public PortForwardingRuleTO(PortForwardingRule rule, String srcVlanTag, String srcIp) { super(rule, srcVlanTag, srcIp); this.dstIp = rule.getDestinationIpAddress().addr(); this.dstPortRange = new int[] {rule.getDestinationPortStart(), rule.getDestinationPortEnd()}; }
@Override public Long getSyncObjId() { return _entityMgr.findById(PortForwardingRule.class, id).getNetworkId(); }
@Override public long getEntityOwnerId() { PortForwardingRule rule = _entityMgr.findById(PortForwardingRule.class, getId()); if (rule != null) { return rule.getAccountId(); } // bad address given, parent this command to SYSTEM so ERROR events are tracked return Account.ACCOUNT_ID_SYSTEM; }
@Override public FirewallRuleResponse createPortForwardingRuleResponse(PortForwardingRule fwRule) { FirewallRuleResponse response = new FirewallRuleResponse(); response.setId(fwRule.getUuid()); response.setPrivateStartPort(Integer.toString(fwRule.getDestinationPortStart())); response.setPrivateEndPort(Integer.toString(fwRule.getDestinationPortEnd())); response.setProtocol(fwRule.getProtocol()); response.setPublicStartPort(Integer.toString(fwRule.getSourcePortStart())); response.setPublicEndPort(Integer.toString(fwRule.getSourcePortEnd())); List<String> cidrs = ApiDBUtils.findFirewallSourceCidrs(fwRule.getId()); response.setCidrList(StringUtils.join(cidrs, ",")); Network guestNtwk = ApiDBUtils.findNetworkById(fwRule.getNetworkId()); response.setNetworkId(guestNtwk.getUuid()); IpAddress ip = ApiDBUtils.findIpAddressById(fwRule.getSourceIpAddressId()); if (fwRule.getDestinationIpAddress() != null) response.setDestNatVmIp(fwRule.getDestinationIpAddress().toString()); UserVm vm = ApiDBUtils.findUserVmById(fwRule.getVirtualMachineId()); if (vm != null) { response.setVirtualMachineId(vm.getUuid()); FirewallRule.State state = fwRule.getState(); String stateToSet = state.toString(); if (state.equals(FirewallRule.State.Revoke)) { List<? extends ResourceTag> tags = ApiDBUtils.listByResourceTypeAndId(ResourceObjectType.PortForwardingRule, fwRule.getId()); List<ResourceTagResponse> tagResponses = new ArrayList<ResourceTagResponse>();
final Account caller = ctx.getCallingAccount(); final Long ipAddrId = rule.getSourceIpAddressId(); final Long networkId = rule.getNetworkId(); Network network = _networkModel.getNetwork(networkId); _firewallMgr.validateFirewallRule(caller, ipAddress, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), Purpose.PortForwarding, FirewallRuleType.User, networkId, rule.getTrafficType()); if (rule.getDestinationPortStart() > rule.getDestinationPortEnd()) { throw new InvalidParameterValueException("Start port can't be bigger than end port"); if ((rule.getDestinationPortEnd() - rule.getDestinationPortStart()) != (rule.getSourcePortEnd() - rule.getSourcePortStart())) { throw new InvalidParameterValueException("Source port and destination port ranges should be of equal sizes."); Ip dstIp = rule.getDestinationIpAddress(); guestNic = _networkModel.getNicInNetwork(vmId, networkId); if (guestNic == null || guestNic.getIPv4Address() == null) { if (rule.getSourcePortStart().intValue() != rule.getSourcePortEnd().intValue() || rule.getDestinationPortStart() != rule.getDestinationPortEnd()) { validatePortRange = true; if (rule.getSourcePortStart().intValue() != rule.getDestinationPortStart()) { throw new InvalidParameterValueException("Private port start should be equal to public port start"); if (rule.getSourcePortEnd().intValue() != rule.getDestinationPortEnd()) { throw new InvalidParameterValueException("Private port end should be equal to public port end");
@Override public PortForwardingRuleVO doInTransaction(TransactionStatus status) throws NetworkRuleConflictException { PortForwardingRuleVO newRule = new PortForwardingRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), dstIpFinal, rule.getDestinationPortStart(), rule.getDestinationPortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, vmId); _firewallMgr.createRuleForAllCidrs(ipAddrId, caller, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), null, null, newRule.getId(), networkId);
@Override public void create() { // cidr list parameter is deprecated if (cidrlist != null) { throw new InvalidParameterValueException( "Parameter cidrList is deprecated; if you need to open firewall rule for the specific cidr, please refer to createFirewallRule command"); } Ip privateIp = getVmSecondaryIp(); if (privateIp != null) { if (!NetUtils.isValidIp4(privateIp.toString())) { throw new InvalidParameterValueException("Invalid vm ip address"); } } try { PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, privateIp, getOpenFirewall(), isDisplay()); setEntityId(result.getId()); setEntityUuid(result.getUuid()); } catch (NetworkRuleConflictException ex) { s_logger.trace("Network Rule Conflict: ", ex); throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage(), ex); } }
IpAddress sourceIp = networkModel.getIp(rule.getSourceIpAddressId()); Vlan vlan = vlanDao.findById(sourceIp.getVlanId()); PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr());
@Override public boolean applyPortForwardingRules(Network network, List<? extends PortForwardingRule> rules) throws ResourceUnavailableException { // Find the external firewall in this zone long zoneId = network.getDataCenterId(); DataCenterVO zone = _dcDao.findById(zoneId); ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network); HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId()); assert (externalFirewall != null); if (network.getState() == Network.State.Allocated) { s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands."); return true; } List<PortForwardingRuleTO> pfRules = new ArrayList<PortForwardingRuleTO>(); for (PortForwardingRule rule : rules) { IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId()); Vlan vlan = _vlanDao.findById(sourceIp.getVlanId()); PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr()); pfRules.add(ruleTO); } sendPortForwardingRules(pfRules, zone, externalFirewall.getId()); return true; } }
public void createApplyPortForwardingRulesCommands(final List<? extends PortForwardingRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) { final List<PortForwardingRuleTO> rulesTO = new ArrayList<PortForwardingRuleTO>(); if (rules != null) { for (final PortForwardingRule rule : rules) { final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId()); final PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, null, sourceIp.getAddress().addr()); rulesTO.add(ruleTO); } } SetPortForwardingRulesCommand cmd = null; if (router.getVpcId() != null) { cmd = new SetPortForwardingRulesVpcCommand(rulesTO); } else { cmd = new SetPortForwardingRulesCommand(rulesTO); } cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId()); cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString()); cmds.addCommand(cmd); }
@Override public Long getSyncObjId() { PortForwardingRule rule = _entityMgr.findById(PortForwardingRule.class, getId()); if (rule != null) { return rule.getNetworkId(); } else { throw new InvalidParameterValueException("Unable to find the rule by id"); } } }
@Override public long getEntityOwnerId() { if (ownerId == null) { PortForwardingRule rule = _entityMgr.findById(PortForwardingRule.class, id); if (rule == null) { throw new InvalidParameterValueException("Unable to find port forwarding rule by ID=" + id); } else { ownerId = _entityMgr.findById(PortForwardingRule.class, id).getAccountId(); } } return ownerId; }