From: rtrimana Date: Thu, 4 Jan 2018 19:43:22 +0000 (-0800) Subject: Adding options to disable/enable firewall policy and choose MAC/IP translation methods X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=4f93f30fc71a3696f426acf231cd665cb16cdc3b;p=iot2.git Adding options to disable/enable firewall policy and choose MAC/IP translation methods --- diff --git a/iotjava/iotruntime/master/IoTMaster.java b/iotjava/iotruntime/master/IoTMaster.java index 454ca30..15948bf 100644 --- a/iotjava/iotruntime/master/IoTMaster.java +++ b/iotjava/iotruntime/master/IoTMaster.java @@ -103,6 +103,8 @@ public final class IoTMaster { private static String STR_SKEL_CLASS_SUFFIX; private static String STR_STUB_CLASS_SUFFIX; private static String STR_ACTIVATE_SANDBOXING; + private static String STR_POLICY_ON; + private static String STR_MAC_TO_IP_TRANSLATION; private static boolean BOOL_VERBOSE; /** @@ -138,6 +140,8 @@ public final class IoTMaster { private static final String STR_SHELL_HEADER = "#!/bin/sh"; private static final String STR_JAVA_PATH = "/usr/bin/java"; private static final String STR_MAC_POL_PATH = "tomoyo/"; + private static final String STR_TMP = "tmp"; + private static final String STR_ARP = "arp"; private static int INT_SIZE = 4; // send length in the size of integer (4 bytes) private static final int INT_DNS_PORT = 53; @@ -201,6 +205,8 @@ public final class IoTMaster { STR_JVM_MAX_HEAP_SIZE = null; STR_LANGUAGE_CONTROLLER = null; STR_ACTIVATE_SANDBOXING = null; + STR_POLICY_ON = null; + STR_MAC_TO_IP_TRANSLATION = null; BOOL_VERBOSE = false; } @@ -215,7 +221,13 @@ public final class IoTMaster { lbIoT = new LoadBalancer(BOOL_VERBOSE); lbIoT.setupLoadBalancer(); routerConfig = new RouterConfig(); - routerConfig.getAddressList(STR_ROUTER_ADD); + // Get MAC to IP translation either from /tmp/dhcp.leases or arp command + if (STR_MAC_TO_IP_TRANSLATION.equals(STR_TMP)) + routerConfig.getAddressListTmp(STR_ROUTER_ADD); + else if (STR_MAC_TO_IP_TRANSLATION.equals(STR_ARP)) + routerConfig.getAddressListArp(STR_ROUTER_ADD); + else + throw new Error("IoTMaster: Unknown value for STR_MAC_TO_IP_TRANSLATION: " + STR_MAC_TO_IP_TRANSLATION); processJailConfig = new ProcessJailConfig(); //processJailConfig.setAddressListObject(routerConfig.getAddressListObject()); objInitHand = new ObjectInitHandler(BOOL_VERBOSE); @@ -281,6 +293,8 @@ public final class IoTMaster { STR_SKEL_CLASS_SUFFIX = prop.getProperty("SKEL_CLASS_SUFFIX"); STR_STUB_CLASS_SUFFIX = prop.getProperty("STUB_CLASS_SUFFIX"); STR_ACTIVATE_SANDBOXING = prop.getProperty("ACTIVATE_SANDBOXING"); + STR_POLICY_ON = prop.getProperty("POLICY_ON"); + STR_MAC_TO_IP_TRANSLATION = prop.getProperty("MAC_TO_IP_TRANSLATION"); if(prop.getProperty("VERBOSE").equals(STR_YES)) { BOOL_VERBOSE = true; } @@ -306,6 +320,8 @@ public final class IoTMaster { RuntimeOutput.print("STR_SKEL_CLASS_SUFFIX=" + STR_SKEL_CLASS_SUFFIX, BOOL_VERBOSE); RuntimeOutput.print("STR_STUB_CLASS_SUFFIX=" + STR_STUB_CLASS_SUFFIX, BOOL_VERBOSE); RuntimeOutput.print("STR_ACTIVATE_SANDBOXING=" + STR_ACTIVATE_SANDBOXING, BOOL_VERBOSE); + RuntimeOutput.print("STR_POLICY_ON=" + STR_POLICY_ON, BOOL_VERBOSE); + RuntimeOutput.print("STR_MAC_TO_IP_TRANSLATION=" + STR_MAC_TO_IP_TRANSLATION, BOOL_VERBOSE); RuntimeOutput.print("BOOL_VERBOSE=" + BOOL_VERBOSE, BOOL_VERBOSE); RuntimeOutput.print("IoTMaster: Information extracted successfully!", BOOL_VERBOSE); } @@ -2181,7 +2197,9 @@ public final class IoTMaster { // Deploy the policy setAddresses = new HashSet(commHan.getHosts()); setAddresses.add(strIoTMasterHostAdd); - createPolicyThreads(STR_ROUTER_ADD, setAddresses); + // See if firewall policy is configured to be "on" or "off" + if (STR_POLICY_ON.equals(STR_YES)) + createPolicyThreads(STR_ROUTER_ADD, setAddresses); // PROFILING result = System.currentTimeMillis()-start; diff --git a/iotjava/iotruntime/master/RouterConfig.java b/iotjava/iotruntime/master/RouterConfig.java index 48bb8f6..ace0ea0 100644 --- a/iotjava/iotruntime/master/RouterConfig.java +++ b/iotjava/iotruntime/master/RouterConfig.java @@ -39,9 +39,11 @@ public final class RouterConfig { * RouterConfig constants */ private static final String STR_SSH_USERNAME_ROUTER = "root"; + private static final String STR_SSH_USERNAME_RASPBERRYPI = "pi"; private static final String STR_SSH_USERNAME_HOST = "iotuser"; private static final String STR_POLICY_FILE_ALL = "_all"; private static final String STR_POLICY_FILE_EXT = ".policy"; + private static final String STR_INCOMPLETE = "(incomplete)"; /** * RouterConfig properties @@ -273,7 +275,7 @@ public final class RouterConfig { } /** - * getAddressList() method gets list of IP addresses + * getAddressListTmp() method gets list of IP addresses from /tmp/dhcp.leases *

* This method sends an inquiry to the router to look for * the list of DHCP leased addresses and their mapping to MAC @@ -281,7 +283,7 @@ public final class RouterConfig { * * @param strRouterAddress String that contains address of router */ - public void getAddressList(String strRouterAddress) { + public void getAddressListTmp(String strRouterAddress) { //HashMap hmMACToIPAdd = new HashMap(); try { @@ -305,6 +307,42 @@ public final class RouterConfig { } } + /** + * getAddressListArp() method gets list of IP addresses from arp command + *

+ * This method sends an inquiry to the router to look for + * the list of DHCP leased addresses and their mapping to MAC + * addresses + * + * @param strRouterAddress String that contains address of router + */ + public void getAddressListArp(String strRouterAddress) { + + //HashMap hmMACToIPAdd = new HashMap(); + try { + // We replace with "cat /usr/sbin/arp" + String cmd = "ssh " + STR_SSH_USERNAME_RASPBERRYPI + "@" + strRouterAddress + + " /usr/sbin/arp"; + Runtime runtime = Runtime.getRuntime(); + Process process = runtime.exec(cmd); + + InputStream inStream = process.getInputStream(); + InputStreamReader isReader = new InputStreamReader(inStream); + BufferedReader bReader = new BufferedReader(isReader); + String strRead = null; + while((strRead = bReader.readLine()) != null){ + String[] str = strRead.split("\\s+"); + // Skip if "(incomplete)" is seen! + if (str[1].equals(STR_INCOMPLETE)) + continue; + mapMACtoIPAdd.put(str[2], str[0]); + } + } catch (IOException ex) { + System.out.println("RouterConfig: IOException: " + ex.getMessage()); + ex.printStackTrace(); + } + } + /** * getIPFromMACAddress() method gets IP from MAC address * diff --git a/localconfig/iotruntime/IoTMaster.config b/localconfig/iotruntime/IoTMaster.config index de7069f..9910438 100644 --- a/localconfig/iotruntime/IoTMaster.config +++ b/localconfig/iotruntime/IoTMaster.config @@ -47,3 +47,9 @@ STUB_CLASS_SUFFIX=_Stub # Sandboxing ACTIVATE_SANDBOXING=Yes +# MAC to IP address translation location +# tmp (/tmp/dhcp.leases), or arp +MAC_TO_IP_TRANSLATION=tmp + +# Firewall policy turned on? (Yes or No - default Yes) +POLICY_ON=Yes