def _create(self, tag_id_or_sel):
if isinstance(tag_id_or_sel, SelectorExpression):
_log.debug("Creating ipset for expression %s", tag_id_or_sel)
sel = tag_id_or_sel
self._label_index.on_expression_update(sel, sel)
ipset_name = futils.uniquely_shorten(sel.unique_id,
MAX_NAME_LENGTH)
self._process_stopped_label_matches()
self._process_started_label_matches()
else:
_log.debug("Creating ipset for tag %s", tag_id_or_sel)
ipset_name = futils.uniquely_shorten(tag_id_or_sel,
MAX_NAME_LENGTH)
active_ipset = RefCountedIpsetActor(
ipset_name, self.ip_type, max_elem=self._config.MAX_IPSET_SIZE)
return active_ipset
def test_uniquely_shorten(self):
for inp, length, exp in UNIQUE_SHORTEN_TESTS:
output = futils.uniquely_shorten(inp, length)
self.assertTrue(len(output) <= length)
self.assertEqual(exp, output, "Input %r truncated to length %s "
"should have given output "
"%r but got %r" %
(inp, length, exp, output))
def test_uniquely_shorten(self):
for inp, length, exp in UNIQUE_SHORTEN_TESTS:
output = futils.uniquely_shorten(inp, length)
self.assertTrue(len(output) <= length)
self.assertEqual(
exp, output, "Input %r truncated to length %s "
"should have given output "
"%r but got %r" % (inp, length, exp, output))
def _create(self, tag_id_or_sel):
if isinstance(tag_id_or_sel, SelectorExpression):
_log.debug("Creating ipset for expression %s", tag_id_or_sel)
sel = tag_id_or_sel
self._label_index.on_expression_update(sel, sel)
ipset_name = futils.uniquely_shorten(sel.unique_id,
MAX_NAME_LENGTH)
self._process_stopped_label_matches()
self._process_started_label_matches()
else:
_log.debug("Creating ipset for tag %s", tag_id_or_sel)
ipset_name = futils.uniquely_shorten(tag_id_or_sel,
MAX_NAME_LENGTH)
active_ipset = RefCountedIpsetActor(
ipset_name,
self.ip_type,
max_elem=self._config.MAX_IPSET_SIZE
)
return active_ipset
def profile_to_chain_name(inbound_or_outbound, profile_id):
"""
Returns the name of the chain to use for a given profile. The profile ID
that we are supplied might be (far) too long for us to use, but truncating
it is dangerous (for example, in OpenStack the profile is the ID of each
security group in use, joined with underscores). Hence we make a unique
string out of it and use that.
"""
profile_string = futils.uniquely_shorten(profile_id, 16)
return CHAIN_PROFILE_PREFIX + "%s-%s" % (profile_string,
inbound_or_outbound[:1])
def profile_to_chain_name(inbound_or_outbound, profile_id):
"""
Returns the name of the chain to use for a given profile. The profile ID
that we are supplied might be (far) too long for us to use, but truncating
it is dangerous (for example, in OpenStack the profile is the ID of each
security group in use, joined with underscores). Hence we make a unique
string out of it and use that.
"""
profile_string = futils.uniquely_shorten(profile_id, 16)
return CHAIN_PROFILE_PREFIX + "%s-%s" % (profile_string,
inbound_or_outbound[:1])
def interface_to_chain_suffix(config, iface_name):
"""
Extracts the suffix from a given interface name, uniquely shortening it
to 16 characters if necessary.
:param iface_name: The interface name
:returns string: the suffix (shortened if necessary)
"""
suffix = iface_name.replace(config.IFACE_PREFIX, "", 1)
# The suffix is surely not very long, but make sure.
suffix = futils.uniquely_shorten(suffix, 16)
return suffix
def interface_to_suffix(config, iface_name):
"""
Extracts the suffix from a given interface name, uniquely shortening it
to 16 characters if necessary.
:param iface_name: The interface name
:returns string: the suffix (shortened if necessary)
"""
suffix = iface_name.replace(config.IFACE_PREFIX, "", 1)
# The suffix is surely not very long, but make sure.
suffix = futils.uniquely_shorten(suffix, 16)
return suffix
def interface_to_chain_suffix(config, iface_name):
"""
Extracts the suffix from a given interface name, uniquely shortening it
to 16 characters if necessary.
:param iface_name: The interface name
:returns string: the suffix (shortened if necessary)
"""
for prefix in sorted(config.IFACE_PREFIX, reverse=True):
if iface_name.startswith(prefix):
iface_name = iface_name[len(prefix):]
break
iface_name = futils.uniquely_shorten(iface_name, 16)
return iface_name
def _create(self, tag_id):
# Create the ActiveIpset, and put a message on the queue that will
# trigger it to update the ipset as soon as it starts. Note that we do
# this now so that it is sure to be processed with the first batch even
# if other messages are arriving.
active_ipset = ActiveIpset(futils.uniquely_shorten(tag_id, 16),
self.ip_type)
members = set()
for ep_id in self.endpoint_ids_by_tag.get(tag_id, set()):
ep = self.endpoints_by_ep_id.get(ep_id, {})
nets = self.nets_key
members.update(map(futils.net_to_ip, ep.get(nets, [])))
active_ipset.replace_members(members, async=True)
return active_ipset
def _create(self, tag_id):
# Create the ActiveIpset, and put a message on the queue that will
# trigger it to update the ipset as soon as it starts. Note that we do
# this now so that it is sure to be processed with the first batch even
# if other messages are arriving.
active_ipset = ActiveIpset(futils.uniquely_shorten(tag_id, 16),
self.ip_type)
members = set()
for ep_id in self.endpoint_ids_by_tag.get(tag_id, set()):
ep = self.endpoints_by_ep_id.get(ep_id, {})
nets = self.nets_key
members.update(map(futils.net_to_ip, ep.get(nets, [])))
active_ipset.replace_members(members, async=True)
return active_ipset
def _profile_to_chain_name(self, inbound_or_outbound, profile_id):
"""
Returns the name of the chain to use for a given profile (and
direction).
The profile ID that we are supplied might be (far) too long for us
to use, but truncating it is dangerous (for example, in OpenStack
the profile is the ID of each security group in use, joined with
underscores). Hence we make a unique string out of it and use that.
:param inbound_or_outbound: Either "inbound" or "outbound".
:param profile_id: The profile ID we want to know a name for.
:returns string: The name of the chain
"""
profile_string = futils.uniquely_shorten(profile_id, 16)
return CHAIN_PROFILE_PREFIX + "%s-%s" % (profile_string,
inbound_or_outbound[:1])
def _create(self, tag_id):
active_ipset = TagIpset(futils.uniquely_shorten(tag_id, 16),
self.ip_type,
max_elem=self._config.MAX_IPSET_SIZE)
return active_ipset
def _create(self, tag_id):
active_ipset = ActiveIpset(futils.uniquely_shorten(tag_id, 16),
self.ip_type)
return active_ipset
def _create(self, tag_id):
active_ipset = TagIpset(futils.uniquely_shorten(tag_id, 16),
self.ip_type,
max_elem=self._config.MAX_IPSET_SIZE)
return active_ipset
def interface_to_suffix(config, iface_name):
suffix = iface_name.replace(config.IFACE_PREFIX, "", 1)
# The suffix is surely not very long, but make sure.
suffix = futils.uniquely_shorten(suffix, 16)
return suffix
def interface_to_suffix(config, iface_name):
suffix = iface_name.replace(config.IFACE_PREFIX, "", 1)
# The suffix is surely not very long, but make sure.
suffix = futils.uniquely_shorten(suffix, 16)
return suffix
def _create(self, tag_id):
active_ipset = TagIpset(futils.uniquely_shorten(tag_id, 16),
self.ip_type)
return active_ipset
