Skip to content

Commit 0be477f

Browse files
The-DebarghyaThe-Debarghya
committed
Add all & deny all only for a particular device
1 parent 943135f commit 0be477f

File tree

2 files changed

+106
-3
lines changed

2 files changed

+106
-3
lines changed

firewall-app/src/main/java/org/cdcju/app/AppWebResource.java

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
import org.cdcju.component.*;
2525

2626
import org.onosproject.net.Device;
27+
import org.onosproject.net.DeviceId;
2728
import org.onosproject.net.Host;
2829
import org.onosproject.net.HostId;
2930
import org.onosproject.net.device.DeviceService;
@@ -110,10 +111,14 @@ public Response addRulesByPort(
110111
@Path("add/all")
111112
@Produces(MediaType.APPLICATION_JSON)
112113
@Consumes(MediaType.APPLICATION_JSON)
113-
public Response addUniversalRules(@QueryParam("action") String action, @QueryParam("protocol") String protocol) {
114-
Iterable<Device> devices = get(DeviceService.class).getDevices();
114+
public Response addUniversalRules(
115+
@QueryParam("action") String action,
116+
@QueryParam("protocol") String protocol,
117+
@QueryParam("deviceId") String deviceId) {
118+
// Iterable<Device> devices = get(DeviceService.class).getDevices();
119+
Device device = get(DeviceService.class).getDevice(DeviceId.deviceId(deviceId));
115120
Action ac = action.equals("ALLOW") ? Action.ALLOW : Action.DENY;
116-
boolean response = rulesList.universalRule(ac, Integer.valueOf(protocol), devices);
121+
boolean response = rulesList.universalRule(ac, Integer.valueOf(protocol), device);
117122
if (response == true) {
118123
ObjectNode node = mapper().createObjectNode().put("status", "success");
119124
return ok(node).build();

firewall-comp/src/main/java/org/cdcju/component/AppComponent.java

Lines changed: 98 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -281,6 +281,37 @@ private String buildPayload(Iterable<Device> devices, String protocol) {
281281
return payload;
282282
}
283283

284+
private String buildPayload(Device device, String protocol) {
285+
return String.format("{\n" + //
286+
" \"flows\": [\n" + //
287+
" {\n" + //
288+
" \"priority\": 127,\n" + //
289+
" \"timeout\": 0,\n" + //
290+
" \"isPermanent\": true,\n" + //
291+
" \"deviceId\": \"%s\",\n" + //
292+
" \"treatment\": {\n" + //
293+
" \"instructions\": [\n" + //
294+
" \n" + //
295+
" ]\n" + //
296+
" },\n" + //
297+
" \"selector\": {\n" + //
298+
" \"criteria\": [\n" + //
299+
" {\n" + //
300+
" \"type\": \"ETH_TYPE\",\n" + //
301+
" \"ethType\": \"0x0800\"\n" + //
302+
" },\n" + //
303+
" {\n" + //
304+
" \"type\": \"IP_PROTO\",\n" + //
305+
" \"protocol\": %s\n" + //
306+
" }\n" + //
307+
" ]\n" + //
308+
" }\n" + //
309+
" }\n" + //
310+
" ]\n" + //
311+
"}\n" + //
312+
"", device.id().toString(), protocol);
313+
}
314+
284315
public static List<FirewallRule> getAllRules() {
285316
log.info(rulesList.toString());
286317
return rulesList;
@@ -405,6 +436,73 @@ public ObjectNode addRule(String deviceId, Integer port, Integer protocol, Actio
405436
}
406437
}
407438

439+
440+
public boolean universalRule(Action action, Integer protocol, Device device) {
441+
if (action == Action.ALLOW) {
442+
int i = 0;
443+
for (FirewallRule firewallRule : rulesList) {
444+
if (firewallRule.getProtocol() == protocol && firewallRule.getAction() == Action.DENY && firewallRule.getDeviceId() == device.id().toString()) {
445+
Client client = ClientBuilder.newClient();
446+
WebTarget target = client.target("http://localhost:8181/onos/v1");
447+
String did = firewallRule.getDeviceId();
448+
String fid = firewallRule.getRuleId().toString();
449+
String endpoint = String.format("/flows/%s/%s", did, fid);
450+
Response response = target.path(endpoint)
451+
.request(MediaType.APPLICATION_JSON)
452+
.header(HttpHeaders.AUTHORIZATION, getBasicAuthHeader())
453+
.delete();
454+
rulesList.remove(i);
455+
456+
log.info(response.getStatusInfo().toString() + " " + response.getStatus());
457+
}
458+
i++;
459+
}
460+
return true;
461+
} else if(action == Action.DENY){
462+
int i = 0;
463+
for (FirewallRule firewallRule : rulesList) {
464+
if (firewallRule.getAction() == Action.ALLOW && firewallRule.getProtocol() == protocol && firewallRule.getDeviceId() == device.id().toString()) {
465+
Client client = ClientBuilder.newClient();
466+
WebTarget target = client.target("http://localhost:8181/onos/v1");
467+
String did = firewallRule.getDeviceId();
468+
String fid = firewallRule.getRuleId().toString();
469+
String endpoint = String.format("/flows/%s/%s", did, fid);
470+
Response response = target.path(endpoint)
471+
.request(MediaType.APPLICATION_JSON)
472+
.header(HttpHeaders.AUTHORIZATION, getBasicAuthHeader())
473+
.delete();
474+
response.close();
475+
rulesList.remove(i);
476+
}
477+
i++;
478+
}
479+
Client client = ClientBuilder.newClient();
480+
WebTarget target = client.target("http://localhost:8181/onos/v1");
481+
String payload = buildPayload(device, protocol.toString());
482+
String endpoint = String.format("/flows");
483+
Response response = target.path(endpoint)
484+
.queryParam("appId", "org.onosproject.core")
485+
.request(MediaType.APPLICATION_JSON)
486+
.header(HttpHeaders.AUTHORIZATION, getBasicAuthHeader())
487+
.post(Entity.json(payload), Response.class);
488+
ObjectMapper objMapper = new ObjectMapper();
489+
try {
490+
JsonNode nodeArr = objMapper.readTree(response.readEntity(String.class)).get("flows");
491+
for (final JsonNode nodeObj : nodeArr) {
492+
String flowId = nodeObj.get("flowId").asText();
493+
String deviceId = nodeObj.get("deviceId").asText();
494+
FirewallRule rule = new FirewallRule(flowId, deviceId, -1, protocol, "", "", Action.DENY);
495+
rulesList.add(rule);
496+
}
497+
return true;
498+
} catch (Exception e) {
499+
log.error(e.toString());
500+
return false;
501+
}
502+
}
503+
return false;
504+
}
505+
408506
public boolean universalRule(Action action, Integer protocol, Iterable<Device> devices) {
409507
if (action == Action.ALLOW) {
410508
int i = 0;

0 commit comments

Comments
 (0)