def __init__(self, profile_id, ip_version, iptables_updater, ipset_mgr): super(ProfileRules, self).__init__(qualifier=profile_id) assert profile_id is not None self.id = profile_id self.ip_version = ip_version self._ipset_mgr = ipset_mgr self._iptables_updater = iptables_updater self._ipset_refs = RefHelper(self, ipset_mgr, self._on_ipsets_acquired) # Latest profile update - a profile dictionary. self._pending_profile = None # Currently-programmed profile dictionary. self._profile = None # State flags. self._notified_ready = False self._cleaned_up = False self._dead = False self._dirty = True self.chain_names = { "inbound": profile_to_chain_name("inbound", profile_id), "outbound": profile_to_chain_name("outbound", profile_id), } _log.info("Profile %s has chain names %s", profile_id, self.chain_names)
def __init__(self, config, combined_id, ip_type, iptables_updater, dispatch_chains, rules_manager): """ Controls a single local endpoint. :param combined_id: EndpointId for this endpoint. :param ip_type: IP type for this endpoint (IPv4 or IPv6) :param iptables_updater: IptablesUpdater to use :param dispatch_chains: DispatchChains to use :param rules_manager: RulesManager to use """ super(LocalEndpoint, self).__init__(qualifier="%s(%s)" % (combined_id.endpoint, ip_type)) assert isinstance(dispatch_chains, DispatchChains) assert isinstance(rules_manager, RulesManager) self.combined_id = combined_id self.config = config self.ip_type = ip_type self.ip_version = futils.IP_TYPE_TO_VERSION[ip_type] if self.ip_type == IPV4: self.nets_key = "ipv4_nets" else: self.nets_key = "ipv6_nets" self.iptables_updater = iptables_updater self.dispatch_chains = dispatch_chains self.rules_mgr = rules_manager self.rules_ref_helper = RefHelper(self, rules_manager, self._on_profiles_ready) # Will be filled in as we learn about the OS interface and the # endpoint config. self.endpoint = None self._mac = None self._iface_name = None self._suffix = None # Track whether the last attempt to program the dataplane succeeded. # We'll force a reprogram next time we get a kick. self._failed = False # And whether we've received an update since last time we programmed. self._dirty = False
def __init__(self, iptables_generator, profile_id, ip_version, iptables_updater, ipset_mgr): super(ProfileRules, self).__init__(qualifier=profile_id) assert profile_id is not None self.iptables_generator = iptables_generator self.id = profile_id self.ip_version = ip_version self._ipset_mgr = ipset_mgr self._iptables_updater = iptables_updater self._ipset_refs = RefHelper(self, ipset_mgr, self._on_ipsets_acquired) # Latest profile update - a profile dictionary. self._pending_profile = None # Currently-programmed profile dictionary. self._profile = None # State flags. self._notified_ready = False self._cleaned_up = False self._dead = False self._dirty = True
def __init__(self, profile_id, ip_version, iptables_updater, ipset_mgr): super(ProfileRules, self).__init__(qualifier=profile_id) assert profile_id is not None self.id = profile_id self.ip_version = ip_version self.ipset_mgr = ipset_mgr self._iptables_updater = iptables_updater self.notified_ready = False self.ipset_refs = RefHelper(self, ipset_mgr, self._maybe_update) self._profile = None """ :type dict|None: filled in by first update. Reset to None on delete. """ self.dead = False self.chain_names = { "inbound": profile_to_chain_name("inbound", profile_id), "outbound": profile_to_chain_name("outbound", profile_id), } _log.info("Profile %s has chain names %s", profile_id, self.chain_names)
def __init__(self, config, combined_id, ip_type, iptables_updater, dispatch_chains, rules_manager, fip_manager, status_reporter): """ Controls a single local endpoint. :param combined_id: EndpointId for this endpoint. :param ip_type: IP type for this endpoint (IPv4 or IPv6) :param iptables_updater: IptablesUpdater to use :param dispatch_chains: DispatchChains to use :param rules_manager: RulesManager to use :param fip_manager: FloatingIPManager to use """ super(LocalEndpoint, self).__init__(qualifier="%s(%s)" % (combined_id.endpoint, ip_type)) assert isinstance(rules_manager, RulesManager) self.config = config self.iptables_generator = config.plugins["iptables_generator"] self.combined_id = combined_id self.ip_type = ip_type # Other actors we need to talk to. self.iptables_updater = iptables_updater self.dispatch_chains = dispatch_chains self.rules_mgr = rules_manager self.status_reporter = status_reporter self.fip_manager = fip_manager # Helper for acquiring/releasing profiles. self._rules_ref_helper = RefHelper(self, rules_manager, self._on_profiles_ready) # List of global policies that we care about. self._pol_ids_by_tier = OrderedDict() # List of explicit profile IDs that we've processed. self._explicit_profile_ids = None # Per-batch state. self._pending_endpoint = None self._endpoint_update_pending = False self._mac_changed = False # IPs that no longer belong to this endpoint and need cleaning up. self._removed_ips = set() # Current endpoint data. self.endpoint = None # Will be filled in as we learn about the OS interface and the # endpoint config. self._mac = None self._iface_name = None self._suffix = None # Track the success/failure of our dataplane programming. self._chains_programmed = False self._iptables_in_sync = False self._device_in_sync = False self._profile_ids_dirty = False # Oper-state of the Linux interface. self._device_is_up = None # Unknown # Our last status report. Used for de-dupe. self._last_status = None # One-way flags to indicate that we should clean up/have cleaned up. self._unreferenced = False self._added_to_dispatch_chains = False self._cleaned_up = False
def setUp(self): super(TestRefHelper, self).setUp() self._rh = RefHelper(self._rm, self._rm, self._rm.ready_callback)
def __init__(self, config, combined_id, ip_type, iptables_updater, dispatch_chains, rules_manager, status_reporter): """ Controls a single local endpoint. :param combined_id: EndpointId for this endpoint. :param ip_type: IP type for this endpoint (IPv4 or IPv6) :param iptables_updater: IptablesUpdater to use :param dispatch_chains: DispatchChains to use :param rules_manager: RulesManager to use """ super(LocalEndpoint, self).__init__(qualifier="%s(%s)" % (combined_id.endpoint, ip_type)) assert isinstance(dispatch_chains, DispatchChains) assert isinstance(rules_manager, RulesManager) self.config = config self.combined_id = combined_id self.ip_type = ip_type # Other actors we need to talk to. self.iptables_updater = iptables_updater self.dispatch_chains = dispatch_chains self.rules_mgr = rules_manager self.status_reporter = status_reporter # Helper for acquiring/releasing profiles. self.rules_ref_helper = RefHelper(self, rules_manager, self._on_profiles_ready) # Per-batch state. self._pending_endpoint = None self._endpoint_update_pending = False self._mac_changed = False # Current endpoint data. self.endpoint = None # Will be filled in as we learn about the OS interface and the # endpoint config. self._mac = None self._iface_name = None self._suffix = None # Track the success/failure of our dataplane programming. self._chains_programmed = False self._iptables_in_sync = False self._device_in_sync = False self._device_has_been_in_sync = False # Oper-state of the Linux interface. self._device_is_up = None # Unknown # Our last status report. Used for de-dupe. self._last_status = None # One-way flags to indicate that we should clean up/have cleaned up. self._unreferenced = False self._added_to_dispatch_chains = False self._cleaned_up = False