| // |
| // Licensed to the Apache Software Foundation (ASF) under one |
| // or more contributor license agreements. See the NOTICE file |
| // distributed with this work for additional information |
| // regarding copyright ownership. The ASF licenses this file |
| // to you under the Apache License, Version 2.0 (the |
| // "License"); you may not use this file except in compliance |
| // with the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, |
| // software distributed under the License is distributed on an |
| // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| // KIND, either express or implied. See the License for the |
| // specific language governing permissions and limitations |
| // under the License. |
| // |
| |
| package com.cloud.agent.api.routing; |
| |
| import java.util.Arrays; |
| import java.util.Collections; |
| import java.util.Comparator; |
| import java.util.List; |
| |
| import com.cloud.agent.api.to.NetworkACLTO; |
| import com.cloud.agent.api.to.NicTO; |
| |
| public class SetNetworkACLCommand extends NetworkElementCommand { |
| NetworkACLTO[] rules; |
| NicTO nic; |
| |
| protected SetNetworkACLCommand() { |
| } |
| |
| public SetNetworkACLCommand(final List<NetworkACLTO> rules, final NicTO nic) { |
| this.rules = rules.toArray(new NetworkACLTO[rules.size()]); |
| this.nic = nic; |
| } |
| |
| public NetworkACLTO[] getRules() { |
| return rules; |
| } |
| |
| public String[][] generateFwRules() { |
| final List<NetworkACLTO> aclList = Arrays.asList(rules); |
| |
| orderNetworkAclRulesByRuleNumber(aclList); |
| |
| final String[][] result = new String[2][aclList.size()]; |
| int i = 0; |
| for (final NetworkACLTO aclTO : aclList) { |
| /* example : Ingress:tcp:80:80:0.0.0.0/0:ACCEPT:,Egress:tcp:220:220:0.0.0.0/0:DROP:, |
| * each entry format Ingress/Egress:protocol:start port: end port:scidrs:action: |
| * reverted entry format Ingress/Egress:reverted:0:0:0: |
| */ |
| if (aclTO.revoked() == true) { |
| final StringBuilder sb = new StringBuilder(); |
| /* This entry is added just to make sure atleast there will one entry in the list to get the ipaddress */ |
| sb.append(aclTO.getTrafficType().toString()).append(":reverted:0:0:0:"); |
| final String aclRuleEntry = sb.toString(); |
| result[0][i++] = aclRuleEntry; |
| continue; |
| } |
| |
| List<String> cidr; |
| final StringBuilder sb = new StringBuilder(); |
| sb.append(aclTO.getTrafficType().toString()).append(":").append(aclTO.getProtocol()).append(":"); |
| if ("icmp".compareTo(aclTO.getProtocol()) == 0) { |
| sb.append(aclTO.getIcmpType()).append(":").append(aclTO.getIcmpCode()).append(":"); |
| } else { |
| sb.append(aclTO.getStringPortRange()).append(":"); |
| } |
| cidr = aclTO.getSourceCidrList(); |
| if (cidr == null || cidr.isEmpty()) { |
| sb.append("0.0.0.0/0"); |
| } else { |
| Boolean firstEntry = true; |
| for (final String tag : cidr) { |
| if (!firstEntry) { |
| sb.append(","); |
| } |
| sb.append(tag); |
| firstEntry = false; |
| } |
| } |
| sb.append(":").append(aclTO.getAction()).append(":"); |
| final String aclRuleEntry = sb.toString(); |
| result[0][i++] = aclRuleEntry; |
| } |
| |
| return result; |
| } |
| |
| protected void orderNetworkAclRulesByRuleNumber(List<NetworkACLTO> aclList) { |
| Collections.sort(aclList, new Comparator<NetworkACLTO>() { |
| @Override |
| public int compare(final NetworkACLTO acl1, final NetworkACLTO acl2) { |
| return acl1.getNumber() > acl2.getNumber() ? 1 : -1; |
| } |
| }); |
| } |
| |
| public NicTO getNic() { |
| return nic; |
| } |
| |
| @Override |
| public int getAnswersCount() { |
| return rules.length; |
| } |
| } |