Example 1 with FirewallRulesCidrsVO
use of com.cloud.network.dao.FirewallRulesCidrsVO in project cloudstack by apache.
the class BigSwitchBcfUtils method listACLbyNetwork.
public List<AclData> listACLbyNetwork(Network network) {
List<AclData> aclList = new ArrayList<AclData>();
List<FirewallRuleVO> fwRules;
fwRules = _fwRulesDao.listByNetworkAndPurposeAndNotRevoked(network.getId(), Purpose.Firewall);
List<FirewallRulesCidrsVO> fwCidrList = null;
SubnetUtils utils;
for (FirewallRuleVO rule : fwRules) {
AclData acl = new AclData();
acl.setId(rule.getUuid());
// CloudStack Firewall interface does not have priority
acl.setPriority((int) rule.getId());
acl.setIpProto(rule.getProtocol());
String cidr = null;
Integer port = rule.getSourcePortStart();
fwCidrList = _fwCidrsDao.listByFirewallRuleId(rule.getId());
if (fwCidrList != null) {
if (fwCidrList.size() > 1 || !rule.getSourcePortEnd().equals(port)) {
continue;
} else {
cidr = fwCidrList.get(0).getCidr();
}
}
if (cidr == null || cidr.equalsIgnoreCase("0.0.0.0/0")) {
cidr = "";
} else {
utils = new SubnetUtils(cidr);
if (!utils.getInfo().getNetworkAddress().equals(utils.getInfo().getAddress())) {
continue;
}
}
acl.setSource(acl.new AclNetwork(cidr, port));
acl.setAction("permit");
aclList.add(acl);
}
List<NetworkACLItemVO> aclItems;
List<NetworkACLItemCidrsVO> aclCidrList;
if (network.getNetworkACLId() != null) {
aclItems = _aclItemDao.listByACL(network.getNetworkACLId());
for (NetworkACLItem item : aclItems) {
AclData acl = new AclData();
acl.setId(item.getUuid());
acl.setPriority(item.getNumber());
acl.setIpProto(item.getProtocol());
// currently BCF supports single cidr policy
String cidr = null;
// currently BCF supports single port policy
Integer port = item.getSourcePortStart();
aclCidrList = _aclItemCidrsDao.listByNetworkACLItemId(item.getId());
if (aclCidrList != null) {
if (aclCidrList.size() > 1 || !item.getSourcePortEnd().equals(port)) {
continue;
} else {
cidr = aclCidrList.get(0).getCidr();
}
}
if (cidr == null || cidr.equalsIgnoreCase("0.0.0.0/0")) {
cidr = "";
} else {
utils = new SubnetUtils(cidr);
if (!utils.getInfo().getNetworkAddress().equals(utils.getInfo().getAddress())) {
continue;
}
}
acl.setSource(acl.new AclNetwork(cidr, port));
acl.setAction(item.getAction().name());
aclList.add(acl);
}
}
return aclList;
}
Also used :
SubnetUtils(org.apache.commons.net.util.SubnetUtils)
ArrayList(java.util.ArrayList)
NetworkACLItemCidrsVO(com.cloud.network.vpc.NetworkACLItemCidrsVO)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
NetworkACLItemVO(com.cloud.network.vpc.NetworkACLItemVO)
NetworkACLItem(com.cloud.network.vpc.NetworkACLItem)
FirewallRulesCidrsVO(com.cloud.network.dao.FirewallRulesCidrsVO)
Example 2 with FirewallRulesCidrsVO
use of com.cloud.network.dao.FirewallRulesCidrsVO in project cloudstack by apache.
the class ExternalGuestNetworkGuru method implement.
@Override
public Network implement(Network config, NetworkOffering offering, DeployDestination dest, ReservationContext context) throws InsufficientVirtualNetworkCapacityException {
assert (config.getState() == State.Implementing) : "Why are we implementing " + config;
if (_networkModel.areServicesSupportedInNetwork(config.getId(), Network.Service.Connectivity)) {
return null;
}
if (!_networkModel.networkIsConfiguredForExternalNetworking(config.getDataCenterId(), config.getId())) {
return super.implement(config, offering, dest, context);
}
DataCenter zone = dest.getDataCenter();
NetworkVO implemented = new NetworkVO(config.getTrafficType(), config.getMode(), config.getBroadcastDomainType(), config.getNetworkOfferingId(), State.Allocated, config.getDataCenterId(), config.getPhysicalNetworkId(), offering.getRedundantRouter());
// Get a vlan tag
int vlanTag;
if (config.getBroadcastUri() == null) {
String vnet = _dcDao.allocateVnet(zone.getId(), config.getPhysicalNetworkId(), config.getAccountId(), context.getReservationId(), UseSystemGuestVlans.valueIn(config.getAccountId()));
try {
// when supporting more types of networks this need to become
// int vlantag = Integer.parseInt(BroadcastDomainType.getValue(vnet));
vlanTag = Integer.parseInt(vnet);
} catch (NumberFormatException e) {
throw new CloudRuntimeException("Obtained an invalid guest vlan tag. Exception: " + e.getMessage());
}
implemented.setBroadcastUri(BroadcastDomainType.Vlan.toUri(vlanTag));
ActionEventUtils.onCompletedActionEvent(CallContext.current().getCallingUserId(), config.getAccountId(), EventVO.LEVEL_INFO, EventTypes.EVENT_ZONE_VLAN_ASSIGN, "Assigned Zone Vlan: " + vnet + " Network Id: " + config.getId(), 0);
} else {
vlanTag = Integer.parseInt(BroadcastDomainType.getValue(config.getBroadcastUri()));
implemented.setBroadcastUri(config.getBroadcastUri());
}
// Determine the new gateway and CIDR
String[] oldCidr = config.getCidr().split("/");
String oldCidrAddress = oldCidr[0];
int cidrSize = Integer.parseInt(oldCidr[1]);
long newCidrAddress = (NetUtils.ip2Long(oldCidrAddress));
// if the implementing network is for vpc, no need to generate newcidr, use the cidr that came from super cidr
if (config.getVpcId() != null) {
implemented.setGateway(config.getGateway());
implemented.setCidr(config.getCidr());
implemented.setState(State.Implemented);
} else {
// Determine the offset from the lowest vlan tag
int offset = getVlanOffset(config.getPhysicalNetworkId(), vlanTag);
cidrSize = getGloballyConfiguredCidrSize();
// If the offset has more bits than there is room for, return null
long bitsInOffset = 32 - Integer.numberOfLeadingZeros(offset);
if (bitsInOffset > (cidrSize - 8)) {
throw new CloudRuntimeException("The offset " + offset + " needs " + bitsInOffset + " bits, but only have " + (cidrSize - 8) + " bits to work with.");
}
newCidrAddress = (NetUtils.ip2Long(oldCidrAddress) & 0xff000000) | (offset << (32 - cidrSize));
implemented.setGateway(NetUtils.long2Ip(newCidrAddress + 1));
implemented.setCidr(NetUtils.long2Ip(newCidrAddress) + "/" + cidrSize);
implemented.setState(State.Implemented);
}
// Mask the Ipv4 address of all nics that use this network with the new guest VLAN offset
List<NicVO> nicsInNetwork = _nicDao.listByNetworkId(config.getId());
for (NicVO nic : nicsInNetwork) {
if (nic.getIPv4Address() != null) {
long ipMask = getIpMask(nic.getIPv4Address(), cidrSize);
nic.setIPv4Address(NetUtils.long2Ip(newCidrAddress | ipMask));
_nicDao.persist(nic);
}
}
// Mask the destination address of all port forwarding rules in this network with the new guest VLAN offset
List<PortForwardingRuleVO> pfRulesInNetwork = _pfRulesDao.listByNetwork(config.getId());
for (PortForwardingRuleVO pfRule : pfRulesInNetwork) {
if (pfRule.getDestinationIpAddress() != null) {
long ipMask = getIpMask(pfRule.getDestinationIpAddress().addr(), cidrSize);
String maskedDestinationIpAddress = NetUtils.long2Ip(newCidrAddress | ipMask);
pfRule.setDestinationIpAddress(new Ip(maskedDestinationIpAddress));
_pfRulesDao.update(pfRule.getId(), pfRule);
}
}
// Mask the destination address of all static nat rules in this network with the new guest VLAN offset
// Here the private ip of the nic get updated. When secondary ip are present the gc will not triggered
List<IPAddressVO> ipAddrsOfNw = _ipAddressDao.listStaticNatPublicIps(config.getId());
for (IPAddressVO ip : ipAddrsOfNw) {
if (ip.getVmIp() != null) {
long ipMask = getIpMask(ip.getVmIp(), cidrSize);
String maskedVmIp = NetUtils.long2Ip(newCidrAddress | ipMask);
ip.setVmIp(maskedVmIp);
_ipAddressDao.update(ip.getId(), ip);
}
}
//Egress rules cidr is subset of guest nework cidr, we need to change
List<FirewallRuleVO> fwEgressRules = _fwRulesDao.listByNetworkPurposeTrafficType(config.getId(), FirewallRule.Purpose.Firewall, FirewallRule.TrafficType.Egress);
for (FirewallRuleVO rule : fwEgressRules) {
//get the cidr list for this rule
List<FirewallRulesCidrsVO> fwRuleCidrsVo = _fwRulesCidrDao.listByFirewallRuleId(rule.getId());
for (FirewallRulesCidrsVO ruleCidrvo : fwRuleCidrsVo) {
String cidr = ruleCidrvo.getCidr();
String cidrAddr = cidr.split("/")[0];
String size = cidr.split("/")[1];
long ipMask = getIpMask(cidrAddr, cidrSize);
String newIp = NetUtils.long2Ip(newCidrAddress | ipMask);
String updatedCidr = newIp + "/" + size;
ruleCidrvo.setSourceCidrList(updatedCidr);
_fwRulesCidrDao.update(ruleCidrvo.getId(), ruleCidrvo);
}
}
return implemented;
}
Also used :
NetworkVO(com.cloud.network.dao.NetworkVO)
PortForwardingRuleVO(com.cloud.network.rules.PortForwardingRuleVO)
Ip(com.cloud.utils.net.Ip)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
DataCenter(com.cloud.dc.DataCenter)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
IPAddressVO(com.cloud.network.dao.IPAddressVO)
FirewallRulesCidrsVO(com.cloud.network.dao.FirewallRulesCidrsVO)
NicVO(com.cloud.vm.NicVO)
Aggregations
FirewallRulesCidrsVO (com.cloud.network.dao.FirewallRulesCidrsVO)2
FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)2
DataCenter (com.cloud.dc.DataCenter)1
IPAddressVO (com.cloud.network.dao.IPAddressVO)1
NetworkVO (com.cloud.network.dao.NetworkVO)1
PortForwardingRuleVO (com.cloud.network.rules.PortForwardingRuleVO)1
NetworkACLItem (com.cloud.network.vpc.NetworkACLItem)1
NetworkACLItemCidrsVO (com.cloud.network.vpc.NetworkACLItemCidrsVO)1
NetworkACLItemVO (com.cloud.network.vpc.NetworkACLItemVO)1
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)1
Ip (com.cloud.utils.net.Ip)1
NicVO (com.cloud.vm.NicVO)1
ArrayList (java.util.ArrayList)1
SubnetUtils (org.apache.commons.net.util.SubnetUtils)1
