Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openstack/neutron/files/agent/solaris/ipfilters_manager.py
author Girish Moodalbail <Girish.Moodalbail@oracle.COM>
Fri, 03 Oct 2014 10:20:17 -0700
branchs11u2-sru
changeset 3364 25975ce9e810
parent 3178 77584387a894
permissions -rw-r--r--
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c 19582425 Policy Based Routing (PBR) for Neutron L3 agent

# vim: tabstop=4 shiftwidth=4 softtabstop=4

# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
#
# @author: Girish Moodalbail, Oracle, Inc.
#

"""Implements ipfilter and ipnat rules using Solaris utilities."""

from neutron.agent.solaris import net_lib


class IPfiltersManager(object):
    """Wrapper for Solaris IPF commands -- ipf(1m), ipnat(1m),
    and ippool(1m)."""

    def __init__(self):
        self.ipv4 = {'filter': [], 'nat': []}
        self.ipv6 = {'filter': [], 'nat': []}

    def add_ippool(self, number, ip_cidrs):
        ippool = net_lib.IPpoolCommand(number)
        if ip_cidrs:
            ippool.add_pool_nodes(ip_cidrs)
        else:
            ippool.add_pool()

    def remove_ippool(self, number, ip_cidrs):
        ippool = net_lib.IPpoolCommand(number)
        if ip_cidrs:
            ippool.remove_pool_nodes(ip_cidrs)
        else:
            ippool.remove_pool()

    def add_nat_rules(self, rules):
        ipnat = net_lib.IPnatCommand()
        ipnat.add_rules(rules)
        # we successfully added the nat rules, update the local copy
        for rule in rules:
            self.ipv4['nat'].append(rule)

    def remove_nat_rules(self, rules):
        ipnat = net_lib.IPnatCommand()
        ipnat.remove_rules(rules)
        # we successfully removed the nat rules, update the local copy
        for rule in rules:
            self.ipv4['nat'].remove(rule)

    def add_ipf_rules(self, rules, version=4):
        ipf = net_lib.IPfilterCommand()
        ipf.add_rules(rules, version)
        version_rules = (self.ipv4['filter'] if version == 4 else
                         self.ipv6['filter'])
        for rule in rules:
            version_rules.append(rule)

    def remove_ipf_rules(self, rules, version=4):
        ipf = net_lib.IPfilterCommand()
        ipf.remove_rules(rules, version)
        version_rules = (self.ipv4['filter'] if version == 4 else
                         self.ipv6['filter'])
        for rule in rules:
            version_rules.remove(rule)
upstream/oracle/userland-gate