Skip to content
Snippets Groups Projects
Commit 3a902f45 authored by NGUYEN Do Duc Anh's avatar NGUYEN Do Duc Anh
Browse files

fix bug update inf for ids when firewall added

parent bec910e1
No related branches found
No related tags found
No related merge requests found
......@@ -118,7 +118,12 @@ class FirewallOpportunistic:
if ingress_bridge == if_utils.BR_CENTER_NAME:
if_utils.delete_mangle_mark(if_utils.BR_CENTER_NAME, ens_if, inter_num)
if_utils.add_mangle_mark(if_utils.BR_CENTER_NAME, private_if, inter_num)
# If IDS was not deployed, fw is the closet to br0 so fw update inside inf
if_utils.map_inf_inside[inter_num] = private_if
else:
# If IDS was deployed, fw is next to IDS so fw update map inf for IDS
inter_name_ids, new_bridge_ids, public_if_ids = IdsOpportunistic.map_tap_inf_for_ids[inter_num]
IdsOpportunistic.map_tap_inf_for_ids[inter_num] = (private_if, new_bridge_ids, public_if_ids)
# Start deploying firewall unikernel. Once the unikernel says it is ready, the above listening thread will fire the rule
threading.Thread(target=if_utils.run_firewall_solo5_hvt, args=(private_if, public_if)).start()
......@@ -177,22 +182,21 @@ class IdsOpportunistic:
if_utils.add_mangle_mark(if_utils.BR_CENTER_NAME, private_if, inter_num)
if_utils.map_inf_inside[inter_num] = private_if
IdsOpportunistic.map_tap_inf_for_ids[inter_num] = (inter_name, new_bridge, public_if, private_if)
IdsOpportunistic.map_tap_inf_for_ids[inter_num] = (inter_name, new_bridge, public_if)
if_utils.interface_tap_id += 1
@staticmethod
def process_kill_opportunistic_ids():
for inter_num in if_utils.map_inf_inside.keys():
inter_name, new_bridge, public_if, private_if = IdsOpportunistic.map_tap_inf_for_ids[inter_num]
inter_name, new_bridge, public_if = IdsOpportunistic.map_tap_inf_for_ids[inter_num]
inside_inter_name = if_utils.map_inf_inside[inter_num]
# Double check if IDS deployed correctly to be removed: Checking the interface connect to br0 is private inf of IDS
if inside_inter_name == private_if:
if_utils.delete_interface_from_bridge(new_bridge, public_if)
if_utils.delete_interface_from_bridge(if_utils.BR_CENTER_NAME, private_if)
if_utils.delete_interface_from_bridge(if_utils.BR_CENTER_NAME, inside_inter_name)
if_utils.delete_tuntap_interface(public_if)
if_utils.delete_tuntap_interface(private_if)
if_utils.delete_tuntap_interface(inside_inter_name)
if_utils.delete_bridge(new_bridge)
# Add the interface connecting to public$j before to br0
......@@ -203,7 +207,7 @@ class IdsOpportunistic:
if_utils.map_bridge_outside[inter_num] = if_utils.BR_CENTER_NAME
# Update mark rules for new inf on br0
if_utils.delete_mangle_mark(if_utils.BR_CENTER_NAME, private_if, inter_num)
if_utils.delete_mangle_mark(if_utils.BR_CENTER_NAME, inside_inter_name, inter_num)
if_utils.add_mangle_mark(if_utils.BR_CENTER_NAME, inter_name, inter_num)
if_utils.map_inf_inside[inter_num] = inter_name
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment