public VspAclRule buildVspAclRule(NetworkACLItem networkAcl) { return new VspAclRule.Builder() .uuid(networkAcl.getUuid()) .protocol(networkAcl.getProtocol()) .startPort(networkAcl.getSourcePortStart()) .endPort(networkAcl.getSourcePortEnd()) .sourceIpAddress(null) .sourceCidrList(networkAcl.getSourceCidrList()) .priority(networkAcl.getNumber()) .type(VspAclRule.ACLType.NetworkACL) .state(getEnumValue(networkAcl.getState(), VspAclRule.ACLState.class)) .trafficType(getEnumValue(networkAcl.getTrafficType(), VspAclRule.ACLTrafficType.class)) .action(getEnumValue(networkAcl.getAction(), VspAclRule.ACLAction.class)) .build(); }
public NetworkACLTO(NetworkACLItem rule, String vlanTag, NetworkACLItem.TrafficType trafficType) { this(rule.getId(), vlanTag, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState() == NetworkACLItem.State.Revoke, rule.getState() == NetworkACLItem.State.Active, rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode(), trafficType, rule.getAction() == NetworkACLItem.Action.Allow, rule.getNumber()); }
response.setId(aclItem.getUuid()); response.setProtocol(aclItem.getProtocol()); if (aclItem.getSourcePortStart() != null) { response.setStartPort(Integer.toString(aclItem.getSourcePortStart())); if (aclItem.getSourcePortEnd() != null) { response.setEndPort(Integer.toString(aclItem.getSourcePortEnd())); response.setCidrList(StringUtils.join(aclItem.getSourceCidrList(), ",")); response.setTrafficType(aclItem.getTrafficType().toString()); NetworkACLItem.State state = aclItem.getState(); String stateToSet = state.toString(); if (state.equals(NetworkACLItem.State.Revoke)) { response.setIcmpCode(aclItem.getIcmpCode()); response.setIcmpType(aclItem.getIcmpType()); response.setNumber(aclItem.getNumber()); response.setAction(aclItem.getAction().toString()); response.setForDisplay(aclItem.isDisplay()); NetworkACL acl = ApiDBUtils.findByNetworkACLId(aclItem.getAclId()); if (acl != null) { response.setAclId(acl.getUuid()); List<? extends ResourceTag> tags = ApiDBUtils.listByResourceTypeAndId(ResourceObjectType.NetworkACL, aclItem.getId()); List<ResourceTagResponse> tagResponses = new ArrayList<ResourceTagResponse>();
for(NetworkACLItem item: aclItems){ AclData acl = new AclData(); acl.setId(item.getUuid()); acl.setPriority(item.getNumber()); acl.setIpProto(item.getProtocol()); Integer port = item.getSourcePortStart(); // currently BCF supports single port policy aclCidrList = _aclItemCidrsDao.listByNetworkACLItemId(item.getId()); if(aclCidrList != null){ if(aclCidrList.size()>1 || !item.getSourcePortEnd().equals(port)){ continue; } else { acl.setAction(item.getAction().name());
List<String> cidrList; for(NetworkACLItem r: rules){ if(r.getState()==NetworkACLItem.State.Revoke){ continue; cidrList = r.getSourceCidrList(); if(cidrList != null){ if(cidrList.size()>1 || !r.getSourcePortEnd().equals(r.getSourcePortStart())){ throw new ResourceUnavailableException("One CIDR and one port only please.", Network.class, network.getId());
if (rule.getState() == NetworkACLItem.State.Revoke) { removeRule(rule); } else if (rule.getState() == NetworkACLItem.State.Add) { final NetworkACLItemVO ruleVO = _networkACLItemDao.findById(rule.getId()); ruleVO.setState(NetworkACLItem.State.Active); _networkACLItemDao.update(ruleVO.getId(), ruleVO);
Long aclId = rules.get(0).getAclId(); NetworkACLVO acl = _networkACLDao.findById(aclId); NetworkPolicyModel policyModel = _manager.getDatabase().lookupNetworkPolicy(acl.getUuid());
private void removeRule(final NetworkACLItem rule) { _networkACLItemDao.remove(rule.getId()); }
@Override public void execute() throws ResourceUnavailableException { boolean success = false; NetworkACLItem rule = _networkACLService.getNetworkACLItem(getEntityId()); try { CallContext.current().setEventDetails("Rule ID: " + getEntityId()); success = _networkACLService.applyNetworkACL(rule.getAclId()); // State is different after the rule is applied, so get new object here rule = _networkACLService.getNetworkACLItem(getEntityId()); NetworkACLItemResponse aclResponse = new NetworkACLItemResponse(); if (rule != null) { aclResponse = _responseGenerator.createNetworkACLItemResponse(rule); setResponseObject(aclResponse); } aclResponse.setResponseName(getCommandName()); } finally { if (!success || rule == null) { _networkACLService.revokeNetworkACLItem(getEntityId()); throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create network ACL Item"); } } } }
if (rule.getState() != NetworkACLItem.State.Active && rule.getState() != NetworkACLItem.State.Add) { continue; if (rule.getAction() == Action.Allow) { action = "pass"; } else if (rule.getAction() == Action.Deny) { action = "deny"; List<String> cidrList = rule.getSourceCidrList(); String protocol = rule.getProtocol(); if (protocol == null || protocol.equalsIgnoreCase("ALL") || protocol.isEmpty()) { protocol = "any"; Integer portStart = rule.getSourcePortStart(); Integer portEnd = rule.getSourcePortEnd(); if (portStart == null) { portStart = 0; List<PolicyRuleType.PortType> dstPorts = new ArrayList<PolicyRuleType.PortType>(); if (rule.getTrafficType() == NetworkACLItem.TrafficType.Egress){ for (String cidr: cidrList) { NetworkVO net = cidrToNetwork(controller, cidr); new PolicyRuleType.SequenceType(1, 0), rule.getUuid(), "<>", protocol, srcList, srcPorts, null, dstList, dstPorts, new PolicyRuleType.ActionListType(action, null, null, null));