def _add_tn_router_interface(self, context, router_id, port, ip):
client = tnos_router.get_tn_client(context, router_id)
if port['device_owner'] in [neu_l3_db.DEVICE_OWNER_ROUTER_GW]:
tn_intf = tnos_router.add_intf(context, router_id, port['id'], True)
if tn_intf is not None:
tnos_router.cfg_intf_ip(context, router_id, tn_intf, ip+'/24')
default_snat = tnos_firewall.TNSnatRule.create(context, router_id, tnos_firewall.TNOS_NAT_TRANS['trans-to'],
inner_id=tnos_firewall.TNOS_RULE_ID_MAX,
trans_addr=ip+'/32')
LOG.debug('trace')
tnos_firewall.TNSnatRule.add_apply(context, client, default_snat)
else:
tn_intf = tnos_router.add_intf(context, router_id, port['id'], False)
if tn_intf is not None:
tnos_router.cfg_intf_ip(context, router_id, tn_intf, ip+'/24')
snat = tnos_firewall.TNSnatRule.create(context, router_id,
tnos_firewall.TNOS_NAT_TRANS['no-trans'], dstaddr=ip+'/24')
tnos_firewall.TNSnatRule.add_apply(context, client, snat)
default_snat = tnos_firewall.TNSnatRule.get(context, router_id=router_id,
inner_id=tnos_firewall.TNOS_RULE_ID_MAX)
if default_snat is not None:
tnos_firewall.TNSnatRule.move_apply(context, client, snat, default_snat,
tnos_firewall.TNOS_INSERT_RULE_ACTION['insert_before'])
def remove_rule_and_apply(context, fw, rule_id):
router_ids = fw.router_ids.split(',')
for router_id in router_ids:
client = tnos.get_tn_client(context, router_id)
if client != None:
policy = TNPolicy.get(context, id=fw.policy_id)
TNPolicy.remove_rule_and_apply(context, client, policy, rule_id)
else:
LOG.debug('error')
def move_rule_apply(context, fw, src_rule_id, dst_rule_id, action):
router_ids = fw.router_ids.split(',')
for router_id in router_ids:
client = tnos.get_tn_client(context, router_id)
if client != None:
policy = TNPolicy.get(context, id=fw.policy_id)
TNPolicy.insert_rule_apply(context, client, policy, src_rule_id, dst_rule_id, action)
else:
LOG.debug('error')
def remove_router_interface(self, context, router_id, interface_info):
"""Deletes vlink, default router from Tsinghuanet device."""
LOG.debug("TNL3ServicePlugin.remove_router_interface called: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r",
{'router_id': router_id, 'interface_info': interface_info})
info = super(TNL3ServicePlugin, self).remove_router_interface(context, router_id, interface_info)
#with context.session.begin(subtransactions=True):
client = tnos_router.get_tn_client(context, router_id)
self._remove_tn_router_interface(context, router_id, port_id=interface_info['port_id'])
return info
def unapply_to_router(context, fw, router_id):
LOG.debug('router ids %s', fw.router_ids)
router_ids = fw.router_ids.split(',')
if router_id in router_ids:
LOG.debug('trace')
router_ids.remove(router_id)
router_ids = ','.join(router_ids)
TNFirewall.update(context, fw, router_ids=router_ids)
client = tnos.get_tn_client(context, router_id)
if client != None:
rules = TNRule.gets(context, policy_id=fw.policy_id)
for rule in rules:
TNRule.del_apply(context, client, rule)
else:
LOG.debug('error')
def tn_firewall_start(context):
tn_fws = TNFirewall.get_list(context)
for fw in tn_fws:
if fw.router_ids is not None:
router_ids = fw.router_ids.split(',')
for router_id in router_ids:
client = tnos.get_tn_client(context, router_id)
if client != None:
rules = TNRule.gets(context, policy_id=fw.policy_id)
for rule in rules:
TNRule.add_apply(context, client, rule)
else:
LOG.debug('error')
def apply_to_router(context, fw, router_id):
if fw.router_ids is not None:
router_ids = fw.router_ids.split(',')
else:
router_ids = []
if router_id not in router_ids:
router_ids.append(router_id)
LOG.debug('router ids %s', router_ids)
router_ids = ','.join(router_ids)
LOG.debug('router ids %s', router_ids)
TNFirewall.update(context, fw, router_ids=router_ids)
client = tnos.get_tn_client(context, router_id)
if client != None:
rules = TNRule.gets(context, policy_id=fw.policy_id)
for rule in rules:
TNRule.add_apply(context, client, rule)
else:
LOG.debug('error')
def _remove_tn_router_interface(self, context, router_id, port_id=None, is_gw=False):
client = tnos_router.get_tn_client(context, router_id)
# with context.session.begin(subtransactions=True):
if is_gw == True:
tn_intf = tnos_router.get_intf(context, router_id=router_id, is_gw='True')
if port_id is not None:
tn_intf = tnos_router.get_intf(context, id=port_id)
LOG.debug(tn_intf)
if tn_intf is not None:
if is_gw == True:
default_snat = tnos_firewall.TNSnatRule.get(context, router_id=router_id,
inner_id=tnos_firewall.TNOS_RULE_ID_MAX)
tnos_firewall.TNSnatRule.del_apply(context, client, default_snat)
tnos_firewall.TNSnatRule.delete(context, default_snat)
else:
snat = tnos_firewall.TNSnatRule.get(context, router_id=router_id, dstaddr=tn_intf.ip_prefix)
tnos_firewall.TNSnatRule.del_apply(context, client, snat)
tnos_firewall.TNSnatRule.delete(context, snat)
tnos_router.del_intf(context, router_id, intf_id=tn_intf.id)
def main_test(context):
router_id = 'fe2b9562-95a3-4c3b-9aa5-d61d7ba32048'
'''
tn_fw = TNFirewall.create(context, '111111111', 'test1', 'test1-desc')
tn_policy = TNFirewall.add_policy(context, tn_fw, '111111', 'test1-desc')
rule_info = {
'protocol': u'tcp', 'description': u'123', 'source_port': None, 'source_ip_address': u'10.1.1.1/24',
'destination_ip_address': None, 'firewall_policy_id': u'111111',
'position': 1, 'destination_port': None, 'id': u'5683780b-77d3-4d1b-acb7-4360b7f48347',
'name': u'test-rule-1', 'tenant_id': u'38f7e18b122949f39473e8c6d76aae19', 'enabled': True,
'action': 'allow', 'ip_version': 4, 'shared': False, 'project_id': u'38f7e18b122949f39473e8c6d76aae19'
}
TNPolicy.add_rule(context, tn_policy, rule_info)
rule_info = {
'protocol': u'tcp', 'description': u'123', 'source_port': None, 'source_ip_address': None,
'destination_ip_address': u'20.1.1.1/24', 'firewall_policy_id': u'111111',
'position': 1, 'destination_port': None, 'id': u'5683780b-77d3-4d1b-acb7-4360b7f48348',
'name': u'test-rule-2', 'tenant_id': u'38f7e18b122949f39473e8c6d76aae19', 'enabled': True,
'action': 'allow', 'ip_version': 4, 'shared': False, 'project_id': u'38f7e18b122949f39473e8c6d76aae19'
}
TNPolicy.add_rule(context, tn_policy, rule_info)
TNFirewall.apply_to_router(context, tn_fw, router_id)
tn_fw = TNFirewall.get(context, id='111111111')
rule_info = {
'protocol': u'icmp', 'description': u'123', 'source_port': None, 'source_ip_address': u'10.1.1.1/24',
'destination_ip_address': None, 'firewall_policy_id': u'111111',
'position': 1, 'destination_port': None, 'id': u'5683780b-77d3-4d1b-acb7-4360b7f48349',
'name': u'test-rule-3', 'tenant_id': u'38f7e18b122949f39473e8c6d76aae19', 'enabled': True,
'action': 'allow', 'ip_version': 4, 'shared': False, 'project_id': u'38f7e18b122949f39473e8c6d76aae19'
}
TNFirewall.add_rule_and_apply(context, tn_fw, rule_info)
#TNFirewall.remove_rule_and_apply(context, tn_fw, '5683780b-77d3-4d1b-acb7-4360b7f48349')
TNFirewall.move_rule_apply(context, tn_fw, '5683780b-77d3-4d1b-acb7-4360b7f48349',
'5683780b-77d3-4d1b-acb7-4360b7f48347', TNOS_INSERT_RULE_ACTION['insert_before'])
TNFirewall.unapply_to_router(context, tn_fw, router_id)
TNFirewall.delete(context, tn_fw)
'''
client = tnos.get_tn_client(context, router_id)
'''
default_snat = TNSnatRule.create(context, router_id, TNOS_NAT_TRANS['trans-to'], inner_id=TNOS_RULE_ID_MAX, trans_addr='172.24.4.10/32')
TNSnatRule.add_apply(context, client, default_snat)
snat = TNSnatRule.create(context, router_id, TNOS_NAT_TRANS['no-trans'], srcaddr='10.1.1.1/24')
TNSnatRule.add_apply(context, client, snat)
'''
default_snat = TNSnatRule.get(context, router_id=router_id, inner_id=TNOS_RULE_ID_MAX)
snat = TNSnatRule.get(context, router_id=router_id, srcaddr='10.1.1.1/24')
#TNSnatRule.move_apply(context, client, snat, default_snat, TNOS_INSERT_RULE_ACTION['insert_before'])
TNSnatRule.del_apply(context, client, default_snat)
TNSnatRule.del_apply(context, client, snat)
TNSnatRule.delete(context, default_snat)
TNSnatRule.delete(context, snat)
