private Map<Integer, Integer> hmRMIRegPort;
private Map<Integer, Integer> hmRMIStubPort;
private Set<Integer> hsDevicePort;
+ private Set<Integer> hsAllPorts;
private Map<Integer, Integer> hmAdditionalPort;
private int iNumOfObjects;
private int iNumOfHosts;
hmRMIRegPort = new HashMap<Integer, Integer>();
hmRMIStubPort = new HashMap<Integer, Integer>();
hsDevicePort = new HashSet<Integer>();
+ hsAllPorts = new HashSet<Integer>();
hmAdditionalPort = new HashMap<Integer, Integer>();
iNumOfObjects = 0;
iNumOfHosts = 0;
bVerbose = _bVerbose;
RuntimeOutput.print("CommunicationHandler: Creating a new CommunicationHandler object!", bVerbose);
}
+
+ /**
+ * Method clearCommunicationHandler()
+ * <p>
+ * Clear the data structure
+ *
+ * @return void
+ */
+ public void clearCommunicationHandler() {
+
+ listActiveControllerObj.clear();
+ listFieldObjectID.clear();
+ listObjCrtInfo.clear();
+ listArrFieldValues.clear();
+ listArrFieldClasses.clear();
+ hmActiveObj.clear();
+ hmHostAdd.clear();
+ hmHostList.clear();
+ hmComPort.clear();
+ hmRMIRegPort.clear();
+ hmRMIStubPort.clear();
+ hsDevicePort.clear();
+ hmAdditionalPort.clear();
+ iNumOfObjects = 0;
+ iNumOfHosts = 0;
+ RuntimeOutput.print("CommunicationHandler: Clearing CommunicationHandler object's data structure!", bVerbose);
+ }
/**
* Method addPortConnection()
// Check port existence in HashMap
} while (portIsAvailable(iComPort) == false);
hmComPort.put(iNumOfObjects, iComPort);
+ // hsAllPorts tracks all the existing and used port numbers
+ hsAllPorts.add(iComPort);
int iRMIRegPort = 0;
do {
// Check port existence in HashMap
} while (portIsAvailable(iRMIRegPort) == false);
hmRMIRegPort.put(iNumOfObjects, iRMIRegPort);
+ hsAllPorts.add(iRMIRegPort);
int iRMIStubPort = 0;
do {
// Check port existence in HashMap
} while (portIsAvailable(iRMIStubPort) == false);
hmRMIStubPort.put(iNumOfObjects, iRMIStubPort);
+ hsAllPorts.add(iRMIStubPort);
iNumOfObjects++;
}
public void addDevicePort(int iDevPort) {
hsDevicePort.add(iDevPort);
-
+ // Track this port number
+ hsAllPorts.add(iDevPort);
}
/**
// Check port existence in HashMap
} while (portIsAvailable(iAdditionalPort) == false);
hmAdditionalPort.put(iNumOfObjects, iAdditionalPort);
+ // Track this port number
+ hsAllPorts.add(iAdditionalPort);
iNumOfObjects++;
*/
public boolean portIsAvailable(int iPortNumber) {
- if (hmComPort.containsValue(iPortNumber) == true) {
+ /*if (hmComPort.containsValue(iPortNumber) == true) {
return false;
} else if (hmRMIRegPort.containsValue(iPortNumber) == true) {
return false;
return false;
} else {
return true;
+ }*/
+ if (hsAllPorts.contains(iPortNumber)) {
+ return false;
+ } else {
+ return true;
}
}
private void setRouterBasicPolicies(String strRouter) {
String strMonitorHost = routerConfig.getIPFromMACAddress(STR_MONITORING_HOST);
+ routerConfig.initMainPolicy(strRouter);
+ routerConfig.combineRouterPolicies(strRouter);
routerConfig.configureRouterICMPPolicies(strRouter, strMonitorHost);
routerConfig.configureRouterDHCPPolicies(strRouter);
routerConfig.configureRouterDNSPolicies(strRouter);
private void setHostBasicPolicies(String strHost) {
String strMonitorHost = routerConfig.getIPFromMACAddress(STR_MONITORING_HOST);
+ routerConfig.initMainPolicy(strHost);
+ routerConfig.combineRouterPolicies(strHost);
routerConfig.configureHostDHCPPolicies(strHost);
routerConfig.configureHostDNSPolicies(strHost);
if (strHost.equals(strMonitorHost)) {
try {
// Extract hostname for this IoTMaster from MySQL DB
strIoTMasterHostAdd = routerConfig.getIPFromMACAddress(STR_MASTER_MAC_ADD);
+ // Assign a new list of PrintWriter objects
+ routerConfig.renewPrintWriter();
// Loop as we can still find controller/device classes
for(int i=0; i<strObjectNames.length; i++) {
// PROFILING
start = System.currentTimeMillis();
-
- // Assign a new list of PrintWriter objects
- routerConfig.renewPrintWriter();
+ // Assign a new list of main PrintWriter objects
+ routerConfig.renewMainPrintWriter();
// Get controller names one by one
String strObjControllerName = strObjectNames[i];
// Use LoadBalancer to assign a host address
// SetInstrumenter vs. RelationInstrumenter
String strFieldName = map.getKey();
String strClassName = map.getValue().getClass().getName();
+
+ System.out.println("\n\nDEBUG: Instrumenting IoTSet and IoTRelation objects!!!");
+ System.out.println("DEBUG: Field name: " + strFieldName);
+ System.out.println("DEBUG: Class name: " + strFieldName + "\n\n");
+
if(strClassName.equals(STR_SET_INSTRUMENTER_CLS)) {
SetInstrumenter setInstrumenter = (SetInstrumenter) map.getValue();
if(setInstrumenter.getObjTableName().equals(STR_IOT_DEV_ADD_CLS)) {
// PROFILING
start = System.currentTimeMillis();
- // ROUTING POLICY: Deploy basic policies if this is the last controller
- if (i == strObjectNames.length-1) {
- // ROUTING POLICY: implement basic policies to reject all other irrelevant traffics
- for(String s: commHan.getHosts()) {
- setHostBasicPolicies(s);
- }
- // We retain all the basic policies for router,
- // but we delete the initial allowance policies for internal all TCP and UDP communications
- setRouterBasicPolicies(STR_ROUTER_ADD);
+ // ROUTING POLICY: implement basic policies to reject all other irrelevant traffics
+ for(String s: commHan.getHosts()) {
+ setHostBasicPolicies(s);
}
- // Close access to policy files and deploy policies
- routerConfig.close();
+ // We retain all the basic policies for router,
+ // but we delete the initial allowance policies for internal all TCP and UDP communications
+ setRouterBasicPolicies(STR_ROUTER_ADD);
+ routerConfig.closeMain();
// Deploy the policy
HashSet<String> setAddresses = new HashSet<String>(commHan.getHosts());
setAddresses.add(strIoTMasterHostAdd);
inStream.close();
socket.close();
serverSocket.close();
+ objInitHand.clearObjectInitHandler();
commHan.printLists();
+ commHan.clearCommunicationHandler();
lbIoT.printHostInfo();
if (STR_ACTIVATE_SANDBOXING.equals("Yes"))
createMACPolicyThreads(setAddresses);
}
+ // Close access to policy files and deploy policies
+ routerConfig.close();
} catch (IOException |
InterruptedException |
import java.io.FileWriter;
import java.io.PrintWriter;
import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
* that doesn't require "iptables" command to be invoked many
* times - each invocation of "iptables" will load the existing
* table from the kernel space before appending the new rule.
+ * <p>
+ * We write the core policy repeatedly for each benchmark, while
+ * the header "*filter" and tail (a bunch of closing rules and
+ * REJECT rules) are written into a different file.
+ * They are merged and deployed for every benchmark bootstrapped
+ * in the main loop.
*
* @author Rahmadi Trimananda <rahmadi.trimananda @ uci.edu>
* @version 2.0
*/
private static final String STR_SSH_USERNAME_ROUTER = "root";
private static final String STR_SSH_USERNAME_HOST = "iotuser";
+ private static final String STR_POLICY_FILE_ALL = "_all";
private static final String STR_POLICY_FILE_EXT = ".policy";
/**
* RouterConfig properties
*/
private Map<String, PrintWriter> mapHostToFile;
+ private Map<String, PrintWriter> mapHostToMainFile;
private Map<String, String> mapMACtoIPAdd;
/**
mapHostToFile = new HashMap<String, PrintWriter>();
}
+
+ /**
+ * renewMainPrintWriter() renews the mapHostToMainFile object that lists all main PrintWriters
+ *
+ * @return void
+ */
+ public void renewMainPrintWriter() {
+
+ mapHostToMainFile = new HashMap<String, PrintWriter>();
+ }
+
+ /**
+ * initMainPolicy() initializes the main PrintWriter object to print the entire policies
+ *
+ * @param strConfigHost String hostname to be configured
+ * @return void
+ */
+ public void initMainPolicy(String strConfigHost) {
+
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
+ pwConfig.println("*filter"); // Print header for iptables-restore
+ }
+
+ /**
+ * getMainPrintWriter() gets the main PrintWriter object to print the entire policies
+ *
+ * @param strHost String hostname to be configured
+ * @return PrintWriter
+ */
+ private PrintWriter getMainPrintWriter(String strHost) {
+
+ String strConfigHost = strHost + STR_POLICY_FILE_ALL;
+ // Return object if existing
+ if (mapHostToMainFile.containsKey(strConfigHost)) {
+ return mapHostToMainFile.get(strConfigHost);
+ } else {
+ // Simply create a new one if it doesn't exist
+ FileWriter fw = null;
+ try {
+ fw = new FileWriter(strConfigHost + STR_POLICY_FILE_EXT);
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ }
+ PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
+ mapHostToMainFile.put(strConfigHost, pwConfig);
+ return pwConfig;
+ }
+ }
/**
* getPrintWriter() gets the right PrintWriter object to print policies to the right file
*
- * @param strConfigHost String hostname to be configured
+ * @param strConfigHost String hostname to be configured
* @return PrintWriter
*/
private PrintWriter getPrintWriter(String strConfigHost) {
ex.printStackTrace();
}
PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
- pwConfig.println("*filter"); // Print header for iptables-restore
+ //pwConfig.println("*filter"); // Print header for iptables-restore
mapHostToFile.put(strConfigHost, pwConfig);
return pwConfig;
}
}
+ /**
+ * readFile() read the entire file and return a string
+ *
+ * @return String String that contains the content of the file
+ */
+ public String readFile(String filePath) {
+
+ String retStr = null;
+ try {
+ retStr = new String(Files.readAllBytes(Paths.get(filePath)), StandardCharsets.UTF_8);
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ }
+ return retStr;
+ }
+
+ /**
+ * combineRouterPolicies() method combines the core router policies into the main file
+ *
+ * @param strConfigHost String hostname to be configured
+ * @return void
+ */
+ public void combineRouterPolicies(String strConfigHost) {
+
+ PrintWriter pwConfigAll = getMainPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ pwConfig.flush();
+ String strPolicyList = readFile(strConfigHost + STR_POLICY_FILE_EXT);
+ pwConfigAll.print(strPolicyList);
+ }
+
+ /**
+ * closeMain() closes all main PrintWriter objects
+ *
+ * @return void
+ */
+ public void closeMain() {
+
+ for(PrintWriter pwConfig: mapHostToMainFile.values()) {
+ pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore
+ pwConfig.close();
+ }
+ }
+
/**
* close() closes all PrintWriter objects
*
public void close() {
for(PrintWriter pwConfig: mapHostToFile.values()) {
- pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore
pwConfig.close();
}
}
*/
public void sendRouterPolicies(String strConfigHost) {
- String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " +
+ String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " +
STR_SSH_USERNAME_ROUTER + "@" + strConfigHost + ":~;";
//System.out.println(strCmdSend);
deployPolicies(strCmdSend);
String strCmdDeploy = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strConfigHost +
- " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
- STR_POLICY_FILE_EXT + "; ";// +
+ " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
+ STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; ";// +
// TODO: delete these later when we apply tight initial conditions (reject everything but SSH commands)
//"iptables -F startup_filter_tcp; iptables -F startup_filter_udp; " +
//"iptables -t filter -D FORWARD -j startup_filter_tcp; iptables -t filter -D FORWARD -j startup_filter_udp;";
*/
public void sendHostPolicies(String strConfigHost) {
- String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " +
+ String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " +
STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;";
- //System.out.println(strCmdSend);
+ System.out.println(strCmdSend);
deployPolicies(strCmdSend);
String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost +
- " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
- STR_POLICY_FILE_EXT + ";";
- //System.out.println(strCmdDeploy);
+ " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
+ STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + ";";
+ System.out.println(strCmdDeploy);
deployPolicies(strCmdDeploy);
}
*/
public void configureRouterICMPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
pwConfig.println("-A INPUT -j ACCEPT -p icmp");
*/
public void configureRouterICMPPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
*/
public void configureRouterSSHPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow SSH - port 22 (only from monitor host)
pwConfig.println("-A INPUT -j ACCEPT -s " +
strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
*/
public void configureRouterDHCPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
*/
public void configureRouterDNSPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DNS UDP and TCP port 53
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
*/
public void configureRejectPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Reject every other thing
pwConfig.println("-A FORWARD -j REJECT");
pwConfig.println("-A INPUT -j REJECT");
*/
public void configureRouterNATPolicy(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Configure NAT
pwConfig.println("-t nat -A POSTROUTING -o eth0 -j MASQUERADE");
// Add the following 2 lines
*/
public void configureHostICMPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A INPUT -j ACCEPT -p icmp");
pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
*/
public void configureHostSQLPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport mysql");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport mysql");
*/
public void configureHostICMPPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
" -d " + strConfigHost + " -p icmp");
*/
public void configureHostSSHPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow SSH - port 22
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport ssh");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport ssh");
*/
public void configureHostSSHPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow SSH - port 22
pwConfig.println("-A INPUT -j ACCEPT -s " +
strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
*/
public void configureHostDHCPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
*/
public void configureHostDNSPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DNS UDP and TCP port 53
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
projects / iot2.git / commitdiff