def __init__(self, namespace=None): self.iptables = iptables_manager.IptablesManager( state_less=True, use_ipv6=netutils.is_ipv6_enabled(), namespace=namespace) # TODO(majopela, shihanzhang): refactor out ipset to a separate # driver composed over this one self.ipset = ipset_manager.IpsetManager(namespace=namespace) # list of port which has security group self.filtered_ports = {} self.unfiltered_ports = {} self.trusted_ports = [] self.ipconntrack = ip_conntrack.get_conntrack( self.iptables.get_rules_for_table, self.filtered_ports, self.unfiltered_ports, namespace=namespace, zone_per_port=self.CONNTRACK_ZONE_PER_PORT) self._add_fallback_chain_v4v6() self._defer_apply = False self._pre_defer_filtered_ports = None self._pre_defer_unfiltered_ports = None # List of security group rules for ports residing on this host self.sg_rules = {} self.pre_sg_rules = None # List of security group member ips for ports residing on this host self.sg_members = collections.defaultdict( lambda: collections.defaultdict(list)) self.pre_sg_members = None self.enable_ipset = cfg.CONF.SECURITYGROUP.enable_ipset self.updated_rule_sg_ids = set() self.updated_sg_members = set() self.devices_with_updated_sg_members = collections.defaultdict(list) self._iptables_protocol_name_map = {} self._check_netfilter_for_bridges()
def __init__(self, namespace=None): self.iptables = iptables_manager.IptablesManager( use_ipv6=ipv6_utils.is_enabled(), namespace=namespace) # TODO(majopela, shihanzhang): refactor out ipset to a separate # driver composed over this one self.ipset = ipset_manager.IpsetManager(namespace=namespace) self.ipconntrack = ip_conntrack.IpConntrackManager( self.get_device_zone, namespace=namespace) self._populate_initial_zone_map() # list of port which has security group self.filtered_ports = {} self.unfiltered_ports = {} self._add_fallback_chain_v4v6() self._defer_apply = False self._pre_defer_filtered_ports = None self._pre_defer_unfiltered_ports = None # List of security group rules for ports residing on this host self.sg_rules = {} self.pre_sg_rules = None # List of security group member ips for ports residing on this host self.sg_members = collections.defaultdict( lambda: collections.defaultdict(list)) self.pre_sg_members = None self.enable_ipset = cfg.CONF.SECURITYGROUP.enable_ipset self._enabled_netfilter_for_bridges = False self.updated_rule_sg_ids = set() self.updated_sg_members = set() self.devices_with_udpated_sg_members = collections.defaultdict(list)
def setUp(self): super(BaseIpsetManagerTest, self).setUp() self.ipset = ipset_manager.IpsetManager() self.execute = mock.patch.object(self.ipset, "execute").start() self.expected_calls = [] self.expect_create() self.force_sorted_get_set_ips()
def _create_ipset_manager_and_set(self, dst_ns, set_name): ipset = ipset_manager.IpsetManager( root_helper=self.root_helper, namespace=dst_ns.namespace) ipset._create_set(set_name, IPSET_ETHERTYPE) return ipset
def __init__(self, namespace=None): self.root_helper = cfg.CONF.AGENT.root_helper self.iptables = iptables_manager.IptablesManager( root_helper=self.root_helper, use_ipv6=ipv6_utils.is_enabled()) # TODO(majopela, shihanzhang): refactor out ipset to a separate # driver composed over this one self.ipset = ipset_manager.IpsetManager(root_helper=self.root_helper) # list of port which has security group self.filtered_ports = {} self._add_fallback_chain_v4v6() self._defer_apply = False self._pre_defer_filtered_ports = None # List of security group rules for ports residing on this host self.sg_rules = {} self.pre_sg_rules = None # List of security group member ips for ports residing on this host self.sg_members = {} self.pre_sg_members = None self.ipset_chains = {} self.enable_ipset = cfg.CONF.SECURITYGROUP.enable_ipset self.defer_sg_rules = {} self.defer_sgs = {} self.available_local_zones = set( xrange(constants.MIN_VLAN_TAG, constants.MAX_VLAN_TAG)) self.local_zone_map = {} self.namespace = namespace
def setUp(self): super(BaseIpsetManagerTest, self).setUp() self.root_helper = 'sudo' self.ipset = ipset_manager.IpsetManager(root_helper=self.root_helper) self.execute = mock.patch.object(self.ipset, "execute").start() self.expected_calls = [] self.expect_create()
def setUp(self, maxelem=None, hashsize=None): super(BaseIpsetManagerTest, self).setUp() cfg.CONF.register_opts(a_cfg.IPSET_OPTS, 'AGENT') cfg.CONF.set_override('ipset_maxelem', maxelem, 'AGENT') cfg.CONF.set_override('ipset_hashsize', hashsize, 'AGENT') self.maxelem = maxelem self.hashsize = hashsize self.ipset = ipset_manager.IpsetManager() self.execute = mock.patch.object(self.ipset, "execute").start() self.expected_calls = [] self.expect_create()