private Answer execute(SetPortForwardingRulesCommand cmd) {
String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
String[] results = new String[cmd.getRules().length];
int i = 0;
boolean endResult = true;
for (PortForwardingRuleTO rule : cmd.getRules()) {
String result = null;
final Script command = new Script(_firewallPath, _timeout, s_logger);
command.add(routerIp);
command.add(rule.revoked() ? "-D" : "-A");
command.add("-P ", rule.getProtocol().toLowerCase());
command.add("-l ", rule.getSrcIp());
command.add("-p ", rule.getStringSrcPortRange());
command.add("-r ", rule.getDstIp());
command.add("-d ", rule.getStringDstPortRange());
result = command.execute();
if (result == null) {
results[i++] = null;
} else {
results[i++] = "Failed";
endResult = false;
}
}
return new SetPortForwardingRulesAnswer(cmd, results, endResult);
}
@Override
public boolean applyPFRules(Network network, List<PortForwardingRule> rules)
throws ResourceUnavailableException {
if (!_networkModel.isProviderSupportServiceInNetwork(
network.getId(), Service.PortForwarding, Provider.CiscoVnmc)) {
s_logger.error(
"Port forwarding service is not provided by Cisco Vnmc device on network "
+ network.getName());
return false;
}
// Find VNMC host for physical network
List<CiscoVnmcControllerVO> devices =
_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (devices.isEmpty()) {
s_logger.error("No Cisco Vnmc device on network " + network.getName());
return true;
}
// Find if ASA 1000v is associated with network
NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (asaForNetwork == null) {
s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
return true;
}
if (network.getState() == Network.State.Allocated) {
s_logger.debug(
"External firewall was asked to apply port forwarding rules for network with ID "
+ network.getId()
+ "; this network is not implemented. Skipping backend commands.");
return true;
}
CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
List<PortForwardingRuleTO> rulesTO = new ArrayList<PortForwardingRuleTO>();
for (PortForwardingRule rule : rules) {
IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
Vlan vlan = _vlanDao.findById(sourceIp.getVlanId());
PortForwardingRuleTO ruleTO =
new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr());
rulesTO.add(ruleTO);
}
if (!rulesTO.isEmpty()) {
SetPortForwardingRulesCommand cmd = new SetPortForwardingRulesCommand(rulesTO);
cmd.setContextParam(
NetworkElementCommand.GUEST_VLAN_TAG, network.getBroadcastUri().getHost());
cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
if (answer == null || !answer.getResult()) {
String details = (answer != null) ? answer.getDetails() : "details unavailable";
String msg =
"Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: "
+ details
+ ".";
s_logger.error(msg);
throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
}
}
return true;
}