fix/ipv6_rules_implicit_icmp6: add setting NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6...

fix/ipv6_rules_implicit_icmp6: add setting NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6 to enable/disable implicit ipv6 addresses+proto=icmp <-> proto=icmpv6

fix/ipv6_rules_implicit_icmp6: add setting NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6...
0e748756 · David Schmitz · 645460d4 · 0e748756 · 0e748756
Commit 0e748756 authored 2 years ago by David Schmitz
--- a/utils/flowspec_utils.py
+++ b/utils/flowspec_utils.py

+from django.conf import settings
+
 import flowspec.logging_utils
 logger = flowspec.logging_utils.logger_init_default(__name__, "flowspec_utils.log", False)

@@ -7,16 +9,18 @@ logger = flowspec.logging_utils.logger_init_default(__name__, "flowspec_utils.lo
 def map__ip_proto__for__ip_version__to_flowspec(ip_version, protocol_str):
    logger.info("map__ip_proto__for__ip_version__to_flowspec(): called ip_version="+str(ip_version)+" protocol_str="+str(protocol_str))
    if ip_version==6 and protocol_str=='icmp': 
-        if hasattr(settings, 'NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6') and settings.NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6:
-          protocol_str='icmp6'
+        if hasattr(settings, 'NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6'):
+            if settings.NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6:
+              protocol_str='icmp6'
    logger.info("map__ip_proto__for__ip_version__to_flowspec(): returning protocol_str="+str(protocol_str))
    return protocol_str

 def map__ip_proto__for__ip_version__from_flowspec(ip_version, protocol_str):
    logger.info("map__ip_proto__for__ip_version__from_flowspec(): called ip_version="+str(ip_version)+" protocol_str="+str(protocol_str))
    if ip_version==6 and protocol_str=='icmp6': 
-        if hasattr(settings, 'NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6') and settings.NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6:
-          protocol_str='icmp'
+        if hasattr(settings, 'NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6'): 
+            if settings.NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6:
+              protocol_str='icmp'
    logger.info("map__ip_proto__for__ip_version__from_flowspec(): returning protocol_str="+str(protocol_str))
    return protocol_str

--- a/utils/proxy.py
+++ b/utils/proxy.py
@@ -159,7 +159,10 @@ class Applier(object):
            try:
                if route_obj.protocol:
                    for protocol in route_obj.protocol.all():
-                        protocol_id = map__ip_proto__for__ip_version__to_flowspec(ip_version, protocol.protocol)
+                        try:
+                          protocol_id = map__ip_proto__for__ip_version__to_flowspec(ip_version, protocol.protocol)
+                        except Exception as e:
+                          logger.error("proxy::Applier::to_xml(): got exception in map__ip_proto__for__ip_version__to_flowspec: "+str(e))
                        route.match['protocol'].append(protocol_id)
            except:
                pass