javascriptextjs
diff --git a/‎api/src/com/cloud/agent/api/NetworkUsageCommand.java‎
Lines changed: 37 additions & 5 deletions b/‎api/src/com/cloud/agent/api/NetworkUsageCommand.java‎
Lines changed: 37 additions & 5 deletions
diff --git a/‎patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh‎
Lines changed: 2 additions & 2 deletions b/‎patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh‎
Lines changed: 0 additions & 17 deletions b/‎patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh‎
Lines changed: 0 additions & 17 deletions
diff --git a/‎patches/systemvm/debian/config/opt/cloud/bin/vpc_netusage.sh‎
Lines changed: 80 additions & 13 deletions b/‎patches/systemvm/debian/config/opt/cloud/bin/vpc_netusage.sh‎
Lines changed: 80 additions & 13 deletions
diff --git a/‎plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java‎
Lines changed: 61 additions & 0 deletions b/‎plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java‎
Lines changed: 61 additions & 0 deletions
@@ -17,26 +17,27 @@
 package com.cloud.agent.api;
 
 import com.cloud.agent.api.LogLevel.Log4jLevel;
-import com.cloud.agent.api.to.NicTO;
 
 @LogLevel(Log4jLevel.Trace)
 public class NetworkUsageCommand extends Command {
     private String privateIP;
     private String domRName;
     private String option;
     boolean forVpc = false;
-    NicTO guestNic;
+    private String gatewayIP;
+    private String vpcCIDR;
 
     protected NetworkUsageCommand() {
 
     }
 
-    public NetworkUsageCommand(String privateIP, String domRName, boolean forVpc, NicTO guestNic)
+    public NetworkUsageCommand(String privateIP, String domRName, boolean forVpc, String gatewayIP)
     {
         this.privateIP = privateIP;
         this.domRName = domRName;
         this.forVpc = forVpc;
-        this.guestNic = guestNic;
+        this.gatewayIP = gatewayIP;
+        this.option = "get";
     }
 
     public NetworkUsageCommand(String privateIP, String domRName, String option, boolean forVpc)
@@ -47,6 +48,25 @@ public NetworkUsageCommand(String privateIP, String domRName, String option, boo
         this.forVpc = forVpc;
     }
 
+    public NetworkUsageCommand(String privateIP, String domRName, boolean forVpc, String gatewayIP, String vpcCIDR)
+    {
+        this.privateIP = privateIP;
+        this.domRName = domRName;
+        this.forVpc = forVpc;
+        this.gatewayIP = gatewayIP;
+        this.option = "create";
+        this.vpcCIDR = vpcCIDR;
+    }
+    
+    public NetworkUsageCommand(String privateIP, String domRName, String option, boolean forVpc, String gatewayIP)
+    {
+        this.privateIP = privateIP;
+        this.domRName = domRName;
+        this.forVpc = forVpc;
+        this.gatewayIP = gatewayIP;
+        this.option = option;
+    }
+    
     public String getPrivateIP() {
         return privateIP;
     }
@@ -59,8 +79,20 @@ public String getOption() {
         return option;
     }
 
+    public boolean isForVpc() {
+        return forVpc;
+    }
+
+	public String getVpcCIDR() {
+		return vpcCIDR;
+	}
+
+	public String getGatewayIP() {
+		return gatewayIP;
+	}
+
     @Override
     public boolean executeInSequence() {
         return false;
     }
-}
+}
@@ -54,9 +54,9 @@ start_ipsec() {
 enable_iptables_subnets() {
   for net in $rightnets
   do
-    sudo iptables -A FORWARD -t mangle -s $leftnet -d $net -j MARK --set-mark $vpnoutmark
+    sudo iptables -I FORWARD -t mangle -s $leftnet -d $net -j MARK --set-mark $vpnoutmark
     sudo iptables -A OUTPUT -t mangle -s $leftnet -d $net -j MARK --set-mark $vpnoutmark
-    sudo iptables -A FORWARD -t mangle -s $net -d $leftnet -j MARK --set-mark $vpninmark
+    sudo iptables -I FORWARD -t mangle -s $net -d $leftnet -j MARK --set-mark $vpninmark
     sudo iptables -A INPUT -t mangle -s $net -d $leftnet -j MARK --set-mark $vpninmark
   done
   return 0
 
@@ -97,21 +97,6 @@ desetup_dnsmasq() {
   sleep 1
 }
 
-setup_usage() {
-  sudo iptables -t mangle -N NETWORK_STATS_$dev
-  sudo iptables -t mangle -A NETWORK_STATS_$dev -s $subnet/$mask ! -d $vpccidr
-  sudo iptables -t mangle -A NETWORK_STATS_$dev -o $dev ! -s $vpccidr
-  sudo iptables -t mangle -A POSTROUTING -s $subnet/$mask -j NETWORK_STATS_$dev
-  sudo iptables -t mangle -A POSTROUTING -o $dev -j NETWORK_STATS_$dev
-}
-
-desetup_usage() {
-  sudo iptables -t mangle -F NETWORK_STATS_$dev
-  sudo iptables -t mangle -D POSTROUTING -s $subnet/$mask -j NETWORK_STATS_$dev
-  sudo iptables -t mangle -D POSTROUTING -o $dev -j NETWORK_STATS_$dev
-  sudo iptables -t mangle -X NETWORK_STATS_$dev
-}
-
 create_guest_network() {
   logger -t cloud " $(basename $0): Create network on interface $dev,  gateway $gw, network $ip/$mask "
   # setup ip configuration
@@ -130,7 +115,6 @@ create_guest_network() {
   # set up hairpin
   sudo iptables -t nat -A POSTROUTING -s $subnet/$mask -o $dev -j SNAT --to-source $ip
   create_acl_chain
-  setup_usage
   setup_dnsmasq
   setup_apache2
 }
@@ -144,7 +128,6 @@ destroy_guest_network() {
   sudo iptables -t mangle -D PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
   sudo iptables -t nat -A POSTROUTING -s $subnet/$mask -o $dev -j SNAT --to-source $ip
   destroy_acl_chain
-  desetup_usage
   desetup_dnsmasq
   desetup_apache2
 }
 
@@ -15,6 +15,8 @@
 source /root/func.sh
 source /opt/cloud/bin/vpc_func.sh
 
+vpnoutmark="0x525"
+vpninmark="0x524"
 lock="biglock"
 locked=$(getLockFile $lock)
 if [ "$locked" != "1" ]
@@ -23,25 +25,64 @@ then
 fi
 
 usage() {
-  printf "Usage: %s -[c|g|r] [-[a|d] <public interface>]\n" $(basename $0)  >&2
+  printf "Usage: %s -[c|g|r|n|d] [-l <public gateway>] [-v <vpc cidr>] \n" $(basename $0)  >&2
 }
 
 create_usage_rules () {
-  iptables-save|grep "NETWORK_STATS_$guestIp -i $ethDev" > /dev/null
+  iptables-save|grep "NETWORK_STATS_$ethDev" > /dev/null
   if [ $? -gt 0 ]
   then 
-    iptables -A NETWORK_STATS_$guestIp -i $ethDev -s ! zcidr > /dev/null
-  fi
-  iptables-save|grep "NETWORK_STATS_$guestIp -o $ethDev" > /dev/null
+    iptables -N NETWORK_STATS_$ethDev > /dev/null;
+    iptables -I FORWARD -j NETWORK_STATS_$ethDev > /dev/null;
+    iptables -A NETWORK_STATS_$ethDev -o $ethDev -s $vcidr > /dev/null;
+    iptables -A NETWORK_STATS_$ethDev -i $ethDev -d $vcidr > /dev/null;
+  fi  
+  return $?
+}
+
+create_vpn_usage_rules () {
+  iptables-save|grep "VPN_STATS_$ethDev" > /dev/null
   if [ $? -gt 0 ]
   then 
-    iptables -A NETWORK_STATS_$guestIp -o $ethDev -d ! zcidr > /dev/null
+    iptables -t mangle -N VPN_STATS_$ethDev > /dev/null;
+    iptables -t mangle -I FORWARD -j VPN_STATS_$ethDev > /dev/null;
+    iptables -t mangle -A VPN_STATS_$ethDev -o $ethDev -m mark --mark $vpnoutmark > /dev/null;
+    iptables -t mangle -A VPN_STATS_$ethDev -i $ethDev -m mark --mark $vpninmark > /dev/null;
   fi
   return $?
 }
 
+remove_usage_rules () {
+  echo $ethDev >> /root/removedVifs
+  return $?
+}
+
 get_usage () {
-  iptables -t mangle -L NETWORK_STATS_$ethDev -n -v -x | awk '$1 ~ /^[0-9]+$/ { printf "%s:", $2}'; > /dev/null
+  iptables -L NETWORK_STATS_$ethDev -n -v -x 2> /dev/null | awk '$1 ~ /^[0-9]+$/ { printf "%s:", $2}'; > /dev/null
+  if [ -f /root/removedVifs ]
+  then
+    var=`cat /root/removedVifs`
+    # loop through vifs to be cleared
+    for i in $var; do
+      # Make sure vif doesn't exist
+      if [ ! -f /sys/class/net/$i ]
+      then
+        # flush rules and remove chain
+        iptables -F NETWORK_STATS_$i > /dev/null;
+        iptables -D FORWARD -j NETWORK_STATS_$i > /dev/null;
+        iptables -X NETWORK_STATS_$i > /dev/null;
+        iptables -t mangle -F VPN_STATS_$i > /dev/null;
+        iptables -t mangle -D FORWARD -j VPN_STATS_$i > /dev/null;
+        iptables -t mangle -X VPN_STATS_$i > /dev/null;
+      fi
+    done
+    rm /root/removedVifs
+  fi     
+  return 0
+}
+
+get_vpn_usage () {
+  iptables -t mangle -L VPN_STATS_$ethDev -n -v -x | awk '$1 ~ /^[0-9]+$/ { printf "%s:", $2}'; > /dev/null
   if [ $? -gt 0 ]
   then
      printf $?
@@ -50,7 +91,7 @@ get_usage () {
 }
 
 reset_usage () {
-  iptables -t mangle -Z NETWORK_STATS_$ethDev > /dev/null
+  iptables -Z NETWORK_STATS_$ethDev > /dev/null
   if [ $? -gt 0  -a $? -ne 2 ]
   then
      return 1
@@ -63,9 +104,11 @@ cflag=
 gflag=
 rflag=
 lflag=
+vflag=
+nflag=
+dflag=
 
-
-while getopts 'cgrl:' OPTION
+while getopts 'cgndrl:v:' OPTION
 do
   case $OPTION in
   c)	cflag=1
@@ -75,8 +118,15 @@ do
   r)	rflag=1
 	;;
   l)    lflag=1
-        guestIp="$OPTARG"
+        publicIp="$OPTARG"
+        ;;
+  v)    vflag=1
+        vcidr="$OPTARG"
         ;;
+  n)	nflag=1
+	;;
+  d)	dflag=1
+	;;	        
   i)    #Do nothing, since it's parameter for host script
         ;;
   ?)	usage
@@ -85,18 +135,35 @@ do
   esac
 done
 
+ethDev=$(getEthByIp $publicIp)
 if [ "$cflag" == "1" ] 
 then
-  unlock_exit 0 $lock $locked
+  if [ "$ethDev" != "" ]
+  then
+    create_usage_rules
+    create_vpn_usage_rules
+    unlock_exit 0 $lock $locked
+   fi 
 fi
 
-ethDev=$(getEthByIp $guestIp)
 if [ "$gflag" == "1" ] 
 then
   get_usage 
   unlock_exit $? $lock $locked
 fi
 
+if [ "$nflag" == "1" ] 
+then
+  get_vpn_usage 
+  unlock_exit $? $lock $locked
+fi
+
+if [ "$dflag" == "1" ] 
+then
+  remove_usage_rules
+  unlock_exit 0 $lock $locked
+fi
+
 if [ "$rflag" == "1" ] 
 then
   reset_usage  
 
@@ -491,6 +491,9 @@ protected Answer execute(CheckNetworkCommand cmd) {
     }
 
     protected Answer execute(NetworkUsageCommand cmd) {
+    	if ( cmd.isForVpc() ) {
+            return VPCNetworkUsage(cmd);
+        }
         if (s_logger.isInfoEnabled()) {
             s_logger.info("Executing resource NetworkUsageCommand " + _gson.toJson(cmd));
         }
@@ -505,6 +508,64 @@ protected Answer execute(NetworkUsageCommand cmd) {
         return answer;
     }
 
+    protected NetworkUsageAnswer VPCNetworkUsage(NetworkUsageCommand cmd) {
+    	String privateIp = cmd.getPrivateIP();
+    	String option = cmd.getOption();
+    	String publicIp = cmd.getGatewayIP();
+
+
+    	String args = "-l " + publicIp+ " ";
+    	if (option.equals("get")) {
+    		args += "-g";
+    	} else if (option.equals("create")) {
+    		args += "-c";
+    		String vpcCIDR = cmd.getVpcCIDR();
+    		args += " -v " + vpcCIDR;
+    	} else if (option.equals("reset")) {
+    		args += "-r";
+    	} else if (option.equals("vpn")) {
+    		args += "-n";
+    	} else if (option.equals("remove")) {
+    		args += "-d";
+    	} else {
+    		return new NetworkUsageAnswer(cmd, "success", 0L, 0L);
+    	}
+    	try {
+    		if (s_logger.isTraceEnabled()) {
+    			s_logger.trace("Executing /opt/cloud/bin/vpc_netusage.sh " + args + " on DomR " + privateIp);
+    		}
+    		VmwareManager mgr = getServiceContext().getStockObject(VmwareManager.CONTEXT_STOCK_NAME);
+
+    		Pair<Boolean, String> resultPair = SshHelper.sshExecute(privateIp, DEFAULT_DOMR_SSHPORT, "root", mgr.getSystemVMKeyFile(), null, "/opt/cloud/bin/vpc_netusage.sh " + args);
+
+    		if (!resultPair.first()) {
+                throw new Exception(" vpc network usage plugin call failed ");
+    		}
+    		
+    		if (option.equals("get") || option.equals("vpn")) {
+                String result =  resultPair.second();
+                if (result == null || result.isEmpty()) {
+                    throw new Exception(" vpc network usage get returns empty ");
+                }
+                long[] stats = new long[2];
+                if (result != null) {
+                    String[] splitResult = result.split(":");
+                    int i = 0;
+                    while (i < splitResult.length - 1) {
+                        stats[0] += (new Long(splitResult[i++])).longValue();
+                        stats[1] += (new Long(splitResult[i++])).longValue();
+                    }
+                    return new NetworkUsageAnswer(cmd, "success", stats[0], stats[1]);
+                }
+            }
+            return new NetworkUsageAnswer(cmd, "success", 0L, 0L);
+        } catch (Throwable e) {
+    		s_logger.error("Unable to execute NetworkUsage command on DomR (" + privateIp + "), domR may not be ready yet. failure due to " 
+    				+ VmwareHelper.getExceptionMessage(e), e);
+    	}
+    	return new NetworkUsageAnswer(cmd, "success", 0L, 0L);
+    }
+
     protected Answer execute(SetPortForwardingRulesCommand cmd) {
         if (s_logger.isInfoEnabled()) {
             s_logger.info("Executing resource SetPortForwardingRulesCommand: " + _gson.toJson(cmd));