def __init__(self, profile_id, ip_version, iptables_updater, ipset_mgr):
super(ProfileRules, self).__init__(qualifier=profile_id)
assert profile_id is not None
self.id = profile_id
self.ip_version = ip_version
self._ipset_mgr = ipset_mgr
self._iptables_updater = iptables_updater
self._ipset_refs = RefHelper(self, ipset_mgr, self._on_ipsets_acquired)
# Latest profile update - a profile dictionary.
self._pending_profile = None
# Currently-programmed profile dictionary.
self._profile = None
# State flags.
self._notified_ready = False
self._cleaned_up = False
self._dead = False
self._dirty = True
self.chain_names = {
"inbound": profile_to_chain_name("inbound", profile_id),
"outbound": profile_to_chain_name("outbound", profile_id),
}
_log.info("Profile %s has chain names %s", profile_id,
self.chain_names)
def __init__(self, config, combined_id, ip_type, iptables_updater,
dispatch_chains, rules_manager):
"""
Controls a single local endpoint.
:param combined_id: EndpointId for this endpoint.
:param ip_type: IP type for this endpoint (IPv4 or IPv6)
:param iptables_updater: IptablesUpdater to use
:param dispatch_chains: DispatchChains to use
:param rules_manager: RulesManager to use
"""
super(LocalEndpoint, self).__init__(qualifier="%s(%s)" %
(combined_id.endpoint, ip_type))
assert isinstance(dispatch_chains, DispatchChains)
assert isinstance(rules_manager, RulesManager)
self.combined_id = combined_id
self.config = config
self.ip_type = ip_type
self.ip_version = futils.IP_TYPE_TO_VERSION[ip_type]
if self.ip_type == IPV4:
self.nets_key = "ipv4_nets"
else:
self.nets_key = "ipv6_nets"
self.iptables_updater = iptables_updater
self.dispatch_chains = dispatch_chains
self.rules_mgr = rules_manager
self.rules_ref_helper = RefHelper(self, rules_manager,
self._on_profiles_ready)
# Will be filled in as we learn about the OS interface and the
# endpoint config.
self.endpoint = None
self._mac = None
self._iface_name = None
self._suffix = None
# Track whether the last attempt to program the dataplane succeeded.
# We'll force a reprogram next time we get a kick.
self._failed = False
# And whether we've received an update since last time we programmed.
self._dirty = False
def __init__(self, iptables_generator, profile_id, ip_version,
iptables_updater, ipset_mgr):
super(ProfileRules, self).__init__(qualifier=profile_id)
assert profile_id is not None
self.iptables_generator = iptables_generator
self.id = profile_id
self.ip_version = ip_version
self._ipset_mgr = ipset_mgr
self._iptables_updater = iptables_updater
self._ipset_refs = RefHelper(self, ipset_mgr, self._on_ipsets_acquired)
# Latest profile update - a profile dictionary.
self._pending_profile = None
# Currently-programmed profile dictionary.
self._profile = None
# State flags.
self._notified_ready = False
self._cleaned_up = False
self._dead = False
self._dirty = True
def __init__(self, profile_id, ip_version, iptables_updater, ipset_mgr):
super(ProfileRules, self).__init__(qualifier=profile_id)
assert profile_id is not None
self.id = profile_id
self.ip_version = ip_version
self.ipset_mgr = ipset_mgr
self._iptables_updater = iptables_updater
self.notified_ready = False
self.ipset_refs = RefHelper(self, ipset_mgr, self._maybe_update)
self._profile = None
"""
:type dict|None: filled in by first update. Reset to None on delete.
"""
self.dead = False
self.chain_names = {
"inbound": profile_to_chain_name("inbound", profile_id),
"outbound": profile_to_chain_name("outbound", profile_id),
}
_log.info("Profile %s has chain names %s",
profile_id, self.chain_names)
def __init__(self, config, combined_id, ip_type, iptables_updater,
dispatch_chains, rules_manager, fip_manager, status_reporter):
"""
Controls a single local endpoint.
:param combined_id: EndpointId for this endpoint.
:param ip_type: IP type for this endpoint (IPv4 or IPv6)
:param iptables_updater: IptablesUpdater to use
:param dispatch_chains: DispatchChains to use
:param rules_manager: RulesManager to use
:param fip_manager: FloatingIPManager to use
"""
super(LocalEndpoint, self).__init__(qualifier="%s(%s)" %
(combined_id.endpoint, ip_type))
assert isinstance(rules_manager, RulesManager)
self.config = config
self.iptables_generator = config.plugins["iptables_generator"]
self.combined_id = combined_id
self.ip_type = ip_type
# Other actors we need to talk to.
self.iptables_updater = iptables_updater
self.dispatch_chains = dispatch_chains
self.rules_mgr = rules_manager
self.status_reporter = status_reporter
self.fip_manager = fip_manager
# Helper for acquiring/releasing profiles.
self._rules_ref_helper = RefHelper(self, rules_manager,
self._on_profiles_ready)
# List of global policies that we care about.
self._pol_ids_by_tier = OrderedDict()
# List of explicit profile IDs that we've processed.
self._explicit_profile_ids = None
# Per-batch state.
self._pending_endpoint = None
self._endpoint_update_pending = False
self._mac_changed = False
# IPs that no longer belong to this endpoint and need cleaning up.
self._removed_ips = set()
# Current endpoint data.
self.endpoint = None
# Will be filled in as we learn about the OS interface and the
# endpoint config.
self._mac = None
self._iface_name = None
self._suffix = None
# Track the success/failure of our dataplane programming.
self._chains_programmed = False
self._iptables_in_sync = False
self._device_in_sync = False
self._profile_ids_dirty = False
# Oper-state of the Linux interface.
self._device_is_up = None # Unknown
# Our last status report. Used for de-dupe.
self._last_status = None
# One-way flags to indicate that we should clean up/have cleaned up.
self._unreferenced = False
self._added_to_dispatch_chains = False
self._cleaned_up = False
def setUp(self):
super(TestRefHelper, self).setUp()
self._rh = RefHelper(self._rm, self._rm, self._rm.ready_callback)
def __init__(self, config, combined_id, ip_type, iptables_updater,
dispatch_chains, rules_manager, status_reporter):
"""
Controls a single local endpoint.
:param combined_id: EndpointId for this endpoint.
:param ip_type: IP type for this endpoint (IPv4 or IPv6)
:param iptables_updater: IptablesUpdater to use
:param dispatch_chains: DispatchChains to use
:param rules_manager: RulesManager to use
"""
super(LocalEndpoint, self).__init__(qualifier="%s(%s)" %
(combined_id.endpoint, ip_type))
assert isinstance(dispatch_chains, DispatchChains)
assert isinstance(rules_manager, RulesManager)
self.config = config
self.combined_id = combined_id
self.ip_type = ip_type
# Other actors we need to talk to.
self.iptables_updater = iptables_updater
self.dispatch_chains = dispatch_chains
self.rules_mgr = rules_manager
self.status_reporter = status_reporter
# Helper for acquiring/releasing profiles.
self.rules_ref_helper = RefHelper(self, rules_manager,
self._on_profiles_ready)
# Per-batch state.
self._pending_endpoint = None
self._endpoint_update_pending = False
self._mac_changed = False
# Current endpoint data.
self.endpoint = None
# Will be filled in as we learn about the OS interface and the
# endpoint config.
self._mac = None
self._iface_name = None
self._suffix = None
# Track the success/failure of our dataplane programming.
self._chains_programmed = False
self._iptables_in_sync = False
self._device_in_sync = False
self._device_has_been_in_sync = False
# Oper-state of the Linux interface.
self._device_is_up = None # Unknown
# Our last status report. Used for de-dupe.
self._last_status = None
# One-way flags to indicate that we should clean up/have cleaned up.
self._unreferenced = False
self._added_to_dispatch_chains = False
self._cleaned_up = False
