Sławek Kapłoński cbee0f9f88 Use same instance of iptables_manager in L2 agent and extensions

This commit adds common_agent_extension class which is agent API
for L2 extension drivers used e.g. by Linuxbridge agent.
This is necessary to be able to use instance of iptables_manager
used in firewall driver also in L2 extension drivers (like qos).

This patch refactors little bit iptables_manager code to make possible
to initialize e.g. mangle or nat table on demand, even if iptables
is created as "state_less"

Change-Id: I3b66e49b7f176124e8aea3eb96d0d465f1ab1ea0
Closes-Bug: #1736674

2018-01-05 11:07:32 +01:00

1.8 KiB

Raw Blame History

L2 agent extensions

L2 agent extensions are part of a generalized L2/L3 extension framework. See agent extensions <agent_extensions>.

Open vSwitch agent API

neutron.plugins.ml2.drivers.openvswitch.agent.ovs_agent_extension_api

Open vSwitch agent API object includes two methods that return wrapped and hardened bridge objects with cookie values allocated for calling extensions:

#. request_int_br
#. request_tun_br

Bridge objects returned by those methods already have new default cookie values allocated for extension flows. All flow management methods (add_flow, mod_flow, ...) enforce those allocated cookies.

Linuxbridge agent API

neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_agent_extension_api

The Linux bridge agent extension API object includes a method that returns an instance of the IptablesManager class, which is used by the L2 agent to manage security group rules:

#. get_iptables_manager

1.8 KiB Raw Blame History

L2 agent extensions

Open vSwitch agent API

Linuxbridge agent API

1.8 KiB

Raw Blame History