17 # @author: Girish Moodalbail, Oracle, Inc. |
17 # @author: Girish Moodalbail, Oracle, Inc. |
18 # |
18 # |
19 |
19 |
20 """Implements ipfilter and ipnat rules using Solaris utilities.""" |
20 """Implements ipfilter and ipnat rules using Solaris utilities.""" |
21 |
21 |
22 from quantum.agent.solaris import net_lib |
22 from neutron.agent.solaris import net_lib |
23 |
23 |
24 |
24 |
25 class IpfiltersManager(object): |
25 class IPfiltersManager(object): |
26 """Wrapper for Solaris IPF commands -- ipf(1m), ipnat(1m), |
26 """Wrapper for Solaris IPF commands -- ipf(1m), ipnat(1m), |
27 and ippool(1m).""" |
27 and ippool(1m).""" |
28 |
28 |
29 def __init__(self): |
29 def __init__(self): |
30 self.ipv4 = {'filter': [], 'nat': []} |
30 self.ipv4 = {'filter': [], 'nat': []} |
31 self.ipv6 = {'filter': [], 'nat': []} |
31 self.ipv6 = {'filter': [], 'nat': []} |
32 |
32 |
33 def add_ippool(self, number, ip_cidrs): |
33 def add_ippool(self, number, ip_cidrs): |
34 ippool = net_lib.IppoolCommand(number) |
34 ippool = net_lib.IPpoolCommand(number) |
35 if ip_cidrs: |
35 if ip_cidrs: |
36 ippool.add_pool_nodes(ip_cidrs) |
36 ippool.add_pool_nodes(ip_cidrs) |
37 else: |
37 else: |
38 ippool.add_pool() |
38 ippool.add_pool() |
39 |
39 |
40 def remove_ippool(self, number, ip_cidrs): |
40 def remove_ippool(self, number, ip_cidrs): |
41 ippool = net_lib.IppoolCommand(number) |
41 ippool = net_lib.IPpoolCommand(number) |
42 if ip_cidrs: |
42 if ip_cidrs: |
43 ippool.remove_pool_nodes(ip_cidrs) |
43 ippool.remove_pool_nodes(ip_cidrs) |
44 else: |
44 else: |
45 ippool.remove_pool() |
45 ippool.remove_pool() |
46 |
46 |
47 def add_nat_rules(self, rules, version='4'): |
47 def add_nat_rules(self, rules, version='4'): |
48 # Solaris doesn't support IPv6 NAT rules |
48 # Solaris doesn't support IPv6 NAT rules |
49 assert version == '4' |
49 assert version == '4' |
50 ipnat = net_lib.IpnatCommand() |
50 ipnat = net_lib.IPnatCommand() |
51 ipnat.add_rules(rules) |
51 ipnat.add_rules(rules) |
52 # we successfully added the nat rules, update the local copy |
52 # we successfully added the nat rules, update the local copy |
53 for rule in rules: |
53 for rule in rules: |
54 self.ipv4['nat'].append(rule) |
54 self.ipv4['nat'].append(rule) |
55 |
55 |
56 def remove_nat_rules(self, rules, version='4'): |
56 def remove_nat_rules(self, rules, version='4'): |
57 # Solaris doesn't support IPv6 NAT rules |
57 # Solaris doesn't support IPv6 NAT rules |
58 assert version == '4' |
58 assert version == '4' |
59 ipnat = net_lib.IpnatCommand() |
59 ipnat = net_lib.IPnatCommand() |
60 ipnat.remove_rules(rules) |
60 ipnat.remove_rules(rules) |
61 # we successfully removed the nat rules, update the local copy |
61 # we successfully removed the nat rules, update the local copy |
62 for rule in rules: |
62 for rule in rules: |
63 self.ipv4['nat'].remove(rule) |
63 self.ipv4['nat'].remove(rule) |
64 |
64 |
65 def add_ipf_rules(self, rules, version='4'): |
65 def add_ipf_rules(self, rules, version='4'): |
66 ipf = net_lib.IpfilterCommand() |
66 ipf = net_lib.IPfilterCommand() |
67 ipf.add_rules(rules, version) |
67 ipf.add_rules(rules, version) |
68 version_rules = (self.ipv4['filter'] if version == '4' else |
68 version_rules = (self.ipv4['filter'] if version == '4' else |
69 self.ipv6['filter']) |
69 self.ipv6['filter']) |
70 for rule in rules: |
70 for rule in rules: |
71 version_rules.append(rule) |
71 version_rules.append(rule) |
72 |
72 |
73 def remove_ipf_rules(self, rules, version='4'): |
73 def remove_ipf_rules(self, rules, version='4'): |
74 ipf = net_lib.IpfilterCommand() |
74 ipf = net_lib.IPfilterCommand() |
75 ipf.remove_rules(rules, version) |
75 ipf.remove_rules(rules, version) |
76 version_rules = (self.ipv4['filter'] if version == '4' else |
76 version_rules = (self.ipv4['filter'] if version == '4' else |
77 self.ipv6['filter']) |
77 self.ipv6['filter']) |
78 for rule in rules: |
78 for rule in rules: |
79 version_rules.remove(rule) |
79 version_rules.remove(rule) |