' - 'more than %d source ports in a ' - 'FlowClassifier') % MAX_PORTS_IN_RANGE - raise exc.FlowClassifierBadRequest(message=msg) - - # Destination ports range - up to 15 ports. - dport_min = flow_classifier['destination_port_range_min'] - dport_max = flow_classifier['destination_port_range_max'] - if (dport_min is not None and dport_max is not None and - (dport_max + 1 - dport_min) > MAX_PORTS_IN_RANGE): - msg = _('The NSXv driver does not support setting ' - 'more than %d destination ports in a ' - 'FlowClassifier') % MAX_PORTS_IN_RANGE - raise exc.FlowClassifierBadRequest(message=msg) diff --git a/vmware_nsx/tests/unit/services/flowclassifier/test_nsxv_driver.py b/vmware_nsx/tests/unit/services/flowclassifier/test_nsxv_driver.py index 4c098629ee..0ce5d22b1e 100644 --- a/vmware_nsx/tests/unit/services/flowclassifier/test_nsxv_driver.py +++ b/vmware_nsx/tests/unit/services/flowclassifier/test_nsxv_driver.py @@ -198,38 +198,6 @@ class TestNsxvFlowClassifierDriver( self.driver.create_flow_classifier_precommit, fc_context) - def test_create_flow_classifier_precommit_src_port_range(self): - with self.flow_classifier(flow_classifier={ - 'name': 'test1', - 'protocol': 'tcp', - 'source_port_range_min': 100, - 'source_port_range_max': 116, - }) as fc: - fc_context = fc_ctx.FlowClassifierContext( - self.flowclassifier_plugin, self.ctx, - fc['flow_classifier'] - ) - self.assertRaises( - fc_exc.FlowClassifierBadRequest, - self.driver.create_flow_classifier_precommit, - fc_context) - - def test_create_flow_classifier_precommit_dst_port_range(self): - with self.flow_classifier(flow_classifier={ - 'name': 'test1', - 'protocol': 'tcp', - 'destination_port_range_min': 100, - 'destination_port_range_max': 116, - }) as fc: - fc_context = fc_ctx.FlowClassifierContext( - self.flowclassifier_plugin, self.ctx, - fc['flow_classifier'] - ) - self.assertRaises( - fc_exc.FlowClassifierBadRequest, - self.driver.create_flow_classifier_precommit, - fc_context) - def _validate_rule_structure(self, rule): self.assertEqual(self._fc_description, rule.find('notes').text) self.assertEqual('ipv4', rule.find('packetType').text) @@ -239,11 +207,17 @@ class TestNsxvFlowClassifierDriver( self.assertEqual( self._fc_dest, rule.find('destinations').find('destination').find('value').text) + ports = "%s-%s" % (self._fc_source_ports[0], self._fc_source_ports[-1]) + if self._fc_source_ports[0] == self._fc_source_ports[-1]: + ports = str(self._fc_source_ports[0]) self.assertEqual( - str(self._fc_source_ports)[1:-1], + ports, rule.find('services').find('service').find('sourcePort').text) + ports = "%s-%s" % (self._fc_dest_ports[0], self._fc_dest_ports[-1]) + if self._fc_dest_ports[0] == self._fc_dest_ports[-1]: + ports = str(self._fc_dest_ports[0]) self.assertEqual( - str(self._fc_dest_ports)[1:-1], + ports, rule.find('services').find('service').find('destinationPort').text) self.assertEqual( self._fc_prot,