Search in sources :

Example 1 with Protocol

use of org.platformlayer.ops.firewall.Protocol in project platformlayer by platformlayer.

the class IptablesSimpleRuleBase method handler.

@Handler
public void handler(OpsTarget target) throws OpsException {
    // We're trying not parsing everything (as IpTablesManager does!)
    List<Protocol> protocols = Lists.newArrayList();
    if (protocol == null) {
        protocols = Arrays.asList(Protocol.Tcp, Protocol.Udp);
    } else {
        protocols = Collections.singletonList(protocol);
    }
    List<Transport> transports = Lists.newArrayList();
    if (transport == null) {
        transports = Transport.all();
    } else {
        transports = Collections.singletonList(transport);
    }
    IptablesChain chain = getChain();
    for (Transport transport : transports) {
        SimpleIptablesRules rules = SimpleIptablesRules.listRules(target, transport, chain);
        for (Protocol protocol : protocols) {
            String comment = "pl-" + uuid + "-" + protocol.toString().toLowerCase();
            SimpleIptablesRules matches = rules.filterByComment(comment);
            if (matches.size() > 1) {
                log.warn("Found multiple matching rules: " + Joiner.on("\n").join(matches));
            }
            if (OpsContext.isConfigure()) {
                List<SimpleIptablesRule> correct = checkMatchingRules(matches, protocol);
                if (correct.isEmpty()) {
                    String ruleSpec = buildRuleSpec(protocol);
                    Command command = SimpleIptablesRules.buildCommand(transport, chain);
                    command.addLiteral("-A").addLiteral(ruleSpec);
                    command.addLiteral("-m").addLiteral("comment");
                    command.addLiteral("--comment").addQuoted(comment);
                    target.executeCommand(command);
                } else {
                    log.info("Found existing rule: " + Joiner.on("\n").join(matches));
                }
            }
            if (OpsContext.isDelete()) {
                if (!matches.isEmpty()) {
                    for (SimpleIptablesRule rule : matches) {
                        log.info("Deleting rule: " + rule);
                        String deleteRuleSpec = rule.convertToDeleteSpec();
                        Command command = SimpleIptablesRules.buildCommand(transport, chain);
                        command.addLiteral(deleteRuleSpec);
                        target.executeCommand(command);
                    }
                }
            }
        }
    }
}
Also used : Command(org.platformlayer.ops.Command) IptablesChain(org.platformlayer.ops.firewall.IptablesChain) Protocol(org.platformlayer.ops.firewall.Protocol) Transport(org.platformlayer.ops.firewall.Transport) Handler(org.platformlayer.ops.Handler)

Example 2 with Protocol

use of org.platformlayer.ops.firewall.Protocol in project platformlayer by platformlayer.

the class DirectPublicPorts method addChildren.

@Override
protected void addChildren() throws OpsException {
    final CloudInstanceMapper cloudHost;
    {
        cloudHost = injected(CloudInstanceMapper.class);
        cloudHost.createInstance = false;
        cloudHost.instance = backendItem;
        addChild(cloudHost);
    }
    final SocketAddressPoolAssignment assignPublicAddress;
    {
        assignPublicAddress = cloudHost.addChild(SocketAddressPoolAssignment.class);
        assignPublicAddress.holder = backendItem.getKey();
        if (Objects.equal(transport, Transport.Ipv6)) {
            assignPublicAddress.poolProvider = new OpsProvider<ResourcePool<InetSocketAddress>>() {

                @Override
                public ResourcePool<InetSocketAddress> get() throws OpsException {
                    final ResourcePool<AddressModel> pool = directCloudHelpers.getAddressPool6().get();
                    return new AssignPortToAddressPool(pool, publicPort);
                }
            };
        } else {
            List<Integer> publicPortCluster = this.publicPortCluster;
            if (publicPortCluster == null) {
                publicPortCluster = Lists.newArrayList();
                publicPortCluster.add(publicPort);
            }
            if (!publicPortCluster.contains(publicPort)) {
                throw new OpsException("Port set specified, but public port not in the set");
            }
            assignPublicAddress.poolProvider = directCloudHelpers.getPublicAddressPool4(publicPort, publicPortCluster);
        }
    }
    if (Objects.equal(transport, Transport.Ipv6)) {
        // TODO: Do we need separate frontend / backend ports really?
        if (this.publicPort != this.backendPort) {
            throw new UnsupportedOperationException();
        }
    } else {
        for (Protocol protocol : Protocol.TcpAndUdp()) {
            IptablesForwardPort forward = injected(IptablesForwardPort.class);
            forward.publicAddress = assignPublicAddress;
            forward.ruleKey = protocol.name() + "-" + uuid;
            forward.protocol = protocol;
            forward.privateAddress = new OpsProvider<String>() {

                @Override
                public String get() throws OpsException {
                    // Refresh item to pick up new tags
                    backendItem = platformLayerClient.getItem(backendItem.getKey(), DirectInstance.class);
                    PlatformLayerCloudMachine instanceMachine = (PlatformLayerCloudMachine) instanceHelpers.getMachine(backendItem);
                    DirectInstance instance = (DirectInstance) instanceMachine.getInstance();
                    List<InetAddress> addresses = Tag.NETWORK_ADDRESS.find(instance);
                    InetAddress address = InetAddressChooser.preferIpv4().choose(addresses);
                    if (address == null) {
                        throw new IllegalStateException();
                    }
                    if (InetAddressUtils.isIpv6(address)) {
                        // We can't NAT IPV4 -> IPV6 (I think)
                        throw new IllegalStateException();
                    }
                    return address.getHostAddress();
                }
            };
            forward.privatePort = backendPort;
            cloudHost.addChild(forward);
        }
    }
    {
        OpsProvider<TagChanges> tagChanges = new OpsProvider<TagChanges>() {

            @Override
            public TagChanges get() {
                TagChanges tagChanges = new TagChanges();
                InetSocketAddress socketAddress = assignPublicAddress.get();
                if (socketAddress == null) {
                    return null;
                }
                if (socketAddress.getPort() != publicPort) {
                    throw new IllegalStateException();
                }
                EndpointInfo endpoint = new EndpointInfo(socketAddress);
                tagChanges.addTags.add(endpoint.toTag());
                return tagChanges;
            }
        };
        for (ItemBase tagItem : tagItems) {
            Tagger tagger = addChild(Tagger.class);
            tagger.platformLayerKey = tagItem.getKey();
            tagger.tagChangesProvider = tagChanges;
        }
    }
}
Also used : OpsException(org.platformlayer.ops.OpsException) Tagger(org.platformlayer.ops.tagger.Tagger) SocketAddressPoolAssignment(org.platformlayer.ops.pool.SocketAddressPoolAssignment) ItemBase(org.platformlayer.core.model.ItemBase) InetSocketAddress(java.net.InetSocketAddress) PlatformLayerCloudMachine(org.platformlayer.ops.machines.PlatformLayerCloudMachine) DirectInstance(org.platformlayer.service.cloud.direct.model.DirectInstance) TagChanges(org.platformlayer.core.model.TagChanges) EndpointInfo(org.platformlayer.core.model.EndpointInfo) OpsProvider(org.platformlayer.ops.OpsProvider) AddressModel(org.platformlayer.core.model.AddressModel) List(java.util.List) Protocol(org.platformlayer.ops.firewall.Protocol) IptablesForwardPort(org.platformlayer.ops.firewall.scripts.IptablesForwardPort) InetAddress(java.net.InetAddress)

Example 3 with Protocol

use of org.platformlayer.ops.firewall.Protocol in project platformlayer by platformlayer.

the class NetworkConnectionController method addChildren.

@Override
protected void addChildren() throws OpsException {
    NetworkConnection model = ops.getInstance(NetworkConnection.class);
    Protocol protocol = null;
    if (model.protocol != null) {
        protocol = EnumUtils.valueOfCaseInsensitive(Protocol.class, model.protocol);
    }
    Transport transport = null;
    // if (model.transport != null) {
    // protocol = EnumUtils.valueOfCaseInsensitive(Transport.class, model.transport);
    // }
    List<Integer> ports = Lists.newArrayList();
    if (model.port != 0) {
        ports.add(model.port);
        if (model.protocol == null) {
            protocol = Protocol.Tcp;
        }
    } else {
        ItemBase destItem = platformLayer.getItem(model.destItem);
        HasPorts hasPorts = providers.toInterface(destItem, HasPorts.class);
        ports.addAll(hasPorts.getPorts());
        if (model.protocol == null) {
            // TODO: Support UDP?
            protocol = Protocol.Tcp;
        }
    }
    UUID uniqueId = platformLayer.getOrCreateUuid(model);
    for (int port : ports) {
        PlatformLayerFirewallEntry net = injected(PlatformLayerFirewallEntry.class);
        net.destItem = model.destItem;
        net.port = port;
        net.sourceItemKey = model.sourceItem;
        net.sourceCidr = model.sourceCidr;
        net.protocol = protocol;
        net.transport = transport;
        net.uniqueId = port + "-" + uniqueId.toString();
        addChild(net);
    }
}
Also used : HasPorts(org.platformlayer.ops.networks.HasPorts) ItemBase(org.platformlayer.core.model.ItemBase) NetworkConnection(org.platformlayer.service.network.model.NetworkConnection) Protocol(org.platformlayer.ops.firewall.Protocol) Transport(org.platformlayer.ops.firewall.Transport) UUID(java.util.UUID)

Aggregations

Protocol (org.platformlayer.ops.firewall.Protocol)3 ItemBase (org.platformlayer.core.model.ItemBase)2 Transport (org.platformlayer.ops.firewall.Transport)2 InetAddress (java.net.InetAddress)1 InetSocketAddress (java.net.InetSocketAddress)1 List (java.util.List)1 UUID (java.util.UUID)1 AddressModel (org.platformlayer.core.model.AddressModel)1 EndpointInfo (org.platformlayer.core.model.EndpointInfo)1 TagChanges (org.platformlayer.core.model.TagChanges)1 Command (org.platformlayer.ops.Command)1 Handler (org.platformlayer.ops.Handler)1 OpsException (org.platformlayer.ops.OpsException)1 OpsProvider (org.platformlayer.ops.OpsProvider)1 IptablesChain (org.platformlayer.ops.firewall.IptablesChain)1 IptablesForwardPort (org.platformlayer.ops.firewall.scripts.IptablesForwardPort)1 PlatformLayerCloudMachine (org.platformlayer.ops.machines.PlatformLayerCloudMachine)1 HasPorts (org.platformlayer.ops.networks.HasPorts)1 SocketAddressPoolAssignment (org.platformlayer.ops.pool.SocketAddressPoolAssignment)1 Tagger (org.platformlayer.ops.tagger.Tagger)1