Module: NSXDriver::NSXRule

Includes:
NSXTRule, NSXVRule
Included in:
DistributedFirewall
Defined in:
lib/nsx_rule.rb,
lib/nsxt_rule.rb,
lib/nsxv_rule.rb

Overview

Class Logical Switch

Defined Under Namespace

Modules: NSXTRule, NSXVRule

Instance Method Summary collapse

Methods included from NSXVRule

#nsxv_rule_spec

Methods included from NSXTRule

#nsxt_rule_spec

Instance Method Details

#extract_rule_data(xml_rule) ⇒ Object



144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
# File 'lib/nsx_rule.rb', line 144

def extract_rule_data(xml_rule)
    sg_id = xml_rule.xpath('SECURITY_GROUP_ID').text
    sg_name = xml_rule.xpath('SECURITY_GROUP_NAME').text
    in_out = xml_rule.xpath('RULE_TYPE').text.upcase
    in_out == 'INBOUND' ? sg_direction = 'IN' : sg_direction = 'OUT'
    # Protocol: TCP, UDP, ICMP...
    sg_protocol = xml_rule.xpath('PROTOCOL').text
    if sg_protocol == 'ICMP'
        sg_icmp_type = xml_rule.xpath('ICMP_TYPE').text
    end
    # OpenNebula network ID
    sg_network_id = xml_rule.xpath('NETWORK_ID').text
    vnet_data = extract_vnet_data(sg_network_id)

    # ip / netmask
    sg_ip = xml_rule.xpath('IP').text
    sg_ipsize = xml_rule.xpath('SIZE').text
    sg_subnets = []
    if sg_ip != '' && sg_ipsize != ''
        sg_subnets = to_nets(sg_ip, sg_ipsize.to_i)
    end
    # Ports
    sg_ports = ''
    sg_range_port = xml_rule.xpath('RANGE').text
    if sg_range_port
        if sg_range_port.index(':')
            sg_port_from = sg_range_port[0..sg_range_port.index(':')-1]
            sg_port_to = sg_range_port[sg_range_port.index(':')+1,
                                       sg_range_port.length]
            sg_ports = "#{sg_port_from}-#{sg_port_to}"
        else
            sg_ports = sg_range_port
        end
    end
    # Create hash with data
    {
        :id => sg_id,
        :name => sg_name,
        :direction => sg_direction,
        :protocol => sg_protocol,
        :icmp_type => sg_icmp_type,
        :network_id => sg_network_id,
        :network_name => vnet_data[:name],
        :network_nsxid => vnet_data[:nsxid],
        :subnets => sg_subnets,
        :ports => sg_ports.split(',')
    }
end

#extract_vnet_data(vnet_id) ⇒ Object



119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# File 'lib/nsx_rule.rb', line 119

def extract_vnet_data(vnet_id)
    if vnet_id == ''
        return {
            :nsxid => '',
            :name => ''
        }
    end
    # Create client to communicate with OpenNebula
    one_client = OpenNebula::Client.new
    # Get the network XML from OpenNebula
    # This is potentially different from the Netowrk Template
    # provided as the API call argument
    one_vnet = OpenNebula::VirtualNetwork.new_with_id(vnet_id,
                                                      one_client)
    rc = one_vnet.info
    if OpenNebula.is_error?(rc)
        err_msg = rc.message
        raise CreateNetworkError, err_msg
    end
    {
        :nsxid => one_vnet['TEMPLATE/NSX_ID'],
        :name => one_vnet['NAME']
    }
end

#parse_ports(rule_ports) ⇒ Object

Adapt port from [“22, 443”] to ‘22, 443’ Adapt port from [“22”, “443”] to ‘22, 443’



112
113
114
115
116
117
# File 'lib/nsx_rule.rb', line 112

def parse_ports(rule_ports)
    unless rule_ports.empty?
        rule_ports = rule_ports.join(',')
    end
    rule_ports
end

#rule_spec(rule, vm_data, nic_data, nsx_client) ⇒ Object



193
194
195
196
197
198
199
200
201
202
# File 'lib/nsx_rule.rb', line 193

def rule_spec(rule, vm_data, nic_data, nsx_client)
    case nsx_client.nsx_type
    when NSXDriver::NSXConstants::NSXT
        nsxt_rule_spec(rule, vm_data, nic_data)
    when NSXDriver::NSXConstants::NSXV
        nsxv_rule_spec(rule, vm_data, nic_data)
    else
        raise "Unsupported NSX type: #{nsx_type}"
    end
end

#to_nets(ip_start, size) ⇒ Object



69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# File 'lib/nsx_rule.rb', line 69

def to_nets(ip_start, size)
    nets = []
    ipaddr = IPAddr.new ip_start
    ip_i = ipaddr.to_i

    if ipaddr.ipv4?
        ip_length = 32
    elsif ipaddr.ipv6?
        ip_length = 128
    else
        return
    end

    # Find the largest address block (look for the first 1-bit)
    lblock = 0

    lblock += 1 while ip_i[lblock] == 0 && lblock < ip_length

    # Allocate whole blocks till the size fits
    while size >= 2**lblock
        nets << "#{IPAddr.new(ip_i, ipaddr.family)}" \
                "/#{ip_length-lblock}"

        ip_i += 2**lblock
        size -= 2**lblock

        lblock += 1 while ip_i[lblock] == 0 && lblock < ip_length
    end

    # Fit remaining address blocks
    ip_length.downto(0) do |i|
        next if size[i] == 0

        nets << "#{IPAddr.new(ip_i, ipaddr.family)}/#{ip_length-i}"

        ip_i += 2**i
    end

    nets
end