diff --git a/src/main/java/net/floodlightcontroller/firewall/Firewall.java b/src/main/java/net/floodlightcontroller/firewall/Firewall.java index bdb5becf657a9cbcd030070c1952a0fc05c8f67b..d6225b23ca495a30aea330435d7356945815490b 100644 --- a/src/main/java/net/floodlightcontroller/firewall/Firewall.java +++ b/src/main/java/net/floodlightcontroller/firewall/Firewall.java @@ -263,25 +263,18 @@ public class Firewall implements IFirewallService, IOFMessageListener, IFloodlig } @Override - public void enableFirewall() { - // check if the firewall module is not listening for events, if not, then start listening (enable it) + public void enableFirewall(boolean enabled) { + logger.info("Setting firewall to {}", enabled); + this.enabled = enabled; + // add/remove ourself as a packetin listener List<IOFMessageListener> listeners = floodlightProvider.getListeners().get(OFType.PACKET_IN); if ((listeners != null) && (!listeners.contains(this))) { - // enable firewall, i.e. listen for packet-in events - floodlightProvider.addOFMessageListener(OFType.PACKET_IN, this); - } - this.enabled = true; - } - - @Override - public void disableFirewall() { - // check if the firewall module is listening for events, if yes, then remove it from listeners (disable it) - List<IOFMessageListener> listeners = floodlightProvider.getListeners().get(OFType.PACKET_IN); - if ((listeners != null) && (listeners.contains(this))) { - // disable firewall, i.e. stop listening for packet-in events - floodlightProvider.removeOFMessageListener(OFType.PACKET_IN, this); + if (enabled) { + floodlightProvider.addOFMessageListener(OFType.PACKET_IN, this); + } else { + floodlightProvider.removeOFMessageListener(OFType.PACKET_IN, this); + } } - this.enabled = false; } @Override diff --git a/src/main/java/net/floodlightcontroller/firewall/FirewallResource.java b/src/main/java/net/floodlightcontroller/firewall/FirewallResource.java index e269414e6c08fad33304549ff605df791c9f5316..5ef403fd432c9a089a189cc15f60b43111de7015 100644 --- a/src/main/java/net/floodlightcontroller/firewall/FirewallResource.java +++ b/src/main/java/net/floodlightcontroller/firewall/FirewallResource.java @@ -23,10 +23,10 @@ public class FirewallResource extends ServerResource { get(IFirewallService.class.getCanonicalName()); if (op.equalsIgnoreCase("enable")) { - firewall.enableFirewall(); + firewall.enableFirewall(true); return "{\"status\" : \"success\", \"details\" : \"firewall running\"}"; } else if (op.equalsIgnoreCase("disable")) { - firewall.disableFirewall(); + firewall.enableFirewall(false); return "{\"status\" : \"success\", \"details\" : \"firewall stopped\"}"; } else if (op.equalsIgnoreCase("storageRules")) { return firewall.getStorageRules(); diff --git a/src/main/java/net/floodlightcontroller/firewall/IFirewallService.java b/src/main/java/net/floodlightcontroller/firewall/IFirewallService.java index aa846c9a6d9ecabab9c3f51c5fbcce37838df55f..a70381505bfb144f8aa3001062fe2debb11c4059 100644 --- a/src/main/java/net/floodlightcontroller/firewall/IFirewallService.java +++ b/src/main/java/net/floodlightcontroller/firewall/IFirewallService.java @@ -8,14 +8,10 @@ import net.floodlightcontroller.core.module.IFloodlightService; public interface IFirewallService extends IFloodlightService { /** - * Enables the Firewall module + * Enables/disables the firewall. + * @param enable Whether to enable or disable the firewall. */ - public void enableFirewall(); - - /** - * Disables the Firewall module - */ - public void disableFirewall(); + public void enableFirewall(boolean enable); /** * Returns all of the firewall rules diff --git a/src/test/java/net/floodlightcontroller/firewall/FirewallTest.java b/src/test/java/net/floodlightcontroller/firewall/FirewallTest.java index 43cf08f0f79ee982b80008a75a59336b05e60085..1944eb1265970e8763772cd934f62921e9bd2e42 100644 --- a/src/test/java/net/floodlightcontroller/firewall/FirewallTest.java +++ b/src/test/java/net/floodlightcontroller/firewall/FirewallTest.java @@ -209,7 +209,7 @@ public class FirewallTest extends FloodlightTestCase { @Test public void testNoRules() throws Exception { // enable firewall first - firewall.enableFirewall(); + firewall.enableFirewall(true); // simulate a packet-in event this.setPacketIn(tcpPacket); firewall.receive(sw, this.packetIn, cntx); @@ -322,7 +322,7 @@ public class FirewallTest extends FloodlightTestCase { @Test public void testSimpleAllowRule() throws Exception { // enable firewall first - firewall.enableFirewall(); + firewall.enableFirewall(true); // add TCP rule FirewallRule rule = new FirewallRule(); @@ -360,7 +360,7 @@ public class FirewallTest extends FloodlightTestCase { @Test public void testOverlappingRules() throws Exception { - firewall.enableFirewall(); + firewall.enableFirewall(true); // add TCP port 80 (destination only) allow rule FirewallRule rule = new FirewallRule(); @@ -403,7 +403,7 @@ public class FirewallTest extends FloodlightTestCase { @Test public void testARP() throws Exception { // enable firewall first - firewall.enableFirewall(); + firewall.enableFirewall(true); // no rules inserted so all traffic other than broadcast and ARP-request-broadcast should be blocked @@ -434,7 +434,7 @@ public class FirewallTest extends FloodlightTestCase { @Test public void testIPBroadcast() throws Exception { // enable firewall first - firewall.enableFirewall(); + firewall.enableFirewall(true); // set subnet mask for IP broadcast firewall.setSubnetMask("255.255.255.0"); @@ -455,7 +455,7 @@ public class FirewallTest extends FloodlightTestCase { @Test public void testMalformedIPBroadcast() throws Exception { // enable firewall first - firewall.enableFirewall(); + firewall.enableFirewall(true); // no rules inserted so all traffic other than broadcast and ARP-request-broadcast should be blocked @@ -473,7 +473,7 @@ public class FirewallTest extends FloodlightTestCase { @Test public void testLayer2Rule() throws Exception { // enable firewall first - firewall.enableFirewall(); + firewall.enableFirewall(true); // add L2 rule FirewallRule rule = new FirewallRule();