From bc95fa8109420e7d266641f7f9bb49c33d3a5a5d Mon Sep 17 00:00:00 2001 From: "Ruben S. Montero" Date: Mon, 29 Jan 2024 14:52:47 +0100 Subject: [PATCH] B #6483: Add support for spoofing rules for alias NIC This commit process NIC_ALIAS on ativation and creates flow rules to implment spoofing rules. The rules are installed on the same port as the parent NIC (cherry picked from commit 6c388414e295526082ceca6d3e1d594631330a8a) --- src/vnm_mad/remotes/lib/vm.rb | 8 ++++++++ src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb | 15 +++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/src/vnm_mad/remotes/lib/vm.rb b/src/vnm_mad/remotes/lib/vm.rb index dc6468f4e2..c65ede8688 100644 --- a/src/vnm_mad/remotes/lib/vm.rb +++ b/src/vnm_mad/remotes/lib/vm.rb @@ -120,6 +120,14 @@ module VNMMAD end end + def parent(nic_alias) + @nics.each do |the_nic| + return the_nic if the_nic[:nic_id] == nic_alias[:parent_id] + end + + nil + end + # Access an XML Element of the VM # @param element [String] element name # @return [String] value of the element or nil if not found diff --git a/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb b/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb index ed739ea8eb..2cb381fb13 100644 --- a/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb +++ b/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb @@ -136,6 +136,21 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver ip_spoofing if nic[:filter_ip_spoofing] =~ /yes/i end + # MAC-spoofing & IP-spoofing for NIC ALIAS + process_alias do |nalias| + nparent = @vm.parent(nalias) + + next unless nparent + + nalias[:port] = nparent[:port] + + @nic = nalias + + mac_spoofing if nalias[:filter_mac_spoofing] =~ /yes/i + + ip_spoofing if nalias[:filter_ip_spoofing] =~ /yes/i + end + unlock 0