From c7243aeff06792d49868e1386273ec60ec8684d0 Mon Sep 17 00:00:00 2001 From: Jason Kölker Date: Wed, 8 Feb 2012 14:44:25 -0600 Subject: Add flag to include link local in port security Fixes LP929090 Change-Id: I797e2e8299bc4a2cbb07fa210e7c25750b9bf8c3 --- nova/network/quantum/manager.py | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) (limited to 'nova') diff --git a/nova/network/quantum/manager.py b/nova/network/quantum/manager.py index 341c3b5e3..8748172fb 100644 --- a/nova/network/quantum/manager.py +++ b/nova/network/quantum/manager.py @@ -17,7 +17,7 @@ import time -from netaddr import IPNetwork, IPAddress +import netaddr from nova.compute import instance_types from nova import context @@ -50,6 +50,9 @@ quantum_opts = [ cfg.BoolOpt('quantum_use_port_security', default=False, help='Whether or not to enable port security'), + cfg.BoolOpt('quantum_port_security_include_link_local', + default=False, + help='Add the link local address to the port security list'), ] FLAGS = flags.FLAGS @@ -346,8 +349,13 @@ class QuantumManager(manager.FloatingIP, manager.FlatManager): pairs = [] # Set up port security if enabled if FLAGS.quantum_use_port_security: + if FLAGS.quantum_port_security_include_link_local: + mac = netaddr.EUI(vif_rec['address']) + ips.append(str(mac.ipv6_link_local())) + pairs = [{'mac_address': vif_rec['address'], 'ip_address': ip} for ip in ips] + self.q_conn.create_and_attach_port(net_tenant_id, quantum_net_id, vif_rec['uuid'], vm_id=instance['uuid'], @@ -384,15 +392,15 @@ class QuantumManager(manager.FloatingIP, manager.FlatManager): # previously gotten from the network table (they'll be # passed to the linux_net functions). network_ref['cidr'] = subnet['cidr'] - n = IPNetwork(subnet['cidr']) + n = netaddr.IPNetwork(subnet['cidr']) # NOTE(tr3buchet): should probably not always assume first+1 - network_ref['dhcp_server'] = IPAddress(n.first + 1) + network_ref['dhcp_server'] = netaddr.IPAddress(n.first + 1) # TODO(bgh): Melange should probably track dhcp_start # TODO(tr3buchet): melange should store dhcp_server as well if not 'dhcp_start' in network_ref or \ network_ref['dhcp_start'] is None: - network_ref['dhcp_start'] = IPAddress(n.first + 2) - network_ref['broadcast'] = IPAddress(n.broadcast) + network_ref['dhcp_start'] = netaddr.IPAddress(n.first + 2) + network_ref['broadcast'] = netaddr.IPAddress(n.broadcast) network_ref['gateway'] = subnet['gateway'] # Construct the interface id that we'll use for the bridge interface_id = "gw-" + str(network_ref['uuid'][0:11]) @@ -530,7 +538,7 @@ class QuantumManager(manager.FloatingIP, manager.FlatManager): # except anything so the rest of deallocate can succeed msg = _('port deallocation failed for instance: ' '|%(instance_id)s|, port_id: |%(port_id)s|') - LOG.critical(msg % locals) + LOG.critical(msg % locals()) # ipam deallocation block try: @@ -551,7 +559,7 @@ class QuantumManager(manager.FloatingIP, manager.FlatManager): vif_uuid = vif_ref['uuid'] msg = _('ipam deallocation failed for instance: ' '|%(instance_id)s|, vif_uuid: |%(vif_uuid)s|') - LOG.critical(msg % locals) + LOG.critical(msg % locals()) # TODO(bgh): At some point we should consider merging enable_dhcp() and # update_dhcp() @@ -569,11 +577,11 @@ class QuantumManager(manager.FloatingIP, manager.FlatManager): # passed to the linux_net functions). if subnet['cidr']: network_ref['cidr'] = subnet['cidr'] - n = IPNetwork(network_ref['cidr']) - network_ref['dhcp_server'] = IPAddress(n.first + 1) - network_ref['dhcp_start'] = IPAddress(n.first + 2) - network_ref['broadcast'] = IPAddress(n.broadcast) - network_ref['gateway'] = IPAddress(n.first + 1) + n = netaddr.IPNetwork(network_ref['cidr']) + network_ref['dhcp_server'] = netaddr.IPAddress(n.first + 1) + network_ref['dhcp_start'] = netaddr.IPAddress(n.first + 2) + network_ref['broadcast'] = netaddr.IPAddress(n.broadcast) + network_ref['gateway'] = netaddr.IPAddress(n.first + 1) dev = self._generate_gw_dev(network_ref['uuid']) # And remove the dhcp mappings for the subnet hosts = self.get_dhcp_hosts_text(context, -- cgit