use of com.cloud.agent.api.routing.SetNetworkACLCommand in project cloudstack by apache.
the class VirtualRoutingResourceTest method testNetworkACLCommand.
@Test
public void testNetworkACLCommand() {
final SetNetworkACLCommand cmd = generateSetNetworkACLCommand();
_count = 0;
Answer answer = _resource.executeRequest(cmd);
assertTrue(answer.getResult());
cmd.setAccessDetail(NetworkElementCommand.VPC_PRIVATE_GATEWAY, String.valueOf(VpcGateway.Type.Private));
answer = _resource.executeRequest(cmd);
assertTrue(answer.getResult());
}
use of com.cloud.agent.api.routing.SetNetworkACLCommand in project cosmic by MissionCriticalCloud.
the class CommandSetupHelper method createNetworkACLsCommands.
public void createNetworkACLsCommands(final List<? extends NetworkACLItem> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId, final boolean privateGateway) {
final List<NetworkACLTO> rulesTO = new ArrayList<>();
String guestVlan = null;
final Network guestNtwk = _networkDao.findById(guestNetworkId);
final URI uri = guestNtwk.getBroadcastUri();
if (uri != null) {
guestVlan = BroadcastDomainType.getValue(uri);
}
if (rules != null) {
for (final NetworkACLItem rule : rules) {
final NetworkACLTO ruleTO = new NetworkACLTO(rule, guestVlan, rule.getTrafficType());
rulesTO.add(ruleTO);
}
}
final NicTO nicTO = _networkHelper.getNicTO(router, guestNetworkId, null);
final SetNetworkACLCommand cmd = new SetNetworkACLCommand(rulesTO, nicTO);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG, guestVlan);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
final Zone zone = zoneRepository.findOne(router.getDataCenterId());
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, zone.getNetworkType().toString());
if (privateGateway) {
cmd.setAccessDetail(NetworkElementCommand.VPC_PRIVATE_GATEWAY, String.valueOf(VpcGateway.Type.Private));
}
cmds.addCommand(cmd);
}
use of com.cloud.agent.api.routing.SetNetworkACLCommand in project cosmic by MissionCriticalCloud.
the class SetNetworkAclConfigItem method generateConfig.
@Override
public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) {
final SetNetworkACLCommand command = (SetNetworkACLCommand) cmd;
final String privateGw = cmd.getAccessDetail(NetworkElementCommand.VPC_PRIVATE_GATEWAY);
final String[][] rules = command.generateFwRules();
final String[] aclRules = rules[0];
final NicTO nic = command.getNic();
final String netmask = Long.toString(NetUtils.getCidrSize(nic.getNetmask()));
final List<AclRule> ingressRules = new ArrayList<>();
final List<AclRule> egressRules = new ArrayList<>();
for (final String aclRule1 : aclRules) {
final AclRule aclRule;
final String[] ruleParts = aclRule1.split(":");
switch(ruleParts[1].toLowerCase()) {
case "icmp":
aclRule = new IcmpAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[2]), Integer.parseInt(ruleParts[3]));
break;
case "tcp":
aclRule = new TcpAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[2]), Integer.parseInt(ruleParts[3]));
break;
case "udp":
aclRule = new UdpAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[2]), Integer.parseInt(ruleParts[3]));
break;
case "all":
aclRule = new AllAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]));
break;
default:
// So, let's catch the exception and continue in the loop.
try {
aclRule = new ProtocolAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[1]));
} catch (final Exception e) {
s_logger.warn("Unable to read ACL rule definition, string format is different than expected. Original message => " + e.getMessage());
continue;
}
}
if ("Ingress".equals(ruleParts[0])) {
ingressRules.add(aclRule);
} else {
egressRules.add(aclRule);
}
}
final NetworkACL networkACL = new NetworkACL(nic.getMac(), privateGw != null, nic.getIp(), netmask, ingressRules.toArray(new AclRule[ingressRules.size()]), egressRules.toArray(new AclRule[egressRules.size()]));
return generateConfigItems(networkACL);
}
use of com.cloud.agent.api.routing.SetNetworkACLCommand in project cloudstack by apache.
the class SetNetworkAclConfigItem method generateConfig.
@Override
public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) {
final SetNetworkACLCommand command = (SetNetworkACLCommand) cmd;
final String privateGw = cmd.getAccessDetail(NetworkElementCommand.VPC_PRIVATE_GATEWAY);
final String[][] rules = command.generateFwRules();
final String[] aclRules = rules[0];
final NicTO nic = command.getNic();
final String dev = "eth" + nic.getDeviceId();
final String netmask = Long.toString(NetUtils.getCidrSize(nic.getNetmask()));
final List<AclRule> ingressRules = new ArrayList<AclRule>();
final List<AclRule> egressRules = new ArrayList<AclRule>();
for (int i = 0; i < aclRules.length; i++) {
AclRule aclRule;
final String[] ruleParts = aclRules[i].split(":");
switch(ruleParts[1].toLowerCase()) {
case "icmp":
aclRule = new IcmpAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[2]), Integer.parseInt(ruleParts[3]));
break;
case "tcp":
aclRule = new TcpAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[2]), Integer.parseInt(ruleParts[3]));
break;
case "udp":
aclRule = new UdpAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[2]), Integer.parseInt(ruleParts[3]));
break;
case "all":
aclRule = new AllAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]));
break;
default:
// So, let's catch the exception and continue in the loop.
try {
aclRule = new ProtocolAclRule(ruleParts[4], "ACCEPT".equals(ruleParts[5]), Integer.parseInt(ruleParts[1]));
} catch (final Exception e) {
s_logger.warn("Problem occured when reading the entries in the ruleParts array. Actual array size is '" + ruleParts.length + "', but trying to read from index 5.");
continue;
}
}
if ("Ingress".equals(ruleParts[0])) {
ingressRules.add(aclRule);
} else {
egressRules.add(aclRule);
}
}
final NetworkACL networkACL = new NetworkACL(dev, nic.getMac(), privateGw != null, nic.getIp(), netmask, ingressRules.toArray(new AclRule[ingressRules.size()]), egressRules.toArray(new AclRule[egressRules.size()]));
return generateConfigItems(networkACL);
}
use of com.cloud.agent.api.routing.SetNetworkACLCommand in project cloudstack by apache.
the class VirtualRoutingResourceTest method generateSetNetworkACLCommand.
protected SetNetworkACLCommand generateSetNetworkACLCommand() {
final List<NetworkACLTO> acls = new ArrayList<>();
final List<String> cidrs = new ArrayList<>();
cidrs.add("192.168.0.1/24");
cidrs.add("192.168.0.2/24");
acls.add(new NetworkACLTO(1, "64", "TCP", 20, 80, false, false, cidrs, 0, 0, TrafficType.Ingress, true, 1));
acls.add(new NetworkACLTO(2, "64", "ICMP", 0, 0, false, false, cidrs, -1, -1, TrafficType.Ingress, false, 2));
acls.add(new NetworkACLTO(3, "65", "ALL", 0, 0, false, false, cidrs, -1, -1, TrafficType.Egress, true, 3));
final NicTO nic = new NicTO();
nic.setMac("01:23:45:67:89:AB");
nic.setIp("192.168.1.1");
nic.setNetmask("255.255.255.0");
final SetNetworkACLCommand cmd = new SetNetworkACLCommand(acls, nic);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, ROUTERNAME);
return cmd;
}
Aggregations