1 # vim: tabstop=4 shiftwidth=4 softtabstop=4

     2 

     3 # Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.

     4 #

     5 #    Licensed under the Apache License, Version 2.0 (the "License"); you may

     6 #    not use this file except in compliance with the License. You may obtain

     7 #    a copy of the License at

     8 #

     9 #         http://www.apache.org/licenses/LICENSE-2.0

    10 #

    11 #    Unless required by applicable law or agreed to in writing, software

    12 #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT

    13 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the

    14 #    License for the specific language governing permissions and limitations

    15 #    under the License.

    16 #

    17 # @author: Girish Moodalbail, Oracle, Inc.

    18 #

    19 

    20 """Implements ipfilter and ipnat rules using Solaris utilities."""

    21 

    22 from quantum.agent.solaris import net_lib

    23 

    24 

    25 class IpfiltersManager(object):

    26     """Wrapper for Solaris IPF commands -- ipf(1m), ipnat(1m),

    27     and ippool(1m)."""

    28 

    29     def __init__(self):

    30         self.ipv4 = {'filter': [], 'nat': []}

    31         self.ipv6 = {'filter': [], 'nat': []}

    32 

    33     def add_ippool(self, number, ip_cidrs):

    34         ippool = net_lib.IppoolCommand(number)

    35         if ip_cidrs:

    36             ippool.add_pool_nodes(ip_cidrs)

    37         else:

    38             ippool.add_pool()

    39 

    40     def remove_ippool(self, number, ip_cidrs):

    41         ippool = net_lib.IppoolCommand(number)

    42         if ip_cidrs:

    43             ippool.remove_pool_nodes(ip_cidrs)

    44         else:

    45             ippool.remove_pool()

    46 

    47     def add_nat_rules(self, rules, version='4'):

    48         # Solaris doesn't support IPv6 NAT rules

    49         assert version == '4'

    50         ipnat = net_lib.IpnatCommand()

    51         ipnat.add_rules(rules)

    52         # we successfully added the nat rules, update the local copy

    53         for rule in rules:

    54             self.ipv4['nat'].append(rule)

    55 

    56     def remove_nat_rules(self, rules, version='4'):

    57         # Solaris doesn't support IPv6 NAT rules

    58         assert version == '4'

    59         ipnat = net_lib.IpnatCommand()

    60         ipnat.remove_rules(rules)

    61         # we successfully removed the nat rules, update the local copy

    62         for rule in rules:

    63             self.ipv4['nat'].remove(rule)

    64 

    65     def add_ipf_rules(self, rules, version='4'):

    66         ipf = net_lib.IpfilterCommand()

    67         ipf.add_rules(rules, version)

    68         version_rules = (self.ipv4['filter'] if version == '4' else

    69                          self.ipv6['filter'])

    70         for rule in rules:

    71             version_rules.append(rule)

    72 

    73     def remove_ipf_rules(self, rules, version='4'):

    74         ipf = net_lib.IpfilterCommand()

    75         ipf.remove_rules(rules, version)

    76         version_rules = (self.ipv4['filter'] if version == '4' else

    77                          self.ipv6['filter'])

    78         for rule in rules:

    79             version_rules.remove(rule)