Package org.midonet.client.resource

Examples of org.midonet.client.resource.Rule

696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
                    String[] ruleStrings = fwRule.toStringArray();

                    if (rule.getState() == FirewallRule.State.Revoke) {
                        // Lookup in existingRules, delete if present
                        for(String revokeRuleString : ruleStrings){
                            Rule foundRule = existingRules.get(revokeRuleString);
                            if(foundRule != null){
                                foundRule.delete();
                            }
                        }
                    } else if (rule.getState() == FirewallRule.State.Add) {
                        // Lookup in existingRules, add if not present
                        for(int i = 0; i < ruleStrings.length; i++){
                            String ruleString = ruleStrings[i];
                            Rule foundRule = existingRules.get(ruleString);
                            if(foundRule == null){
                                // Get the cidr for the related entry in the Source Cidrs list
                                String relatedCidr = fwRule.sourceCidrs.get(i);
                                Pair<String,Integer> cidrParts = NetUtils.getCidr(relatedCidr);

                                // Create rule with correct proto, cidr, ACCEPT, dst IP
                                Rule toApply = preFilter.addRule()
                                        .type(DtoRule.Jump)
                                        .jumpChainId(preNat.getId())
                                        .position(1)
                                        .nwSrcAddress(cidrParts.first())
                                        .nwSrcLength(cidrParts.second())
                                        .nwDstAddress(ruleTO.getSrcIp())
                                        .nwDstLength(32)
                                        .nwProto(SimpleFirewallRule.stringToProtocolNumber(rule.getProtocol()));

                                if(rule.getProtocol().equals("icmp")){
                                    // ICMP rules - reuse port fields
                                    // (-1, -1) means "allow all ICMP", so we don't set tpSrc / tpDst
                                    if(fwRule.icmpType != -1 | fwRule.icmpCode != -1){
                                        toApply.tpSrc(new DtoRange(fwRule.icmpType, fwRule.icmpType))
                                            .tpDst(new DtoRange(fwRule.icmpCode, fwRule.icmpCode));
                                    }
                                } else {
                                    toApply.tpDst(new DtoRange(fwRule.dstPortStart, fwRule.dstPortEnd));
                                }

                                toApply.create();
                            }
                        }
                    }
                }
            }
View Full Code Here
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
                 * Lookup in existingRules, delete if present
                 * We need to delete from both the preNat table and the
                 * postNat table.
                 */
                for(String revokeRuleString : ruleStrings){
                    Rule foundPreNatRule = existingPreNatRules.get(revokeRuleString);
                    if(foundPreNatRule != null){
                        String ip = foundPreNatRule.getNwDstAddress();
                        // is this the last rule associated with this IP?
                        Integer cnt = ipRuleCounts.get(ip);
                        if (cnt != null) {
                            if (cnt == 1) {
                                ipRuleCounts.remove(ip);
                                // no more rules for this IP. delete the route.
                                Route route = routes.remove(ip);
                                route.delete();
                            } else {
                                ipRuleCounts.put(ip, new Integer(ipRuleCounts.get(ip).intValue() - 1));
                            }
                        }
                        foundPreNatRule.delete();
                    }
                }
            } else if (rule.getState() == FirewallRule.State.Add) {
                for(int i = 0; i < ruleStrings.length; i++){
                    String ruleString = ruleStrings[i];
                    Rule foundRule = existingPreNatRules.get(ruleString);
                    if(foundRule == null){

                        String vmIp = ruleTO.getDstIp();
                        String publicIp = dstIp.getAddress().addr();
                        int privPortStart = ruleTO.getDstPortRange()[0];
                        int privPortEnd = ruleTO.getDstPortRange()[1];
                        int pubPortStart = ruleTO.getSrcPortRange()[0];
                        int pubPortEnd = ruleTO.getSrcPortRange()[1];

                        DtoRule.DtoNatTarget[] preTargets = new DtoRule.DtoNatTarget[]{
                            new DtoRule.DtoNatTarget(vmIp, vmIp, privPortStart, privPortEnd)};

                        Rule preNatRule = preNat.addRule()
                            .type(DtoRule.DNAT)
                            .flowAction(DtoRule.Accept)
                            .nwDstAddress(publicIp)
                            .nwDstLength(32)
                            .tpDst(new DtoRange(pubPortStart, pubPortEnd))
                            .natTargets(preTargets)
                            .nwProto(SimpleFirewallRule.stringToProtocolNumber(rule.getProtocol()))
                            .position(1);

                        Integer cnt = ipRuleCounts.get(publicIp);
                        if (cnt != null) {
                            ipRuleCounts.put(publicIp, new Integer(cnt.intValue() + 1));
                        } else {
                            ipRuleCounts.put(publicIp, new Integer(1));
                        }
                        String preNatRuleStr = new SimpleFirewallRule(preNatRule).toStringArray()[0];
                        existingPreNatRules.put(preNatRuleStr, preNatRule);
                        preNatRule.create();

                        if (routes.get(publicIp) == null) {
                            Route route = providerRouter.addRoute()
                                            .type("Normal")
                                            .weight(100)
View Full Code Here
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
                    String[] ruleStrings = fwRule.toStringArray();

                    if (rule.getState() == FirewallRule.State.Revoke) {
                        // Lookup in existingRules, delete if present
                        for (String revokeRuleString : ruleStrings) {
                            Rule foundRule = existingRules.get(revokeRuleString);
                            if (foundRule != null) {
                                foundRule.delete();
                            }
                        }
                    } else if (rule.getState() == FirewallRule.State.Add) {
                        // Lookup in existingRules, add if not present
                        for (int i = 0; i < ruleStrings.length; i++) {
                            String ruleString = ruleStrings[i];
                            Rule foundRule = existingRules.get(ruleString);
                            if (foundRule == null) {
                                // Get the cidr for the related entry in the Source Cidrs list
                                String relatedCidr = fwRule.sourceCidrs.get(i);
                                Pair<String, Integer> cidrParts = NetUtils.getCidr(relatedCidr);

                                // Create rule with correct proto, cidr, ACCEPT, dst IP
                                Rule toApply =
                                    preFilter.addRule()
                                        .type(DtoRule.Jump)
                                        .jumpChainId(preNat.getId())
                                        .position(1)
                                        .nwSrcAddress(cidrParts.first())
                                        .nwSrcLength(cidrParts.second())
                                        .nwDstAddress(ruleTO.getSrcIp())
                                        .nwDstLength(32)
                                        .nwProto(SimpleFirewallRule.stringToProtocolNumber(rule.getProtocol()));

                                if (rule.getProtocol().equals("icmp")) {
                                    // ICMP rules - reuse port fields
                                    // (-1, -1) means "allow all ICMP", so we don't set tpSrc / tpDst
                                    if (fwRule.icmpType != -1 | fwRule.icmpCode != -1) {
                                        toApply.tpSrc(new DtoRange(fwRule.icmpType, fwRule.icmpType)).tpDst(new DtoRange(fwRule.icmpCode, fwRule.icmpCode));
                                    }
                                } else {
                                    toApply.tpDst(new DtoRange(fwRule.dstPortStart, fwRule.dstPortEnd));
                                }

                                toApply.create();
                            }
                        }
                    }
                }
            }
View Full Code Here
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
                 * Lookup in existingRules, delete if present
                 * We need to delete from both the preNat table and the
                 * postNat table.
                 */
                for (String revokeRuleString : ruleStrings) {
                    Rule foundPreNatRule = existingPreNatRules.get(revokeRuleString);
                    if (foundPreNatRule != null) {
                        String ip = foundPreNatRule.getNwDstAddress();
                        // is this the last rule associated with this IP?
                        Integer cnt = ipRuleCounts.get(ip);
                        if (cnt != null) {
                            if (cnt == 1) {
                                ipRuleCounts.remove(ip);
                                // no more rules for this IP. delete the route.
                                Route route = routes.remove(ip);
                                route.delete();
                            } else {
                                ipRuleCounts.put(ip, new Integer(ipRuleCounts.get(ip).intValue() - 1));
                            }
                        }
                        foundPreNatRule.delete();
                    }
                }
            } else if (rule.getState() == FirewallRule.State.Add) {
                for (int i = 0; i < ruleStrings.length; i++) {
                    String ruleString = ruleStrings[i];
                    Rule foundRule = existingPreNatRules.get(ruleString);
                    if (foundRule == null) {

                        String vmIp = ruleTO.getDstIp();
                        String publicIp = dstIp.getAddress().addr();
                        int privPortStart = ruleTO.getDstPortRange()[0];
                        int privPortEnd = ruleTO.getDstPortRange()[1];
                        int pubPortStart = ruleTO.getSrcPortRange()[0];
                        int pubPortEnd = ruleTO.getSrcPortRange()[1];

                        DtoRule.DtoNatTarget[] preTargets = new DtoRule.DtoNatTarget[] {new DtoRule.DtoNatTarget(vmIp, vmIp, privPortStart, privPortEnd)};

                        Rule preNatRule =
                            preNat.addRule()
                                .type(DtoRule.DNAT)
                                .flowAction(DtoRule.Accept)
                                .nwDstAddress(publicIp)
                                .nwDstLength(32)
                                .tpDst(new DtoRange(pubPortStart, pubPortEnd))
                                .natTargets(preTargets)
                                .nwProto(SimpleFirewallRule.stringToProtocolNumber(rule.getProtocol()))
                                .position(1);

                        Integer cnt = ipRuleCounts.get(publicIp);
                        if (cnt != null) {
                            ipRuleCounts.put(publicIp, new Integer(cnt.intValue() + 1));
                        } else {
                            ipRuleCounts.put(publicIp, new Integer(1));
                        }
                        String preNatRuleStr = new SimpleFirewallRule(preNatRule).toStringArray()[0];
                        existingPreNatRules.put(preNatRuleStr, preNatRule);
                        preNatRule.create();

                        if (routes.get(publicIp) == null) {
                            Route route =
                                providerRouter.addRoute()
                                    .type("Normal")
View Full Code Here
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
                    String[] ruleStrings = fwRule.toStringArray();

                    if (rule.getState() == FirewallRule.State.Revoke) {
                        // Lookup in existingRules, delete if present
                        for(String revokeRuleString : ruleStrings){
                            Rule foundRule = existingRules.get(revokeRuleString);
                            if(foundRule != null){
                                foundRule.delete();
                            }
                        }
                    } else if (rule.getState() == FirewallRule.State.Add) {
                        // Lookup in existingRules, add if not present
                        for(int i = 0; i < ruleStrings.length; i++){
                            String ruleString = ruleStrings[i];
                            Rule foundRule = existingRules.get(ruleString);
                            if(foundRule == null){
                                // Get the cidr for the related entry in the Source Cidrs list
                                String relatedCidr = fwRule.sourceCidrs.get(i);
                                Pair<String,Integer> cidrParts = NetUtils.getCidr(relatedCidr);

                                // Create rule with correct proto, cidr, ACCEPT, dst IP
                                Rule toApply = preFilter.addRule()
                                        .type(DtoRule.Jump)
                                        .jumpChainId(preNat.getId())
                                        .position(1)
                                        .nwSrcAddress(cidrParts.first())
                                        .nwSrcLength(cidrParts.second())
                                        .nwDstAddress(ruleTO.getSrcIp())
                                        .nwDstLength(32)
                                        .nwProto(SimpleFirewallRule.stringToProtocolNumber(rule.getProtocol()));

                                if(rule.getProtocol().equals("icmp")){
                                    // ICMP rules - reuse port fields
                                    // (-1, -1) means "allow all ICMP", so we don't set tpSrc / tpDst
                                    if(fwRule.icmpType != -1 | fwRule.icmpCode != -1){
                                        toApply.tpSrc(new DtoRange(fwRule.icmpType, fwRule.icmpType))
                                            .tpDst(new DtoRange(fwRule.icmpCode, fwRule.icmpCode));
                                    }
                                } else {
                                    toApply.tpDst(new DtoRange(fwRule.dstPortStart, fwRule.dstPortEnd));
                                }

                                toApply.create();
                            }
                        }
                    }
                }
            }
View Full Code Here
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
                 * Lookup in existingRules, delete if present
                 * We need to delete from both the preNat table and the
                 * postNat table.
                 */
                for(String revokeRuleString : ruleStrings){
                    Rule foundPreNatRule = existingPreNatRules.get(revokeRuleString);
                    if(foundPreNatRule != null){
                        String ip = foundPreNatRule.getNwDstAddress();
                        // is this the last rule associated with this IP?
                        Integer cnt = ipRuleCounts.get(ip);
                        if (cnt != null) {
                            if (cnt == 1) {
                                ipRuleCounts.remove(ip);
                                // no more rules for this IP. delete the route.
                                Route route = routes.remove(ip);
                                route.delete();
                            } else {
                                ipRuleCounts.put(ip, new Integer(ipRuleCounts.get(ip).intValue() - 1));
                            }
                        }
                        foundPreNatRule.delete();
                    }
                }
            } else if (rule.getState() == FirewallRule.State.Add) {
                for(int i = 0; i < ruleStrings.length; i++){
                    String ruleString = ruleStrings[i];
                    Rule foundRule = existingPreNatRules.get(ruleString);
                    if(foundRule == null){

                        String vmIp = ruleTO.getDstIp();
                        String publicIp = dstIp.getAddress().addr();
                        int privPortStart = ruleTO.getDstPortRange()[0];
                        int privPortEnd = ruleTO.getDstPortRange()[1];
                        int pubPortStart = ruleTO.getSrcPortRange()[0];
                        int pubPortEnd = ruleTO.getSrcPortRange()[1];

                        DtoRule.DtoNatTarget[] preTargets = new DtoRule.DtoNatTarget[]{
                            new DtoRule.DtoNatTarget(vmIp, vmIp, privPortStart, privPortEnd)};

                        Rule preNatRule = preNat.addRule()
                            .type(DtoRule.DNAT)
                            .flowAction(DtoRule.Accept)
                            .nwDstAddress(publicIp)
                            .nwDstLength(32)
                            .tpDst(new DtoRange(pubPortStart, pubPortEnd))
                            .natTargets(preTargets)
                            .nwProto(SimpleFirewallRule.stringToProtocolNumber(rule.getProtocol()))
                            .position(1);

                        Integer cnt = ipRuleCounts.get(publicIp);
                        if (cnt != null) {
                            ipRuleCounts.put(publicIp, new Integer(cnt.intValue() + 1));
                        } else {
                            ipRuleCounts.put(publicIp, new Integer(1));
                        }
                        String preNatRuleStr = new SimpleFirewallRule(preNatRule).toStringArray()[0];
                        existingPreNatRules.put(preNatRuleStr, preNatRule);
                        preNatRule.create();

                        if (routes.get(publicIp) == null) {
                            Route route = providerRouter.addRoute()
                                            .type("Normal")
                                            .weight(100)
View Full Code Here
TOP

Related Classes of org.midonet.client.resource.Rule

  • com.cloud.network.element.MidoNetElement
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.