Plugin just used to map in access for AS services.
More...
#include <AppServicesRdkPlugin.h>
|
|
| AppServicesRdkPlugin (std::shared_ptr< rt_dobby_schema > &containerConfig, const std::shared_ptr< DobbyRdkPluginUtils > &utils, const std::string &rootfsPath) |
| |
| std::string | name () const override |
| | Should return the name of the plugin. More...
|
| |
|
unsigned | hookHints () const override |
| | Set the bit flags for which hooks we're going to use.
|
| |
| bool | postInstallation () override |
| | Dobby Hook - run in host namespace once when container bundle is downloaded Updates the /etc/services and /etc/hosts file to point to the mapped AS server. More...
|
| |
| bool | createRuntime () override |
| | OCI Hook - Run in host namespace. Adds the two iptables firewall rules to enable port forwarding. More...
|
| |
| bool | postHalt () override |
| | Dobby Hook - Run in host namespace when container terminates. We hook this point so we can delete the iptables firewalls rules added at container start-up. More...
|
| |
| std::vector< std::string > | getDependencies () const override |
| | Should return the names of the plugins this plugin depends on. More...
|
| |
| virtual bool | preCreation () |
| |
| virtual bool | createContainer () |
| |
| virtual bool | postStart () |
| |
| virtual bool | postStop () |
| |
| std::vector< std::string > | getDependencies () const override |
| | Should return the names of the plugins this plugin depends on. More...
|
| |
|
| enum | LocalServicesPort : in_port_t {
LocalServicesNone = 0
, LocalServicesInvalid = 1
, LocalServices1Port = 9001
, LocalServices2Port = 9002
,
LocalServices3Port = 9003
, LocalServices4Port = 9004
, LocalServices5Port = 9009
} |
| |
|
| LocalServicesPort | getAsPort () const |
| | Gets the AS port based on the "setMenu" config setting. More...
|
| |
| std::set< in_port_t > | getAllPorts () const |
| | Get all the ports we need to forward. More...
|
| |
| Netfilter::RuleSet | constructRules () const |
| | Creates the required iptables rules based on the container and plugin config. More...
|
| |
| Netfilter::RuleSet | constructMasqueradeRules () const |
| | Constructs rules to forward requests to AS ports on the container localhost interface to the host. More...
|
| |
|
bool | setupLocalhostMasquerade (Netfilter::RuleSet &ruleSet) |
| |
| void | addRulesForPort (const std::string &containerIp, const std::string &vethName, in_port_t port, std::list< std::string > &acceptRules, std::list< std::string > &natRules) const |
| | Adds the ACCEPT, DNAT and CONNLIMIT iptables rules for the given port to the given rule sets. More...
|
| |
| std::string | constructDNATRule (const std::string &containerIp, in_port_t port) const |
| | Constructs a DNAT PREROUTING rule to send anything from the container on the given port to localhost outside the container. More...
|
| |
| std::string | constructCONNLIMITRule (const std::string &containerIp, const std::string &vethName, in_port_t port, uint32_t connLimit) const |
| | Constructs an INPUT REJECT rule to reject connection if exceed the limit. More...
|
| |
| std::string | constructACCEPTRule (const std::string &containerIp, const std::string &vethName, in_port_t port) const |
| | Constructs a INPUT ACCEPT rule to allow packets from the container over the dobby0 bridge to localhost. More...
|
| |
| std::string | createMasqueradeDnatRule (const in_port_t &port) const |
| | Constructs an OUTPUT DNAT rule to forward packets from 127.0.0.1 inside the container to the bridge device (100.64.11.1) on the given port. More...
|
| |
| std::string | createMasqueradeSnatRule (const std::string &ipAddress) const |
| | Constructs an POSTROUTING SNAT rule so that the source address is changed to the veth0 inside the container so we get the replies. More...
|
| |
|
|
const std::string | mName |
| |
|
std::shared_ptr< rt_dobby_schema > | mContainerConfig |
| |
|
const std::shared_ptr< DobbyRdkPluginUtils > | mUtils |
| |
|
const std::string | mRootfsPath |
| |
|
bool | mValid |
| |
|
const rt_defs_plugins_app_services_rdk_data * | mPluginConfig |
| |
|
std::shared_ptr< Netfilter > | mNetfilter |
| |
|
const bool | mEnableConnLimit |
| |
|
| enum | HintFlags : unsigned {
PostInstallationFlag = (1 << 0)
, PreCreationFlag = (1 << 1)
, CreateRuntimeFlag = (1 << 2)
, CreateContainerFlag = (1 << 3)
,
PostStartFlag = (1 << 5)
, PostHaltFlag = (1 << 6)
, PostStopFlag = (1 << 7)
, Unknown = 0
} |
| | Bit flags that should be returned by hookHints. More...
|
| |
Plugin just used to map in access for AS services.
This plugin currently just uses iptables to setup routing to AS. However the end goal is to have this plugin talk to the asproxy daemon and create a bespoke listening socket for AS services with fine grained access control.
◆ addRulesForPort()
| void AppServicesRdkPlugin::addRulesForPort |
( |
const std::string & |
containerIp, |
|
|
const std::string & |
vethName, |
|
|
in_port_t |
port, |
|
|
std::list< std::string > & |
acceptRules, |
|
|
std::list< std::string > & |
natRules |
|
) |
| const |
|
private |
Adds the ACCEPT, DNAT and CONNLIMIT iptables rules for the given port to the given rule sets.
- Parameters
-
| [in] | containerIp | The ip address inside the container. |
| [in] | vethName | The name of the veth device (outside the container). |
| [in] | port | The port number to add the rules for. |
| [in,out] | acceptRules | The ACCEPT rule set. |
| [in,out] | natRules | The DNAT rule set. |
◆ constructACCEPTRule()
| std::string AppServicesRdkPlugin::constructACCEPTRule |
( |
const std::string & |
containerIp, |
|
|
const std::string & |
vethName, |
|
|
in_port_t |
port |
|
) |
| const |
|
private |
Constructs a INPUT ACCEPT rule to allow packets from the container over the dobby0 bridge to localhost.
- Parameters
-
| [in] | id | The id of the container. |
| [in] | containerIp | The ip address inside the container. |
| [in] | vethName | The name of the veth device (outside the container) that belongs to the container. |
| [in] | port | The port number to add the DNAT rule for. |
- Returns
- The iptables formatted string.
◆ constructCONNLIMITRule()
| std::string AppServicesRdkPlugin::constructCONNLIMITRule |
( |
const std::string & |
containerIp, |
|
|
const std::string & |
vethName, |
|
|
in_port_t |
port, |
|
|
uint32_t |
connLimit |
|
) |
| const |
|
private |
Constructs an INPUT REJECT rule to reject connection if exceed the limit.
- Parameters
-
| [in] | id | The id of the container. |
| [in] | containerIp | The ip address inside the container. |
| [in] | vethName | The name of the veth device (outside the container) that belongs to the container. |
| [in] | port | The port number to add the DNAT rule for. |
- Returns
- The iptables formatted string.
◆ constructDNATRule()
| std::string AppServicesRdkPlugin::constructDNATRule |
( |
const std::string & |
containerIp, |
|
|
in_port_t |
port |
|
) |
| const |
|
private |
Constructs a DNAT PREROUTING rule to send anything from the container on the given port to localhost outside the container.
- Parameters
-
| [in] | id | The id of the container. |
| [in] | containerIp | The ip address inside the container. |
| [in] | port | The port number to add the DNAT rule for. |
- Returns
- The iptables formatted string.
◆ constructMasqueradeRules()
| Netfilter::RuleSet AppServicesRdkPlugin::constructMasqueradeRules |
( |
| ) |
const |
|
private |
Constructs rules to forward requests to AS ports on the container localhost interface to the host.
Simplified version of portForwarding code in Networking plugin
- Returns
- RuleSet to configure iptables
◆ constructRules()
| Netfilter::RuleSet AppServicesRdkPlugin::constructRules |
( |
| ) |
const |
|
private |
Creates the required iptables rules based on the container and plugin config.
- Returns
- The created iptables rule set.
◆ createMasqueradeDnatRule()
| std::string AppServicesRdkPlugin::createMasqueradeDnatRule |
( |
const in_port_t & |
port | ) |
const |
|
private |
Constructs an OUTPUT DNAT rule to forward packets from 127.0.0.1 inside the container to the bridge device (100.64.11.1) on the given port.
- Parameters
-
| [in] | portForward | The port to forward. |
- Returns
- returns the created rule.
◆ createMasqueradeSnatRule()
| std::string AppServicesRdkPlugin::createMasqueradeSnatRule |
( |
const std::string & |
ipAddress | ) |
const |
|
private |
Constructs an POSTROUTING SNAT rule so that the source address is changed to the veth0 inside the container so we get the replies.
- Parameters
-
| [in] | ipAddress | The ip address of the container. |
- Returns
- returns the created rule.
◆ createRuntime()
| bool AppServicesRdkPlugin::createRuntime |
( |
| ) |
|
|
overridevirtual |
OCI Hook - Run in host namespace. Adds the two iptables firewall rules to enable port forwarding.
- Returns
- True on success, false on failure.
Reimplemented from RdkPluginBase.
◆ getAllPorts()
| std::set< in_port_t > AppServicesRdkPlugin::getAllPorts |
( |
| ) |
const |
|
private |
Get all the ports we need to forward.
- Returns
- Set of ports on the host that the container should have access to
◆ getAsPort()
| AppServicesRdkPlugin::LocalServicesPort AppServicesRdkPlugin::getAsPort |
( |
| ) |
const |
|
private |
Gets the AS port based on the "setMenu" config setting.
- Returns
- The AS port if successful, AppServicesRdkPlugin::LocalServicesPort::LocalServicesInvalid otherwise.
◆ getDependencies()
| std::vector< std::string > AppServicesRdkPlugin::getDependencies |
( |
| ) |
const |
|
overridevirtual |
Should return the names of the plugins this plugin depends on.
This can be used to determine the order in which the plugins should be processed when running hooks.
- Returns
- Names of the plugins this plugin depends on.
Implements IDobbyRdkPlugin.
◆ name()
| std::string AppServicesRdkPlugin::name |
( |
| ) |
const |
|
inlineoverridevirtual |
Should return the name of the plugin.
- Returns
- string with the name of the hook.
Implements IDobbyRdkPlugin.
◆ postHalt()
| bool AppServicesRdkPlugin::postHalt |
( |
| ) |
|
|
overridevirtual |
Dobby Hook - Run in host namespace when container terminates. We hook this point so we can delete the iptables firewalls rules added at container start-up.
- Returns
- True on success, false on failure.
Reimplemented from RdkPluginBase.
◆ postInstallation()
| bool AppServicesRdkPlugin::postInstallation |
( |
| ) |
|
|
overridevirtual |
Dobby Hook - run in host namespace once when container bundle is downloaded Updates the /etc/services and /etc/hosts file to point to the mapped AS server.
The json data is expected (required) to be formatted like the following
{
"setMenu": "local-services-1",
"additionalPorts": [ 8123 ],
"connLimit": 32
}
The 'setMenu' field is the old way of specifying which services to map into the container. It is intended that in the future fine grained API lists will be specified here.
- Returns
- True on success, false on failure.
Reimplemented from RdkPluginBase.
The documentation for this class was generated from the following files:
Public Member Functions inherited from RdkPluginBase