Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gelencsér Szabolcs
/
vmdriver
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Wiki
Members
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
9baf343e
authored
Nov 11, 2013
by
Guba Sándor
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
netdriver: fixing pep issues and adding docstring
parent
f61122c8
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
69 additions
and
42 deletions
+69
-42
netdriver.py
+69
-42
No files found.
netdriver.py
View file @
9baf343e
""" CIRCLE driver for Open vSwitch. """
import
subprocess
import
subprocess
import
logging
import
logging
...
@@ -10,30 +11,33 @@ driver = getenv("HYPERVISOR_TYPE", "test")
...
@@ -10,30 +11,33 @@ driver = getenv("HYPERVISOR_TYPE", "test")
@celery.task
@celery.task
def
create
(
network
):
def
create
(
network
):
""" Create a network port. """
port_create
(
VMNetwork
.
deserialize
(
network
))
port_create
(
VMNetwork
.
deserialize
(
network
))
@celery.task
@celery.task
def
delete
(
network
):
def
delete
(
network
):
""" Delete a network port. """
port_delete
(
VMNetwork
.
deserialize
(
network
))
port_delete
(
VMNetwork
.
deserialize
(
network
))
def
add_tuntap_interface
(
if_name
):
def
add_tuntap_interface
(
if_name
):
'''For testing purpose only adding tuntap interface.
""" For testing purpose only adding tuntap interface. """
'''
subprocess
.
call
([
'sudo'
,
'ip'
,
'tuntap'
,
'add'
,
'mode'
,
'tap'
,
if_name
])
subprocess
.
call
([
'sudo'
,
'ip'
,
'tuntap'
,
'add'
,
'mode'
,
'tap'
,
if_name
])
def
del_tuntap_interface
(
if_name
):
def
del_tuntap_interface
(
if_name
):
'''For testing purpose only deleting tuntap interface.
""" For testing purpose only deleting tuntap interface. """
'''
subprocess
.
call
([
'sudo'
,
'ip'
,
'tuntap'
,
'del'
,
'mode'
,
'tap'
,
if_name
])
subprocess
.
call
([
'sudo'
,
'ip'
,
'tuntap'
,
'del'
,
'mode'
,
'tap'
,
if_name
])
def
ovs_command_execute
(
command
):
def
ovs_command_execute
(
command
):
'''Execute OpenVSwitch commands
""" Execute OpenVSwitch commands.
command - List of strings
command - List of strings
'''
return - Command output
"""
command
=
[
'sudo'
,
'ovs-vsctl'
]
+
command
command
=
[
'sudo'
,
'ovs-vsctl'
]
+
command
return_val
=
subprocess
.
call
(
command
)
return_val
=
subprocess
.
call
(
command
)
logging
.
info
(
'OVS command:
%
s executed.'
,
command
)
logging
.
info
(
'OVS command:
%
s executed.'
,
command
)
...
@@ -41,9 +45,12 @@ def ovs_command_execute(command):
...
@@ -41,9 +45,12 @@ def ovs_command_execute(command):
def
ofctl_command_execute
(
command
):
def
ofctl_command_execute
(
command
):
'''Execute OpenVSwitch flow commands
""" Execute OpenVSwitch flow commands.
command - List of strings
command - List of strings
'''
return - Command output
"""
command
=
[
'sudo'
,
'ovs-ofctl'
]
+
command
command
=
[
'sudo'
,
'ovs-ofctl'
]
+
command
return_val
=
subprocess
.
call
(
command
)
return_val
=
subprocess
.
call
(
command
)
logging
.
info
(
'OVS flow command:
%
s executed.'
,
command
)
logging
.
info
(
'OVS flow command:
%
s executed.'
,
command
)
...
@@ -59,7 +66,9 @@ def build_flow_rule(
...
@@ -59,7 +66,9 @@ def build_flow_rule(
tp_dst
=
None
,
tp_dst
=
None
,
priority
=
None
,
priority
=
None
,
actions
=
None
):
actions
=
None
):
'''
"""
Generate flow rule from the parameters.
in_port - Interface flow-port number
in_port - Interface flow-port number
dl_src - Source mac addsress (virtual interface)
dl_src - Source mac addsress (virtual interface)
protocol - Protocol for the rule like ip,ipv6,arp,udp,tcp
protocol - Protocol for the rule like ip,ipv6,arp,udp,tcp
...
@@ -68,7 +77,10 @@ def build_flow_rule(
...
@@ -68,7 +77,10 @@ def build_flow_rule(
tp_dst - Destination port
tp_dst - Destination port
priority - Rule priority
priority - Rule priority
actions - Action for the matching rule
actions - Action for the matching rule
'''
return - Open vSwitch compatible flow rule.
"""
flow_rule
=
""
flow_rule
=
""
if
in_port
is
None
:
if
in_port
is
None
:
raise
AttributeError
(
"Parameter in_port is mandantory"
)
raise
AttributeError
(
"Parameter in_port is mandantory"
)
...
@@ -85,29 +97,31 @@ def build_flow_rule(
...
@@ -85,29 +97,31 @@ def build_flow_rule(
# Generate rule string with comas, except the last item
# Generate rule string with comas, except the last item
for
i
in
rule
[:
-
1
]:
for
i
in
rule
[:
-
1
]:
flow_rule
+=
i
+
","
flow_rule
+=
i
+
","
else
:
flow_rule
+=
rule
[
-
1
]
flow_rule
+=
rule
[
-
1
]
return
flow_rule
return
flow_rule
def
set_port_vlan
(
network_name
,
vlan
):
def
set_port_vlan
(
network_name
,
vlan
):
''' Setting vlan for interface named net_name
""" Setting vlan for interface named net_name. """
'''
cmd_list
=
[
'set'
,
'Port'
,
network_name
,
'tag='
+
str
(
vlan
)]
cmd_list
=
[
'set'
,
'Port'
,
network_name
,
'tag='
+
str
(
vlan
)]
ovs_command_execute
(
cmd_list
)
ovs_command_execute
(
cmd_list
)
def
add_port_to_bridge
(
network_name
,
bridge
):
def
add_port_to_bridge
(
network_name
,
bridge
):
""" Add bridge to network_name. """
cmd_list
=
[
'add-port'
,
bridge
,
network_name
]
cmd_list
=
[
'add-port'
,
bridge
,
network_name
]
ovs_command_execute
(
cmd_list
)
ovs_command_execute
(
cmd_list
)
def
del_port_from_bridge
(
network_name
):
def
del_port_from_bridge
(
network_name
):
""" Delete network_name port. """
ovs_command_execute
([
'del-port'
,
network_name
])
ovs_command_execute
([
'del-port'
,
network_name
])
def
mac_filter
(
network
,
port_number
,
delete
=
False
):
def
mac_filter
(
network
,
port_number
,
remove
=
False
):
if
not
delete
:
""" Apply/Remove mac filtering rule for network. """
if
not
remove
:
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
priority
=
"40000"
,
actions
=
"normal"
)
priority
=
"40000"
,
actions
=
"normal"
)
ofctl_command_execute
([
"add-flow"
,
network
.
bridge
,
flow_cmd
])
ofctl_command_execute
([
"add-flow"
,
network
.
bridge
,
flow_cmd
])
...
@@ -116,8 +130,9 @@ def mac_filter(network, port_number, delete=False):
...
@@ -116,8 +130,9 @@ def mac_filter(network, port_number, delete=False):
ofctl_command_execute
([
"del-flows"
,
network
.
bridge
,
flow_cmd
])
ofctl_command_execute
([
"del-flows"
,
network
.
bridge
,
flow_cmd
])
def
ban_dhcp_server
(
network
,
port_number
,
delete
=
False
):
def
ban_dhcp_server
(
network
,
port_number
,
remove
=
False
):
if
not
delete
:
""" Apply/Remove dhcp-server ban rule to network. """
if
not
remove
:
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
protocol
=
"udp"
,
tp_dst
=
"68"
,
protocol
=
"udp"
,
tp_dst
=
"68"
,
priority
=
"43000"
,
actions
=
"drop"
)
priority
=
"43000"
,
actions
=
"drop"
)
...
@@ -128,8 +143,9 @@ def ban_dhcp_server(network, port_number, delete=False):
...
@@ -128,8 +143,9 @@ def ban_dhcp_server(network, port_number, delete=False):
ofctl_command_execute
([
"del-flows"
,
network
.
bridge
,
flow_cmd
])
ofctl_command_execute
([
"del-flows"
,
network
.
bridge
,
flow_cmd
])
def
ipv4_filter
(
network
,
port_number
,
delete
=
False
):
def
ipv4_filter
(
network
,
port_number
,
remove
=
False
):
if
not
delete
:
""" Apply/Remove ipv4 filter rule to network. """
if
not
remove
:
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
protocol
=
"ip"
,
nw_src
=
network
.
ipv4
,
protocol
=
"ip"
,
nw_src
=
network
.
ipv4
,
priority
=
42000
,
actions
=
"normal"
)
priority
=
42000
,
actions
=
"normal"
)
...
@@ -140,8 +156,9 @@ def ipv4_filter(network, port_number, delete=False):
...
@@ -140,8 +156,9 @@ def ipv4_filter(network, port_number, delete=False):
ofctl_command_execute
([
"del-flows"
,
network
.
bridge
,
flow_cmd
])
ofctl_command_execute
([
"del-flows"
,
network
.
bridge
,
flow_cmd
])
def
ipv6_filter
(
network
,
port_number
,
delete
=
False
):
def
ipv6_filter
(
network
,
port_number
,
remove
=
False
):
if
not
delete
:
""" Apply/Remove ipv6 filter rule to network. """
if
not
remove
:
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
protocol
=
"ipv6"
,
ipv6_src
=
network
.
ipv6
,
protocol
=
"ipv6"
,
ipv6_src
=
network
.
ipv6
,
priority
=
42000
,
actions
=
"normal"
)
priority
=
42000
,
actions
=
"normal"
)
...
@@ -152,8 +169,9 @@ def ipv6_filter(network, port_number, delete=False):
...
@@ -152,8 +169,9 @@ def ipv6_filter(network, port_number, delete=False):
ofctl_command_execute
([
"del-flows"
,
network
.
bridge
,
flow_cmd
])
ofctl_command_execute
([
"del-flows"
,
network
.
bridge
,
flow_cmd
])
def
arp_filter
(
network
,
port_number
,
delete
=
False
):
def
arp_filter
(
network
,
port_number
,
remove
=
False
):
if
not
delete
:
""" Apply/Remove arp filter rule to network. """
if
not
remove
:
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
protocol
=
"arp"
,
nw_src
=
network
.
ipv4
,
protocol
=
"arp"
,
nw_src
=
network
.
ipv4
,
priority
=
41000
,
actions
=
"normal"
)
priority
=
41000
,
actions
=
"normal"
)
...
@@ -164,8 +182,9 @@ def arp_filter(network, port_number, delete=False):
...
@@ -164,8 +182,9 @@ def arp_filter(network, port_number, delete=False):
ofctl_command_execute
([
"del-flows"
,
network
.
bridge
,
flow_cmd
])
ofctl_command_execute
([
"del-flows"
,
network
.
bridge
,
flow_cmd
])
def
enable_dhcp_client
(
network
,
port_number
,
delete
=
False
):
def
enable_dhcp_client
(
network
,
port_number
,
remove
=
False
):
if
not
delete
:
""" Apply/Remove allow dhcp-client rule to network. """
if
not
remove
:
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
dl_src
=
network
.
mac
,
protocol
=
"udp"
,
tp_dst
=
"67"
,
protocol
=
"udp"
,
tp_dst
=
"67"
,
priority
=
"40000"
,
actions
=
"normal"
)
priority
=
"40000"
,
actions
=
"normal"
)
...
@@ -176,8 +195,9 @@ def enable_dhcp_client(network, port_number, delete=False):
...
@@ -176,8 +195,9 @@ def enable_dhcp_client(network, port_number, delete=False):
ofctl_command_execute
([
"del-flows"
,
network
.
bridge
,
flow_cmd
])
ofctl_command_execute
([
"del-flows"
,
network
.
bridge
,
flow_cmd
])
def
disable_all_not_allowed_trafic
(
network
,
port_number
,
delete
=
False
):
def
disable_all_not_allowed_trafic
(
network
,
port_number
,
remove
=
False
):
if
not
delete
:
""" Apply/Remove explicit deny all not allowed network. """
if
not
remove
:
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
flow_cmd
=
build_flow_rule
(
in_port
=
port_number
,
priority
=
"30000"
,
actions
=
"drop"
)
priority
=
"30000"
,
actions
=
"drop"
)
ofctl_command_execute
([
"add-flow"
,
network
.
bridge
,
flow_cmd
])
ofctl_command_execute
([
"add-flow"
,
network
.
bridge
,
flow_cmd
])
...
@@ -187,8 +207,7 @@ def disable_all_not_allowed_trafic(network, port_number, delete=False):
...
@@ -187,8 +207,7 @@ def disable_all_not_allowed_trafic(network, port_number, delete=False):
def
port_create
(
network
):
def
port_create
(
network
):
''' Adding port to bridge apply rules and pull up interface.
""" Adding port to bridge apply rules and pull up interface. """
'''
# For testing purpose create tuntap iface
# For testing purpose create tuntap iface
if
driver
==
"test"
:
if
driver
==
"test"
:
add_tuntap_interface
(
network
.
name
)
add_tuntap_interface
(
network
.
name
)
...
@@ -218,22 +237,21 @@ def port_create(network):
...
@@ -218,22 +237,21 @@ def port_create(network):
def
port_delete
(
network
):
def
port_delete
(
network
):
'''
""" Remove port from bridge and remove rules from flow database. """
'''
# Getting network FlowPortNumber
# Getting network FlowPortNumber
port_number
=
get_fport_for_network
(
network
)
port_number
=
get_fport_for_network
(
network
)
# Clear network rules
# Clear network rules
if
network
.
managed
:
if
network
.
managed
:
ban_dhcp_server
(
network
,
port_number
,
delet
e
=
True
)
ban_dhcp_server
(
network
,
port_number
,
remov
e
=
True
)
ipv4_filter
(
network
,
port_number
,
delet
e
=
True
)
ipv4_filter
(
network
,
port_number
,
remov
e
=
True
)
ipv6_filter
(
network
,
port_number
,
delet
e
=
True
)
ipv6_filter
(
network
,
port_number
,
remov
e
=
True
)
arp_filter
(
network
,
port_number
,
delet
e
=
True
)
arp_filter
(
network
,
port_number
,
remov
e
=
True
)
enable_dhcp_client
(
network
,
port_number
,
delet
e
=
True
)
enable_dhcp_client
(
network
,
port_number
,
remov
e
=
True
)
else
:
else
:
mac_filter
(
network
,
port_number
,
delet
e
=
True
)
mac_filter
(
network
,
port_number
,
remov
e
=
True
)
# Explicit deny all other traffic
# Explicit deny all other traffic
disable_all_not_allowed_trafic
(
network
,
port_number
,
delet
e
=
True
)
disable_all_not_allowed_trafic
(
network
,
port_number
,
remov
e
=
True
)
# Delete port
# Delete port
del_port_from_bridge
(
network
.
name
)
del_port_from_bridge
(
network
.
name
)
...
@@ -244,6 +262,11 @@ def port_delete(network):
...
@@ -244,6 +262,11 @@ def port_delete(network):
def
pull_up_interface
(
network
):
def
pull_up_interface
(
network
):
""" Pull up interface named network.
return command output
"""
command
=
[
'sudo'
,
'ip'
,
'link'
,
'set'
,
'up'
,
network
.
name
]
command
=
[
'sudo'
,
'ip'
,
'link'
,
'set'
,
'up'
,
network
.
name
]
return_val
=
subprocess
.
call
(
command
)
return_val
=
subprocess
.
call
(
command
)
logging
.
info
(
'IP command:
%
s executed.'
,
command
)
logging
.
info
(
'IP command:
%
s executed.'
,
command
)
...
@@ -251,9 +274,13 @@ def pull_up_interface(network):
...
@@ -251,9 +274,13 @@ def pull_up_interface(network):
def
get_fport_for_network
(
network
):
def
get_fport_for_network
(
network
):
'''Returns the OpenFlow port number for a given network
""" Return the OpenFlow port number for a given network.
cmd: ovs-vsctl get Interface vm-88 ofport
'''
Example: ovs-vsctl get Interface vm-88 ofport
return stripped output string
"""
output
=
subprocess
.
check_output
(
output
=
subprocess
.
check_output
(
[
'sudo'
,
'ovs-vsctl'
,
'get'
,
'Interface'
,
network
.
name
,
'ofport'
])
[
'sudo'
,
'ovs-vsctl'
,
'get'
,
'Interface'
,
network
.
name
,
'ofport'
])
return
output
.
strip
()
return
str
(
output
)
.
strip
()
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment