You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by al...@apache.org on 2012/08/12 22:20:33 UTC
[11/50] [abbrv] git commit: S2S VPN: CS-15936: Prevent user from
connecting to different customer gateway with overlapped subnets
S2S VPN: CS-15936: Prevent user from connecting to different customer gateway with overlapped subnets
Conflicts:
server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/830aec35
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/830aec35
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/830aec35
Branch: refs/heads/master
Commit: 830aec356249115e431929269cf18eca34e5600d
Parents: e7efd0d
Author: Sheng Yang <sh...@citrix.com>
Authored: Fri Aug 10 11:30:06 2012 -0700
Committer: Sheng Yang <sh...@citrix.com>
Committed: Fri Aug 10 16:20:52 2012 -0700
----------------------------------------------------------------------
.../cloud/network/vpn/Site2SiteVpnManagerImpl.java | 40 ++++++++++++++-
1 files changed, 39 insertions(+), 1 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/830aec35/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
index 1462fdb..438ce47 100644
--- a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
+++ b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
@@ -125,6 +125,19 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
return gw;
}
+ protected void checkCustomerGatewayCidrList(String guestCidrList) {
+ // Remote sub nets cannot overlap themselves
+ String[] cidrList = guestCidrList.split(",");
+ for (int i = 0; i < cidrList.length - 1; i ++) {
+ for (int j = i + 1; j < cidrList.length; j ++) {
+ if (NetUtils.isNetworksOverlap(cidrList[i], cidrList[j])) {
+ throw new InvalidParameterValueException("The subnet of customer gateway " + cidrList[i] + " is overlapped with another subnet " +
+ cidrList[j] + " of customer gateway!");
+ }
+ }
+ }
+ }
+
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_CREATE, eventDescription = "creating s2s customer gateway", create=true)
public Site2SiteCustomerGateway createCustomerGateway(CreateVpnCustomerGatewayCmd cmd) {
@@ -183,6 +196,9 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
if (_customerGatewayDao.findByName(name) != null) {
throw new InvalidParameterValueException("The customer gateway with name " + name + " already existed!");
}
+
+ checkCustomerGatewayCidrList(guestCidrList);
+
Site2SiteCustomerGatewayVO gw = new Site2SiteCustomerGatewayVO(name, owner.getAccountId(), owner.getDomainId(), gatewayIp, guestCidrList, ipsecPsk,
ikePolicy, espPolicy, ikeLifetime, espLifetime, dpd);
_customerGatewayDao.persist(gw);
@@ -226,13 +242,33 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
}
String[] cidrList = customerGateway.getGuestCidrList().split(",");
+
+ // Remote sub nets cannot overlap VPC's sub net
String vpcCidr = _vpcDao.findById(vpnGateway.getVpcId()).getCidr();
for (String cidr : cidrList) {
if (NetUtils.isNetworksOverlap(vpcCidr, cidr)) {
- throw new InvalidParameterValueException("The subnet of customer gateway " + customerGatewayId + "'s subnet " + cidr + " is overlapped with VPC cidr " +
+ throw new InvalidParameterValueException("The subnets of customer gateway " + customerGatewayId + "'s subnet " + cidr + " is overlapped with VPC cidr " +
vpcCidr + "!");
}
}
+
+ // We also need to check if the new connection's remote CIDR is overlapped with existed connections
+ List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByVpnGatewayId(vpnGatewayId);
+ for (Site2SiteVpnConnectionVO vc : conns) {
+ if (vc == null) {
+ continue;
+ }
+ Site2SiteCustomerGatewayVO gw = _customerGatewayDao.findById(vc.getCustomerGatewayId());
+ String[] oldCidrList = gw.getGuestCidrList().split(",");
+ for (String oldCidr : oldCidrList) {
+ for (String cidr : cidrList) {
+ if (NetUtils.isNetworksOverlap(cidr, oldCidr)) {
+ throw new InvalidParameterValueException("The new connection's remote subnet " + cidr + " is overlapped with existed VPN connection to customer gateway "
+ + gw.getName() + "'s subnet " + oldCidr);
+ }
+ }
+ }
+ }
Site2SiteVpnConnectionVO conn = new Site2SiteVpnConnectionVO(owner.getAccountId(), owner.getDomainId(), vpnGatewayId, customerGatewayId);
conn.setState(State.Pending);
@@ -395,6 +431,8 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
dpd = false;
}
+ checkCustomerGatewayCidrList(guestCidrList);
+
gw.setName(name);
gw.setGatewayIp(gatewayIp);
gw.setGuestCidrList(guestCidrList);