Plugin used to map in the wpeframework (aka thunder) server. More...

#include <ThunderPlugin.h>

Inheritance diagram for ThunderPlugin:

Collaboration diagram for ThunderPlugin:

Public Member Functions
	ThunderPlugin (std::shared_ptr< rt_dobby_schema > &containerConfig, const std::shared_ptr< DobbyRdkPluginUtils > &utils, const std::string &rootfsPath)
	Constructor - called when plugin is loaded by PluginLauncher. More...

std::string	name () const override
	Should return the name of the plugin. More...

unsigned	hookHints () const final
	Set the bit flags for which hooks we're going to use. More...

bool	postInstallation () final
	Dobby Hook - run in host namespace once when container bundle is downloaded. More...

bool	preCreation () final

bool	createRuntime () final

bool	postHalt () final

std::vector< std::string >	getDependencies () const override
	Should return the names of the plugins this plugin depends on. More...

Public Member Functions inherited from RdkPluginBase
virtual bool	createContainer ()

virtual bool	postStart ()

virtual bool	postStop ()

Private Member Functions
Netfilter::RuleSet	constructRules () const

std::string	constructDNATRule (const std::string &containerIp, in_port_t port) const
	Constructs a DNAT PREROUTING rule to send anything from the container on the given port to localhost outside the container. More...

std::string	constructCONNLIMITRule (const std::string &containerIp, const std::string &vethName, in_port_t port, uint32_t connLimit) const
	Constructs an INPUT REJECT rule to reject connection if exceed the limit. More...

std::string	constructACCEPTRule (const std::string &containerIp, const std::string &vethName, in_port_t port) const
	Constructs a INPUT ACCEPT rule to allow packets from the container over the dobby0 bridge to localhost. More...

bool	isNatNetworkMode () const

Private Attributes
const std::string	mName

std::shared_ptr< rt_dobby_schema >	mContainerConfig

const std::string	mRootfsPath

const std::shared_ptr< DobbyRdkPluginUtils >	mUtils

std::shared_ptr< Netfilter >	mNetfilter

in_port_t	mThunderPort

std::mutex	mLock

const bool	mEnableConnLimit

const std::string	mSocketDirectory

const std::string	mSocketPath

bool	mSocketExists

Additional Inherited Members
Public Types inherited from IDobbyRdkPlugin
enum	HintFlags : unsigned { PostInstallationFlag = (1 << 0) , PreCreationFlag = (1 << 1) , CreateRuntimeFlag = (1 << 2) , CreateContainerFlag = (1 << 3) , PostStartFlag = (1 << 5) , PostHaltFlag = (1 << 6) , PostStopFlag = (1 << 7) , Unknown = 0 }
	Bit flags that should be returned by hookHints. More...

Detailed Description

Plugin used to map in the wpeframework (aka thunder) server.

Note: This is NOT a "thunder plugin" for the WPEFramework, instead it is plugin to dobby to allow containers to access the WPEFramework services.

This plugin does two things; it uses iptables to setup routing to the wpeframework server, and it optionally creates a security token for the app and puts it in the containers env variables.

Constructor & Destructor Documentation

◆ ThunderPlugin()

ThunderPlugin::ThunderPlugin	(	std::shared_ptr< rt_dobby_schema > &	containerConfig,
		const std::shared_ptr< DobbyRdkPluginUtils > &	utils,
		const std::string &	rootfsPath
	)

Constructor - called when plugin is loaded by PluginLauncher.

Do not change the parameters for this constructor - must match C methods created by REGISTER_RDK_PLUGIN macro

Note plugin name is not case sensitive

Member Function Documentation

◆ constructACCEPTRule()

std::string ThunderPlugin::constructACCEPTRule	(	const std::string &	containerIp,
		const std::string &	vethName,
		in_port_t	port
	)		const

private

Constructs a INPUT ACCEPT rule to allow packets from the container over the dobby0 bridge to localhost.

Parameters

[in]	id	The id of the container.
[in]	containerIp	The ip address inside the container.
[in]	vethName	The name of the veth device (outside the container) that belongs to the container.
[in]	port	The port number to add the DNAT rule for.

Returns: the iptables formatted string.

◆ constructCONNLIMITRule()

std::string ThunderPlugin::constructCONNLIMITRule	(	const std::string &	containerIp,
		const std::string &	vethName,
		in_port_t	port,
		uint32_t	connLimit
	)		const

private

Constructs an INPUT REJECT rule to reject connection if exceed the limit.

Parameters

[in]	id	The id of the container.
[in]	containerIp	The ip address inside the container.
[in]	vethName	The name of the veth device (outside the container) that belongs to the container.
[in]	port	The port number to add the DNAT rule for.

Returns: the iptables formatted string.

◆ constructDNATRule()

std::string ThunderPlugin::constructDNATRule	(	const std::string &	containerIp,
		in_port_t	port
	)		const

private

Constructs a DNAT PREROUTING rule to send anything from the container on the given port to localhost outside the container.

Parameters

[in]	id	The id of the container.
[in]	containerIp	The ip address inside the container.
[in]	port	The port number to add the DNAT rule for.

Returns: the iptables formatted string.

◆ createRuntime()

bool ThunderPlugin::createRuntime ( )

finalvirtual

Hook Name: createRuntime Hook Execution Namespace: host Hook Path Resolution: host

Execution: OCI Runtime (runc/crun)

Hook Description: Run during the create operation, after the runtime environment has been created and before the pivot root or any equivalent operation.

Called after the container namespaces are created, so provides an opportunity to customize the container (e.g. the network namespace could be specified in this hook).

Reimplemented from RdkPluginBase.

◆ getDependencies()

std::vector< std::string > ThunderPlugin::getDependencies ( ) const

overridevirtual

Should return the names of the plugins this plugin depends on.

This can be used to determine the order in which the plugins should be processed when running hooks.

Returns: Names of the plugins this plugin depends on.

Reimplemented from RdkPluginBase.

◆ hookHints()

unsigned ThunderPlugin::hookHints ( ) const

finalvirtual

Set the bit flags for which hooks we're going to use.

This plugin uses all the hooks so set all the flags

Implements IDobbyRdkPlugin.

◆ name()

std::string ThunderPlugin::name ( ) const

inlineoverridevirtual

Should return the name of the plugin.

Returns: string with the name of the hook.

Implements IDobbyRdkPlugin.

◆ postHalt()

bool ThunderPlugin::postHalt ( )

finalvirtual

Hook Name: postHalt Hook Execution Namespace: host Hook Path Resolution: host

Execution: Dobby

Hook Description: When a SIGTERM signal is received from the container. Before the delete operation is called

For example, this hook could perform clean up when a container closes

Reimplemented from RdkPluginBase.

◆ postInstallation()

bool ThunderPlugin::postInstallation ( )

finalvirtual

Dobby Hook - run in host namespace once when container bundle is downloaded.

Updates the /etc/services and /etc/hosts file to point to the mapped thunder server

Reimplemented from RdkPluginBase.

◆ preCreation()

bool ThunderPlugin::preCreation ( )

finalvirtual

Hook Name: preCreation Hook Execution Namespace: host Hook Path Resolution: host

Execution: Dobby

Hook Description: Runs before the runtime’s create operation is called. This hook runs every time container need to be created.

Reimplemented from RdkPluginBase.

The documentation for this class was generated from the following files:

rdkPlugins/Thunder/source/ThunderPlugin.h
rdkPlugins/Thunder/source/ThunderPlugin.cpp

Public Member Functions

Private Member Functions

Private Attributes

Additional Inherited Members

Detailed Description

Constructor & Destructor Documentation

◆ ThunderPlugin()

Member Function Documentation

◆ constructACCEPTRule()

◆ constructCONNLIMITRule()

◆ constructDNATRule()

◆ createRuntime()

◆ getDependencies()

◆ hookHints()

◆ name()

◆ postHalt()

◆ postInstallation()

◆ preCreation()