# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.

from oslo_log import log as logging

from neutron.agent.l3 import agent as l3_agent

from neutron.agent.l3 import router_info as router

from neutron.agent.solaris import ipfilters_manager

from neutron.callbacks import events

from neutron.callbacks import registry

from neutron.callbacks import resources

from neutron.common import exceptions as n_exc

from oslo_utils import importutils

from oslo_log import log as logging

import neutron_vpnaas.services.vpn.agent as neutron_vpnaas

from neutron_vpnaas.extensions import vpnaas

from neutron_vpnaas.services.vpn import vpn_service

class SolarisRouterInfo(router.RouterInfo):

    def __init__(self, router_id, router, agent_conf, interface_driver,

                 use_ipv6=False):

        super(SolarisRouterInfo, self).__init__(router_id, router, agent_conf,

                                                interface_driver, use_ipv6)

        self.ipfilters_manager = ipfilters_manager.IPfiltersManager()

        self.iptables_manager = None

        self.remove_route = False

    def initialize(self, process_monitor):

        """Initialize the router on the system.

        This differs from __init__ in that this method actually affects the

        system creating namespaces, starting processes, etc.  The other merely

        initializes the python object.  This separates in-memory object

        initialization from methods that actually go do stuff to the system.

        :param process_monitor: The agent's process monitor instance.

        """

        self.process_monitor = process_monitor

        self.radvd = ra.NDPD(self.router_id, self.get_internal_device_name)

    def routes_updated(self):

        pass

    def _get_existing_devices(self):

        return net_lib.Datalink.show_vnic()

    def internal_network_added(self, port):

        internal_dlname = self.get_internal_device_name(port['id'])

        # driver just returns if datalink and IP interface already exists

        self.driver.plug(port['tenant_id'], port['network_id'], port['id'],

                         internal_dlname)

        ip_cidrs = common_utils.fixed_ip_cidrs(port['fixed_ips'])

        self.driver.init_l3(internal_dlname, ip_cidrs)

        # Since we support shared router model, we need to block the new

        # internal port from reaching other tenant's ports

        block_pname = self._get_ippool_name(port['mac_address'])

        self.ipfilters_manager.add_ippool(block_pname, None)

        if self.agent_conf.allow_forwarding_between_networks:

            # If allow_forwarding_between_networks is set, then we need to

            # allow forwarding of packets between same tenant's ports.

            allow_pname = self._get_ippool_name(port['mac_address'], '0')

            self.ipfilters_manager.add_ippool(allow_pname, None)

        # walk through the other internal ports and retrieve their

        # cidrs and at the same time add the new internal port's

        # cidr to them

        port_subnet = port['subnets'][0]['cidr']

        block_subnets = []

        allow_subnets = []

        for internal_port in self.internal_ports:

            if internal_port['mac_address'] == port['mac_address']:

                continue

            if (self.agent_conf.allow_forwarding_between_networks and

                    internal_port['tenant_id'] == port['tenant_id']):

                allow_subnets.append(internal_port['subnets'][0]['cidr'])

                # we need to add the port's subnet to this internal_port's

                # allowed_subnet_pool

                iport_allow_pname = \

                    self._get_ippool_name(internal_port['mac_address'], '0')

                self.ipfilters_manager.add_ippool(iport_allow_pname,

                                                  [port_subnet])

            else:

                block_subnets.append(internal_port['subnets'][0]['cidr'])

                iport_block_pname = \

                    self._get_ippool_name(internal_port['mac_address'])

                self.ipfilters_manager.add_ippool(iport_block_pname,

                                                  [port_subnet])

        # update the new port's pool with other ports' subnet

        self.ipfilters_manager.add_ippool(block_pname, block_subnets)

        if self.agent_conf.allow_forwarding_between_networks:

            self.ipfilters_manager.add_ippool(allow_pname, allow_subnets)

        # now setup the IPF rules

        rules = ['block in quick on %s from %s to pool/%d' %

                 (internal_dlname, port_subnet, block_pname)]

        # pass in packets between networks that belong to same tenant

        if self.agent_conf.allow_forwarding_between_networks:

            rules.append('pass in quick on %s from %s to pool/%d' %

                         (internal_dlname, port_subnet, allow_pname))

        # if the external gateway is already setup for the shared router,

        # then we need to add Policy Based Routing (PBR) for this internal

        # network

        ex_gw_port = self.ex_gw_port

        ex_gw_ip = (ex_gw_port['subnets'][0]['gateway_ip']

                    if ex_gw_port else None)

        if ex_gw_ip:

            external_dlname = self.get_external_device_name(ex_gw_port['id'])

            rules.append('pass in on %s to %s:%s from any to !%s' %

                         (internal_dlname, external_dlname, ex_gw_ip,

                          port_subnet))

        ipversion = netaddr.IPNetwork(port_subnet).version

        self.ipfilters_manager.add_ipf_rules(rules, ipversion)

        if self.agent_conf.enable_metadata_proxy and ipversion == 4:

            rdr_rule = ['rdr %s 169.254.169.254/32 port 80 -> %s port %d tcp' %

                        (internal_dlname, port['fixed_ips'][0]['ip_address'],

                         self.agent_conf.metadata_port)]

            self.ipfilters_manager.add_nat_rules(rdr_rule)

    def internal_network_removed(self, port):

        internal_dlname = self.get_internal_device_name(port['id'])

        port_subnet = port['subnets'][0]['cidr']

        # remove all the IP filter rules that we added during

        # internal network addition

        block_pname = self._get_ippool_name(port['mac_address'])

        rules = ['block in quick on %s from %s to pool/%d' %

                 (internal_dlname, port_subnet, block_pname)]

        if self.agent_conf.allow_forwarding_between_networks:

            allow_pname = self._get_ippool_name(port['mac_address'], '0')

            rules.append('pass in quick on %s from %s to pool/%d' %

                         (internal_dlname, port_subnet, allow_pname))

        # remove all the IP filter rules that we added during

        # external network addition

        ex_gw_port = self.ex_gw_port

        ex_gw_ip = (ex_gw_port['subnets'][0]['gateway_ip']

                    if ex_gw_port else None)

        if ex_gw_ip:

            external_dlname = self.get_external_device_name(ex_gw_port['id'])

            rules.append('pass in on %s to %s:%s from any to !%s' %

                         (internal_dlname, external_dlname, ex_gw_ip,

                          port_subnet))

        ipversion = netaddr.IPNetwork(port['subnets'][0]['cidr']).version

        self.ipfilters_manager.remove_ipf_rules(rules, ipversion)

        # remove the ippool

        self.ipfilters_manager.remove_ippool(block_pname, None)

        if self.agent_conf.allow_forwarding_between_networks:

            self.ipfilters_manager.remove_ippool(allow_pname, None)

        for internal_port in self.internal_ports:

            if (self.agent_conf.allow_forwarding_between_networks and

                    internal_port['tenant_id'] == port['tenant_id']):

                iport_allow_pname = \

                    self._get_ippool_name(internal_port['mac_address'], '0')

                self.ipfilters_manager.remove_ippool(iport_allow_pname,

                                                     [port_subnet])

            else:

                iport_block_pname = \

                    self._get_ippool_name(internal_port['mac_address'])

                self.ipfilters_manager.remove_ippool(iport_block_pname,

                                                     [port_subnet])

        if self.agent_conf.enable_metadata_proxy and ipversion == 4:

            rdr_rule = ['rdr %s 169.254.169.254/32 port 80 -> %s port %d tcp' %

                        (internal_dlname, port['fixed_ips'][0]['ip_address'],

                         self.agent_conf.metadata_port)]

            self.ipfilters_manager.remove_nat_rules(rdr_rule)

        if net_lib.Datalink.datalink_exists(internal_dlname):

            self.driver.fini_l3(internal_dlname)

            self.driver.unplug(internal_dlname)

    def _process_internal_ports(self):

        existing_port_ids = set([p['id'] for p in self.internal_ports])

        internal_ports = self.router.get(l3_constants.INTERFACE_KEY, [])

        current_port_ids = set([p['id'] for p in internal_ports

                                if p['admin_state_up']])

        new_port_ids = current_port_ids - existing_port_ids

        new_ports = [p for p in internal_ports if p['id'] in new_port_ids]

        old_ports = [p for p in self.internal_ports if

                     p['id'] not in current_port_ids]

#         updated_ports = self._get_updated_ports(self.internal_ports,

#                                                 internal_ports)

        enable_ra = False

        for p in new_ports:

            self.internal_network_added(p)

            self.internal_ports.append(p)

            enable_ra = enable_ra or self._port_has_ipv6_subnet(p)

        for p in old_ports:

            self.internal_network_removed(p)

            self.internal_ports.remove(p)

            enable_ra = enable_ra or self._port_has_ipv6_subnet(p)

#         if updated_ports:

#             for index, p in enumerate(internal_ports):

#                 if not updated_ports.get(p['id']):

#                     continue

#                 self.internal_ports[index] = updated_ports[p['id']]

#                 interface_name = self.get_internal_device_name(p['id'])

#                 ip_cidrs = common_utils.fixed_ip_cidrs(p['fixed_ips'])

#                 self.driver.init_l3(interface_name, ip_cidrs=ip_cidrs,

#                         namespace=self.ns_name)

#                 enable_ra = enable_ra or self._port_has_ipv6_subnet(p)

        # Enable RA

        if enable_ra:

            self.radvd.enable(internal_ports)

        # remove any internal stale router interfaces (i.e., l3i.. VNICs)

        existing_devices = self._get_existing_devices()

        current_internal_devs = set(n for n in existing_devices

                                    if n.startswith(INTERNAL_DEV_PREFIX))

        current_port_devs = set(self.get_internal_device_name(port_id)

                                for port_id in current_port_ids)

        stale_devs = current_internal_devs - current_port_devs

        for stale_dev in stale_devs:

            LOG.debug(_('Deleting stale internal router device: %s'),

                      stale_dev)

            self.driver.fini_l3(stale_dev)

            self.driver.unplug(stale_dev)

    def _get_ippool_name(self, mac_address, suffix=None):

        # Generate a unique-name for ippool(1m) from that last 3

        # bytes of mac-address. It is called pool name, but it is

        # actually a 32 bit integer

        name = mac_address.split(':')[3:]

        if suffix:

            name.append(suffix)

        return int("".join(name), 16)

    def process_floating_ip_addresses(self, interface_name):

        """Configure IP addresses on router's external gateway interface.

        Ensures addresses for existing floating IPs and cleans up

        those that should not longer be configured.

        """

        fip_statuses = {}

        if interface_name is None:

            LOG.debug('No Interface for floating IPs router: %s',

                      self.router['id'])

            return fip_statuses

        ipintf = net_lib.IPInterface(interface_name)

        ipaddr_list = ipintf.ipaddr_list()['static']

        existing_cidrs = set(ipaddr_list)

        new_cidrs = set()

        existing_nat_rules = [nat_rule for nat_rule in

                              self.ipfilters_manager.ipv4['nat']]

        new_nat_rules = []

        floating_ips = self.get_floating_ips()

        # Loop once to ensure that floating ips are configured.

        for fip in floating_ips:

            fip_ip = fip['floating_ip_address']

            fip_cidr = str(fip_ip) + FLOATING_IP_CIDR_SUFFIX

            new_cidrs.add(fip_cidr)

            fixed_cidr = str(fip['fixed_ip_address']) + '/32'

            nat_rule = 'bimap %s %s -> %s' % (interface_name, fixed_cidr,

                                              fip_cidr)

            if fip_cidr not in existing_cidrs:

                try:

                    ipintf.create_address(fip_cidr)

                    self.ipfilters_manager.add_nat_rules([nat_rule])

                except Exception as err:

                    # TODO(gmoodalb): If we fail in add_nat_rules(), then

                    # we need to remove the fip_cidr address

                    # any exception occurred here should cause the floating IP

                    # to be set in error state

                    fip_statuses[fip['id']] = (

                        l3_constants.FLOATINGIP_STATUS_ERROR)

                    LOG.warn(_("Unable to configure IP address for "

                               "floating IP: %s: %s") % (fip['id'], err))

                    continue

            fip_statuses[fip['id']] = (

                l3_constants.FLOATINGIP_STATUS_ACTIVE)

            LOG.debug("Floating ip %(id)s added, status %(status)s",

                      {'id': fip['id'],

                       'status': fip_statuses.get(fip['id'])})

            new_nat_rules.append(nat_rule)

        # remove all the old NAT rules

        old_nat_rules = list(set(existing_nat_rules) - set(new_nat_rules))

        # Filter out 'bimap' NAT rules as we don't want to remove NAT rules

        # that were added for Metadata server

        old_nat_rules = [rule for rule in old_nat_rules if "bimap" in rule]

        self.ipfilters_manager.remove_nat_rules(old_nat_rules)

        # Clean up addresses that no longer belong on the gateway interface.

        for ip_cidr in existing_cidrs - new_cidrs:

            if ip_cidr.endswith(FLOATING_IP_CIDR_SUFFIX):

                ipintf.delete_address(ip_cidr)

        return fip_statuses

    # Todo(gmoodalb): need to do more work on ipv6 gateway

    def external_gateway_added(self, ex_gw_port, external_dlname):

                  self.agent_conf.get("external_network_datalink", None)):

                dl.create_vnic(self.agent_conf.external_network_datalink,

        ip_cidrs = common_utils.fixed_ip_cidrs(ex_gw_port['fixed_ips'])

        self.driver.init_l3(external_dlname, ip_cidrs)

        gw_ip = ex_gw_port['subnets'][0]['gateway_ip']

            if 'entry exists' not in stdout:

                self.remove_route = True

            for port in self.internal_ports:

                          port['subnets'][0]['cidr'])]

                ipversion = \

                    netaddr.IPNetwork(port['subnets'][0]['cidr']).version

                self.ipfilters_manager.add_ipf_rules(rules, ipversion)

    def external_gateway_updated(self, ex_gw_port, external_dlname):

    def external_gateway_removed(self, ex_gw_port, external_dlname):

        gw_ip = ex_gw_port['subnets'][0]['gateway_ip']

            for port in self.internal_ports:

                          port['subnets'][0]['cidr'])]

                ipversion = \

                    netaddr.IPNetwork(port['subnets'][0]['cidr']).version

                self.ipfilters_manager.remove_ipf_rules(rules, ipversion)

            if self.remove_route:

    def _process_external_gateway(self, ex_gw_port):

        # TODO(Carl) Refactor to clarify roles of ex_gw_port vs self.ex_gw_port

        ex_gw_port_id = (ex_gw_port and ex_gw_port['id'] or

                         self.ex_gw_port and self.ex_gw_port['id'])

        interface_name = None

        if ex_gw_port_id:

            interface_name = self.get_external_device_name(ex_gw_port_id)

        if ex_gw_port:

            def _gateway_ports_equal(port1, port2):

                def _get_filtered_dict(d, ignore):

                    return dict((k, v) for k, v in d.iteritems()

                                if k not in ignore)

                keys_to_ignore = set(['binding:host_id'])

                port1_filtered = _get_filtered_dict(port1, keys_to_ignore)

                port2_filtered = _get_filtered_dict(port2, keys_to_ignore)

                return port1_filtered == port2_filtered

            if not self.ex_gw_port:

                self.external_gateway_added(ex_gw_port, interface_name)

            elif not _gateway_ports_equal(ex_gw_port, self.ex_gw_port):

                self.external_gateway_updated(ex_gw_port, interface_name)

        elif not ex_gw_port and self.ex_gw_port:

            self.external_gateway_removed(self.ex_gw_port, interface_name)

        # Remove any external stale router interfaces (i.e., l3e.. VNICs)

        existing_devices = self._get_existing_devices()

        stale_devs = [dev for dev in existing_devices

                      if dev.startswith(EXTERNAL_DEV_PREFIX) and

                      dev != interface_name]

        for stale_dev in stale_devs:

            LOG.debug(_('Deleting stale external router device: %s'),

                      stale_dev)

            self.driver.fini_l3(stale_dev)

            self.driver.unplug(stale_dev)

        # Process SNAT rules for external gateway

        self.perform_snat_action(self._handle_router_snat_rules,

                                 interface_name)

    def external_gateway_snat_rules(self, ex_gw_ip, interface_name):

        rules = []

        ip_cidrs = []

        for port in self.internal_ports:

            if netaddr.IPNetwork(port['subnets'][0]['cidr']).version == 4:

                ip_cidrs.extend(common_utils.fixed_ip_cidrs(port['fixed_ips']))