bug 6971: Dont confuse PF rules added for VPN to be LB rules

2025-10-26 08:42:29 +01:00 · 2010-11-18 13:57:22 -08:00 · 2010-11-18 13:57:22 -08:00 · a7547846bf
commit a7547846bf
parent ea0680ef9c
4 changed files with 49 additions and 9 deletions
--- a/core/src/com/cloud/network/dao/FirewallRulesDao.java
+++ b/core/src/com/cloud/network/dao/FirewallRulesDao.java
@ -52,5 +52,6 @@ public interface FirewallRulesDao extends GenericDao<FirewallRuleVO, Long> {
 	public List<FirewallRuleVO> findByPublicIpPrivateIpForNatRule(String publicIp,String privateIp);
 	public List<FirewallRuleVO> listByPrivateIp(String privateIp);
 	public boolean isPublicIpOneToOneNATted(String publicIp);
-	void deleteIPForwardingByPublicIpAndPort(String ipAddress, String port);
+	void deleteIPForwardingByPublicIpAndPort(String ipAddress, String port);
+	public List<FirewallRuleVO> listIPForwardingForLB(long userId, long dcId);
 }
--- a/core/src/com/cloud/network/dao/FirewallRulesDaoImpl.java
+++ b/core/src/com/cloud/network/dao/FirewallRulesDaoImpl.java
@ -43,7 +43,9 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
    private static final Logger s_logger = Logger.getLogger(FirewallRulesDaoImpl.class);

    public static String SELECT_IP_FORWARDINGS_BY_USERID_SQL   = null;
-    public static String SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL = null;
+    public static String SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL = null;
+    public static String SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL = null;
+

    public static final String           DELETE_IP_FORWARDING_BY_IPADDRESS_SQL = "DELETE FROM ip_forwarding WHERE public_ip_address = ?";
    public static final String           DELETE_IP_FORWARDING_BY_IP_PORT_SQL = "DELETE FROM ip_forwarding WHERE public_ip_address = ? and public_port = ?";
@ -59,7 +61,8 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
    protected SearchBuilder<FirewallRuleVO> FWByPrivateIPSearch;
    protected SearchBuilder<FirewallRuleVO> RulesExcludingPubIpPort;
    protected SearchBuilder<FirewallRuleVO> FWByGroupId;
-    protected SearchBuilder<FirewallRuleVO> FWByIpForLB;
+    protected SearchBuilder<FirewallRuleVO> FWByIpForLB;
+
    protected SearchBuilder<FirewallRuleVO> FWByGroupAndPrivateIp;
    protected SearchBuilder<FirewallRuleVO> FWByPrivateIpPrivatePortPublicIpPublicPortSearch;
    protected SearchBuilder<FirewallRuleVO> OneToOneNATSearch;
@ -82,7 +85,13 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
        SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL = buildSelectByUserIdAndDatacenterIdSql();
        if (s_logger.isDebugEnabled()) {
            s_logger.debug(SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL);
-        }
+        }
+        
+        SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL = buildSelectByUserIdAndDatacenterIdForLBSql();
+        if (s_logger.isDebugEnabled()) {
+            s_logger.debug(SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL);
+        }
+        

        FWByIPSearch = createSearchBuilder();
        FWByIPSearch.and("publicIpAddress", FWByIPSearch.entity().getPublicIpAddress(), SearchCriteria.Op.EQ);
@ -149,6 +158,7 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
        FWByIpForLB.and("groupId", FWByIpForLB.entity().getGroupId(), SearchCriteria.Op.NNULL);
        FWByIpForLB.and("forwarding", FWByIpForLB.entity().isForwarding(), SearchCriteria.Op.EQ);
        FWByIpForLB.done();
+        
        return true;
    }

@ -162,6 +172,10 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
    
    protected String buildSelectByUserIdAndDatacenterIdSql() {
    	return "SELECT i.id, i.group_id, i.public_ip_address, i.public_port, i.private_ip_address, i.private_port, i.enabled, i.protocol, i.forwarding, i.algorithm FROM ip_forwarding i, user_ip_address u WHERE i.public_ip_address=u.public_ip_address AND u.account_id=? AND u.data_center_id=?";
+    }
+    
+    protected String buildSelectByUserIdAndDatacenterIdForLBSql() {
+    	return "SELECT i.id, i.group_id, i.public_ip_address, i.public_port, i.private_ip_address, i.private_port, i.enabled, i.protocol, i.forwarding, i.algorithm FROM ip_forwarding i, user_ip_address u WHERE i.public_ip_address=u.public_ip_address AND u.account_id=? AND u.data_center_id=? AND i.group_id is not NULL";
    }

    public List<FirewallRuleVO> listIPForwarding(String publicIPAddress, boolean forwarding) {
@ -391,5 +405,24 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
        sc.setParameters("publicIpAddress", publicIp);
        sc.setParameters("forwarding", false);
        return search(sc, null);
-	}
+	}
+	
+	@Override
+    public List<FirewallRuleVO> listIPForwardingForLB(long userId, long dcId) {
+    	Transaction txn = Transaction.currentTxn();
+        List<FirewallRuleVO> forwardings = new ArrayList<FirewallRuleVO>();
+        PreparedStatement pstmt = null;
+        try {
+            pstmt = txn.prepareAutoCloseStatement(SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL);
+            pstmt.setLong(1, userId);
+            pstmt.setLong(2, dcId);
+            ResultSet rs = pstmt.executeQuery();
+            while (rs.next()) {
+                forwardings.add(toEntityBean(rs, false));
+            }
+        } catch (Exception e) {
+        	s_logger.warn(e);
+        }
+        return forwardings;
+    }
 }
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@ -825,11 +825,12 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
        
        if (rule.isForwarding()) {
            return updatePortForwardingRule(rule, router, hostId, oldPrivateIP, oldPrivatePort);
-        } else {
-            final List<FirewallRuleVO> fwRules = _rulesDao.listIPForwarding(ipVO.getAccountId(), ipVO.getDataCenterId());
+        } else if (rule.getGroupId() != null) {
+            final List<FirewallRuleVO> fwRules = _rulesDao.listIPForwardingForLB(ipVO.getAccountId(), ipVO.getDataCenterId());
 
            return updateLoadBalancerRules(fwRules, router, hostId);
        }
+        return true;
    }

    @Override
@ -870,7 +871,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                fwdRules.add(rule);
                final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(routerName, routerIp, false, rule, false);
                cmds.addCommand(cmd);
-            } else {
+            } else if (rule.getGroupId() != null){
                lbRules.add(rule);
            }
            
@ -882,6 +883,9 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
            final LoadBalancerCfgCommand cmd = new LoadBalancerCfgCommand(cfg, addRemoveRules, routerName, routerIp);
            cmds.addCommand(cmd);
        }
+        if (cmds.size() == 0) {
+        	return result;
+        }
        Answer [] answers = null;
        try {
            answers = _agentMgr.send(host.getId(), cmds);
--- a/server/src/com/cloud/network/router/DomainRouterManagerImpl.java
+++ b/server/src/com/cloud/network/router/DomainRouterManagerImpl.java
@ -1140,7 +1140,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute
 			}
 			final List<FirewallRuleVO> fwRules = new ArrayList<FirewallRuleVO>();
 			for (final IPAddressVO ipVO : ipAddrs) {
-				fwRules.addAll(_rulesDao.listIPForwarding(ipVO.getAddress()));
+				//We need only firewall rules that are either forwarding or for load balancers
+				fwRules.addAll(_rulesDao.listIPForwarding(ipVO.getAddress(), true));
+				fwRules.addAll(_rulesDao.listIpForwardingRulesForLoadBalancers(ipVO.getAddress()));
 			}
 			final List<FirewallRuleVO> result = _networkMgr.updateFirewallRules(router
 					.getPublicIpAddress(), fwRules, router);