You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ja...@apache.org on 2013/12/13 10:25:27 UTC
git commit: updated refs/heads/master to bd54ed8
Updated Branches:
refs/heads/master db2b8d9b0 -> bd54ed807
CLOUDSTACK-5417 Updating egress firewall rules CiDR on external network restart
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/bd54ed80
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/bd54ed80
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/bd54ed80
Branch: refs/heads/master
Commit: bd54ed80711ea10dd25f04e6b2a32719011e1480
Parents: db2b8d9
Author: Jayapal <ja...@apache.org>
Authored: Fri Dec 13 14:45:44 2013 +0530
Committer: Jayapal <ja...@apache.org>
Committed: Fri Dec 13 14:45:44 2013 +0530
----------------------------------------------------------------------
.../network/dao/FirewallRulesCidrsDao.java | 3 ++
.../network/dao/FirewallRulesCidrsDaoImpl.java | 11 +++++++
.../cloud/network/dao/FirewallRulesCidrsVO.java | 4 +++
.../network/guru/ExternalGuestNetworkGuru.java | 32 ++++++++++++++++++++
4 files changed, 50 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bd54ed80/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java
index f6e7b0e..55c4548 100644
--- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java
+++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java
@@ -18,6 +18,7 @@ package com.cloud.network.dao;
import java.util.List;
+import com.cloud.utils.db.DB;
import com.cloud.utils.db.GenericDao;
public interface FirewallRulesCidrsDao extends GenericDao<FirewallRulesCidrsVO, Long> {
@@ -26,4 +27,6 @@ public interface FirewallRulesCidrsDao extends GenericDao<FirewallRulesCidrsVO,
List<String> getSourceCidrs(long firewallRuleId);
+ @DB
+ List<FirewallRulesCidrsVO> listByFirewallRuleId(long firewallRuleId);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bd54ed80/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java
index 8c0c468..9f28800 100644
--- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java
+++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java
@@ -39,6 +39,7 @@ public class FirewallRulesCidrsDaoImpl extends GenericDaoBase<FirewallRulesCidrs
protected FirewallRulesCidrsDaoImpl() {
CidrsSearch = createSearchBuilder();
CidrsSearch.and("firewallRuleId", CidrsSearch.entity().getFirewallRuleId(), SearchCriteria.Op.EQ);
+ CidrsSearch.and("firewallRuleId", CidrsSearch.entity().getId(), SearchCriteria.Op.EQ);
CidrsSearch.done();
}
@@ -57,6 +58,16 @@ public class FirewallRulesCidrsDaoImpl extends GenericDaoBase<FirewallRulesCidrs
return cidrs;
}
+ @Override @DB
+ public List<FirewallRulesCidrsVO> listByFirewallRuleId(long firewallRuleId) {
+ SearchCriteria<FirewallRulesCidrsVO> sc = CidrsSearch.create();
+ sc.setParameters("firewallRuleId", firewallRuleId);
+
+ List<FirewallRulesCidrsVO> results = search(sc, null);
+
+ return results;
+ }
+
@Override
@DB
public void persist(long firewallRuleId, List<String> sourceCidrs) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bd54ed80/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java
index e6871bb..ce50e17 100644
--- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java
+++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java
@@ -64,4 +64,8 @@ public class FirewallRulesCidrsVO implements InternalIdentity {
return sourceCidrList;
}
+ public void setSourceCidrList(String sourceCidrList) {
+ this.sourceCidrList = sourceCidrList;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bd54ed80/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java b/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java
index ec02a30..414eb7b 100644
--- a/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java
+++ b/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java
@@ -47,6 +47,11 @@ import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.IPAddressVO;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.NetworkVO;
+import com.cloud.network.dao.FirewallRulesCidrsDao;
+import com.cloud.network.dao.FirewallRulesDao;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.network.dao.FirewallRulesCidrsVO;
import com.cloud.network.rules.PortForwardingRuleVO;
import com.cloud.network.rules.dao.PortForwardingRulesDao;
import com.cloud.offering.NetworkOffering;
@@ -76,6 +81,10 @@ public class ExternalGuestNetworkGuru extends GuestNetworkGuru {
IPAddressDao _ipAddressDao;
@Inject
IpAddressManager _ipAddrMgr;
+ @Inject
+ FirewallRulesDao _fwRulesDao;
+ @Inject
+ FirewallRulesCidrsDao _fwRulesCidrDao;
public ExternalGuestNetworkGuru() {
super();
@@ -203,6 +212,29 @@ public class ExternalGuestNetworkGuru extends GuestNetworkGuru {
}
}
+ //Egress rules cidr is subset of guest nework cidr, we need to change
+ List <FirewallRuleVO> fwEgressRules = _fwRulesDao.listByNetworkPurposeTrafficType(config.getId(), FirewallRule.Purpose.Firewall, FirewallRule.TrafficType.Egress);
+
+ for (FirewallRuleVO rule: fwEgressRules) {
+ //get the cidr list for this rule
+ List<FirewallRulesCidrsVO> fwRuleCidrsVo = _fwRulesCidrDao.listByFirewallRuleId(rule.getId());
+
+ for (FirewallRulesCidrsVO ruleCidrvo: fwRuleCidrsVo) {
+ String cidr = ruleCidrvo.getCidr();
+ String cidrAddr = cidr.split("/")[0];
+ String size = cidr.split("/")[1];
+
+ long ipMask = getIpMask(cidrAddr, cidrSize);
+ String newIp = NetUtils.long2Ip(newCidrAddress | ipMask);
+ String updatedCidr = newIp+"/"+size;
+
+ ruleCidrvo.setSourceCidrList(updatedCidr);
+ _fwRulesCidrDao.update(ruleCidrvo.getId(), ruleCidrvo);
+ }
+
+ }
+
+
return implemented;
}