You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ja...@apache.org on 2013/12/13 10:25:27 UTC

git commit: updated refs/heads/master to bd54ed8

Updated Branches:
  refs/heads/master db2b8d9b0 -> bd54ed807


CLOUDSTACK-5417 Updating egress firewall rules CiDR on external network restart


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/bd54ed80
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/bd54ed80
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/bd54ed80

Branch: refs/heads/master
Commit: bd54ed80711ea10dd25f04e6b2a32719011e1480
Parents: db2b8d9
Author: Jayapal <ja...@apache.org>
Authored: Fri Dec 13 14:45:44 2013 +0530
Committer: Jayapal <ja...@apache.org>
Committed: Fri Dec 13 14:45:44 2013 +0530

----------------------------------------------------------------------
 .../network/dao/FirewallRulesCidrsDao.java      |  3 ++
 .../network/dao/FirewallRulesCidrsDaoImpl.java  | 11 +++++++
 .../cloud/network/dao/FirewallRulesCidrsVO.java |  4 +++
 .../network/guru/ExternalGuestNetworkGuru.java  | 32 ++++++++++++++++++++
 4 files changed, 50 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bd54ed80/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java
index f6e7b0e..55c4548 100644
--- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java
+++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDao.java
@@ -18,6 +18,7 @@ package com.cloud.network.dao;
 
 import java.util.List;
 
+import com.cloud.utils.db.DB;
 import com.cloud.utils.db.GenericDao;
 
 public interface FirewallRulesCidrsDao extends GenericDao<FirewallRulesCidrsVO, Long> {
@@ -26,4 +27,6 @@ public interface FirewallRulesCidrsDao extends GenericDao<FirewallRulesCidrsVO,
 
     List<String> getSourceCidrs(long firewallRuleId);
 
+    @DB
+    List<FirewallRulesCidrsVO> listByFirewallRuleId(long firewallRuleId);
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bd54ed80/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java
index 8c0c468..9f28800 100644
--- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java
+++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsDaoImpl.java
@@ -39,6 +39,7 @@ public class FirewallRulesCidrsDaoImpl extends GenericDaoBase<FirewallRulesCidrs
     protected FirewallRulesCidrsDaoImpl() {
         CidrsSearch = createSearchBuilder();
         CidrsSearch.and("firewallRuleId", CidrsSearch.entity().getFirewallRuleId(), SearchCriteria.Op.EQ);
+        CidrsSearch.and("firewallRuleId", CidrsSearch.entity().getId(), SearchCriteria.Op.EQ);
         CidrsSearch.done();
     }
 
@@ -57,6 +58,16 @@ public class FirewallRulesCidrsDaoImpl extends GenericDaoBase<FirewallRulesCidrs
         return cidrs;
     }
 
+    @Override @DB
+    public List<FirewallRulesCidrsVO> listByFirewallRuleId(long firewallRuleId) {
+        SearchCriteria<FirewallRulesCidrsVO> sc = CidrsSearch.create();
+        sc.setParameters("firewallRuleId", firewallRuleId);
+
+        List<FirewallRulesCidrsVO> results = search(sc, null);
+
+        return results;
+    }
+
     @Override
     @DB
     public void persist(long firewallRuleId, List<String> sourceCidrs) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bd54ed80/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java
index e6871bb..ce50e17 100644
--- a/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java
+++ b/engine/schema/src/com/cloud/network/dao/FirewallRulesCidrsVO.java
@@ -64,4 +64,8 @@ public class FirewallRulesCidrsVO implements InternalIdentity {
         return sourceCidrList;
     }
 
+    public void setSourceCidrList(String sourceCidrList) {
+        this.sourceCidrList = sourceCidrList;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bd54ed80/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java b/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java
index ec02a30..414eb7b 100644
--- a/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java
+++ b/server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java
@@ -47,6 +47,11 @@ import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.IPAddressVO;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkVO;
+import com.cloud.network.dao.FirewallRulesCidrsDao;
+import com.cloud.network.dao.FirewallRulesDao;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.network.dao.FirewallRulesCidrsVO;
 import com.cloud.network.rules.PortForwardingRuleVO;
 import com.cloud.network.rules.dao.PortForwardingRulesDao;
 import com.cloud.offering.NetworkOffering;
@@ -76,6 +81,10 @@ public class ExternalGuestNetworkGuru extends GuestNetworkGuru {
     IPAddressDao _ipAddressDao;
     @Inject
     IpAddressManager _ipAddrMgr;
+    @Inject
+    FirewallRulesDao _fwRulesDao;
+    @Inject
+    FirewallRulesCidrsDao _fwRulesCidrDao;
 
     public ExternalGuestNetworkGuru() {
         super();
@@ -203,6 +212,29 @@ public class ExternalGuestNetworkGuru extends GuestNetworkGuru {
             }
         }
 
+        //Egress rules cidr is subset of guest nework cidr, we need to change
+        List <FirewallRuleVO> fwEgressRules = _fwRulesDao.listByNetworkPurposeTrafficType(config.getId(), FirewallRule.Purpose.Firewall, FirewallRule.TrafficType.Egress);
+
+        for (FirewallRuleVO rule: fwEgressRules) {
+            //get the cidr list for this rule
+            List<FirewallRulesCidrsVO>  fwRuleCidrsVo = _fwRulesCidrDao.listByFirewallRuleId(rule.getId());
+
+            for (FirewallRulesCidrsVO ruleCidrvo: fwRuleCidrsVo) {
+                String cidr = ruleCidrvo.getCidr();
+                String cidrAddr =  cidr.split("/")[0];
+                String size = cidr.split("/")[1];
+
+                long ipMask = getIpMask(cidrAddr, cidrSize);
+                String newIp = NetUtils.long2Ip(newCidrAddress | ipMask);
+                String updatedCidr = newIp+"/"+size;
+
+                ruleCidrvo.setSourceCidrList(updatedCidr);
+                _fwRulesCidrDao.update(ruleCidrvo.getId(), ruleCidrvo);
+            }
+
+        }
+
+
         return implemented;
     }