use of org.platformlayer.ops.firewall.Protocol in project platformlayer by platformlayer.
the class IptablesSimpleRuleBase method handler.
@Handler
public void handler(OpsTarget target) throws OpsException {
// We're trying not parsing everything (as IpTablesManager does!)
List<Protocol> protocols = Lists.newArrayList();
if (protocol == null) {
protocols = Arrays.asList(Protocol.Tcp, Protocol.Udp);
} else {
protocols = Collections.singletonList(protocol);
}
List<Transport> transports = Lists.newArrayList();
if (transport == null) {
transports = Transport.all();
} else {
transports = Collections.singletonList(transport);
}
IptablesChain chain = getChain();
for (Transport transport : transports) {
SimpleIptablesRules rules = SimpleIptablesRules.listRules(target, transport, chain);
for (Protocol protocol : protocols) {
String comment = "pl-" + uuid + "-" + protocol.toString().toLowerCase();
SimpleIptablesRules matches = rules.filterByComment(comment);
if (matches.size() > 1) {
log.warn("Found multiple matching rules: " + Joiner.on("\n").join(matches));
}
if (OpsContext.isConfigure()) {
List<SimpleIptablesRule> correct = checkMatchingRules(matches, protocol);
if (correct.isEmpty()) {
String ruleSpec = buildRuleSpec(protocol);
Command command = SimpleIptablesRules.buildCommand(transport, chain);
command.addLiteral("-A").addLiteral(ruleSpec);
command.addLiteral("-m").addLiteral("comment");
command.addLiteral("--comment").addQuoted(comment);
target.executeCommand(command);
} else {
log.info("Found existing rule: " + Joiner.on("\n").join(matches));
}
}
if (OpsContext.isDelete()) {
if (!matches.isEmpty()) {
for (SimpleIptablesRule rule : matches) {
log.info("Deleting rule: " + rule);
String deleteRuleSpec = rule.convertToDeleteSpec();
Command command = SimpleIptablesRules.buildCommand(transport, chain);
command.addLiteral(deleteRuleSpec);
target.executeCommand(command);
}
}
}
}
}
}
use of org.platformlayer.ops.firewall.Protocol in project platformlayer by platformlayer.
the class DirectPublicPorts method addChildren.
@Override
protected void addChildren() throws OpsException {
final CloudInstanceMapper cloudHost;
{
cloudHost = injected(CloudInstanceMapper.class);
cloudHost.createInstance = false;
cloudHost.instance = backendItem;
addChild(cloudHost);
}
final SocketAddressPoolAssignment assignPublicAddress;
{
assignPublicAddress = cloudHost.addChild(SocketAddressPoolAssignment.class);
assignPublicAddress.holder = backendItem.getKey();
if (Objects.equal(transport, Transport.Ipv6)) {
assignPublicAddress.poolProvider = new OpsProvider<ResourcePool<InetSocketAddress>>() {
@Override
public ResourcePool<InetSocketAddress> get() throws OpsException {
final ResourcePool<AddressModel> pool = directCloudHelpers.getAddressPool6().get();
return new AssignPortToAddressPool(pool, publicPort);
}
};
} else {
List<Integer> publicPortCluster = this.publicPortCluster;
if (publicPortCluster == null) {
publicPortCluster = Lists.newArrayList();
publicPortCluster.add(publicPort);
}
if (!publicPortCluster.contains(publicPort)) {
throw new OpsException("Port set specified, but public port not in the set");
}
assignPublicAddress.poolProvider = directCloudHelpers.getPublicAddressPool4(publicPort, publicPortCluster);
}
}
if (Objects.equal(transport, Transport.Ipv6)) {
// TODO: Do we need separate frontend / backend ports really?
if (this.publicPort != this.backendPort) {
throw new UnsupportedOperationException();
}
} else {
for (Protocol protocol : Protocol.TcpAndUdp()) {
IptablesForwardPort forward = injected(IptablesForwardPort.class);
forward.publicAddress = assignPublicAddress;
forward.ruleKey = protocol.name() + "-" + uuid;
forward.protocol = protocol;
forward.privateAddress = new OpsProvider<String>() {
@Override
public String get() throws OpsException {
// Refresh item to pick up new tags
backendItem = platformLayerClient.getItem(backendItem.getKey(), DirectInstance.class);
PlatformLayerCloudMachine instanceMachine = (PlatformLayerCloudMachine) instanceHelpers.getMachine(backendItem);
DirectInstance instance = (DirectInstance) instanceMachine.getInstance();
List<InetAddress> addresses = Tag.NETWORK_ADDRESS.find(instance);
InetAddress address = InetAddressChooser.preferIpv4().choose(addresses);
if (address == null) {
throw new IllegalStateException();
}
if (InetAddressUtils.isIpv6(address)) {
// We can't NAT IPV4 -> IPV6 (I think)
throw new IllegalStateException();
}
return address.getHostAddress();
}
};
forward.privatePort = backendPort;
cloudHost.addChild(forward);
}
}
{
OpsProvider<TagChanges> tagChanges = new OpsProvider<TagChanges>() {
@Override
public TagChanges get() {
TagChanges tagChanges = new TagChanges();
InetSocketAddress socketAddress = assignPublicAddress.get();
if (socketAddress == null) {
return null;
}
if (socketAddress.getPort() != publicPort) {
throw new IllegalStateException();
}
EndpointInfo endpoint = new EndpointInfo(socketAddress);
tagChanges.addTags.add(endpoint.toTag());
return tagChanges;
}
};
for (ItemBase tagItem : tagItems) {
Tagger tagger = addChild(Tagger.class);
tagger.platformLayerKey = tagItem.getKey();
tagger.tagChangesProvider = tagChanges;
}
}
}
use of org.platformlayer.ops.firewall.Protocol in project platformlayer by platformlayer.
the class NetworkConnectionController method addChildren.
@Override
protected void addChildren() throws OpsException {
NetworkConnection model = ops.getInstance(NetworkConnection.class);
Protocol protocol = null;
if (model.protocol != null) {
protocol = EnumUtils.valueOfCaseInsensitive(Protocol.class, model.protocol);
}
Transport transport = null;
// if (model.transport != null) {
// protocol = EnumUtils.valueOfCaseInsensitive(Transport.class, model.transport);
// }
List<Integer> ports = Lists.newArrayList();
if (model.port != 0) {
ports.add(model.port);
if (model.protocol == null) {
protocol = Protocol.Tcp;
}
} else {
ItemBase destItem = platformLayer.getItem(model.destItem);
HasPorts hasPorts = providers.toInterface(destItem, HasPorts.class);
ports.addAll(hasPorts.getPorts());
if (model.protocol == null) {
// TODO: Support UDP?
protocol = Protocol.Tcp;
}
}
UUID uniqueId = platformLayer.getOrCreateUuid(model);
for (int port : ports) {
PlatformLayerFirewallEntry net = injected(PlatformLayerFirewallEntry.class);
net.destItem = model.destItem;
net.port = port;
net.sourceItemKey = model.sourceItem;
net.sourceCidr = model.sourceCidr;
net.protocol = protocol;
net.transport = transport;
net.uniqueId = port + "-" + uniqueId.toString();
addChild(net);
}
}
Aggregations