@@ -117,7 +117,7 @@ def teardown(self) -> typing.List[str]:
117
117
118
118
if self ._is_secure_vnet_bridge is True :
119
119
commands += self .__down_secure_mode_devices ()
120
- self .firewall .delete_rule ("$IOCAGE_JID " )
120
+ self .firewall .delete_rule ("$IOC_JID " )
121
121
commands += self .firewall .read_commands ()
122
122
123
123
return commands
@@ -128,7 +128,7 @@ def __require_bridge(self) -> None:
128
128
129
129
def __down_host_interface (self ) -> typing .List [str ]:
130
130
nic = libioc .NetworkInterface .QueuingNetworkInterface (
131
- name = f"{ self ._escaped_nic_name } :$IOCAGE_JID " ,
131
+ name = f"{ self ._escaped_nic_name } :$IOC_JID " ,
132
132
extra_settings = ["destroy" ],
133
133
logger = self .logger ,
134
134
insecure = True
@@ -140,8 +140,8 @@ def __down_secure_mode_devices(self) -> typing.List[str]:
140
140
self .logger .verbose ("Downing secure mode devices" )
141
141
commands : typing .List [str ] = []
142
142
secure_mode_nics = [
143
- f"{ self ._escaped_nic_name } :$IOCAGE_JID :a" ,
144
- f"{ self ._escaped_nic_name } :$IOCAGE_JID :net"
143
+ f"{ self ._escaped_nic_name } :$IOC_JID :a" ,
144
+ f"{ self ._escaped_nic_name } :$IOC_JID :net"
145
145
]
146
146
for nic in secure_mode_nics :
147
147
commands += libioc .NetworkInterface .QueuingNetworkInterface (
@@ -237,7 +237,7 @@ def __create_new_epair_interface(
237
237
238
238
epair_a = libioc .NetworkInterface .QueuingNetworkInterface (
239
239
name = None ,
240
- rename = f"{ self ._escaped_nic_name } :$IOCAGE_JID { nic_suffix_a } " ,
240
+ rename = f"{ self ._escaped_nic_name } :$IOC_JID { nic_suffix_a } " ,
241
241
destroy = True ,
242
242
shell_variable_nic_name = variable_name_a ,
243
243
logger = self .logger ,
@@ -248,7 +248,7 @@ def __create_new_epair_interface(
248
248
249
249
epair_b = libioc .NetworkInterface .QueuingNetworkInterface (
250
250
name = None ,
251
- rename = f"{ self ._escaped_nic_name } :$IOCAGE_JID { nic_suffix_b } " ,
251
+ rename = f"{ self ._escaped_nic_name } :$IOC_JID { nic_suffix_b } " ,
252
252
destroy = True ,
253
253
shell_variable_nic_name = variable_name_b ,
254
254
logger = self .logger ,
@@ -274,8 +274,8 @@ def __create_vnet_iface(self) -> typing.Tuple[
274
274
self .firewall .ensure_firewall_enabled ()
275
275
276
276
commands_created += self .__create_new_epair_interface (
277
- variable_name_a = f"IOCAGE_NIC_EPAIR_A_ { self ._nic_hash } " ,
278
- variable_name_b = f"IOCAGE_NIC_EPAIR_B_ { self ._nic_hash } " ,
277
+ variable_name_a = f"IOC_NIC_EPAIR_A_ { self ._nic_hash } " ,
278
+ variable_name_b = f"IOC_NIC_EPAIR_B_ { self ._nic_hash } " ,
279
279
nic_suffix_a = "" ,
280
280
nic_suffix_b = ":j"
281
281
)
@@ -294,7 +294,7 @@ def __create_vnet_iface(self) -> typing.Tuple[
294
294
295
295
host_if = libioc .NetworkInterface .QueuingNetworkInterface (
296
296
name = None ,
297
- shell_variable_nic_name = f"IOCAGE_NIC_EPAIR_A_ { self ._nic_hash } " ,
297
+ shell_variable_nic_name = f"IOC_NIC_EPAIR_A_ { self ._nic_hash } " ,
298
298
mac = mac_address_pair .a ,
299
299
mtu = self .mtu ,
300
300
description = self .nic_local_description ,
@@ -305,15 +305,15 @@ def __create_vnet_iface(self) -> typing.Tuple[
305
305
if self ._is_secure_vnet_bridge is False :
306
306
jail_bridge = libioc .NetworkInterface .QueuingNetworkInterface (
307
307
name = self .bridge .name ,
308
- addm = f"$IOCAGE_NIC_EPAIR_A_ { self ._nic_hash } " ,
308
+ addm = f"$IOC_NIC_EPAIR_A_ { self ._nic_hash } " ,
309
309
logger = self .logger ,
310
310
insecure = True
311
311
)
312
312
commands_created += jail_bridge .read_commands ()
313
313
else :
314
314
commands_created += self .__create_new_epair_interface (
315
- variable_name_a = f"IOCAGE_NIC_EPAIR_C_ { self ._nic_hash } " ,
316
- variable_name_b = f"IOCAGE_NIC_EPAIR_D_ { self ._nic_hash } " ,
315
+ variable_name_a = f"IOC_NIC_EPAIR_C_ { self ._nic_hash } " ,
316
+ variable_name_b = f"IOC_NIC_EPAIR_D_ { self ._nic_hash } " ,
317
317
nic_suffix_a = ":a" ,
318
318
nic_suffix_b = ":b" ,
319
319
mtu = self .mtu
@@ -328,19 +328,19 @@ def __create_vnet_iface(self) -> typing.Tuple[
328
328
name = "bridge" ,
329
329
create = True ,
330
330
destroy = True ,
331
- rename = f"{ self ._escaped_nic_name } :$IOCAGE_JID :net" ,
331
+ rename = f"{ self ._escaped_nic_name } :$IOC_JID :net" ,
332
332
insecure = True ,
333
- shell_variable_nic_name = f"IOCAGE_NIC_BRIDGE_ { self ._nic_hash } " ,
333
+ shell_variable_nic_name = f"IOC_NIC_BRIDGE_ { self ._nic_hash } " ,
334
334
)
335
335
commands_created += sec_bridge .read_commands ()
336
336
337
337
# add nic to secure bridge
338
338
sec_bridge = libioc .NetworkInterface .QueuingNetworkInterface (
339
339
name = None ,
340
- shell_variable_nic_name = f"IOCAGE_NIC_BRIDGE_ { self ._nic_hash } " ,
340
+ shell_variable_nic_name = f"IOC_NIC_BRIDGE_ { self ._nic_hash } " ,
341
341
addm = [
342
- f"$IOCAGE_NIC_EPAIR_A_ { self ._nic_hash } " ,
343
- f"$IOCAGE_NIC_EPAIR_D_ { self ._nic_hash } "
342
+ f"$IOC_NIC_EPAIR_A_ { self ._nic_hash } " ,
343
+ f"$IOC_NIC_EPAIR_D_ { self ._nic_hash } "
344
344
],
345
345
logger = self .logger ,
346
346
insecure = True
@@ -350,7 +350,7 @@ def __create_vnet_iface(self) -> typing.Tuple[
350
350
# add nic to jail bridge
351
351
jail_bridge = libioc .NetworkInterface .QueuingNetworkInterface (
352
352
name = self .bridge .name ,
353
- addm = f"$IOCAGE_NIC_EPAIR_C_ { self ._nic_hash } " ,
353
+ addm = f"$IOC_NIC_EPAIR_C_ { self ._nic_hash } " ,
354
354
logger = self .logger ,
355
355
insecure = True
356
356
)
@@ -360,7 +360,7 @@ def __create_vnet_iface(self) -> typing.Tuple[
360
360
361
361
# assign epair_b to jail
362
362
assigned_if = libioc .NetworkInterface .QueuingNetworkInterface (
363
- shell_variable_nic_name = f"IOCAGE_NIC_EPAIR_B_ { self ._nic_hash } " ,
363
+ shell_variable_nic_name = f"IOC_NIC_EPAIR_B_ { self ._nic_hash } " ,
364
364
vnet = self .jail .identifier ,
365
365
extra_settings = [],
366
366
logger = self .logger
@@ -369,7 +369,7 @@ def __create_vnet_iface(self) -> typing.Tuple[
369
369
370
370
# configure network inside the jail
371
371
jail_if = libioc .NetworkInterface .QueuingNetworkInterface (
372
- name = f"{ self ._escaped_nic_name } :$IOCAGE_JID :j" ,
372
+ name = f"{ self ._escaped_nic_name } :$IOC_JID :j" ,
373
373
mac = str (mac_address_pair .b ),
374
374
mtu = self .mtu ,
375
375
rename = self ._escaped_nic_name ,
@@ -388,7 +388,7 @@ def __configure_firewall(self, mac_address: str) -> typing.List[str]:
388
388
self .logger .verbose (
389
389
f"Configuring Secure VNET Firewall for { self ._escaped_nic_name } "
390
390
)
391
- firewall_rule_number = f"$IOCAGE_JID "
391
+ firewall_rule_number = f"$IOC_JID "
392
392
393
393
for protocol in ["ipv4" , "ipv6" ]:
394
394
addresses = self .__getattribute__ (f"{ protocol } _addresses" )
@@ -405,34 +405,34 @@ def __configure_firewall(self, mac_address: str) -> typing.List[str]:
405
405
"from" , _address , "to" , "any" ,
406
406
"layer2" ,
407
407
"MAC" , "any" , mac_address ,
408
- "via" , f"{ self ._escaped_nic_name } :$IOCAGE_JID :b" ,
408
+ "via" , f"{ self ._escaped_nic_name } :$IOC_JID :b" ,
409
409
"out"
410
410
], insecure = True )
411
411
self .firewall .add_rule (firewall_rule_number , [
412
412
"allow" , protocol ,
413
413
"from" , "any" , "to" , _address ,
414
414
"layer2" ,
415
415
"MAC" , mac_address , "any" ,
416
- "via" , f"{ self ._escaped_nic_name } :$IOCAGE_JID " ,
416
+ "via" , f"{ self ._escaped_nic_name } :$IOC_JID " ,
417
417
"out"
418
418
], insecure = True )
419
419
self .firewall .add_rule (firewall_rule_number , [
420
420
"allow" , protocol ,
421
421
"from" , "any" , "to" , _address ,
422
- "via" , f"{ self ._escaped_nic_name } :$IOCAGE_JID " ,
422
+ "via" , f"{ self ._escaped_nic_name } :$IOC_JID " ,
423
423
"out"
424
424
], insecure = True )
425
425
self .firewall .add_rule (firewall_rule_number , [
426
426
"deny" , "log" , protocol ,
427
427
"from" , "any" , "to" , "any" ,
428
428
"layer2" ,
429
- "via" , f"{ self ._escaped_nic_name } :$IOCAGE_JID :b" ,
429
+ "via" , f"{ self ._escaped_nic_name } :$IOC_JID :b" ,
430
430
"out"
431
431
], insecure = True )
432
432
self .firewall .add_rule (firewall_rule_number , [
433
433
"deny" , "log" , protocol ,
434
434
"from" , "any" , "to" , "any" ,
435
- "via" , f"{ self ._escaped_nic_name } :$IOCAGE_JID " ,
435
+ "via" , f"{ self ._escaped_nic_name } :$IOC_JID " ,
436
436
"out"
437
437
], insecure = True )
438
438
self .logger .debug ("Firewall rules added" )
@@ -442,7 +442,7 @@ def __configure_firewall(self, mac_address: str) -> typing.List[str]:
442
442
def __up_host_if (self ) -> typing .List [str ]:
443
443
host_if = libioc .NetworkInterface .QueuingNetworkInterface (
444
444
name = None ,
445
- shell_variable_nic_name = f"IOCAGE_NIC_EPAIR_A_ { self ._nic_hash } " ,
445
+ shell_variable_nic_name = f"IOC_NIC_EPAIR_A_ { self ._nic_hash } " ,
446
446
logger = self .logger
447
447
)
448
448
commands : typing .List [str ] = host_if .read_commands ()
@@ -453,12 +453,12 @@ def env(self) -> typing.Dict[str, typing.Union[str, int]]:
453
453
"""Return a dict of env variables used by the network."""
454
454
name = self ._escaped_nic_name
455
455
script_env : typing .Dict [str , typing .Union [str , int ]] = {
456
- f"IOCAGE_NIC_EPAIR_A_ { self ._nic_hash } " : f"{ name } :$IOCAGE_JID " ,
457
- f"IOCAGE_NIC_EPAIR_B_ { self ._nic_hash } " : name ,
458
- f"IOCAGE_NIC_EPAIR_C_ { self ._nic_hash } " : f"{ name } :$IOCAGE_JID :a" ,
459
- f"IOCAGE_NIC_EPAIR_D_ { self ._nic_hash } " : f"{ name } :$IOCAGE_JID :b" ,
460
- f"IOCAGE_NIC_BRIDGE_ { self ._nic_hash } " : f"{ name } :$IOCAGE_JID :net" ,
461
- f"IOCAGE_NIC_ID_ { self ._nic_hash } " : self .epair_id
456
+ f"IOC_NIC_EPAIR_A_ { self ._nic_hash } " : f"{ name } :$IOC_JID " ,
457
+ f"IOC_NIC_EPAIR_B_ { self ._nic_hash } " : name ,
458
+ f"IOC_NIC_EPAIR_C_ { self ._nic_hash } " : f"{ name } :$IOC_JID :a" ,
459
+ f"IOC_NIC_EPAIR_D_ { self ._nic_hash } " : f"{ name } :$IOC_JID :b" ,
460
+ f"IOC_NIC_BRIDGE_ { self ._nic_hash } " : f"{ name } :$IOC_JID :net" ,
461
+ f"IOC_NIC_ID_ { self ._nic_hash } " : self .epair_id
462
462
}
463
463
return script_env
464
464
0 commit comments