openstack/net-virt/src/main/java/org/opendaylight/netvirt/openstack/netvirt/impl/SecurityServicesImpl.java

   1 /*
   2  * Copyright (c) 2014, 2015 Red Hat, Inc. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.netvirt.openstack.netvirt.impl;
  10
  11 import org.opendaylight.netvirt.openstack.netvirt.ConfigInterface;
  12 import org.opendaylight.netvirt.openstack.netvirt.api.ConfigurationService;
  13 import org.opendaylight.netvirt.openstack.netvirt.api.Constants;
  14 import org.opendaylight.netvirt.openstack.netvirt.api.EgressAclProvider;
  15 import org.opendaylight.netvirt.openstack.netvirt.api.IngressAclProvider;
  16 import org.opendaylight.netvirt.openstack.netvirt.api.NodeCacheManager;
  17 import org.opendaylight.netvirt.openstack.netvirt.api.SecurityGroupCacheManger;
  18 import org.opendaylight.netvirt.openstack.netvirt.api.SecurityServicesManager;
  19 import org.opendaylight.netvirt.openstack.netvirt.api.Southbound;
  20 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronNetwork;
  21 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronPort;
  22 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityGroup;
  23 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityRule;
  24 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSubnet;
  25 import org.opendaylight.netvirt.openstack.netvirt.translator.Neutron_IPs;
  26 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronNetworkCRUD;
  27 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronPortCRUD;
  28 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronSubnetCRUD;
  29 import org.opendaylight.netvirt.utils.servicehelper.ServiceHelper;
  30 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.ovsdb.rev150105.OvsdbTerminationPointAugmentation;
  31 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
  32 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
  33 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.node.TerminationPoint;
  34 import org.osgi.framework.ServiceReference;
  35 import org.slf4j.Logger;
  36 import org.slf4j.LoggerFactory;
  37
  38 import java.util.ArrayList;
  39 import java.util.List;
  40 import java.util.HashMap;
  41 import java.util.Map;
  42
  43 public class SecurityServicesImpl implements ConfigInterface, SecurityServicesManager {
  44
  45     private static final Logger LOG = LoggerFactory.getLogger(TenantNetworkManagerImpl.class);
  46     private volatile INeutronPortCRUD neutronPortCache;
  47     private volatile INeutronSubnetCRUD neutronSubnetCache;
  48     private volatile Southbound southbound;
  49     private volatile NodeCacheManager nodeCacheManager;
  50     private volatile INeutronNetworkCRUD neutronNetworkCache;
  51     private volatile ConfigurationService configurationService;
  52     private volatile IngressAclProvider ingressAclProvider;
  53     private volatile EgressAclProvider egressAclProvider;
  54     private volatile NeutronL3Adapter neutronL3Adapter;
  55     private volatile SecurityGroupCacheManger securityGroupCacheManger;
  56     private volatile Map<NodeId, Long> nodeIdToDpIdCache = new HashMap<NodeId, Long>();
  57     private boolean isConntrackEnabled = false;
  58
  59     public SecurityServicesImpl() {
  60         super();
  61     }
  62
  63     public SecurityServicesImpl(boolean isConntrack) {
  64         super();
  65         this.isConntrackEnabled = isConntrack;
  66     }
  67
  68     @Override
  69     public boolean isPortSecurityReady(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
  70         if (neutronPortCache == null) {
  71             LOG.error("neutron port is null");
  72             return false;
  73         }
  74         LOG.trace("isPortSecurityReady for {}", terminationPointAugmentation.getName());
  75         String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
  76                                                                        Constants.EXTERNAL_ID_INTERFACE_ID);
  77         if (neutronPortId == null) {
  78             return false;
  79         }
  80         NeutronPort neutronPort = neutronL3Adapter.getPortPreferablyFromCleanupCache(neutronPortId);
  81         if (neutronPort == null) {
  82             return false;
  83         }
  84         String deviceOwner = neutronPort.getDeviceOwner();
  85         if (!deviceOwner.contains("compute")) {
  86             LOG.debug("Port {} is not a compute host, it is a: {}", neutronPortId, deviceOwner);
  87         }
  88         LOG.debug("isPortSecurityReady() is a {} ", deviceOwner);
  89         List<NeutronSecurityGroup> securityGroups = neutronPort.getSecurityGroups();
  90         if (securityGroups.isEmpty()) {
  91             LOG.debug("Check for device: {} does not contain a Security Group for port: {}", deviceOwner,
  92                       neutronPortId);
  93             return false;
  94         }
  95         LOG.debug("Security Group Check {} does contain a Neutron Security Group", neutronPortId);
  96         return true;
  97     }
  98
  99     @Override
 100     public List<NeutronSecurityGroup> getSecurityGroupInPortList(OvsdbTerminationPointAugmentation
 101                                                              terminationPointAugmentation) {
 102         List<NeutronSecurityGroup> neutronSecurityGroups = new ArrayList<>();
 103         if (neutronPortCache == null) {
 104             LOG.error("neutron port is null");
 105             return neutronSecurityGroups;
 106         }
 107         LOG.trace("getSecurityGroupInPortList for {}", terminationPointAugmentation.getName());
 108         String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 109                                                                        Constants.EXTERNAL_ID_INTERFACE_ID);
 110         if (neutronPortId == null) {
 111             return neutronSecurityGroups;
 112         }
 113         NeutronPort neutronPort = neutronL3Adapter.getPortPreferablyFromCleanupCache(neutronPortId);
 114         if (neutronPort == null) {
 115             return neutronSecurityGroups;
 116         }
 117         neutronSecurityGroups = neutronPort.getSecurityGroups();
 118         return neutronSecurityGroups;
 119
 120     }
 121
 122     @Override
 123     public NeutronPort getDhcpServerPort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 124         if (neutronPortCache == null) {
 125             LOG.warn("getDHCPServerPort: neutron port cache is null");
 126         }
 127         LOG.trace("getDHCPServerPort for {}",
 128                   terminationPointAugmentation.getName());
 129         NeutronPort neutronPort = null;
 130         try {
 131             String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 132                                                                            Constants.EXTERNAL_ID_INTERFACE_ID);
 133             if (neutronPortId == null) {
 134                 return null;
 135             }
 136             if (null != neutronPortCache) {
 137                 neutronPort = neutronL3Adapter.getPortPreferablyFromCleanupCache(neutronPortId);
 138                 if (neutronPort == null) {
 139                     return null;
 140                 }
 141             }
 142             /* if the current port is a DHCP port, return the same*/
 143             if (neutronPort.getDeviceOwner().contains("dhcp")) {
 144                 return neutronPort;
 145             }
 146             /*Since all the fixed ip assigned to a port should be
 147              *from the same network, first port is sufficient.*/
 148             List<Neutron_IPs> fixedIps = neutronPort.getFixedIPs();
 149             if (null == fixedIps || 0 == fixedIps.size() ) {
 150                 LOG.error("getDHCPServerPort: No fixed ip is assigned");
 151                 return null;
 152             }
 153             /* Get all the ports in the subnet and identify the dhcp port*/
 154             String subnetUuid = fixedIps.iterator().next().getSubnetUUID();
 155             NeutronSubnet neutronSubnet = neutronSubnetCache.getSubnet(subnetUuid);
 156             if (neutronSubnet == null) {
 157                 LOG.error("getDHCPServerPort: No subnet is found for " + subnetUuid);
 158                 return null;
 159             }
 160             List<NeutronPort> ports = neutronSubnet.getPortsInSubnet();
 161             for (NeutronPort port : ports) {
 162                 if (port.getDeviceOwner().contains("dhcp")) {
 163                     return port;
 164                 }
 165             }
 166         } catch (Exception e) {
 167             LOG.error("getDHCPServerPort:getDHCPServerPort failed due to ", e);
 168             return null;
 169         }
 170         return null;
 171     }
 172
 173     @Override
 174     public NeutronPort getNeutronPortFromDhcpIntf(
 175             OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 176         if (neutronPortCache == null) {
 177             LOG.error("getNeutronPortFromDhcpIntf: neutron port is null");
 178             return null;
 179         }
 180         String neutronPortId = southbound.getInterfaceExternalIdsValue(
 181                 terminationPointAugmentation,
 182                 Constants.EXTERNAL_ID_INTERFACE_ID);
 183         if (neutronPortId == null) {
 184             return null;
 185         }
 186         NeutronPort neutronPort = neutronL3Adapter.getPortPreferablyFromCleanupCache(neutronPortId);
 187         if (neutronPort == null) {
 188             return null;
 189         }
 190         /* if the current port is a DHCP port, return true*/
 191         if (neutronPort.getDeviceOwner().contains("dhcp")) {
 192             LOG.trace("getNeutronPortFromDhcpIntf: neutronPort is a dhcp port", neutronPort );
 193             return neutronPort;
 194         }
 195         return null;
 196     }
 197
 198
 199     @Override
 200     public NeutronPort getNeutronPortFromCache(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 201         NeutronPort neutronPort = null;
 202         LOG.trace("getNeutronPortFromCache for {}",
 203                 terminationPointAugmentation.getName());
 204         try {
 205             String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 206                     Constants.EXTERNAL_ID_INTERFACE_ID);
 207             if (neutronPortId == null) {
 208                 return null;
 209             }
 210             if (null != neutronPortCache) {
 211                 neutronPort = neutronL3Adapter.getPortPreferablyFromCleanupCache(neutronPortId);
 212                 if (neutronPort == null) {
 213                     return null;
 214                 }
 215             }
 216             LOG.trace("getNeutronPortFromCache: neutron port of {} got from cleanupcache", neutronPortId);
 217         } catch (Exception e) {
 218             LOG.warn("getNeutronPortFromCache:getNeutronPortFromCache failed due to ", e);
 219             return null;
 220         }
 221         return neutronPort;
 222     }
 223
 224
 225
 226     @Override
 227     public boolean isComputePort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 228         if (neutronPortCache == null) {
 229             LOG.warn("isComputePort : neutronPortCache is null");
 230         }
 231         NeutronPort neutronPort = null;
 232         LOG.trace("isComputePort for {}", terminationPointAugmentation.getName());
 233         String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 234                                                                        Constants.EXTERNAL_ID_INTERFACE_ID);
 235         if (neutronPortId == null) {
 236             return false;
 237         }
 238         if (neutronPortCache != null) {
 239             neutronPort = neutronPortCache.getPort(neutronPortId);
 240         }
 241         if (neutronPort == null) {
 242             neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
 243             if (neutronPort == null) {
 244                 return false;
 245             }
 246         }
 247         /*Check the device owner and if it contains compute to identify
 248          * whether it is a compute port.*/
 249         String deviceOwner = neutronPort.getDeviceOwner();
 250         if (!deviceOwner.contains("compute")) {
 251             LOG.debug("isComputePort : Port {} is not a DHCP server port for device owner {}",
 252                       neutronPortId,deviceOwner);
 253             return false;
 254         }
 255         return true;
 256     }
 257
 258     @Override
 259     public boolean isLastPortinSubnet(Node node, OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 260         if (neutronPortCache == null) {
 261             LOG.error("isLastPortinSubnet: neutronPortCache is null");
 262         }
 263         NeutronPort neutronPort = null;
 264         try {
 265             LOG.trace("isLastPortinSubnet: for {}", terminationPointAugmentation.getName());
 266             String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 267                                                                            Constants.EXTERNAL_ID_INTERFACE_ID);
 268             if (neutronPortId == null) {
 269                 return false;
 270             }
 271             if (neutronPortCache != null) {
 272                 neutronPort = neutronPortCache.getPort(neutronPortId);
 273             }
 274             if (neutronPort == null) {
 275                 neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
 276                 if (neutronPort == null) {
 277                     LOG.error("isLastPortinSubnet: neutron port of {} is not found", neutronPortId);
 278                     return false;
 279                 }
 280             }
 281             List<Neutron_IPs> neutronPortFixedIp = neutronPort.getFixedIPs();
 282             if (null == neutronPortFixedIp || neutronPortFixedIp.isEmpty()) {
 283                 return false;
 284             }
 285             /*Get all the ports in the current node and check whether there
 286              * is any port belonging to the same subnet of the input
 287              */
 288             List<TerminationPoint> terminationPoints = node.getTerminationPoint();
 289             if (terminationPoints != null && !terminationPoints.isEmpty()) {
 290                 for (TerminationPoint tp : terminationPoints) {
 291                     OvsdbTerminationPointAugmentation ovsdbTerminationPointAugmentation =
 292                             tp.getAugmentation(OvsdbTerminationPointAugmentation.class);
 293                     if (ovsdbTerminationPointAugmentation != null && !ovsdbTerminationPointAugmentation
 294                             .getName().equals(Constants.INTEGRATION_BRIDGE)) {
 295                         String portId = southbound.getInterfaceExternalIdsValue(ovsdbTerminationPointAugmentation,
 296                                                                                 Constants.EXTERNAL_ID_INTERFACE_ID);
 297                         if (null != portId) {
 298                             NeutronPort port = neutronPortCache.getPort(portId);
 299                             if (null != port && !(port.getID().equals(neutronPort.getID()))
 300                                     && port.getDeviceOwner().contains("compute")) {
 301                                 List<Neutron_IPs> portFixedIp = port.getFixedIPs();
 302                                 if (null == portFixedIp || portFixedIp.isEmpty()) {
 303                                     return false;
 304                                 }
 305                                 if (portFixedIp.iterator().next().getSubnetUUID()
 306                                         .equals(neutronPort.getFixedIPs().iterator().next().getSubnetUUID())) {
 307                                     LOG.trace("isLastPortinSubnet: Port is not the only port.");
 308                                     return false;
 309                                 }
 310                             }
 311                         }
 312                     }
 313                 }
 314             }
 315         } catch (Exception e) {
 316             LOG.error("isLastPortinSubnet: isLastPortinSubnet failed due to ", e);
 317             return false;
 318         }
 319         return true;
 320     }
 321
 322     @Override
 323     public boolean isLastPortinBridge(Node node, OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 324         LOG.trace("isLastPortinBridge: for {}", terminationPointAugmentation.getName());
 325         List<TerminationPoint> terminationPoints = node.getTerminationPoint();
 326         /*Check whether the node has any port other than br-int*/
 327         if (terminationPoints != null && !terminationPoints.isEmpty()) {
 328             for (TerminationPoint tp : terminationPoints) {
 329                 OvsdbTerminationPointAugmentation ovsdbTerminationPointAugmentation =
 330                         tp.getAugmentation(OvsdbTerminationPointAugmentation.class);
 331                 if (null != ovsdbTerminationPointAugmentation
 332                         && !(ovsdbTerminationPointAugmentation.getName().equals(Constants.INTEGRATION_BRIDGE))
 333                         && !(terminationPointAugmentation.getInterfaceUuid()
 334                         .equals(ovsdbTerminationPointAugmentation.getInterfaceUuid()))) {
 335                     LOG.debug("isLastPortinBridge: it the last port in bridge {}",
 336                             terminationPointAugmentation.getName());
 337                     return false;
 338                 }
 339             }
 340         }
 341         return true;
 342     }
 343
 344     @Override
 345     public List<Neutron_IPs> getIpAddressList(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 346         if (neutronPortCache == null) {
 347             LOG.warn("getIpAddress: neutronPortCache is null");
 348         }
 349         NeutronPort neutronPort = null;
 350         LOG.trace("getIpAddress: for {}", terminationPointAugmentation.getName());
 351         String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 352                                                                        Constants.EXTERNAL_ID_INTERFACE_ID);
 353         if (neutronPortId == null) {
 354             return null;
 355         }
 356         if (neutronPortCache != null) {
 357             neutronPort = neutronPortCache.getPort(neutronPortId);
 358         }
 359         if (neutronPort == null) {
 360             neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
 361         }
 362         if (neutronPort == null) {
 363             LOG.error("getIpAddress: neutron port of {} is not found", neutronPortId);
 364             return null;
 365         }
 366         return neutronPort.getFixedIPs();
 367     }
 368
 369     @Override
 370     public List<Neutron_IPs> getVmListForSecurityGroup(String portUuid, String securityGroupUuid) {
 371         List<Neutron_IPs> vmListForSecurityGroup = new ArrayList<>();
 372         /*For every port check whether security grouplist contains the current
 373          * security group.*/
 374         try {
 375             for (String neutronPortUuid:neutronL3Adapter.getPortCleanupCache().keySet()) {
 376                 NeutronPort neutronPort = neutronL3Adapter.getPortCleanupCache().get(neutronPortUuid);
 377                 if (!neutronPort.getDeviceOwner().contains("compute")) {
 378                     LOG.debug("getVMListForSecurityGroup : the port {} is not "
 379                             + "compute port belongs to {}", neutronPort.getID(), neutronPort.getDeviceOwner());
 380                     continue;
 381                 }
 382                 if (portUuid.equals(neutronPort.getID())) {
 383                     continue;
 384                 }
 385                 List<NeutronSecurityGroup> securityGroups = neutronPort.getSecurityGroups();
 386                 if (null != securityGroups) {
 387                     for (NeutronSecurityGroup securityGroup:securityGroups) {
 388                         if (securityGroup.getSecurityGroupUUID().equals(securityGroupUuid)) {
 389                             LOG.debug("getVMListForSecurityGroup : adding ports with ips {} "
 390                                     + "compute port", neutronPort.getFixedIPs());
 391                             if (neutronPort.getFixedIPs() != null) {
 392                                 vmListForSecurityGroup.addAll(neutronPort.getFixedIPs());
 393                             }
 394                         }
 395                     }
 396                 }
 397
 398             }
 399         } catch (Exception e) {
 400             LOG.error("getVMListForSecurityGroup: getVMListForSecurityGroup"
 401                     + " failed due to ", e);
 402             return null;
 403         }
 404         return vmListForSecurityGroup;
 405
 406     }
 407
 408     @Override
 409     public void syncFixedSecurityGroup(NeutronPort port, boolean write) {
 410
 411         Node node = getNode(port);
 412         if (node == null) {
 413             return;
 414         }
 415         NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
 416         if (null == neutronNetwork) {
 417             neutronNetwork = neutronL3Adapter.getNetworkFromCleanupCache(port.getNetworkUUID());
 418             if (neutronNetwork == null) {
 419                 return;
 420             }
 421         }
 422         OvsdbTerminationPointAugmentation intf = getInterface(node, port);
 423         if (intf == null) {
 424             return;
 425         }
 426         String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
 427         if (attachedMac == null) {
 428             LOG.debug("syncFixedSecurityGroup: No AttachedMac seen in {}", intf);
 429             return;
 430         }
 431         long dpid = getDpidOfIntegrationBridge(node);
 432         if (dpid == 0L) {
 433             return;
 434         }
 435         String segmentationId = neutronNetwork.getProviderSegmentationID();
 436         long localPort = southbound.getOFPort(intf);
 437         NeutronPort dhcpPort = this.getDhcpServerPort(intf);
 438         if (dhcpPort != null) {
 439             ingressAclProvider.programFixedSecurityGroup(dpid, segmentationId,
 440                 dhcpPort.getMacAddress(), localPort, attachedMac, write);
 441         }
 442         List<Neutron_IPs> srcAddressList = null;
 443         srcAddressList = this.getIpAddressList(intf);
 444         egressAclProvider.programFixedSecurityGroup(dpid, segmentationId,
 445             attachedMac, localPort, srcAddressList, write);
 446     }
 447
 448     @Override
 449     public void syncSecurityGroup(NeutronPort port, List<NeutronSecurityGroup> securityGroupList, boolean write) {
 450         LOG.trace("syncSecurityGroup:" + securityGroupList + " Write:" + write);
 451         if (null != port && null != port.getSecurityGroups()) {
 452             Node node = getNode(port);
 453             if (node == null) {
 454                 return;
 455             }
 456             NodeId nodeId = node.getNodeId();
 457             NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
 458             if (null == neutronNetwork) {
 459                 neutronNetwork = neutronL3Adapter.getNetworkFromCleanupCache(port.getNetworkUUID());
 460                 if (neutronNetwork == null) {
 461                     return;
 462                 }
 463             }
 464             String segmentationId = neutronNetwork.getProviderSegmentationID();
 465             OvsdbTerminationPointAugmentation intf = getInterface(node, port);
 466             if (intf == null) {
 467                 return;
 468             }
 469             long localPort = southbound.getOFPort(intf);
 470             String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
 471             if (attachedMac == null) {
 472                 LOG.debug("syncSecurityGroup: No AttachedMac seen in {}", intf);
 473                 return;
 474             }
 475             long dpid = getDpidOfIntegrationBridge(node);
 476             if (dpid == 0L) {
 477                 return;
 478             }
 479             String neutronPortId = southbound.getInterfaceExternalIdsValue(intf,
 480                                                                            Constants.EXTERNAL_ID_INTERFACE_ID);
 481             if (neutronPortId == null) {
 482                 LOG.debug("syncSecurityGroup: No neutronPortId seen in {}", intf);
 483                 return;
 484             }
 485             for (NeutronSecurityGroup securityGroupInPort:securityGroupList) {
 486                 ingressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
 487                                                           securityGroupInPort, neutronPortId, nodeId, write);
 488                 egressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
 489                                                          securityGroupInPort, neutronPortId, nodeId, write);
 490                 if (write) {
 491                     securityGroupCacheManger.portAdded(securityGroupInPort.getSecurityGroupUUID(), neutronPortId);
 492                 } else {
 493                     securityGroupCacheManger.portRemoved(securityGroupInPort.getSecurityGroupUUID(), neutronPortId);
 494                 }
 495             }
 496         }
 497     }
 498
 499     @Override
 500     public void syncSecurityRule(NeutronPort port, NeutronSecurityRule securityRule, Neutron_IPs vmIp, NodeId nodeId,
 501             boolean write) {
 502         LOG.trace("syncSecurityGroup:" + securityRule + " Write:" + write);
 503         if (null != port && null != port.getSecurityGroups()) {
 504             if (nodeId != null) {
 505                 syncSecurityRules(port, securityRule, vmIp, nodeId, port.getMacAddress(), write);
 506             } else {
 507                 return;
 508             }
 509         }
 510     }
 511
 512     private void syncSecurityRules(NeutronPort port, NeutronSecurityRule securityRule, Neutron_IPs vmIp, NodeId nodeId,
 513             String attachedMac, boolean write) {
 514         NeutronNetwork neutronNetwork = neutronL3Adapter.getNetworkFromCleanupCache(port.getNetworkUUID());
 515         if (null == neutronNetwork) {
 516             neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
 517         }
 518         if (neutronNetwork == null) {
 519             return;
 520         }
 521         String segmentationId = neutronNetwork.getProviderSegmentationID();
 522         Node node = nodeCacheManager.getNode(nodeId);
 523         Long dpId = this.nodeIdToDpIdCache.get(nodeId);
 524         if(dpId == null ) {
 525             dpId = getDpidOfIntegrationBridge(node);
 526             if (dpId != 0L) {
 527                 this.nodeIdToDpIdCache.put(nodeId , dpId);
 528             }
 529         }
 530         if (dpId == 0L) {
 531             return;
 532         }
 533         if (NeutronSecurityRule.ETHERTYPE_IPV4.equals(securityRule.getSecurityRuleEthertype())) {
 534             if (NeutronSecurityRule.DIRECTION_INGRESS.equals(securityRule.getSecurityRuleDirection())) {
 535                 ingressAclProvider.programPortSecurityRule(dpId, segmentationId, attachedMac,
 536                         securityRule, vmIp, write);
 537             } else if (NeutronSecurityRule.DIRECTION_EGRESS.equals(securityRule.getSecurityRuleDirection())) {
 538                 egressAclProvider.programPortSecurityRule(dpId, segmentationId, attachedMac,
 539                         securityRule, vmIp, write);
 540             }
 541         }
 542     }
 543
 544     private long getDpidOfIntegrationBridge(Node node) {
 545         LOG.trace("getDpidOfIntegrationBridge:" + node);
 546         long dpid = 0L;
 547         if (southbound.getBridgeName(node).equals(configurationService.getIntegrationBridgeName())) {
 548             dpid = getDpid(node);
 549         }
 550         if (dpid == 0L) {
 551             LOG.warn("getDpidOfIntegerationBridge: dpid not found: {}", node);
 552         }
 553         return dpid;
 554     }
 555
 556     private long getDpid(Node node) {
 557         LOG.trace("getDpid" + node);
 558         long dpid = southbound.getDataPathId(node);
 559         if (dpid == 0) {
 560             LOG.warn("getDpid: dpid not found: {}", node);
 561         }
 562         return dpid;
 563     }
 564
 565     private Node getNode(NeutronPort port) {
 566         LOG.trace("getNode:Port" + port);
 567         List<Node> toplogyNodes = southbound.readOvsdbTopologyNodes();
 568
 569         for (Node topologyNode : toplogyNodes) {
 570             try {
 571                 Node node = southbound.getBridgeNode(topologyNode,Constants.INTEGRATION_BRIDGE);
 572                 if (node == null) {
 573                     LOG.error("getNode: br-int interface is not found for node:{}", topologyNode.getNodeId().getValue());
 574                 }
 575                 List<OvsdbTerminationPointAugmentation> ovsdbPorts = southbound.getTerminationPointsOfBridge(node);
 576                 for (OvsdbTerminationPointAugmentation ovsdbPort : ovsdbPorts) {
 577                     String uuid = southbound.getInterfaceExternalIdsValue(ovsdbPort,
 578                                                             Constants.EXTERNAL_ID_INTERFACE_ID);
 579                     if (null != uuid && uuid.equals(port.getID())) {
 580                         return node;
 581                     }
 582                 }
 583             } catch (Exception e) {
 584                 LOG.error("Exception during handlingNeutron network delete", e);
 585             }
 586         }
 587         LOG.info("no node found for port:" + port);
 588         return null;
 589     }
 590
 591     private OvsdbTerminationPointAugmentation getInterface(Node node, NeutronPort port) {
 592         LOG.trace("getInterface:Node:" + node + " Port:" + port);
 593         try {
 594             List<OvsdbTerminationPointAugmentation> ovsdbPorts = southbound.getTerminationPointsOfBridge(node);
 595             for (OvsdbTerminationPointAugmentation ovsdbPort : ovsdbPorts) {
 596                 String uuid = southbound.getInterfaceExternalIdsValue(ovsdbPort,
 597                                                                       Constants.EXTERNAL_ID_INTERFACE_ID);
 598                 if (null != uuid && uuid.equals(port.getID())) {
 599                     return ovsdbPort;
 600                 }
 601             }
 602         } catch (Exception e) {
 603             LOG.error("Exception during handlingNeutron network delete", e);
 604         }
 605         LOG.info("no interface found for node: " + node + " port:" + port);
 606         return null;
 607     }
 608
 609     @Override
 610     public boolean isPortSecurityEnabled(OvsdbTerminationPointAugmentation intf) {
 611         NeutronPort neutronPort = getNeutronPortFromCache(intf);
 612         if (null == neutronPort) {
 613             LOG.error("Neutron Port is null: " + intf);
 614             return false;
 615         }
 616         if (neutronPort.getPortSecurityEnabled()) {
 617             LOG.info("Port Security is enabled for Port: " + neutronPort);
 618             return true;
 619         }
 620         LOG.info("Port Security is  not enabled for Port: " + neutronPort);
 621         return false;
 622     }
 623
 624     @Override
 625     public void setDependencies(ServiceReference serviceReference) {
 626         neutronL3Adapter =
 627                 (NeutronL3Adapter) ServiceHelper.getGlobalInstance(NeutronL3Adapter.class, this);
 628         southbound =
 629                 (Southbound) ServiceHelper.getGlobalInstance(Southbound.class, this);
 630         neutronNetworkCache =
 631                 (INeutronNetworkCRUD) ServiceHelper.getGlobalInstance(INeutronNetworkCRUD.class, this);
 632         nodeCacheManager =
 633                 (NodeCacheManager) ServiceHelper.getGlobalInstance(NodeCacheManager.class, this);
 634         configurationService =
 635                 (ConfigurationService) ServiceHelper.getGlobalInstance(ConfigurationService.class, this);
 636         securityGroupCacheManger =
 637                 (SecurityGroupCacheManger) ServiceHelper.getGlobalInstance(SecurityGroupCacheManger.class, this);
 638     }
 639
 640     @Override
 641     public void setDependencies(Object impl) {
 642         if (impl instanceof INeutronPortCRUD) {
 643             neutronPortCache = (INeutronPortCRUD)impl;
 644         } else if (impl instanceof INeutronSubnetCRUD) {
 645             neutronSubnetCache = (INeutronSubnetCRUD) impl;
 646         } else if (impl instanceof IngressAclProvider) {
 647             ingressAclProvider = (IngressAclProvider) impl;
 648         } else if (impl instanceof EgressAclProvider) {
 649             egressAclProvider = (EgressAclProvider) impl;
 650         }
 651     }
 652
 653     @Override
 654     public boolean isConntrackEnabled() {
 655         return isConntrackEnabled;
 656     }
 657 }