コード例 #1
0
  private Answer execute(SetPortForwardingRulesCommand cmd) {
    String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
    String[] results = new String[cmd.getRules().length];
    int i = 0;

    boolean endResult = true;
    for (PortForwardingRuleTO rule : cmd.getRules()) {
      String result = null;
      final Script command = new Script(_firewallPath, _timeout, s_logger);

      command.add(routerIp);
      command.add(rule.revoked() ? "-D" : "-A");
      command.add("-P ", rule.getProtocol().toLowerCase());
      command.add("-l ", rule.getSrcIp());
      command.add("-p ", rule.getStringSrcPortRange());
      command.add("-r ", rule.getDstIp());
      command.add("-d ", rule.getStringDstPortRange());
      result = command.execute();
      if (result == null) {
        results[i++] = null;
      } else {
        results[i++] = "Failed";
        endResult = false;
      }
    }

    return new SetPortForwardingRulesAnswer(cmd, results, endResult);
  }
コード例 #2
0
  @Override
  public boolean applyPFRules(Network network, List<PortForwardingRule> rules)
      throws ResourceUnavailableException {

    if (!_networkModel.isProviderSupportServiceInNetwork(
        network.getId(), Service.PortForwarding, Provider.CiscoVnmc)) {
      s_logger.error(
          "Port forwarding service is not provided by Cisco Vnmc device on network "
              + network.getName());
      return false;
    }

    // Find VNMC host for physical network
    List<CiscoVnmcControllerVO> devices =
        _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
    if (devices.isEmpty()) {
      s_logger.error("No Cisco Vnmc device on network " + network.getName());
      return true;
    }

    // Find if ASA 1000v is associated with network
    NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
    if (asaForNetwork == null) {
      s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
      return true;
    }

    if (network.getState() == Network.State.Allocated) {
      s_logger.debug(
          "External firewall was asked to apply port forwarding rules for network with ID "
              + network.getId()
              + "; this network is not implemented. Skipping backend commands.");
      return true;
    }

    CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
    HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());

    List<PortForwardingRuleTO> rulesTO = new ArrayList<PortForwardingRuleTO>();
    for (PortForwardingRule rule : rules) {
      IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
      Vlan vlan = _vlanDao.findById(sourceIp.getVlanId());
      PortForwardingRuleTO ruleTO =
          new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr());
      rulesTO.add(ruleTO);
    }

    if (!rulesTO.isEmpty()) {
      SetPortForwardingRulesCommand cmd = new SetPortForwardingRulesCommand(rulesTO);
      cmd.setContextParam(
          NetworkElementCommand.GUEST_VLAN_TAG, network.getBroadcastUri().getHost());
      cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
      Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
      if (answer == null || !answer.getResult()) {
        String details = (answer != null) ? answer.getDetails() : "details unavailable";
        String msg =
            "Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: "
                + details
                + ".";
        s_logger.error(msg);
        throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
      }
    }

    return true;
  }