-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathparser.go
120 lines (98 loc) · 2.39 KB
/
parser.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package main
import (
"strconv"
"strings"
log "github.com/sirupsen/logrus"
k8sfirewall "github.com/SunSince90/polycube/src/components/k8s/utils/k8sfirewall"
)
func Parse(graph *NFV) map[string]k8sfirewall.Chain {
rulesMap := map[string]k8sfirewall.Chain{}
for _, node := range graph.Graphs[0].Nodes {
if strings.ToLower(node.FunctionalType) == "firewall" {
ip := node.Neighbour[0].Name
if len(node.Configuration.Firewall.Elements) < 1 {
log.Warningln("No firewall configuration for pod with ip", ip)
}
// parse the rules
rules := parseRules(node.Configuration.Firewall.Elements)
chain := k8sfirewall.Chain{
Name: "ingress", //TODO: this has to be defined on the low level configuration
Default_: parseAction(node.Configuration.Firewall.DefaultAction),
Rule: rules,
}
rulesMap[ip] = chain
}
}
return rulesMap
}
func parseRules(elements []Elements) []k8sfirewall.ChainRule {
// allocate statically
rules := make([]k8sfirewall.ChainRule, len(elements))
for i := 0; i < len(elements); i++ {
rules[i] = k8sfirewall.ChainRule{
Id: int32(i),
Src: parseIP(elements[i].Source),
Dst: parseIP(elements[i].Destination),
Sport: parsePort(elements[i].SrcPort),
Dport: parsePort(elements[i].DstPort),
Action: parseAction(elements[i].Action),
Description: "astrid.io/policyname=foo",
}
}
return rules
}
func parseIP(ip string) string {
if ip == "-1.-1.-1.-1" {
return ""
}
cidrSuffix := "/32"
splitIP := strings.Split(ip, ".")
if splitIP[3] == "-1" {
splitIP[3] = "0"
cidrSuffix = "/24"
}
if splitIP[2] == "-1" {
splitIP[2] = "0"
cidrSuffix = "/16"
}
if splitIP[1] == "-1" {
splitIP[1] = "0"
cidrSuffix = "/8"
}
ip = strings.Join(splitIP, ".")
return ip + cidrSuffix
}
func parseAction(action string) string {
if strings.ToLower(action) == "allow" {
return "forward"
}
// For any other
return "drop"
}
func parseProtocol(proto string) string {
switch strings.ToLower(proto) {
case "any":
return ""
case "tcp":
return "tcp"
case "udp":
return "udp"
case "icmp":
return "icmp"
}
// any other value
return ""
}
func parsePort(port string) int32 {
if port == "*" {
return 0
}
// try to cast it
p, err := strconv.ParseInt(port, 10, 32)
if err != nil {
// This should return an error, actually
return 0
}
// cast it again to an int32
return int32(p)
}