bug 10561: merging code from 2.2.10 to master

Naredula Janardhana Reddy · Naredula Janardhana Reddy · commit b9183c0840e7 · 2011-08-16T14:20:51.000+05:30
diff --git a/api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java b/api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java
@@ -25,9 +25,8 @@ public class SetFirewallRulesAnswer extends Answer {
     protected SetFirewallRulesAnswer() {
     }
     
-    public SetFirewallRulesAnswer(SetFirewallRulesCommand cmd, String[] results) {
-        super(cmd, true, null);
-        
+    public SetFirewallRulesAnswer(SetFirewallRulesCommand cmd, boolean success, String[] results) {
+        super(cmd, success, null);
         assert (cmd.getRules().length == results.length) : "rules and their results should be the same length don't you think?";
         this.results = results;
     }
diff --git a/api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java b/api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java
@@ -17,9 +17,13 @@
  */
 package com.cloud.agent.api.routing;
 
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 import com.cloud.agent.api.to.FirewallRuleTO;
+import com.cloud.agent.api.to.LoadBalancerTO;
+import com.cloud.utils.StringUtils;
 
 /**
  * SetFirewallRulesCommand is the transport for firewall rules.
@@ -40,4 +44,59 @@ public SetFirewallRulesCommand(List<FirewallRuleTO> rules) {
     public FirewallRuleTO[] getRules() {
         return rules;
     }
+
+	public String[][] generateFwRules() {
+		String [][] result = new String [2][];
+		Set<String> toAdd = new HashSet<String>();
+
+		
+		for (FirewallRuleTO fwTO: rules) {
+		/* example  :  172.16.92.44:tcp:80:80:0.0.0.0/0:,200.16.92.44:tcp:220:220:0.0.0.0/0:, 
+		 *  each entry format      <ip>:protocol:srcport:destport:scidr:
+		 *  reverted entry format  <ip>:reverted:0:0:0:
+		 */
+			if (fwTO.revoked() == true) 
+			{
+				StringBuilder sb = new StringBuilder();
+				/* This entry is added just to make sure atleast there will one entry in the list to get the ipaddress */
+				sb.append(fwTO.getSrcIp()).append(":reverted:0:0:0:"); 
+				String fwRuleEntry = sb.toString();
+				toAdd.add(fwRuleEntry);
+				continue;
+			}
+			
+			List<String> cidr;
+			StringBuilder sb = new StringBuilder();
+			sb.append(fwTO.getSrcIp()).append(":").append(fwTO.getProtocol()).append(":");
+			if ("icmp".compareTo(fwTO.getProtocol()) == 0)
+			{
+				sb.append(fwTO.getIcmpType()).append(":").append(fwTO.getIcmpCode()).append(":");
+				
+			}else if (fwTO.getStringSrcPortRange() == null)
+				sb.append("0:0").append(":");
+			else
+			    sb.append(fwTO.getStringSrcPortRange()).append(":");
+			
+			cidr = fwTO.getSourceCidrList();
+			if (cidr == null || cidr.isEmpty())
+			{
+				sb.append("0.0.0.0/0");
+			}else{
+				Boolean firstEntry = true;
+	            for (String tag : cidr) {
+	            	if (!firstEntry) sb.append("-"); 
+	        	   sb.append(tag);
+	        	   firstEntry = false;
+	            }
+			}
+			sb.append(":");
+			String fwRuleEntry = sb.toString();
+		
+			toAdd.add(fwRuleEntry);
+			
+		}
+		result[0] = toAdd.toArray(new String[toAdd.size()]);
+		
+		return result;
+	}
 }
diff --git a/api/src/com/cloud/agent/api/to/FirewallRuleTO.java b/api/src/com/cloud/agent/api/to/FirewallRuleTO.java
@@ -52,14 +52,21 @@ public class FirewallRuleTO {
     int[] srcPortRange;
     boolean revoked;
     boolean alreadyAdded;
+    private List<String> sourceCidrList;
     FirewallRule.Purpose purpose;
+    private Integer icmpType;
+    private Integer icmpCode;
+    
 
     protected FirewallRuleTO() {
     }
     
-    public FirewallRuleTO(long id, String srcVlanTag, String srcIp, String protocol, Integer srcPortStart, Integer srcPortEnd, boolean revoked, boolean alreadyAdded, FirewallRule.Purpose purpose) {
-    	this.srcVlanTag = srcVlanTag;
-    	this.srcIp = srcIp;
+    public FirewallRuleTO(long id, String srcIp, String protocol, Integer srcPortStart, Integer srcPortEnd, boolean revoked, boolean alreadyAdded, FirewallRule.Purpose purpose, List<String> sourceCidr,Integer icmpType,Integer icmpCode) {
+       this(id,null,srcIp,protocol,srcPortStart,srcPortEnd,revoked,alreadyAdded,purpose,sourceCidr,icmpType,icmpCode);
+    } 
+    public FirewallRuleTO(long id,String srcVlanTag, String srcIp, String protocol, Integer srcPortStart, Integer srcPortEnd, boolean revoked, boolean alreadyAdded, FirewallRule.Purpose purpose, List<String> sourceCidr,Integer icmpType,Integer icmpCode) {
+        this.srcVlanTag = srcVlanTag;
+        this.srcIp = srcIp;
         this.protocol = protocol;
         
         if (srcPortStart != null) {
@@ -80,10 +87,16 @@ public FirewallRuleTO(long id, String srcVlanTag, String srcIp, String protocol,
         this.revoked = revoked;
         this.alreadyAdded = alreadyAdded;
         this.purpose = purpose;
+        this.sourceCidrList = sourceCidr;
+        this.icmpType = icmpType;
+        this.icmpCode = icmpCode;
     }
-    
     public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp) {
-        this(rule.getId(), srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose());
+        this(rule.getId(),srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose(),rule.getSourceCidrList(),rule.getIcmpType(),rule.getIcmpCode());
+    }
+    
+    public FirewallRuleTO(FirewallRule rule, String srcIp) {
+        this(rule.getId(),null, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose(),rule.getSourceCidrList(),rule.getIcmpType(),rule.getIcmpCode());
     }
     
     public long getId() {
@@ -106,14 +119,29 @@ public int[] getSrcPortRange() {
         return srcPortRange;
     }
     
+    public Integer getIcmpType(){
+    	return icmpType;
+    }
+    
+    public Integer getIcmpCode(){
+    	return icmpCode;  
+    }
+    
     public String getStringSrcPortRange() {
-        return NetUtils.portRangeToString(srcPortRange);
+    	if (srcPortRange == null || srcPortRange.length < 2)
+    		return "0:0";
+    	else
+    		return NetUtils.portRangeToString(srcPortRange);
     }
 
     public boolean revoked() {
         return revoked;
     }
     
+    public List<String> getSourceCidrList() {
+        return sourceCidrList;
+    }
+    
     public boolean isAlreadyAdded() {
         return alreadyAdded;
     }
diff --git a/api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java b/api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java
@@ -46,8 +46,8 @@ public PortForwardingRuleTO(PortForwardingRule rule, String srcVlanTag, String s
         this.sourceCidrs = rule.getSourceCidrList();
     }
     
-    protected PortForwardingRuleTO(long id, String srcVlanTag, String srcIp, int srcPortStart, int srcPortEnd, String dstIp, int dstPortStart, int dstPortEnd, String protocol, boolean revoked, boolean brandNew) {
-        super(id, srcVlanTag, srcIp, protocol, srcPortStart, srcPortEnd, revoked, brandNew, FirewallRule.Purpose.PortForwarding);
+    protected PortForwardingRuleTO(long id, String srcIp, int srcPortStart, int srcPortEnd, String dstIp, int dstPortStart, int dstPortEnd, String protocol, boolean revoked, boolean brandNew) {
+        super(id, srcIp,null, protocol, srcPortStart, srcPortEnd, revoked, brandNew, FirewallRule.Purpose.PortForwarding, null,0,0);
         this.dstIp = dstIp;
         this.dstPortRange = new int[] { dstPortStart, dstPortEnd };
     }
diff --git a/api/src/com/cloud/agent/api/to/StaticNatRuleTO.java b/api/src/com/cloud/agent/api/to/StaticNatRuleTO.java
@@ -34,15 +34,20 @@ public class StaticNatRuleTO extends FirewallRuleTO{
     
     protected StaticNatRuleTO() {
     }
-    
+   
     public StaticNatRuleTO(StaticNatRule rule, String srcVlanTag, String srcIp, String dstIp) {
-        super(rule.getId(), srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(),rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose());
+        super(rule.getId(),srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(),rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose(), null,0,0);
+        this.dstIp = dstIp;
+    }
+ 
+    public StaticNatRuleTO(StaticNatRule rule, String scrIp, String dstIp) {
+        super(rule.getId(), scrIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(),rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose(), null,0,0);
         this.dstIp = dstIp;
     }
     
     
-    protected StaticNatRuleTO(long id, String srcVlanTag, String srcIp, int srcPortStart, int srcPortEnd, String dstIp, int dstPortStart, int dstPortEnd, String protocol, boolean revoked, boolean brandNew) {
-        super(id, srcVlanTag, srcIp, protocol, srcPortStart, srcPortEnd, revoked, brandNew, FirewallRule.Purpose.StaticNat);
+    public StaticNatRuleTO(long id, String srcIp, Integer srcPortStart, Integer srcPortEnd, String dstIp, Integer dstPortStart, Integer dstPortEnd, String protocol, boolean revoked, boolean alreadyAdded) {
+        super(id, srcIp, protocol, srcPortStart, srcPortEnd, revoked, alreadyAdded, FirewallRule.Purpose.StaticNat, null,0,0);
         this.dstIp = dstIp;
     }
 
diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@@ -156,7 +156,6 @@
 import com.cloud.agent.api.storage.DestroyCommand;
 import com.cloud.agent.api.storage.PrimaryStorageDownloadAnswer;
 import com.cloud.agent.api.storage.PrimaryStorageDownloadCommand;
-import com.cloud.agent.api.to.FirewallRuleTO;
 import com.cloud.agent.api.to.IpAddressTO;
 import com.cloud.agent.api.to.NicTO;
 import com.cloud.agent.api.to.PortForwardingRuleTO;
@@ -6508,17 +6507,37 @@ private Answer execute(NetworkRulesSystemVmCommand cmd) {
 	    return new Answer(cmd, success, "");
 	}
 	
-  protected SetFirewallRulesAnswer execute(SetFirewallRulesCommand cmd) {
-        Connection conn = getConnection();
-        
-        String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
-        String[] results = new String[cmd.getRules().length];
-        int i = 0;
-        for (FirewallRuleTO rule : cmd.getRules()) {
-           //FIXME - Jana, add implementation here
-        }
+	protected SetFirewallRulesAnswer execute(SetFirewallRulesCommand cmd) {
+		String[] results = new String[cmd.getRules().length];
+		String callResult;
+		Connection conn = getConnection();
+		String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
+
+		if (routerIp == null) {
+			return new SetFirewallRulesAnswer(cmd, false, results);
+		}
 
-        return new SetFirewallRulesAnswer(cmd, results);
-  }
-	
+		String[][] rules = cmd.generateFwRules();
+		String args = "";
+		args += routerIp + " -F ";
+		StringBuilder sb = new StringBuilder();
+		String[] fwRules = rules[0];
+		if (fwRules.length > 0) {
+			for (int i = 0; i < fwRules.length; i++) {
+				sb.append(fwRules[i]).append(',');
+			}
+			args += " -a " + sb.toString();
+		}
+
+		callResult = callHostPlugin(conn, "vmops", "setFirewallRule", "args", args);
+
+		if (callResult == null || callResult.isEmpty()) {
+		    //FIXME - in the future we have to process each rule separately; now we temporarily set every rule to be false if single rule fails
+		    for (int i=0; i < results.length; i++) {
+		        results[i] = "Failed";
+		    }
+			return new SetFirewallRulesAnswer(cmd, false, results);
+		}
+		return new SetFirewallRulesAnswer(cmd, true, results);
+	}
 }
diff --git a/patches/systemvm/debian/config/root/firewall_rule.sh b/patches/systemvm/debian/config/root/firewall_rule.sh
diff --git a/scripts/network/domr/call_firewall.sh b/scripts/network/domr/call_firewall.sh

Original file line number	Diff line number	Diff line change
`@@ -25,9 +25,8 @@ public class SetFirewallRulesAnswer extends Answer {`
`25`	`25`	`protected SetFirewallRulesAnswer() {`
`26`	`26`	`}`
`27`	`27`
`28`		`- public SetFirewallRulesAnswer(SetFirewallRulesCommand cmd, String[] results) {`
`29`		`- super(cmd, true, null);`
`30`		`-`
	`28`	`+ public SetFirewallRulesAnswer(SetFirewallRulesCommand cmd, boolean success, String[] results) {`
	`29`	`+ super(cmd, success, null);`
`31`	`30`	`assert (cmd.getRules().length == results.length) : "rules and their results should be the same length don't you think?";`
`32`	`31`	`this.results = results;`
`33`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -46,8 +46,8 @@ public PortForwardingRuleTO(PortForwardingRule rule, String srcVlanTag, String s`
`46`	`46`	`this.sourceCidrs = rule.getSourceCidrList();`
`47`	`47`	`}`
`48`	`48`
`49`		`- protected PortForwardingRuleTO(long id, String srcVlanTag, String srcIp, int srcPortStart, int srcPortEnd, String dstIp, int dstPortStart, int dstPortEnd, String protocol, boolean revoked, boolean brandNew) {`
`50`		`- super(id, srcVlanTag, srcIp, protocol, srcPortStart, srcPortEnd, revoked, brandNew, FirewallRule.Purpose.PortForwarding);`
	`49`	`+ protected PortForwardingRuleTO(long id, String srcIp, int srcPortStart, int srcPortEnd, String dstIp, int dstPortStart, int dstPortEnd, String protocol, boolean revoked, boolean brandNew) {`
	`50`	`+ super(id, srcIp,null, protocol, srcPortStart, srcPortEnd, revoked, brandNew, FirewallRule.Purpose.PortForwarding, null,0,0);`
`51`	`51`	`this.dstIp = dstIp;`
`52`	`52`	`this.dstPortRange = new int[] { dstPortStart, dstPortEnd };`
`53`	`53`	`}`