本文整理汇总了Python中calico.felix.refcount.RefHelper类的典型用法代码示例。如果您正苦于以下问题:Python RefHelper类的具体用法?Python RefHelper怎么用?Python RefHelper使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了RefHelper类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: __init__
def __init__(self, profile_id, ip_version, iptables_updater, ipset_mgr):
super(ProfileRules, self).__init__(qualifier=profile_id)
assert profile_id is not None
self.id = profile_id
self.ip_version = ip_version
self._ipset_mgr = ipset_mgr
self._iptables_updater = iptables_updater
self._ipset_refs = RefHelper(self, ipset_mgr, self._on_ipsets_acquired)
# Latest profile update - a profile dictionary.
self._pending_profile = None
# Currently-programmed profile dictionary.
self._profile = None
# State flags.
self._notified_ready = False
self._cleaned_up = False
self._dead = False
self._dirty = True
self.chain_names = {
"inbound": profile_to_chain_name("inbound", profile_id),
"outbound": profile_to_chain_name("outbound", profile_id),
}
_log.info("Profile %s has chain names %s",
profile_id, self.chain_names)
示例2: __init__
def __init__(self, config, endpoint_id, ip_type, iptables_updater,
dispatch_chains, rules_manager):
super(LocalEndpoint, self).__init__(qualifier="%s(%s)" %
(endpoint_id.endpoint, ip_type))
assert isinstance(dispatch_chains, DispatchChains)
assert isinstance(rules_manager, RulesManager)
self.endpoint_id = endpoint_id
self.config = config
self.ip_type = ip_type
self.ip_version = futils.IP_TYPE_TO_VERSION[ip_type]
self.iptables_updater = iptables_updater
self.dispatch_chains = dispatch_chains
self.rules_mgr = rules_manager
self.rules_ref_helper = RefHelper(self, rules_manager,
self._on_profiles_ready)
# Will be filled in as we learn about the OS interface and the
# endpoint config.
self.endpoint = None
self._iface_name = None
self._suffix = None
# Track whether the last attempt to program the dataplane succeeded.
# We'll force a reprogram next time we get a kick.
self._failed = False
# And whether we've received an update since last time we programmed.
self._dirty = False
示例3: __init__
def __init__(self, config, combined_id, ip_type, iptables_updater,
dispatch_chains, rules_manager, status_reporter):
"""
Controls a single local endpoint.
:param combined_id: EndpointId for this endpoint.
:param ip_type: IP type for this endpoint (IPv4 or IPv6)
:param iptables_updater: IptablesUpdater to use
:param dispatch_chains: DispatchChains to use
:param rules_manager: RulesManager to use
"""
super(LocalEndpoint, self).__init__(qualifier="%s(%s)" %
(combined_id.endpoint, ip_type))
assert isinstance(dispatch_chains, DispatchChains)
assert isinstance(rules_manager, RulesManager)
self.config = config
self.combined_id = combined_id
self.ip_type = ip_type
# Other actors we need to talk to.
self.iptables_updater = iptables_updater
self.dispatch_chains = dispatch_chains
self.rules_mgr = rules_manager
self.status_reporter = status_reporter
# Helper for acquiring/releasing profiles.
self.rules_ref_helper = RefHelper(self, rules_manager,
self._on_profiles_ready)
# Per-batch state.
self._pending_endpoint = None
self._endpoint_update_pending = False
self._mac_changed = False
# Current endpoint data.
self.endpoint = None
# Will be filled in as we learn about the OS interface and the
# endpoint config.
self._mac = None
self._iface_name = None
self._suffix = None
# Track the success/failure of our dataplane programming.
self._chains_programmed = False
self._iptables_in_sync = False
self._device_in_sync = False
# Oper-state of the Linux interface.
self._device_is_up = None # Unknown
# Our last status report. Used for de-dupe.
self._last_status = None
# One-way flags to indicate that we should clean up/have cleaned up.
self._unreferenced = False
self._added_to_dispatch_chains = False
self._cleaned_up = False
示例4: __init__
def __init__(self, config, combined_id, ip_type, iptables_updater,
dispatch_chains, rules_manager):
"""
Controls a single local endpoint.
:param combined_id: EndpointId for this endpoint.
:param ip_type: IP type for this endpoint (IPv4 or IPv6)
:param iptables_updater: IptablesUpdater to use
:param dispatch_chains: DispatchChains to use
:param rules_manager: RulesManager to use
"""
super(LocalEndpoint, self).__init__(qualifier="%s(%s)" %
(combined_id.endpoint, ip_type))
assert isinstance(dispatch_chains, DispatchChains)
assert isinstance(rules_manager, RulesManager)
self.config = config
self.combined_id = combined_id
self.ip_type = ip_type
self.iptables_updater = iptables_updater
self.dispatch_chains = dispatch_chains
self.rules_mgr = rules_manager
self.rules_ref_helper = RefHelper(self, rules_manager,
self._on_profiles_ready)
self._pending_endpoint = None
self._endpoint_update_pending = False
self._mac_changed = False
# Will be filled in as we learn about the OS interface and the
# endpoint config.
self.endpoint = None
self._mac = None
self._iface_name = None
self._suffix = None
# Keep track of which dependencies we're missing.
self._missing_deps = self._calculate_missing_deps()
# Track the success/failure of our dataplane programming.
self._iptables_in_sync = False
self._device_in_sync = False
# One-way flags to indicate that we should clean up/have cleaned up.
self._unreferenced = False
self._added_to_dispatch_chains = False
self._cleaned_up = False
示例5: __init__
def __init__(self, config, combined_id, ip_type, iptables_updater,
dispatch_chains, rules_manager):
"""
Controls a single local endpoint.
:param combined_id: EndpointId for this endpoint.
:param ip_type: IP type for this endpoint (IPv4 or IPv6)
:param iptables_updater: IptablesUpdater to use
:param dispatch_chains: DispatchChains to use
:param rules_manager: RulesManager to use
"""
super(LocalEndpoint, self).__init__(qualifier="%s(%s)" %
(combined_id.endpoint, ip_type))
assert isinstance(dispatch_chains, DispatchChains)
assert isinstance(rules_manager, RulesManager)
self.combined_id = combined_id
self.config = config
self.ip_type = ip_type
self.ip_version = futils.IP_TYPE_TO_VERSION[ip_type]
if self.ip_type == IPV4:
self.nets_key = "ipv4_nets"
else:
self.nets_key = "ipv6_nets"
self.iptables_updater = iptables_updater
self.dispatch_chains = dispatch_chains
self.rules_mgr = rules_manager
self.rules_ref_helper = RefHelper(self, rules_manager,
self._on_profiles_ready)
# Will be filled in as we learn about the OS interface and the
# endpoint config.
self.endpoint = None
self._mac = None
self._iface_name = None
self._suffix = None
# Track whether the last attempt to program the dataplane succeeded.
# We'll force a reprogram next time we get a kick.
self._failed = False
# And whether we've received an update since last time we programmed.
self._dirty = False
示例6: __init__
def __init__(self, iptables_generator, profile_id, ip_version,
iptables_updater, ipset_mgr):
super(ProfileRules, self).__init__(qualifier=profile_id)
assert profile_id is not None
self.iptables_generator = iptables_generator
self.id = profile_id
self.ip_version = ip_version
self._ipset_mgr = ipset_mgr
self._iptables_updater = iptables_updater
self._ipset_refs = RefHelper(self, ipset_mgr, self._on_ipsets_acquired)
# Latest profile update - a profile dictionary.
self._pending_profile = None
# Currently-programmed profile dictionary.
self._profile = None
self._required_tags = set()
# State flags.
self._notified_ready = False
self._cleaned_up = False
self._dead = False
self._dirty = True
示例7: __init__
def __init__(self, profile_id, ip_version, iptables_updater, ipset_mgr):
super(ProfileRules, self).__init__(qualifier=profile_id)
assert profile_id is not None
self.id = profile_id
self.ip_version = ip_version
self.ipset_mgr = ipset_mgr
self._iptables_updater = iptables_updater
self.notified_ready = False
self.ipset_refs = RefHelper(self, ipset_mgr, self._maybe_update)
self._profile = None
"""
:type dict|None: filled in by first update. Reset to None on delete.
"""
self.dead = False
self.chain_names = {
"inbound": profile_to_chain_name("inbound", profile_id),
"outbound": profile_to_chain_name("outbound", profile_id),
}
_log.info("Profile %s has chain names %s",
profile_id, self.chain_names)
示例8: LocalEndpoint
class LocalEndpoint(RefCountedActor):
def __init__(self, config, combined_id, ip_type, iptables_updater, dispatch_chains, rules_manager, status_reporter):
"""
Controls a single local endpoint.
:param combined_id: EndpointId for this endpoint.
:param ip_type: IP type for this endpoint (IPv4 or IPv6)
:param iptables_updater: IptablesUpdater to use
:param dispatch_chains: DispatchChains to use
:param rules_manager: RulesManager to use
"""
super(LocalEndpoint, self).__init__(qualifier="%s(%s)" % (combined_id.endpoint, ip_type))
assert isinstance(dispatch_chains, DispatchChains)
assert isinstance(rules_manager, RulesManager)
self.config = config
self.iptables_generator = config.plugins["iptables_generator"]
self.combined_id = combined_id
self.ip_type = ip_type
# Other actors we need to talk to.
self.iptables_updater = iptables_updater
self.dispatch_chains = dispatch_chains
self.rules_mgr = rules_manager
self.status_reporter = status_reporter
# Helper for acquiring/releasing profiles.
self.rules_ref_helper = RefHelper(self, rules_manager, self._on_profiles_ready)
# Per-batch state.
self._pending_endpoint = None
self._endpoint_update_pending = False
self._mac_changed = False
# Current endpoint data.
self.endpoint = None
# Will be filled in as we learn about the OS interface and the
# endpoint config.
self._mac = None
self._iface_name = None
self._suffix = None
# Track the success/failure of our dataplane programming.
self._chains_programmed = False
self._iptables_in_sync = False
self._device_in_sync = False
# Oper-state of the Linux interface.
self._device_is_up = None # Unknown
# Our last status report. Used for de-dupe.
self._last_status = None
# One-way flags to indicate that we should clean up/have cleaned up.
self._unreferenced = False
self._added_to_dispatch_chains = False
self._cleaned_up = False
@property
def nets_key(self):
if self.ip_type == IPV4:
return "ipv4_nets"
else:
return "ipv6_nets"
@property
def _admin_up(self):
return not self._unreferenced and self.endpoint and self.endpoint.get("state") == "active"
@actor_message()
def on_endpoint_update(self, endpoint, force_reprogram=False):
"""
Called when this endpoint has received an update.
:param dict[str]|NoneType endpoint: endpoint parameter dictionary.
"""
_log.info("%s updated: %s", self, endpoint)
assert not self._unreferenced, "Update after being unreferenced"
# Store off the update, to be handled in _finish_msg_batch.
self._pending_endpoint = endpoint
self._endpoint_update_pending = True
if force_reprogram:
self._iptables_in_sync = False
self._device_in_sync = False
@actor_message()
def on_interface_update(self, iface_up):
"""
Actor event to report that the interface is either up or changed.
"""
_log.info("Endpoint %s received interface kick: %s", self.combined_id, iface_up)
assert not self._unreferenced, "Interface kick after unreference"
# Use a flag so that we coalesce any duplicate updates in
# _finish_msg_batch.
self._device_in_sync = False
self._device_is_up = iface_up
#.........这里部分代码省略.........
示例9: LocalEndpoint
class LocalEndpoint(RefCountedActor):
def __init__(self, config, combined_id, ip_type, iptables_updater,
dispatch_chains, rules_manager):
"""
Controls a single local endpoint.
:param combined_id: EndpointId for this endpoint.
:param ip_type: IP type for this endpoint (IPv4 or IPv6)
:param iptables_updater: IptablesUpdater to use
:param dispatch_chains: DispatchChains to use
:param rules_manager: RulesManager to use
"""
super(LocalEndpoint, self).__init__(qualifier="%s(%s)" %
(combined_id.endpoint, ip_type))
assert isinstance(dispatch_chains, DispatchChains)
assert isinstance(rules_manager, RulesManager)
self.config = config
self.combined_id = combined_id
self.ip_type = ip_type
self.iptables_updater = iptables_updater
self.dispatch_chains = dispatch_chains
self.rules_mgr = rules_manager
self.rules_ref_helper = RefHelper(self, rules_manager,
self._on_profiles_ready)
self._pending_endpoint = None
self._endpoint_update_pending = False
self._mac_changed = False
# Will be filled in as we learn about the OS interface and the
# endpoint config.
self.endpoint = None
self._mac = None
self._iface_name = None
self._suffix = None
# Keep track of which dependencies we're missing.
self._missing_deps = self._calculate_missing_deps()
# Track the success/failure of our dataplane programming.
self._iptables_in_sync = False
self._device_in_sync = False
# One-way flags to indicate that we should clean up/have cleaned up.
self._unreferenced = False
self._added_to_dispatch_chains = False
self._cleaned_up = False
@property
def nets_key(self):
if self.ip_type == IPV4:
return "ipv4_nets"
else:
return "ipv6_nets"
@actor_message()
def on_endpoint_update(self, endpoint, force_reprogram=False):
"""
Called when this endpoint has received an update.
:param dict[str]|NoneType endpoint: endpoint parameter dictionary.
"""
_log.info("%s updated: %s", self, endpoint)
assert not self._unreferenced, "Update after being unreferenced"
# Store off the update, to be handled in _finish_msg_batch.
self._pending_endpoint = endpoint
self._endpoint_update_pending = True
if force_reprogram:
self._iptables_in_sync = False
self._device_in_sync = False
@actor_message()
def on_interface_update(self):
"""
Actor event to report that the interface is either up or changed.
"""
_log.info("Endpoint %s received interface kick", self.combined_id)
# Use a flag so that we coalesce any duplicate updates in
# _finish_msg_batch.
self._device_in_sync = False
@actor_message()
def on_unreferenced(self):
"""
Overrides RefCountedActor:on_unreferenced.
"""
_log.info("%s now unreferenced, cleaning up", self)
# We should be deleted before being unreferenced.
assert self.endpoint is None or (self._pending_endpoint is None and
self._endpoint_update_pending)
# Defer the processing to _finish_msg_batch.
self._unreferenced = True
#.........这里部分代码省略.........
示例10: LocalEndpoint
class LocalEndpoint(RefCountedActor):
def __init__(self, config, combined_id, ip_type, iptables_updater, dispatch_chains, rules_manager):
"""
Controls a single local endpoint.
:param combined_id: EndpointId for this endpoint.
:param ip_type: IP type for this endpoint (IPv4 or IPv6)
:param iptables_updater: IptablesUpdater to use
:param dispatch_chains: DispatchChains to use
:param rules_manager: RulesManager to use
"""
super(LocalEndpoint, self).__init__(qualifier="%s(%s)" % (combined_id.endpoint, ip_type))
assert isinstance(dispatch_chains, DispatchChains)
assert isinstance(rules_manager, RulesManager)
self.combined_id = combined_id
self.config = config
self.ip_type = ip_type
self.ip_version = futils.IP_TYPE_TO_VERSION[ip_type]
if self.ip_type == IPV4:
self.nets_key = "ipv4_nets"
else:
self.nets_key = "ipv6_nets"
self.iptables_updater = iptables_updater
self.dispatch_chains = dispatch_chains
self.rules_mgr = rules_manager
self.rules_ref_helper = RefHelper(self, rules_manager, self._on_profiles_ready)
# Will be filled in as we learn about the OS interface and the
# endpoint config.
self.endpoint = None
self._mac = None
self._iface_name = None
self._suffix = None
# Track whether the last attempt to program the dataplane succeeded.
# We'll force a reprogram next time we get a kick.
self._failed = False
# And whether we've received an update since last time we programmed.
self._dirty = False
@actor_message()
def on_endpoint_update(self, endpoint, force_reprogram=False):
"""
Called when this endpoint has received an update.
:param dict[str] endpoint: endpoint parameter dictionary.
"""
_log.info("%s updated: %s", self, endpoint)
mac_changed = False
if not endpoint and not self.endpoint:
# First time we have been called, but it's a delete! Maybe some
# odd timing window, but we have nothing to tidy up.
return
if endpoint and endpoint["mac"] != self._mac:
# Either we have not seen this MAC before, or it has changed.
self._mac = endpoint["mac"]
mac_changed = True
if endpoint and not self.endpoint:
# This is the first time we have seen the endpoint, so extract the
# interface name and endpoint ID.
self._iface_name = endpoint["name"]
self._suffix = interface_to_suffix(self.config, self._iface_name)
was_ready = self._ready
# Activate the required profile IDs (and deactivate any that we no
# longer need).
if endpoint:
new_profile_ids = set(endpoint["profile_ids"])
else:
new_profile_ids = set()
# Note: we don't actually need to wait for the activation to finish
# due to the dependency management in the iptables layer.
self.rules_ref_helper.replace_all(new_profile_ids)
if endpoint != self.endpoint or force_reprogram:
self._dirty = True
# Store off the endpoint we were passed.
self.endpoint = endpoint
if endpoint:
# Configure the network interface; may fail if not there yet (in
# which case we'll just do it when the interface comes up).
self._configure_interface(mac_changed)
else:
# Remove the network programming.
self._deconfigure_interface()
self._maybe_update(was_ready)
_log.debug("%s finished processing update", self)
@actor_message()
def on_unreferenced(self):
"""
Overrides RefCountedActor:on_unreferenced.
#.........这里部分代码省略.........
示例11: setUp
def setUp(self):
super(TestRefHelper, self).setUp()
self._rh = RefHelper(self._rm,
self._rm,
self._rm.ready_callback)
示例12: TestRefHelper
class TestRefHelper(TestReferenceManager):
def setUp(self):
super(TestRefHelper, self).setUp()
self._rh = RefHelper(self._rm,
self._rm,
self._rm.ready_callback)
def test_no_refs(self):
# With no references, we're ready but haven't been notified
self.assertFalse(self._rm._ready_called)
self.assertTrue(self._rh.ready)
# Discarding non-existent references is allowed
self._rh.discard_ref("foo")
def test_acquire_discard_1(self):
# Acquire a reference to 'foo' - it won't be ready immediately
self._rh.acquire_ref("foo")
self.assertFalse(self._rm._ready_called)
self.assertFalse(self._rh.ready)
# Spin the actor framework - we become ready
_, obj = self.call_via_cb(self._rm.get_and_incref, "bar", async=True)
self.assertTrue(self._rm._ready_called)
self.assertTrue(self._rh.ready)
self.assertEqual(next(self._rh.iteritems())[0], "foo")
# Acquiring an already-acquired reference is idempotent
self._rh.acquire_ref("foo")
self.assertTrue(self._rh.ready)
# Discard the reference
self._rh.discard_ref("foo")
_, obj = self.call_via_cb(self._rm.get_and_incref, "baz", async=True)
self.assertTrue(self._rh.ready)
def test_sync_acquire_discard(self):
# Acquire a reference and discard it before it's become ready
self._rh.acquire_ref("foo")
self.assertFalse(self._rh.ready)
self._rh.discard_ref("foo")
self.assertTrue(self._rh.ready)
# Spin the actor framework
_, obj = self.call_via_cb(self._rm.get_and_incref, "bar", async=True)
def test_acquire_discard_2(self):
# Acquire two references
self._rh.acquire_ref("foo")
_, obj = self.call_via_cb(self._rm.get_and_incref, "bar", async=True)
self._rh.acquire_ref("baz")
self.assertFalse(self._rh.ready)
_, obj = self.call_via_cb(self._rm.get_and_incref, "bar2", async=True)
acq_ids = list(key for key, value in self._rh.iteritems())
self.assertItemsEqual(acq_ids, ["foo", "baz"])
self.assertTrue(self._rh.ready)
# Discard them all!
self._rh.discard_all()
示例13: ProfileRules
class ProfileRules(RefCountedActor):
"""
Actor that owns the per-profile rules chains.
"""
def __init__(self, iptables_generator, profile_id, ip_version,
iptables_updater, ipset_mgr):
super(ProfileRules, self).__init__(qualifier=profile_id)
assert profile_id is not None
self.iptables_generator = iptables_generator
self.id = profile_id
self.ip_version = ip_version
self._ipset_mgr = ipset_mgr
self._iptables_updater = iptables_updater
self._ipset_refs = RefHelper(self, ipset_mgr, self._on_ipsets_acquired)
# Latest profile update - a profile dictionary.
self._pending_profile = None
# Currently-programmed profile dictionary.
self._profile = None
# The IDs of the tags and selector ipsets it requires.
self._required_ipsets = set()
# State flags.
self._notified_ready = False
self._cleaned_up = False
self._dead = False
self._dirty = True
@actor_message()
def on_profile_update(self, profile, force_reprogram=False):
"""
Update the programmed iptables configuration with the new
profile.
:param dict[str]|NoneType profile: Dictionary of all profile data or
None if profile is to be deleted.
"""
_log.debug("%s: Profile update: %s", self, profile)
assert not self._dead, "Shouldn't receive updates after we're dead."
self._pending_profile = profile
self._dirty |= force_reprogram
@actor_message()
def on_unreferenced(self):
"""
Called to tell us that this profile is no longer needed.
"""
# Flag that we're dead and then let finish_msg_batch() do the cleanup.
self._dead = True
def _on_ipsets_acquired(self):
"""
Callback from the RefHelper once it's acquired all the ipsets we
need.
This is called from an actor_message on our greenlet.
"""
# Nothing to do here, if this is being called then we're already in
# a message batch so _finish_msg_batch() will get called next.
_log.info("All required ipsets acquired.")
def _finish_msg_batch(self, batch, results):
# Due to dependency management in IptablesUpdater, we don't need to
# worry about programming the dataplane before notifying so do it on
# this common code path.
if not self._notified_ready:
self._notify_ready()
self._notified_ready = True
if self._dead:
# Only want to clean up once. Note: we can get here a second time
# if we had a pending ipset incref in-flight when we were asked
# to clean up.
if not self._cleaned_up:
try:
_log.info("%s unreferenced, removing our chains", self)
self._delete_chains()
self._ipset_refs.discard_all()
self._ipset_refs = None # Break ref cycle.
self._profile = None
self._pending_profile = None
finally:
self._cleaned_up = True
self._notify_cleanup_complete()
else:
if self._pending_profile != self._profile:
_log.debug("Profile data changed, updating ipset references.")
# Make sure that all the new tags and selectors are active.
# We can't discard unneeded ones until we've updated iptables.
new_tags_and_sels = extract_tags_and_selectors_from_profile(
self._pending_profile
)
for tag_or_sel in new_tags_and_sels:
_log.debug("Requesting ipset for tag %s", tag_or_sel)
# Note: acquire_ref() is a no-op if already acquired.
self._ipset_refs.acquire_ref(tag_or_sel)
self._dirty = True
self._profile = self._pending_profile
#.........这里部分代码省略.........
示例14: LocalEndpoint
class LocalEndpoint(RefCountedActor):
def __init__(self, config, combined_id, ip_type, iptables_updater,
dispatch_chains, rules_manager, fip_manager, status_reporter):
"""
Controls a single local endpoint.
:param combined_id: EndpointId for this endpoint.
:param ip_type: IP type for this endpoint (IPv4 or IPv6)
:param iptables_updater: IptablesUpdater to use
:param dispatch_chains: DispatchChains to use
:param rules_manager: RulesManager to use
:param fip_manager: FloatingIPManager to use
"""
super(LocalEndpoint, self).__init__(qualifier="%s(%s)" %
(combined_id.endpoint, ip_type))
assert isinstance(rules_manager, RulesManager)
self.config = config
self.iptables_generator = config.plugins["iptables_generator"]
self.combined_id = combined_id
self.ip_type = ip_type
# Other actors we need to talk to.
self.iptables_updater = iptables_updater
self.dispatch_chains = dispatch_chains
self.rules_mgr = rules_manager
self.status_reporter = status_reporter
self.fip_manager = fip_manager
# Helper for acquiring/releasing profiles.
self._rules_ref_helper = RefHelper(self, rules_manager,
self._on_profiles_ready)
# List of global policies that we care about.
self._pol_ids_by_tier = OrderedDict()
# List of explicit profile IDs that we've processed.
self._explicit_profile_ids = None
# Per-batch state.
self._pending_endpoint = None
self._endpoint_update_pending = False
self._mac_changed = False
# IPs that no longer belong to this endpoint and need cleaning up.
self._removed_ips = set()
# Current endpoint data.
self.endpoint = None
# Will be filled in as we learn about the OS interface and the
# endpoint config.
self._mac = None
self._iface_name = None
self._suffix = None
# Track the success/failure of our dataplane programming.
self._chains_programmed = False
self._iptables_in_sync = False
self._device_in_sync = False
self._profile_ids_dirty = False
# Oper-state of the Linux interface.
self._device_is_up = None # Unknown
# Our last status report. Used for de-dupe.
self._last_status = None
# One-way flags to indicate that we should clean up/have cleaned up.
self._unreferenced = False
self._added_to_dispatch_chains = False
self._cleaned_up = False
@property
def nets_key(self):
if self.ip_type == IPV4:
return "ipv4_nets"
else:
return "ipv6_nets"
@property
def nat_key(self):
return nat_key(self.ip_type)
@property
def _admin_up(self):
return (not self._unreferenced and
self.endpoint and
self.endpoint.get("state", "active") == "active")
@actor_message()
def on_endpoint_update(self, endpoint, force_reprogram=False):
"""
Called when this endpoint has received an update.
:param dict[str]|NoneType endpoint: endpoint parameter dictionary.
"""
_log.info("%s updated: %s", self, endpoint)
assert not self._unreferenced, "Update after being unreferenced"
#.........这里部分代码省略.........
示例15: ProfileRules
class ProfileRules(RefCountedActor):
"""
Actor that owns the per-profile rules chains.
"""
def __init__(self, profile_id, ip_version, iptables_updater, ipset_mgr):
super(ProfileRules, self).__init__(qualifier=profile_id)
assert profile_id is not None
self.id = profile_id
self.ip_version = ip_version
self.ipset_mgr = ipset_mgr
self._iptables_updater = iptables_updater
self.notified_ready = False
self.ipset_refs = RefHelper(self, ipset_mgr, self._maybe_update)
self._profile = None
"""
:type dict|None: filled in by first update. Reset to None on delete.
"""
self.dead = False
self.chain_names = {
"inbound": profile_to_chain_name("inbound", profile_id),
"outbound": profile_to_chain_name("outbound", profile_id),
}
_log.info("Profile %s has chain names %s",
profile_id, self.chain_names)
@actor_message()
def on_profile_update(self, profile):
"""
Update the programmed iptables configuration with the new
profile.
"""
_log.debug("%s: Profile update: %s", self, profile)
assert profile is None or profile["id"] == self.id
assert not self.dead, "Shouldn't receive updates after we're dead."
old_tags = extract_tags_from_profile(self._profile)
new_tags = extract_tags_from_profile(profile)
removed_tags = old_tags - new_tags
added_tags = new_tags - old_tags
for tag in removed_tags:
_log.debug("Queueing ipset for tag %s for decref", tag)
self.ipset_refs.discard_ref(tag)
for tag in added_tags:
_log.debug("Requesting ipset for tag %s", tag)
self.ipset_refs.acquire_ref(tag)
self._profile = profile
self._maybe_update()
def _maybe_update(self):
if self.dead:
_log.info("Not updating: profile is dead.")
elif not self.ipset_refs.ready:
_log.info("Can't program rules %s yet, waiting on ipsets",
self.id)
else:
_log.info("Ready to program rules for %s", self.id)
self._update_chains()
@actor_message()
def on_unreferenced(self):
"""
Called to tell us that this profile is no longer needed. Removes
our iptables configuration.
"""
try:
_log.info("%s unreferenced, removing our chains", self)
self.dead = True
chains = []
for direction in ["inbound", "outbound"]:
chain_name = self.chain_names[direction]
chains.append(chain_name)
self._iptables_updater.delete_chains(chains, async=False)
self.ipset_refs.discard_all()
self.ipset_refs = None # Break ref cycle.
self._profile = None
finally:
self._notify_cleanup_complete()
def _update_chains(self):
"""
Updates the chains in the dataplane.
"""
_log.info("%s Programming iptables with our chains.", self)
updates = {}
for direction in ("inbound", "outbound"):
_log.debug("Updating %s chain for profile %s", direction,
self.id)
new_profile = self._profile or {}
_log.debug("Profile %s: %s", self.id, self._profile)
rules_key = "%s_rules" % direction
new_rules = new_profile.get(rules_key, [])
chain_name = self.chain_names[direction]
tag_to_ip_set_name = {}
for tag, ipset in self.ipset_refs.iteritems():
#.........这里部分代码省略.........