protected PortForwardingRulesDaoImpl() { super(); AllFieldsSearch = createSearchBuilder(); AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ); AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), Op.EQ); AllFieldsSearch.and("ipId", AllFieldsSearch.entity().getSourceIpAddressId(), Op.EQ); AllFieldsSearch.and("protocol", AllFieldsSearch.entity().getProtocol(), Op.EQ); AllFieldsSearch.and("networkId", AllFieldsSearch.entity().getNetworkId(), Op.EQ); AllFieldsSearch.and("vmId", AllFieldsSearch.entity().getVirtualMachineId(), Op.EQ); AllFieldsSearch.and("purpose", AllFieldsSearch.entity().getPurpose(), Op.EQ); AllFieldsSearch.and("dstIp", AllFieldsSearch.entity().getDestinationIpAddress(), Op.EQ); AllFieldsSearch.done(); ApplicationSearch.and("ipId", ApplicationSearch.entity().getSourceIpAddressId(), Op.EQ); ApplicationSearch.and("state", ApplicationSearch.entity().getState(), Op.NEQ); ApplicationSearch.and("purpose", ApplicationSearch.entity().getPurpose(), Op.EQ); ApplicationSearch.done(); ActiveRulesSearch.and("ipId", ActiveRulesSearch.entity().getSourceIpAddressId(), Op.EQ); ActiveRulesSearch.and("networkId", ActiveRulesSearch.entity().getNetworkId(), Op.EQ); ActiveRulesSearch.and("state", ActiveRulesSearch.entity().getState(), Op.NEQ); ActiveRulesSearch.and("purpose", ActiveRulesSearch.entity().getPurpose(), Op.EQ); ActiveRulesSearch.done(); AllRulesSearchByVM.and("vmId", AllRulesSearchByVM.entity().getVirtualMachineId(), Op.EQ); AllRulesSearchByVM.and("purpose", AllRulesSearchByVM.entity().getPurpose(), Op.EQ); AllRulesSearchByVM.done(); ActiveRulesSearchByAccount.and("accountId", ActiveRulesSearchByAccount.entity().getAccountId(), Op.EQ); ActiveRulesSearchByAccount.and("state", ActiveRulesSearchByAccount.entity().getState(), Op.NEQ);
rule.setUuid(customId); rule.setDisplay(forDisplay); if (privatePort != null && privateEndPort != null && ((privateEndPort - privatePort) != (rule.getSourcePortEnd() - rule.getSourcePortStart()))) "the provided port range is not consistent with the port range : " + rule.getSourcePortStart() + " to " + rule.getSourcePortEnd()); if (!rule.getSourcePortStart().equals(rule.getSourcePortEnd())) { if ((privatePort == null || privateEndPort == null) && !(privatePort == null && privateEndPort == null)) { throw new InvalidParameterValueException("Unable to update the private port range of port forwarding rule as " + "the provided port range is not consistent with the port range : " + rule.getSourcePortStart() + " to " + rule.getSourcePortEnd()); Ip dstIp = rule.getDestinationIpAddress(); if (virtualMachineId != null) { Nic guestNic = _networkModel.getNicInNetwork(virtualMachineId, rule.getNetworkId()); if (guestNic == null || guestNic.getIPv4Address() == null) { throw new InvalidParameterValueException("Vm doesn't belong to network associated with ipAddress"); rule.setState(State.Revoke); _portForwardingDao.update(id, rule); rules.add(rule); rule.setState(State.Add); if (privatePort != null) { rule.setDestinationPortStart(privatePort.intValue()); rule.setDestinationPortEnd((privateEndPort == null) ? privatePort.intValue() : privateEndPort.intValue()); } else if (privateEndPort != null) {
@Override public PortForwardingRuleVO doInTransaction(TransactionStatus status) throws NetworkRuleConflictException { PortForwardingRuleVO newRule = new PortForwardingRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), dstIpFinal, rule.getDestinationPortStart(), rule.getDestinationPortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, vmId); newRule.setDisplay(forDisplay); newRule.getId(), networkId); throw new CloudRuntimeException("Unable to update the state to add for " + newRule); CallContext.current().setEventDetails("Rule Id: " + newRule.getId()); UsageEventUtils.publishUsageEvent(EventTypes.EVENT_NET_RULE_ADD, newRule.getAccountId(), ipAddressFinal.getDataCenterId(), newRule.getId(), null, PortForwardingRule.class.getName(), newRule.getUuid()); return newRule; } catch (Exception e) { if (newRule != null) { _firewallMgr.revokeRelatedFirewallRule(newRule.getId(), false); removePFRule(newRule);
@Override public boolean revokePortForwardingRulesForVm(long vmId) { boolean success = true; UserVmVO vm = _vmDao.findByIdIncludingRemoved(vmId); if (vm == null) { return false; } List<PortForwardingRuleVO> rules = _portForwardingDao.listByVm(vmId); Set<Long> ipsToReprogram = new HashSet<Long>(); if (rules == null || rules.isEmpty()) { s_logger.debug("No port forwarding rules are found for vm id=" + vmId); return true; } for (PortForwardingRuleVO rule : rules) { // Mark port forwarding rule as Revoked, but don't revoke it yet (apply=false) revokePortForwardingRuleInternal(rule.getId(), _accountMgr.getSystemAccount(), Account.ACCOUNT_ID_SYSTEM, false); ipsToReprogram.add(rule.getSourceIpAddressId()); } // apply rules for all ip addresses for (Long ipId : ipsToReprogram) { s_logger.debug("Applying port forwarding rules for ip address id=" + ipId + " as a part of vm expunge"); if (!applyPortForwardingRules(ipId, _ipAddrMgr.RulesContinueOnError.value(), _accountMgr.getSystemAccount())) { s_logger.warn("Failed to apply port forwarding rules for ip id=" + ipId); success = false; } } return success; }
_accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); sb.and("id", sb.entity().getId(), Op.EQ); sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ); sb.and("purpose", sb.entity().getPurpose(), Op.EQ); sb.and("networkId", sb.entity().getNetworkId(), Op.EQ); sb.and("display", sb.entity().isDisplay(), Op.EQ); sb.groupBy(sb.entity().getId()); sb.join("tagSearch", tagSearch, sb.entity().getId(), tagSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER);
if (pfRule.getDestinationIpAddress() != null) { long ipMask = getIpMask(pfRule.getDestinationIpAddress().addr(), cidrSize); String maskedDestinationIpAddress = NetUtils.long2Ip(newCidrAddress | ipMask); pfRule.setDestinationIpAddress(new Ip(maskedDestinationIpAddress)); _pfRulesDao.update(pfRule.getId(), pfRule);
protected void removePFRule(PortForwardingRuleVO rule) { _portForwardingDao.remove(rule.getId()); }
private boolean revokePortForwardingRuleInternal(long ruleId, Account caller, long userId, boolean apply) { PortForwardingRuleVO rule = _portForwardingDao.findById(ruleId); _firewallMgr.revokeRule(rule, caller, userId, true); boolean success = false; if (apply) { success = applyPortForwardingRules(rule.getSourceIpAddressId(), _ipAddrMgr.RulesContinueOnError.value(), caller); } else { success = true; } return success; }
pfRule.setState(FirewallRule.State.Revoke);
revokePortForwardingRuleInternal(rule.getId(), caller, userId, false);
String publicIp = _networkModel.getIp(portForwardingRule.getSourceIpAddressId()).getAddress().addr(); if (!createOrUpdateStatsEntry(create, accountId, zoneId, network.getId(), publicIp, externalFirewall.getId(), firewallAnswer, false)) { throw new CloudRuntimeException(networkErrorMsg + ", port forwarding rule public IP = " + publicIp);
revokePortForwardingRuleInternal(rule.getId(), caller, userId, false);
FirewallRuleVO relatedRule = _firewallDao.findByRelatedId(pfRule.getId()); if (relatedRule != null) { firewallRules.add(relatedRule);
PortForwardingRuleVO pf = _pfDao.findByUuidIncludingRemoved(usageId); if (pf != null) { usageDbId = pf.getId();