cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sate...@apache.org
Subject [32/50] [abbrv] git commit: updated refs/heads/vmware-storage-motion to 202b103
Date Fri, 24 May 2013 16:28:47 GMT
CLOUDSTACK-2386 Fixed srx firewall icmp rule

Signed-off-by: Abhinandan Prateek <aprateek@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/704471e6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/704471e6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/704471e6

Branch: refs/heads/vmware-storage-motion
Commit: 704471e6deb1f72b6cc5a9fdcad15927dfc689a8
Parents: 2276760
Author: Jayapal <jayapalreddy.uradi@citrix.com>
Authored: Mon May 20 11:00:51 2013 +0530
Committer: Abhinandan Prateek <aprateek@apache.org>
Committed: Fri May 24 10:30:12 2013 +0530

----------------------------------------------------------------------
 .../element/JuniperSRXExternalFirewallElement.java |    1 +
 .../cloud/network/resource/JuniperSrxResource.java |   35 +++++++--------
 .../network/ExternalFirewallDeviceManagerImpl.java |    4 +-
 utils/src/com/cloud/utils/net/NetUtils.java        |    2 +
 4 files changed, 23 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/704471e6/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
b/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
index a429306..c00d99a 100644
--- a/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
+++ b/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
@@ -242,6 +242,7 @@ PortForwardingServiceProvider, RemoteAccessVPNServiceProvider, IpDeployer,
Junip
         // Set capabilities for Firewall service
         Map<Capability, String> firewallCapabilities = new HashMap<Capability, String>();
         firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp");
+        firewallCapabilities.put(Capability.SupportedEgressProtocols, "tcp,udp,icmp,all");
         firewallCapabilities.put(Capability.MultipleIps, "true");
         firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
         firewallCapabilities.put(Capability.SupportedTrafficDirection, "ingress, egress");

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/704471e6/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
b/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
index a0068c3..fd065d5 100644
--- a/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
+++ b/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
@@ -750,7 +750,7 @@ public class JuniperSrxResource implements ServerResource {
         s_logger.debug(msg);
     }
 
-    private void shutdownGuestNetwork(GuestNetworkType type, long accountId, Long publicVlanTag,
String sourceNatIpAddress, long privateVlanTag, String privateGateway, String privateSubnet,
long privateCidrSize) throws ExecutionException {	    
+    private void shutdownGuestNetwork(GuestNetworkType type, long accountId, Long publicVlanTag,
String sourceNatIpAddress, long privateVlanTag, String privateGateway, String privateSubnet,
long privateCidrSize) throws ExecutionException {
         // Remove static and destination NAT rules for the guest network
         removeStaticAndDestNatRulesInPrivateVlan(privateVlanTag, privateGateway, privateCidrSize);
 
@@ -766,10 +766,10 @@ public class JuniperSrxResource implements ServerResource {
             manageSourceNatPool(SrxCommand.DELETE, sourceNatIpAddress);
             manageProxyArp(SrxCommand.DELETE, publicVlanTag, sourceNatIpAddress);
             manageUsageFilter(SrxCommand.DELETE, _usageFilterIPOutput, privateSubnet, null,
genIpFilterTermName(sourceNatIpAddress));
-            manageUsageFilter(SrxCommand.DELETE, _usageFilterIPInput, sourceNatIpAddress,
null, genIpFilterTermName(sourceNatIpAddress));					    					   		    		   
+            manageUsageFilter(SrxCommand.DELETE, _usageFilterIPInput, sourceNatIpAddress,
null, genIpFilterTermName(sourceNatIpAddress));
         } else if (type.equals(GuestNetworkType.INTERFACE_NAT)) {
             manageUsageFilter(SrxCommand.DELETE, _usageFilterVlanOutput, null, privateVlanTag,
null);         
-            manageUsageFilter(SrxCommand.DELETE, _usageFilterVlanInput, null, privateVlanTag,
null); 		       		    
+            manageUsageFilter(SrxCommand.DELETE, _usageFilterVlanInput, null, privateVlanTag,
null);
         }				
 
         String msg = "Shut down guest network with type " + type +". Guest VLAN tag: " +
privateVlanTag + ", guest gateway: " + privateGateway;
@@ -841,21 +841,24 @@ public class JuniperSrxResource implements ServerResource {
                 commitConfiguration();
             } else {
                 for (FirewallRuleTO rule : rules) {
-                    int startPort = 0, endPort = 0;
+                    int startPort = NetUtils.PORT_RANGE_MIN, endPort = NetUtils.PORT_RANGE_MAX;
                     if (rule.getSrcPortRange() != null) {
                         startPort = rule.getSrcPortRange()[0];
                         endPort = rule.getSrcPortRange()[1];
-                        FirewallFilterTerm term = new FirewallFilterTerm(genIpIdentifier(rule.getSrcIp())
+ "-" + String.valueOf(rule.getId()), rule.getSourceCidrList(),
-                                rule.getSrcIp(), rule.getProtocol(), startPort, endPort,
-                                rule.getIcmpType(), rule.getIcmpCode(), genIpIdentifier(rule.getSrcIp())
+ _usageFilterIPInput.getCounterIdentifier());
-                        if (!rule.revoked()) {
-                            manageFirewallFilter(SrxCommand.ADD, term, _publicZoneInputFilterName);
-                        } else {
-                            manageFirewallFilter(SrxCommand.DELETE, term, _publicZoneInputFilterName);
-                        }
                     }
-                    commitConfiguration();
+
+                    FirewallFilterTerm term = new FirewallFilterTerm(genIpIdentifier(rule.getSrcIp())
+ "-" + String.valueOf(rule.getId()), rule.getSourceCidrList(),
+                            rule.getSrcIp(), rule.getProtocol(), startPort, endPort,
+                            rule.getIcmpType(), rule.getIcmpCode(), genIpIdentifier(rule.getSrcIp())
+ _usageFilterIPInput.getCounterIdentifier());
+                    if (!rule.revoked()) {
+                        manageProxyArp(SrxCommand.ADD, getVlanTag(rule.getSrcVlanTag()),
rule.getSrcIp());
+                        manageFirewallFilter(SrxCommand.ADD, term, _publicZoneInputFilterName);
+                    } else {
+                        manageFirewallFilter(SrxCommand.DELETE, term, _publicZoneInputFilterName);
+                        manageProxyArp(SrxCommand.DELETE, getVlanTag(rule.getSrcVlanTag()),
rule.getSrcIp());
+                    }
                 }
+                commitConfiguration();
             }
                 
             return new Answer(cmd);
@@ -925,7 +928,6 @@ public class JuniperSrxResource implements ServerResource {
     }
 
     private void addStaticNatRule(Long publicVlanTag, String publicIp, String privateIp,
List<FirewallRuleTO> rules) throws ExecutionException {
-        manageProxyArp(SrxCommand.ADD, publicVlanTag, publicIp);
         manageStaticNatRule(SrxCommand.ADD, publicIp, privateIp);
         manageAddressBookEntry(SrxCommand.ADD, _privateZone, privateIp, null);
 
@@ -937,7 +939,6 @@ public class JuniperSrxResource implements ServerResource {
 
     private void removeStaticNatRule(Long publicVlanTag, String publicIp, String privateIp)
throws ExecutionException {	    
         manageStaticNatRule(SrxCommand.DELETE, publicIp, privateIp);
-        manageProxyArp(SrxCommand.DELETE, publicVlanTag, publicIp);   
 
         // Remove any existing security policy and clean up applications
         removeSecurityPolicyAndApplications(SecurityPolicyType.STATIC_NAT, privateIp);
@@ -1196,8 +1197,7 @@ public class JuniperSrxResource implements ServerResource {
     }
 
     private void addDestinationNatRule(Protocol protocol, Long publicVlanTag, String publicIp,
String privateIp, int srcPortStart, int srcPortEnd, int destPortStart, int destPortEnd) throws
ExecutionException {
-        manageProxyArp(SrxCommand.ADD, publicVlanTag, publicIp);       
-        
+
         int offset = 0;
         for (int srcPort = srcPortStart; srcPort <= srcPortEnd; srcPort++) {
             int destPort = destPortStart + offset;
@@ -1220,7 +1220,6 @@ public class JuniperSrxResource implements ServerResource {
     private void removeDestinationNatRule(Long publicVlanTag, String publicIp, String privateIp,
int srcPort, int destPort) throws ExecutionException {               
         manageDestinationNatRule(SrxCommand.DELETE, publicIp, privateIp, srcPort, destPort);
         manageDestinationNatPool(SrxCommand.DELETE, privateIp, destPort);   
-        manageProxyArp(SrxCommand.DELETE, publicVlanTag, publicIp);    
 
         removeSecurityPolicyAndApplications(SecurityPolicyType.DESTINATION_NAT, privateIp);
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/704471e6/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java b/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java
index 4a90a77..9d24e47 100644
--- a/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java
+++ b/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java
@@ -550,7 +550,9 @@ public abstract class ExternalFirewallDeviceManagerImpl extends AdapterBase
impl
                 ruleTO = new FirewallRuleTO(rule, guestVlanTag, rule.getTrafficType());
             } else {
                 IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
-                ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr());
+                Vlan vlan = _vlanDao.findById(sourceIp.getVlanId());
+
+                ruleTO = new FirewallRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr());
             }
             rulesTO.add(ruleTO);
         }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/704471e6/utils/src/com/cloud/utils/net/NetUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java
index 37dcef3..8c094c8 100755
--- a/utils/src/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/com/cloud/utils/net/NetUtils.java
@@ -61,6 +61,8 @@ public class NetUtils {
     public final static String ALL_PROTO = "all";
 
     public final static String ALL_CIDRS = "0.0.0.0/0";
+    public final static int PORT_RANGE_MIN = 0;
+    public final static int PORT_RANGE_MAX = 65535;
 
     public final static int DEFAULT_AUTOSCALE_VM_DESTROY_TIME = 2 * 60; // Grace period before
Vm is destroyed
     public final static int DEFAULT_AUTOSCALE_POLICY_INTERVAL_TIME = 30;


Mime
View raw message