import java.io.FileWriter;
import java.io.PrintWriter;
import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
* that doesn't require "iptables" command to be invoked many
* times - each invocation of "iptables" will load the existing
* table from the kernel space before appending the new rule.
+ * <p>
+ * We write the core policy repeatedly for each benchmark, while
+ * the header "*filter" and tail (a bunch of closing rules and
+ * REJECT rules) are written into a different file.
+ * They are merged and deployed for every benchmark bootstrapped
+ * in the main loop.
*
* @author Rahmadi Trimananda <rahmadi.trimananda @ uci.edu>
* @version 2.0
/**
* RouterConfig constants
*/
- private static final String STR_SSH_USERNAME_ROUTER = "root";
- private static final String STR_SSH_USERNAME_HOST = "iotuser";
- private static final String STR_POLICY_FILE_EXT = ".policy";
+ private static final String STR_SSH_USERNAME_ROUTER = "root";
+ private static final String STR_SSH_USERNAME_RASPBERRYPI = "pi";
+ private static final String STR_SSH_USERNAME_HOST = "iotuser";
+ private static final String STR_POLICY_FILE_ALL = "_all";
+ private static final String STR_POLICY_FILE_EXT = ".policy";
+ private static final String STR_INCOMPLETE = "(incomplete)";
/**
* RouterConfig properties
*/
private Map<String, PrintWriter> mapHostToFile;
+ private Map<String, PrintWriter> mapHostToMainFile;
private Map<String, String> mapMACtoIPAdd;
/**
mapHostToFile = new HashMap<String, PrintWriter>();
}
+
+ /**
+ * renewMainPrintWriter() renews the mapHostToMainFile object that lists all main PrintWriters
+ *
+ * @return void
+ */
+ public void renewMainPrintWriter() {
+
+ mapHostToMainFile = new HashMap<String, PrintWriter>();
+ }
+
+ /**
+ * initMainPolicy() initializes the main PrintWriter object to print the entire policies
+ *
+ * @param strConfigHost String hostname to be configured
+ * @return void
+ */
+ public void initMainPolicy(String strConfigHost) {
+
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
+ pwConfig.println("*filter"); // Print header for iptables-restore
+ }
+
+ /**
+ * getMainPrintWriter() gets the main PrintWriter object to print the entire policies
+ *
+ * @param strHost String hostname to be configured
+ * @return PrintWriter
+ */
+ private PrintWriter getMainPrintWriter(String strHost) {
+
+ String strConfigHost = strHost + STR_POLICY_FILE_ALL;
+ // Return object if existing
+ if (mapHostToMainFile.containsKey(strConfigHost)) {
+ return mapHostToMainFile.get(strConfigHost);
+ } else {
+ // Simply create a new one if it doesn't exist
+ FileWriter fw = null;
+ try {
+ fw = new FileWriter(strConfigHost + STR_POLICY_FILE_EXT);
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ }
+ PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
+ mapHostToMainFile.put(strConfigHost, pwConfig);
+ return pwConfig;
+ }
+ }
/**
* getPrintWriter() gets the right PrintWriter object to print policies to the right file
*
- * @param strConfigHost String hostname to be configured
+ * @param strConfigHost String hostname to be configured
* @return PrintWriter
*/
private PrintWriter getPrintWriter(String strConfigHost) {
ex.printStackTrace();
}
PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
- pwConfig.println("*filter"); // Print header for iptables-restore
+ //pwConfig.println("*filter"); // Print header for iptables-restore
mapHostToFile.put(strConfigHost, pwConfig);
return pwConfig;
}
}
+ /**
+ * readFile() read the entire file and return a string
+ *
+ * @return String String that contains the content of the file
+ */
+ public String readFile(String filePath) {
+
+ String retStr = null;
+ try {
+ retStr = new String(Files.readAllBytes(Paths.get(filePath)), StandardCharsets.UTF_8);
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ }
+ return retStr;
+ }
+
+ /**
+ * combineRouterPolicies() method combines the core router policies into the main file
+ *
+ * @param strConfigHost String hostname to be configured
+ * @return void
+ */
+ public void combineRouterPolicies(String strConfigHost) {
+
+ PrintWriter pwConfigAll = getMainPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ pwConfig.flush();
+ String strPolicyList = readFile(strConfigHost + STR_POLICY_FILE_EXT);
+ pwConfigAll.print(strPolicyList);
+ }
+
+ /**
+ * closeMain() closes all main PrintWriter objects
+ *
+ * @return void
+ */
+ public void closeMain() {
+
+ for(PrintWriter pwConfig: mapHostToMainFile.values()) {
+ pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore
+ pwConfig.close();
+ }
+ }
+
/**
* close() closes all PrintWriter objects
*
public void close() {
for(PrintWriter pwConfig: mapHostToFile.values()) {
- pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore
pwConfig.close();
}
}
*/
public void sendRouterPolicies(String strConfigHost) {
- String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " +
+ String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " +
STR_SSH_USERNAME_ROUTER + "@" + strConfigHost + ":~;";
//System.out.println(strCmdSend);
deployPolicies(strCmdSend);
String strCmdDeploy = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strConfigHost +
- " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
- STR_POLICY_FILE_EXT + "; ";// +
- // TODO: delete these later when we apply tight initial conditions (reject everything but SSH commands)
- //"iptables -F startup_filter_tcp; iptables -F startup_filter_udp; " +
- //"iptables -t filter -D FORWARD -j startup_filter_tcp; iptables -t filter -D FORWARD -j startup_filter_udp;";
+ " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
+ STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; ";
//System.out.println(strCmdDeploy);
deployPolicies(strCmdDeploy);
}
*/
public void sendHostPolicies(String strConfigHost) {
- String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " +
+ String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " +
STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;";
//System.out.println(strCmdSend);
deployPolicies(strCmdSend);
String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost +
- " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
- STR_POLICY_FILE_EXT + ";";
+ " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
+ STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + ";";
//System.out.println(strCmdDeploy);
deployPolicies(strCmdDeploy);
}
}
/**
- * getAddressList() method gets list of IP addresses
+ * getAddressListTmp() method gets list of IP addresses from /tmp/dhcp.leases
* <p>
* This method sends an inquiry to the router to look for
* the list of DHCP leased addresses and their mapping to MAC
*
* @param strRouterAddress String that contains address of router
*/
- public void getAddressList(String strRouterAddress) {
+ public void getAddressListTmp(String strRouterAddress) {
- //HashMap<String,String> hmMACToIPAdd = new HashMap<String,String>();
try {
// We can replace "cat /tmp/dhcp.leases" with "cat /proc/net/arp"
String cmd = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strRouterAddress +
}
}
+ /**
+ * getAddressListArp() method gets list of IP addresses from arp command
+ * <p>
+ * This method sends an inquiry to the router to look for
+ * the list of DHCP leased addresses and their mapping to MAC
+ * addresses
+ *
+ * @param strRouterAddress String that contains address of router
+ */
+ public void getAddressListArp(String strRouterAddress) {
+
+ try {
+ // We replace with "cat /usr/sbin/arp"
+ String cmd = "ssh " + STR_SSH_USERNAME_RASPBERRYPI + "@" + strRouterAddress +
+ " /usr/sbin/arp -n";
+ Runtime runtime = Runtime.getRuntime();
+ Process process = runtime.exec(cmd);
+
+ InputStream inStream = process.getInputStream();
+ InputStreamReader isReader = new InputStreamReader(inStream);
+ BufferedReader bReader = new BufferedReader(isReader);
+ String strRead = null;
+ while((strRead = bReader.readLine()) != null) {
+ String[] str = strRead.split("\\s+");
+ // Skip if "(incomplete)" is seen!
+ if (str[1].equals(STR_INCOMPLETE))
+ continue;
+ mapMACtoIPAdd.put(str[2], str[0]);
+ }
+ } catch (IOException ex) {
+ System.out.println("RouterConfig: IOException: " + ex.getMessage());
+ ex.printStackTrace();
+ }
+ }
+
/**
* getIPFromMACAddress() method gets IP from MAC address
*
*/
public void configureRouterICMPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
pwConfig.println("-A INPUT -j ACCEPT -p icmp");
*/
public void configureRouterICMPPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
*/
public void configureRouterSSHPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow SSH - port 22 (only from monitor host)
pwConfig.println("-A INPUT -j ACCEPT -s " +
strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
pwConfig.println("-A OUTPUT -j ACCEPT -s " +
strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
- pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh");
- pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh");
}
*/
public void configureRouterDHCPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
*/
public void configureRouterDNSPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DNS UDP and TCP port 53
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
*/
public void configureRejectPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Reject every other thing
pwConfig.println("-A FORWARD -j REJECT");
pwConfig.println("-A INPUT -j REJECT");
*/
public void configureRouterNATPolicy(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Configure NAT
pwConfig.println("-t nat -A POSTROUTING -o eth0 -j MASQUERADE");
// Add the following 2 lines
*/
public void configureHostICMPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A INPUT -j ACCEPT -p icmp");
pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
*/
public void configureHostSQLPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport mysql");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport mysql");
*/
public void configureHostICMPPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
" -d " + strConfigHost + " -p icmp");
*/
public void configureHostSSHPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow SSH - port 22
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport ssh");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport ssh");
*/
public void configureHostSSHPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow SSH - port 22
pwConfig.println("-A INPUT -j ACCEPT -s " +
strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
*/
public void configureHostDHCPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
*/
public void configureHostDNSPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DNS UDP and TCP port 53
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
pwConfig.println("-A INPUT -j ACCEPT -p udp --sport domain");
pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport domain");
pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport domain");
-
}
}
projects / iot2.git / blobdiff