diff --git a/netdriver.py b/netdriver.py
index d74b2c2..b2b0bb8 100644
--- a/netdriver.py
+++ b/netdriver.py
@@ -2,6 +2,32 @@ import subprocess
import logging
from netcelery import celery
+from os import getenv
+from vm import VMNetwork
+
+driver = getenv("HYPERVISOR_TYPE", "test")
+
+
+@celery.task
+def create(network):
+ port_create(VMNetwork.deserialize(network))
+
+
+@celery.task
+def delete(network):
+ port_delete(VMNetwork.deserialize(network))
+
+
+def add_tuntap_interface(if_name):
+ '''For testing purpose only adding tuntap interface.
+ '''
+ subprocess.call(['sudo', 'ip', 'tuntap', 'add', 'mode', 'tap', if_name])
+
+
+def del_tuntap_interface(if_name):
+ '''For testing purpose only deleting tuntap interface.
+ '''
+ subprocess.call(['sudo', 'ip', 'tuntap', 'del', 'mode', 'tap', if_name])
def ovs_command_execute(command):
@@ -24,18 +50,6 @@ def ofctl_command_execute(command):
return return_val
-@celery.task
-def create(network_list):
- for network in network_list:
- port_create(network)
-
-
-@celery.task
-def delete(network_list):
- for network in network_list:
- port_delete(network)
-
-
def build_flow_rule(
in_port=None,
dl_src=None,
@@ -92,6 +106,16 @@ def del_port_from_bridge(network_name):
ovs_command_execute(['del-port', network_name])
+def mac_filter(network, port_number, delete=False):
+ if not delete:
+ flow_cmd = build_flow_rule(in_port=port_number, dl_src=network.mac,
+ priority="40000", actions="normal")
+ ofctl_command_execute(["add-flow", network.bridge, flow_cmd])
+ else:
+ flow_cmd = build_flow_rule(in_port=port_number, dl_src=network.mac)
+ ofctl_command_execute(["del-flows", network.bridge, flow_cmd])
+
+
def ban_dhcp_server(network, port_number, delete=False):
if not delete:
flow_cmd = build_flow_rule(in_port=port_number, dl_src=network.mac,
@@ -155,7 +179,7 @@ def enable_dhcp_client(network, port_number, delete=False):
def disable_all_not_allowed_trafic(network, port_number, delete=False):
if not delete:
flow_cmd = build_flow_rule(in_port=port_number,
- priority="39000", actions="drop")
+ priority="30000", actions="drop")
ofctl_command_execute(["add-flow", network.bridge, flow_cmd])
else:
flow_cmd = build_flow_rule(in_port=port_number)
@@ -163,8 +187,12 @@ def disable_all_not_allowed_trafic(network, port_number, delete=False):
def port_create(network):
+ ''' Adding port to bridge apply rules and pull up interface.
'''
- '''
+ # For testing purpose create tuntap iface
+ if driver == "test":
+ add_tuntap_interface(network.name)
+
# Create the port for virtual network
add_port_to_bridge(network.name, network.bridge)
# Set VLAN parameter for tap interface
@@ -175,12 +203,18 @@ def port_create(network):
# Set Flow rules to avoid mac or IP spoofing
if network.managed:
+ # Allow traffic from fource MAC and IP
ban_dhcp_server(network, port_number)
ipv4_filter(network, port_number)
ipv6_filter(network, port_number)
arp_filter(network, port_number)
enable_dhcp_client(network, port_number)
- disable_all_not_allowed_trafic(network, port_number)
+ else:
+ # Allow all traffic from source MAC address
+ mac_filter(network, port_number)
+ # Explicit deny all other traffic
+ disable_all_not_allowed_trafic(network, port_number)
+ pull_up_interface(network)
def port_delete(network):
@@ -201,6 +235,10 @@ def port_delete(network):
# Delete port
del_port_from_bridge(network.name)
+ # For testing purpose dele tuntap iface
+ if driver == "test":
+ del_tuntap_interface(network.name)
+
def pull_up_interface(network):
command = ['sudo', 'ip', 'link', 'set', 'up', network]