diff --git a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java index f6e7b0eb2d2..55c454860ef 100644 --- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java +++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java @@ -18,6 +18,7 @@ package com.cloud.network.dao; import java.util.List; +import com.cloud.utils.db.DB; import com.cloud.utils.db.GenericDao; public interface FirewallRulesCidrsDao extends GenericDao { @@ -26,4 +27,6 @@ public interface FirewallRulesCidrsDao extends GenericDao getSourceCidrs(long firewallRuleId); + @DB + List listByFirewallRuleId(long firewallRuleId); } diff --git a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java index 8c0c468f65b..9f288003499 100644 --- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java +++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java @@ -39,6 +39,7 @@ public class FirewallRulesCidrsDaoImpl extends GenericDaoBase listByFirewallRuleId(long firewallRuleId) { + SearchCriteria sc = CidrsSearch.create(); + sc.setParameters("firewallRuleId", firewallRuleId); + + List results = search(sc, null); + + return results; + } + @Override @DB public void persist(long firewallRuleId, List sourceCidrs) { diff --git a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java index e6871bb35ad..ce50e170c64 100644 --- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java +++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java @@ -64,4 +64,8 @@ public class FirewallRulesCidrsVO implements InternalIdentity { return sourceCidrList; } + public void setSourceCidrList(String sourceCidrList) { + this.sourceCidrList = sourceCidrList; + } + } diff --git a/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java b/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java index ec02a30ae41..414eb7b6543 100644 --- a/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java +++ b/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java @@ -47,6 +47,11 @@ import com.cloud.network.dao.IPAddressDao; import com.cloud.network.dao.IPAddressVO; import com.cloud.network.dao.NetworkDao; import com.cloud.network.dao.NetworkVO; +import com.cloud.network.dao.FirewallRulesCidrsDao; +import com.cloud.network.dao.FirewallRulesDao; +import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.FirewallRuleVO; +import com.cloud.network.dao.FirewallRulesCidrsVO; import com.cloud.network.rules.PortForwardingRuleVO; import com.cloud.network.rules.dao.PortForwardingRulesDao; import com.cloud.offering.NetworkOffering; @@ -76,6 +81,10 @@ public class ExternalGuestNetworkGuru extends GuestNetworkGuru { IPAddressDao _ipAddressDao; @Inject IpAddressManager _ipAddrMgr; + @Inject + FirewallRulesDao _fwRulesDao; + @Inject + FirewallRulesCidrsDao _fwRulesCidrDao; public ExternalGuestNetworkGuru() { super(); @@ -203,6 +212,29 @@ public class ExternalGuestNetworkGuru extends GuestNetworkGuru { } } + //Egress rules cidr is subset of guest nework cidr, we need to change + List fwEgressRules = _fwRulesDao.listByNetworkPurposeTrafficType(config.getId(), FirewallRule.Purpose.Firewall, FirewallRule.TrafficType.Egress); + + for (FirewallRuleVO rule: fwEgressRules) { + //get the cidr list for this rule + List fwRuleCidrsVo = _fwRulesCidrDao.listByFirewallRuleId(rule.getId()); + + for (FirewallRulesCidrsVO ruleCidrvo: fwRuleCidrsVo) { + String cidr = ruleCidrvo.getCidr(); + String cidrAddr = cidr.split("/")[0]; + String size = cidr.split("/")[1]; + + long ipMask = getIpMask(cidrAddr, cidrSize); + String newIp = NetUtils.long2Ip(newCidrAddress | ipMask); + String updatedCidr = newIp+"/"+size; + + ruleCidrvo.setSourceCidrList(updatedCidr); + _fwRulesCidrDao.update(ruleCidrvo.getId(), ruleCidrvo); + } + + } + + return implemented; }