Search in sources :

Example 1 with SetNetworkACLCommand

use of com.cloud.agent.api.routing.SetNetworkACLCommand in project cloudstack by apache.

the class VirtualRoutingResourceTest method testNetworkACLCommand.

@Test
public void testNetworkACLCommand() {
    final SetNetworkACLCommand cmd = generateSetNetworkACLCommand();
    _count = 0;
    Answer answer = _resource.executeRequest(cmd);
    assertTrue(answer.getResult());
    cmd.setAccessDetail(NetworkElementCommand.VPC_PRIVATE_GATEWAY, String.valueOf(VpcGateway.Type.Private));
    answer = _resource.executeRequest(cmd);
    assertTrue(answer.getResult());
}
Also used : GroupAnswer(com.cloud.agent.api.routing.GroupAnswer) Answer(com.cloud.agent.api.Answer) SetNetworkACLCommand(com.cloud.agent.api.routing.SetNetworkACLCommand) Test(org.junit.Test)

Example 2 with SetNetworkACLCommand

use of com.cloud.agent.api.routing.SetNetworkACLCommand in project cosmic by MissionCriticalCloud.

the class CommandSetupHelper method createNetworkACLsCommands.

public void createNetworkACLsCommands(final List<? extends NetworkACLItem> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId, final boolean privateGateway) {
    final List<NetworkACLTO> rulesTO = new ArrayList<>();
    String guestVlan = null;
    final Network guestNtwk = _networkDao.findById(guestNetworkId);
    final URI uri = guestNtwk.getBroadcastUri();
    if (uri != null) {
        guestVlan = BroadcastDomainType.getValue(uri);
    }
    if (rules != null) {
        for (final NetworkACLItem rule : rules) {
            final NetworkACLTO ruleTO = new NetworkACLTO(rule, guestVlan, rule.getTrafficType());
            rulesTO.add(ruleTO);
        }
    }
    final NicTO nicTO = _networkHelper.getNicTO(router, guestNetworkId, null);
    final SetNetworkACLCommand cmd = new SetNetworkACLCommand(rulesTO, nicTO);
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
    cmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG, guestVlan);
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
    final Zone zone = zoneRepository.findOne(router.getDataCenterId());
    cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, zone.getNetworkType().toString());
    if (privateGateway) {
        cmd.setAccessDetail(NetworkElementCommand.VPC_PRIVATE_GATEWAY, String.valueOf(VpcGateway.Type.Private));
    }
    cmds.addCommand(cmd);
}
Also used : NetworkACLItem(com.cloud.network.vpc.NetworkACLItem) NetworkACLTO(com.cloud.agent.api.to.NetworkACLTO) Zone(com.cloud.db.model.Zone) Network(com.cloud.network.Network) ArrayList(java.util.ArrayList) SetNetworkACLCommand(com.cloud.agent.api.routing.SetNetworkACLCommand) URI(java.net.URI) NicTO(com.cloud.agent.api.to.NicTO)

Example 3 with SetNetworkACLCommand

use of com.cloud.agent.api.routing.SetNetworkACLCommand in project cosmic by MissionCriticalCloud.

the class SetNetworkAclConfigItem method generateConfig.

@Override
public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) {
    final SetNetworkACLCommand command = (SetNetworkACLCommand) cmd;
    final String privateGw = cmd.getAccessDetail(NetworkElementCommand.VPC_PRIVATE_GATEWAY);
    final String[][] rules = command.generateFwRules();
    final String[] aclRules = rules[0];
    final NicTO nic = command.getNic();
    final String netmask = Long.toString(NetUtils.getCidrSize(nic.getNetmask()));
    final List<AclRule> ingressRules = new ArrayList<>();
    final List<AclRule> egressRules = new ArrayList<>();
    for (final String aclRule1 : aclRules) {
        final AclRule aclRule;
        final String[] ruleParts = aclRule1.split(":");
        switch(ruleParts[1].toLowerCase()) {
            case "icmp":
                aclRule = new IcmpAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[2]), Integer.parseInt(ruleParts[3]));
                break;
            case "tcp":
                aclRule = new TcpAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[2]), Integer.parseInt(ruleParts[3]));
                break;
            case "udp":
                aclRule = new UdpAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[2]), Integer.parseInt(ruleParts[3]));
                break;
            case "all":
                aclRule = new AllAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]));
                break;
            default:
                // So, let's catch the exception and continue in the loop.
                try {
                    aclRule = new ProtocolAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[1]));
                } catch (final Exception e) {
                    s_logger.warn("Unable to read ACL rule definition, string format is different than expected. Original message => " + e.getMessage());
                    continue;
                }
        }
        if ("Ingress".equals(ruleParts[0])) {
            ingressRules.add(aclRule);
        } else {
            egressRules.add(aclRule);
        }
    }
    final NetworkACL networkACL = new NetworkACL(nic.getMac(), privateGw != null, nic.getIp(), netmask, ingressRules.toArray(new AclRule[ingressRules.size()]), egressRules.toArray(new AclRule[egressRules.size()]));
    return generateConfigItems(networkACL);
}
Also used : AllAclRule(com.cloud.agent.resource.virtualnetwork.model.AllAclRule) ArrayList(java.util.ArrayList) SetNetworkACLCommand(com.cloud.agent.api.routing.SetNetworkACLCommand) IcmpAclRule(com.cloud.agent.resource.virtualnetwork.model.IcmpAclRule) NetworkACL(com.cloud.agent.resource.virtualnetwork.model.NetworkACL) ProtocolAclRule(com.cloud.agent.resource.virtualnetwork.model.ProtocolAclRule) TcpAclRule(com.cloud.agent.resource.virtualnetwork.model.TcpAclRule) UdpAclRule(com.cloud.agent.resource.virtualnetwork.model.UdpAclRule) TcpAclRule(com.cloud.agent.resource.virtualnetwork.model.TcpAclRule) AclRule(com.cloud.agent.resource.virtualnetwork.model.AclRule) UdpAclRule(com.cloud.agent.resource.virtualnetwork.model.UdpAclRule) IcmpAclRule(com.cloud.agent.resource.virtualnetwork.model.IcmpAclRule) ProtocolAclRule(com.cloud.agent.resource.virtualnetwork.model.ProtocolAclRule) AllAclRule(com.cloud.agent.resource.virtualnetwork.model.AllAclRule) NicTO(com.cloud.agent.api.to.NicTO)

Example 4 with SetNetworkACLCommand

use of com.cloud.agent.api.routing.SetNetworkACLCommand in project cloudstack by apache.

the class SetNetworkAclConfigItem method generateConfig.

@Override
public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) {
    final SetNetworkACLCommand command = (SetNetworkACLCommand) cmd;
    final String privateGw = cmd.getAccessDetail(NetworkElementCommand.VPC_PRIVATE_GATEWAY);
    final String[][] rules = command.generateFwRules();
    final String[] aclRules = rules[0];
    final NicTO nic = command.getNic();
    final String dev = "eth" + nic.getDeviceId();
    final String netmask = Long.toString(NetUtils.getCidrSize(nic.getNetmask()));
    final List<AclRule> ingressRules = new ArrayList<AclRule>();
    final List<AclRule> egressRules = new ArrayList<AclRule>();
    for (int i = 0; i < aclRules.length; i++) {
        AclRule aclRule;
        final String[] ruleParts = aclRules[i].split(":");
        switch(ruleParts[1].toLowerCase()) {
            case "icmp":
                aclRule = new IcmpAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[2]), Integer.parseInt(ruleParts[3]));
                break;
            case "tcp":
                aclRule = new TcpAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[2]), Integer.parseInt(ruleParts[3]));
                break;
            case "udp":
                aclRule = new UdpAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[2]), Integer.parseInt(ruleParts[3]));
                break;
            case "all":
                aclRule = new AllAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]));
                break;
            default:
                // So, let's catch the exception and continue in the loop.
                try {
                    aclRule = new ProtocolAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[1]));
                } catch (final Exception e) {
                    s_logger.warn("Problem occured when reading the entries in the ruleParts array. Actual array size is '" + ruleParts.length + "', but trying to read from index 5.");
                    continue;
                }
        }
        if ("Ingress".equals(ruleParts[0])) {
            ingressRules.add(aclRule);
        } else {
            egressRules.add(aclRule);
        }
    }
    final NetworkACL networkACL = new NetworkACL(dev, nic.getMac(), privateGw != null, nic.getIp(), netmask, ingressRules.toArray(new AclRule[ingressRules.size()]), egressRules.toArray(new AclRule[egressRules.size()]));
    return generateConfigItems(networkACL);
}
Also used : AllAclRule(com.cloud.agent.resource.virtualnetwork.model.AllAclRule) ArrayList(java.util.ArrayList) SetNetworkACLCommand(com.cloud.agent.api.routing.SetNetworkACLCommand) IcmpAclRule(com.cloud.agent.resource.virtualnetwork.model.IcmpAclRule) NetworkACL(com.cloud.agent.resource.virtualnetwork.model.NetworkACL) ProtocolAclRule(com.cloud.agent.resource.virtualnetwork.model.ProtocolAclRule) TcpAclRule(com.cloud.agent.resource.virtualnetwork.model.TcpAclRule) UdpAclRule(com.cloud.agent.resource.virtualnetwork.model.UdpAclRule) TcpAclRule(com.cloud.agent.resource.virtualnetwork.model.TcpAclRule) AclRule(com.cloud.agent.resource.virtualnetwork.model.AclRule) UdpAclRule(com.cloud.agent.resource.virtualnetwork.model.UdpAclRule) IcmpAclRule(com.cloud.agent.resource.virtualnetwork.model.IcmpAclRule) ProtocolAclRule(com.cloud.agent.resource.virtualnetwork.model.ProtocolAclRule) AllAclRule(com.cloud.agent.resource.virtualnetwork.model.AllAclRule) NicTO(com.cloud.agent.api.to.NicTO)

Example 5 with SetNetworkACLCommand

use of com.cloud.agent.api.routing.SetNetworkACLCommand in project cloudstack by apache.

the class VirtualRoutingResourceTest method generateSetNetworkACLCommand.

protected SetNetworkACLCommand generateSetNetworkACLCommand() {
    final List<NetworkACLTO> acls = new ArrayList<>();
    final List<String> cidrs = new ArrayList<>();
    cidrs.add("192.168.0.1/24");
    cidrs.add("192.168.0.2/24");
    acls.add(new NetworkACLTO(1, "64", "TCP", 20, 80, false, false, cidrs, 0, 0, TrafficType.Ingress, true, 1));
    acls.add(new NetworkACLTO(2, "64", "ICMP", 0, 0, false, false, cidrs, -1, -1, TrafficType.Ingress, false, 2));
    acls.add(new NetworkACLTO(3, "65", "ALL", 0, 0, false, false, cidrs, -1, -1, TrafficType.Egress, true, 3));
    final NicTO nic = new NicTO();
    nic.setMac("01:23:45:67:89:AB");
    nic.setIp("192.168.1.1");
    nic.setNetmask("255.255.255.0");
    final SetNetworkACLCommand cmd = new SetNetworkACLCommand(acls, nic);
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, ROUTERNAME);
    return cmd;
}
Also used : NetworkACLTO(com.cloud.agent.api.to.NetworkACLTO) ArrayList(java.util.ArrayList) SetNetworkACLCommand(com.cloud.agent.api.routing.SetNetworkACLCommand) NicTO(com.cloud.agent.api.to.NicTO)

Aggregations

SetNetworkACLCommand (com.cloud.agent.api.routing.SetNetworkACLCommand)7 NicTO (com.cloud.agent.api.to.NicTO)5 ArrayList (java.util.ArrayList)5 NetworkACLTO (com.cloud.agent.api.to.NetworkACLTO)3 Answer (com.cloud.agent.api.Answer)2 AclRule (com.cloud.agent.resource.virtualnetwork.model.AclRule)2 AllAclRule (com.cloud.agent.resource.virtualnetwork.model.AllAclRule)2 IcmpAclRule (com.cloud.agent.resource.virtualnetwork.model.IcmpAclRule)2 NetworkACL (com.cloud.agent.resource.virtualnetwork.model.NetworkACL)2 ProtocolAclRule (com.cloud.agent.resource.virtualnetwork.model.ProtocolAclRule)2 TcpAclRule (com.cloud.agent.resource.virtualnetwork.model.TcpAclRule)2 UdpAclRule (com.cloud.agent.resource.virtualnetwork.model.UdpAclRule)2 Network (com.cloud.network.Network)2 NetworkACLItem (com.cloud.network.vpc.NetworkACLItem)2 URI (java.net.URI)2 AttachIsoCommand (com.cloud.agent.api.AttachIsoCommand)1 BackupSnapshotCommand (com.cloud.agent.api.BackupSnapshotCommand)1 CheckHealthCommand (com.cloud.agent.api.CheckHealthCommand)1 CheckNetworkCommand (com.cloud.agent.api.CheckNetworkCommand)1 CheckRouterCommand (com.cloud.agent.api.CheckRouterCommand)1