Search in sources :

Example 1 with NATRule

use of org.eclipse.kura.linux.net.iptables.NATRule in project kura by eclipse.

the class NetworkAdminServiceImpl method manageFirewall.

@Override
public void manageFirewall(String gatewayIface) throws KuraException {
    // get desired NAT rules interfaces
    LinkedHashSet<NATRule> desiredNatRules = null;
    ComponentConfiguration networkComponentConfiguration = ((SelfConfiguringComponent) this.m_networkConfigurationService).getConfiguration();
    if (gatewayIface != null && networkComponentConfiguration != null) {
        try {
            NetworkConfiguration netConfiguration = new NetworkConfiguration(networkComponentConfiguration.getConfigurationProperties());
            List<NetInterfaceConfig<? extends NetInterfaceAddressConfig>> netInterfaceConfigs = netConfiguration.getNetInterfaceConfigs();
            for (NetInterfaceConfig<? extends NetInterfaceAddressConfig> netInterfaceConfig : netInterfaceConfigs) {
                String ifaceName = netInterfaceConfig.getName();
                List<? extends NetInterfaceAddressConfig> netInterfaceAddressConfigs = netInterfaceConfig.getNetInterfaceAddresses();
                if (netInterfaceAddressConfigs != null && !netInterfaceAddressConfigs.isEmpty()) {
                    for (NetInterfaceAddressConfig netInterfaceAddressConfig : netInterfaceAddressConfigs) {
                        List<NetConfig> existingNetConfigs = netInterfaceAddressConfig.getConfigs();
                        if (existingNetConfigs != null && !existingNetConfigs.isEmpty()) {
                            for (NetConfig netConfig : existingNetConfigs) {
                                if (netConfig instanceof FirewallAutoNatConfig) {
                                    if (desiredNatRules == null) {
                                        desiredNatRules = new LinkedHashSet<NATRule>();
                                    }
                                    desiredNatRules.add(new NATRule(ifaceName, gatewayIface, true));
                                }
                            }
                        }
                    }
                }
            }
        } catch (UnknownHostException e) {
            s_logger.warn("Exception while updating firewall configuration", e);
        }
    }
    LinuxFirewall firewall = LinuxFirewall.getInstance();
    if (desiredNatRules != null) {
        firewall.replaceAllNatRules(desiredNatRules);
    } else {
        firewall.deleteAllAutoNatRules();
    }
    firewall.enable();
}
Also used : NetInterfaceConfig(org.eclipse.kura.net.NetInterfaceConfig) FirewallAutoNatConfig(org.eclipse.kura.net.firewall.FirewallAutoNatConfig) UnknownHostException(java.net.UnknownHostException) LinuxFirewall(org.eclipse.kura.linux.net.iptables.LinuxFirewall) NATRule(org.eclipse.kura.linux.net.iptables.NATRule) SelfConfiguringComponent(org.eclipse.kura.configuration.SelfConfiguringComponent) ComponentConfiguration(org.eclipse.kura.configuration.ComponentConfiguration) NetConfig(org.eclipse.kura.net.NetConfig) NetworkConfiguration(org.eclipse.kura.core.net.NetworkConfiguration) NetInterfaceAddressConfig(org.eclipse.kura.net.NetInterfaceAddressConfig)

Example 2 with NATRule

use of org.eclipse.kura.linux.net.iptables.NATRule in project kura by eclipse.

the class FirewallAutoNatConfigReader method getConfig.

private void getConfig(NetInterfaceConfig<? extends NetInterfaceAddressConfig> netInterfaceConfig, Properties kuraProps) throws KuraException {
    String interfaceName = netInterfaceConfig.getName();
    NetInterfaceType type = netInterfaceConfig.getType();
    if (type == NetInterfaceType.ETHERNET || type == NetInterfaceType.WIFI) {
        s_logger.debug("Getting NAT config for {}", interfaceName);
        if (kuraProps != null) {
            s_logger.debug("Getting NAT config from kuraProps");
            boolean natEnabled = false;
            boolean useMasquerade = false;
            String prop = null;
            String srcIface = null;
            String dstIface = null;
            StringBuilder sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.enabled");
            if ((prop = kuraProps.getProperty(sb.toString())) != null) {
                natEnabled = Boolean.parseBoolean(prop);
            }
            sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.masquerade");
            if ((prop = kuraProps.getProperty(sb.toString())) != null) {
                useMasquerade = Boolean.parseBoolean(prop);
            }
            sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.src.interface");
            if ((prop = kuraProps.getProperty(sb.toString())) != null) {
                srcIface = prop;
            }
            sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.dst.interface");
            if ((prop = kuraProps.getProperty(sb.toString())) != null) {
                dstIface = prop;
            }
            if (natEnabled) {
                FirewallAutoNatConfig natConfig = new FirewallAutoNatConfig(srcIface, dstIface, useMasquerade);
                List<? extends NetInterfaceAddressConfig> netInterfaceAddressConfigs = netInterfaceConfig.getNetInterfaceAddresses();
                if (netInterfaceAddressConfigs == null) {
                    throw KuraException.internalError("NetInterfaceAddress list is null for interface " + interfaceName);
                } else if (netInterfaceAddressConfigs.size() == 0) {
                    throw KuraException.internalError("NetInterfaceAddress list is empty for interface " + interfaceName);
                }
                for (NetInterfaceAddressConfig netInterfaceAddressConfig : netInterfaceAddressConfigs) {
                    List<NetConfig> netConfigs = netInterfaceAddressConfig.getConfigs();
                    if (netConfigs == null) {
                        netConfigs = new ArrayList<NetConfig>();
                        if (netInterfaceAddressConfig instanceof NetInterfaceAddressConfigImpl) {
                            ((NetInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
                        } else if (netInterfaceAddressConfig instanceof WifiInterfaceAddressConfigImpl) {
                            ((WifiInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
                        }
                    }
                    netConfigs.add(natConfig);
                }
            }
        } else {
            // get it from the firewall file if possible
            LinuxFirewall firewall = LinuxFirewall.getInstance();
            Set<NATRule> natRules = firewall.getAutoNatRules();
            if (natRules != null && !natRules.isEmpty()) {
                Iterator<NATRule> it = natRules.iterator();
                while (it.hasNext()) {
                    NATRule rule = it.next();
                    if (rule.getSourceInterface().equals(interfaceName)) {
                        s_logger.debug("found NAT rule: {}", rule);
                        // this is the one we care about
                        FirewallAutoNatConfig natConfig = new FirewallAutoNatConfig(rule.getSourceInterface(), rule.getDestinationInterface(), rule.isMasquerade());
                        List<? extends NetInterfaceAddressConfig> netInterfaceAddressConfigs = netInterfaceConfig.getNetInterfaceAddresses();
                        if (netInterfaceAddressConfigs == null) {
                            throw KuraException.internalError("NetInterfaceAddress list is null for interface " + interfaceName);
                        } else if (netInterfaceAddressConfigs.size() == 0) {
                            throw KuraException.internalError("NetInterfaceAddress list is empty for interface " + interfaceName);
                        }
                        for (NetInterfaceAddressConfig netInterfaceAddressConfig : netInterfaceAddressConfigs) {
                            List<NetConfig> netConfigs = netInterfaceAddressConfig.getConfigs();
                            if (netConfigs == null) {
                                netConfigs = new ArrayList<NetConfig>();
                                if (netInterfaceAddressConfig instanceof NetInterfaceAddressConfigImpl) {
                                    ((NetInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
                                } else if (netInterfaceAddressConfig instanceof WifiInterfaceAddressConfigImpl) {
                                    ((WifiInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
                                }
                            }
                            netConfigs.add(natConfig);
                        }
                    }
                }
            }
        }
    }
}
Also used : NetInterfaceAddressConfigImpl(org.eclipse.kura.core.net.NetInterfaceAddressConfigImpl) FirewallAutoNatConfig(org.eclipse.kura.net.firewall.FirewallAutoNatConfig) LinuxFirewall(org.eclipse.kura.linux.net.iptables.LinuxFirewall) NATRule(org.eclipse.kura.linux.net.iptables.NATRule) NetInterfaceType(org.eclipse.kura.net.NetInterfaceType) NetConfig(org.eclipse.kura.net.NetConfig) NetInterfaceAddressConfig(org.eclipse.kura.net.NetInterfaceAddressConfig) WifiInterfaceAddressConfigImpl(org.eclipse.kura.core.net.WifiInterfaceAddressConfigImpl)

Example 3 with NATRule

use of org.eclipse.kura.linux.net.iptables.NATRule in project kura by eclipse.

the class FirewallAutoNatConfigWriter method getNatConfigs.

private LinkedHashSet<NATRule> getNatConfigs(NetworkConfiguration networkConfig) {
    LinkedHashSet<NATRule> natConfigs = new LinkedHashSet<NATRule>();
    if (networkConfig != null) {
        ArrayList<String> wanList = new ArrayList<String>();
        ArrayList<String> natList = new ArrayList<String>();
        // get relevant interfaces
        for (NetInterfaceConfig<? extends NetInterfaceAddressConfig> netInterfaceConfig : networkConfig.getNetInterfaceConfigs()) {
            String interfaceName = netInterfaceConfig.getName();
            NetInterfaceStatus status = NetInterfaceStatus.netIPv4StatusUnknown;
            boolean isNat = false;
            for (NetInterfaceAddressConfig addressConfig : netInterfaceConfig.getNetInterfaceAddresses()) {
                for (NetConfig netConfig : addressConfig.getConfigs()) {
                    if (netConfig instanceof NetConfigIP4) {
                        status = ((NetConfigIP4) netConfig).getStatus();
                    } else if (netConfig instanceof FirewallAutoNatConfig) {
                        s_logger.debug("getNatConfigs() :: FirewallAutoNatConfig: {}", ((FirewallAutoNatConfig) netConfig).toString());
                        isNat = true;
                    } else if (netConfig instanceof FirewallNatConfig) {
                        s_logger.debug("getNatConfigs() ::  FirewallNatConfig: {}", ((FirewallNatConfig) netConfig).toString());
                    }
                }
            }
            if (NetInterfaceStatus.netIPv4StatusEnabledWAN.equals(status)) {
                wanList.add(interfaceName);
            } else if (NetInterfaceStatus.netIPv4StatusEnabledLAN.equals(status) && isNat) {
                natList.add(interfaceName);
            }
        }
        // create a nat rule for each interface to all potential wan interfaces
        for (String sourceInterface : natList) {
            for (String destinationInterface : wanList) {
                s_logger.debug("Got NAT rule for source: " + sourceInterface + ", destination: " + destinationInterface);
                natConfigs.add(new NATRule(sourceInterface, destinationInterface, true));
            }
        }
    }
    return natConfigs;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) FirewallAutoNatConfig(org.eclipse.kura.net.firewall.FirewallAutoNatConfig) NetInterfaceStatus(org.eclipse.kura.net.NetInterfaceStatus) ArrayList(java.util.ArrayList) NATRule(org.eclipse.kura.linux.net.iptables.NATRule) FirewallNatConfig(org.eclipse.kura.net.firewall.FirewallNatConfig) NetConfigIP4(org.eclipse.kura.net.NetConfigIP4) NetConfig(org.eclipse.kura.net.NetConfig) NetInterfaceAddressConfig(org.eclipse.kura.net.NetInterfaceAddressConfig)

Example 4 with NATRule

use of org.eclipse.kura.linux.net.iptables.NATRule in project kura by eclipse.

the class FirewallConfigurationServiceImpl method setFirewallNatConfiguration.

@Override
public void setFirewallNatConfiguration(List<FirewallNatConfig> natConfigs) throws KuraException {
    LinuxFirewall firewall = LinuxFirewall.getInstance();
    firewall.deleteAllNatRules();
    ArrayList<NATRule> natRules = new ArrayList<NATRule>();
    for (FirewallNatConfig natConfig : natConfigs) {
        NATRule natRule = new NATRule(natConfig.getSourceInterface(), natConfig.getDestinationInterface(), natConfig.getProtocol(), natConfig.getSource(), natConfig.getDestination(), natConfig.isMasquerade());
        natRules.add(natRule);
    }
    firewall.addNatRules(natRules);
}
Also used : LinuxFirewall(org.eclipse.kura.linux.net.iptables.LinuxFirewall) ArrayList(java.util.ArrayList) NATRule(org.eclipse.kura.linux.net.iptables.NATRule) FirewallNatConfig(org.eclipse.kura.net.firewall.FirewallNatConfig)

Example 5 with NATRule

use of org.eclipse.kura.linux.net.iptables.NATRule in project kura by eclipse.

the class FirewallConfigurationServiceImpl method getFirewallConfiguration.

@Override
public FirewallConfiguration getFirewallConfiguration() throws KuraException {
    s_logger.debug("getting the firewall configuration");
    FirewallConfiguration firewallConfiguration = new FirewallConfiguration();
    LinuxFirewall firewall = LinuxFirewall.getInstance();
    Iterator<LocalRule> localRules = firewall.getLocalRules().iterator();
    while (localRules.hasNext()) {
        LocalRule localRule = localRules.next();
        if (localRule.getPortRange() != null) {
            s_logger.debug("getFirewallConfiguration() :: Adding local rule for {}", localRule.getPortRange());
            firewallConfiguration.addConfig(new FirewallOpenPortConfigIP4(localRule.getPortRange(), NetProtocol.valueOf(localRule.getProtocol()), localRule.getPermittedNetwork(), localRule.getPermittedInterfaceName(), localRule.getUnpermittedInterfaceName(), localRule.getPermittedMAC(), localRule.getSourcePortRange()));
        } else {
            s_logger.debug("getFirewallConfiguration() :: Adding local rule for {}", localRule.getPort());
            firewallConfiguration.addConfig(new FirewallOpenPortConfigIP4(localRule.getPort(), NetProtocol.valueOf(localRule.getProtocol()), localRule.getPermittedNetwork(), localRule.getPermittedInterfaceName(), localRule.getUnpermittedInterfaceName(), localRule.getPermittedMAC(), localRule.getSourcePortRange()));
        }
    }
    Iterator<PortForwardRule> portForwardRules = firewall.getPortForwardRules().iterator();
    while (portForwardRules.hasNext()) {
        PortForwardRule portForwardRule = portForwardRules.next();
        try {
            s_logger.debug("getFirewallConfiguration() :: Adding port forwarding - inbound iface is {}", portForwardRule.getInboundIface());
            firewallConfiguration.addConfig(new FirewallPortForwardConfigIP4(portForwardRule.getInboundIface(), portForwardRule.getOutboundIface(), (IP4Address) IPAddress.parseHostAddress(portForwardRule.getAddress()), NetProtocol.valueOf(portForwardRule.getProtocol()), portForwardRule.getInPort(), portForwardRule.getOutPort(), portForwardRule.isMasquerade(), new NetworkPair<IP4Address>((IP4Address) IPAddress.parseHostAddress(portForwardRule.getPermittedNetwork()), (short) portForwardRule.getPermittedNetworkMask()), portForwardRule.getPermittedMAC(), portForwardRule.getSourcePortRange()));
        } catch (UnknownHostException e) {
            e.printStackTrace();
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
        }
    }
    Iterator<NATRule> autoNatRules = firewall.getAutoNatRules().iterator();
    while (autoNatRules.hasNext()) {
        NATRule autoNatRule = autoNatRules.next();
        s_logger.debug("getFirewallConfiguration() :: Adding auto NAT rules {}", autoNatRule.getSourceInterface());
        firewallConfiguration.addConfig(new FirewallAutoNatConfig(autoNatRule.getSourceInterface(), autoNatRule.getDestinationInterface(), autoNatRule.isMasquerade()));
    }
    Iterator<NATRule> natRules = firewall.getNatRules().iterator();
    while (natRules.hasNext()) {
        NATRule natRule = natRules.next();
        s_logger.debug("getFirewallConfiguration() :: Adding NAT rules {}", natRule.getSourceInterface());
        firewallConfiguration.addConfig(new FirewallNatConfig(natRule.getSourceInterface(), natRule.getDestinationInterface(), natRule.getProtocol(), natRule.getSource(), natRule.getDestination(), natRule.isMasquerade()));
    }
    return firewallConfiguration;
}
Also used : UnknownHostException(java.net.UnknownHostException) FirewallAutoNatConfig(org.eclipse.kura.net.firewall.FirewallAutoNatConfig) PortForwardRule(org.eclipse.kura.linux.net.iptables.PortForwardRule) IP4Address(org.eclipse.kura.net.IP4Address) FirewallConfiguration(org.eclipse.kura.core.net.FirewallConfiguration) LinuxFirewall(org.eclipse.kura.linux.net.iptables.LinuxFirewall) NATRule(org.eclipse.kura.linux.net.iptables.NATRule) FirewallNatConfig(org.eclipse.kura.net.firewall.FirewallNatConfig) NetworkPair(org.eclipse.kura.net.NetworkPair) KuraException(org.eclipse.kura.KuraException) FirewallPortForwardConfigIP4(org.eclipse.kura.net.firewall.FirewallPortForwardConfigIP4) FirewallOpenPortConfigIP4(org.eclipse.kura.net.firewall.FirewallOpenPortConfigIP4) LocalRule(org.eclipse.kura.linux.net.iptables.LocalRule)

Aggregations

NATRule (org.eclipse.kura.linux.net.iptables.NATRule)5 LinuxFirewall (org.eclipse.kura.linux.net.iptables.LinuxFirewall)4 FirewallAutoNatConfig (org.eclipse.kura.net.firewall.FirewallAutoNatConfig)4 NetConfig (org.eclipse.kura.net.NetConfig)3 NetInterfaceAddressConfig (org.eclipse.kura.net.NetInterfaceAddressConfig)3 FirewallNatConfig (org.eclipse.kura.net.firewall.FirewallNatConfig)3 UnknownHostException (java.net.UnknownHostException)2 ArrayList (java.util.ArrayList)2 LinkedHashSet (java.util.LinkedHashSet)1 KuraException (org.eclipse.kura.KuraException)1 ComponentConfiguration (org.eclipse.kura.configuration.ComponentConfiguration)1 SelfConfiguringComponent (org.eclipse.kura.configuration.SelfConfiguringComponent)1 FirewallConfiguration (org.eclipse.kura.core.net.FirewallConfiguration)1 NetInterfaceAddressConfigImpl (org.eclipse.kura.core.net.NetInterfaceAddressConfigImpl)1 NetworkConfiguration (org.eclipse.kura.core.net.NetworkConfiguration)1 WifiInterfaceAddressConfigImpl (org.eclipse.kura.core.net.WifiInterfaceAddressConfigImpl)1 LocalRule (org.eclipse.kura.linux.net.iptables.LocalRule)1 PortForwardRule (org.eclipse.kura.linux.net.iptables.PortForwardRule)1 IP4Address (org.eclipse.kura.net.IP4Address)1 NetConfigIP4 (org.eclipse.kura.net.NetConfigIP4)1