openstack/nova
Code Issues Proposed changes

fixes: 733137

Browse Source
This commit is contained in:
Eric Windisch 2011-03-14 14:39:50 +00:00 committed by Tarmac
commit ab982a009f
1 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py
View File

@ -54,6 +54,7 @@ def main(dom_id, command, only_this_vif=None):
def execute(*command, return_stdout=False): def execute(*command, return_stdout=False):
devnull = open(os.devnull, 'w') devnull = open(os.devnull, 'w')
command = map(str, command)
proc = subprocess.Popen(command, close_fds=True, proc = subprocess.Popen(command, close_fds=True,
stdout=subprocess.PIPE, stderr=devnull) stdout=subprocess.PIPE, stderr=devnull)
devnull.close() devnull.close()
@ -71,13 +72,13 @@ def apply_iptables_rules(command, params):
iptables = lambda *rule: execute('/sbin/iptables', *rule) iptables = lambda *rule: execute('/sbin/iptables', *rule)
iptables('-D', 'FORWARD', '-m', 'physdev', iptables('-D', 'FORWARD', '-m', 'physdev',
'--physdev-in', '%(VIF)s' % params, '--physdev-in', params['VIF'],
'-s', '%(IP)s' % params, '-s', params['IP'],
'-j', 'ACCEPT') '-j', 'ACCEPT')
if command == 'online': if command == 'online':
iptables('-A', 'FORWARD', '-m', 'physdev', iptables('-A', 'FORWARD', '-m', 'physdev',
'--physdev-in', '%(VIF)s' % params, '--physdev-in', params['VIF'],
'-s', '%(IP)s' % params, '-s', params['IP'],
'-j', 'ACCEPT') '-j', 'ACCEPT')
@ -85,25 +86,24 @@ def apply_arptables_rules(command, params):
arptables = lambda *rule: execute('/sbin/arptables', *rule) arptables = lambda *rule: execute('/sbin/arptables', *rule)
arptables('-D', 'FORWARD', '--opcode', 'Request', arptables('-D', 'FORWARD', '--opcode', 'Request',
'--in-interface', '%(VIF)s' % params, '--in-interface', params['VIF'],
'--source-ip', '%(IP)s' % params, '--source-ip', params['IP'],
'--source-mac', '%(MAC)s' % params, '--source-mac', params['MAC'],
'-j', 'ACCEPT') '-j', 'ACCEPT')
arptables('-D', 'FORWARD', '--opcode', 'Reply', arptables('-D', 'FORWARD', '--opcode', 'Reply',
'--in-interface', '%(VIF)s' % params, '--in-interface', params['VIF'],
'--source-ip', '%(IP)s' % params, '--source-ip', params['IP'],
'--source-mac', '%(MAC)s' % params, '--source-mac', params['MAC'],
'-j', 'ACCEPT') '-j', 'ACCEPT')
if command == 'online': if command == 'online':
arptables('-A', 'FORWARD', '--opcode', 'Request', arptables('-A', 'FORWARD', '--opcode', 'Request',
'--in-interface', '%(VIF)s' % params '--in-interface', params['VIF'],
'--source-ip', '%(IP)s' % params, '--source-mac', params['MAC'],
'--source-mac', '%(MAC)s' % params,
'-j', 'ACCEPT') '-j', 'ACCEPT')
arptables('-A', 'FORWARD', '--opcode', 'Reply', arptables('-A', 'FORWARD', '--opcode', 'Reply',
'--in-interface', '%(VIF)s' % params, '--in-interface', params['VIF'],
'--source-ip', '%(IP)s' % params, '--source-ip', params['IP'],
'--source-mac', '%(MAC)s' % params, '--source-mac', params['MAC'],
'-j', 'ACCEPT') '-j', 'ACCEPT')
@ -130,7 +130,7 @@ def apply_ebtables_rules(command, params):
'-i', params['VIF'], '-j', 'DROP') '-i', params['VIF'], '-j', 'DROP')
if command == 'online': if command == 'online':
ebtables('-I', 'FORWARD', '1', '-s', '!', params['MAC'], ebtables('-I', 'FORWARD', '1', '-s', '!', params['MAC'],
'-i', '%(VIF)s', '-j', 'DROP') '-i', params['VIF'], '-j', 'DROP')
if __name__ == "__main__": if __name__ == "__main__":