def _add_tn_router_interface(self, context, router_id, port, ip): client = tnos_router.get_tn_client(context, router_id) if port['device_owner'] in [neu_l3_db.DEVICE_OWNER_ROUTER_GW]: tn_intf = tnos_router.add_intf(context, router_id, port['id'], True) if tn_intf is not None: tnos_router.cfg_intf_ip(context, router_id, tn_intf, ip+'/24') default_snat = tnos_firewall.TNSnatRule.create(context, router_id, tnos_firewall.TNOS_NAT_TRANS['trans-to'], inner_id=tnos_firewall.TNOS_RULE_ID_MAX, trans_addr=ip+'/32') LOG.debug('trace') tnos_firewall.TNSnatRule.add_apply(context, client, default_snat) else: tn_intf = tnos_router.add_intf(context, router_id, port['id'], False) if tn_intf is not None: tnos_router.cfg_intf_ip(context, router_id, tn_intf, ip+'/24') snat = tnos_firewall.TNSnatRule.create(context, router_id, tnos_firewall.TNOS_NAT_TRANS['no-trans'], dstaddr=ip+'/24') tnos_firewall.TNSnatRule.add_apply(context, client, snat) default_snat = tnos_firewall.TNSnatRule.get(context, router_id=router_id, inner_id=tnos_firewall.TNOS_RULE_ID_MAX) if default_snat is not None: tnos_firewall.TNSnatRule.move_apply(context, client, snat, default_snat, tnos_firewall.TNOS_INSERT_RULE_ACTION['insert_before'])
def remove_rule_and_apply(context, fw, rule_id): router_ids = fw.router_ids.split(',') for router_id in router_ids: client = tnos.get_tn_client(context, router_id) if client != None: policy = TNPolicy.get(context, id=fw.policy_id) TNPolicy.remove_rule_and_apply(context, client, policy, rule_id) else: LOG.debug('error')
def move_rule_apply(context, fw, src_rule_id, dst_rule_id, action): router_ids = fw.router_ids.split(',') for router_id in router_ids: client = tnos.get_tn_client(context, router_id) if client != None: policy = TNPolicy.get(context, id=fw.policy_id) TNPolicy.insert_rule_apply(context, client, policy, src_rule_id, dst_rule_id, action) else: LOG.debug('error')
def remove_router_interface(self, context, router_id, interface_info): """Deletes vlink, default router from Tsinghuanet device.""" LOG.debug("TNL3ServicePlugin.remove_router_interface called: " "router_id=%(router_id)s " "interface_info=%(interface_info)r", {'router_id': router_id, 'interface_info': interface_info}) info = super(TNL3ServicePlugin, self).remove_router_interface(context, router_id, interface_info) #with context.session.begin(subtransactions=True): client = tnos_router.get_tn_client(context, router_id) self._remove_tn_router_interface(context, router_id, port_id=interface_info['port_id']) return info
def unapply_to_router(context, fw, router_id): LOG.debug('router ids %s', fw.router_ids) router_ids = fw.router_ids.split(',') if router_id in router_ids: LOG.debug('trace') router_ids.remove(router_id) router_ids = ','.join(router_ids) TNFirewall.update(context, fw, router_ids=router_ids) client = tnos.get_tn_client(context, router_id) if client != None: rules = TNRule.gets(context, policy_id=fw.policy_id) for rule in rules: TNRule.del_apply(context, client, rule) else: LOG.debug('error')
def tn_firewall_start(context): tn_fws = TNFirewall.get_list(context) for fw in tn_fws: if fw.router_ids is not None: router_ids = fw.router_ids.split(',') for router_id in router_ids: client = tnos.get_tn_client(context, router_id) if client != None: rules = TNRule.gets(context, policy_id=fw.policy_id) for rule in rules: TNRule.add_apply(context, client, rule) else: LOG.debug('error')
def apply_to_router(context, fw, router_id): if fw.router_ids is not None: router_ids = fw.router_ids.split(',') else: router_ids = [] if router_id not in router_ids: router_ids.append(router_id) LOG.debug('router ids %s', router_ids) router_ids = ','.join(router_ids) LOG.debug('router ids %s', router_ids) TNFirewall.update(context, fw, router_ids=router_ids) client = tnos.get_tn_client(context, router_id) if client != None: rules = TNRule.gets(context, policy_id=fw.policy_id) for rule in rules: TNRule.add_apply(context, client, rule) else: LOG.debug('error')
def _remove_tn_router_interface(self, context, router_id, port_id=None, is_gw=False): client = tnos_router.get_tn_client(context, router_id) # with context.session.begin(subtransactions=True): if is_gw == True: tn_intf = tnos_router.get_intf(context, router_id=router_id, is_gw='True') if port_id is not None: tn_intf = tnos_router.get_intf(context, id=port_id) LOG.debug(tn_intf) if tn_intf is not None: if is_gw == True: default_snat = tnos_firewall.TNSnatRule.get(context, router_id=router_id, inner_id=tnos_firewall.TNOS_RULE_ID_MAX) tnos_firewall.TNSnatRule.del_apply(context, client, default_snat) tnos_firewall.TNSnatRule.delete(context, default_snat) else: snat = tnos_firewall.TNSnatRule.get(context, router_id=router_id, dstaddr=tn_intf.ip_prefix) tnos_firewall.TNSnatRule.del_apply(context, client, snat) tnos_firewall.TNSnatRule.delete(context, snat) tnos_router.del_intf(context, router_id, intf_id=tn_intf.id)
def main_test(context): router_id = 'fe2b9562-95a3-4c3b-9aa5-d61d7ba32048' ''' tn_fw = TNFirewall.create(context, '111111111', 'test1', 'test1-desc') tn_policy = TNFirewall.add_policy(context, tn_fw, '111111', 'test1-desc') rule_info = { 'protocol': u'tcp', 'description': u'123', 'source_port': None, 'source_ip_address': u'10.1.1.1/24', 'destination_ip_address': None, 'firewall_policy_id': u'111111', 'position': 1, 'destination_port': None, 'id': u'5683780b-77d3-4d1b-acb7-4360b7f48347', 'name': u'test-rule-1', 'tenant_id': u'38f7e18b122949f39473e8c6d76aae19', 'enabled': True, 'action': 'allow', 'ip_version': 4, 'shared': False, 'project_id': u'38f7e18b122949f39473e8c6d76aae19' } TNPolicy.add_rule(context, tn_policy, rule_info) rule_info = { 'protocol': u'tcp', 'description': u'123', 'source_port': None, 'source_ip_address': None, 'destination_ip_address': u'20.1.1.1/24', 'firewall_policy_id': u'111111', 'position': 1, 'destination_port': None, 'id': u'5683780b-77d3-4d1b-acb7-4360b7f48348', 'name': u'test-rule-2', 'tenant_id': u'38f7e18b122949f39473e8c6d76aae19', 'enabled': True, 'action': 'allow', 'ip_version': 4, 'shared': False, 'project_id': u'38f7e18b122949f39473e8c6d76aae19' } TNPolicy.add_rule(context, tn_policy, rule_info) TNFirewall.apply_to_router(context, tn_fw, router_id) tn_fw = TNFirewall.get(context, id='111111111') rule_info = { 'protocol': u'icmp', 'description': u'123', 'source_port': None, 'source_ip_address': u'10.1.1.1/24', 'destination_ip_address': None, 'firewall_policy_id': u'111111', 'position': 1, 'destination_port': None, 'id': u'5683780b-77d3-4d1b-acb7-4360b7f48349', 'name': u'test-rule-3', 'tenant_id': u'38f7e18b122949f39473e8c6d76aae19', 'enabled': True, 'action': 'allow', 'ip_version': 4, 'shared': False, 'project_id': u'38f7e18b122949f39473e8c6d76aae19' } TNFirewall.add_rule_and_apply(context, tn_fw, rule_info) #TNFirewall.remove_rule_and_apply(context, tn_fw, '5683780b-77d3-4d1b-acb7-4360b7f48349') TNFirewall.move_rule_apply(context, tn_fw, '5683780b-77d3-4d1b-acb7-4360b7f48349', '5683780b-77d3-4d1b-acb7-4360b7f48347', TNOS_INSERT_RULE_ACTION['insert_before']) TNFirewall.unapply_to_router(context, tn_fw, router_id) TNFirewall.delete(context, tn_fw) ''' client = tnos.get_tn_client(context, router_id) ''' default_snat = TNSnatRule.create(context, router_id, TNOS_NAT_TRANS['trans-to'], inner_id=TNOS_RULE_ID_MAX, trans_addr='172.24.4.10/32') TNSnatRule.add_apply(context, client, default_snat) snat = TNSnatRule.create(context, router_id, TNOS_NAT_TRANS['no-trans'], srcaddr='10.1.1.1/24') TNSnatRule.add_apply(context, client, snat) ''' default_snat = TNSnatRule.get(context, router_id=router_id, inner_id=TNOS_RULE_ID_MAX) snat = TNSnatRule.get(context, router_id=router_id, srcaddr='10.1.1.1/24') #TNSnatRule.move_apply(context, client, snat, default_snat, TNOS_INSERT_RULE_ACTION['insert_before']) TNSnatRule.del_apply(context, client, default_snat) TNSnatRule.del_apply(context, client, snat) TNSnatRule.delete(context, default_snat) TNSnatRule.delete(context, snat)