pierre/VirtWeb
1
0
Fork 0
Code Issues Pull Requests 3 Packages Projects Releases 5 Wiki Activity

Finish to convert NW filter Lib structures into REST structures

Browse Source
This commit is contained in:
Pierre HUBERT
2023-12-29 12:45:03 +01:00
parent 246f5ef842
commit 61c567846d
2 changed files with 327 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

312
virtweb_backend/src/libvirt_rest_structures/nw_filter.rs
View File

@ -1,7 +1,10 @@
use crate::libvirt_lib_structures::nwfilter::NetworkFilterXML;
use crate::libvirt_lib_structures::nwfilter::{
NetworkFilterRuleProtocolAll, NetworkFilterRuleProtocolArp, NetworkFilterRuleProtocolIpvx,
NetworkFilterRuleProtocolLayer4, NetworkFilterRuleProtocolMac, NetworkFilterXML,
};
use crate::libvirt_lib_structures::XMLUuid;
use crate::libvirt_rest_structures::LibVirtStructError;
use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
use std::net::{Ipv4Addr, Ipv6Addr};
#[derive(serde::Serialize, serde::Deserialize, Debug, Copy, Clone)]
pub enum NetworkFilterChainProtocol {
@ -30,7 +33,7 @@ impl NetworkFilterChainProtocol {
return Err(LibVirtStructError::ParseFilteringChain(format!(
"Unknown filtering chain: {xml}! "
))
.into())
.into());
}
})
}
@ -95,12 +98,187 @@ pub struct NetworkFilter {
}
impl NetworkFilter {
fn process_all_rule(_n: &NetworkFilterRuleProtocolAll) -> NetworkFilterSelector {
NetworkFilterSelector::All
}
fn process_mac_rule(n: &NetworkFilterRuleProtocolMac) -> NetworkFilterSelector {
NetworkFilterSelector::Mac {
src_mac_addr: n.srcmacaddr.clone(),
src_mac_mask: n.srcmacmask.clone(),
dst_mac_addr: n.dstmacaddr.clone(),
dst_mac_mask: n.dstmacmask.clone(),
comment: n.comment.clone(),
}
}
fn process_arp_rule(n: &NetworkFilterRuleProtocolArp) -> NetworkSelectorARP {
NetworkSelectorARP {
srcmacaddr: n.srcmacaddr.clone(),
srcmacmask: n.srcmacmask.clone(),
dstmacaddr: n.dstmacaddr.clone(),
dstmacmask: n.dstmacmask.clone(),
arpsrcipaddr: n.arpsrcipaddr.clone(),
arpsrcipmask: n.arpsrcipmask,
arpdstipaddr: n.arpdstipaddr.clone(),
arpdstipmask: n.arpdstipmask,
comment: n.comment.clone(),
}
}
fn process_ip_rule(n: &NetworkFilterRuleProtocolIpvx) -> NetworkFilterSelectorIP {
NetworkFilterSelectorIP {
srcmacaddr: n.srcmacaddr.clone(),
srcmacmask: n.srcmacmask.clone(),
dstmacaddr: n.dstmacaddr.clone(),
dstmacmask: n.dstmacmask.clone(),
srcipaddr: n.srcipaddr.clone(),
srcipmask: n.srcipmask,
dstipaddr: n.dstipaddr.clone(),
dstipmask: n.dstipmask,
comment: n.comment.clone(),
}
}
fn process_layer4_rule<IPv: Copy>(
n: &NetworkFilterRuleProtocolLayer4<IPv>,
) -> anyhow::Result<NetworkSelectorLayer4<IPv>> {
Ok(NetworkSelectorLayer4 {
srcmacaddr: n.srcmacaddr.clone(),
srcipaddr: n.srcipaddr,
srcipmask: n.srcipmask,
dstipaddr: n.dstipaddr,
dstipmask: n.dstipmask,
srcipfrom: n.srcipfrom,
srcipto: n.srcipto,
dstipfrom: n.dstipfrom,
dstipto: n.dstipto,
srcportstart: n.srcportstart,
srcportend: n.srcportend,
dstportstart: n.dstportstart,
dstportend: n.dstportend,
state: n.state.as_deref().map(Layer4State::from_xml).transpose()?,
comment: n.comment.clone(),
})
}
pub fn from_xml(xml: NetworkFilterXML) -> anyhow::Result<Self> {
let mut rules = Vec::with_capacity(xml.rules.len());
for rule in &xml.rules {
let mut selectors = Vec::new();
// TODO : add other selectors
// All selector
selectors.append(&mut rule.all.iter().map(Self::process_all_rule).collect());
// Mac rules
selectors.append(&mut rule.mac_rules.iter().map(Self::process_mac_rule).collect());
// ARP - RARP rules
selectors.append(
&mut rule
.arp_rules
.iter()
.map(|r| NetworkFilterSelector::Arp(Self::process_arp_rule(r)))
.collect(),
);
selectors.append(
&mut rule
.rarp_rules
.iter()
.map(|r| NetworkFilterSelector::Rarp(Self::process_arp_rule(r)))
.collect(),
);
// IPv4 - IPv6 rules
selectors.append(
&mut rule
.ipv4_rules
.iter()
.map(|r| NetworkFilterSelector::IPv4(Self::process_ip_rule(r)))
.collect(),
);
selectors.append(
&mut rule
.ipv6_rules
.iter()
.map(|r| NetworkFilterSelector::IPv6(Self::process_ip_rule(r)))
.collect(),
);
// Layer 4 protocols
selectors.append(
&mut rule
.tcp_rules
.iter()
.map(|r| Ok(NetworkFilterSelector::TCP(Self::process_layer4_rule(r)?)))
.collect::<Result<Vec<_>, anyhow::Error>>()?,
);
selectors.append(
&mut rule
.udp_rules
.iter()
.map(|r| Ok(NetworkFilterSelector::UDP(Self::process_layer4_rule(r)?)))
.collect::<Result<Vec<_>, anyhow::Error>>()?,
);
selectors.append(
&mut rule
.sctp_rules
.iter()
.map(|r| Ok(NetworkFilterSelector::SCTP(Self::process_layer4_rule(r)?)))
.collect::<Result<Vec<_>, anyhow::Error>>()?,
);
selectors.append(
&mut rule
.imcp_rules
.iter()
.map(|r| Ok(NetworkFilterSelector::ICMP(Self::process_layer4_rule(r)?)))
.collect::<Result<Vec<_>, anyhow::Error>>()?,
);
selectors.append(
&mut rule
.tcp_ipv6_rules
.iter()
.map(|r| {
Ok(NetworkFilterSelector::TCPipv6(Self::process_layer4_rule(
r,
)?))
})
.collect::<Result<Vec<_>, anyhow::Error>>()?,
);
selectors.append(
&mut rule
.udp_ipv6_rules
.iter()
.map(|r| {
Ok(NetworkFilterSelector::UDPipv6(Self::process_layer4_rule(
r,
)?))
})
.collect::<Result<Vec<_>, anyhow::Error>>()?,
);
selectors.append(
&mut rule
.sctp_ipv6_rules
.iter()
.map(|r| {
Ok(NetworkFilterSelector::SCTPipv6(Self::process_layer4_rule(
r,
)?))
})
.collect::<Result<Vec<_>, anyhow::Error>>()?,
);
selectors.append(
&mut rule
.imcp_ipv6_rules
.iter()
.map(|r| {
Ok(NetworkFilterSelector::ICMPipv6(Self::process_layer4_rule(
r,
)?))
})
.collect::<Result<Vec<_>, anyhow::Error>>()?,
);
rules.push(NetworkFilterRule {
action: NetworkFilterAction::from_xml(&rule.action)?,
@ -152,7 +330,7 @@ impl NetworkFilterAction {
return Err(LibVirtStructError::ParseFilteringChain(format!(
"Unkown filter action {s}!"
))
.into())
.into());
}
})
}
@ -186,7 +364,7 @@ impl NetworkFilterDirection {
return Err(LibVirtStructError::ParseFilteringChain(format!(
"Unkown filter direction {s}!"
))
.into())
.into());
}
})
}
@ -210,28 +388,81 @@ pub enum Layer4State {
NONE,
}
#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]
pub enum Layer4Type {
TCP,
UDP,
SCTP,
ICMP,
TCPipv6,
UDPipv6,
SCTPipv6,
ICMPipv6,
impl Layer4State {
pub fn from_xml(xml: &str) -> anyhow::Result<Self> {
Ok(match xml {
"NEW" => Self::NEW,
"ESTABLISHED" => Self::ESTABLISHED,
"RELATED" => Self::RELATED,
"INVALID" => Self::INVALID,
"NONE" => Self::NONE,
s => {
return Err(LibVirtStructError::ParseFilteringChain(format!(
"Unkown layer4 state '{s}'!"
))
.into());
}
})
}
pub fn to_xml(&self) -> String {
match self {
Self::NEW => "NEW",
Self::ESTABLISHED => "ESTABLISHED",
Self::RELATED => "RELATED",
Self::INVALID => "INVALID",
Self::NONE => "NONE",
}
.to_string()
}
}
#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]
pub struct NetworkFilterSelectorIP<IPv> {
pub struct NetworkFilterSelectorIP {
srcmacaddr: Option<String>,
srcmacmask: Option<String>,
dstmacaddr: Option<String>,
dstmacmask: Option<String>,
srcipaddr: Option<String>,
srcipmask: Option<u8>,
dstipaddr: Option<String>,
dstipmask: Option<u8>,
comment: Option<String>,
}
#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]
pub struct NetworkSelectorARP {
srcmacaddr: Option<String>,
srcmacmask: Option<String>,
dstmacaddr: Option<String>,
dstmacmask: Option<String>,
arpsrcipaddr: Option<String>,
arpsrcipmask: Option<u8>,
arpdstipaddr: Option<String>,
arpdstipmask: Option<u8>,
comment: Option<String>,
}
#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]
pub struct NetworkSelectorLayer4<IPv> {
srcmacaddr: Option<String>,
srcipaddr: Option<IPv>,
srcipmask: Option<u8>,
dstipaddr: Option<IPv>,
dstipmask: Option<u8>,
/// Start of range of source IP address
srcipfrom: Option<IPv>,
/// End of range of source IP address
srcipto: Option<IPv>,
/// Start of range of destination IP address
dstipfrom: Option<IPv>,
/// End of range of destination IP address
dstipto: Option<IPv>,
srcportstart: Option<u16>,
srcportend: Option<u16>,
dstportstart: Option<u16>,
dstportend: Option<u16>,
state: Option<Layer4State>,
comment: Option<String>,
}
@ -245,41 +476,18 @@ pub enum NetworkFilterSelector {
dst_mac_mask: Option<String>,
comment: Option<String>,
},
Arp {
srcmacaddr: Option<String>,
srcmacmask: Option<String>,
dstmacaddr: Option<String>,
dstmacmask: Option<String>,
arpsrcipaddr: Option<IpAddr>,
arpsrcipmask: Option<u8>,
arpdstipaddr: Option<IpAddr>,
arpdstipmask: Option<u8>,
comment: Option<String>,
},
IPv4(NetworkFilterSelectorIP<Ipv4Addr>),
IPv6(NetworkFilterSelectorIP<Ipv6Addr>),
Layer4 {
r#type: Layer4Type,
srcmacaddr: Option<String>,
srcipaddr: Option<IpAddr>,
srcipmask: Option<u8>,
dstipaddr: Option<IpAddr>,
dstipmask: Option<u8>,
/// Start of range of source IP address
srcipfrom: Option<IpAddr>,
/// End of range of source IP address
srcipto: Option<IpAddr>,
/// Start of range of destination IP address
dstipfrom: Option<IpAddr>,
/// End of range of destination IP address
dstipto: Option<IpAddr>,
srcportstart: Option<u16>,
srcportend: Option<u16>,
dstportstart: Option<u16>,
dstportend: Option<u16>,
state: Option<Layer4State>,
comment: Option<String>,
},
Arp(NetworkSelectorARP),
Rarp(NetworkSelectorARP),
IPv4(NetworkFilterSelectorIP),
IPv6(NetworkFilterSelectorIP),
TCP(NetworkSelectorLayer4<Ipv4Addr>),
UDP(NetworkSelectorLayer4<Ipv4Addr>),
SCTP(NetworkSelectorLayer4<Ipv4Addr>),
ICMP(NetworkSelectorLayer4<Ipv4Addr>),
TCPipv6(NetworkSelectorLayer4<Ipv6Addr>),
UDPipv6(NetworkSelectorLayer4<Ipv6Addr>),
SCTPipv6(NetworkSelectorLayer4<Ipv6Addr>),
ICMPipv6(NetworkSelectorLayer4<Ipv6Addr>),
}
#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]