OpenSDN source code
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
security_logging_object.cc
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2017 Juniper Networks, Inc. All rights reserved.
3  */
4 
5 #include <cmn/agent.h>
6 #include <oper_db.h>
7 #include <vnc_cfg_types.h>
8 #include <agent_types.h>
9 #include <oper_db.h>
10 #include <oper/config_manager.h>
11 #include <oper/agent_sandesh.h>
12 #include <security_logging_object.h>
13 #include <oper/ifmap_dependency_manager.h>
14 #include <cfg/cfg_init.h>
15 
16 SecurityLoggingObject::SecurityLoggingObject(const boost::uuids::uuid &uuid):
17  uuid_(uuid), firewall_policy_list_(), firewall_rule_list_() {
18 }
19 
20 SecurityLoggingObject::~SecurityLoggingObject() {
21 }
22 
23 DBEntryBase::KeyPtr SecurityLoggingObject::GetDBRequestKey() const {
24  SecurityLoggingObjectKey *key = new SecurityLoggingObjectKey(uuid_);
25  return DBEntryBase::KeyPtr(key);
26 }
27 
28 void SecurityLoggingObject::SetKey(const DBRequestKey *key) {
29  const SecurityLoggingObjectKey *slo_key =
30  static_cast<const SecurityLoggingObjectKey *>(key);
31  uuid_ = slo_key->uuid_;
32 }
33 
34 std::string SecurityLoggingObject::ToString() const {
35  std::ostringstream buffer;
36  buffer << "UUID : " << uuid_;
37  buffer << " rate : " << rate_;
38  return buffer.str();
39 }
40 
41 bool SecurityLoggingObject::DBEntrySandesh(Sandesh *sresp, std::string &name)
42  const {
43  SLOListResp *resp = static_cast<SLOListResp *>(sresp);
44  SLOSandeshData data;
45  vector<SLOSandeshRule> rule_list;
46  data.set_name(name_);
47  data.set_uuid(to_string(uuid_));
48  data.set_rate(rate_);
49  data.set_status(status_);
50  vector<autogen::SecurityLoggingObjectRuleEntryType>::const_iterator it =
51  rules_.begin();
52  while (it != rules_.end()) {
53  SLOSandeshRule rule;
54  rule.set_uuid(it->rule_uuid);
55  rule.set_rate(it->rate);
56  rule_list.push_back(rule);
57  ++it;
58  }
59  data.set_rules(rule_list);
60 
61  vector<SLOFwPolicyEntry> fp_list;
62  SloRuleList::const_iterator fp_it = firewall_policy_list_.begin();
63  while (fp_it != firewall_policy_list_.end()) {
64  PolicyLinkData item;
65  item.set_firewall_policy(to_string(fp_it->uuid_));
66  SLOFwPolicyEntry entry;
67  entry.set_uuid(item);
68  entry.set_rate(fp_it->rate_);
69  fp_list.push_back(entry);
70  ++fp_it;
71  }
72  data.set_firewall_policy_list(fp_list);
73 
74  vector<SLOSandeshRule> fr_list;
75  SloRuleList::const_iterator fr_it = firewall_rule_list_.begin();
76  while (fr_it != firewall_rule_list_.end()) {
77  SLOSandeshRule item;
78  item.set_uuid(to_string(fr_it->uuid_));
79  item.set_rate(fr_it->rate_);
80  fr_list.push_back(item);
81  ++fr_it;
82  }
83  data.set_firewall_rule_list(fr_list);
84 
85  vector<SLOSandeshData> &list =
86  const_cast<std::vector<SLOSandeshData>&>(resp->get_slo_list());
87  list.push_back(data);
88 
89  return true;
90 }
91 
92 bool SecurityLoggingObject::IsLess(const DBEntry &rhs) const {
93  const SecurityLoggingObject &fc = static_cast<const SecurityLoggingObject &>
94  (rhs);
95  return (uuid_ < fc.uuid_);
96 }
97 
98 bool SecurityLoggingObject::IsEqual
99 (const std::vector<autogen::SecurityLoggingObjectRuleEntryType> &lhs,
100  const std::vector<autogen::SecurityLoggingObjectRuleEntryType> &rhs) const {
101  if (lhs.size() != rhs.size()) {
102  return false;
103  }
104  vector<autogen::SecurityLoggingObjectRuleEntryType>::const_iterator lit =
105  lhs.begin();
106  vector<autogen::SecurityLoggingObjectRuleEntryType>::const_iterator rit =
107  rhs.begin();
108  while (lit != lhs.end() && rit != rhs.end()) {
109  if (lit->rule_uuid != rit->rule_uuid) {
110  return false;
111  }
112  if (lit->rate != rit->rate) {
113  return false;
114  }
115  ++lit;
116  ++rit;
117  }
118  return true;
119 }
120 
121 bool SecurityLoggingObject::Change(const DBRequest *req) {
122  bool ret = false;
123  const SecurityLoggingObjectData *data =
124  static_cast<const SecurityLoggingObjectData *>(req->data.get());
125 
126  if (status_ != data->status_) {
127  status_ = data->status_;
128  }
129 
130  if (rate_ != data->rate_) {
131  rate_ = data->rate_;
132  ret = true;
133  }
134 
135  if (!IsEqual(rules_, data->rules_)) {
136  rules_ = data->rules_;
137  ret = true;
138  }
139 
140  if (name_ != data->name_) {
141  name_ = data->name_;
142  ret = true;
143  }
144 
145  if (firewall_policy_list_ != data->firewall_policy_list_) {
146  firewall_policy_list_ = data->firewall_policy_list_;
147  ret = true;
148  }
149 
150  if (firewall_rule_list_ != data->firewall_rule_list_) {
151  firewall_rule_list_ = data->firewall_rule_list_;
152  ret = true;
153  }
154 
155  return ret;
156 }
157 
159 // SecurityLoggingObjectTable routines
161 SecurityLoggingObjectTable::SecurityLoggingObjectTable(Agent *agent,
162  DB *db, const std::string &name):
163  AgentOperDBTable(db, name) {
164  set_agent(agent);
165 }
166 
167 SecurityLoggingObjectTable::~SecurityLoggingObjectTable() {
168 }
169 
170 DBTableBase*
171 SecurityLoggingObjectTable::CreateTable(Agent *agent, DB *db,
172  const std::string &name) {
173  SecurityLoggingObjectTable *table = new SecurityLoggingObjectTable(agent,
174  db,
175  name);
176  (static_cast<DBTable *>(table))->Init();
177  return table;
178 }
179 
180 std::unique_ptr<DBEntry>
181 SecurityLoggingObjectTable::AllocEntry(const DBRequestKey *k) const {
182  const SecurityLoggingObjectKey *key =
183  static_cast<const SecurityLoggingObjectKey *>(k);
184  SecurityLoggingObject *slo = new SecurityLoggingObject(key->uuid_);
185  return std::unique_ptr<DBEntry>(static_cast<DBEntry *>(slo));
186 }
187 
188 DBEntry* SecurityLoggingObjectTable::OperDBAdd(const DBRequest *req) {
189  const SecurityLoggingObjectKey *key =
190  static_cast<const SecurityLoggingObjectKey *>(req->key.get());
191  SecurityLoggingObject *slo = new SecurityLoggingObject(key->uuid_);
192  slo->Change(req);
193  return static_cast<DBEntry *>(slo);
194 }
195 
196 bool SecurityLoggingObjectTable::OperDBOnChange(DBEntry *entry,
197  const DBRequest *req) {
198  SecurityLoggingObject *slo = static_cast<SecurityLoggingObject *>(entry);
199  return slo->Change(req);
200 }
201 
202 /*
203  * Do we need resync
204 bool SecurityLoggingObjectTable::OperDBResync(DBEntry *entry, const DBRequest *req) {
205  return OperDBOnChange(entry, req);
206 }
207 */
208 
209 bool SecurityLoggingObjectTable::OperDBDelete(DBEntry *entry,
210  const DBRequest *req) {
211  return true;
212 }
213 
214 bool SecurityLoggingObjectTable::IFNodeToReq(IFMapNode *node, DBRequest &req,
215  const boost::uuids::uuid &u) {
216  assert(!u.is_nil());
217  if ((req.oper == DBRequest::DB_ENTRY_DELETE) || node->IsDeleted()) {
218  req.key.reset(new SecurityLoggingObjectKey(u));
219  req.oper = DBRequest::DB_ENTRY_DELETE;
220  Enqueue(&req);
221  return false;
222  }
223 
224  agent()->config_manager()->AddSecurityLoggingObjectNode(node);
225  return false;
226 }
227 
228 bool SecurityLoggingObjectTable::IFNodeToUuid(IFMapNode *node,
229  boost::uuids::uuid &u) {
230  autogen::SecurityLoggingObject *cfg =
231  static_cast <autogen::SecurityLoggingObject *> (node->GetObject());
232  assert(cfg);
233  autogen::IdPermsType id_perms = cfg->id_perms();
234  CfgUuidSet(id_perms.uuid.uuid_mslong, id_perms.uuid.uuid_lslong, u);
235  return true;
236 }
237 
238 bool SecurityLoggingObjectTable::ProcessConfig(IFMapNode *node, DBRequest &req,
239  const boost::uuids::uuid &u) {
240  if (node->IsDeleted()) {
241  return false;
242  }
243 
244  req.oper = DBRequest::DB_ENTRY_ADD_CHANGE;
245  req.key.reset(new SecurityLoggingObjectKey(u));
246  req.data.reset(BuildData(node));
247  Enqueue(&req);
248  return false;
249 }
250 
251 SecurityLoggingObjectData*
252 SecurityLoggingObjectTable::BuildData(IFMapNode *node) const {
253  autogen::SecurityLoggingObject *data =
254  static_cast<autogen::SecurityLoggingObject *>(node->GetObject());
255 
256  autogen::IdPermsType id_perms = data->id_perms();
257  SecurityLoggingObjectData *slo_data =
258  new SecurityLoggingObjectData(agent(), node, data->rules(),
259  data->rate(),
260  id_perms.enable, node->name());
261  IFMapAgentTable *table = static_cast<IFMapAgentTable *>(node->table());
262  for (DBGraphVertex::adjacency_iterator iter =
263  node->begin(table->GetGraph());
264  iter != node->end(table->GetGraph()); ++iter) {
265 
266  IFMapNode *adj_node = static_cast<IFMapNode *>(iter.operator->());
267  if (agent()->config_manager()->SkipNode(adj_node)) {
268  continue;
269  }
270 
271  if (strcmp(adj_node->table()->Typename(),
272  "firewall-policy-security-logging-object") == 0) {
273  autogen::FirewallPolicySecurityLoggingObject *fp_slo_link =
274  static_cast<autogen::FirewallPolicySecurityLoggingObject *>
275  (adj_node->GetObject());
276  const autogen::SloRateType &slo_rate = fp_slo_link->data();
277  IFMapNode *fp_node = agent()->config_manager()->
278  FindAdjacentIFMapNode(adj_node, "firewall-policy");
279  if (fp_node) {
280  boost::uuids::uuid fp_uuid = boost::uuids::nil_uuid();
281  autogen::FirewallPolicy *fp =
282  static_cast<autogen::FirewallPolicy *>(fp_node->GetObject());
283  autogen::IdPermsType id_perms = fp->id_perms();
284  CfgUuidSet(id_perms.uuid.uuid_mslong, id_perms.uuid.uuid_lslong,
285  fp_uuid);
286  SloRuleInfo info(fp_uuid, slo_rate.rate);
287  slo_data->firewall_policy_list_.push_back(info);
288  }
289  }
290 
291  if (strcmp(adj_node->table()->Typename(),
292  "firewall-rule-security-logging-object") == 0) {
293  autogen::FirewallRuleSecurityLoggingObject *fr_slo_link =
294  static_cast<autogen::FirewallRuleSecurityLoggingObject *>
295  (adj_node->GetObject());
296  const autogen::SloRateType &slo_rate = fr_slo_link->data();
297  IFMapNode *fr_node = agent()->config_manager()->
298  FindAdjacentIFMapNode(adj_node, "firewall-rule");
299  if (fr_node) {
300  boost::uuids::uuid fr_uuid = boost::uuids::nil_uuid();
301  autogen::FirewallRule *fr =
302  static_cast<autogen::FirewallRule *>(fr_node->GetObject());
303  autogen::IdPermsType id_perms = fr->id_perms();
304  CfgUuidSet(id_perms.uuid.uuid_mslong, id_perms.uuid.uuid_lslong,
305  fr_uuid);
306  SloRuleInfo info(fr_uuid, slo_rate.rate);
307  slo_data->firewall_rule_list_.push_back(info);
308  }
309  }
310  }
311  return slo_data;
312 }
313 
314 void SLOListReq::HandleRequest() const {
315  AgentSandeshPtr sand(new AgentSecurityLoggingObjectSandesh(context(),
316  get_uuid()));
317  sand->DoSandesh(sand);
318 }
319 
320 AgentSandeshPtr
321 SecurityLoggingObjectTable::GetAgentSandesh(const AgentSandeshArguments *args,
322  const std::string &context) {
323  return AgentSandeshPtr(new AgentSecurityLoggingObjectSandesh(context,
324  args->GetString("uuid")));
325 }
SecurityLoggingObjectTable::IFNodeToReq
virtual bool IFNodeToReq(IFMapNode *node, DBRequest &req, const boost::uuids::uuid &u)
Definition: security_logging_object.cc:214
SecurityLoggingObjectTable::OperDBDelete
virtual bool OperDBDelete(DBEntry *entry, const DBRequest *req)
Definition: security_logging_object.cc:209
SecurityLoggingObjectTable::GetAgentSandesh
virtual AgentSandeshPtr GetAgentSandesh(const AgentSandeshArguments *args, const std::string &context)
Definition: security_logging_object.cc:321
CfgUuidSet
static void CfgUuidSet(uint64_t ms_long, uint64_t ls_long, boost::uuids::uuid &u)
Definition: agent_cmn.h:67
SecurityLoggingObject::Change
virtual bool Change(const DBRequest *req)
Definition: security_logging_object.cc:121
SecurityLoggingObjectTable::SecurityLoggingObjectTable
SecurityLoggingObjectTable(Agent *agent, DB *db, const std::string &name)
Definition: security_logging_object.cc:161
AgentSandeshArguments::GetString
std::string GetString(const std::string &key) const
Definition: agent_sandesh.cc:662
SecurityLoggingObjectTable::OperDBAdd
virtual DBEntry * OperDBAdd(const DBRequest *req)
Definition: security_logging_object.cc:188
SecurityLoggingObjectTable::AllocEntry
virtual std::unique_ptr< DBEntry > AllocEntry(const DBRequestKey *k) const
Definition: security_logging_object.cc:181
DBEntryBase::IsDeleted
bool IsDeleted() const
Definition: db_entry.h:49
Agent::config_manager
ConfigManager * config_manager() const
Definition: agent.cc:889
AgentDBTable::agent
Agent * agent() const
Definition: agent_db.h:213
DBRequest::data
std::unique_ptr< DBRequestData > data
Definition: db_table.h:49
IFMapTable::Typename
virtual const char * Typename() const =0
DBTableBase::Enqueue
bool Enqueue(DBRequest *req)
Definition: db_table.cc:194
uuid
boost::uuids::uuid uuid
Definition: vnsw/agent/filter/policy.h:11
DBGraphVertex::end
adjacency_iterator end(DBGraph *graph)
Definition: db_graph_vertex.h:87
IFMapNode::table
IFMapTable * table()
Definition: ifmap_node.h:29
DBEntryBase::KeyPtr
std::unique_ptr< DBRequestKey > KeyPtr
Definition: db_entry.h:25
config_manager.h
SecurityLoggingObject::IsEqual
bool IsEqual(const std::vector< autogen::SecurityLoggingObjectRuleEntryType > &lhs, const std::vector< autogen::SecurityLoggingObjectRuleEntryType > &rhs) const
Definition: security_logging_object.cc:99
SecurityLoggingObjectTable::BuildData
SecurityLoggingObjectData * BuildData(IFMapNode *node) const
Definition: security_logging_object.cc:252
DB
Definition: db.h:24
ConfigManager::AddSecurityLoggingObjectNode
void AddSecurityLoggingObjectNode(IFMapNode *node)
Definition: config_manager.cc:498
Agent
Definition: agent.h:358
DBRequest::key
std::unique_ptr< DBRequestKey > key
Definition: db_table.h:48
DBRequest::oper
DBOperation oper
Definition: db_table.h:42
SecurityLoggingObjectData::rules_
std::vector< autogen::SecurityLoggingObjectRuleEntryType > rules_
Definition: security_logging_object.h:52
AgentSandeshPtr
class boost::shared_ptr< AgentSandesh > AgentSandeshPtr
Definition: agent_db.h:18
SecurityLoggingObjectTable::IFNodeToUuid
virtual bool IFNodeToUuid(IFMapNode *node, boost::uuids::uuid &u)
Definition: security_logging_object.cc:228
agent_sandesh.h
SecurityLoggingObject::DBEntrySandesh
virtual bool DBEntrySandesh(Sandesh *resp, std::string &name) const
Definition: security_logging_object.cc:41
SecurityLoggingObject::SecurityLoggingObject
SecurityLoggingObject(const boost::uuids::uuid &uuid)
Definition: security_logging_object.cc:16
IFMapNode::name
const std::string & name() const
Definition: ifmap_node.h:48
SecurityLoggingObjectTable::ProcessConfig
bool ProcessConfig(IFMapNode *node, DBRequest &req, const boost::uuids::uuid &u)
Definition: security_logging_object.cc:238
security_logging_object.h
IFMapNode::GetObject
IFMapObject * GetObject()
Definition: ifmap_node.cc:63
oper_db.h
SecurityLoggingObject::ToString
std::string ToString() const
Definition: security_logging_object.cc:34
SecurityLoggingObject::IsLess
virtual bool IsLess(const DBEntry &rhs) const
Definition: security_logging_object.cc:92
ifmap_dependency_manager.h
SecurityLoggingObjectTable::OperDBOnChange
virtual bool OperDBOnChange(DBEntry *entry, const DBRequest *req)
Definition: security_logging_object.cc:196
DBGraphVertex::adjacency_iterator
Definition: db_graph_vertex.h:30
ConfigManager::SkipNode
bool SkipNode(IFMapNode *node)
Definition: config_manager.cc:613
DBGraphVertex::begin
adjacency_iterator begin(DBGraph *graph)
Definition: db_graph_vertex.h:84
SecurityLoggingObject::rules_
std::vector< autogen::SecurityLoggingObjectRuleEntryType > rules_
Definition: security_logging_object.h:101
SecurityLoggingObjectTable::CreateTable
static DBTableBase * CreateTable(Agent *agent, DB *db, const std::string &name)
Definition: security_logging_object.cc:171
SecurityLoggingObject::SetKey
virtual void SetKey(const DBRequestKey *key)
Definition: security_logging_object.cc:28
AgentDBTable::set_agent
void set_agent(Agent *agent)
Definition: agent_db.h:212
cfg_init.h