Dobby  3.0
Dobby “Docker based Thingy” is a tool for managing and running OCI containers using crun
AppServicesRdkPlugin.h
1 /*
2 * If not stated otherwise in this file or this component's LICENSE file the
3 * following copyright and licenses apply:
4 *
5 * Copyright 2021 Sky UK
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19 /*
20  * File: AppServicesRdkPlugin.h
21  *
22  */
23 #ifndef APPSERVICESRDKPLUGIN_H
24 #define APPSERVICESRDKPLUGIN_H
25 
26 #include <Netfilter.h>
27 #include <RdkPluginBase.h>
28 
29 #include <sys/types.h>
30 #include <netinet/in.h>
31 
32 #include <unistd.h>
33 #include <string>
34 #include <memory>
35 #include <set>
36 
46 class AppServicesRdkPlugin : public RdkPluginBase
47 {
48 public:
49  AppServicesRdkPlugin(std::shared_ptr<rt_dobby_schema>& containerConfig,
50  const std::shared_ptr<DobbyRdkPluginUtils> &utils,
51  const std::string &rootfsPath);
52 
53 public:
54  inline std::string name() const override
55  {
56  return mName;
57  };
58 
59  unsigned hookHints() const override;
60 
61 public:
62  bool postInstallation() override;
63  bool createRuntime() override;
64  bool postHalt() override;
65 
66 public:
67  std::vector<std::string> getDependencies() const override;
68 
69 private:
70  enum LocalServicesPort : in_port_t
71  {
72  LocalServicesNone = 0,
73  LocalServicesInvalid = 1,
74 
75  LocalServices1Port = 9001,
76  LocalServices2Port = 9002,
77  LocalServices3Port = 9003,
78  LocalServices4Port = 9004,
79  LocalServices5Port = 9009,
80  };
81 
82  LocalServicesPort getAsPort() const;
83  std::set<in_port_t> getAllPorts() const;
84 
85  Netfilter::RuleSet constructRules() const;
86  Netfilter::RuleSet constructMasqueradeRules() const;
87 
88  bool setupLocalhostMasquerade(Netfilter::RuleSet& ruleSet);
89 
90  void addRulesForPort(const std::string &containerIp, const std::string &vethName,
91  in_port_t port,
92  std::list<std::string>& acceptRules, std::list<std::string>& natRules) const;
93 
94  std::string constructDNATRule(const std::string &containerIp,
95  in_port_t port) const;
96  std::string constructCONNLIMITRule(const std::string &containerIp,
97  const std::string &vethName,
98  in_port_t port,
99  uint32_t connLimit) const;
100  std::string constructACCEPTRule(const std::string &containerIp,
101  const std::string &vethName,
102  in_port_t port) const;
103 
104  std::string createMasqueradeDnatRule(const in_port_t &port) const;
105  std::string createMasqueradeSnatRule(const std::string &ipAddress) const;
106 
107 private:
108  const std::string mName;
109  std::shared_ptr<rt_dobby_schema> mContainerConfig;
110  const std::shared_ptr<DobbyRdkPluginUtils> mUtils;
111  const std::string mRootfsPath;
112 
113  bool mValid;
114  const rt_defs_plugins_app_services_rdk_data* mPluginConfig;
115  std::shared_ptr<Netfilter> mNetfilter;
116  const bool mEnableConnLimit;
117 };
118 
119 #endif // !defined(APPSERVICESRDKPLUGIN_H)
AppServicesRdkPlugin
Plugin just used to map in access for AS services.
Definition: AppServicesRdkPlugin.h:47
AppServicesRdkPlugin::postInstallation
bool postInstallation() override
Dobby Hook - run in host namespace once when container bundle is downloaded Updates the /etc/services...
Definition: AppServicesRdkPlugin.cpp:88
AppServicesRdkPlugin::addRulesForPort
void addRulesForPort(const std::string &containerIp, const std::string &vethName, in_port_t port, std::list< std::string > &acceptRules, std::list< std::string > &natRules) const
Adds the ACCEPT, DNAT and CONNLIMIT iptables rules for the given port to the given rule sets.
Definition: AppServicesRdkPlugin.cpp:401
AppServicesRdkPlugin::constructACCEPTRule
std::string constructACCEPTRule(const std::string &containerIp, const std::string &vethName, in_port_t port) const
Constructs a INPUT ACCEPT rule to allow packets from the container over the dobby0 bridge to localhos...
Definition: AppServicesRdkPlugin.cpp:547
AppServicesRdkPlugin::constructCONNLIMITRule
std::string constructCONNLIMITRule(const std::string &containerIp, const std::string &vethName, in_port_t port, uint32_t connLimit) const
Constructs an INPUT REJECT rule to reject connection if exceed the limit.
Definition: AppServicesRdkPlugin.cpp:505
AppServicesRdkPlugin::getDependencies
std::vector< std::string > getDependencies() const override
Should return the names of the plugins this plugin depends on.
Definition: AppServicesRdkPlugin.cpp:278
AppServicesRdkPlugin::createMasqueradeDnatRule
std::string createMasqueradeDnatRule(const in_port_t &port) const
Constructs an OUTPUT DNAT rule to forward packets from 127.0.0.1 inside the container to the bridge d...
Definition: AppServicesRdkPlugin.cpp:625
AppServicesRdkPlugin::getAsPort
LocalServicesPort getAsPort() const
Gets the AS port based on the "setMenu" config setting.
Definition: AppServicesRdkPlugin.cpp:298
AppServicesRdkPlugin::getAllPorts
std::set< in_port_t > getAllPorts() const
Get all the ports we need to forward.
Definition: AppServicesRdkPlugin.cpp:354
AppServicesRdkPlugin::constructMasqueradeRules
Netfilter::RuleSet constructMasqueradeRules() const
Constructs rules to forward requests to AS ports on the container localhost interface to the host.
Definition: AppServicesRdkPlugin.cpp:583
AppServicesRdkPlugin::constructRules
Netfilter::RuleSet constructRules() const
Creates the required iptables rules based on the container and plugin config.
Definition: AppServicesRdkPlugin.cpp:423
AppServicesRdkPlugin::name
std::string name() const override
Should return the name of the plugin.
Definition: AppServicesRdkPlugin.h:54
AppServicesRdkPlugin::createMasqueradeSnatRule
std::string createMasqueradeSnatRule(const std::string &ipAddress) const
Constructs an POSTROUTING SNAT rule so that the source address is changed to the veth0 inside the con...
Definition: AppServicesRdkPlugin.cpp:665
AppServicesRdkPlugin::hookHints
unsigned hookHints() const override
Set the bit flags for which hooks we're going to use.
Definition: AppServicesRdkPlugin.cpp:59
AppServicesRdkPlugin::postHalt
bool postHalt() override
Dobby Hook - Run in host namespace when container terminates. We hook this point so we can delete the...
Definition: AppServicesRdkPlugin.cpp:230
AppServicesRdkPlugin::constructDNATRule
std::string constructDNATRule(const std::string &containerIp, in_port_t port) const
Constructs a DNAT PREROUTING rule to send anything from the container on the given port to localhost ...
Definition: AppServicesRdkPlugin.cpp:467
AppServicesRdkPlugin::createRuntime
bool createRuntime() override
OCI Hook - Run in host namespace. Adds the two iptables firewall rules to enable port forwarding.
Definition: AppServicesRdkPlugin.cpp:143
RdkPluginBase
Basic object that provides the default overrides for a plugin.
Definition: RdkPluginBase.h:34
Generated by doxygen 1.9.1