Skip to content

Commit b6727e5

Browse files
JayapalUradiAbhinandan Prateek
JayapalUradi
authored and
Abhinandan Prateek
committed
CLOUDSTACK-299: Egress firewall rules feature for guest network on VR
1 parent 48fdc25 commit b6727e5

32 files changed

Lines changed: 535 additions & 177 deletions

File tree

api/src/com/cloud/agent/api/to/FirewallRuleTO.java

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ public class FirewallRuleTO implements InternalIdentity {
5050
FirewallRule.Purpose purpose;
5151
private Integer icmpType;
5252
private Integer icmpCode;
53-
53+
private FirewallRule.TrafficType trafficType;
5454

5555
protected FirewallRuleTO() {
5656
}
@@ -85,6 +85,7 @@ public FirewallRuleTO(long id,String srcVlanTag, String srcIp, String protocol,
8585
this.sourceCidrList = sourceCidr;
8686
this.icmpType = icmpType;
8787
this.icmpCode = icmpCode;
88+
this.trafficType = null;
8889
}
8990
public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp) {
9091
this(rule.getId(),srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose(),rule.getSourceCidrList(),rule.getIcmpType(),rule.getIcmpCode());
@@ -93,6 +94,23 @@ public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp) {
9394
public FirewallRuleTO(FirewallRule rule, String srcIp) {
9495
this(rule.getId(),null, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose(),rule.getSourceCidrList(),rule.getIcmpType(),rule.getIcmpCode());
9596
}
97+
98+
public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp, FirewallRule.Purpose purpose) {
99+
this(rule.getId(),srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, purpose,rule.getSourceCidrList(),rule.getIcmpType(),rule.getIcmpCode());
100+
}
101+
102+
public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp, FirewallRule.Purpose purpose, FirewallRule.TrafficType trafficType) {
103+
this(rule.getId(),srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, purpose,rule.getSourceCidrList(),rule.getIcmpType(),rule.getIcmpCode());
104+
this.trafficType = trafficType;
105+
}
106+
107+
public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp, FirewallRule.Purpose purpose, boolean revokeState, boolean alreadyAdded) {
108+
this(rule.getId(),srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), revokeState, alreadyAdded, purpose,rule.getSourceCidrList(),rule.getIcmpType(),rule.getIcmpCode());
109+
}
110+
111+
public FirewallRule.TrafficType getTrafficType(){
112+
return trafficType;
113+
}
96114

97115
public long getId() {
98116
return id;

api/src/com/cloud/network/Network.java

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,8 +47,8 @@ public static class Service {
4747
public static final Service Dhcp = new Service("Dhcp");
4848
public static final Service Dns = new Service("Dns", Capability.AllowDnsSuffixModification);
4949
public static final Service Gateway = new Service("Gateway");
50-
public static final Service Firewall = new Service("Firewall", Capability.SupportedProtocols,
51-
Capability.MultipleIps, Capability.TrafficStatistics);
50+
public static final Service Firewall = new Service("Firewall", Capability.SupportedProtocols,
51+
Capability.MultipleIps, Capability.TrafficStatistics, Capability.SupportedTrafficDirection, Capability.SupportedEgressProtocols);
5252
public static final Service Lb = new Service("Lb", Capability.SupportedLBAlgorithms, Capability.SupportedLBIsolation,
5353
Capability.SupportedProtocols, Capability.TrafficStatistics, Capability.LoadBalancingSupportedIps,
5454
Capability.SupportedStickinessMethods, Capability.ElasticLb);
@@ -173,6 +173,8 @@ public static class Capability {
173173
public static final Capability ElasticLb = new Capability("ElasticLb");
174174
public static final Capability AutoScaleCounters = new Capability("AutoScaleCounters");
175175
public static final Capability InlineMode = new Capability("InlineMode");
176+
public static final Capability SupportedTrafficDirection = new Capability("SupportedTrafficDirection");
177+
public static final Capability SupportedEgressProtocols = new Capability("SupportedEgressProtocols");
176178

177179
private String name;
178180

@@ -287,6 +289,8 @@ private State(String description) {
287289

288290
void setPhysicalNetworkId(Long physicalNetworkId);
289291

292+
public void setTrafficType(TrafficType type);
293+
290294
ACLType getAclType();
291295

292296
boolean isRestartRequired();

api/src/com/cloud/network/NetworkProfile.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -226,4 +226,8 @@ public Long getVpcId() {
226226
return vpcId;
227227
}
228228

229+
@Override
230+
public void setTrafficType(TrafficType type) {
231+
this.trafficType = type;
232+
}
229233
}

api/src/com/cloud/network/firewall/FirewallService.java

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,8 @@
2727
import com.cloud.utils.Pair;
2828

2929
public interface FirewallService {
30-
FirewallRule createFirewallRule(FirewallRule rule) throws NetworkRuleConflictException;
30+
FirewallRule createIngressFirewallRule(FirewallRule rule) throws NetworkRuleConflictException;
31+
FirewallRule createEgressFirewallRule(FirewallRule rule) throws NetworkRuleConflictException;
3132

3233
Pair<List<? extends FirewallRule>, Integer> listFirewallRules(ListFirewallRulesCmd cmd);
3334

@@ -40,7 +41,8 @@ public interface FirewallService {
4041
*/
4142
boolean revokeFirewallRule(long ruleId, boolean apply);
4243

43-
boolean applyFirewallRules(long ipId, Account caller) throws ResourceUnavailableException;
44+
boolean applyEgressFirewallRules (FirewallRule rule, Account caller) throws ResourceUnavailableException;
45+
boolean applyIngressFirewallRules(long Ipid , Account caller) throws ResourceUnavailableException;
4446

4547
FirewallRule getFirewallRule(long ruleId);
4648

api/src/org/apache/cloudstack/api/command/user/firewall/CreateFirewallRuleCmd.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -122,7 +122,7 @@ public void execute() throws ResourceUnavailableException {
122122
FirewallRule rule = _entityMgr.findById(FirewallRule.class, getEntityId());
123123
try {
124124
UserContext.current().setEventDetails("Rule Id: " + getEntityId());
125-
success = _firewallService.applyFirewallRules(rule.getSourceIpAddressId(), callerContext.getCaller());
125+
success = _firewallService.applyIngressFirewallRules(rule.getSourceIpAddressId(), callerContext.getCaller());
126126

127127
// State is different after the rule is applied, so get new object here
128128
rule = _entityMgr.findById(FirewallRule.class, getEntityId());
@@ -238,7 +238,7 @@ public void create() {
238238
}
239239

240240
try {
241-
FirewallRule result = _firewallService.createFirewallRule(this);
241+
FirewallRule result = _firewallService.createIngressFirewallRule(this);
242242
setEntityId(result.getId());
243243
setEntityUuid(result.getUuid());
244244
} catch (NetworkRuleConflictException ex) {

api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -163,7 +163,7 @@ public void execute() throws ResourceUnavailableException {
163163
UserContext.current().setEventDetails("Rule Id: " + getEntityId());
164164

165165
if (getOpenFirewall()) {
166-
success = success && _firewallService.applyFirewallRules(ipAddressId, callerContext.getCaller());
166+
success = success && _firewallService.applyIngressFirewallRules(ipAddressId, callerContext.getCaller());
167167
}
168168

169169
success = success && _rulesService.applyPortForwardingRules(ipAddressId, callerContext.getCaller());

api/src/org/apache/cloudstack/api/command/user/firewall/ListFirewallRulesCmd.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,10 @@ public Long getIpAddressId() {
5656
return ipAddressId;
5757
}
5858

59+
public FirewallRule.TrafficType getTrafficType () {
60+
return FirewallRule.TrafficType.Ingress;
61+
}
62+
5963
public Long getId() {
6064
return id;
6165
}

api/src/org/apache/cloudstack/api/command/user/loadbalancer/CreateLoadBalancerRuleCmd.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -245,7 +245,7 @@ public void execute() throws ResourceAllocationException, ResourceUnavailableExc
245245
UserContext.current().setEventDetails("Rule Id: " + getEntityId());
246246

247247
if (getOpenFirewall()) {
248-
success = success && _firewallService.applyFirewallRules(getSourceIpAddressId(), callerContext.getCaller());
248+
success = success && _firewallService.applyIngressFirewallRules(getSourceIpAddressId(), callerContext.getCaller());
249249
}
250250

251251
// State might be different after the rule is applied, so get new object here

api/src/org/apache/cloudstack/api/command/user/nat/CreateIpForwardingRuleCmd.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,7 @@ public void execute() throws ResourceUnavailableException{
115115
UserContext.current().setEventDetails("Rule Id: "+ getEntityId());
116116

117117
if (getOpenFirewall()) {
118-
result = result && _firewallService.applyFirewallRules(ipAddressId, UserContext.current().getCaller());
118+
result = result && _firewallService.applyIngressFirewallRules(ipAddressId, UserContext.current().getCaller());
119119
}
120120

121121
result = result && _rulesService.applyStaticNatRules(ipAddressId, UserContext.current().getCaller());

api/src/org/apache/cloudstack/api/response/FirewallResponse.java

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,9 @@ public class FirewallResponse extends BaseResponse {
4040
@SerializedName(ApiConstants.IP_ADDRESS_ID) @Param(description="the public ip address id for the firewall rule")
4141
private Long publicIpAddressId;
4242

43+
@SerializedName(ApiConstants.NETWORK_ID) @Param(description="the network id of the firewall rule")
44+
private Long networkId;
45+
4346
@SerializedName(ApiConstants.IP_ADDRESS) @Param(description="the public ip address for the firewall rule")
4447
private String publicIpAddress;
4548

@@ -82,6 +85,10 @@ public void setPublicIpAddress(String publicIpAddress) {
8285
this.publicIpAddress = publicIpAddress;
8386
}
8487

88+
public void setNetworkId(Long networkId) {
89+
this.networkId = networkId;
90+
}
91+
8592
public void setState(String state) {
8693
this.state = state;
8794
}

0 commit comments

Comments
 (0)