etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch '3.0.x' of ssh://git.cloud.com/var/lib/git/cloudstack-oss into 3.0.x 

Conflicts:
	core/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
This commit is contained in:
Vijayendra Bhamidipati 2012-08-02 22:53:51 -04:00
parent ea038ab847 d8ab3e1c36
commit 46fba35c99
29 changed files with 367 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
api/src/com/cloud/agent/api/routing/SetStaticRouteCommand.java
View File

@ -37,25 +37,22 @@ public class SetStaticRouteCommand extends NetworkElementCommand{
return staticRoutes;
}
public boolean isEmpty() {
if(staticRoutes == null || staticRoutes.length == 0 ) {
return true;
}
return false;
}
public String[][] generateSRouteRules() {
String [][] result = new String [2][];
Set<String> toAdd = new HashSet<String>();
for (StaticRouteProfile route: staticRoutes) {
/* example : ip:gateway:cidr,
*/
if( route.getState() == StaticRoute.State.Active || route.getState() == StaticRoute.State.Add ) {
String cidr = route.getCidr();
String subnet = NetUtils.getCidrSubNet(cidr);
String cidrSize = cidr.split("\\/")[1];
String entry = route.getIp4Address()+ ":" + route.getGateway() + ":" + subnet + "/" + cidrSize;
toAdd.add(entry);
String cidr = route.getCidr();
String subnet = NetUtils.getCidrSubNet(cidr);
String cidrSize = cidr.split("\\/")[1];
String entry;
if (route.getState() == StaticRoute.State.Active || route.getState() == StaticRoute.State.Add) {
entry = route.getIp4Address() + ":" + route.getGateway() + ":" + subnet + "/" + cidrSize;
} else {
entry = "Revoke:" + route.getGateway() + ":" + subnet + "/" + cidrSize;
}
toAdd.add(entry);
}
result[0] = toAdd.toArray(new String[toAdd.size()]);
return result;

36
api/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java
View File

@ -11,7 +11,9 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
private String ipsecPsk;
private String ikePolicy;
private String espPolicy;
private long lifetime;
private long ikeLifetime;
private long espLifetime;
private boolean dpd;
@Override
public boolean executeInSequence() {
@ -22,8 +24,8 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
this.create = false;
}
public Site2SiteVpnCfgCommand (boolean create, String localPublicIp, String localPublicGateway, String localGuestCidr,
String peerGatewayIp, String peerGuestCidrList, String ikePolicy, String espPolicy, long lifetime, String ipsecPsk) {
public Site2SiteVpnCfgCommand (boolean create, String localPublicIp, String localPublicGateway, String localGuestCidr, String peerGatewayIp,
String peerGuestCidrList, String ikePolicy, String espPolicy, String ipsecPsk, Long ikeLifetime, Long espLifetime, Boolean dpd) {
this.create = create;
this.setLocalPublicIp(localPublicIp);
this.setLocalPublicGateway(localPublicGateway);
@ -33,7 +35,9 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
this.ipsecPsk = ipsecPsk;
this.ikePolicy = ikePolicy;
this.espPolicy = espPolicy;
this.lifetime = lifetime;
this.ikeLifetime = ikeLifetime;
this.espLifetime = espLifetime;
this.dpd = dpd;
}
public boolean isCreate() {
@ -68,12 +72,28 @@ public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
this.espPolicy = espPolicy;
}
public long getLifetime() {
return lifetime;
public long getIkeLifetime() {
return ikeLifetime;
}
public void setLifetime(long lifetime) {
this.lifetime = lifetime;
public void setikeLifetime(long ikeLifetime) {
this.ikeLifetime = ikeLifetime;
}
public long getEspLifetime() {
return espLifetime;
}
public void setEspLifetime(long espLifetime) {
this.espLifetime = espLifetime;
}
public Boolean getDpd() {
return dpd;
}
public void setDpd(Boolean dpd) {
this.dpd = dpd;
}
public String getLocalPublicIp() {

4
api/src/com/cloud/api/ApiConstants.java
View File

@ -371,7 +371,9 @@ public class ApiConstants {
public static final String REMOVED = "removed";
public static final String IKE_POLICY = "ikepolicy";
public static final String ESP_POLICY = "esppolicy";
public static final String LIFETIME = "lifetime";
public static final String IKE_LIFETIME = "ikelifetime";
public static final String ESP_LIFETIME = "esplifetime";
public static final String DPD = "dpd";
public static final String FOR_VPC = "forvpc";
public static final String SOURCE = "source";
public static final String COUNTER_ID = "counterid";

2
api/src/com/cloud/api/commands/CreatePrivateGatewayCmd.java
View File

@ -129,7 +129,7 @@ public class CreatePrivateGatewayCmd extends BaseAsyncCreateCmd {
@Override
public void execute() throws InsufficientCapacityException, ConcurrentOperationException,
ResourceAllocationException, ResourceUnavailableException {
PrivateGateway result = _vpcService.applyVpcPrivateGateway(getEntityId());
PrivateGateway result = _vpcService.applyVpcPrivateGateway(getEntityId(), true);
if (result != null) {
PrivateGatewayResponse response = _responseGenerator.createPrivateGatewayResponse(result);
response.setResponseName(getCommandName());

35
api/src/com/cloud/api/commands/CreateVpnConnectionCmd.java
View File

@ -29,6 +29,8 @@ import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.IpAddress;
import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
import com.cloud.user.UserContext;
@ -49,14 +51,6 @@ public class CreateVpnConnectionCmd extends BaseAsyncCreateCmd {
@Parameter(name=ApiConstants.S2S_CUSTOMER_GATEWAY_ID, type=CommandType.LONG, required=true, description="id of the customer gateway")
private Long customerGatewayId;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the connection. Must be used with the domainId parameter.")
private String accountName;
@IdentityMapper(entityTableName="domain")
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID associated with the connection. " +
"If used with the account parameter returns the connection associated with the account for the specified domain.")
private Long domainId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
@ -74,14 +68,6 @@ public class CreateVpnConnectionCmd extends BaseAsyncCreateCmd {
return customerGatewayId;
}
public String getAccountName() {
return accountName;
}
public Long getDomainId() {
return domainId;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@ -94,11 +80,8 @@ public class CreateVpnConnectionCmd extends BaseAsyncCreateCmd {
@Override
public long getEntityOwnerId() {
Long accountId = finalyzeAccountId(accountName, domainId, null, true);
if (accountId == null) {
accountId = UserContext.current().getCaller().getId();
}
return accountId;
Vpc vpc = _vpcService.getVpc(getVpnGateway().getVpcId());
return vpc.getAccountId();
}
@Override
@ -152,14 +135,10 @@ public class CreateVpnConnectionCmd extends BaseAsyncCreateCmd {
@Override
public Long getSyncObjId() {
return getIp().getVpcId();
return getVpnGateway().getVpcId();
}
private IpAddress getIp() {
IpAddress ip = _s2sVpnService.getVpnGatewayIp(vpnGatewayId);
if (ip == null) {
throw new InvalidParameterValueException("Unable to find ip address by vpn gateway id " + vpnGatewayId, null);
}
return ip;
private Site2SiteVpnGateway getVpnGateway() {
return _s2sVpnService.getVpnGateway(vpnGatewayId);
}
}

22
api/src/com/cloud/api/commands/CreateVpnCustomerGatewayCmd.java
View File

@ -54,8 +54,14 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.ESP_POLICY, type=CommandType.STRING, required=true, description="ESP policy of the customer gateway")
private String espPolicy;
@Parameter(name=ApiConstants.LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of vpn connection to the customer gateway, in seconds")
private Long lifetime;
@Parameter(name=ApiConstants.IKE_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 1 VPN connection to the customer gateway, in seconds")
private Long ikeLifetime;
@Parameter(name=ApiConstants.ESP_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 2 VPN connection to the customer gateway, in seconds")
private Long espLifetime;
@Parameter(name=ApiConstants.DPD, type=CommandType.BOOLEAN, required=false, description="If DPD is enabled for VPN connection")
private Boolean dpd;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the gateway. Must be used with the domainId parameter.")
private String accountName;
@ -97,8 +103,16 @@ public class CreateVpnCustomerGatewayCmd extends BaseAsyncCmd {
return espPolicy;
}
public Long getLifetime() {
return lifetime;
public Long getIkeLifetime() {
return ikeLifetime;
}
public Long getEspLifetime() {
return espLifetime;
}
public Boolean getDpd() {
return dpd;
}
public String getAccountName() {

26
api/src/com/cloud/api/commands/CreateVpnGatewayCmd.java
View File

@ -24,13 +24,14 @@ import com.cloud.api.ServerApiException;
import com.cloud.api.response.Site2SiteVpnGatewayResponse;
import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.network.vpc.Vpc;
import com.cloud.user.Account;
import com.cloud.user.UserContext;
@Implementation(description="Creates site to site vpn local gateway", responseObject=Site2SiteVpnGatewayResponse.class)
public class CreateVpnGatewayCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(CreateVpnGatewayCmd.class.getName());
private static final String s_name = "createvpngatewayresponse";
/////////////////////////////////////////////////////
@ -40,14 +41,6 @@ public class CreateVpnGatewayCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.VPC_ID, type=CommandType.LONG, required=true, description="public ip address id of the vpn gateway")
private Long vpcId;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the connection. Must be used with the domainId parameter.")
private String accountName;
@IdentityMapper(entityTableName="domain")
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID associated with the connection. " +
"If used with the account parameter returns the connection associated with the account for the specified domain.")
private Long domainId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
@ -60,14 +53,6 @@ public class CreateVpnGatewayCmd extends BaseAsyncCmd {
return vpcId;
}
public String getAccountName() {
return accountName;
}
public Long getDomainId() {
return domainId;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@ -80,11 +65,8 @@ public class CreateVpnGatewayCmd extends BaseAsyncCmd {
@Override
public long getEntityOwnerId() {
Long accountId = finalyzeAccountId(accountName, domainId, null, true);
if (accountId == null) {
accountId = UserContext.current().getCaller().getId();
}
return accountId;
Vpc vpc = _vpcService.getVpc(vpcId);
return vpc.getAccountId();
}
@Override

29
api/src/com/cloud/api/commands/UpdateVpnCustomerGatewayCmd.java
View File

@ -40,6 +40,9 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="id of customer gateway")
private Long id;
@Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=false, description="name of this customer gateway")
private String name;
@Parameter(name=ApiConstants.GATEWAY, type=CommandType.STRING, required=true, description="public ip address id of the customer gateway")
private String gatewayIp;
@ -55,8 +58,14 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.ESP_POLICY, type=CommandType.STRING, required=true, description="ESP policy of the customer gateway")
private String espPolicy;
@Parameter(name=ApiConstants.LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of vpn connection to the customer gateway, in seconds")
private Long lifetime;
@Parameter(name=ApiConstants.IKE_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 1 VPN connection to the customer gateway, in seconds")
private Long ikeLifetime;
@Parameter(name=ApiConstants.ESP_LIFETIME, type=CommandType.LONG, required=false, description="Lifetime of phase 2 VPN connection to the customer gateway, in seconds")
private Long espLifetime;
@Parameter(name=ApiConstants.DPD, type=CommandType.BOOLEAN, required=false, description="If DPD is enabled for VPN connection")
private Boolean dpd;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the gateway. Must be used with the domainId parameter.")
private String accountName;
@ -78,6 +87,10 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
return id;
}
public String getName() {
return name;
}
public String getIpsecPsk() {
return ipsecPsk;
}
@ -98,8 +111,16 @@ public class UpdateVpnCustomerGatewayCmd extends BaseAsyncCmd {
return espPolicy;
}
public Long getLifetime() {
return lifetime;
public Long getIkeLifetime() {
return ikeLifetime;
}
public Long getEspLifetime() {
return espLifetime;
}
public Boolean getDpd() {
return dpd;
}
/////////////////////////////////////////////////////

4
api/src/com/cloud/api/response/AsyncJobResponse.java
View File

@ -136,6 +136,10 @@ public class AsyncJobResponse extends BaseResponse {
this.jobInstanceId.setTableName("autoscale_vmprofiles");
} else if (jobInstanceType.equalsIgnoreCase(AsyncJob.Type.AutoScaleVmGroup.toString())) {
this.jobInstanceId.setTableName("autoscale_vmgroups");
} else if (jobInstanceType.equalsIgnoreCase(AsyncJob.Type.StaticRoute.toString())) {
this.jobInstanceId.setTableName("static_routes");
} else if (jobInstanceType.equalsIgnoreCase(AsyncJob.Type.PrivateGateway.toString())) {
this.jobInstanceId.setTableName("vpc_gateways");
} else if (!jobInstanceType.equalsIgnoreCase(AsyncJob.Type.None.toString())){
// TODO : when we hit here, we need to add instanceType -> UUID entity table mapping
assert(false);

22
api/src/com/cloud/api/response/Site2SiteCustomerGatewayResponse.java
View File

@ -45,8 +45,14 @@ public class Site2SiteCustomerGatewayResponse extends BaseResponse implements Co
@SerializedName(ApiConstants.ESP_POLICY) @Param(description="IPsec policy of customer gateway")
private String espPolicy;
@SerializedName(ApiConstants.LIFETIME) @Param(description="Lifetime of IKE and IPsec policy of customer gateway")
private Long lifetime;
@SerializedName(ApiConstants.IKE_LIFETIME) @Param(description="Lifetime of IKE SA of customer gateway")
private Long ikeLifetime;
@SerializedName(ApiConstants.ESP_LIFETIME) @Param(description="Lifetime of ESP SA of customer gateway")
private Long espLifetime;
@SerializedName(ApiConstants.DPD) @Param(description="if DPD is enabled for customer gateway")
private Boolean dpd;
@SerializedName(ApiConstants.ACCOUNT) @Param(description="the owner")
private String accountName;
@ -98,8 +104,16 @@ public class Site2SiteCustomerGatewayResponse extends BaseResponse implements Co
this.espPolicy = espPolicy;
}
public void setLifetime(Long lifetime) {
this.lifetime = lifetime;
public void setIkeLifetime(Long ikeLifetime) {
this.ikeLifetime = ikeLifetime;
}
public void setEspLifetime(Long espLifetime) {
this.espLifetime = espLifetime;
}
public void setDpd(Boolean dpd) {
this.dpd= dpd;
}
public void setRemoved(Date removed) {

24
api/src/com/cloud/api/response/Site2SiteVpnConnectionResponse.java
View File

@ -48,8 +48,14 @@ public class Site2SiteVpnConnectionResponse extends BaseResponse implements Cont
@SerializedName(ApiConstants.ESP_POLICY) @Param(description="ESP policy of the customer gateway") //from CustomerGateway
private String espPolicy;
@SerializedName(ApiConstants.LIFETIME) @Param(description="Lifetime of vpn connection to the customer gateway, in seconds") //from CustomerGateway
private Long lifetime;
@SerializedName(ApiConstants.IKE_LIFETIME) @Param(description="Lifetime of IKE SA of customer gateway") //from CustomerGateway
private Long ikeLifetime;
@SerializedName(ApiConstants.ESP_LIFETIME) @Param(description="Lifetime of ESP SA of customer gateway") //from CustomerGateway
private Long espLifetime;
@SerializedName(ApiConstants.DPD) @Param(description="if DPD is enabled for customer gateway") //from CustomerGateway
private Boolean dpd;
@SerializedName(ApiConstants.STATE) @Param(description="State of vpn connection")
private String state;
@ -111,9 +117,17 @@ public class Site2SiteVpnConnectionResponse extends BaseResponse implements Cont
this.espPolicy = espPolicy;
}
public void setLifetime(Long lifetime) {
this.lifetime = lifetime;
}
public void setIkeLifetime(Long ikeLifetime) {
this.ikeLifetime = ikeLifetime;
}
public void setEspLifetime(Long espLifetime) {
this.espLifetime = espLifetime;
}
public void setDpd(Boolean dpd) {
this.dpd= dpd;
}
public void setState(String state) {
this.state = state;

4
api/src/com/cloud/network/Site2SiteCustomerGateway.java
View File

@ -11,7 +11,9 @@ public interface Site2SiteCustomerGateway extends ControlledEntity {
public String getIpsecPsk();
public String getIkePolicy();
public String getEspPolicy();
public Long getLifetime();
public Long getIkeLifetime();
public Long getEspLifetime();
public Boolean getDpd();
public Date getRemoved();
String getName();
}

5
api/src/com/cloud/network/vpc/VpcService.java
View File

@ -168,11 +168,12 @@ public interface VpcService {
/**
* @param gatewayId
* @param destroyOnFailure TODO
* @return
* @throws ResourceUnavailableException
* @throws ConcurrentOperationException
*/
public PrivateGateway applyVpcPrivateGateway(Long gatewayId) throws ConcurrentOperationException, ResourceUnavailableException;
public PrivateGateway applyVpcPrivateGateway(long gatewayId, boolean destroyOnFailure) throws ConcurrentOperationException, ResourceUnavailableException;
/**
* @param id
@ -180,7 +181,7 @@ public interface VpcService {
* @throws ResourceUnavailableException
* @throws ConcurrentOperationException
*/
boolean deleteVpcPrivateGateway(Long gatewayId) throws ConcurrentOperationException, ResourceUnavailableException;
boolean deleteVpcPrivateGateway(long gatewayId) throws ConcurrentOperationException, ResourceUnavailableException;
/**
* @param listPrivateGatewaysCmd

2
api/src/com/cloud/network/vpn/Site2SiteVpnService.java
View File

@ -36,7 +36,7 @@ public interface Site2SiteVpnService {
Site2SiteVpnGateway createVpnGateway(CreateVpnGatewayCmd cmd);
Site2SiteCustomerGateway createCustomerGateway(CreateVpnCustomerGatewayCmd cmd);
Site2SiteVpnConnection startVpnConnection(long id) throws ResourceUnavailableException;
IpAddress getVpnGatewayIp(Long vpnGatewayId);
Site2SiteVpnGateway getVpnGateway(Long vpnGatewayId);
Site2SiteVpnConnection createVpnConnection(CreateVpnConnectionCmd cmd) throws NetworkRuleConflictException;
boolean deleteCustomerGateway(DeleteVpnCustomerGatewayCmd deleteVpnCustomerGatewayCmd);
boolean deleteVpnGateway(DeleteVpnGatewayCmd deleteVpnGatewayCmd);

10
core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
View File

@ -592,9 +592,17 @@ public class VirtualRoutingResource implements Manager {
args += " -i ";
args += "\"" + cmd.getIkePolicy() + "\"";
args += " -t ";
args += Long.toString(cmd.getLifetime());
args += Long.toString(cmd.getIkeLifetime());
args += " -T ";
args += Long.toString(cmd.getEspLifetime());
args += " -s ";
args += "\"" + cmd.getIpsecPsk() + "\"";
args += " -d ";
if (cmd.getDpd()) {
args += "1";
} else {
args += "0";
}
} else {
args = "-D";
args += " -r ";

15
core/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
View File

@ -522,11 +522,6 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
String[] results = new String[cmd.getStaticRoutes().length];
int i = 0;
if ( cmd.isEmpty() ) {
s_logger.error("SetStaticRoute failed since incoming command is empty");
return new SetStaticRouteAnswer(cmd, false, null);
}
// Extract and build the arguments for the command to be sent to the VR.
String [][] rules = cmd.generateSRouteRules();
StringBuilder sb = new StringBuilder();
@ -1176,9 +1171,17 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
args += " -i ";
args += "\"" + cmd.getIkePolicy() + "\"";
args += " -t ";
args += Long.toString(cmd.getLifetime());
args += Long.toString(cmd.getIkeLifetime());
args += " -T ";
args += Long.toString(cmd.getEspLifetime());
args += " -s ";
args += "\"" + cmd.getIpsecPsk() + "\"";
args += " -d ";
if (cmd.getDpd()) {
args += "1";
} else {
args += "0";
}
} else {
args += " -D";
args += " -r ";

56
core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
View File

@ -7391,9 +7391,17 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
args += " -i ";
args += "\"" + cmd.getIkePolicy() + "\"";
args += " -t ";
args += Long.toString(cmd.getLifetime());
args += Long.toString(cmd.getIkeLifetime());
args += " -T ";
args += Long.toString(cmd.getEspLifetime());
args += " -s ";
args += "\"" + cmd.getIpsecPsk() + "\"";
args += " -d ";
if (cmd.getDpd()) {
args += "1";
} else {
args += "0";
}
} else {
args += " -D";
args += " -r ";
@ -7513,34 +7521,26 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
Connection conn = getConnection();
String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
try {
if ( !cmd.isEmpty() ) {
String[] results = new String[cmd.getStaticRoutes().length];
String [][] rules = cmd.generateSRouteRules();
StringBuilder sb = new StringBuilder();
String[] srRules = rules[0];
for (int i = 0; i < srRules.length; i++) {
sb.append(srRules[i]).append(',');
}
String args = "vpc_staticroute.sh " + routerIp;
args += " -a " + sb.toString();
callResult = callHostPlugin(conn, "vmops", "routerProxy", "args", args);
if (callResult == null || callResult.isEmpty()) {
//FIXME - in the future we have to process each rule separately; now we temporarily set every rule to be false if single rule fails
for (int i=0; i < results.length; i++) {
results[i] = "Failed";
}
return new SetStaticRouteAnswer(cmd, false, results);
}
return new SetStaticRouteAnswer(cmd, true, results);
} else {
String args = "vpc_staticroute.sh " + routerIp;
args += " -a none";
callResult = callHostPlugin(conn, "vmops", "routerProxy", "args", args);
if (callResult == null || callResult.isEmpty()) {
return new SetStaticRouteAnswer(cmd, false, null);
}
return new SetStaticRouteAnswer(cmd, true, null);
String[] results = new String[cmd.getStaticRoutes().length];
String[][] rules = cmd.generateSRouteRules();
StringBuilder sb = new StringBuilder();
String[] srRules = rules[0];
for (int i = 0; i < srRules.length; i++) {
sb.append(srRules[i]).append(',');
}
String args = "vpc_staticroute.sh " + routerIp;
args += " -a " + sb.toString();
callResult = callHostPlugin(conn, "vmops", "routerProxy", "args", args);
if (callResult == null || callResult.isEmpty()) {
// FIXME - in the future we have to process each rule
// separately; now we temporarily set every rule to be false if
// single rule fails
for (int i = 0; i < results.length; i++) {
results[i] = "Failed";
}
return new SetStaticRouteAnswer(cmd, false, results);
}
return new SetStaticRouteAnswer(cmd, true, results);
} catch (Exception e) {
String msg = "SetStaticRoute failed due to " + e.toString();

39
patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
View File

@ -23,7 +23,7 @@ vpnconfdir="/etc/ipsec.d"
vpnoutmark="0x525"
usage() {
printf "Usage: %s: (-A|-D) -l <left-side vpn peer> -n <left-side guest cidr> -g <left-side gateway> -r <right-side vpn peer> -N <right-side private subnets> -e <esp policy> -i <ike policy> -t <lifetime> -s <pre-shared secret> \n" $(basename $0) >&2
printf "Usage: %s: (-A|-D) -l <left-side vpn peer> -n <left-side guest cidr> -g <left-side gateway> -r <right-side vpn peer> -N <right-side private subnets> -e <esp policy> -i <ike policy> -t <ike lifetime> -T <esp lifetime> -s <pre-shared secret> -d <dpd 0 or 1> \n" $(basename $0) >&2
}
#set -x
@ -122,7 +122,7 @@ ipsec_tunnel_add() {
logger -t cloud "$(basename $0): creating configuration for ipsec tunnel: left peer=$leftpeer \
left net=$leftnet left gateway=$leftgw right peer=$rightpeer right network=$rightnets phase1 policy=$ikepolicy \
phase2 policy=$esppolicy lifetime=$time secret=$secret"
phase2 policy=$esppolicy secret=$secret"
[ "$op" == "-A" ] && ipsec_tunnel_del
@ -137,20 +137,23 @@ ipsec_tunnel_add() {
sudo echo " type=tunnel" >> $vpnconffile &&
sudo echo " authby=secret" >> $vpnconffile &&
sudo echo " keyexchange=ike" >> $vpnconffile &&
sudo echo " pfs=no" >> $vpnconffile &&
sudo echo " esp=$esppolicy" >> $vpnconffile &&
sudo echo " salifetime=${time}s" >> $vpnconffile &&
sudo echo " ike=$ikepolicy" >> $vpnconffile &&
sudo echo " ikelifetime=${time}s" >> $vpnconffile &&
sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile &&
sudo echo " esp=$esppolicy" >> $vpnconffile &&
sudo echo " salifetime=${esplifetime}s" >> $vpnconffile &&
sudo echo " pfs=$pfs" >> $vpnconffile &&
sudo echo " keyingtries=3" >> $vpnconffile &&
sudo echo " dpddelay=30" >> $vpnconffile &&
sudo echo " dpdtimeout=120" >> $vpnconffile &&
sudo echo " dpdaction=restart" >> $vpnconffile &&
sudo echo " auto=add" >> $vpnconffile &&
sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile &&
sudo chmod 0400 $vpnsecretsfile
if [ $dpd -ne 0 ]
then
sudo echo " dpddelay=30" >> $vpnconffile &&
sudo echo " dpdtimeout=120" >> $vpnconffile &&
sudo echo " dpdaction=restart" >> $vpnconffile
fi
enable_iptables_subnets
sudo ipsec auto --rereadall
@ -192,7 +195,7 @@ Iflag=
sflag=
op=""
while getopts 'ADl:n:g:r:N:e:i:t:s:' OPTION
while getopts 'ADl:n:g:r:N:e:i:t:T:s:d:' OPTION
do
case $OPTION in
A) opflag=1
@ -223,11 +226,17 @@ do
ikepolicy="$OPTARG"
;;
t) tflag=1
time="$OPTARG"
ikelifetime="$OPTARG"
;;
T) Tflag=1
esplifetime="$OPTARG"
;;
s) sflag=1
secret="$OPTARG"
;;
d) dflag=1
dpd="$OPTARG"
;;
?) usage
unlock_exit 2 $lock $locked
;;
@ -249,6 +258,12 @@ do
done < /tmp/iflist
rightnets=${rightnets//,/ }
pfs="no"
echo "$esppolicy" | grep "modp" > /dev/null
if [ $? -eq 0 ]
then
pfs="yes"
fi
ret=0
#Firewall ports for one-to-one/static NAT

4
patches/systemvm/debian/config/opt/cloud/bin/vpc_staticroute.sh
View File

@ -60,11 +60,11 @@ restore_table() {
static_route() {
local rule=$1
if [ "$rule" == "none" ]
local ip=$(echo $rule | cut -d: -f1)
if [ $ip == "Revoke" ]
then
return 0
fi
local ip=$(echo $rule | cut -d: -f1)
local gateway=$(echo $rule | cut -d: -f2)
local cidr=$(echo $rule | cut -d: -f3)
logger -t cloud "$(basename $0): static route: public ip=$ip \

8
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -3927,7 +3927,9 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setIpsecPsk(result.getIpsecPsk());
response.setIkePolicy(result.getIkePolicy());
response.setEspPolicy(result.getEspPolicy());
response.setLifetime(result.getLifetime());
response.setIkeLifetime(result.getIkeLifetime());
response.setEspLifetime(result.getEspLifetime());
response.setDpd(result.getDpd());
response.setRemoved(result.getRemoved());
response.setObjectName("vpncustomergateway");
@ -3962,7 +3964,9 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setIpsecPsk(customerGateway.getIpsecPsk());
response.setIkePolicy(customerGateway.getIkePolicy());
response.setEspPolicy(customerGateway.getEspPolicy());
response.setLifetime(customerGateway.getLifetime());
response.setIkeLifetime(customerGateway.getIkeLifetime());
response.setEspLifetime(customerGateway.getEspLifetime());
response.setDpd(customerGateway.getDpd());
}
populateAccount(response, result.getAccountId());

43
server/src/com/cloud/network/Site2SiteCustomerGatewayVO.java
View File

@ -41,8 +41,14 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
@Column(name="esp_policy")
private String espPolicy;
@Column(name="lifetime")
private long lifetime;
@Column(name="ike_lifetime")
private long ikeLifetime;
@Column(name="esp_lifetime")
private long espLifetime;
@Column(name="dpd")
private boolean dpd;
@Column(name="domain_id")
private Long domainId;
@ -55,14 +61,17 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
public Site2SiteCustomerGatewayVO() { }
public Site2SiteCustomerGatewayVO(String name, long accountId, long domainId, String gatewayIp, String guestCidrList, String ipsecPsk, String ikePolicy, String espPolicy, long lifetime) {
public Site2SiteCustomerGatewayVO(String name, long accountId, long domainId, String gatewayIp, String guestCidrList, String ipsecPsk, String ikePolicy, String espPolicy,
long ikeLifetime, long espLifetime, boolean dpd) {
this.name = name;
this.gatewayIp = gatewayIp;
this.guestCidrList = guestCidrList;
this.ipsecPsk = ipsecPsk;
this.ikePolicy = ikePolicy;
this.espPolicy = espPolicy;
this.lifetime = lifetime;
this.ikeLifetime = ikeLifetime;
this.espLifetime = espLifetime;
this.dpd = dpd;
this.uuid = UUID.randomUUID().toString();
this.accountId = accountId;
this.domainId = domainId;
@ -119,12 +128,21 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
}
@Override
public Long getLifetime() {
return lifetime;
public Long getIkeLifetime() {
return ikeLifetime;
}
public void setLifetime(long lifetime) {
this.lifetime = lifetime;
public void setIkeLifetime(long ikeLifetime) {
this.ikeLifetime = ikeLifetime;
}
@Override
public Long getEspLifetime() {
return espLifetime;
}
public void setEspLifetime(long espLifetime) {
this.espLifetime = espLifetime;
}
@Override
@ -145,6 +163,15 @@ public class Site2SiteCustomerGatewayVO implements Site2SiteCustomerGateway {
this.espPolicy = espPolicy;
}
@Override
public Boolean getDpd() {
return dpd;
}
public void setDpd(boolean dpd) {
this.dpd = dpd;
}
public String getUuid() {
return uuid;
}

6
server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
View File

@ -908,8 +908,10 @@ VirtualMachineGuru<DomainRouterVO>, Listener {
}
if (router.getState() != State.Running) {
for (Site2SiteVpnConnectionVO conn : conns) {
conn.setState(Site2SiteVpnConnection.State.Disconnected);
_s2sVpnConnectionDao.persist(conn);
if (conn.getState() != Site2SiteVpnConnection.State.Error) {
conn.setState(Site2SiteVpnConnection.State.Disconnected);
_s2sVpnConnectionDao.persist(conn);
}
}
continue;
}

29
server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
View File

@ -859,15 +859,12 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
List<StaticRouteProfile> staticRouteProfiles = new ArrayList<StaticRouteProfile>(routes.size());
Map<Long, VpcGateway> gatewayMap = new HashMap<Long, VpcGateway>();
for (StaticRoute route : routes) {
if (route.getState() != StaticRoute.State.Revoke) {
//skip static route in revoke state
VpcGateway gateway = gatewayMap.get(route.getVpcGatewayId());
if (gateway == null) {
gateway = _vpcMgr.getVpcGateway(route.getVpcGatewayId());
gatewayMap.put(gateway.getId(), gateway);
}
staticRouteProfiles.add(new StaticRouteProfile(route, gateway));
VpcGateway gateway = gatewayMap.get(route.getVpcGatewayId());
if (gateway == null) {
gateway = _vpcMgr.getVpcGateway(route.getVpcGatewayId());
gatewayMap.put(gateway.getId(), gateway);
}
staticRouteProfiles.add(new StaticRouteProfile(route, gateway));
}
s_logger.debug("Found " + staticRouteProfiles.size() + " static routes to apply as a part of vpc route "
@ -1046,16 +1043,6 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
return true;
}
//exclude static route in Revoke state
Iterator<StaticRouteProfile> it = staticRoutes.iterator();
while (it.hasNext()) {
StaticRouteProfile profile = it.next();
if (profile.getState() == StaticRoute.State.Revoke) {
s_logger.debug("Not sending static route " + profile + " because its in " + StaticRoute.State.Revoke + " state");
it.remove();
}
}
boolean result = true;
for (VirtualRouter router : routers) {
if (router.getState() == State.Running) {
@ -1135,10 +1122,12 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
String ipsecPsk = gw.getIpsecPsk();
String ikePolicy = gw.getIkePolicy();
String espPolicy = gw.getEspPolicy();
Long lifetime = gw.getLifetime();
Long ikeLifetime = gw.getIkeLifetime();
Long espLifetime = gw.getEspLifetime();
Boolean dpd = gw.getDpd();
Site2SiteVpnCfgCommand cmd = new Site2SiteVpnCfgCommand(isCreate, localPublicIp, localPublicGateway, localGuestCidr,
peerGatewayIp, peerGuestCidrList, ikePolicy, espPolicy, lifetime, ipsecPsk);
peerGatewayIp, peerGuestCidrList, ikePolicy, espPolicy, ipsecPsk, ikeLifetime, espLifetime, dpd);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());

47
server/src/com/cloud/network/vpc/VpcManagerImpl.java
View File

@ -1005,7 +1005,11 @@ public class VpcManagerImpl implements VpcManager, Manager{
}
@DB
protected void validateNewVpcGuestNetwork(String cidr, String gateway, Account networkOwner, Vpc vpc, String networkDomain) {
Transaction txn = Transaction.currentTxn();
txn.start();
Vpc locked = _vpcDao.acquireInLockTable(vpc.getId());
if (locked == null) {
throw new CloudRuntimeException("Unable to acquire lock on " + vpc);
@ -1070,7 +1074,7 @@ public class VpcManagerImpl implements VpcManager, Manager{
throw new InvalidParameterValueException("Invalid gateway specified. It should never be equal to the cidr broadcast ip", null);
}
txn.commit();
} finally {
s_logger.debug("Releasing lock for " + locked);
_vpcDao.releaseFromLockTable(locked.getId());
@ -1258,16 +1262,14 @@ public class VpcManagerImpl implements VpcManager, Manager{
@Override
@DB
public PrivateGateway applyVpcPrivateGateway(Long gatewayId) throws ConcurrentOperationException, ResourceUnavailableException {
VpcGatewayVO vo = _vpcGatewayDao.acquireInLockTable(gatewayId);
if (vo == null) {
throw new ConcurrentOperationException("Unable to lock gateway " + gatewayId);
}
public PrivateGateway applyVpcPrivateGateway(long gatewayId, boolean destroyOnFailure) throws ConcurrentOperationException, ResourceUnavailableException {
VpcGatewayVO vo = _vpcGatewayDao.findById(gatewayId);
boolean success = false;
try {
PrivateGateway gateway = getVpcPrivateGateway(gatewayId);
if (getVpcElement().createPrivateGateway(gateway)) {
success = getVpcElement().createPrivateGateway(gateway);
if (success) {
s_logger.debug("Private gateway " + gateway + " was applied succesfully on the backend");
if (vo.getState() != VpcGateway.State.Ready) {
vo.setState(VpcGateway.State.Ready);
@ -1280,32 +1282,45 @@ public class VpcManagerImpl implements VpcManager, Manager{
return null;
}
} finally {
if (vo != null) {
_vpcGatewayDao.releaseFromLockTable(gatewayId);
//do cleanup
if (!success) {
if (destroyOnFailure) {
s_logger.debug("Destroying private gateway " + vo + " that failed to start");
if (deleteVpcPrivateGateway(gatewayId)) {
s_logger.warn("Successfully destroyed vpc " + vo + " that failed to start");
} else {
s_logger.warn("Failed to destroy vpc " + vo + " that failed to start");
}
}
}
}
}
}
@Override
@ActionEvent(eventType = EventTypes.EVENT_PRIVATE_GATEWAY_DELETE, eventDescription = "deleting private gateway")
@DB
public boolean deleteVpcPrivateGateway(Long gatewayId) throws ConcurrentOperationException, ResourceUnavailableException {
public boolean deleteVpcPrivateGateway(long gatewayId) throws ConcurrentOperationException, ResourceUnavailableException {
Transaction txn = Transaction.currentTxn();
txn.start();
VpcGatewayVO gatewayVO = _vpcGatewayDao.acquireInLockTable(gatewayId);
if (gatewayVO == null || gatewayVO.getType() != VpcGateway.Type.Private) {
throw new ConcurrentOperationException("Unable to lock gateway " + gatewayId);
}
try {
_vpcGatewayDao.update(gatewayVO.getId(), gatewayVO);
s_logger.debug("Marked gateway " + gatewayVO + " with state " + VpcGateway.State.Deleting);
try {
//don't allow to remove gateway when there are static routes associated with it
long routeCount = _staticRouteDao.countRoutesByGateway(gatewayVO.getId());
if (routeCount > 0) {
throw new CloudRuntimeException("Can't delete private gateway " + gatewayVO + " as it has " + routeCount +
" static routes applied. Remove the routes first");
}
gatewayVO.setState(VpcGateway.State.Deleting);
_vpcGatewayDao.update(gatewayVO.getId(), gatewayVO);
s_logger.debug("Marked gateway " + gatewayVO + " with state " + VpcGateway.State.Deleting);
txn.commit();
//1) delete the gateway on the backend
PrivateGateway gateway = getVpcPrivateGateway(gatewayId);

67
server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
View File

@ -161,14 +161,29 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
if (!NetUtils.isValidS2SVpnPolicy(espPolicy)) {
throw new InvalidParameterValueException("The customer gateway ESP policy " + espPolicy + " is invalid!", null);
}
Long lifetime = cmd.getLifetime();
if (lifetime == null) {
Long ikeLifetime = cmd.getIkeLifetime();
if (ikeLifetime == null) {
// Default value of lifetime is 1 day
lifetime = (long) 86400;
ikeLifetime = (long) 86400;
}
if (lifetime > 86400) {
throw new InvalidParameterValueException("The lifetime " + lifetime + " of vpn connection is invalid!", null);
if (ikeLifetime > 86400) {
throw new InvalidParameterValueException("The IKE lifetime " + ikeLifetime + " of vpn connection is invalid!", null);
}
Long espLifetime = cmd.getEspLifetime();
if (espLifetime == null) {
// Default value of lifetime is 1 day
espLifetime = (long) 3600;
}
if (espLifetime > 86400) {
throw new InvalidParameterValueException("The ESP lifetime " + espLifetime + " of vpn connection is invalid!", null);
}
Boolean dpd = cmd.getDpd();
if (dpd == null) {
dpd = false;
}
if (_customerGatewayDao.findByGatewayIp(gatewayIp) != null) {
throw new InvalidParameterValueException("The customer gateway with ip " + gatewayIp + " already existed!", null);
}
@ -176,7 +191,7 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
throw new InvalidParameterValueException("The customer gateway with name " + name + " already existed!", null);
}
Site2SiteCustomerGatewayVO gw = new Site2SiteCustomerGatewayVO(name, owner.getAccountId(), owner.getDomainId(), gatewayIp, guestCidrList, ipsecPsk,
ikePolicy, espPolicy, lifetime);
ikePolicy, espPolicy, ikeLifetime, espLifetime, dpd);
_customerGatewayDao.persist(gw);
return gw;
}
@ -263,10 +278,8 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
}
@Override
public IpAddress getVpnGatewayIp(Long vpnGatewayId) {
Site2SiteVpnGatewayVO gateway = _vpnGatewayDao.findById(vpnGatewayId);
IpAddress ip = _networkMgr.getIp(gateway.getAddrId());
return ip;
public Site2SiteVpnGateway getVpnGateway(Long vpnGatewayId) {
return _vpnGatewayDao.findById(vpnGatewayId);
}
@Override
@ -348,10 +361,14 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
}
}
}
String name = cmd.getName();
String gatewayIp = cmd.getGatewayIp();
if (!NetUtils.isValidIp(gatewayIp)) {
throw new InvalidParameterValueException("The customer gateway ip " + gatewayIp + " is invalid!", null);
}
if (name == null) {
name = "VPN-" + gatewayIp;
}
String guestCidrList = cmd.getGuestCidrList();
if (!NetUtils.validateGuestCidrList(guestCidrList)) {
throw new InvalidParameterValueException("The customer gateway guest cidr list " + guestCidrList + " contains invalid guest cidr!", null);
@ -365,20 +382,38 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
if (!NetUtils.isValidS2SVpnPolicy(espPolicy)) {
throw new InvalidParameterValueException("The customer gateway ESP policy" + espPolicy + " is invalid!", null);
}
Long lifetime = cmd.getLifetime();
if (lifetime == null) {
Long ikeLifetime = cmd.getIkeLifetime();
if (ikeLifetime == null) {
// Default value of lifetime is 1 day
lifetime = (long) 86400;
ikeLifetime = (long) 86400;
}
if (lifetime > 86400) {
throw new InvalidParameterValueException("The lifetime " + lifetime + " of vpn connection is invalid!", null);
if (ikeLifetime > 86400) {
throw new InvalidParameterValueException("The IKE lifetime " + ikeLifetime + " of vpn connection is invalid!", null);
}
Long espLifetime = cmd.getEspLifetime();
if (espLifetime == null) {
// Default value of lifetime is 1 day
espLifetime = (long) 3600;
}
if (espLifetime > 86400) {
throw new InvalidParameterValueException("The ESP lifetime " + espLifetime + " of vpn connection is invalid!", null);
}
Boolean dpd = cmd.getDpd();
if (dpd == null) {
dpd = false;
}
gw.setName(name);
gw.setGatewayIp(gatewayIp);
gw.setGuestCidrList(guestCidrList);
gw.setIkePolicy(ikePolicy);
gw.setEspPolicy(espPolicy);
gw.setIpsecPsk(ipsecPsk);
gw.setLifetime(lifetime);
gw.setIkeLifetime(ikeLifetime);
gw.setEspLifetime(espLifetime);
gw.setDpd(dpd);
_customerGatewayDao.persist(gw);
return gw;
}

4
setup/db/create-schema.sql
View File

@ -2170,7 +2170,9 @@ CREATE TABLE `cloud`.`s2s_customer_gateway` (
`ipsec_psk` varchar(256),
`ike_policy` varchar(30) NOT NULL,
`esp_policy` varchar(30) NOT NULL,
`lifetime` int,
`ike_lifetime` int NOT NULL DEFAULT 86400,
`esp_lifetime` int NOT NULL DEFAULT 3600,
`dpd` int(1) NOT NULL DEFAULT 0,
`domain_id` bigint unsigned NOT NULL,
`account_id` bigint unsigned NOT NULL,
`removed` datetime COMMENT 'date removed if not null',

4
setup/db/db/schema-304to305.sql
View File

@ -312,7 +312,9 @@ CREATE TABLE `cloud`.`s2s_customer_gateway` (
`ipsec_psk` varchar(256),
`ike_policy` varchar(30) NOT NULL,
`esp_policy` varchar(30) NOT NULL,
`lifetime` int,
`ike_lifetime` int NOT NULL DEFAULT 86400,
`esp_lifetime` int NOT NULL DEFAULT 3600,
`dpd` int(1) NOT NULL DEFAULT 0,
`domain_id` bigint unsigned NOT NULL,
`account_id` bigint unsigned NOT NULL,
`removed` datetime COMMENT 'date removed if not null',

7
utils/src/com/cloud/utils/net/NetUtils.java
View File

@ -1109,8 +1109,7 @@ public class NetUtils {
if (policy.isEmpty()) {
return false;
}
//String cipherHash = policy.split(";")[0];
String cipherHash = policy;
String cipherHash = policy.split(";")[0];
if (cipherHash.isEmpty()) {
return false;
}
@ -1126,15 +1125,13 @@ public class NetUtils {
if (!hash.matches("md5|sha1")) {
return false;
}
/* Disable pfsGroup support, see CS-15511
String pfsGroup = null;
if (!policy.equals(cipherHash)) {
pfsGroup = policy.split(";")[1];
}
if (pfsGroup != null && !pfsGroup.matches("modp1024|modp1536")) {
if (pfsGroup != null && !pfsGroup.matches("modp1024|modp1536|")) {
return false;
}
*/
}
return true;
}

10
utils/test/com/cloud/utils/net/NetUtilsTest.java
View File

@ -50,12 +50,12 @@ public class NetUtilsTest extends TestCase {
}
public void testVpnPolicy() {
assertTrue(NetUtils.isValidS2SVpnPolicy("aes-sha1"));
assertTrue(NetUtils.isValidS2SVpnPolicy("aes128-sha1"));
assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1"));
assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1"));
assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024"));
assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024,aes-sha1;modp1536"));
assertFalse(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1;modp1536"));
assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes256-sha1"));
assertTrue(NetUtils.isValidS2SVpnPolicy("3des-md5;modp1024"));
assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes128-sha1;modp1536"));
assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024,aes128-sha1;modp1536"));
assertFalse(NetUtils.isValidS2SVpnPolicy("des-sha1"));
assertFalse(NetUtils.isValidS2SVpnPolicy("abc-123,ase-sha1"));
assertFalse(NetUtils.isValidS2SVpnPolicy("de-sh,aes-sha1"));