From 7cab636b00bf5afcc441c9e4bdd4d6f4f0e2cf95 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Thu, 30 Nov 2017 15:38:18 -0800 Subject: [PATCH] Adjustments to firewall rules generation/initializations for running multiple benchmarks --- .../HomeSecurityController.java | 7 +- .../master/CRuntimeInstrumenterMaster.java | 8 +- .../master/CommunicationHandler.java | 45 +++++- iotjava/iotruntime/master/IoTMaster.java | 38 +++-- .../iotruntime/master/ObjectInitHandler.java | 17 ++ iotjava/iotruntime/master/RouterConfig.java | 152 +++++++++++++++--- localconfig/mysql/cameras.config | 2 + 7 files changed, 222 insertions(+), 47 deletions(-) diff --git a/benchmarks/Java/HomeSecurityController/HomeSecurityController.java b/benchmarks/Java/HomeSecurityController/HomeSecurityController.java index 09c0527..b6a398a 100644 --- a/benchmarks/Java/HomeSecurityController/HomeSecurityController.java +++ b/benchmarks/Java/HomeSecurityController/HomeSecurityController.java @@ -624,8 +624,11 @@ public class HomeSecurityController implements SmartthingsSensorCallback, Smartt */ public void init() { + System.out.println("DEBUG: Stopping here for debug purposes!"); + while(true) { } + // Initialize IoTCloud server - initIoTCloudServer(); + /*initIoTCloudServer(); // Iterate over the set of rooms for (RoomSmart rm : roomSet.values()) { @@ -670,7 +673,7 @@ public class HomeSecurityController implements SmartthingsSensorCallback, Smartt } } - } + }*/ } } diff --git a/iotjava/iotruntime/master/CRuntimeInstrumenterMaster.java b/iotjava/iotruntime/master/CRuntimeInstrumenterMaster.java index 2662fc1..16052ad 100644 --- a/iotjava/iotruntime/master/CRuntimeInstrumenterMaster.java +++ b/iotjava/iotruntime/master/CRuntimeInstrumenterMaster.java @@ -65,13 +65,13 @@ public final class CRuntimeInstrumenterMaster { prop.load(fis); fis.close(); } catch (IOException ex) { - System.out.println("CRuntimeInstrumenterMaster: Error reading config file: " + strCfgFileName + - ". Please make sure it contains field information!"); + RuntimeOutput.print("CRuntimeInstrumenterMaster: Error reading config file: " + strCfgFileName + + ". Please make sure it contains field information!", bVerbose); ex.printStackTrace(); } - System.out.println("CRuntimeInstrumenterMaster: Reading " + strCfgField + + RuntimeOutput.print("CRuntimeInstrumenterMaster: Reading " + strCfgField + " from config file: " + strCfgFileName + " with value: " + - prop.getProperty(strCfgField, null)); + prop.getProperty(strCfgField, null), bVerbose); // NULL is returned if the property isn't found return prop.getProperty(strCfgField, null); } diff --git a/iotjava/iotruntime/master/CommunicationHandler.java b/iotjava/iotruntime/master/CommunicationHandler.java index 15db690..fd43408 100644 --- a/iotjava/iotruntime/master/CommunicationHandler.java +++ b/iotjava/iotruntime/master/CommunicationHandler.java @@ -67,6 +67,7 @@ public final class CommunicationHandler { private Map hmRMIRegPort; private Map hmRMIStubPort; private Set hsDevicePort; + private Set hsAllPorts; private Map hmAdditionalPort; private int iNumOfObjects; private int iNumOfHosts; @@ -96,12 +97,40 @@ public final class CommunicationHandler { hmRMIRegPort = new HashMap(); hmRMIStubPort = new HashMap(); hsDevicePort = new HashSet(); + hsAllPorts = new HashSet(); hmAdditionalPort = new HashMap(); iNumOfObjects = 0; iNumOfHosts = 0; bVerbose = _bVerbose; RuntimeOutput.print("CommunicationHandler: Creating a new CommunicationHandler object!", bVerbose); } + + /** + * Method clearCommunicationHandler() + *

+ * Clear the data structure + * + * @return void + */ + public void clearCommunicationHandler() { + + listActiveControllerObj.clear(); + listFieldObjectID.clear(); + listObjCrtInfo.clear(); + listArrFieldValues.clear(); + listArrFieldClasses.clear(); + hmActiveObj.clear(); + hmHostAdd.clear(); + hmHostList.clear(); + hmComPort.clear(); + hmRMIRegPort.clear(); + hmRMIStubPort.clear(); + hsDevicePort.clear(); + hmAdditionalPort.clear(); + iNumOfObjects = 0; + iNumOfHosts = 0; + RuntimeOutput.print("CommunicationHandler: Clearing CommunicationHandler object's data structure!", bVerbose); + } /** * Method addPortConnection() @@ -139,6 +168,8 @@ public final class CommunicationHandler { // Check port existence in HashMap } while (portIsAvailable(iComPort) == false); hmComPort.put(iNumOfObjects, iComPort); + // hsAllPorts tracks all the existing and used port numbers + hsAllPorts.add(iComPort); int iRMIRegPort = 0; do { @@ -146,6 +177,7 @@ public final class CommunicationHandler { // Check port existence in HashMap } while (portIsAvailable(iRMIRegPort) == false); hmRMIRegPort.put(iNumOfObjects, iRMIRegPort); + hsAllPorts.add(iRMIRegPort); int iRMIStubPort = 0; do { @@ -153,6 +185,7 @@ public final class CommunicationHandler { // Check port existence in HashMap } while (portIsAvailable(iRMIStubPort) == false); hmRMIStubPort.put(iNumOfObjects, iRMIStubPort); + hsAllPorts.add(iRMIStubPort); iNumOfObjects++; } @@ -194,7 +227,8 @@ public final class CommunicationHandler { public void addDevicePort(int iDevPort) { hsDevicePort.add(iDevPort); - + // Track this port number + hsAllPorts.add(iDevPort); } /** @@ -215,6 +249,8 @@ public final class CommunicationHandler { // Check port existence in HashMap } while (portIsAvailable(iAdditionalPort) == false); hmAdditionalPort.put(iNumOfObjects, iAdditionalPort); + // Track this port number + hsAllPorts.add(iAdditionalPort); iNumOfObjects++; @@ -233,7 +269,7 @@ public final class CommunicationHandler { */ public boolean portIsAvailable(int iPortNumber) { - if (hmComPort.containsValue(iPortNumber) == true) { + /*if (hmComPort.containsValue(iPortNumber) == true) { return false; } else if (hmRMIRegPort.containsValue(iPortNumber) == true) { return false; @@ -245,6 +281,11 @@ public final class CommunicationHandler { return false; } else { return true; + }*/ + if (hsAllPorts.contains(iPortNumber)) { + return false; + } else { + return true; } } diff --git a/iotjava/iotruntime/master/IoTMaster.java b/iotjava/iotruntime/master/IoTMaster.java index 3ce672d..2d5b44f 100644 --- a/iotjava/iotruntime/master/IoTMaster.java +++ b/iotjava/iotruntime/master/IoTMaster.java @@ -1377,6 +1377,8 @@ public final class IoTMaster { private void setRouterBasicPolicies(String strRouter) { String strMonitorHost = routerConfig.getIPFromMACAddress(STR_MONITORING_HOST); + routerConfig.initMainPolicy(strRouter); + routerConfig.combineRouterPolicies(strRouter); routerConfig.configureRouterICMPPolicies(strRouter, strMonitorHost); routerConfig.configureRouterDHCPPolicies(strRouter); routerConfig.configureRouterDNSPolicies(strRouter); @@ -1393,6 +1395,8 @@ public final class IoTMaster { private void setHostBasicPolicies(String strHost) { String strMonitorHost = routerConfig.getIPFromMACAddress(STR_MONITORING_HOST); + routerConfig.initMainPolicy(strHost); + routerConfig.combineRouterPolicies(strHost); routerConfig.configureHostDHCPPolicies(strHost); routerConfig.configureHostDNSPolicies(strHost); if (strHost.equals(strMonitorHost)) { @@ -1990,13 +1994,14 @@ public final class IoTMaster { try { // Extract hostname for this IoTMaster from MySQL DB strIoTMasterHostAdd = routerConfig.getIPFromMACAddress(STR_MASTER_MAC_ADD); + // Assign a new list of PrintWriter objects + routerConfig.renewPrintWriter(); // Loop as we can still find controller/device classes for(int i=0; i setAddresses = new HashSet(commHan.getHosts()); setAddresses.add(strIoTMasterHostAdd); @@ -2204,11 +2210,15 @@ public final class IoTMaster { inStream.close(); socket.close(); serverSocket.close(); + objInitHand.clearObjectInitHandler(); commHan.printLists(); + commHan.clearCommunicationHandler(); lbIoT.printHostInfo(); if (STR_ACTIVATE_SANDBOXING.equals("Yes")) createMACPolicyThreads(setAddresses); } + // Close access to policy files and deploy policies + routerConfig.close(); } catch (IOException | InterruptedException | diff --git a/iotjava/iotruntime/master/ObjectInitHandler.java b/iotjava/iotruntime/master/ObjectInitHandler.java index 27366b6..94a9825 100644 --- a/iotjava/iotruntime/master/ObjectInitHandler.java +++ b/iotjava/iotruntime/master/ObjectInitHandler.java @@ -75,6 +75,23 @@ public final class ObjectInitHandler { bVerbose = _bVerbose; RuntimeOutput.print("ObjectInitHandler: Creating a new ObjectInitHandler object!", bVerbose); } + + /** + * Method clearObjectInitHandler() + *

+ * Clear the data structure + * + * @return void + */ + public void clearObjectInitHandler() { + + listField.clear(); + listFieldToSetRelation.clear(); + listFieldToObject.clear(); + mapFieldToSecondObject.clear(); + iNumOfFields = 0; + RuntimeOutput.print("ObjectInitHandler: Clearing ObjectInitHandler object's data structure!", bVerbose); + } /** * Method addField() diff --git a/iotjava/iotruntime/master/RouterConfig.java b/iotjava/iotruntime/master/RouterConfig.java index 760f3d2..e6e0413 100644 --- a/iotjava/iotruntime/master/RouterConfig.java +++ b/iotjava/iotruntime/master/RouterConfig.java @@ -7,6 +7,9 @@ import java.io.BufferedWriter; import java.io.FileWriter; import java.io.PrintWriter; import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.nio.charset.StandardCharsets; import java.util.HashMap; import java.util.Map; @@ -19,6 +22,12 @@ import java.util.Map; * that doesn't require "iptables" command to be invoked many * times - each invocation of "iptables" will load the existing * table from the kernel space before appending the new rule. + *

+ * We write the core policy repeatedly for each benchmark, while + * the header "*filter" and tail (a bunch of closing rules and + * REJECT rules) are written into a different file. + * They are merged and deployed for every benchmark bootstrapped + * in the main loop. * * @author Rahmadi Trimananda * @version 2.0 @@ -31,12 +40,14 @@ public final class RouterConfig { */ private static final String STR_SSH_USERNAME_ROUTER = "root"; private static final String STR_SSH_USERNAME_HOST = "iotuser"; + private static final String STR_POLICY_FILE_ALL = "_all"; private static final String STR_POLICY_FILE_EXT = ".policy"; /** * RouterConfig properties */ private Map mapHostToFile; + private Map mapHostToMainFile; private Map mapMACtoIPAdd; /** @@ -57,11 +68,59 @@ public final class RouterConfig { mapHostToFile = new HashMap(); } + + /** + * renewMainPrintWriter() renews the mapHostToMainFile object that lists all main PrintWriters + * + * @return void + */ + public void renewMainPrintWriter() { + + mapHostToMainFile = new HashMap(); + } + + /** + * initMainPolicy() initializes the main PrintWriter object to print the entire policies + * + * @param strConfigHost String hostname to be configured + * @return void + */ + public void initMainPolicy(String strConfigHost) { + + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); + pwConfig.println("*filter"); // Print header for iptables-restore + } + + /** + * getMainPrintWriter() gets the main PrintWriter object to print the entire policies + * + * @param strHost String hostname to be configured + * @return PrintWriter + */ + private PrintWriter getMainPrintWriter(String strHost) { + + String strConfigHost = strHost + STR_POLICY_FILE_ALL; + // Return object if existing + if (mapHostToMainFile.containsKey(strConfigHost)) { + return mapHostToMainFile.get(strConfigHost); + } else { + // Simply create a new one if it doesn't exist + FileWriter fw = null; + try { + fw = new FileWriter(strConfigHost + STR_POLICY_FILE_EXT); + } catch (IOException ex) { + ex.printStackTrace(); + } + PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw)); + mapHostToMainFile.put(strConfigHost, pwConfig); + return pwConfig; + } + } /** * getPrintWriter() gets the right PrintWriter object to print policies to the right file * - * @param strConfigHost String hostname to be configured + * @param strConfigHost String hostname to be configured * @return PrintWriter */ private PrintWriter getPrintWriter(String strConfigHost) { @@ -78,12 +137,56 @@ public final class RouterConfig { ex.printStackTrace(); } PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw)); - pwConfig.println("*filter"); // Print header for iptables-restore + //pwConfig.println("*filter"); // Print header for iptables-restore mapHostToFile.put(strConfigHost, pwConfig); return pwConfig; } } + /** + * readFile() read the entire file and return a string + * + * @return String String that contains the content of the file + */ + public String readFile(String filePath) { + + String retStr = null; + try { + retStr = new String(Files.readAllBytes(Paths.get(filePath)), StandardCharsets.UTF_8); + } catch (IOException ex) { + ex.printStackTrace(); + } + return retStr; + } + + /** + * combineRouterPolicies() method combines the core router policies into the main file + * + * @param strConfigHost String hostname to be configured + * @return void + */ + public void combineRouterPolicies(String strConfigHost) { + + PrintWriter pwConfigAll = getMainPrintWriter(strConfigHost); + PrintWriter pwConfig = getPrintWriter(strConfigHost); + pwConfig.flush(); + String strPolicyList = readFile(strConfigHost + STR_POLICY_FILE_EXT); + pwConfigAll.print(strPolicyList); + } + + /** + * closeMain() closes all main PrintWriter objects + * + * @return void + */ + public void closeMain() { + + for(PrintWriter pwConfig: mapHostToMainFile.values()) { + pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore + pwConfig.close(); + } + } + /** * close() closes all PrintWriter objects * @@ -92,7 +195,6 @@ public final class RouterConfig { public void close() { for(PrintWriter pwConfig: mapHostToFile.values()) { - pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore pwConfig.close(); } } @@ -105,13 +207,13 @@ public final class RouterConfig { */ public void sendRouterPolicies(String strConfigHost) { - String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " + + String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " + STR_SSH_USERNAME_ROUTER + "@" + strConfigHost + ":~;"; //System.out.println(strCmdSend); deployPolicies(strCmdSend); String strCmdDeploy = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strConfigHost + - " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost + - STR_POLICY_FILE_EXT + "; ";// + + " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost + + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; ";// + // TODO: delete these later when we apply tight initial conditions (reject everything but SSH commands) //"iptables -F startup_filter_tcp; iptables -F startup_filter_udp; " + //"iptables -t filter -D FORWARD -j startup_filter_tcp; iptables -t filter -D FORWARD -j startup_filter_udp;"; @@ -127,14 +229,14 @@ public final class RouterConfig { */ public void sendHostPolicies(String strConfigHost) { - String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " + + String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " + STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;"; - //System.out.println(strCmdSend); + System.out.println(strCmdSend); deployPolicies(strCmdSend); String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost + - " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost + - STR_POLICY_FILE_EXT + ";"; - //System.out.println(strCmdDeploy); + " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost + + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + ";"; + System.out.println(strCmdDeploy); deployPolicies(strCmdDeploy); } @@ -482,7 +584,7 @@ public final class RouterConfig { */ public void configureRouterICMPPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow ICMP pwConfig.println("-A FORWARD -j ACCEPT -p icmp"); pwConfig.println("-A INPUT -j ACCEPT -p icmp"); @@ -502,7 +604,7 @@ public final class RouterConfig { */ public void configureRouterICMPPolicies(String strConfigHost, String strMonitorHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow ICMP pwConfig.println("-A FORWARD -j ACCEPT -p icmp"); pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost + @@ -528,7 +630,7 @@ public final class RouterConfig { */ public void configureRouterSSHPolicies(String strConfigHost, String strMonitorHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow SSH - port 22 (only from monitor host) pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh"); @@ -563,7 +665,7 @@ public final class RouterConfig { */ public void configureRouterDHCPPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc"); pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc"); @@ -583,7 +685,7 @@ public final class RouterConfig { */ public void configureRouterDNSPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow DNS UDP and TCP port 53 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain"); pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain"); @@ -607,7 +709,7 @@ public final class RouterConfig { */ public void configureRejectPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Reject every other thing pwConfig.println("-A FORWARD -j REJECT"); pwConfig.println("-A INPUT -j REJECT"); @@ -626,7 +728,7 @@ public final class RouterConfig { */ public void configureRouterNATPolicy(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Configure NAT pwConfig.println("-t nat -A POSTROUTING -o eth0 -j MASQUERADE"); // Add the following 2 lines @@ -693,7 +795,7 @@ public final class RouterConfig { */ public void configureHostICMPPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow ICMP pwConfig.println("-A INPUT -j ACCEPT -p icmp"); pwConfig.println("-A OUTPUT -j ACCEPT -p icmp"); @@ -709,7 +811,7 @@ public final class RouterConfig { */ public void configureHostSQLPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow ICMP pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport mysql"); pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport mysql"); @@ -728,7 +830,7 @@ public final class RouterConfig { */ public void configureHostICMPPolicies(String strConfigHost, String strMonitorHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow ICMP pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost + " -d " + strConfigHost + " -p icmp"); @@ -751,7 +853,7 @@ public final class RouterConfig { */ public void configureHostSSHPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow SSH - port 22 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport ssh"); pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport ssh"); @@ -773,7 +875,7 @@ public final class RouterConfig { */ public void configureHostSSHPolicies(String strConfigHost, String strMonitorHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow SSH - port 22 pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh"); @@ -804,7 +906,7 @@ public final class RouterConfig { */ public void configureHostDHCPPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc"); pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc"); @@ -823,7 +925,7 @@ public final class RouterConfig { */ public void configureHostDNSPolicies(String strConfigHost) { - PrintWriter pwConfig = getPrintWriter(strConfigHost); + PrintWriter pwConfig = getMainPrintWriter(strConfigHost); // Allow DNS UDP and TCP port 53 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain"); pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain"); diff --git a/localconfig/mysql/cameras.config b/localconfig/mysql/cameras.config index 083ca82..0a35a61 100644 --- a/localconfig/mysql/cameras.config +++ b/localconfig/mysql/cameras.config @@ -1,3 +1,5 @@ SELECT * FROM CameraSmart +WHERE +ID='CM3' OR ID='CM4' ; -- 2.34.1