etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-5417 Updating egress firewall rules CiDR on external network restart

This commit is contained in:
Jayapal 2013-12-13 14:45:44 +05:30
parent db2b8d9b0d
commit bd54ed8071
4 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java
View File

@ -18,6 +18,7 @@ package com.cloud.network.dao;
import java.util.List;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.GenericDao;
public interface FirewallRulesCidrsDao extends GenericDao<FirewallRulesCidrsVO, Long> {
@ -26,4 +27,6 @@ public interface FirewallRulesCidrsDao extends GenericDao<FirewallRulesCidrsVO,
List<String> getSourceCidrs(long firewallRuleId);
@DB
List<FirewallRulesCidrsVO> listByFirewallRuleId(long firewallRuleId);
}

11
engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java
View File

@ -39,6 +39,7 @@ public class FirewallRulesCidrsDaoImpl extends GenericDaoBase<FirewallRulesCidrs
protected FirewallRulesCidrsDaoImpl() {
CidrsSearch = createSearchBuilder();
CidrsSearch.and("firewallRuleId", CidrsSearch.entity().getFirewallRuleId(), SearchCriteria.Op.EQ);
CidrsSearch.and("firewallRuleId", CidrsSearch.entity().getId(), SearchCriteria.Op.EQ);
CidrsSearch.done();
}
@ -57,6 +58,16 @@ public class FirewallRulesCidrsDaoImpl extends GenericDaoBase<FirewallRulesCidrs
return cidrs;
}
@Override @DB
public List<FirewallRulesCidrsVO> listByFirewallRuleId(long firewallRuleId) {
SearchCriteria<FirewallRulesCidrsVO> sc = CidrsSearch.create();
sc.setParameters("firewallRuleId", firewallRuleId);
List<FirewallRulesCidrsVO> results = search(sc, null);
return results;
}
@Override
@DB
public void persist(long firewallRuleId, List<String> sourceCidrs) {

4
engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java
View File

@ -64,4 +64,8 @@ public class FirewallRulesCidrsVO implements InternalIdentity {
return sourceCidrList;
}
public void setSourceCidrList(String sourceCidrList) {
this.sourceCidrList = sourceCidrList;
}
}

32
server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java
View File

@ -47,6 +47,11 @@ import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.IPAddressVO;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.NetworkVO;
import com.cloud.network.dao.FirewallRulesCidrsDao;
import com.cloud.network.dao.FirewallRulesDao;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.FirewallRuleVO;
import com.cloud.network.dao.FirewallRulesCidrsVO;
import com.cloud.network.rules.PortForwardingRuleVO;
import com.cloud.network.rules.dao.PortForwardingRulesDao;
import com.cloud.offering.NetworkOffering;
@ -76,6 +81,10 @@ public class ExternalGuestNetworkGuru extends GuestNetworkGuru {
IPAddressDao _ipAddressDao;
@Inject
IpAddressManager _ipAddrMgr;
@Inject
FirewallRulesDao _fwRulesDao;
@Inject
FirewallRulesCidrsDao _fwRulesCidrDao;
public ExternalGuestNetworkGuru() {
super();
@ -203,6 +212,29 @@ public class ExternalGuestNetworkGuru extends GuestNetworkGuru {
}
}
//Egress rules cidr is subset of guest nework cidr, we need to change
List <FirewallRuleVO> fwEgressRules = _fwRulesDao.listByNetworkPurposeTrafficType(config.getId(), FirewallRule.Purpose.Firewall, FirewallRule.TrafficType.Egress);
for (FirewallRuleVO rule: fwEgressRules) {
//get the cidr list for this rule
List<FirewallRulesCidrsVO> fwRuleCidrsVo = _fwRulesCidrDao.listByFirewallRuleId(rule.getId());
for (FirewallRulesCidrsVO ruleCidrvo: fwRuleCidrsVo) {
String cidr = ruleCidrvo.getCidr();
String cidrAddr = cidr.split("/")[0];
String size = cidr.split("/")[1];
long ipMask = getIpMask(cidrAddr, cidrSize);
String newIp = NetUtils.long2Ip(newCidrAddress | ipMask);
String updatedCidr = newIp+"/"+size;
ruleCidrvo.setSourceCidrList(updatedCidr);
_fwRulesCidrDao.update(ruleCidrvo.getId(), ruleCidrvo);
}
}
return implemented;
}