Dobby/ThunderPlugin_8h_source.html

/*

* If not stated otherwise in this file or this component's LICENSE file the

* following copyright and licenses apply:

*

* Copyright 2021 Sky UK

*

* Licensed under the Apache License, Version 2.0 (the "License");

* you may not use this file except in compliance with the License.

* You may obtain a copy of the License at

*

* http://www.apache.org/licenses/LICENSE-2.0

*

* Unless required by applicable law or agreed to in writing, software

* distributed under the License is distributed on an "AS IS" BASIS,

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

* See the License for the specific language governing permissions and

* limitations under the License.

*/


#ifndef THUNDERPLUGIN_H

#define THUNDERPLUGIN_H


#include <Netfilter.h>

#if defined (DOBBY_BUILD)

    #include <RdkPluginBase.h>

#else

    #include <Dobby/rdkPlugins/RdkPluginBase.h>

#endif


#include <sys/types.h>

#include <netinet/in.h>


#include <map>

#include <set>

#include <list>

#include <mutex>

#include <string>

#include <memory>


// -----------------------------------------------------------------------------


class ThunderPlugin : public RdkPluginBase

{

public:

    ThunderPlugin(std::shared_ptr<rt_dobby_schema> &containerConfig,

                  const std::shared_ptr<DobbyRdkPluginUtils> &utils,

                  const std::string &rootfsPath);


    ~ThunderPlugin();


public:


    inline std::string name() const override

    {

        return mName;

    };


    unsigned hookHints() const final;


public:

    bool postInstallation() final;


    bool preCreation() final;


    bool createRuntime() final;


    bool postHalt() final;


public:

    std::vector<std::string> getDependencies() const override;


private:

    Netfilter::RuleSet constructRules() const;


    std::string constructDNATRule(const std::string &containerIp,

                                  in_port_t port) const;


    std::string constructCONNLIMITRule(const std::string &containerIp,

                                       const std::string &vethName,

                                       in_port_t port,

                                       uint32_t connLimit) const;


    std::string constructACCEPTRule(const std::string &containerIp,

                                    const std::string &vethName,

                                    in_port_t port) const;

    bool isNatNetworkMode() const;


private:

    const std::string mName;

    std::shared_ptr<rt_dobby_schema> mContainerConfig;

    const std::string mRootfsPath;

    const std::shared_ptr<DobbyRdkPluginUtils> mUtils;


    std::shared_ptr<Netfilter> mNetfilter;

    in_port_t mThunderPort;


private:

    std::mutex mLock;

    const bool mEnableConnLimit;

    const std::string mSocketDirectory;

    const std::string mSocketPath;

    bool mSocketExists;

};


#endif // !defined(THUNDERPLUGIN_H)

DobbyRdkPluginUtils
Class for useful utility methods for plugins such as adding mounts and environment variables.
Definition DobbyRdkPluginUtils.h:79

Netfilter
Class that can read / write iptables rule sets.
Definition Netfilter.h:45

RdkPluginBase
Basic object that provides the default overrides for a plugin.
Definition RdkPluginBase.h:34

ThunderPlugin
Plugin used to map in the wpeframework (aka thunder) server.
Definition ThunderPlugin.h:54

ThunderPlugin::createRuntime
bool createRuntime() final
Definition ThunderPlugin.cpp:258

ThunderPlugin::name
std::string name() const override
Should return the name of the plugin.
Definition ThunderPlugin.h:63

ThunderPlugin::postInstallation
bool postInstallation() final
Dobby Hook - run in host namespace once when container bundle is downloaded.
Definition ThunderPlugin.cpp:113

ThunderPlugin::preCreation
bool preCreation() final
Definition ThunderPlugin.cpp:175

ThunderPlugin::postHalt
bool postHalt() final
Definition ThunderPlugin.cpp:294

ThunderPlugin::constructDNATRule
std::string constructDNATRule(const std::string &containerIp, in_port_t port) const
Constructs a DNAT PREROUTING rule to send anything from the container on the given port to localhost ...
Definition ThunderPlugin.cpp:416

ThunderPlugin::hookHints
unsigned hookHints() const final
Set the bit flags for which hooks we're going to use.
Definition ThunderPlugin.cpp:96

ThunderPlugin::constructCONNLIMITRule
std::string constructCONNLIMITRule(const std::string &containerIp, const std::string &vethName, in_port_t port, uint32_t connLimit) const
Constructs an INPUT REJECT rule to reject connection if exceed the limit.
Definition ThunderPlugin.cpp:453

ThunderPlugin::constructACCEPTRule
std::string constructACCEPTRule(const std::string &containerIp, const std::string &vethName, in_port_t port) const
Constructs a INPUT ACCEPT rule to allow packets from the container over the dobby0 bridge to localhos...
Definition ThunderPlugin.cpp:494

ThunderPlugin::getDependencies
std::vector< std::string > getDependencies() const override
Should return the names of the plugins this plugin depends on.
Definition ThunderPlugin.cpp:340