def _get_configurations(self, network, mapping): """Get a dictionary of VIF configurations for bridge type.""" # Assume that the gateway also acts as the dhcp server. gateway_v6 = mapping.get('gateway_v6') mac_id = mapping['mac'].replace(':', '') if FLAGS.allow_same_net_traffic: template = "<parameter name=\"%s\"value=\"%s\" />\n" net, mask = netutils.get_net_and_mask(network['cidr']) values = [("PROJNET", net), ("PROJMASK", mask)] if FLAGS.use_ipv6: net_v6, prefixlen_v6 = netutils.get_net_and_prefixlen( network['cidr_v6']) values.extend([("PROJNETV6", net_v6), ("PROJMASKV6", prefixlen_v6)]) extra_params = "".join([template % value for value in values]) else: extra_params = "\n" result = { 'id': mac_id, 'bridge_name': network['bridge'], 'mac_address': mapping['mac'], 'ip_address': mapping['ips'][0]['ip'], 'dhcp_server': mapping['dhcp_server'], 'extra_params': extra_params, } if gateway_v6: result['gateway_v6'] = gateway_v6 + "/128" return result
def _get_configurations(self, network, mapping): """Get a dictionary of VIF configurations for bridge type.""" # Assume that the gateway also acts as the dhcp server. gateway6 = mapping.get('gateway6') mac_id = mapping['mac'].replace(':', '') if FLAGS.allow_same_net_traffic: template = "<parameter name=\"%s\"value=\"%s\" />\n" net, mask = netutils.get_net_and_mask(network['cidr']) values = [("PROJNET", net), ("PROJMASK", mask)] if FLAGS.use_ipv6: net_v6, prefixlen_v6 = netutils.get_net_and_prefixlen( network['cidr_v6']) values.extend([("PROJNETV6", net_v6), ("PROJMASKV6", prefixlen_v6)]) extra_params = "".join([template % value for value in values]) else: extra_params = "\n" result = { 'id': mac_id, 'bridge_name': network['bridge'], 'mac_address': mapping['mac'], 'ip_address': mapping['ips'][0]['ip'], 'dhcp_server': mapping['dhcp_server'], 'extra_params': extra_params, } if gateway6: result['gateway6'] = gateway6 + "/128" return result
def _get_configurations(self, network, mapping): """Get a dictionary of VIF configurations for bridge type.""" # Assume that the gateway also acts as the dhcp server. gateway6 = mapping.get("gateway6") mac_id = mapping["mac"].replace(":", "") if FLAGS.allow_project_net_traffic: template = '<parameter name="%s"value="%s" />\n' net, mask = netutils.get_net_and_mask(network["cidr"]) values = [("PROJNET", net), ("PROJMASK", mask)] if FLAGS.use_ipv6: net_v6, prefixlen_v6 = netutils.get_net_and_prefixlen(network["cidr_v6"]) values.extend([("PROJNETV6", net_v6), ("PROJMASKV6", prefixlen_v6)]) extra_params = "".join([template % value for value in values]) else: extra_params = "\n" result = { "id": mac_id, "bridge_name": network["bridge"], "mac_address": mapping["mac"], "ip_address": mapping["ips"][0]["ip"], "dhcp_server": mapping["dhcp_server"], "extra_params": extra_params, } if gateway6: result["gateway6"] = gateway6 + "/128" return result
def security_group_to_nwfilter_xml(self, security_group_id): security_group = db.security_group_get(context.get_admin_context(), security_group_id) rule_xml = "" v6protocol = {'tcp': 'tcp-ipv6', 'udp': 'udp-ipv6', 'icmp': 'icmpv6'} for rule in security_group.rules: rule_xml += "<rule action='accept' direction='in' priority='300'>" if rule.cidr: version = netutils.get_ip_version(rule.cidr) if (FLAGS.use_ipv6 and version == 6): net, prefixlen = netutils.get_net_and_prefixlen(rule.cidr) rule_xml += "<%s srcipaddr='%s' srcipmask='%s' " % \ (v6protocol[rule.protocol], net, prefixlen) else: net, mask = netutils.get_net_and_mask(rule.cidr) rule_xml += "<%s srcipaddr='%s' srcipmask='%s' " % \ (rule.protocol, net, mask) if rule.protocol in ['tcp', 'udp']: rule_xml += "dstportstart='%s' dstportend='%s' " % \ (rule.from_port, rule.to_port) elif rule.protocol == 'icmp': LOG.info( 'rule.protocol: %r, rule.from_port: %r, ' 'rule.to_port: %r', rule.protocol, rule.from_port, rule.to_port) if rule.from_port != -1: rule_xml += "type='%s' " % rule.from_port if rule.to_port != -1: rule_xml += "code='%s' " % rule.to_port rule_xml += '/>\n' rule_xml += "</rule>\n" xml = "<filter name='nova-secgroup-%s' " % security_group_id if (FLAGS.use_ipv6): xml += "chain='root'>%s</filter>" % rule_xml else: xml += "chain='ipv4'>%s</filter>" % rule_xml return xml
def security_group_to_nwfilter_xml(self, security_group_id): security_group = db.security_group_get(context.get_admin_context(), security_group_id) rule_xml = "" v6protocol = {'tcp': 'tcp-ipv6', 'udp': 'udp-ipv6', 'icmp': 'icmpv6'} for rule in security_group.rules: rule_xml += "<rule action='accept' direction='in' priority='300'>" if rule.cidr: version = netutils.get_ip_version(rule.cidr) protocol = rule.protocol.lower() if(FLAGS.use_ipv6 and version == 6): net, prefixlen = netutils.get_net_and_prefixlen(rule.cidr) rule_xml += "<%s srcipaddr='%s' srcipmask='%s' " % \ (v6protocol[protocol], net, prefixlen) else: net, mask = netutils.get_net_and_mask(rule.cidr) rule_xml += "<%s srcipaddr='%s' srcipmask='%s' " % \ (protocol, net, mask) if protocol in ['tcp', 'udp']: rule_xml += "dstportstart='%s' dstportend='%s' " % \ (rule.from_port, rule.to_port) elif protocol == 'icmp': LOG.info('rule.protocol: %r, rule.from_port: %r, ' 'rule.to_port: %r', protocol, rule.from_port, rule.to_port) if rule.from_port != -1: rule_xml += "type='%s' " % rule.from_port if rule.to_port != -1: rule_xml += "code='%s' " % rule.to_port rule_xml += '/>\n' rule_xml += "</rule>\n" xml = "<filter name='nova-secgroup-%s' " % security_group_id if(FLAGS.use_ipv6): xml += "chain='root'>%s</filter>" % rule_xml else: xml += "chain='ipv4'>%s</filter>" % rule_xml return xml
def provider_fw_to_nwfilter_xml(self): """Compose a filter of drop rules from specified cidrs.""" rule_xml = "" v6protocol = {'tcp': 'tcp-ipv6', 'udp': 'udp-ipv6', 'icmp': 'icmpv6'} rules = db.provider_fw_rule_get_all(context.get_admin_context()) for rule in rules: rule_xml += "<rule action='block' direction='in' priority='150'>" version = netutils.get_ip_version(rule.cidr) if (FLAGS.use_ipv6 and version == 6): net, prefixlen = netutils.get_net_and_prefixlen(rule.cidr) rule_xml += "<%s srcipaddr='%s' srcipmask='%s' " % \ (v6protocol[rule.protocol], net, prefixlen) else: net, mask = netutils.get_net_and_mask(rule.cidr) rule_xml += "<%s srcipaddr='%s' srcipmask='%s' " % \ (rule.protocol, net, mask) if rule.protocol in ['tcp', 'udp']: rule_xml += "dstportstart='%s' dstportend='%s' " % \ (rule.from_port, rule.to_port) elif rule.protocol == 'icmp': LOG.info( 'rule.protocol: %r, rule.from_port: %r, ' 'rule.to_port: %r', rule.protocol, rule.from_port, rule.to_port) if rule.from_port != -1: rule_xml += "type='%s' " % rule.from_port if rule.to_port != -1: rule_xml += "code='%s' " % rule.to_port rule_xml += '/>\n' rule_xml += "</rule>\n" xml = "<filter name='nova-provider-rules' " if (FLAGS.use_ipv6): xml += "chain='root'>%s</filter>" % rule_xml else: xml += "chain='ipv4'>%s</filter>" % rule_xml return xml
def provider_fw_to_nwfilter_xml(self): """Compose a filter of drop rules from specified cidrs.""" rule_xml = "" v6protocol = {'tcp': 'tcp-ipv6', 'udp': 'udp-ipv6', 'icmp': 'icmpv6'} rules = db.provider_fw_rule_get_all(context.get_admin_context()) for rule in rules: rule_xml += "<rule action='block' direction='in' priority='150'>" version = netutils.get_ip_version(rule.cidr) if(FLAGS.use_ipv6 and version == 6): net, prefixlen = netutils.get_net_and_prefixlen(rule.cidr) rule_xml += "<%s srcipaddr='%s' srcipmask='%s' " % \ (v6protocol[rule.protocol], net, prefixlen) else: net, mask = netutils.get_net_and_mask(rule.cidr) rule_xml += "<%s srcipaddr='%s' srcipmask='%s' " % \ (rule.protocol, net, mask) if rule.protocol in ['tcp', 'udp']: rule_xml += "dstportstart='%s' dstportend='%s' " % \ (rule.from_port, rule.to_port) elif rule.protocol == 'icmp': LOG.info('rule.protocol: %r, rule.from_port: %r, ' 'rule.to_port: %r', rule.protocol, rule.from_port, rule.to_port) if rule.from_port != -1: rule_xml += "type='%s' " % rule.from_port if rule.to_port != -1: rule_xml += "code='%s' " % rule.to_port rule_xml += '/>\n' rule_xml += "</rule>\n" xml = "<filter name='nova-provider-rules' " if(FLAGS.use_ipv6): xml += "chain='root'>%s</filter>" % rule_xml else: xml += "chain='ipv4'>%s</filter>" % rule_xml return xml
def security_group_to_nwfilter_xml(self, security_group_id): security_group = db.security_group_get(context.get_admin_context(), security_group_id) rule_xml = "" v6protocol = {"tcp": "tcp-ipv6", "udp": "udp-ipv6", "icmp": "icmpv6"} for rule in security_group.rules: rule_xml += "<rule action='accept' direction='in' priority='300'>" if rule.cidr: version = netutils.get_ip_version(rule.cidr) if FLAGS.use_ipv6 and version == 6: net, prefixlen = netutils.get_net_and_prefixlen(rule.cidr) rule_xml += "<%s srcipaddr='%s' srcipmask='%s' " % (v6protocol[rule.protocol], net, prefixlen) else: net, mask = netutils.get_net_and_mask(rule.cidr) rule_xml += "<%s srcipaddr='%s' srcipmask='%s' " % (rule.protocol, net, mask) if rule.protocol in ["tcp", "udp"]: rule_xml += "dstportstart='%s' dstportend='%s' " % (rule.from_port, rule.to_port) elif rule.protocol == "icmp": LOG.info( "rule.protocol: %r, rule.from_port: %r, " "rule.to_port: %r", rule.protocol, rule.from_port, rule.to_port, ) if rule.from_port != -1: rule_xml += "type='%s' " % rule.from_port if rule.to_port != -1: rule_xml += "code='%s' " % rule.to_port rule_xml += "/>\n" rule_xml += "</rule>\n" xml = "<filter name='nova-secgroup-%s' " % security_group_id if FLAGS.use_ipv6: xml += "chain='root'>%s</filter>" % rule_xml else: xml += "chain='ipv4'>%s</filter>" % rule_xml return xml