From e5fd090053e93ca02729e9344f95b6890a4c3cac Mon Sep 17 00:00:00 2001
From: anthony <anthony@cloud.com>
Date: Wed, 20 Jun 2012 17:52:45 -0700
Subject: [PATCH] VPC : completed setupNetworkACLCommand

---
 .../api/routing/SetNetworkACLCommand.java     | 54 +++++++++++++++++++
 .../xen/resource/CitrixResourceBase.java      | 37 ++++++++++++-
 2 files changed, 89 insertions(+), 2 deletions(-)

diff --git a/api/src/com/cloud/agent/api/routing/SetNetworkACLCommand.java b/api/src/com/cloud/agent/api/routing/SetNetworkACLCommand.java
index f26e337f65b..abef84aef38 100644
--- a/api/src/com/cloud/agent/api/routing/SetNetworkACLCommand.java
+++ b/api/src/com/cloud/agent/api/routing/SetNetworkACLCommand.java
@@ -12,8 +12,11 @@
 // Automatically generated by addcopyright.py at 04/03/2012
 package com.cloud.agent.api.routing;
 
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
+import com.cloud.agent.api.to.FirewallRuleTO;
 import com.cloud.agent.api.to.NetworkACLTO;
 
 /**
@@ -32,4 +35,55 @@ public class SetNetworkACLCommand extends NetworkElementCommand{
     public NetworkACLTO[] getRules() {
         return rules;
     }
+    public String[][] generateFwRules() {
+        String [][] result = new String [2][];
+        Set<String> toAdd = new HashSet<String>();
+
+        
+        for (NetworkACLTO aclTO: rules) {
+        /*  example  :  Ingress:tcp:80:80:0.0.0.0/0:,Egress:tcp:220:220:0.0.0.0/0:, 
+         *  each entry format      Ingress/Egress:protocol:start port: end port:scidrs:
+         *  reverted entry format  Ingress/Egress:reverted:0:0:0:
+         */
+            if (aclTO.revoked() == true) 
+            {
+                StringBuilder sb = new StringBuilder();
+                /* This entry is added just to make sure atleast there will one entry in the list to get the ipaddress */
+                sb.append(aclTO.getTrafficType().toString()).append(":reverted:0:0:0:"); 
+                String fwRuleEntry = sb.toString();
+                toAdd.add(fwRuleEntry);
+                continue;
+            }
+            
+            List<String> cidr;
+            StringBuilder sb = new StringBuilder();
+            sb.append(aclTO.getTrafficType().toString()).append(":").append(aclTO.getProtocol()).append(":");
+            if ("icmp".compareTo(aclTO.getProtocol()) == 0)
+            {
+                sb.append(aclTO.getIcmpType()).append(":").append(aclTO.getIcmpCode()).append(":");
+            } else {
+                sb.append(aclTO.getStringPortRange()).append(":");
+            }
+            cidr = aclTO.getSourceCidrList();
+            if (cidr == null || cidr.isEmpty())
+            {
+                sb.append("0.0.0.0/0");
+            }else{
+                Boolean firstEntry = true;
+                for (String tag : cidr) {
+                    if (!firstEntry) sb.append("-"); 
+                   sb.append(tag);
+                   firstEntry = false;
+                }
+            }
+            sb.append(":");
+            String aclRuleEntry = sb.toString();
+        
+            toAdd.add(aclRuleEntry);
+            
+        }
+        result[0] = toAdd.toArray(new String[toAdd.size()]);
+        
+        return result;
+    }
 }
diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
index bcff1bc6024..e334d1243e2 100644
--- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@@ -167,6 +167,7 @@ import com.cloud.agent.api.storage.DestroyCommand;
 import com.cloud.agent.api.storage.PrimaryStorageDownloadAnswer;
 import com.cloud.agent.api.storage.PrimaryStorageDownloadCommand;
 import com.cloud.agent.api.to.IpAddressTO;
+import com.cloud.agent.api.to.NetworkACLTO;
 import com.cloud.agent.api.to.NicTO;
 import com.cloud.agent.api.to.PortForwardingRuleTO;
 import com.cloud.agent.api.to.StaticNatRuleTO;
@@ -7280,8 +7281,40 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
     }
 
     private SetNetworkACLAnswer execute(SetNetworkACLCommand cmd) {
-        // TODO - add implementation logic here
-        return null;
+        String[] results = new String[cmd.getRules().length];
+        String callResult;
+        Connection conn = getConnection();
+        String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
+
+        if (routerIp == null) {
+            return new SetNetworkACLAnswer(cmd, false, results);
+        }
+
+        String [][] rules = cmd.generateFwRules();
+        StringBuilder sb = new StringBuilder();
+        String[] aclRules = rules[0];
+        if (aclRules.length == 0) {
+            return new SetNetworkACLAnswer(cmd, true, results);
+        }
+        
+        for (int i = 0; i < aclRules.length; i++) {
+            sb.append(aclRules[i]).append(',');
+        }
+        
+        String args = "vpc_acl.sh " + routerIp;
+        args += routerIp + " -F ";
+        args += " -a " + sb.toString();
+
+        callResult = callHostPlugin(conn, "vmops", "routerProxy", "args", args);
+
+        if (callResult == null || callResult.isEmpty()) {
+            //FIXME - in the future we have to process each rule separately; now we temporarily set every rule to be false if single rule fails
+            for (int i=0; i < results.length; i++) {
+                results[i] = "Failed";
+            }
+            return new SetNetworkACLAnswer(cmd, false, results);
+        }
+        return new SetNetworkACLAnswer(cmd, true, results);
     }
 
     protected SetPortForwardingRulesAnswer execute(SetPortForwardingRulesVpcCommand cmd) {