2 * Copyright (c) 2016 Ericsson India Global Services Pvt Ltd. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netvirt.aclservice.listeners;
10 import java.util.ArrayList;
11 import java.util.HashSet;
12 import java.util.List;
13 import javax.annotation.PostConstruct;
14 import javax.inject.Inject;
15 import javax.inject.Singleton;
16 import org.opendaylight.controller.md.sal.binding.api.ClusteredDataTreeChangeListener;
17 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
18 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
19 import org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase;
20 import org.opendaylight.genius.mdsalutil.NwConstants;
21 import org.opendaylight.netvirt.aclservice.api.AclInterfaceCache;
22 import org.opendaylight.netvirt.aclservice.api.AclServiceManager;
23 import org.opendaylight.netvirt.aclservice.api.AclServiceManager.Action;
24 import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
25 import org.opendaylight.netvirt.aclservice.utils.AclClusterUtil;
26 import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
27 import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
28 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
29 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
30 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rev160406.ParentRefs;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl;
35 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
40 public class AclInterfaceListener extends AsyncDataTreeChangeListenerBase<Interface, AclInterfaceListener>
41 implements ClusteredDataTreeChangeListener<Interface> {
42 private static final Logger LOG = LoggerFactory.getLogger(AclInterfaceListener.class);
44 private final AclServiceManager aclServiceManager;
45 private final AclClusterUtil aclClusterUtil;
46 private final DataBroker dataBroker;
47 private final AclDataUtil aclDataUtil;
48 private final AclInterfaceCache aclInterfaceCache;
49 private final AclServiceUtils aclServiceUtils;
52 public AclInterfaceListener(AclServiceManager aclServiceManager, AclClusterUtil aclClusterUtil,
53 DataBroker dataBroker, AclDataUtil aclDataUtil, AclInterfaceCache aclInterfaceCache,
54 AclServiceUtils aclServicUtils) {
55 super(Interface.class, AclInterfaceListener.class);
56 this.aclServiceManager = aclServiceManager;
57 this.aclClusterUtil = aclClusterUtil;
58 this.dataBroker = dataBroker;
59 this.aclDataUtil = aclDataUtil;
60 this.aclInterfaceCache = aclInterfaceCache;
61 this.aclServiceUtils = aclServicUtils;
67 LOG.info("{} start", getClass().getSimpleName());
68 registerListener(LogicalDatastoreType.CONFIGURATION, dataBroker);
72 protected InstanceIdentifier<Interface> getWildCardPath() {
73 return InstanceIdentifier
74 .create(Interfaces.class)
75 .child(Interface.class);
79 protected void remove(InstanceIdentifier<Interface> key, Interface port) {
80 LOG.trace("Received AclInterface remove event, port={}", port);
81 String interfaceId = port.getName();
82 AclInterface aclInterface = aclInterfaceCache.remove(interfaceId);
83 if (AclServiceUtils.isOfInterest(aclInterface)) {
84 if (aclClusterUtil.isEntityOwner()) {
85 LOG.debug("On remove event, notify ACL service manager to unbind ACL from interface: {}", port);
86 aclServiceManager.notify(aclInterface, null, Action.UNBIND);
87 AclServiceUtils.deleteSubnetIpPrefixes(dataBroker, interfaceId);
93 protected void update(InstanceIdentifier<Interface> key, Interface portBefore, Interface portAfter) {
94 if (portBefore.getAugmentation(ParentRefs.class) == null
95 && portAfter.getAugmentation(ParentRefs.class) != null) {
96 LOG.trace("Ignoring event for update in ParentRefs for {} ", portAfter.getName());
99 LOG.trace("Received AclInterface update event, portBefore={}, portAfter={}", portBefore, portAfter);
100 InterfaceAcl aclInPortAfter = portAfter.getAugmentation(InterfaceAcl.class);
101 InterfaceAcl aclInPortBefore = portBefore.getAugmentation(InterfaceAcl.class);
103 String interfaceId = portAfter.getName();
104 org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state
105 .Interface interfaceState = AclServiceUtils.getInterfaceStateFromOperDS(dataBroker, interfaceId);
107 AclInterface aclInterfaceBefore = aclInterfaceCache.get(interfaceId);
108 if (aclInterfaceBefore == null || isPortSecurityEnabledNow(aclInPortBefore, aclInPortAfter)) {
109 // Updating cache now as it might have not updated when
110 // port-security-enable=false
111 aclInterfaceBefore = addOrUpdateAclInterfaceCache(interfaceId, aclInPortBefore, true, interfaceState);
113 if (aclInPortAfter != null && aclInPortAfter.isPortSecurityEnabled()
114 || aclInPortBefore != null && aclInPortBefore.isPortSecurityEnabled()) {
115 boolean isSgChanged =
116 isSecurityGroupsChanged(aclInPortBefore.getSecurityGroups(), aclInPortAfter.getSecurityGroups());
117 AclInterface aclInterfaceAfter =
118 addOrUpdateAclInterfaceCache(interfaceId, aclInPortAfter, isSgChanged, interfaceState);
120 if (aclClusterUtil.isEntityOwner()) {
121 // Handle bind/unbind service irrespective of interface state (up/down)
122 boolean isPortSecurityEnable = aclInterfaceAfter.isPortSecurityEnabled();
123 boolean isPortSecurityEnableBefore = aclInterfaceBefore.isPortSecurityEnabled();
124 // if port security enable is changed, bind/unbind ACL service
125 if (isPortSecurityEnableBefore != isPortSecurityEnable) {
126 LOG.debug("Notify bind/unbind ACL service for interface={}, isPortSecurityEnable={}", interfaceId,
127 isPortSecurityEnable);
128 if (isPortSecurityEnable) {
129 aclServiceManager.notify(aclInterfaceAfter, null, Action.BIND);
131 aclServiceManager.notify(aclInterfaceAfter, null, Action.UNBIND);
134 if (interfaceState != null && interfaceState.getOperStatus().equals(
135 org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces
136 .state.Interface.OperStatus.Up)) {
137 LOG.debug("On update event, notify ACL service manager to update ACL for interface: {}",
139 // handle add for AclPortsLookup before processing update
140 AclServiceUtils.updateAclPortsLookupForInterfaceUpdate(aclInterfaceBefore, aclInterfaceAfter,
141 dataBroker, NwConstants.ADD_FLOW);
143 aclServiceManager.notify(aclInterfaceAfter, aclInterfaceBefore, AclServiceManager.Action.UPDATE);
144 // handle delete for AclPortsLookup after processing update
145 AclServiceUtils.updateAclPortsLookupForInterfaceUpdate(aclInterfaceBefore, aclInterfaceAfter,
146 dataBroker, NwConstants.DEL_FLOW);
149 updateCacheWithAclChange(aclInterfaceBefore, aclInterfaceAfter);
153 private void updateCacheWithAclChange(AclInterface aclInterfaceBefore, AclInterface aclInterfaceAfter) {
154 List<Uuid> addedAcls = AclServiceUtils.getUpdatedAclList(aclInterfaceAfter.getSecurityGroups(),
155 aclInterfaceBefore.getSecurityGroups());
156 List<Uuid> deletedAcls = AclServiceUtils.getUpdatedAclList(aclInterfaceBefore.getSecurityGroups(),
157 aclInterfaceAfter.getSecurityGroups());
158 if (deletedAcls != null && !deletedAcls.isEmpty()) {
159 aclDataUtil.removeAclInterfaceMap(deletedAcls, aclInterfaceAfter);
161 if (addedAcls != null && !addedAcls.isEmpty()) {
162 aclDataUtil.addOrUpdateAclInterfaceMap(addedAcls, aclInterfaceAfter);
166 private boolean isPortSecurityEnabledNow(InterfaceAcl aclInPortBefore, InterfaceAcl aclInPortAfter) {
167 return aclInPortBefore != null && !aclInPortBefore.isPortSecurityEnabled() && aclInPortAfter != null
168 && aclInPortAfter.isPortSecurityEnabled();
171 private boolean isSecurityGroupsChanged(List<Uuid> sgsBefore, List<Uuid> sgsAfter) {
172 if (sgsBefore == null && sgsAfter == null) {
175 if ((sgsBefore == null && sgsAfter != null) || (sgsBefore != null && sgsAfter == null)) {
178 if (sgsBefore != null && sgsAfter != null) {
179 return !(new HashSet<>(sgsBefore)).equals(new HashSet<>(sgsAfter));
184 private AclInterface addOrUpdateAclInterfaceCache(String interfaceId, InterfaceAcl aclInPort) {
185 return addOrUpdateAclInterfaceCache(interfaceId, aclInPort, true, null);
188 private AclInterface addOrUpdateAclInterfaceCache(String interfaceId, InterfaceAcl aclInPort, boolean isSgChanged,
189 org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state
190 .Interface interfaceState) {
191 AclInterface aclInterface = aclInterfaceCache.addOrUpdate(interfaceId, (prevAclInterface, builder) -> {
192 List<Uuid> sgs = new ArrayList<>();
193 if (aclInPort != null) {
194 sgs = aclInPort.getSecurityGroups();
195 builder.portSecurityEnabled(aclInPort.isPortSecurityEnabled()).securityGroups(sgs)
196 .allowedAddressPairs(aclInPort.getAllowedAddressPairs());
199 if ((prevAclInterface == null || prevAclInterface.getLPortTag() == null) && interfaceState != null) {
200 builder.dpId(AclServiceUtils.getDpIdFromIterfaceState(interfaceState))
201 .lPortTag(interfaceState.getIfIndex()).isMarkedForDelete(false);
204 if (prevAclInterface == null) {
205 builder.subnetIpPrefixes(AclServiceUtils.getSubnetIpPrefixes(dataBroker, interfaceId));
207 if (prevAclInterface == null || prevAclInterface.getElanId() == null) {
208 builder.elanId(AclServiceUtils.getElanIdFromInterface(interfaceId, dataBroker));
210 if (prevAclInterface == null || isSgChanged) {
211 builder.ingressRemoteAclTags(aclServiceUtils.getRemoteAclTags(sgs, DirectionIngress.class))
212 .egressRemoteAclTags(aclServiceUtils.getRemoteAclTags(sgs, DirectionEgress.class));
215 // Clone and return the ACL interface object
216 return AclInterface.builder(aclInterface).build();
220 protected void add(InstanceIdentifier<Interface> key, Interface port) {
221 LOG.trace("Received AclInterface add event, port={}", port);
222 InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class);
223 if (aclInPort != null && aclInPort.isPortSecurityEnabled()) {
224 String interfaceId = port.getName();
225 AclInterface aclInterface = addOrUpdateAclInterfaceCache(interfaceId, aclInPort);
227 if (aclClusterUtil.isEntityOwner()) {
228 LOG.debug("On add event, notify ACL service manager to bind ACL for interface: {}", port);
229 aclServiceManager.notify(aclInterface, null, Action.BIND);
235 protected AclInterfaceListener getDataTreeChangeListener() {