sdn-controller: add optional cookie argument support

semarie · semarie · commit c464e66de536 · 2026-02-11T15:18:33.000+01:00
if used, set cookie on OF rule to help deleting group of rules
diff --git a/SOURCES/etc/xapi.d/plugins/sdncontroller.py b/SOURCES/etc/xapi.d/plugins/sdncontroller.py
@@ -161,6 +161,22 @@ def parse_priority(self):
                 E_PARSER, "'{}' is not a valid priority".format(priority)
             )
 
+    def parse_cookie(self):
+        COOKIE_REGEX = re.compile(
+            r"^0x[0-9a-fA-F]{1,16}$"
+        )
+
+        cookie = self.args.get("cookie")
+        if cookie is None:
+            return "0x0"
+
+        if not COOKIE_REGEX.match(cookie):
+            log_and_raise_error(
+                E_PARSER, "'{}' is not a valid cookie".format(cookie)
+            )
+
+        return hex(int(cookie, 16))
+
     def read(self, key, parse_fn, dests=None):
         # parse_fn can return a single value or a tuple of values.
         # In this case we are expecting dests to match the expected
@@ -303,6 +319,7 @@ def build_rule_string(direction, ofport, args, uplink=False):
     rule_parts = {
         "priority": ("priority", "priority"),
         "protocol": (None, None),
+        "cookie": ("cookie", "cookie"),
         "ofport": ("in_port", "in_port"),
         "mac": ("dl_src", "dl_dst"),
         "iprange": ("nw_dst", "nw_src"),
@@ -318,6 +335,8 @@ def build_rule_string(direction, ofport, args, uplink=False):
     if args.get("priority"):
         rule += "priority={}".format(args["priority"]) + ","
     rule += args["protocol"]
+    if args.get("cookie"):
+        rule += ",cookie={}".format(args["cookie"])
     if uplink:
         rule += ",dl_vlan={}".format(vlanid)
     if ofport:
@@ -342,6 +361,7 @@ def run_ofctl_cmd(cmd, bridge, rule):
             % (format(ofctl_cmd), cmd["stderr"]),
         )
     _LOGGER.info("Applied rule: {}".format(ofctl_cmd))
+    return cmd
 
 
 @error_wrapped
@@ -358,6 +378,7 @@ def add_rule(_session, args):
         parser.read("port", parser.parse_port)
         parser.read("allow", parser.parse_allow)
         parser.read("priority", parser.parse_priority)
+        parser.read("cookie", parser.parse_cookie)
     except XenAPIPlugin.Failure as e:
         log_and_raise_error(
             E_PARSER, "add_rule: Failed to get parameters: {}".format(e.params[1])
@@ -383,6 +404,14 @@ def add_rule(_session, args):
             E_PORTS, "No ports found for bridge: {}".format(rule_args["bridge"])
         )
 
+    # validate cookie isn't already used
+    if rule_args["cookie"] != "0x0":
+        cmd = run_ofctl_cmd("dump-flows", "", "cookie={}/-1".format(rule_args["cookie"]))
+        if cmd["stdout"] != "\n":
+            log_and_raise_error(
+                E_PARAMS, "add_rule: this cookie is already used"
+            )
+
     # We can now build the open flow rule
     rules = build_rules_strings(rule_args)
     _LOGGER.info("Built rules: {}".format(rules))
@@ -408,6 +437,7 @@ def del_rule(_session, args):
         parser.read("protocol", parser.parse_protocol)
         parser.read("iprange", parser.parse_iprange)
         parser.read("port", parser.parse_port)
+        parser.read("cookie", parser.parse_cookie)
     except XenAPIPlugin.Failure as e:
         log_and_raise_error(
             E_PARSER, "del_rule: Failed to get parameters: {}".format(e.params[1])
@@ -427,11 +457,21 @@ def del_rule(_session, args):
             E_PARAMS, "del_rule: No port provided, tcp and udp requires one"
         )
 
-    update_args_from_ovs(rule_args)
+    # to match on a cookie, need to specify a mask
+    rule_args["cookie"] = "{}/-1".format(rule_args["cookie"])
 
-    # We can now build the open flow rule
-    rules = build_rules_strings(rule_args)
-    _LOGGER.info("Built rules: {}".format(rules))
+    if rule_args["cookie"] == "0x0/-1":
+        update_args_from_ovs(rule_args)
+
+        # We can now build the open flow rule
+        rules = build_rules_strings(rule_args)
+        _LOGGER.info("Built rules: {}".format(rules))
+
+    else:
+        # if cookie value is meanful, use it to remove all related rules
+        rules = [
+            "cookie={}".format(rule_args["cookie"]),
+        ]
 
     for rule in rules:
         run_ofctl_cmd("del-flows", rule_args["parent-bridge"], rule)
diff --git a/tests/sdncontroller_test_cases/functions.py b/tests/sdncontroller_test_cases/functions.py
@@ -192,7 +192,7 @@
             },  # list-interfaces
         ],
         "calls": [
-            call("add-flow", "xenbr0", "ip,in_port=5,nw_dst=1.1.1.1,actions=drop"),
+            call("add-flow", "xenbr0", "ip,cookie=0x0,in_port=5,nw_dst=1.1.1.1,actions=drop"),
         ],
     },
     {  # subnet tcp 4242 allow
@@ -221,7 +221,7 @@
             call(
                 "add-flow",
                 "xenbr0",
-                "tcp,in_port=5,nw_dst=1.1.1.1/24,tp_dst=4242,actions=normal",
+                "tcp,cookie=0x0,in_port=5,nw_dst=1.1.1.1/24,tp_dst=4242,actions=normal",
             )
         ],
     },
@@ -252,7 +252,7 @@
             call(
                 "add-flow",
                 "xenbr0",
-                "udp,dl_dst=DE:AD:BE:EF:CA:FE,nw_src=4.4.4.4,tp_src=2121,actions=drop",
+                "udp,cookie=0x0,dl_dst=DE:AD:BE:EF:CA:FE,nw_src=4.4.4.4,tp_src=2121,actions=drop",
             ),
         ],
     },
@@ -283,7 +283,7 @@
             "type": XenAPIPlugin.Failure,
             "code": "3",
             "text": "Error running ovs-ofctl command: ['ovs-ofctl', '-O', 'OpenFlow11', 'add-flow', 'xenbr0', "
-            "'ip,in_port=5,nw_dst=1.1.1.1/24,actions=drop']: fake error",
+            "'ip,cookie=0x0,in_port=5,nw_dst=1.1.1.1/24,actions=drop']: fake error",
         },
         "cmd": [
             {"returncode": 0, "stdout": "xenbr0", "stderr": ""},  # br-to-parent
@@ -341,7 +341,7 @@
             },  # list-interfaces
         ],
         "calls": [
-            call("del-flows", "xenbr0", "ip,in_port=5,nw_dst=1.1.1.1"),
+            call("del-flows", "xenbr0", "ip,cookie=0x0,in_port=5,nw_dst=1.1.1.1"),
         ],
     },
     {  # subnet tcp 4242 allow
@@ -370,7 +370,7 @@
             call(
                 "del-flows",
                 "xenbr0",
-                "tcp,in_port=5,nw_dst=1.1.1.1/24,tp_dst=4242",
+                "tcp,cookie=0x0,in_port=5,nw_dst=1.1.1.1/24,tp_dst=4242",
             )
         ],
     },
@@ -401,7 +401,7 @@
             call(
                 "del-flows",
                 "xenbr0",
-                "udp,dl_dst=DE:AD:BE:EF:CA:FE,nw_src=4.4.4.4,tp_src=2121",
+                "udp,cookie=0x0,dl_dst=DE:AD:BE:EF:CA:FE,nw_src=4.4.4.4,tp_src=2121",
             ),
         ],
     },
@@ -432,7 +432,7 @@
             "type": XenAPIPlugin.Failure,
             "code": "3",
             "text": "Error running ovs-ofctl command: ['ovs-ofctl', '-O', 'OpenFlow11', 'del-flows', 'xenbr0', "
-            "'ip,in_port=5,nw_dst=1.1.1.1/24']: fake error",
+            "'ip,cookie=0x0,in_port=5,nw_dst=1.1.1.1/24']: fake error",
         },
         "cmd": [
             {"returncode": 0, "stdout": "xenbr0", "stderr": ""},  # br-to-parent
diff --git a/tests/sdncontroller_test_cases/parser.py b/tests/sdncontroller_test_cases/parser.py
@@ -370,3 +370,27 @@
     },
 ]
 PRIORITY_IDS = ["100", "0", "65535", "65536", "aoeui", "empty string", "no parameters"]
+
+
+COOKIE_PARAMS = [
+    {"input": {"cookie": "0x0"}, "result": "0x0", "exception": None},
+    {"input": {"cookie": "0x01234"}, "result": "0x1234", "exception": None},
+    {"input": {"cookie": "0xFFFFffffFFFFffff"}, "result": "0xffffffffffffffff", "exception": None},
+    {"input": {}, "result": "0x0", "exception": None},
+    {
+        "input": {"cookie": "0x"},
+        "result": None,
+        "exception": {
+            "type": XenAPIPlugin.Failure,
+            "code": "1",
+            "text": "'0x' is not a valid cookie",
+        },
+    },
+]
+COOKIE_IDS = [
+    "0x0",
+    "0x1234",
+    "0xFFFFffffFFFFffff",
+    "no parameter",
+    "0x",
+]
diff --git a/tests/test_sdn-controller.py b/tests/test_sdn-controller.py
@@ -21,6 +21,8 @@
     ALLOW_IDS,
     PRIORITY_PARAMS,
     PRIORITY_IDS,
+    COOKIE_PARAMS,
+    COOKIE_IDS,
 )
 
 from sdncontroller_test_cases.functions import (
@@ -112,6 +114,13 @@ def test_parse_priority(self, priority):
         p = Parser(priority["input"])
         parser_test(p.parse_priority, priority)
 
+    @pytest.fixture(params=COOKIE_PARAMS, ids=COOKIE_IDS)
+    def cookie(self, request):
+        return request.param
+
+    def test_parse_cookie(self, cookie):
+        p = Parser(cookie["input"])
+        parser_test(p.parse_cookie, cookie)
 
 @mock.patch("sdncontroller.run_command", autospec=True)
 class TestSdnControllerFunctions:
