From 11c7fad535162bb2cbc6fa8c12ef7f8a91ea33e5 Mon Sep 17 00:00:00 2001 From: Jayapal Date: Fri, 13 Dec 2013 13:58:59 +0530 Subject: [PATCH] CLOUDSTACK-5417 Updating egress firewall rules CiDR on external network restart --- .../network/dao/FirewallRulesCidrsDao.java | 5 ++- .../dao/FirewallRulesCidrsDaoImpl.java | 12 ++++++- .../network/dao/FirewallRulesCidrsVO.java | 7 +++- .../guru/ExternalGuestNetworkGuru.java | 35 ++++++++++++++++--- 4 files changed, 52 insertions(+), 7 deletions(-) diff --git a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java index d020ea72eac..99255c6ba0b 100644 --- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java +++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java @@ -18,6 +18,7 @@ package com.cloud.network.dao; import java.util.List; +import com.cloud.utils.db.DB; import com.cloud.utils.db.GenericDao; public interface FirewallRulesCidrsDao extends GenericDao { @@ -25,5 +26,7 @@ public interface FirewallRulesCidrsDao extends GenericDao sourceCidrs); List getSourceCidrs(long firewallRuleId); - + + @DB + List listByFirewallRuleId(long firewallRuleId); } diff --git a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java index 26f399d1246..52d52790f07 100644 --- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java +++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java @@ -39,6 +39,7 @@ public class FirewallRulesCidrsDaoImpl extends GenericDaoBase listByFirewallRuleId(long firewallRuleId) { + SearchCriteria sc = CidrsSearch.create(); + sc.setParameters("firewallRuleId", firewallRuleId); + + List results = search(sc, null); + + return results; + } @Override @DB public void persist(long firewallRuleId, List sourceCidrs) { TransactionLegacy txn = TransactionLegacy.currentTxn(); diff --git a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java index 75b8919d645..fc595a7bd2b 100644 --- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java +++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java @@ -61,5 +61,10 @@ public class FirewallRulesCidrsVO implements InternalIdentity { public String getSourceCidrList() { return sourceCidrList; } - + + public void setSourceCidrList(String sourceCidrList) { + this.sourceCidrList = sourceCidrList; + } + + } diff --git a/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java b/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java index 7a7da68e58d..e1535d504ba 100644 --- a/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java +++ b/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java @@ -16,11 +16,15 @@ // under the License. package com.cloud.network.guru; +import java.util.ArrayList; import java.util.List; import javax.ejb.Local; import javax.inject.Inject; +import com.cloud.network.dao.*; +import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.FirewallRuleVO; import org.apache.log4j.Logger; import org.apache.cloudstack.context.CallContext; @@ -44,10 +48,6 @@ import com.cloud.network.Network.State; import com.cloud.network.Networks.BroadcastDomainType; import com.cloud.network.PhysicalNetwork; import com.cloud.network.PhysicalNetwork.IsolationMethod; -import com.cloud.network.dao.IPAddressDao; -import com.cloud.network.dao.IPAddressVO; -import com.cloud.network.dao.NetworkDao; -import com.cloud.network.dao.NetworkVO; import com.cloud.network.rules.PortForwardingRuleVO; import com.cloud.network.rules.dao.PortForwardingRulesDao; import com.cloud.offering.NetworkOffering; @@ -77,6 +77,10 @@ public class ExternalGuestNetworkGuru extends GuestNetworkGuru { IPAddressDao _ipAddressDao; @Inject IpAddressManager _ipAddrMgr; + @Inject + FirewallRulesDao _fwRulesDao; + @Inject + FirewallRulesCidrsDao _fwRulesCidrDao; public ExternalGuestNetworkGuru() { super(); @@ -214,6 +218,29 @@ public class ExternalGuestNetworkGuru extends GuestNetworkGuru { } } + //Egress rules cidr is subset of guest nework cidr, we need to change + List fwEgressRules = _fwRulesDao.listByNetworkPurposeTrafficType(config.getId(), FirewallRule.Purpose.Firewall, FirewallRule.TrafficType.Egress); + + for (FirewallRuleVO rule: fwEgressRules) { + //get the cidr list for this rule + List fwRuleCidrsVo = _fwRulesCidrDao.listByFirewallRuleId(rule.getId()); + + for (FirewallRulesCidrsVO ruleCidrvo: fwRuleCidrsVo) { + String cidr = ruleCidrvo.getCidr(); + String cidrAddr = cidr.split("/")[0]; + String size = cidr.split("/")[1]; + + long ipMask = getIpMask(cidrAddr, cidrSize); + String newIp = NetUtils.long2Ip(newCidrAddress | ipMask); + String updatedCidr = newIp+"/"+size; + + ruleCidrvo.setSourceCidrList(updatedCidr); + _fwRulesCidrDao.update(ruleCidrvo.getId(), ruleCidrvo); + } + + } + + return implemented; }