diff --git a/api/src/main/java/com/cloud/agent/api/to/IpAddressTO.java b/api/src/main/java/com/cloud/agent/api/to/IpAddressTO.java index 1169820e19a..5be71bad0ed 100644 --- a/api/src/main/java/com/cloud/agent/api/to/IpAddressTO.java +++ b/api/src/main/java/com/cloud/agent/api/to/IpAddressTO.java @@ -35,6 +35,7 @@ public class IpAddressTO { private String networkName; private Integer nicDevId; private boolean newNic; + private boolean isPrivateGateway; public IpAddressTO(long accountId, String ipAddress, boolean add, boolean firstIP, boolean sourceNat, String broadcastUri, String vlanGateway, String vlanNetmask, String vifMacAddress, Integer networkRate, boolean isOneToOneNat) { @@ -133,4 +134,12 @@ public class IpAddressTO { public void setNewNic(boolean newNic) { this.newNic = newNic; } + + public boolean isPrivateGateway() { + return isPrivateGateway; + } + + public void setPrivateGateway(boolean isPrivateGateway) { + this.isPrivateGateway = isPrivateGateway; + } } diff --git a/core/src/main/java/com/cloud/agent/resource/virtualnetwork/facade/IpAssociationConfigItem.java b/core/src/main/java/com/cloud/agent/resource/virtualnetwork/facade/IpAssociationConfigItem.java index 64f953dc726..36908536659 100644 --- a/core/src/main/java/com/cloud/agent/resource/virtualnetwork/facade/IpAssociationConfigItem.java +++ b/core/src/main/java/com/cloud/agent/resource/virtualnetwork/facade/IpAssociationConfigItem.java @@ -42,6 +42,7 @@ public class IpAssociationConfigItem extends AbstractConfigItemFacade { for (final IpAddressTO ip : command.getIpAddresses()) { final IpAddress ipAddress = new IpAddress(ip.getPublicIp(), ip.isSourceNat(), ip.isAdd(), ip.isOneToOneNat(), ip.isFirstIP(), ip.getVlanGateway(), ip.getVlanNetmask(), ip.getVifMacAddress(), ip.getNicDevId(), ip.isNewNic(), ip.getTrafficType().toString()); + ipAddress.setPrivateGateway(ip.isPrivateGateway()); ips.add(ipAddress); } diff --git a/core/src/main/java/com/cloud/agent/resource/virtualnetwork/model/IpAddress.java b/core/src/main/java/com/cloud/agent/resource/virtualnetwork/model/IpAddress.java index 70aeb4cfc89..627bcf0dace 100644 --- a/core/src/main/java/com/cloud/agent/resource/virtualnetwork/model/IpAddress.java +++ b/core/src/main/java/com/cloud/agent/resource/virtualnetwork/model/IpAddress.java @@ -32,6 +32,7 @@ public class IpAddress { private Integer nicDevId; private boolean newNic; private String nwType; + private boolean isPrivateGateway; public IpAddress() { // Empty constructor for (de)serialization @@ -133,4 +134,12 @@ public class IpAddress { this.newNic = newNic; } + public boolean isPrivateGateway() { + return isPrivateGateway; + } + + public void setPrivateGateway(boolean isPrivateGateway) { + this.isPrivateGateway = isPrivateGateway; + } + } diff --git a/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java b/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java index 63e9d8025f3..167fba9d261 100644 --- a/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java +++ b/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java @@ -104,9 +104,7 @@ import com.cloud.network.vpc.PrivateIpAddress; import com.cloud.network.vpc.StaticRouteProfile; import com.cloud.network.vpc.Vpc; import com.cloud.network.vpc.VpcGateway; -import com.cloud.network.vpc.VpcGatewayVO; import com.cloud.network.vpc.dao.VpcDao; -import com.cloud.network.vpc.dao.VpcGatewayDao; import com.cloud.offering.NetworkOffering; import com.cloud.offerings.NetworkOfferingVO; import com.cloud.offerings.dao.NetworkOfferingDao; @@ -172,8 +170,6 @@ public class CommandSetupHelper { @Inject private VpcDao _vpcDao; @Inject - private VpcGatewayDao _vpcGatewayDao; - @Inject private VlanDao _vlanDao; @Inject private IPAddressDao _ipAddressDao; @@ -726,8 +722,7 @@ public class CommandSetupHelper { final IpAddressTO ip = new IpAddressTO(ipAddr.getAccountId(), ipAddr.getAddress().addr(), add, firstIP, sourceNat, BroadcastDomainType.fromString(ipAddr.getVlanTag()).toString(), ipAddr.getGateway(), ipAddr.getNetmask(), macAddress, networkRate, ipAddr.isOneToOneNat()); - ip.setTrafficType(getNetworkTrafficType(network)); - ip.setNetworkName(_networkModel.getNetworkTag(router.getHypervisorType(), network)); + setIpAddressNetworkParams(ip, network, router); ipsToSend[i++] = ip; if (ipAddr.isSourceNat()) { sourceNatIpAdd = new Pair(ip, ipAddr.getNetworkId()); @@ -851,8 +846,7 @@ public class CommandSetupHelper { final IpAddressTO ip = new IpAddressTO(ipAddr.getAccountId(), ipAddr.getAddress().addr(), add, firstIP, sourceNat, vlanId, vlanGateway, vlanNetmask, vifMacAddress, networkRate, ipAddr.isOneToOneNat()); - ip.setTrafficType(getNetworkTrafficType(network)); - ip.setNetworkName(_networkModel.getNetworkTag(router.getHypervisorType(), network)); + setIpAddressNetworkParams(ip, network, router); ipsToSend[i++] = ip; /* * send the firstIP = true for the first Add, this is to create @@ -979,8 +973,7 @@ public class CommandSetupHelper { final IpAddressTO ip = new IpAddressTO(Account.ACCOUNT_ID_SYSTEM, ipAddr.getIpAddress(), add, false, ipAddr.getSourceNat(), ipAddr.getBroadcastUri(), ipAddr.getGateway(), ipAddr.getNetmask(), ipAddr.getMacAddress(), null, false); - ip.setTrafficType(getNetworkTrafficType(network)); - ip.setNetworkName(_networkModel.getNetworkTag(router.getHypervisorType(), network)); + setIpAddressNetworkParams(ip, network, router); ipsToSend[i++] = ip; } @@ -1136,13 +1129,16 @@ public class CommandSetupHelper { return dhcpRange; } - private TrafficType getNetworkTrafficType(Network network) { - final VpcGatewayVO gateway = _vpcGatewayDao.getVpcGatewayByNetworkId(network.getId()); - if (gateway != null) { + private void setIpAddressNetworkParams(IpAddressTO ipAddress, final Network network, final VirtualRouter router) { + if (_networkModel.isPrivateGateway(network.getId())) { s_logger.debug("network " + network.getId() + " (name: " + network.getName() + " ) is a vpc private gateway, set traffic type to Public"); - return TrafficType.Public; + ipAddress.setTrafficType(TrafficType.Public); + ipAddress.setPrivateGateway(true); } else { - return network.getTrafficType(); + ipAddress.setTrafficType(network.getTrafficType()); + ipAddress.setPrivateGateway(false); } + ipAddress.setNetworkName(_networkModel.getNetworkTag(router.getHypervisorType(), network)); } + } diff --git a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py index 3340a5527cd..ff0d855766b 100755 --- a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py @@ -197,6 +197,11 @@ class CsInterface: return True return False + def is_private_gateway(self): + if "is_private_gateway" in self.address: + return self.address['is_private_gateway'] + return False + def is_added(self): return self.get_attr("add") @@ -476,6 +481,13 @@ class CsIP: self.fw.append(["", "front", "-A NETWORK_STATS_%s -o %s -s %s" % ("eth1", "eth1", guestNetworkCidr)]) + if self.is_private_gateway(): + self.fw.append(["filter", "", "-A FORWARD -d %s -o %s -j ACL_INBOUND_%s" % + (self.address['network'], self.dev, self.dev)]) + self.fw.append(["filter", "", "-A ACL_INBOUND_%s -j DROP" % self.dev]) + self.fw.append(["mangle", "", + "-A PREROUTING -m state --state NEW -i %s -s %s ! -d %s/32 -j ACL_OUTBOUND_%s" % + (self.dev, self.address['network'], self.address['gateway'], self.dev)]) if self.address["source_nat"]: self.fw.append(["nat", "front", "-A POSTROUTING -o %s -j SNAT --to-source %s" % @@ -625,6 +637,11 @@ class CsIP: return True return False + def is_private_gateway(self): + if "is_private_gateway" in self.address: + return self.address['is_private_gateway'] + return False + def ip(self): return str(self.address['cidr'])