X-Git-Url: http://demsky.eecs.uci.edu/git/?a=blobdiff_plain;f=iotjava%2Fiotruntime%2Fmaster%2FRouterConfig.java;h=e6e04137303769512ba6b01cd74cc2bb80a84417;hb=7cab636b00bf5afcc441c9e4bdd4d6f4f0e2cf95;hp=760f3d25dc63d53a18bb5928f0f365941874c975;hpb=b7795a76d57478a23ee40dd8717b005e18891ca1;p=iot2.git
diff --git a/iotjava/iotruntime/master/RouterConfig.java b/iotjava/iotruntime/master/RouterConfig.java
index 760f3d2..e6e0413 100644
--- a/iotjava/iotruntime/master/RouterConfig.java
+++ b/iotjava/iotruntime/master/RouterConfig.java
@@ -7,6 +7,9 @@ import java.io.BufferedWriter;
import java.io.FileWriter;
import java.io.PrintWriter;
import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
@@ -19,6 +22,12 @@ import java.util.Map;
* that doesn't require "iptables" command to be invoked many
* times - each invocation of "iptables" will load the existing
* table from the kernel space before appending the new rule.
+ *
+ * We write the core policy repeatedly for each benchmark, while
+ * the header "*filter" and tail (a bunch of closing rules and
+ * REJECT rules) are written into a different file.
+ * They are merged and deployed for every benchmark bootstrapped
+ * in the main loop.
*
* @author Rahmadi Trimananda
* @version 2.0
@@ -31,12 +40,14 @@ public final class RouterConfig {
*/
private static final String STR_SSH_USERNAME_ROUTER = "root";
private static final String STR_SSH_USERNAME_HOST = "iotuser";
+ private static final String STR_POLICY_FILE_ALL = "_all";
private static final String STR_POLICY_FILE_EXT = ".policy";
/**
* RouterConfig properties
*/
private Map mapHostToFile;
+ private Map mapHostToMainFile;
private Map mapMACtoIPAdd;
/**
@@ -57,11 +68,59 @@ public final class RouterConfig {
mapHostToFile = new HashMap();
}
+
+ /**
+ * renewMainPrintWriter() renews the mapHostToMainFile object that lists all main PrintWriters
+ *
+ * @return void
+ */
+ public void renewMainPrintWriter() {
+
+ mapHostToMainFile = new HashMap();
+ }
+
+ /**
+ * initMainPolicy() initializes the main PrintWriter object to print the entire policies
+ *
+ * @param strConfigHost String hostname to be configured
+ * @return void
+ */
+ public void initMainPolicy(String strConfigHost) {
+
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
+ pwConfig.println("*filter"); // Print header for iptables-restore
+ }
+
+ /**
+ * getMainPrintWriter() gets the main PrintWriter object to print the entire policies
+ *
+ * @param strHost String hostname to be configured
+ * @return PrintWriter
+ */
+ private PrintWriter getMainPrintWriter(String strHost) {
+
+ String strConfigHost = strHost + STR_POLICY_FILE_ALL;
+ // Return object if existing
+ if (mapHostToMainFile.containsKey(strConfigHost)) {
+ return mapHostToMainFile.get(strConfigHost);
+ } else {
+ // Simply create a new one if it doesn't exist
+ FileWriter fw = null;
+ try {
+ fw = new FileWriter(strConfigHost + STR_POLICY_FILE_EXT);
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ }
+ PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
+ mapHostToMainFile.put(strConfigHost, pwConfig);
+ return pwConfig;
+ }
+ }
/**
* getPrintWriter() gets the right PrintWriter object to print policies to the right file
*
- * @param strConfigHost String hostname to be configured
+ * @param strConfigHost String hostname to be configured
* @return PrintWriter
*/
private PrintWriter getPrintWriter(String strConfigHost) {
@@ -78,12 +137,56 @@ public final class RouterConfig {
ex.printStackTrace();
}
PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
- pwConfig.println("*filter"); // Print header for iptables-restore
+ //pwConfig.println("*filter"); // Print header for iptables-restore
mapHostToFile.put(strConfigHost, pwConfig);
return pwConfig;
}
}
+ /**
+ * readFile() read the entire file and return a string
+ *
+ * @return String String that contains the content of the file
+ */
+ public String readFile(String filePath) {
+
+ String retStr = null;
+ try {
+ retStr = new String(Files.readAllBytes(Paths.get(filePath)), StandardCharsets.UTF_8);
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ }
+ return retStr;
+ }
+
+ /**
+ * combineRouterPolicies() method combines the core router policies into the main file
+ *
+ * @param strConfigHost String hostname to be configured
+ * @return void
+ */
+ public void combineRouterPolicies(String strConfigHost) {
+
+ PrintWriter pwConfigAll = getMainPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ pwConfig.flush();
+ String strPolicyList = readFile(strConfigHost + STR_POLICY_FILE_EXT);
+ pwConfigAll.print(strPolicyList);
+ }
+
+ /**
+ * closeMain() closes all main PrintWriter objects
+ *
+ * @return void
+ */
+ public void closeMain() {
+
+ for(PrintWriter pwConfig: mapHostToMainFile.values()) {
+ pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore
+ pwConfig.close();
+ }
+ }
+
/**
* close() closes all PrintWriter objects
*
@@ -92,7 +195,6 @@ public final class RouterConfig {
public void close() {
for(PrintWriter pwConfig: mapHostToFile.values()) {
- pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore
pwConfig.close();
}
}
@@ -105,13 +207,13 @@ public final class RouterConfig {
*/
public void sendRouterPolicies(String strConfigHost) {
- String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " +
+ String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " +
STR_SSH_USERNAME_ROUTER + "@" + strConfigHost + ":~;";
//System.out.println(strCmdSend);
deployPolicies(strCmdSend);
String strCmdDeploy = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strConfigHost +
- " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
- STR_POLICY_FILE_EXT + "; ";// +
+ " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
+ STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; ";// +
// TODO: delete these later when we apply tight initial conditions (reject everything but SSH commands)
//"iptables -F startup_filter_tcp; iptables -F startup_filter_udp; " +
//"iptables -t filter -D FORWARD -j startup_filter_tcp; iptables -t filter -D FORWARD -j startup_filter_udp;";
@@ -127,14 +229,14 @@ public final class RouterConfig {
*/
public void sendHostPolicies(String strConfigHost) {
- String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " +
+ String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " +
STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;";
- //System.out.println(strCmdSend);
+ System.out.println(strCmdSend);
deployPolicies(strCmdSend);
String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost +
- " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
- STR_POLICY_FILE_EXT + ";";
- //System.out.println(strCmdDeploy);
+ " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
+ STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + ";";
+ System.out.println(strCmdDeploy);
deployPolicies(strCmdDeploy);
}
@@ -482,7 +584,7 @@ public final class RouterConfig {
*/
public void configureRouterICMPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
pwConfig.println("-A INPUT -j ACCEPT -p icmp");
@@ -502,7 +604,7 @@ public final class RouterConfig {
*/
public void configureRouterICMPPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
@@ -528,7 +630,7 @@ public final class RouterConfig {
*/
public void configureRouterSSHPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow SSH - port 22 (only from monitor host)
pwConfig.println("-A INPUT -j ACCEPT -s " +
strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
@@ -563,7 +665,7 @@ public final class RouterConfig {
*/
public void configureRouterDHCPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
@@ -583,7 +685,7 @@ public final class RouterConfig {
*/
public void configureRouterDNSPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DNS UDP and TCP port 53
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
@@ -607,7 +709,7 @@ public final class RouterConfig {
*/
public void configureRejectPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Reject every other thing
pwConfig.println("-A FORWARD -j REJECT");
pwConfig.println("-A INPUT -j REJECT");
@@ -626,7 +728,7 @@ public final class RouterConfig {
*/
public void configureRouterNATPolicy(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Configure NAT
pwConfig.println("-t nat -A POSTROUTING -o eth0 -j MASQUERADE");
// Add the following 2 lines
@@ -693,7 +795,7 @@ public final class RouterConfig {
*/
public void configureHostICMPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A INPUT -j ACCEPT -p icmp");
pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
@@ -709,7 +811,7 @@ public final class RouterConfig {
*/
public void configureHostSQLPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport mysql");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport mysql");
@@ -728,7 +830,7 @@ public final class RouterConfig {
*/
public void configureHostICMPPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
" -d " + strConfigHost + " -p icmp");
@@ -751,7 +853,7 @@ public final class RouterConfig {
*/
public void configureHostSSHPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow SSH - port 22
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport ssh");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport ssh");
@@ -773,7 +875,7 @@ public final class RouterConfig {
*/
public void configureHostSSHPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow SSH - port 22
pwConfig.println("-A INPUT -j ACCEPT -s " +
strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
@@ -804,7 +906,7 @@ public final class RouterConfig {
*/
public void configureHostDHCPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
@@ -823,7 +925,7 @@ public final class RouterConfig {
*/
public void configureHostDNSPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DNS UDP and TCP port 53
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");