CLOUDSTACK-5417 Updating egress firewall rules CiDR on external network restart

2013-12-13 13:58:59 +05:30 · 2013-12-13 13:58:59 +05:30 · 11c7fad535
parent 24392c15f5
commit 11c7fad535
4 changed files with 52 additions and 7 deletions
--- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java
+++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java
@ -18,6 +18,7 @@ package com.cloud.network.dao;

 import java.util.List;

+import com.cloud.utils.db.DB;
 import com.cloud.utils.db.GenericDao;

 public interface FirewallRulesCidrsDao extends GenericDao<FirewallRulesCidrsVO, Long> {
@ -25,5 +26,7 @@ public interface FirewallRulesCidrsDao extends GenericDao<FirewallRulesCidrsVO,
    void persist(long firewallRuleId, List<String> sourceCidrs);
    
    List<String> getSourceCidrs(long firewallRuleId);
-    
+
+    @DB
+    List<FirewallRulesCidrsVO> listByFirewallRuleId(long firewallRuleId);
 }
--- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java
+++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java
@ -39,6 +39,7 @@ public class FirewallRulesCidrsDaoImpl extends GenericDaoBase<FirewallRulesCidrs
    protected FirewallRulesCidrsDaoImpl() {
        CidrsSearch = createSearchBuilder();
        CidrsSearch.and("firewallRuleId", CidrsSearch.entity().getFirewallRuleId(), SearchCriteria.Op.EQ);
+        CidrsSearch.and("firewallRuleId", CidrsSearch.entity().getId(), SearchCriteria.Op.EQ);
        CidrsSearch.done();        
    }

@ -55,7 +56,16 @@ public class FirewallRulesCidrsDaoImpl extends GenericDaoBase<FirewallRulesCidrs

        return cidrs;
    }
-    
+
+    @Override @DB
+    public List<FirewallRulesCidrsVO> listByFirewallRuleId(long firewallRuleId) {
+        SearchCriteria<FirewallRulesCidrsVO> sc = CidrsSearch.create();
+        sc.setParameters("firewallRuleId", firewallRuleId);
+
+        List<FirewallRulesCidrsVO> results = search(sc, null);
+
+        return results;
+    }
    @Override @DB
    public void persist(long firewallRuleId, List<String> sourceCidrs) {
        TransactionLegacy txn = TransactionLegacy.currentTxn();
--- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java
+++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java
@ -61,5 +61,10 @@ public class FirewallRulesCidrsVO implements InternalIdentity {
    public String getSourceCidrList() {
        return sourceCidrList;
    }
-    
+
+    public void setSourceCidrList(String sourceCidrList) {
+        this.sourceCidrList = sourceCidrList;
+    }
+
+
 }
--- a/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java
+++ b/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java
@ -16,11 +16,15 @@
 // under the License.
 package com.cloud.network.guru;

+import java.util.ArrayList;
 import java.util.List;

 import javax.ejb.Local;
 import javax.inject.Inject;

+import com.cloud.network.dao.*;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.FirewallRuleVO;
 import org.apache.log4j.Logger;

 import org.apache.cloudstack.context.CallContext;
@ -44,10 +48,6 @@ import com.cloud.network.Network.State;
 import com.cloud.network.Networks.BroadcastDomainType;
 import com.cloud.network.PhysicalNetwork;
 import com.cloud.network.PhysicalNetwork.IsolationMethod;
-import com.cloud.network.dao.IPAddressDao;
-import com.cloud.network.dao.IPAddressVO;
-import com.cloud.network.dao.NetworkDao;
-import com.cloud.network.dao.NetworkVO;
 import com.cloud.network.rules.PortForwardingRuleVO;
 import com.cloud.network.rules.dao.PortForwardingRulesDao;
 import com.cloud.offering.NetworkOffering;
@ -77,6 +77,10 @@ public class ExternalGuestNetworkGuru extends GuestNetworkGuru {
    IPAddressDao _ipAddressDao;
    @Inject
    IpAddressManager _ipAddrMgr;
+    @Inject
+    FirewallRulesDao _fwRulesDao;
+    @Inject
+    FirewallRulesCidrsDao _fwRulesCidrDao;

    public ExternalGuestNetworkGuru() {
        super();
@ -214,6 +218,29 @@ public class ExternalGuestNetworkGuru extends GuestNetworkGuru {
            }
        }

+        //Egress rules cidr is subset of guest nework cidr, we need to change
+        List <FirewallRuleVO> fwEgressRules = _fwRulesDao.listByNetworkPurposeTrafficType(config.getId(), FirewallRule.Purpose.Firewall, FirewallRule.TrafficType.Egress);
+
+        for (FirewallRuleVO rule: fwEgressRules) {
+            //get the cidr list for this rule
+            List<FirewallRulesCidrsVO>  fwRuleCidrsVo = _fwRulesCidrDao.listByFirewallRuleId(rule.getId());
+
+            for (FirewallRulesCidrsVO ruleCidrvo: fwRuleCidrsVo) {
+                String cidr = ruleCidrvo.getCidr();
+                String cidrAddr =  cidr.split("/")[0];
+                String size = cidr.split("/")[1];
+
+                long ipMask = getIpMask(cidrAddr, cidrSize);
+                String newIp = NetUtils.long2Ip(newCidrAddress | ipMask);
+                String updatedCidr = newIp+"/"+size;
+
+                ruleCidrvo.setSourceCidrList(updatedCidr);
+                _fwRulesCidrDao.update(ruleCidrvo.getId(), ruleCidrvo);
+            }
+
+        }
+
+
        return implemented;
    }