diff --git a/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java b/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java index 7623b3f0fb4..f6ab7780f86 100644 --- a/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java +++ b/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java @@ -80,8 +80,10 @@ import com.cloud.network.dao.PhysicalNetworkServiceProviderVO; import com.cloud.network.dao.PhysicalNetworkVO; import com.cloud.network.dao.VpnUserDao; import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.FirewallRuleVO; import com.cloud.network.rules.PortForwardingRule; import com.cloud.network.rules.StaticNat; +import com.cloud.network.rules.FirewallRule.Purpose; import com.cloud.network.rules.dao.PortForwardingRulesDao; import com.cloud.offering.NetworkOffering; import com.cloud.offerings.dao.NetworkOfferingDao; @@ -536,6 +538,9 @@ public abstract class ExternalFirewallDeviceManagerImpl extends AdapterBase impl List rulesTO = new ArrayList(); for (FirewallRule rule : rules) { + if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) { + _fwRulesDao.loadSourceCidrs((FirewallRuleVO)rule); + } IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId()); FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr()); rulesTO.add(ruleTO); diff --git a/server/src/com/cloud/network/dao/FirewallRulesDao.java b/server/src/com/cloud/network/dao/FirewallRulesDao.java index cc184c84fce..c461fd6508e 100644 --- a/server/src/com/cloud/network/dao/FirewallRulesDao.java +++ b/server/src/com/cloud/network/dao/FirewallRulesDao.java @@ -18,6 +18,7 @@ package com.cloud.network.dao; import java.util.List; +import com.cloud.host.HostVO; import com.cloud.network.rules.FirewallRule; import com.cloud.network.rules.FirewallRuleVO; import com.cloud.utils.db.GenericDao; @@ -58,4 +59,6 @@ public interface FirewallRulesDao extends GenericDao { List listByNetworkPurposeTrafficTypeAndNotRevoked(long networkId, FirewallRule.Purpose purpose, FirewallRule.TrafficType trafficType); List listByIpAndPurposeWithState(Long addressId, FirewallRule.Purpose purpose, FirewallRule.State state); + + void loadSourceCidrs(FirewallRuleVO rule); } diff --git a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java index e671f6f73de..b9391f80d03 100644 --- a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java +++ b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java @@ -209,6 +209,7 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i FirewallRuleVO dbfirewallRule = super.persist(firewallRule); saveSourceCidrs(firewallRule, firewallRule.getSourceCidrList()); + loadSourceCidrs(dbfirewallRule); txn.commit(); return dbfirewallRule; @@ -326,4 +327,10 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i return listBy(sc); } + + @Override + public void loadSourceCidrs(FirewallRuleVO rule) { + List sourceCidrs = _firewallRulesCidrsDao.getSourceCidrs(rule.getId()); + rule.setSourceCidrList(sourceCidrs); + } } diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index d9123501060..5b32c2fc89c 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -164,6 +164,10 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ne @Override public FirewallRule createFirewallRule(FirewallRule rule) throws NetworkRuleConflictException { Account caller = UserContext.current().getCaller(); + + if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) { + _firewallDao.loadSourceCidrs((FirewallRuleVO)rule); + } return createFirewallRule(rule.getSourceIpAddressId(), caller, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(), rule.getIcmpCode(), @@ -318,6 +322,9 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ne boolean duplicatedCidrs = false; if (bothRulesFirewall) { // Verify that the rules have different cidrs + _firewallDao.loadSourceCidrs(rule); + _firewallDao.loadSourceCidrs((FirewallRuleVO)newRule); + List ruleCidrList = rule.getSourceCidrList(); List newRuleCidrList = newRule.getSourceCidrList(); @@ -789,6 +796,9 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ne List systemRules = _firewallDao.listSystemRules(); for (FirewallRuleVO rule : systemRules) { try { + if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) { + _firewallDao.loadSourceCidrs(rule); + } this.createFirewallRule(ip.getId(), acct, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(), rule.getIcmpCode(), rule.getIcmpType(), rule.getRelated(), FirewallRuleType.System, rule.getNetworkId()); } catch (Exception e) { diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index e40dca36dcf..d15d25f659e 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -172,6 +172,7 @@ import com.cloud.network.router.VirtualRouter.RedundantState; import com.cloud.network.router.VirtualRouter.Role; import com.cloud.network.rules.FirewallRule; import com.cloud.network.rules.FirewallRule.Purpose; +import com.cloud.network.rules.FirewallRuleVO; import com.cloud.network.rules.PortForwardingRule; import com.cloud.network.rules.RulesManager; import com.cloud.network.rules.StaticNat; @@ -3253,7 +3254,10 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian if (rules != null) { rulesTO = new ArrayList(); for (FirewallRule rule : rules) { - IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId()); + IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId()); + if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) { + _rulesDao.loadSourceCidrs((FirewallRuleVO)rule); + } FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr()); rulesTO.add(ruleTO); } diff --git a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java index 01a46b59d97..8e192b00232 100644 --- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java @@ -91,6 +91,8 @@ import com.cloud.network.dao.Site2SiteVpnConnectionDao; import com.cloud.network.dao.Site2SiteVpnGatewayDao; import com.cloud.network.dao.Site2SiteVpnGatewayVO; import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.FirewallRule.Purpose; +import com.cloud.network.rules.FirewallRuleVO; import com.cloud.network.vpc.NetworkACLManager; import com.cloud.network.vpc.PrivateGateway; import com.cloud.network.vpc.PrivateIpAddress; @@ -733,6 +735,9 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian rulesTO = new ArrayList(); for (FirewallRule rule : rules) { + if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) { + _firewallDao.loadSourceCidrs((FirewallRuleVO)rule); + } NetworkACLTO ruleTO = new NetworkACLTO(rule, guestVlan, rule.getTrafficType()); rulesTO.add(ruleTO); } diff --git a/server/src/com/cloud/network/rules/FirewallRuleVO.java b/server/src/com/cloud/network/rules/FirewallRuleVO.java index 8ef5067de33..83057e071a0 100644 --- a/server/src/com/cloud/network/rules/FirewallRuleVO.java +++ b/server/src/com/cloud/network/rules/FirewallRuleVO.java @@ -44,7 +44,6 @@ import com.cloud.utils.net.NetUtils; @Inheritance(strategy=InheritanceType.JOINED) @DiscriminatorColumn(name="purpose", discriminatorType=DiscriminatorType.STRING, length=32) public class FirewallRuleVO implements FirewallRule { - @Inject protected FirewallRulesCidrsDao _firewallRulesCidrsDao; @Id @GeneratedValue(strategy=GenerationType.IDENTITY) @@ -121,9 +120,6 @@ public class FirewallRuleVO implements FirewallRule { @Override public List getSourceCidrList() { - if (sourceCidrs == null && (purpose == Purpose.Firewall || purpose == Purpose.NetworkACL)) { - return _firewallRulesCidrsDao.getSourceCidrs(id); - } return sourceCidrs; } diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java index f69b76d99ef..431f1b9b36d 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java @@ -117,6 +117,9 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{ @Override public FirewallRule createNetworkACL(FirewallRule acl) throws NetworkRuleConflictException { + if (acl.getSourceCidrList() == null && (acl.getPurpose() == Purpose.Firewall || acl.getPurpose() == Purpose.NetworkACL)) { + _firewallDao.loadSourceCidrs((FirewallRuleVO)acl); + } return createNetworkACL(UserContext.current().getCaller(), acl.getXid(), acl.getSourcePortStart(), acl.getSourcePortEnd(), acl.getProtocol(), acl.getSourceCidrList(), acl.getIcmpCode(), acl.getIcmpType(), null, acl.getType(), acl.getNetworkId(), acl.getTrafficType()); @@ -249,6 +252,7 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{ // if one cidr overlaps another, do port veirficatino boolean duplicatedCidrs = false; // Verify that the rules have different cidrs + _firewallDao.loadSourceCidrs(rule); List ruleCidrList = rule.getSourceCidrList(); List newRuleCidrList = newRule.getSourceCidrList();