Rework traffic-rules

Previous implementation did not take how VLANs are configured into
account, this lead to a pretty hefty change.

VLANs use a fake bridge, which is then included in a parent bridge.
While packets remain within this bridge, they are not tagged, so the
vlanid cannot be used to match packets in the OVS datapath. The only
workaround is to create rules for each port. However, this means that
rules for untagged traffic, as previously implemented, will also apply
to VLAN ports. Therefore, we must apply rules to each matching port in
all cases, and create a rule on the uplink ports that matches
accordingly.

Changes summary:
- Refactored to improve clarity and error handling
- Added update_args_from_ovs() to dynamically gather bridge, VLAN, and port info from OVS.
- Changed ip_range to ipRange that XO plugin is using
- Replaced single rule building with per-port rule, as well as matching on VLAN for uplink ports
- Updated tests to match the refactor
- Added tests for update_args_from_ovs()
- Mocked OVS command calls in tests for more accurate validation.

Signed-off-by: David Morel <[email protected]>

Author: bleader

README.md

@@ -348,9 +348,9 @@ Parameters for adding a rule:
 - *priority* (optional): A number between 0 and 65535 for the rule priority.
 - *mac* (optional): The MAC address of the VIF to create the rule for, if not
   specified, a network-wide rule will be created.
-- *iprange*: An IP or range of IPs in CIDR notation, for example `192.168.1.0/24`.
+- *ipRange*: An IP or range of IPs in CIDR notation, for example `192.168.1.0/24`.
 - *direction*: can be **from**, **to** or **from/to**
-  - *to*: means the parameters for **port** and **iprange** are to be used as destination
+  - *to*: means the parameters for **port** and **ipRange** are to be used as destination
   - *from*: means they will be use as source
   - *from/to*: 2 rules will be created, one per direction
 - *protocol*: IP, TCP, UDP, ICMP or ARP
@@ -363,7 +363,7 @@ $ xe host-call-plugin host-uuid<uuid> plugin=sdncontroller.py \
   args:bridge="xenbr0"          \
   args:priority="100"           \
   args:mac="6e:0b:9e:72:ab:c6"  \
-  args:iprange="192.168.1.0/24" \
+  args:ipRange="192.168.1.0/24" \
   args:direction="from/to"      \
   args:protocol="tcp"           \
   args:port="22"                \
@@ -375,9 +375,9 @@ $ xe host-call-plugin host-uuid<uuid> plugin=sdncontroller.py \
 Parameters for removing a rule:
 - *bridge* :  The name of the bridge to delete the rule from.
 - *mac* (optional): The MAC address of the VIF to delete the rule for.
-- *iprange*: An IP or range of IPs in CIDR notation, for example `192.168.1.0/24`.
+- *ipRange*: An IP or range of IPs in CIDR notation, for example `192.168.1.0/24`.
 - *direction*: can be **from**, **to** or **from/to**
-  - *to*: means the parameters for **port** and **iprange** are to be used as destination
+  - *to*: means the parameters for **port** and **ipRange** are to be used as destination
   - *from*: means they will be use as source
   - *from/to*: 2 rules will be created, one per direction
 - *protocol*: IP, TCP, UDP, ICMP or ARP
@@ -388,7 +388,7 @@ $ xe host-call-plugin host-uuid<uuid> plugin=sdncontroller.py \
   fn=del-rule                   \
   args:bridge="xenbr0"          \
   args:mac="6e:0b:9e:72:ab:c6"  \
-  args:iprange="192.168.1.0/24" \
+  args:ipRange="192.168.1.0/24" \
   args:direction="from/to"      \
   args:protocol="tcp"           \
   args:port="22"