diff --git a/flowspec/models.py b/flowspec/models.py
index b2b9e4f444b862dbfb5d06e175aa21c54d2bdd0a..537ad9b136f05965c9aded882c2c5d6e0ab08fe6 100644
--- a/flowspec/models.py
+++ b/flowspec/models.py
@@ -34,6 +34,7 @@ import json
from peers.models import PeerRange, Peer
from flowspec.junos import create_junos_name
+from utils.flowspec_utils import map__ip_proto__for__ip_version__from_flowspec
#import flowspec.iprange_match
from flowspec.iprange_match import find_matching_peer_by_ipprefix__simple
@@ -495,6 +496,8 @@ class Route(models.Model):
logger.error('models::is_synced(): No routing options on device. Exception: %s' % e)
return True
+ my_ip_version = self.ip_version()
+
for flow in parsed_netconf_xml__flows:
for route in flow.routes:
#logger.debug('models::is_synced(): loop flow='+str(flow)+' route='+str(route))
@@ -559,7 +562,10 @@ class Route(models.Model):
assert(self.protocol.all())
assert(devicematch['protocol'])
devitems = devicematch['protocol']
- dbitems = ["%s"%i for i in self.protocol.all()]
+ #dbitems = ["%s"%i for i in self.protocol.all()]
+ dbitems = [map__ip_proto__for__ip_version__to_flowspec(my_ip_version, "%s"%i) for i in self.protocol.all()]
+ logger.info("models::is_synced(): dbitems="+str(dbitems))
+
intersect = list(set(devitems).intersection(set(dbitems)))
if ((len(intersect) == len(dbitems)) and (len(intersect) == len(devitems))):
found = found and True
diff --git a/utils/flowspec_utils.py b/utils/flowspec_utils.py
new file mode 100644
index 0000000000000000000000000000000000000000..a0777317b4764b64b76a356afb7230829ec766b0
--- /dev/null
+++ b/utils/flowspec_utils.py
@@ -0,0 +1,20 @@
+
+import flowspec.logging_utils
+logger = flowspec.logging_utils.logger_init_default(__name__, "flowspec_utils.log", False)
+
+#
+
+def map__ip_proto__for__ip_version__to_flowspec(ip_version, protocol_str):
+ logger.info("map__ip_proto__for__ip_version__to_flowspec(): called ip_version="+str(ip_version)+" protocol_str="+str(protocol_str))
+ if ip_version==6 and protocol_str=='icmp':
+ protocol_str='icmp6'
+ logger.info("map__ip_proto__for__ip_version__to_flowspec(): returning protocol_str="+str(protocol_str))
+ return protocol_str
+
+def map__ip_proto__for__ip_version__from_flowspec(ip_version, protocol_str):
+ logger.info("map__ip_proto__for__ip_version__from_flowspec(): called ip_version="+str(ip_version)+" protocol_str="+str(protocol_str))
+ if ip_version==6 and protocol_str=='icmp6':
+ protocol_str='icmp'
+ logger.info("map__ip_proto__for__ip_version__from_flowspec(): returning protocol_str="+str(protocol_str))
+ return protocol_str
+
diff --git a/utils/proxy.py b/utils/proxy.py
index 585b69dd85a3973846999a83d09851b65bf09628..0e2620d1b16737feac4eabe006f7801452c226cc 100644
--- a/utils/proxy.py
+++ b/utils/proxy.py
@@ -30,6 +30,7 @@ from celery.exceptions import TimeLimitExceeded, SoftTimeLimitExceeded
from .portrange import parse_portrange
import traceback
from ipaddress import ip_network
+from .flowspec_utils import map__ip_proto__for__ip_version__to_flowspec
#import xml.etree.ElementTree as ET
import flowspec.logging_utils
@@ -132,6 +133,7 @@ class Applier(object):
route_obj = self.route_object
+ ip_version = self.route_object.ip_version()
is_ipv4 = self.route_object.is_ipv4()
logger.info("proxy::to_xml(): is_ipv4="+str(is_ipv4))
@@ -153,7 +155,8 @@ class Applier(object):
try:
if route_obj.protocol:
for protocol in route_obj.protocol.all():
- route.match['protocol'].append(protocol.protocol)
+ protocol_id = map__ip_proto__for__ip_version__to_flowspec(ip_version, protocol.protocol)
+ route.match['protocol'].append(protocol_id)
except:
pass
try: