Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gelencsér Szabolcs
/
vmdriver
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Wiki
Members
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
34197891
authored
Oct 01, 2013
by
Guba Sándor
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
net: added not managed network MAC address ban
parent
3a347f2c
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
52 additions
and
14 deletions
+52
-14
netdriver.py
+52
-14
No files found.
netdriver.py
View file @
34197891
...
@@ -2,6 +2,32 @@ import subprocess
...
@@ -2,6 +2,32 @@ import subprocess
import
logging
import
logging
from
netcelery
import
celery
from
netcelery
import
celery
from
os
import
getenv
from
vm
import
VMNetwork
driver
=
getenv
(
"HYPERVISOR_TYPE"
,
"test"
)
@celery.task
def
create
(
network
):
port_create
(
VMNetwork
.
deserialize
(
network
))
@celery.task
def
delete
(
network
):
port_delete
(
VMNetwork
.
deserialize
(
network
))
def
add_tuntap_interface
(
if_name
):
'''For testing purpose only adding tuntap interface.
'''
subprocess
.
call
([
'sudo'
,
'ip'
,
'tuntap'
,
'add'
,
'mode'
,
'tap'
,
if_name
])
def
del_tuntap_interface
(
if_name
):
'''For testing purpose only deleting tuntap interface.
'''
subprocess
.
call
([
'sudo'
,
'ip'
,
'tuntap'
,
'del'
,
'mode'
,
'tap'
,
if_name
])
def
ovs_command_execute
(
command
):
def
ovs_command_execute
(
command
):
...
@@ -24,18 +50,6 @@ def ofctl_command_execute(command):
...
@@ -24,18 +50,6 @@ def ofctl_command_execute(command):
return
return_val
return
return_val
@celery.task
def
create
(
network_list
):
for
network
in
network_list
:
port_create
(
network
)
@celery.task
def
delete
(
network_list
):
for
network
in
network_list
:
port_delete
(
network
)
def
build_flow_rule
(
def
build_flow_rule
(
in_port
=
None
,
in_port
=
None
,
dl_src
=
None
,
dl_src
=
None
,
...
@@ -92,6 +106,16 @@ def del_port_from_bridge(network_name):
...
@@ -92,6 +106,16 @@ def del_port_from_bridge(network_name):
ovs_command_execute
([
'del-port'
,
network_name
])
ovs_command_execute
([
'del-port'
,
network_name
])
def
mac_filter
(
network
,
port_number
,
delete
=
False
):
if
not
delete
:
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
priority
=
"40000"
,
actions
=
"normal"
)
ofctl_command_execute
([
"add-flow"
,
network
.
bridge
,
flow_cmd
])
else
:
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
)
ofctl_command_execute
([
"del-flows"
,
network
.
bridge
,
flow_cmd
])
def
ban_dhcp_server
(
network
,
port_number
,
delete
=
False
):
def
ban_dhcp_server
(
network
,
port_number
,
delete
=
False
):
if
not
delete
:
if
not
delete
:
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
...
@@ -155,7 +179,7 @@ def enable_dhcp_client(network, port_number, delete=False):
...
@@ -155,7 +179,7 @@ def enable_dhcp_client(network, port_number, delete=False):
def
disable_all_not_allowed_trafic
(
network
,
port_number
,
delete
=
False
):
def
disable_all_not_allowed_trafic
(
network
,
port_number
,
delete
=
False
):
if
not
delete
:
if
not
delete
:
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
priority
=
"3
9
000"
,
actions
=
"drop"
)
priority
=
"3
0
000"
,
actions
=
"drop"
)
ofctl_command_execute
([
"add-flow"
,
network
.
bridge
,
flow_cmd
])
ofctl_command_execute
([
"add-flow"
,
network
.
bridge
,
flow_cmd
])
else
:
else
:
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
)
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
)
...
@@ -163,8 +187,12 @@ def disable_all_not_allowed_trafic(network, port_number, delete=False):
...
@@ -163,8 +187,12 @@ def disable_all_not_allowed_trafic(network, port_number, delete=False):
def
port_create
(
network
):
def
port_create
(
network
):
''' Adding port to bridge apply rules and pull up interface.
'''
'''
'''
# For testing purpose create tuntap iface
if
driver
==
"test"
:
add_tuntap_interface
(
network
.
name
)
# Create the port for virtual network
# Create the port for virtual network
add_port_to_bridge
(
network
.
name
,
network
.
bridge
)
add_port_to_bridge
(
network
.
name
,
network
.
bridge
)
# Set VLAN parameter for tap interface
# Set VLAN parameter for tap interface
...
@@ -175,12 +203,18 @@ def port_create(network):
...
@@ -175,12 +203,18 @@ def port_create(network):
# Set Flow rules to avoid mac or IP spoofing
# Set Flow rules to avoid mac or IP spoofing
if
network
.
managed
:
if
network
.
managed
:
# Allow traffic from fource MAC and IP
ban_dhcp_server
(
network
,
port_number
)
ban_dhcp_server
(
network
,
port_number
)
ipv4_filter
(
network
,
port_number
)
ipv4_filter
(
network
,
port_number
)
ipv6_filter
(
network
,
port_number
)
ipv6_filter
(
network
,
port_number
)
arp_filter
(
network
,
port_number
)
arp_filter
(
network
,
port_number
)
enable_dhcp_client
(
network
,
port_number
)
enable_dhcp_client
(
network
,
port_number
)
else
:
# Allow all traffic from source MAC address
mac_filter
(
network
,
port_number
)
# Explicit deny all other traffic
disable_all_not_allowed_trafic
(
network
,
port_number
)
disable_all_not_allowed_trafic
(
network
,
port_number
)
pull_up_interface
(
network
)
def
port_delete
(
network
):
def
port_delete
(
network
):
...
@@ -201,6 +235,10 @@ def port_delete(network):
...
@@ -201,6 +235,10 @@ def port_delete(network):
# Delete port
# Delete port
del_port_from_bridge
(
network
.
name
)
del_port_from_bridge
(
network
.
name
)
# For testing purpose dele tuntap iface
if
driver
==
"test"
:
del_tuntap_interface
(
network
.
name
)
def
pull_up_interface
(
network
):
def
pull_up_interface
(
network
):
command
=
[
'sudo'
,
'ip'
,
'link'
,
'set'
,
'up'
,
network
]
command
=
[
'sudo'
,
'ip'
,
'link'
,
'set'
,
'up'
,
network
]
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment