Dobby/AppServicesRdkPlugin_8h_source.html

/*

* If not stated otherwise in this file or this component's LICENSE file the

* following copyright and licenses apply:

*

* Copyright 2021 Sky UK

*

* Licensed under the Apache License, Version 2.0 (the "License");

* you may not use this file except in compliance with the License.

* You may obtain a copy of the License at

*

* http://www.apache.org/licenses/LICENSE-2.0

*

* Unless required by applicable law or agreed to in writing, software

* distributed under the License is distributed on an "AS IS" BASIS,

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

* See the License for the specific language governing permissions and

* limitations under the License.

*/

/*

 * File: AppServicesRdkPlugin.h

 *

 */

#ifndef APPSERVICESRDKPLUGIN_H

#define APPSERVICESRDKPLUGIN_H


#include <Netfilter.h>

#include <RdkPluginBase.h>


#include <sys/types.h>

#include <netinet/in.h>


#include <unistd.h>

#include <string>

#include <memory>

#include <set>


class AppServicesRdkPlugin : public RdkPluginBase

{

public:

    AppServicesRdkPlugin(std::shared_ptr<rt_dobby_schema>& containerConfig,

                         const std::shared_ptr<DobbyRdkPluginUtils> &utils,

                         const std::string &rootfsPath);


public:


    inline std::string name() const override

    {

        return mName;

    };


    unsigned hookHints() const override;


public:

    bool postInstallation() override;

    bool createRuntime() override;

    bool postHalt() override;


public:

    std::vector<std::string> getDependencies() const override;


private:

    enum LocalServicesPort : in_port_t

    {

        LocalServicesNone  = 0,

        LocalServicesInvalid = 1,


        LocalServices1Port = 9001,

        LocalServices2Port = 9002,

        LocalServices3Port = 9003,

        LocalServices4Port = 9004,

        LocalServices5Port = 9009,

    };


    LocalServicesPort getAsPort() const;

    std::set<in_port_t> getAllPorts() const;


    Netfilter::RuleSet constructRules() const;

    Netfilter::RuleSet constructMasqueradeRules() const;


    bool setupLocalhostMasquerade(Netfilter::RuleSet& ruleSet);


    void addRulesForPort(const std::string &containerIp, const std::string &vethName,

                         in_port_t port,

                         std::list<std::string>& acceptRules, std::list<std::string>& natRules) const;


    std::string constructDNATRule(const std::string &containerIp,

                                  in_port_t port) const;

    std::string constructCONNLIMITRule(const std::string &containerIp,

                                       const std::string &vethName,

                                       in_port_t port,

                                       uint32_t connLimit) const;

    std::string constructACCEPTRule(const std::string &containerIp,

                                    const std::string &vethName,

                                    in_port_t port) const;


    std::string createMasqueradeDnatRule(const in_port_t &port) const;

    std::string createMasqueradeSnatRule(const std::string &ipAddress) const;


private:

    const std::string mName;

    std::shared_ptr<rt_dobby_schema> mContainerConfig;

    const std::shared_ptr<DobbyRdkPluginUtils> mUtils;

    const std::string mRootfsPath;


    bool mValid;

    const rt_defs_plugins_app_services_rdk_data* mPluginConfig;

    std::shared_ptr<Netfilter> mNetfilter;

    const bool mEnableConnLimit;

};


#endif // !defined(APPSERVICESRDKPLUGIN_H)

AppServicesRdkPlugin
Plugin just used to map in access for AS services.
Definition AppServicesRdkPlugin.h:47

AppServicesRdkPlugin::postInstallation
bool postInstallation() override
Dobby Hook - run in host namespace once when container bundle is downloaded Updates the /etc/services...
Definition AppServicesRdkPlugin.cpp:88

AppServicesRdkPlugin::addRulesForPort
void addRulesForPort(const std::string &containerIp, const std::string &vethName, in_port_t port, std::list< std::string > &acceptRules, std::list< std::string > &natRules) const
Adds the ACCEPT, DNAT and CONNLIMIT iptables rules for the given port to the given rule sets.
Definition AppServicesRdkPlugin.cpp:401

AppServicesRdkPlugin::constructACCEPTRule
std::string constructACCEPTRule(const std::string &containerIp, const std::string &vethName, in_port_t port) const
Constructs a INPUT ACCEPT rule to allow packets from the container over the dobby0 bridge to localhos...
Definition AppServicesRdkPlugin.cpp:547

AppServicesRdkPlugin::constructCONNLIMITRule
std::string constructCONNLIMITRule(const std::string &containerIp, const std::string &vethName, in_port_t port, uint32_t connLimit) const
Constructs an INPUT REJECT rule to reject connection if exceed the limit.
Definition AppServicesRdkPlugin.cpp:505

AppServicesRdkPlugin::getDependencies
std::vector< std::string > getDependencies() const override
Should return the names of the plugins this plugin depends on.
Definition AppServicesRdkPlugin.cpp:278

AppServicesRdkPlugin::createMasqueradeDnatRule
std::string createMasqueradeDnatRule(const in_port_t &port) const
Constructs an OUTPUT DNAT rule to forward packets from 127.0.0.1 inside the container to the bridge d...
Definition AppServicesRdkPlugin.cpp:625

AppServicesRdkPlugin::getAsPort
LocalServicesPort getAsPort() const
Gets the AS port based on the "setMenu" config setting.
Definition AppServicesRdkPlugin.cpp:298

AppServicesRdkPlugin::getAllPorts
std::set< in_port_t > getAllPorts() const
Get all the ports we need to forward.
Definition AppServicesRdkPlugin.cpp:354

AppServicesRdkPlugin::constructMasqueradeRules
Netfilter::RuleSet constructMasqueradeRules() const
Constructs rules to forward requests to AS ports on the container localhost interface to the host.
Definition AppServicesRdkPlugin.cpp:583

AppServicesRdkPlugin::constructRules
Netfilter::RuleSet constructRules() const
Creates the required iptables rules based on the container and plugin config.
Definition AppServicesRdkPlugin.cpp:423

AppServicesRdkPlugin::name
std::string name() const override
Should return the name of the plugin.
Definition AppServicesRdkPlugin.h:54

AppServicesRdkPlugin::createMasqueradeSnatRule
std::string createMasqueradeSnatRule(const std::string &ipAddress) const
Constructs an POSTROUTING SNAT rule so that the source address is changed to the veth0 inside the con...
Definition AppServicesRdkPlugin.cpp:665

AppServicesRdkPlugin::hookHints
unsigned hookHints() const override
Set the bit flags for which hooks we're going to use.
Definition AppServicesRdkPlugin.cpp:59

AppServicesRdkPlugin::postHalt
bool postHalt() override
Dobby Hook - Run in host namespace when container terminates. We hook this point so we can delete the...
Definition AppServicesRdkPlugin.cpp:230

AppServicesRdkPlugin::constructDNATRule
std::string constructDNATRule(const std::string &containerIp, in_port_t port) const
Constructs a DNAT PREROUTING rule to send anything from the container on the given port to localhost ...
Definition AppServicesRdkPlugin.cpp:467

AppServicesRdkPlugin::createRuntime
bool createRuntime() override
OCI Hook - Run in host namespace. Adds the two iptables firewall rules to enable port forwarding.
Definition AppServicesRdkPlugin.cpp:143

RdkPluginBase
Basic object that provides the default overrides for a plugin.
Definition RdkPluginBase.h:34