From 8b27beb907eff6f132d6830739328781dcfb36cb Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Tue, 18 Mar 2014 11:30:53 +0100 Subject: [PATCH] start host API --- src/PVE/API2/Firewall/Host.pm | 113 +++++++++++++++++++++++++++++++++ src/PVE/API2/Firewall/Makefile | 1 + src/PVE/Firewall.pm | 26 +++++--- 3 files changed, 132 insertions(+), 8 deletions(-) create mode 100644 src/PVE/API2/Firewall/Host.pm diff --git a/src/PVE/API2/Firewall/Host.pm b/src/PVE/API2/Firewall/Host.pm new file mode 100644 index 0000000..e82604e --- /dev/null +++ b/src/PVE/API2/Firewall/Host.pm @@ -0,0 +1,113 @@ +package PVE::API2::Firewall::Host; + +use strict; +use warnings; +use PVE::JSONSchema qw(get_standard_option); + +use PVE::Firewall; + + +use Data::Dumper; # fixme: remove + +use base qw(PVE::RESTHandler); + +__PACKAGE__->register_method({ + name => 'index', + path => '', + method => 'GET', + permissions => { user => 'all' }, + description => "Directory index.", + parameters => { + additionalProperties => 0, + properties => { + node => get_standard_option('pve-node'), + }, + }, + returns => { + type => 'array', + items => { + type => "object", + properties => {}, + }, + links => [ { rel => 'child', href => "{name}" } ], + }, + code => sub { + my ($param) = @_; + + my $result = [ + { name => 'rules' }, + { name => 'options' }, + ]; + + return $result; + }}); + +__PACKAGE__->register_method({ + name => 'get_rules', + path => 'rules', + method => 'GET', + description => "List host firewall rules.", + proxyto => 'node', + parameters => { + additionalProperties => 0, + properties => { + node => get_standard_option('pve-node'), + }, + }, + returns => { + type => 'array', + items => { + type => "object", + properties => {}, + }, + }, + code => sub { + my ($param) = @_; + + my $hostfw_conf = PVE::Firewall::load_hostfw_conf(); + + my $rules = $hostfw_conf->{rules} || []; + + my $digest = $hostfw_conf->{digest}; + + my $res = []; + + my $ind = 0; + foreach my $rule (@$rules) { + push @$res, PVE::Firewall::cleanup_fw_rule($rule, $digest, $ind++); + } + + return $res; + }}); + +__PACKAGE__->register_method({ + name => 'get_options', + path => 'options', + method => 'GET', + description => "Get host firewall options.", + proxyto => 'node', + parameters => { + additionalProperties => 0, + properties => { + node => get_standard_option('pve-node'), + }, + }, + returns => { + type => "object", + properties => {}, + }, + code => sub { + my ($param) = @_; + + my $hostfw_conf = PVE::Firewall::load_hostfw_conf(); + + my $options = $hostfw_conf->{options} || {}; + + my $digest = $hostfw_conf->{digest}; + + $options->{digest} = $digest; + + return $options; + }}); + +1; diff --git a/src/PVE/API2/Firewall/Makefile b/src/PVE/API2/Firewall/Makefile index bb57ab9..062f31f 100644 --- a/src/PVE/API2/Firewall/Makefile +++ b/src/PVE/API2/Firewall/Makefile @@ -1,4 +1,5 @@ LIB_SOURCES= \ + Host.pm \ Groups.pm all: diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index 7e3daad..3c8d687 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -1448,7 +1448,11 @@ sub parse_host_fw_rules { my $section; + my $digest = Digest::SHA->new('sha1'); + while (defined(my $line = <$fh>)) { + $digest->add($line); + next if $line =~ m/^#/; next if $line =~ m/^\s*$/; @@ -1486,6 +1490,8 @@ sub parse_host_fw_rules { push @{$res->{$section}}, @$rules; } + $res->{digest} = $digest->b64digest; + return $res; } @@ -1706,6 +1712,16 @@ sub load_security_groups { return $groups_conf; } +sub load_hostfw_conf { + + my $hostfw_conf = {}; + my $filename = "/etc/pve/local/host.fw"; + if (my $fh = IO::File->new($filename, O_RDONLY)) { + $hostfw_conf = parse_host_fw_rules($filename, $fh); + } + return $hostfw_conf; +} + sub compile { my $vmdata = read_local_vm_config(); my $vmfw_configs = read_vm_firewall_configs($vmdata); @@ -1721,14 +1737,8 @@ sub compile { ruleset_create_chain($ruleset, "PVEFW-FORWARD"); - my $hostfw_options = {}; - my $hostfw_conf = {}; - - my $filename = "/etc/pve/local/host.fw"; - if (my $fh = IO::File->new($filename, O_RDONLY)) { - $hostfw_conf = parse_host_fw_rules($filename, $fh); - $hostfw_options = $hostfw_conf->{options}; - } + my $hostfw_conf = load_hostfw_conf(); + my $hostfw_options = $hostfw_conf->{options} || {}; generate_std_chains($ruleset, $hostfw_options); -- 2.39.2