2 * Copyright (c) 2016 Ericsson India Global Services Pvt Ltd. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netvirt.aclservice.listeners;
10 import com.google.common.collect.ImmutableSet;
11 import java.math.BigInteger;
12 import java.util.ArrayList;
13 import java.util.Collection;
14 import java.util.Collections;
15 import java.util.HashSet;
16 import java.util.Iterator;
17 import java.util.List;
18 import java.util.Objects;
20 import java.util.SortedSet;
21 import javax.annotation.PreDestroy;
22 import javax.inject.Inject;
23 import javax.inject.Singleton;
24 import org.eclipse.jdt.annotation.NonNull;
25 import org.opendaylight.infrautils.utils.concurrent.Executors;
26 import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener;
27 import org.opendaylight.mdsal.binding.api.DataBroker;
28 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
29 import org.opendaylight.netvirt.aclservice.api.AclInterfaceCache;
30 import org.opendaylight.netvirt.aclservice.api.AclServiceManager;
31 import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
32 import org.opendaylight.netvirt.aclservice.utils.AclClusterUtil;
33 import org.opendaylight.netvirt.aclservice.utils.AclConstants;
34 import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
35 import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
36 import org.opendaylight.serviceutils.srm.RecoverableListener;
37 import org.opendaylight.serviceutils.srm.ServiceRecoveryRegistry;
38 import org.opendaylight.serviceutils.tools.listener.AbstractAsyncDataTreeChangeListener;
39 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.AccessLists;
40 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl;
41 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
42 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
47 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
48 import org.slf4j.Logger;
49 import org.slf4j.LoggerFactory;
52 public class AclEventListener extends AbstractAsyncDataTreeChangeListener<Acl> implements
53 ClusteredDataTreeChangeListener<Acl>, RecoverableListener {
55 private static final Logger LOG = LoggerFactory.getLogger(AclEventListener.class);
57 private final AclServiceManager aclServiceManager;
58 private final AclClusterUtil aclClusterUtil;
59 private final DataBroker dataBroker;
60 private final AclDataUtil aclDataUtil;
61 private final AclServiceUtils aclServiceUtils;
62 private final AclInterfaceCache aclInterfaceCache;
65 public AclEventListener(AclServiceManager aclServiceManager, AclClusterUtil aclClusterUtil, DataBroker dataBroker,
66 AclDataUtil aclDataUtil, AclServiceUtils aclServicUtils, AclInterfaceCache aclInterfaceCache,
67 ServiceRecoveryRegistry serviceRecoveryRegistry) {
68 super(dataBroker, LogicalDatastoreType.CONFIGURATION,
69 InstanceIdentifier.create(AccessLists.class).child(Acl.class),
70 Executors.newListeningSingleThreadExecutor("AclEventListener", LOG));
71 this.aclServiceManager = aclServiceManager;
72 this.aclClusterUtil = aclClusterUtil;
73 this.dataBroker = dataBroker;
74 this.aclDataUtil = aclDataUtil;
75 this.aclServiceUtils = aclServicUtils;
76 this.aclInterfaceCache = aclInterfaceCache;
77 serviceRecoveryRegistry.addRecoverableListener(AclServiceUtils.getRecoverServiceRegistryKey(), this);
81 LOG.info("{} start", getClass().getSimpleName());
85 public void registerListener() {
90 public void deregisterListener() {
95 public void remove(InstanceIdentifier<Acl> key, Acl acl) {
96 LOG.trace("On remove event, remove ACL: {}", acl);
97 String aclName = acl.getAclName();
98 this.aclDataUtil.removeAcl(aclName);
99 Integer aclTag = this.aclDataUtil.getAclTag(aclName);
100 if (aclTag != null) {
101 this.aclDataUtil.removeAclTag(aclName);
104 updateRemoteAclCache(AclServiceUtils.getAceListFromAcl(acl), aclName, AclServiceManager.Action.REMOVE);
105 if (aclClusterUtil.isEntityOwner()) {
106 // Handle Rule deletion If SG Remove event is received before SG Rule delete event
107 List<Ace> aceList = AclServiceUtils.aceList(acl);
108 if (!aceList.isEmpty()) {
109 Collection<AclInterface> aclInterfaces =
110 ImmutableSet.copyOf(aclDataUtil.getInterfaceList(new Uuid(aclName)));
111 updateAceRules(aclInterfaces, aclName, aceList, AclServiceManager.Action.REMOVE);
117 public void update(InstanceIdentifier<Acl> key, Acl aclBefore, Acl aclAfter) {
118 String aclName = aclAfter.getAclName();
119 Collection<AclInterface> interfacesBefore =
120 ImmutableSet.copyOf(aclDataUtil.getInterfaceList(new Uuid(aclName)));
121 // Find and update added ace rules in acl
122 List<Ace> addedAceRules = getChangedAceList(aclAfter, aclBefore);
124 // Find and update deleted ace rules in acl
125 List<Ace> deletedAceRules = getDeletedAceList(aclAfter);
127 if (aclClusterUtil.isEntityOwner()) {
128 LOG.debug("On update event, remove Ace rules: {} for ACL: {}", deletedAceRules, aclName);
129 updateAceRules(interfacesBefore, aclName, deletedAceRules, AclServiceManager.Action.REMOVE);
130 if (!deletedAceRules.isEmpty()) {
131 aclServiceUtils.deleteAcesFromConfigDS(aclName, deletedAceRules);
134 updateAclCaches(aclBefore, aclAfter, interfacesBefore);
136 if (aclClusterUtil.isEntityOwner()) {
137 LOG.debug("On update event, add Ace rules: {} for ACL: {}", addedAceRules, aclName);
138 updateAceRules(interfacesBefore, aclName, addedAceRules, AclServiceManager.Action.ADD);
140 aclServiceManager.notifyAcl(aclBefore, aclAfter, interfacesBefore, AclServiceManager.Action.UPDATE);
144 private void updateAceRules(Collection<AclInterface> interfaceList, String aclName, List<Ace> aceList,
145 AclServiceManager.Action action) {
146 LOG.trace("update ace rules - action: {} , ace rules: {}", action.name(), aceList);
147 for (AclInterface port : interfaceList) {
148 BigInteger dpId = port.getDpId();
149 Long elanId = port.getElanId();
150 if (dpId != null && elanId != null) {
151 for (Ace aceRule : aceList) {
152 aclServiceManager.notifyAce(port, action, aclName, aceRule);
155 LOG.debug("Skip update ACE rules as DP ID or ELAN ID for interface {} is not present. "
156 + "DP Id: {} ELAN ID: {}", port.getInterfaceId(), dpId, elanId);
162 public void add(InstanceIdentifier<Acl> key, Acl acl) {
163 LOG.trace("On add event, add ACL: {}", acl);
164 this.aclDataUtil.addAcl(acl);
166 String aclName = acl.getAclName();
167 Integer aclTag = AclServiceUtils.getAclTag(acl);
168 if (aclTag != null && aclTag != AclConstants.INVALID_ACL_TAG) {
169 this.aclDataUtil.addAclTag(aclName, aclTag);
172 updateRemoteAclCache(AclServiceUtils.getAceListFromAcl(acl), aclName, AclServiceManager.Action.ADD);
176 * Update remote acl cache.
178 * @param aceList the ace list
179 * @param aclName the acl name
180 * @param action the action
182 private void updateRemoteAclCache(@NonNull List<Ace> aceList, String aclName, AclServiceManager.Action action) {
183 for (Ace ace : aceList) {
184 SecurityRuleAttr aceAttributes = ace.augmentation(SecurityRuleAttr.class);
185 if (AclServiceUtils.doesAceHaveRemoteGroupId(aceAttributes)) {
186 if (action == AclServiceManager.Action.ADD) {
187 aclDataUtil.addRemoteAclId(aceAttributes.getRemoteGroupId(), new Uuid(aclName),
188 aceAttributes.getDirection());
190 aclDataUtil.removeRemoteAclId(aceAttributes.getRemoteGroupId(), new Uuid(aclName),
191 aceAttributes.getDirection());
197 private void updateAclCaches(Acl aclBefore, Acl aclAfter, Collection<AclInterface> aclInterfaces) {
198 String aclName = aclAfter.getAclName();
199 Integer aclTag = this.aclDataUtil.getAclTag(aclName);
200 if (aclTag == null) {
201 aclTag = AclServiceUtils.getAclTag(aclAfter);
202 if (aclTag != null && aclTag != AclConstants.INVALID_ACL_TAG) {
203 this.aclDataUtil.addAclTag(aclName, aclTag);
206 this.aclDataUtil.addAcl(aclAfter);
208 updateAclCaches(aclBefore, aclAfter, aclInterfaces, DirectionEgress.class);
209 updateAclCaches(aclBefore, aclAfter, aclInterfaces, DirectionIngress.class);
212 private void updateAclCaches(Acl aclBefore, Acl aclAfter, Collection<AclInterface> aclInterfaces,
213 Class<? extends DirectionBase> direction) {
214 Uuid aclId = new Uuid(aclAfter.getAclName());
215 Set<Uuid> remoteAclsBefore = AclServiceUtils.getRemoteAclIdsByDirection(aclBefore, direction);
216 Set<Uuid> remoteAclsAfter = AclServiceUtils.getRemoteAclIdsByDirection(aclAfter, direction);
218 Set<Uuid> remoteAclsDeleted = new HashSet<>(remoteAclsBefore);
219 remoteAclsDeleted.removeAll(remoteAclsAfter);
220 for (Uuid remoteAcl : remoteAclsDeleted) {
221 aclDataUtil.removeRemoteAclId(remoteAcl, aclId, direction);
224 Set<Uuid> remoteAclsAdded = new HashSet<>(remoteAclsAfter);
225 remoteAclsAdded.removeAll(remoteAclsBefore);
226 for (Uuid remoteAcl : remoteAclsAdded) {
227 aclDataUtil.addRemoteAclId(remoteAcl, aclId, direction);
230 if (remoteAclsDeleted.isEmpty() && remoteAclsAdded.isEmpty()) {
234 for (AclInterface aclInterface : aclInterfaces) {
235 AclInterface aclInterfaceInCache =
236 aclInterfaceCache.addOrUpdate(aclInterface.getInterfaceId(), (prevAclInterface, builder) -> {
237 SortedSet<Integer> remoteAclTags =
238 aclServiceUtils.getRemoteAclTags(aclInterface.getSecurityGroups(), direction);
239 if (DirectionEgress.class.equals(direction)) {
240 builder.egressRemoteAclTags(remoteAclTags);
242 builder.ingressRemoteAclTags(remoteAclTags);
246 aclDataUtil.addOrUpdateAclInterfaceMap(aclInterface.getSecurityGroups(), aclInterfaceInCache);
250 private static @NonNull List<Ace> getChangedAceList(Acl updatedAcl, Acl currentAcl) {
251 if (updatedAcl == null) {
252 return Collections.emptyList();
254 List<Ace> updatedAceList = AclServiceUtils.aceList(updatedAcl);
255 if (currentAcl == null) {
256 return updatedAceList;
259 List<Ace> currentAceList = AclServiceUtils.aceList(currentAcl);
260 updatedAceList = new ArrayList<>(updatedAceList);
261 for (Iterator<Ace> iterator = updatedAceList.iterator(); iterator.hasNext();) {
262 Ace ace1 = iterator.next();
263 for (Ace ace2 : currentAceList) {
264 if (Objects.equals(ace1.getRuleName(), ace2.getRuleName())) {
269 return updatedAceList;
272 private List<Ace> getDeletedAceList(Acl acl) {
273 if (acl == null || acl.getAccessListEntries() == null || acl.getAccessListEntries().getAce() == null) {
274 return Collections.emptyList();
276 List<Ace> aceList = acl.getAccessListEntries().getAce();
277 List<Ace> deletedAceList = new ArrayList<>();
278 for (Ace ace: aceList) {
279 if (ace.augmentation(SecurityRuleAttr.class).isDeleted()) {
280 deletedAceList.add(ace);
283 return deletedAceList;
288 public void close() {
290 Executors.shutdownAndAwaitTermination(getExecutorService());