x/vmware-nsx
Code Issues Proposed changes

NSX|V: support large port ranges in service insertion

Browse Source 
Adding a range of source/destination ports in a flow classifier rule should
not be done by adding each specific port, but sending it to the NSX as
a range.
This fix allows us to remove the restriction of only 15 ports in a range.

Change-Id: Ie6ccd8a2932bc1e75ed380c176f79008a46b4c59
This commit is contained in:
Adit Sarfaty 2017-07-09 12:19:01 +03:00
parent 32e3f9b704
commit 60fc5a748d
2 changed files with 12 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
vmware_nsx/services/flowclassifier/nsx_v/driver.py
View File

@ -40,7 +40,6 @@ from vmware_nsx.services.flowclassifier.nsx_v import utils as fc_utils
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
REDIRECT_FW_SECTION_NAME = 'OS Flow Classifier Rules' REDIRECT_FW_SECTION_NAME = 'OS Flow Classifier Rules'
MAX_PORTS_IN_RANGE = 15
class NsxvFlowClassifierDriver(fc_driver.FlowClassifierDriverBase): class NsxvFlowClassifierDriver(fc_driver.FlowClassifierDriverBase):
@ -206,10 +205,10 @@ class NsxvFlowClassifierDriver(fc_driver.FlowClassifierDriverBase):
return self._ports_list(min_port, max_port) return self._ports_list(min_port, max_port)
def _ports_list(self, min_port, max_port): def _ports_list(self, min_port, max_port):
"""Return a string of comma separated ports. i.e. '80,81' """Return a string representing the port/range"""
""" if min_port == max_port:
# convert the range into a string, and remove the '[]' around it return str(min_port)
return str(range(min_port, max_port + 1))[1:-1] return "%s-%s" % (min_port, max_port)
def _rule_name(self, flow_classifier): def _rule_name(self, flow_classifier):
# The name of the rule will include the name & id of the classifier # The name of the rule will include the name & id of the classifier
@ -370,23 +369,3 @@ class NsxvFlowClassifierDriver(fc_driver.FlowClassifierDriverBase):
msg = _('The NSXv driver does not support setting ' msg = _('The NSXv driver does not support setting '
'L7 parameters in FlowClassifier') 'L7 parameters in FlowClassifier')
raise exc.FlowClassifierBadRequest(message=msg) raise exc.FlowClassifierBadRequest(message=msg)
# Source ports range - up to 15 ports.
sport_min = flow_classifier['source_port_range_min']
sport_max = flow_classifier['source_port_range_max']
if (sport_min is not None and sport_max is not None and
(sport_max + 1 - sport_min) > MAX_PORTS_IN_RANGE):
msg = _('The NSXv driver does not support setting '
'more than %d source ports in a '
'FlowClassifier') % MAX_PORTS_IN_RANGE
raise exc.FlowClassifierBadRequest(message=msg)
# Destination ports range - up to 15 ports.
dport_min = flow_classifier['destination_port_range_min']
dport_max = flow_classifier['destination_port_range_max']
if (dport_min is not None and dport_max is not None and
(dport_max + 1 - dport_min) > MAX_PORTS_IN_RANGE):
msg = _('The NSXv driver does not support setting '
'more than %d destination ports in a '
'FlowClassifier') % MAX_PORTS_IN_RANGE
raise exc.FlowClassifierBadRequest(message=msg)

42
vmware_nsx/tests/unit/services/flowclassifier/test_nsxv_driver.py
View File

@ -198,38 +198,6 @@ class TestNsxvFlowClassifierDriver(
self.driver.create_flow_classifier_precommit, self.driver.create_flow_classifier_precommit,
fc_context) fc_context)
def test_create_flow_classifier_precommit_src_port_range(self):
with self.flow_classifier(flow_classifier={
'name': 'test1',
'protocol': 'tcp',
'source_port_range_min': 100,
'source_port_range_max': 116,
}) as fc:
fc_context = fc_ctx.FlowClassifierContext(
self.flowclassifier_plugin, self.ctx,
fc['flow_classifier']
)
self.assertRaises(
fc_exc.FlowClassifierBadRequest,
self.driver.create_flow_classifier_precommit,
fc_context)
def test_create_flow_classifier_precommit_dst_port_range(self):
with self.flow_classifier(flow_classifier={
'name': 'test1',
'protocol': 'tcp',
'destination_port_range_min': 100,
'destination_port_range_max': 116,
}) as fc:
fc_context = fc_ctx.FlowClassifierContext(
self.flowclassifier_plugin, self.ctx,
fc['flow_classifier']
)
self.assertRaises(
fc_exc.FlowClassifierBadRequest,
self.driver.create_flow_classifier_precommit,
fc_context)
def _validate_rule_structure(self, rule): def _validate_rule_structure(self, rule):
self.assertEqual(self._fc_description, rule.find('notes').text) self.assertEqual(self._fc_description, rule.find('notes').text)
self.assertEqual('ipv4', rule.find('packetType').text) self.assertEqual('ipv4', rule.find('packetType').text)
@ -239,11 +207,17 @@ class TestNsxvFlowClassifierDriver(
self.assertEqual( self.assertEqual(
self._fc_dest, self._fc_dest,
rule.find('destinations').find('destination').find('value').text) rule.find('destinations').find('destination').find('value').text)
ports = "%s-%s" % (self._fc_source_ports[0], self._fc_source_ports[-1])
if self._fc_source_ports[0] == self._fc_source_ports[-1]:
ports = str(self._fc_source_ports[0])
self.assertEqual( self.assertEqual(
str(self._fc_source_ports)[1:-1], ports,
rule.find('services').find('service').find('sourcePort').text) rule.find('services').find('service').find('sourcePort').text)
ports = "%s-%s" % (self._fc_dest_ports[0], self._fc_dest_ports[-1])
if self._fc_dest_ports[0] == self._fc_dest_ports[-1]:
ports = str(self._fc_dest_ports[0])
self.assertEqual( self.assertEqual(
str(self._fc_dest_ports)[1:-1], ports,
rule.find('services').find('service').find('destinationPort').text) rule.find('services').find('service').find('destinationPort').text)
self.assertEqual( self.assertEqual(
self._fc_prot, self._fc_prot,