Dobby/ThunderPlugin_8h_source.html

 /*

 * If not stated otherwise in this file or this component's LICENSE file the

 * following copyright and licenses apply:

 *

 * Copyright 2021 Sky UK

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 * http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */


 #ifndef THUNDERPLUGIN_H

 #define THUNDERPLUGIN_H


 #include <Netfilter.h>

 #if defined (DOBBY_BUILD)

     #include <RdkPluginBase.h>

 #else

     #include <Dobby/rdkPlugins/RdkPluginBase.h>

 #endif


 #include <sys/types.h>

 #include <netinet/in.h>


 #include <map>

 #include <set>

 #include <list>

 #include <mutex>

 #include <string>

 #include <memory>


 // -----------------------------------------------------------------------------

 class ThunderPlugin : public RdkPluginBase

 {

 public:

     ThunderPlugin(std::shared_ptr<rt_dobby_schema> &containerConfig,

                   const std::shared_ptr<DobbyRdkPluginUtils> &utils,

                   const std::string &rootfsPath);


     ~ThunderPlugin();


 public:

     inline std::string name() const override

     {

         return mName;

     };


     unsigned hookHints() const final;


 public:

     bool postInstallation() final;


     bool preCreation() final;


     bool createRuntime() final;


     bool postHalt() final;


 public:

     std::vector<std::string> getDependencies() const override;


 private:

     Netfilter::RuleSet constructRules() const;


     std::string constructDNATRule(const std::string &containerIp,

                                   in_port_t port) const;


     std::string constructCONNLIMITRule(const std::string &containerIp,

                                        const std::string &vethName,

                                        in_port_t port,

                                        uint32_t connLimit) const;


     std::string constructACCEPTRule(const std::string &containerIp,

                                     const std::string &vethName,

                                     in_port_t port) const;

     bool isNatNetworkMode() const;


 private:

     const std::string mName;

     std::shared_ptr<rt_dobby_schema> mContainerConfig;

     const std::string mRootfsPath;

     const std::shared_ptr<DobbyRdkPluginUtils> mUtils;


     std::shared_ptr<Netfilter> mNetfilter;

     in_port_t mThunderPort;


 private:

     std::mutex mLock;

     const bool mEnableConnLimit;

     const std::string mSocketDirectory;

     const std::string mSocketPath;

     bool mSocketExists;

 };

 #endif // !defined(THUNDERPLUGIN_H)

DobbyRdkPluginUtils
Class for useful utility methods for plugins such as adding mounts and environment variables.
Definition: DobbyRdkPluginUtils.h:78

Netfilter
Class that can read / write iptables rule sets.
Definition: Netfilter.h:45

RdkPluginBase
Basic object that provides the default overrides for a plugin.
Definition: RdkPluginBase.h:34

ThunderPlugin
Plugin used to map in the wpeframework (aka thunder) server.
Definition: ThunderPlugin.h:54

ThunderPlugin::createRuntime
bool createRuntime() final
Definition: ThunderPlugin.cpp:258

ThunderPlugin::name
std::string name() const override
Should return the name of the plugin.
Definition: ThunderPlugin.h:63

ThunderPlugin::postInstallation
bool postInstallation() final
Dobby Hook - run in host namespace once when container bundle is downloaded.
Definition: ThunderPlugin.cpp:113

ThunderPlugin::preCreation
bool preCreation() final
Definition: ThunderPlugin.cpp:175

ThunderPlugin::postHalt
bool postHalt() final
Definition: ThunderPlugin.cpp:294

ThunderPlugin::constructDNATRule
std::string constructDNATRule(const std::string &containerIp, in_port_t port) const
Constructs a DNAT PREROUTING rule to send anything from the container on the given port to localhost ...
Definition: ThunderPlugin.cpp:416

ThunderPlugin::hookHints
unsigned hookHints() const final
Set the bit flags for which hooks we're going to use.
Definition: ThunderPlugin.cpp:96

ThunderPlugin::constructCONNLIMITRule
std::string constructCONNLIMITRule(const std::string &containerIp, const std::string &vethName, in_port_t port, uint32_t connLimit) const
Constructs an INPUT REJECT rule to reject connection if exceed the limit.
Definition: ThunderPlugin.cpp:453

ThunderPlugin::constructACCEPTRule
std::string constructACCEPTRule(const std::string &containerIp, const std::string &vethName, in_port_t port) const
Constructs a INPUT ACCEPT rule to allow packets from the container over the dobby0 bridge to localhos...
Definition: ThunderPlugin.cpp:494

ThunderPlugin::ThunderPlugin
ThunderPlugin(std::shared_ptr< rt_dobby_schema > &containerConfig, const std::shared_ptr< DobbyRdkPluginUtils > &utils, const std::string &rootfsPath)
Constructor - called when plugin is loaded by PluginLauncher.
Definition: ThunderPlugin.cpp:44

ThunderPlugin::getDependencies
std::vector< std::string > getDependencies() const override
Should return the names of the plugins this plugin depends on.
Definition: ThunderPlugin.cpp:340