openstack/net-virt/src/main/java/org/opendaylight/netvirt/openstack/netvirt/impl/SecurityServicesImpl.java

   1 /*
   2  * Copyright (c) 2014, 2015 Red Hat, Inc. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.netvirt.openstack.netvirt.impl;
  10
  11 import org.opendaylight.netvirt.openstack.netvirt.ConfigInterface;
  12 import org.opendaylight.netvirt.openstack.netvirt.api.ConfigurationService;
  13 import org.opendaylight.netvirt.openstack.netvirt.api.Constants;
  14 import org.opendaylight.netvirt.openstack.netvirt.api.EgressAclProvider;
  15 import org.opendaylight.netvirt.openstack.netvirt.api.IngressAclProvider;
  16 import org.opendaylight.netvirt.openstack.netvirt.api.SecurityServicesManager;
  17 import org.opendaylight.netvirt.openstack.netvirt.api.Southbound;
  18 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronNetwork;
  19 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronPort;
  20 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityGroup;
  21 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityRule;
  22 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSubnet;
  23 import org.opendaylight.netvirt.openstack.netvirt.translator.Neutron_IPs;
  24 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronNetworkCRUD;
  25 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronPortCRUD;
  26 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronSubnetCRUD;
  27 import org.opendaylight.netvirt.utils.servicehelper.ServiceHelper;
  28 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.ovsdb.rev150105.OvsdbTerminationPointAugmentation;
  29 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
  30 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.node.TerminationPoint;
  31 import org.osgi.framework.ServiceReference;
  32 import org.slf4j.Logger;
  33 import org.slf4j.LoggerFactory;
  34
  35 import java.util.ArrayList;
  36 import java.util.List;
  37
  38 public class SecurityServicesImpl implements ConfigInterface, SecurityServicesManager {
  39
  40     private static final Logger LOG = LoggerFactory.getLogger(TenantNetworkManagerImpl.class);
  41     private volatile INeutronPortCRUD neutronPortCache;
  42     private volatile INeutronSubnetCRUD neutronSubnetCache;
  43     private volatile Southbound southbound;
  44     private volatile INeutronNetworkCRUD neutronNetworkCache;
  45     private volatile ConfigurationService configurationService;
  46     private volatile IngressAclProvider ingressAclProvider;
  47     private volatile EgressAclProvider egressAclProvider;
  48     private volatile NeutronL3Adapter neutronL3Adapter;
  49     private boolean isConntrackEnabled = false;
  50
  51     public SecurityServicesImpl() {
  52         super();
  53     }
  54
  55     public SecurityServicesImpl(boolean isConntrack) {
  56         super();
  57         this.isConntrackEnabled = isConntrack;
  58     }
  59
  60     @Override
  61     public boolean isPortSecurityReady(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
  62         if (neutronPortCache == null) {
  63             LOG.error("neutron port is null");
  64             return false;
  65         }
  66         LOG.trace("isPortSecurityReady for {}", terminationPointAugmentation.getName());
  67         String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
  68                                                                        Constants.EXTERNAL_ID_INTERFACE_ID);
  69         if (neutronPortId == null) {
  70             return false;
  71         }
  72         NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
  73         if (neutronPort == null) {
  74             neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
  75             if (neutronPort == null) {
  76                 LOG.error("isPortSecurityReady for {}", terminationPointAugmentation.getName()
  77                           + "not found");
  78                 return false;
  79             }
  80         }
  81         String deviceOwner = neutronPort.getDeviceOwner();
  82         if (!deviceOwner.contains("compute")) {
  83             LOG.debug("Port {} is not a compute host, it is a: {}", neutronPortId, deviceOwner);
  84         }
  85         LOG.debug("isPortSecurityReady() is a {} ", deviceOwner);
  86         List<NeutronSecurityGroup> securityGroups = neutronPort.getSecurityGroups();
  87         if (securityGroups.isEmpty()) {
  88             LOG.debug("Check for device: {} does not contain a Security Group for port: {}", deviceOwner,
  89                       neutronPortId);
  90             return false;
  91         }
  92         LOG.debug("Security Group Check {} does contain a Neutron Security Group", neutronPortId);
  93         return true;
  94     }
  95
  96     @Override
  97     public List<NeutronSecurityGroup> getSecurityGroupInPortList(OvsdbTerminationPointAugmentation
  98                                                              terminationPointAugmentation) {
  99         List<NeutronSecurityGroup> neutronSecurityGroups = new ArrayList<>();
 100         if (neutronPortCache == null) {
 101             LOG.error("neutron port is null");
 102             return neutronSecurityGroups;
 103         }
 104         LOG.trace("getSecurityGroupInPortList for {}", terminationPointAugmentation.getName());
 105         String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 106                                                                        Constants.EXTERNAL_ID_INTERFACE_ID);
 107         if (neutronPortId == null) {
 108             return neutronSecurityGroups;
 109         }
 110         NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
 111         if (neutronPort == null) {
 112             neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
 113             if (neutronPort == null) {
 114                 LOG.error("getSecurityGroupInPortList for {}", terminationPointAugmentation.getName()
 115                           + "not found.");
 116                 return neutronSecurityGroups;
 117             }
 118         }
 119         neutronSecurityGroups = neutronPort.getSecurityGroups();
 120         return neutronSecurityGroups;
 121
 122     }
 123
 124     @Override
 125     public NeutronPort getDhcpServerPort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 126         if (neutronPortCache == null) {
 127             LOG.warn("getDHCPServerPort: neutron port cache is null");
 128         }
 129         LOG.trace("getDHCPServerPort for {}",
 130                   terminationPointAugmentation.getName());
 131         NeutronPort neutronPort = null;
 132         try {
 133             String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 134                                                                            Constants.EXTERNAL_ID_INTERFACE_ID);
 135             if (neutronPortId == null) {
 136                 return null;
 137             }
 138             if (null != neutronPortCache) {
 139                 neutronPort = neutronPortCache.getPort(neutronPortId);
 140
 141             }
 142             if (neutronPort == null) {
 143                 neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
 144                 if (neutronPort == null) {
 145                     LOG.error("getDHCPServerPort: neutron port of {} is not found", neutronPortId);
 146                     return null;
 147                 }
 148                 LOG.info("getDHCPServerPort: neutron port of {} got from cleanupcache", neutronPortId);
 149
 150             }
 151             /* if the current port is a DHCP port, return the same*/
 152             if (neutronPort.getDeviceOwner().contains("dhcp")) {
 153                 return neutronPort;
 154             }
 155             /*Since all the fixed ip assigned to a port should be
 156              *from the same network, first port is sufficient.*/
 157             List<Neutron_IPs> fixedIps = neutronPort.getFixedIPs();
 158             if (null == fixedIps || 0 == fixedIps.size() ) {
 159                 LOG.error("getDHCPServerPort: No fixed ip is assigned");
 160                 return null;
 161             }
 162             /* Get all the ports in the subnet and identify the dhcp port*/
 163             String subnetUuid = fixedIps.iterator().next().getSubnetUUID();
 164             NeutronSubnet neutronSubnet = neutronSubnetCache.getSubnet(subnetUuid);
 165             if (neutronSubnet == null) {
 166                 LOG.error("getDHCPServerPort: No subnet is found for " + subnetUuid);
 167                 return null;
 168             }
 169             List<NeutronPort> ports = neutronSubnet.getPortsInSubnet();
 170             for (NeutronPort port : ports) {
 171                 if (port.getDeviceOwner().contains("dhcp")) {
 172                     return port;
 173                 }
 174             }
 175         } catch (Exception e) {
 176             LOG.error("getDHCPServerPort:getDHCPServerPort failed due to ", e);
 177             return null;
 178         }
 179         return null;
 180     }
 181
 182     @Override
 183     public NeutronPort getNeutronPortFromDhcpIntf(
 184             OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 185         if (neutronPortCache == null) {
 186             LOG.error("getNeutronPortFromDhcpIntf: neutron port is null");
 187             return null;
 188         }
 189         String neutronPortId = southbound.getInterfaceExternalIdsValue(
 190                 terminationPointAugmentation,
 191                 Constants.EXTERNAL_ID_INTERFACE_ID);
 192         if (neutronPortId == null) {
 193             return null;
 194         }
 195         NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
 196         if (neutronPort == null) {
 197             neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
 198             if (neutronPort == null) {
 199                 LOG.error("getNeutronPortFromDhcpIntf: neutron port of {} is not found", neutronPortId);
 200                 return null;
 201             }
 202         }
 203         /* if the current port is a DHCP port, return true*/
 204         if (neutronPort.getDeviceOwner().contains("dhcp")) {
 205             LOG.trace("getNeutronPortFromDhcpIntf: neutronPort is a dhcp port", neutronPort );
 206             return neutronPort;
 207         }
 208         return null;
 209     }
 210
 211
 212     @Override
 213     public NeutronPort getNeutronPortFromCache(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 214         NeutronPort neutronPort = null;
 215         LOG.trace("getNeutronPortFromCache for {}",
 216                 terminationPointAugmentation.getName());
 217         try {
 218             String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 219                     Constants.EXTERNAL_ID_INTERFACE_ID);
 220             if (neutronPortId == null) {
 221                 return null;
 222             }
 223             if (null != neutronPortCache) {
 224                 neutronPort = neutronPortCache.getPort(neutronPortId);
 225
 226             }
 227             if (neutronPort == null) {
 228                 LOG.trace("getNeutronPortFromCache: neutron port of {} search in cleanupcache", neutronPortId);
 229
 230                 neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
 231                 if (neutronPort == null) {
 232                     LOG.error("getNeutronPortFromCache: neutron port of {} is not found", neutronPortId);
 233                     return null;
 234                 }
 235                 LOG.trace("getNeutronPortFromCache: neutron port of {} got from cleanupcache", neutronPortId);
 236
 237             }
 238         } catch (Exception e) {
 239             LOG.warn("getNeutronPortFromCache:getNeutronPortFromCache failed due to ", e);
 240             return null;
 241         }
 242         return neutronPort;
 243     }
 244
 245
 246
 247     @Override
 248     public boolean isComputePort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 249         if (neutronPortCache == null) {
 250             LOG.warn("isComputePort : neutronPortCache is null");
 251         }
 252         NeutronPort neutronPort = null;
 253         LOG.trace("isComputePort for {}", terminationPointAugmentation.getName());
 254         String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 255                                                                        Constants.EXTERNAL_ID_INTERFACE_ID);
 256         if (neutronPortId == null) {
 257             return false;
 258         }
 259         if (neutronPortCache != null) {
 260             neutronPort = neutronPortCache.getPort(neutronPortId);
 261         }
 262         if (neutronPort == null) {
 263             neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
 264             if (neutronPort == null) {
 265                 return false;
 266             }
 267         }
 268         /*Check the device owner and if it contains compute to identify
 269          * whether it is a compute port.*/
 270         String deviceOwner = neutronPort.getDeviceOwner();
 271         if (!deviceOwner.contains("compute")) {
 272             LOG.debug("isComputePort : Port {} is not a DHCP server port for device owner {}",
 273                       neutronPortId,deviceOwner);
 274             return false;
 275         }
 276         return true;
 277     }
 278
 279     @Override
 280     public boolean isLastPortinSubnet(Node node, OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 281         if (neutronPortCache == null) {
 282             LOG.error("isLastPortinSubnet: neutronPortCache is null");
 283         }
 284         NeutronPort neutronPort = null;
 285         try {
 286             LOG.trace("isLastPortinSubnet: for {}", terminationPointAugmentation.getName());
 287             String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 288                                                                            Constants.EXTERNAL_ID_INTERFACE_ID);
 289             if (neutronPortId == null) {
 290                 return false;
 291             }
 292             if (neutronPortCache != null) {
 293                 neutronPort = neutronPortCache.getPort(neutronPortId);
 294             }
 295             if (neutronPort == null) {
 296                 neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
 297                 if (neutronPort == null) {
 298                     LOG.error("isLastPortinSubnet: neutron port of {} is not found", neutronPortId);
 299                     return false;
 300                 }
 301             }
 302             List<Neutron_IPs> neutronPortFixedIp = neutronPort.getFixedIPs();
 303             if (null == neutronPortFixedIp || neutronPortFixedIp.isEmpty()) {
 304                 return false;
 305             }
 306             /*Get all the ports in the current node and check whether there
 307              * is any port belonging to the same subnet of the input
 308              */
 309             List<TerminationPoint> terminationPoints = node.getTerminationPoint();
 310             if (terminationPoints != null && !terminationPoints.isEmpty()) {
 311                 for (TerminationPoint tp : terminationPoints) {
 312                     OvsdbTerminationPointAugmentation ovsdbTerminationPointAugmentation =
 313                             tp.getAugmentation(OvsdbTerminationPointAugmentation.class);
 314                     if (ovsdbTerminationPointAugmentation != null && !ovsdbTerminationPointAugmentation
 315                             .getName().equals(Constants.INTEGRATION_BRIDGE)) {
 316                         String portId = southbound.getInterfaceExternalIdsValue(ovsdbTerminationPointAugmentation,
 317                                                                                 Constants.EXTERNAL_ID_INTERFACE_ID);
 318                         if (null != portId) {
 319                             NeutronPort port = neutronPortCache.getPort(portId);
 320                             if (null != port && !(port.getID().equals(neutronPort.getID()))
 321                                     && port.getDeviceOwner().contains("compute")) {
 322                                 List<Neutron_IPs> portFixedIp = port.getFixedIPs();
 323                                 if (null == portFixedIp || portFixedIp.isEmpty()) {
 324                                     return false;
 325                                 }
 326                                 if (portFixedIp.iterator().next().getSubnetUUID()
 327                                         .equals(neutronPort.getFixedIPs().iterator().next().getSubnetUUID())) {
 328                                     LOG.trace("isLastPortinSubnet: Port is not the only port.");
 329                                     return false;
 330                                 }
 331                             }
 332                         }
 333                     }
 334                 }
 335             }
 336         } catch (Exception e) {
 337             LOG.error("isLastPortinSubnet: isLastPortinSubnet failed due to ", e);
 338             return false;
 339         }
 340         return true;
 341     }
 342
 343     @Override
 344     public boolean isLastPortinBridge(Node node, OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 345         LOG.trace("isLastPortinBridge: for {}", terminationPointAugmentation.getName());
 346         List<TerminationPoint> terminationPoints = node.getTerminationPoint();
 347         /*Check whether the node has any port other than br-int*/
 348         if (terminationPoints != null && !terminationPoints.isEmpty()) {
 349             for (TerminationPoint tp : terminationPoints) {
 350                 OvsdbTerminationPointAugmentation ovsdbTerminationPointAugmentation =
 351                         tp.getAugmentation(OvsdbTerminationPointAugmentation.class);
 352                 if (null != ovsdbTerminationPointAugmentation
 353                         && !(ovsdbTerminationPointAugmentation.getName().equals(Constants.INTEGRATION_BRIDGE))
 354                         && !(terminationPointAugmentation.getInterfaceUuid()
 355                         .equals(ovsdbTerminationPointAugmentation.getInterfaceUuid()))) {
 356                     LOG.debug("isLastPortinBridge: it the last port in bridge {}",
 357                             terminationPointAugmentation.getName());
 358                     return false;
 359                 }
 360             }
 361         }
 362         return true;
 363     }
 364
 365     @Override
 366     public List<Neutron_IPs> getIpAddressList(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 367         if (neutronPortCache == null) {
 368             LOG.warn("getIpAddress: neutronPortCache is null");
 369         }
 370         NeutronPort neutronPort = null;
 371         LOG.trace("getIpAddress: for {}", terminationPointAugmentation.getName());
 372         String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 373                                                                        Constants.EXTERNAL_ID_INTERFACE_ID);
 374         if (neutronPortId == null) {
 375             return null;
 376         }
 377         if (neutronPortCache != null) {
 378             neutronPort = neutronPortCache.getPort(neutronPortId);
 379         }
 380         if (neutronPort == null) {
 381             neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
 382         }
 383         if (neutronPort == null) {
 384             LOG.error("getIpAddress: neutron port of {} is not found", neutronPortId);
 385             return null;
 386         }
 387         return neutronPort.getFixedIPs();
 388     }
 389
 390     @Override
 391     public List<Neutron_IPs> getVmListForSecurityGroup(String portUuid, String securityGroupUuid) {
 392         List<Neutron_IPs> vmListForSecurityGroup = new ArrayList<>();
 393         /*For every port check whether security grouplist contains the current
 394          * security group.*/
 395         try {
 396             for (String neutronPortUuid:neutronL3Adapter.getPortCleanupCache().keySet()) {
 397                 NeutronPort neutronPort = neutronL3Adapter.getPortCleanupCache().get(neutronPortUuid);
 398                 if (!neutronPort.getDeviceOwner().contains("compute")) {
 399                     LOG.debug("getVMListForSecurityGroup : the port {} is not "
 400                             + "compute port belongs to {}", neutronPort.getID(), neutronPort.getDeviceOwner());
 401                     continue;
 402                 }
 403                 if (portUuid.equals(neutronPort.getID())) {
 404                     continue;
 405                 }
 406                 List<NeutronSecurityGroup> securityGroups = neutronPort.getSecurityGroups();
 407                 if (null != securityGroups) {
 408                     for (NeutronSecurityGroup securityGroup:securityGroups) {
 409                         if (securityGroup.getSecurityGroupUUID().equals(securityGroupUuid)) {
 410                             LOG.debug("getVMListForSecurityGroup : adding ports with ips {} "
 411                                     + "compute port", neutronPort.getFixedIPs());
 412                             if (neutronPort.getFixedIPs() != null) {
 413                                 vmListForSecurityGroup.addAll(neutronPort.getFixedIPs());
 414                             }
 415                         }
 416                     }
 417                 }
 418
 419             }
 420         } catch (Exception e) {
 421             LOG.error("getVMListForSecurityGroup: getVMListForSecurityGroup"
 422                     + " failed due to ", e);
 423             return null;
 424         }
 425         return vmListForSecurityGroup;
 426
 427     }
 428
 429     @Override
 430     public void syncSecurityGroup(NeutronPort port, List<NeutronSecurityGroup> securityGroupList, boolean write) {
 431         LOG.trace("syncSecurityGroup:" + securityGroupList + " Write:" + write);
 432         if (null != port && null != port.getSecurityGroups()) {
 433             Node node = getNode(port);
 434             if (node == null) {
 435                 return;
 436             }
 437             NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
 438             if (null == neutronNetwork) {
 439                 neutronNetwork = neutronL3Adapter.getNetworkFromCleanupCache(port.getNetworkUUID());
 440             }
 441             if (neutronNetwork == null) {
 442                 return;
 443             }
 444             String segmentationId = neutronNetwork.getProviderSegmentationID();
 445             OvsdbTerminationPointAugmentation intf = getInterface(node, port);
 446             if (intf == null) {
 447                 return;
 448             }
 449             long localPort = southbound.getOFPort(intf);
 450             String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
 451             if (attachedMac == null) {
 452                 LOG.debug("programVlanRules: No AttachedMac seen in {}", intf);
 453                 return;
 454             }
 455             long dpid = getDpidOfIntegrationBridge(node);
 456             if (dpid == 0L) {
 457                 return;
 458             }
 459             String neutronPortId = southbound.getInterfaceExternalIdsValue(intf,
 460                                                                            Constants.EXTERNAL_ID_INTERFACE_ID);
 461             if (neutronPortId == null) {
 462                 LOG.debug("syncSecurityGroup: No neutronPortId seen in {}", intf);
 463                 return;
 464             }
 465             for (NeutronSecurityGroup securityGroupInPort:securityGroupList) {
 466                 ingressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
 467                                                           securityGroupInPort, neutronPortId, write);
 468                 egressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
 469                                                          securityGroupInPort, neutronPortId, write);
 470             }
 471         }
 472     }
 473
 474     @Override
 475     public void syncSecurityRule(NeutronPort port, NeutronSecurityRule securityRule,Neutron_IPs vmIp, boolean write) {
 476         LOG.trace("syncSecurityGroup:" + securityRule + " Write:" + write);
 477         if (null != port && null != port.getSecurityGroups()) {
 478             Node node = getNode(port);
 479             if (node == null) {
 480                 return;
 481             }
 482             NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
 483             if (null == neutronNetwork) {
 484                 neutronNetwork = neutronL3Adapter.getNetworkFromCleanupCache(port.getNetworkUUID());
 485             }
 486             if (neutronNetwork == null) {
 487                 return;
 488             }
 489             String segmentationId = neutronNetwork.getProviderSegmentationID();
 490             OvsdbTerminationPointAugmentation intf = getInterface(node, port);
 491             if (intf == null) {
 492                 return;
 493             }
 494             long localPort = southbound.getOFPort(intf);
 495             String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
 496             if (attachedMac == null) {
 497                 LOG.debug("programVlanRules: No AttachedMac seen in {}", intf);
 498                 return;
 499             }
 500             long dpid = getDpidOfIntegrationBridge(node);
 501             if (dpid == 0L) {
 502                 return;
 503             }
 504             if (NeutronSecurityRule.ETHERTYPE_IPV4.equals(securityRule.getSecurityRuleEthertype())) {
 505                 if (NeutronSecurityRule.DIRECTION_INGRESS.equals(securityRule.getSecurityRuleDirection())) {
 506                     ingressAclProvider.programPortSecurityRule(dpid, segmentationId, attachedMac, localPort,
 507                             securityRule, vmIp, write);
 508                 } else if (NeutronSecurityRule.DIRECTION_EGRESS.equals(securityRule.getSecurityRuleDirection())) {
 509                     egressAclProvider.programPortSecurityRule(dpid, segmentationId, attachedMac, localPort,
 510                             securityRule, vmIp, write);
 511                 }
 512             }
 513         }
 514     }
 515
 516     private long getDpidOfIntegrationBridge(Node node) {
 517         LOG.trace("getDpidOfIntegrationBridge:" + node);
 518         long dpid = 0L;
 519         if (southbound.getBridgeName(node).equals(configurationService.getIntegrationBridgeName())) {
 520             dpid = getDpid(node);
 521         }
 522         if (dpid == 0L) {
 523             LOG.warn("getDpidOfIntegerationBridge: dpid not found: {}", node);
 524         }
 525         return dpid;
 526     }
 527
 528     private long getDpid(Node node) {
 529         LOG.trace("getDpid" + node);
 530         long dpid = southbound.getDataPathId(node);
 531         if (dpid == 0) {
 532             LOG.warn("getDpid: dpid not found: {}", node);
 533         }
 534         return dpid;
 535     }
 536
 537     private Node getNode(NeutronPort port) {
 538         LOG.trace("getNode:Port" + port);
 539         List<Node> toplogyNodes = southbound.readOvsdbTopologyNodes();
 540
 541         for (Node topologyNode : toplogyNodes) {
 542             try {
 543                 Node node = southbound.getBridgeNode(topologyNode,Constants.INTEGRATION_BRIDGE);
 544                 List<OvsdbTerminationPointAugmentation> ovsdbPorts = southbound.getTerminationPointsOfBridge(node);
 545                 for (OvsdbTerminationPointAugmentation ovsdbPort : ovsdbPorts) {
 546                     String uuid = southbound.getInterfaceExternalIdsValue(ovsdbPort,
 547                                                             Constants.EXTERNAL_ID_INTERFACE_ID);
 548                     if (null != uuid && uuid.equals(port.getID())) {
 549                         return node;
 550                     }
 551                 }
 552             } catch (Exception e) {
 553                 LOG.error("Exception during handlingNeutron network delete", e);
 554             }
 555         }
 556         LOG.info("no node found for port:" + port);
 557         return null;
 558     }
 559
 560     private OvsdbTerminationPointAugmentation getInterface(Node node, NeutronPort port) {
 561         LOG.trace("getInterface:Node:" + node + " Port:" + port);
 562         try {
 563             List<OvsdbTerminationPointAugmentation> ovsdbPorts = southbound.getTerminationPointsOfBridge(node);
 564             for (OvsdbTerminationPointAugmentation ovsdbPort : ovsdbPorts) {
 565                 String uuid = southbound.getInterfaceExternalIdsValue(ovsdbPort,
 566                                                                       Constants.EXTERNAL_ID_INTERFACE_ID);
 567                 if (null != uuid && uuid.equals(port.getID())) {
 568                     return ovsdbPort;
 569                 }
 570             }
 571         } catch (Exception e) {
 572             LOG.error("Exception during handlingNeutron network delete", e);
 573         }
 574         LOG.info("no interface found for node: " + node + " port:" + port);
 575         return null;
 576     }
 577
 578     @Override
 579     public boolean isPortSecurityEnabled(OvsdbTerminationPointAugmentation intf) {
 580         NeutronPort neutronPort = getNeutronPortFromCache(intf);
 581         if (null == neutronPort) {
 582             LOG.error("Neutron Port is null: " + intf);
 583             return false;
 584         }
 585         if (neutronPort.getPortSecurityEnabled()) {
 586             LOG.info("Port Security is enabled for Port: " + neutronPort);
 587             return true;
 588         }
 589         LOG.info("Port Security is  not enabled for Port: " + neutronPort);
 590         return false;
 591     }
 592
 593     @Override
 594     public void setDependencies(ServiceReference serviceReference) {
 595         neutronL3Adapter =
 596                 (NeutronL3Adapter) ServiceHelper.getGlobalInstance(NeutronL3Adapter.class, this);
 597         southbound =
 598                 (Southbound) ServiceHelper.getGlobalInstance(Southbound.class, this);
 599         neutronNetworkCache =
 600                 (INeutronNetworkCRUD) ServiceHelper.getGlobalInstance(INeutronNetworkCRUD.class, this);
 601         configurationService =
 602                 (ConfigurationService) ServiceHelper.getGlobalInstance(ConfigurationService.class, this);
 603     }
 604
 605     @Override
 606     public void setDependencies(Object impl) {
 607         if (impl instanceof INeutronPortCRUD) {
 608             neutronPortCache = (INeutronPortCRUD)impl;
 609         } else if (impl instanceof INeutronSubnetCRUD) {
 610             neutronSubnetCache = (INeutronSubnetCRUD) impl;
 611         } else if (impl instanceof IngressAclProvider) {
 612             ingressAclProvider = (IngressAclProvider) impl;
 613         } else if (impl instanceof EgressAclProvider) {
 614             egressAclProvider = (EgressAclProvider) impl;
 615         }
 616     }
 617
 618     @Override
 619     public boolean isConntrackEnabled() {
 620         return isConntrackEnabled;
 621     }
 622 }