X-Git-Url: http://plrg.eecs.uci.edu/git/?a=blobdiff_plain;f=iotjava%2Fiotruntime%2Fmaster%2FRouterConfig.java;h=48bb8f691fd000026ab6a696e6d4b24ef4835da4;hb=042f511cbc02e14fe8229b493558ef828e413bea;hp=8e23ce1fec62960015799baff0cac1e2a6c181a2;hpb=7a27eab091d560ca1222d3a2652da56c97456980;p=iot2.git diff --git a/iotjava/iotruntime/master/RouterConfig.java b/iotjava/iotruntime/master/RouterConfig.java index 8e23ce1..48bb8f6 100644 --- a/iotjava/iotruntime/master/RouterConfig.java +++ b/iotjava/iotruntime/master/RouterConfig.java @@ -7,6 +7,9 @@ import java.io.BufferedWriter; import java.io.FileWriter; import java.io.PrintWriter; import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.nio.charset.StandardCharsets; import java.util.HashMap; import java.util.Map; @@ -19,6 +22,12 @@ import java.util.Map; * that doesn't require "iptables" command to be invoked many * times - each invocation of "iptables" will load the existing * table from the kernel space before appending the new rule. + *

+ * We write the core policy repeatedly for each benchmark, while + * the header "*filter" and tail (a bunch of closing rules and + * REJECT rules) are written into a different file. + * They are merged and deployed for every benchmark bootstrapped + * in the main loop. * * @author Rahmadi Trimananda * @version 2.0 @@ -31,12 +40,14 @@ public final class RouterConfig { */ private static final String STR_SSH_USERNAME_ROUTER = "root"; private static final String STR_SSH_USERNAME_HOST = "iotuser"; + private static final String STR_POLICY_FILE_ALL = "_all"; private static final String STR_POLICY_FILE_EXT = ".policy"; /** * RouterConfig properties */ private Map mapHostToFile; + private Map mapHostToMainFile; private Map mapMACtoIPAdd; /** @@ -57,12 +68,60 @@ public final class RouterConfig { mapHostToFile = new HashMap(); } + + /** + * renewMainPrintWriter() renews the mapHostToMainFile object that lists all main PrintWriters + * + * @return void + */ + public void renewMainPrintWriter() { + + mapHostToMainFile = new HashMap(); + } + + /** + * initMainPolicy() initializes the main PrintWriter object to print the entire policies + * + * @param strConfigHost String hostname to be configured + * @return void + */ + public void initMainPolicy(String strConfigHost) { + + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); + pwConfig.println("*filter"); // Print header for iptables-restore + } + + /** + * getMainPrintWriter() gets the main PrintWriter object to print the entire policies + * + * @param strHost String hostname to be configured + * @return PrintWriter + */ + private PrintWriter getMainPrintWriter(String strHost) { + + String strConfigHost = strHost + STR_POLICY_FILE_ALL; + // Return object if existing + if (mapHostToMainFile.containsKey(strConfigHost)) { + return mapHostToMainFile.get(strConfigHost); + } else { + // Simply create a new one if it doesn't exist + FileWriter fw = null; + try { + fw = new FileWriter(strConfigHost + STR_POLICY_FILE_EXT); + } catch (IOException ex) { + ex.printStackTrace(); + } + PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw)); + mapHostToMainFile.put(strConfigHost, pwConfig); + return pwConfig; + } + } /** * getPrintWriter() gets the right PrintWriter object to print policies to the right file * - * @param strConfigHost String hostname to be configured - * @return void + * @param strConfigHost String hostname to be configured + * @return PrintWriter */ private PrintWriter getPrintWriter(String strConfigHost) { @@ -78,12 +137,56 @@ public final class RouterConfig { ex.printStackTrace(); } PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw)); - pwConfig.println("*filter"); // Print header for iptables-restore + //pwConfig.println("*filter"); // Print header for iptables-restore mapHostToFile.put(strConfigHost, pwConfig); return pwConfig; } } + /** + * readFile() read the entire file and return a string + * + * @return String String that contains the content of the file + */ + public String readFile(String filePath) { + + String retStr = null; + try { + retStr = new String(Files.readAllBytes(Paths.get(filePath)), StandardCharsets.UTF_8); + } catch (IOException ex) { + ex.printStackTrace(); + } + return retStr; + } + + /** + * combineRouterPolicies() method combines the core router policies into the main file + * + * @param strConfigHost String hostname to be configured + * @return void + */ + public void combineRouterPolicies(String strConfigHost) { + + PrintWriter pwConfigAll = getMainPrintWriter(strConfigHost); + PrintWriter pwConfig = getPrintWriter(strConfigHost); + pwConfig.flush(); + String strPolicyList = readFile(strConfigHost + STR_POLICY_FILE_EXT); + pwConfigAll.print(strPolicyList); + } + + /** + * closeMain() closes all main PrintWriter objects + * + * @return void + */ + public void closeMain() { + + for(PrintWriter pwConfig: mapHostToMainFile.values()) { + pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore + pwConfig.close(); + } + } + /** * close() closes all PrintWriter objects * @@ -92,7 +195,6 @@ public final class RouterConfig { public void close() { for(PrintWriter pwConfig: mapHostToFile.values()) { - pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore pwConfig.close(); } } @@ -105,13 +207,13 @@ public final class RouterConfig { */ public void sendRouterPolicies(String strConfigHost) { - String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " + + String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " + STR_SSH_USERNAME_ROUTER + "@" + strConfigHost + ":~;"; //System.out.println(strCmdSend); deployPolicies(strCmdSend); String strCmdDeploy = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strConfigHost + - " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost + - STR_POLICY_FILE_EXT + "; ";// + + " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost + + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; ";// + // TODO: delete these later when we apply tight initial conditions (reject everything but SSH commands) //"iptables -F startup_filter_tcp; iptables -F startup_filter_udp; " + //"iptables -t filter -D FORWARD -j startup_filter_tcp; iptables -t filter -D FORWARD -j startup_filter_udp;"; @@ -127,14 +229,14 @@ public final class RouterConfig { */ public void sendHostPolicies(String strConfigHost) { - String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " + + String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " + STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;"; - //System.out.println(strCmdSend); + System.out.println(strCmdSend); deployPolicies(strCmdSend); String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost + - " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost + - STR_POLICY_FILE_EXT + ";"; - //System.out.println(strCmdDeploy); + " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost + + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + ";"; + System.out.println(strCmdDeploy); deployPolicies(strCmdDeploy); } @@ -159,6 +261,17 @@ public final class RouterConfig { } } + /** + * getAddressListObject() method returns the map from this class + *

+ * This method is useful for MAC policy class so that it doesn't have + * to query the router again + */ + public Map getAddressListObject() { + + return mapMACtoIPAdd; + } + /** * getAddressList() method gets list of IP addresses *

@@ -471,7 +584,7 @@ public final class RouterConfig { */ public void configureRouterICMPPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow ICMP pwConfig.println("-A FORWARD -j ACCEPT -p icmp"); pwConfig.println("-A INPUT -j ACCEPT -p icmp"); @@ -491,7 +604,7 @@ public final class RouterConfig { */ public void configureRouterICMPPolicies(String strConfigHost, String strMonitorHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow ICMP pwConfig.println("-A FORWARD -j ACCEPT -p icmp"); pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost + @@ -517,7 +630,7 @@ public final class RouterConfig { */ public void configureRouterSSHPolicies(String strConfigHost, String strMonitorHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow SSH - port 22 (only from monitor host) pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh"); @@ -535,8 +648,8 @@ public final class RouterConfig { strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh"); pwConfig.println("-A OUTPUT -j ACCEPT -s " + strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh"); - pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh"); - pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh"); + //pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh"); + //pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh"); } @@ -552,7 +665,7 @@ public final class RouterConfig { */ public void configureRouterDHCPPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc"); pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc"); @@ -572,7 +685,7 @@ public final class RouterConfig { */ public void configureRouterDNSPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow DNS UDP and TCP port 53 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain"); pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain"); @@ -596,7 +709,7 @@ public final class RouterConfig { */ public void configureRejectPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Reject every other thing pwConfig.println("-A FORWARD -j REJECT"); pwConfig.println("-A INPUT -j REJECT"); @@ -615,9 +728,12 @@ public final class RouterConfig { */ public void configureRouterNATPolicy(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Configure NAT pwConfig.println("-t nat -A POSTROUTING -o eth0 -j MASQUERADE"); + // Add the following 2 lines + pwConfig.println("-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT"); + pwConfig.println("-A FORWARD -i wlan0 -o eth0 -j ACCEPT"); } /** @@ -679,7 +795,7 @@ public final class RouterConfig { */ public void configureHostICMPPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow ICMP pwConfig.println("-A INPUT -j ACCEPT -p icmp"); pwConfig.println("-A OUTPUT -j ACCEPT -p icmp"); @@ -695,7 +811,7 @@ public final class RouterConfig { */ public void configureHostSQLPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow ICMP pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport mysql"); pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport mysql"); @@ -714,7 +830,7 @@ public final class RouterConfig { */ public void configureHostICMPPolicies(String strConfigHost, String strMonitorHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow ICMP pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost + " -d " + strConfigHost + " -p icmp"); @@ -737,7 +853,7 @@ public final class RouterConfig { */ public void configureHostSSHPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow SSH - port 22 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport ssh"); pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport ssh"); @@ -759,7 +875,7 @@ public final class RouterConfig { */ public void configureHostSSHPolicies(String strConfigHost, String strMonitorHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow SSH - port 22 pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh"); @@ -790,7 +906,7 @@ public final class RouterConfig { */ public void configureHostDHCPPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc"); pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc"); @@ -809,7 +925,7 @@ public final class RouterConfig { */ public void configureHostDNSPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow DNS UDP and TCP port 53 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain"); pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");