upstream/oracle/userland-gate: components/openstack/neutron/files/agent/solaris/ipfilters

3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	1	# vim: tabstop=4 shiftwidth=4 softtabstop=4
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	2
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	3	# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	4	#
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	5	# Licensed under the Apache License, Version 2.0 (the "License"); you may
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	6	# not use this file except in compliance with the License. You may obtain
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	7	# a copy of the License at
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	8	#
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	9	# http://www.apache.org/licenses/LICENSE-2.0
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	10	#
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	11	# Unless required by applicable law or agreed to in writing, software
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	12	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	13	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	14	# License for the specific language governing permissions and limitations
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	15	# under the License.
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	16	#
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	17	# @author: Girish Moodalbail, Oracle, Inc.
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	18	#
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	19
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	20	"""Implements ipfilter and ipnat rules using Solaris utilities."""
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	21
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	22	from neutron.agent.solaris import net_lib
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	23
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	24
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	25	class IPfiltersManager(object):
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	26	"""Wrapper for Solaris IPF commands -- ipf(1m), ipnat(1m),
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	27	and ippool(1m)."""
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	28
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	29	def __init__(self):
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	30	self.ipv4 = {'filter': [], 'nat': []}
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	31	self.ipv6 = {'filter': [], 'nat': []}
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	32
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	33	def add_ippool(self, number, ip_cidrs):
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	34	ippool = net_lib.IPpoolCommand(number)
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	35	if ip_cidrs:
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	36	ippool.add_pool_nodes(ip_cidrs)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	37	else:
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	38	ippool.add_pool()
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	39
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	40	def remove_ippool(self, number, ip_cidrs):
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	41	ippool = net_lib.IPpoolCommand(number)
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	42	if ip_cidrs:
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	43	ippool.remove_pool_nodes(ip_cidrs)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	44	else:
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	45	ippool.remove_pool()
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	46
3364 25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3178 diff changeset	47	def add_nat_rules(self, rules):
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	48	ipnat = net_lib.IPnatCommand()
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	49	ipnat.add_rules(rules)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	50	# we successfully added the nat rules, update the local copy
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	51	for rule in rules:
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	52	self.ipv4['nat'].append(rule)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	53
3364 25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3178 diff changeset	54	def remove_nat_rules(self, rules):
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	55	ipnat = net_lib.IPnatCommand()
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	56	ipnat.remove_rules(rules)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	57	# we successfully removed the nat rules, update the local copy
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	58	for rule in rules:
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	59	self.ipv4['nat'].remove(rule)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	60
3364 25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3178 diff changeset	61	def add_ipf_rules(self, rules, version=4):
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	62	ipf = net_lib.IPfilterCommand()
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	63	ipf.add_rules(rules, version)
3364 25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3178 diff changeset	64	version_rules = (self.ipv4['filter'] if version == 4 else
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	65	self.ipv6['filter'])
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	66	for rule in rules:
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	67	version_rules.append(rule)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	68
3364 25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3178 diff changeset	69	def remove_ipf_rules(self, rules, version=4):
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	70	ipf = net_lib.IPfilterCommand()
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	71	ipf.remove_rules(rules, version)
3364 25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3178 diff changeset	72	version_rules = (self.ipv4['filter'] if version == 4 else
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	73	self.ipv6['filter'])
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	74	for rule in rules:
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	75	version_rules.remove(rule)

author	Girish Moodalbail <Girish.Moodalbail@oracle.COM>
	Fri, 03 Oct 2014 10:20:17 -0700
branch	s11u2-sru
changeset 3364	25975ce9e810
parent 3178	77584387a894
permissions	-rw-r--r--