diff options
| author | Cory Wright <cory.wright@rackspace.com> | 2011-04-20 14:11:25 -0400 |
|---|---|---|
| committer | Cory Wright <cory.wright@rackspace.com> | 2011-04-20 14:11:25 -0400 |
| commit | 169496af390caa4035db2fefabffd71c95a57fbf (patch) | |
| tree | d9228c7d12657c0a1980ce5540a6266ad56c5690 /plugins/xenserver/networking | |
| parent | a46bd9fb6483959e210f25276ff70c76767e509d (diff) | |
| download | nova-169496af390caa4035db2fefabffd71c95a57fbf.tar.gz | |
refactor the way flows are deleted/reset
Diffstat (limited to 'plugins/xenserver/networking')
| -rwxr-xr-x | plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py | 143 |
1 files changed, 70 insertions, 73 deletions
diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index e1a1514762..37ff07e333 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -35,22 +35,15 @@ OVS_OFCTL = '/usr/bin/ovs-ofctl' class OvsFlow(object): - def __init__(self, command, bridge, params): - self.command = command + def __init__(self, bridge, params): self.bridge = bridge self.params = params def add(self, rule): - execute(OVS_OFCTL, 'add-flow', self.bridge, rule) + execute(OVS_OFCTL, 'add-flow', self.bridge, rule % self.params) - def delete(self, rule): - execute(OVS_OFCTL, 'del-flows', self.bridge, rule) - - def apply(self, rule): - if self.command in ('offline', 'reset'): - self.delete(rule % self.params) - if self.command in ('online', 'reset'): - self.add(rule % self.params) + def clear_flows(self, ofport): + execute(OVS_OFCTL, 'del-flows', self.bridge, "in_port=%s" % ofport) def main(dom_id, command, net_type, only_this_vif=None): @@ -78,94 +71,98 @@ def main(dom_id, command, net_type, only_this_vif=None): VIF_MAC=data['mac'], VIF_OFPORT=vif_ofport) - if net_type in ('ipv4', 'all'): - for ip4 in data['ips']: - params.update({'VIF_IPv4': ip4['ip']}) - apply_ovs_ipv4_flows(command, bridge, params) - if net_type in ('ipv6', 'all') and 'ip6s' in data: - for ip6 in data['ip6s']: - params.update({'VIF_GLOBAL_IPv6': ip6['ip']}) - mac64 = netaddr.EUI(data['mac']).eui64() - params.update({'VIF_LOCAL_IPv6': str(mac64.ipv6_link_local())}) - apply_ovs_ipv6_flows(command, bridge, params) + ovs = OvsFlow(bridge, params) + + if command in ('offline', 'reset'): + # I haven't found a way to clear only IPv4 or IPv6 rules. + ovs.clear_flows(vif_ofport) + if command in ('online', 'reset'): + if net_type in ('ipv4', 'all') and 'ips' in data: + for ip4 in data['ips']: + ovs.params.update({'VIF_IPv4': ip4['ip']}) + apply_ovs_ipv4_flows(ovs, bridge, params) + if net_type in ('ipv6', 'all') and 'ip6s' in data: + for ip6 in data['ip6s']: + link_local = str(netaddr.EUI(data['mac']).eui64()\ + .ipv6_link_local()) + ovs.params.update({'VIF_LOCAL_IPv6': link_local}) + ovs.params.update({'VIF_GLOBAL_IPv6': ip6['ip']}) + apply_ovs_ipv6_flows(ovs, bridge, params) -def apply_ovs_ipv4_flows(command, bridge, params): - flow = OvsFlow(command, bridge, params) +def apply_ovs_ipv4_flows(ovs, command, bridge, params): # allow valid ARP outbound (both request / reply) - flow.apply("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," - "arp_sha=%(VIF_MAC)s,nw_src=%(VIF_IPv4)s,action=normal") + ovs.add("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," + "arp_sha=%(VIF_MAC)s,nw_src=%(VIF_IPv4)s,action=normal") - flow.apply("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," - "arp_sha=%(VIF_MAC)s,nw_src=0.0.0.0,action=normal") + ovs.add("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," + "arp_sha=%(VIF_MAC)s,nw_src=0.0.0.0,action=normal") # allow valid IPv4 outbound - flow.apply("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,ip," - "nw_src=%(VIF_IPv4)s,action=normal") - + ovs.add("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,ip," + "nw_src=%(VIF_IPv4)s,action=normal") -def apply_ovs_ipv6_flows(command, bridge, params): - flow = OvsFlow(command, bridge, params) +def apply_ovs_ipv6_flows(ovs, command, bridge, params): # allow valid IPv6 ND outbound (are both global and local IPs needed?) # Neighbor Solicitation - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," - "action=normal") - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,action=normal") - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," - "action=normal") - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," + "action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," + "action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,action=normal") # Neighbor Advertisement - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136," - "nd_target=%(VIF_LOCAL_IPv6)s,action=normal") - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136,action=normal") - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136," - "nd_target=%(VIF_GLOBAL_IPv6)s,action=normal") - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136,action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136," + "nd_target=%(VIF_LOCAL_IPv6)s,action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136,action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136," + "nd_target=%(VIF_GLOBAL_IPv6)s,action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136,action=normal") # drop all other neighbor discovery (required because we permit all icmp6 below) - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=135,action=drop") - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=136,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=135,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=136,action=drop") # do not allow sending specifc ICMPv6 types # Router Advertisement - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=134,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=134,action=drop") # Redirect Gateway - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=137,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=137,action=drop") # Mobile Prefix Solicitation - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=146,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=146,action=drop") # Mobile Prefix Advertisement - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=147,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=147,action=drop") # Multicast Router Advertisement - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=151,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=151,action=drop") # Multicast Router Solicitation - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=152,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=152,action=drop") # Multicast Router Termination - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=153,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=153,action=drop") # allow valid IPv6 outbound, by type - flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp6,action=normal") - flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp6,action=normal") - flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,tcp6,action=normal") - flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_LOCAL_IPv6)s,tcp6,action=normal") - flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,udp6,action=normal") - flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_LOCAL_IPv6)s,udp6,action=normal") + ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp6,action=normal") + ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp6,action=normal") + ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,tcp6,action=normal") + ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_LOCAL_IPv6)s,tcp6,action=normal") + ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,udp6,action=normal") + ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_LOCAL_IPv6)s,udp6,action=normal") # all else will be dropped ... |