2 * Copyright (c) 2016 Red Hat, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netvirt.aclservice;
10 import java.math.BigInteger;
11 import java.util.ArrayList;
12 import java.util.Collection;
13 import java.util.Collections;
14 import java.util.HashSet;
15 import java.util.List;
17 import java.util.Map.Entry;
19 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
20 import org.opendaylight.genius.mdsalutil.ActionInfo;
21 import org.opendaylight.genius.mdsalutil.FlowEntity;
22 import org.opendaylight.genius.mdsalutil.InstructionInfo;
23 import org.opendaylight.genius.mdsalutil.MDSALUtil;
24 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
25 import org.opendaylight.genius.mdsalutil.NwConstants;
26 import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
27 import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
28 import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
29 import org.opendaylight.infrautils.jobcoordinator.JobCoordinator;
30 import org.opendaylight.netvirt.aclservice.api.AclInterfaceCache;
31 import org.opendaylight.netvirt.aclservice.api.AclServiceListener;
32 import org.opendaylight.netvirt.aclservice.api.AclServiceManager.Action;
33 import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
34 import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
35 import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
36 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl;
37 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.AccessListEntries;
38 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
39 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeBase;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeEgress;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
44 import org.slf4j.Logger;
45 import org.slf4j.LoggerFactory;
47 public abstract class AbstractAclServiceImpl implements AclServiceListener {
49 private static final Logger LOG = LoggerFactory.getLogger(AbstractAclServiceImpl.class);
51 protected final IMdsalApiManager mdsalManager;
52 protected final DataBroker dataBroker;
53 protected final Class<? extends ServiceModeBase> serviceMode;
54 protected final AclDataUtil aclDataUtil;
55 protected final AclServiceUtils aclServiceUtils;
56 protected final JobCoordinator jobCoordinator;
57 protected final AclInterfaceCache aclInterfaceCache;
60 * Initialize the member variables.
62 public AbstractAclServiceImpl(Class<? extends ServiceModeBase> serviceMode, DataBroker dataBroker,
63 IMdsalApiManager mdsalManager, AclDataUtil aclDataUtil, AclServiceUtils aclServiceUtils,
64 JobCoordinator jobCoordinator, AclInterfaceCache aclInterfaceCache) {
65 this.dataBroker = dataBroker;
66 this.mdsalManager = mdsalManager;
67 this.serviceMode = serviceMode;
68 this.aclDataUtil = aclDataUtil;
69 this.aclServiceUtils = aclServiceUtils;
70 this.jobCoordinator = jobCoordinator;
71 this.aclInterfaceCache = aclInterfaceCache;
75 public boolean applyAcl(AclInterface port) {
77 LOG.error("port cannot be null");
80 if (port.getSecurityGroups() == null) {
81 LOG.info("Port {} without SGs", port.getInterfaceId());
84 BigInteger dpId = port.getDpId();
85 if (dpId == null || port.getLPortTag() == null) {
86 LOG.error("Unable to find DpId from ACL interface with id {}", port.getInterfaceId());
89 LOG.debug("Applying ACL on port {} with DpId {}", port, dpId);
90 programAclWithAllowedAddress(port, port.getAllowedAddressPairs(), Action.ADD, NwConstants.ADD_FLOW);
91 updateRemoteAclFilterTable(port, NwConstants.ADD_FLOW);
96 public boolean bindAcl(AclInterface port) {
97 if (port == null || port.getSecurityGroups() == null) {
98 LOG.error("Port and port security groups cannot be null for binding ACL service, port={}", port);
102 if (port.getDpId() != null) {
103 updateRemoteAclFilterTable(port, NwConstants.ADD_FLOW);
109 public boolean unbindAcl(AclInterface port) {
111 LOG.error("Port cannot be null for unbinding ACL service");
115 updateRemoteAclFilterTable(port, NwConstants.DEL_FLOW);
120 public boolean updateAcl(AclInterface portBefore, AclInterface portAfter) {
121 // this check is to avoid situations of port update coming before interface state is up
122 if (portAfter.getDpId() == null || portAfter.getLPortTag() == null) {
123 LOG.debug("Unable to find DpId from ACL interface with id {} and lport {}", portAfter.getInterfaceId(),
124 portAfter.getLPortTag());
127 boolean result = true;
128 boolean isPortSecurityEnable = portAfter.isPortSecurityEnabled();
129 boolean isPortSecurityEnableBefore = portBefore.isPortSecurityEnabled();
130 // if port security is changed, apply/remove Acls
131 if (isPortSecurityEnableBefore != isPortSecurityEnable) {
132 LOG.debug("On ACL update, Port security is {} for {}", isPortSecurityEnable ? "Enabled" :
133 "Disabled", portAfter.getInterfaceId());
134 if (isPortSecurityEnable) {
135 result = applyAcl(portAfter);
137 result = removeAcl(portBefore);
139 } else if (isPortSecurityEnable) {
140 // Acls has been updated, find added/removed Acls and act accordingly.
141 processInterfaceUpdate(portBefore, portAfter);
142 LOG.debug("On ACL update, ACL has been updated for {}", portAfter.getInterfaceId());
148 private void processInterfaceUpdate(AclInterface portBefore, AclInterface portAfter) {
149 BigInteger dpId = portAfter.getDpId();
150 List<AllowedAddressPairs> addedAllowedAddressPairs =
151 AclServiceUtils.getUpdatedAllowedAddressPairs(portAfter.getAllowedAddressPairs(),
152 portBefore.getAllowedAddressPairs());
153 List<AllowedAddressPairs> deletedAllowedAddressPairs =
154 AclServiceUtils.getUpdatedAllowedAddressPairs(portBefore.getAllowedAddressPairs(),
155 portAfter.getAllowedAddressPairs());
156 if (deletedAllowedAddressPairs != null && !deletedAllowedAddressPairs.isEmpty()) {
157 programAclWithAllowedAddress(portAfter, deletedAllowedAddressPairs, Action.UPDATE, NwConstants.DEL_FLOW);
159 if (addedAllowedAddressPairs != null && !addedAllowedAddressPairs.isEmpty()) {
160 programAclWithAllowedAddress(portAfter, addedAllowedAddressPairs, Action.UPDATE, NwConstants.ADD_FLOW);
162 updateArpForAllowedAddressPairs(dpId, portAfter.getLPortTag(), deletedAllowedAddressPairs,
163 portAfter.getAllowedAddressPairs());
164 if (portAfter.getSubnetIpPrefixes() != null && portBefore.getSubnetIpPrefixes() == null) {
165 programBroadcastRules(portAfter, NwConstants.ADD_FLOW);
168 updateAclInterfaceInCache(portBefore);
169 // Have to delete and add all rules because there can be following scenario: Interface1 with SG1, Interface2
170 // with SG2 (which has ACE with remote SG1). Now When we add SG3 to Interface1, the rule for Interface2 which
171 // match the IP of Interface1 will not be installed (but it have to be because Interface1 has more than one SG).
172 // So we need to remove all rules and install them from 0, and we cannot handle only the delta.
173 updateCustomRules(portBefore, portBefore.getSecurityGroups(), NwConstants.MOD_FLOW,
174 portAfter.getAllowedAddressPairs());
175 updateRemoteAclFilterTable(portBefore, NwConstants.DEL_FLOW);
177 updateAclInterfaceInCache(portAfter);
179 updateCustomRules(portAfter, portAfter.getSecurityGroups(), NwConstants.ADD_FLOW,
180 portAfter.getAllowedAddressPairs());
181 updateRemoteAclFilterTable(portAfter, NwConstants.ADD_FLOW);
184 private void updateAclInterfaceInCache(AclInterface aclInterfaceNew) {
185 aclDataUtil.addOrUpdateAclInterfaceMap(aclInterfaceNew.getSecurityGroups(), aclInterfaceNew);
188 private void updateCustomRules(AclInterface port, List<Uuid> aclUuidList, int action,
189 List<AllowedAddressPairs> syncAllowedAddresses) {
190 programAclRules(port, aclUuidList, action);
191 syncRemoteAclRules(aclUuidList, action, port.getInterfaceId(), syncAllowedAddresses);
194 private void syncRemoteAclRules(List<Uuid> aclUuidList, int action, String currentPortId,
195 List<AllowedAddressPairs> syncAllowedAddresses) {
196 if (aclUuidList == null) {
197 LOG.warn("security groups are null");
201 for (Uuid remoteAclId : aclUuidList) {
202 Map<String, Set<AclInterface>> mapAclWithPortSet = aclDataUtil.getRemoteAclInterfaces(remoteAclId);
203 if (mapAclWithPortSet == null) {
206 for (Entry<String, Set<AclInterface>> entry : mapAclWithPortSet.entrySet()) {
207 String aclName = entry.getKey();
208 for (AclInterface port : entry.getValue()) {
209 if (currentPortId.equals(port.getInterfaceId())
210 || port.getSecurityGroups() != null && port.getSecurityGroups().size() == 1) {
213 List<Ace> remoteAceList = AclServiceUtils.getAceWithRemoteAclId(dataBroker, port, remoteAclId);
214 for (Ace ace : remoteAceList) {
215 programAceRule(port, action, aclName, ace, syncAllowedAddresses);
222 private void programAclWithAllowedAddress(AclInterface port, List<AllowedAddressPairs> allowedAddresses,
223 Action action, int addOrRemove) {
224 BigInteger dpId = port.getDpId();
225 int lportTag = port.getLPortTag();
226 LOG.debug("Applying ACL Allowed Address on DpId {}, lportTag {}, Action {}", dpId, lportTag, action);
227 List<Uuid> aclUuidList = port.getSecurityGroups();
228 String portId = port.getInterfaceId();
229 programGeneralFixedRules(port, "", allowedAddresses, action, addOrRemove);
230 programSpecificFixedRules(dpId, "", allowedAddresses, lportTag, portId, action, addOrRemove);
231 if (action == Action.ADD || action == Action.REMOVE) {
232 programAclRules(port, aclUuidList, addOrRemove);
234 syncRemoteAclRules(aclUuidList, addOrRemove, portId, allowedAddresses);
239 public boolean removeAcl(AclInterface port) {
240 BigInteger dpId = port.getDpId();
242 LOG.error("Unable to find DP Id from ACL interface with id {}", port.getInterfaceId());
245 programAclWithAllowedAddress(port, port.getAllowedAddressPairs(), Action.REMOVE, NwConstants.DEL_FLOW);
246 updateRemoteAclFilterTable(port, NwConstants.DEL_FLOW, true);
251 public boolean applyAce(AclInterface port, String aclName, Ace ace) {
252 if (!port.isPortSecurityEnabled() || port.getDpId() == null) {
255 programAceRule(port, NwConstants.ADD_FLOW, aclName, ace, null);
256 updateRemoteAclFilterTable(port, NwConstants.ADD_FLOW);
261 public boolean removeAce(AclInterface port, String aclName, Ace ace) {
262 if (!port.isPortSecurityEnabled() || port.getDpId() == null) {
265 programAceRule(port, NwConstants.MOD_FLOW, aclName, ace, null);
266 updateRemoteAclFilterTable(port, NwConstants.DEL_FLOW);
273 * @param aclInterface the acl interface
275 public abstract void bindService(AclInterface aclInterface);
280 * @param aclInterface the acl interface
282 protected abstract void unbindService(AclInterface aclInterface);
285 * Program the default anti-spoofing rules.
287 * @param port the acl interface
288 * @param dhcpMacAddress the dhcp mac address.
289 * @param allowedAddresses the allowed addresses
290 * @param action add/modify/remove action
291 * @param addOrRemove addorRemove
293 protected abstract void programGeneralFixedRules(AclInterface port, String dhcpMacAddress,
294 List<AllowedAddressPairs> allowedAddresses, Action action, int addOrRemove);
297 * Update arp for allowed address pairs.
299 * @param dpId the dp id
300 * @param lportTag the lport tag
301 * @param deletedAAP the deleted allowed address pairs
302 * @param addedAAP the added allowed address pairs
304 protected abstract void updateArpForAllowedAddressPairs(BigInteger dpId, int lportTag,
305 List<AllowedAddressPairs> deletedAAP, List<AllowedAddressPairs> addedAAP);
308 * Program the default specific rules.
310 * @param dpid the dpid
311 * @param dhcpMacAddress the dhcp mac address.
312 * @param allowedAddresses the allowed addresses
313 * @param lportTag the lport tag
314 * @param portId the port id
315 * @param action add/modify/remove action
316 * @param addOrRemove addorRemove
318 protected abstract void programSpecificFixedRules(BigInteger dpid, String dhcpMacAddress,
319 List<AllowedAddressPairs> allowedAddresses, int lportTag, String portId, Action action, int addOrRemove);
322 * Programs the acl custom rules.
324 * @param port acl interface
325 * @param aclUuidList the list of acl uuid to be applied
326 * @param addOrRemove whether to delete or add flow
327 * @return program succeeded
329 protected abstract boolean programAclRules(AclInterface port, List<Uuid> aclUuidList, int addOrRemove);
332 * Programs the ace custom rule.
334 * @param port acl interface
335 * @param addOrRemove whether to delete or add flow
336 * @param aclName the acl name
337 * @param ace rule to be program
338 * @param syncAllowedAddresses the allowed addresses
340 protected abstract void programAceRule(AclInterface port, int addOrRemove, String aclName, Ace ace,
341 List<AllowedAddressPairs> syncAllowedAddresses);
344 * Programs broadcast rules.
346 * @param port the Acl Interface port
347 * @param addOrRemove whether to delete or add flow
349 protected abstract void programBroadcastRules(AclInterface port, int addOrRemove);
352 * Writes/remove the flow to/from the datastore.
371 * the list of matches to be writted
372 * @param instructions
373 * the list of instruction to be written.
375 * add or remove the entries.
377 protected void syncFlow(BigInteger dpId, short tableId, String flowId, int priority, String flowName,
378 int idleTimeOut, int hardTimeOut, BigInteger cookie, List<? extends MatchInfoBase> matches,
379 List<InstructionInfo> instructions, int addOrRemove) {
380 jobCoordinator.enqueueJob(flowName, () -> {
381 if (addOrRemove == NwConstants.DEL_FLOW) {
382 FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, tableId, flowId, priority, flowName,
383 idleTimeOut, hardTimeOut, cookie, matches, null);
384 LOG.trace("Removing Acl Flow DpnId {}, flowId {}", dpId, flowId);
386 return Collections.singletonList(mdsalManager.removeFlow(dpId, flowEntity));
389 FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, tableId, flowId, priority, flowName,
390 idleTimeOut, hardTimeOut, cookie, matches, instructions);
391 LOG.trace("Installing DpnId {}, flowId {}", dpId, flowId);
392 return Collections.singletonList(mdsalManager.installFlow(dpId, flowEntity));
398 * Gets the dispatcher table resubmit instructions based on ingress/egress service mode w.r.t switch.
400 * @param actionsInfos
402 * @return the instructions for dispatcher table resubmit
404 protected List<InstructionInfo> getDispatcherTableResubmitInstructions(List<ActionInfo> actionsInfos) {
405 short dispatcherTableId = NwConstants.LPORT_DISPATCHER_TABLE;
406 if (ServiceModeEgress.class.equals(this.serviceMode)) {
407 dispatcherTableId = NwConstants.EGRESS_LPORT_DISPATCHER_TABLE;
410 List<InstructionInfo> instructions = new ArrayList<>();
411 actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
412 instructions.add(new InstructionApplyActions(actionsInfos));
416 private void updateRemoteAclFilterTable(AclInterface port, int addOrRemove) {
417 updateRemoteAclFilterTable(port, addOrRemove, false);
420 private void updateRemoteAclFilterTable(AclInterface port, int addOrRemove, boolean isAclDeleted) {
421 if (port.getSecurityGroups() == null) {
422 LOG.debug("Port {} without SGs", port.getInterfaceId());
426 if (AclServiceUtils.exactlyOneAcl(port)) {
427 Uuid acl = port.getSecurityGroups().get(0);
428 BigInteger aclId = aclServiceUtils.buildAclId(acl);
429 if (aclDataUtil.getRemoteAcl(acl) != null) {
430 Map<String, Set<AclInterface>> mapAclWithPortSet = aclDataUtil.getRemoteAclInterfaces(acl);
431 Set<BigInteger> dpns = collectDpns(mapAclWithPortSet);
433 for (AllowedAddressPairs ip : port.getAllowedAddressPairs()) {
434 if (!AclServiceUtils.isNotIpv4AllNetwork(ip)) {
437 for (BigInteger dpId : dpns) {
438 updateRemoteAclTableForPort(port, acl, addOrRemove, ip, aclId, dpId);
441 syncRemoteAclTableFromOtherDpns(port, acl, aclId, addOrRemove);
443 LOG.debug("Port {} with more than one SG ({}). Don't change ACL filter table", port.getInterfaceId(),
444 port.getSecurityGroups().size());
446 } else if (port.getSecurityGroups() != null && port.getSecurityGroups().size() > 1) {
447 updateRemoteAclTableForMultipleAcls(port, addOrRemove, port.getInterfaceId());
449 syncRemoteAclTable(port, addOrRemove, port.getInterfaceId(), isAclDeleted);
452 private void syncRemoteAclTableFromOtherDpns(AclInterface port, Uuid acl, BigInteger aclId, int addOrRemove) {
453 Collection<AclInterface> aclInterfaces = aclDataUtil.getInterfaceList(acl);
454 BigInteger dpId = port.getDpId();
455 boolean isFirstPortInDpn = true;
456 if (aclInterfaces != null) {
457 for (AclInterface aclInterface : aclInterfaces) {
458 if (port.getInterfaceId().equals(aclInterface.getInterfaceId())) {
461 if (dpId.equals(aclInterface.getDpId())) {
462 isFirstPortInDpn = false;
466 if (isFirstPortInDpn) {
467 for (AclInterface aclInterface : aclInterfaces) {
468 if (port.getInterfaceId().equals(aclInterface.getInterfaceId())) {
471 for (AllowedAddressPairs ip : aclInterface.getAllowedAddressPairs()) {
472 updateRemoteAclTableForPort(aclInterface, acl, addOrRemove, ip, aclId, port.getDpId());
479 private void syncRemoteAclTable(AclInterface port, int addOrRemove, String ignorePort, boolean isAclDeleted) {
480 for (Uuid aclUuid : port.getSecurityGroups()) {
481 if (aclDataUtil.getRemoteAcl(aclUuid) == null) {
484 Collection<AclInterface> aclInterfaces = aclDataUtil.getInterfaceList(aclUuid);
485 if (aclInterfaces != null) {
486 for (AclInterface aclInterface : aclInterfaces) {
487 if (aclInterface.getInterfaceId().equals(port.getInterfaceId())
488 || AclServiceUtils.exactlyOneAcl(aclInterface)) {
491 boolean allMultipleAcls = true;
492 List<Uuid> remoteInterfaceRemoteAcls = aclInterface.getSecurityGroups();
493 if (remoteInterfaceRemoteAcls != null) {
494 for (Uuid remoteInterfaceRemoteAcl : remoteInterfaceRemoteAcls) {
495 if (aclDataUtil.getRemoteAcl(remoteInterfaceRemoteAcl) == null) {
498 Collection<AclInterface> aclInterfaces2 =
499 aclDataUtil.getInterfaceList(remoteInterfaceRemoteAcl);
500 if (aclInterfaces2 != null) {
501 for (AclInterface aclInterface2 : aclInterfaces2) {
502 if (aclInterface2.getInterfaceId().equals(aclInterface.getInterfaceId())) {
505 if (aclInterface2.getSecurityGroups().size() == 1) {
506 allMultipleAcls = false;
513 int addRremove = allMultipleAcls ? NwConstants.DEL_FLOW : NwConstants.ADD_FLOW;
514 addRremove = isAclDeleted ? NwConstants.DEL_FLOW : addRremove;
515 for (AllowedAddressPairs ip : aclInterface.getAllowedAddressPairs()) {
516 if (!AclServiceUtils.isNotIpv4AllNetwork(ip)) {
519 updateRemoteAclTableForPort(aclInterface, aclUuid, addRremove, ip,
520 aclServiceUtils.buildAclId(aclUuid), aclInterface.getDpId());
527 private void updateRemoteAclTableForMultipleAcls(AclInterface port, int addOrRemove, String ignorePort) {
528 for (Uuid aclUuid : port.getSecurityGroups()) {
529 if (aclDataUtil.getRemoteAcl(aclUuid) == null) {
532 Acl acl = AclServiceUtils.getAcl(dataBroker, aclUuid.getValue());
534 LOG.debug("The ACL {} is empty", aclUuid);
538 Map<String, Set<AclInterface>> mapAclWithPortSet = aclDataUtil.getRemoteAclInterfaces(aclUuid);
539 Set<BigInteger> dpns = collectDpns(mapAclWithPortSet);
541 AccessListEntries accessListEntries = acl.getAccessListEntries();
542 List<Ace> aceList = accessListEntries.getAce();
543 for (Ace ace : aceList) {
544 SecurityRuleAttr aceAttr = AclServiceUtils.getAccesssListAttributes(ace);
545 if (aceAttr.getRemoteGroupId() == null) {
548 Collection<AclInterface> interfaceList = aclDataUtil.getInterfaceList(aceAttr.getRemoteGroupId());
549 if (interfaceList == null) {
553 for (AclInterface inter : interfaceList) {
554 if (ignorePort.equals(inter.getInterfaceId())) {
557 if (inter.getSecurityGroups() != null && inter.getSecurityGroups().size() == 1) {
558 BigInteger aclId = aclServiceUtils.buildAclId(aceAttr.getRemoteGroupId());
559 for (AllowedAddressPairs ip : port.getAllowedAddressPairs()) {
560 if (!AclServiceUtils.isNotIpv4AllNetwork(ip)) {
563 for (BigInteger dpnId : dpns) {
564 updateRemoteAclTableForPort(port, aceAttr.getRemoteGroupId(), addOrRemove, ip, aclId,
568 syncRemoteAclTableFromOtherDpns(port, aclUuid, aclId, addOrRemove);
575 protected abstract void updateRemoteAclTableForPort(AclInterface port, Uuid acl, int addOrRemove,
576 AllowedAddressPairs ip, BigInteger aclId, BigInteger dpId);
578 protected String getOperAsString(int flowOper) {
581 case NwConstants.ADD_FLOW:
584 case NwConstants.DEL_FLOW:
587 case NwConstants.MOD_FLOW:
596 protected Set<BigInteger> collectDpns(Map<String, Set<AclInterface>> mapAclWithPortSet) {
597 Set<BigInteger> dpns = new HashSet<>();
598 if (mapAclWithPortSet == null) {
601 for (Set<AclInterface> innerSet : mapAclWithPortSet.values()) {
602 if (innerSet == null) {
605 for (AclInterface inter : innerSet) {
606 dpns.add(inter.getDpId());
613 * Gets the priority of acl flow which is to be either removed or added.
620 * add or remove the entries.
621 * @return the acl flow priority
623 protected int getAclFlowPriority(String poolName, String flowName, int addOrRemove) {
625 if (addOrRemove == NwConstants.DEL_FLOW || addOrRemove == NwConstants.MOD_FLOW) {
626 priority = aclServiceUtils.releaseAndRemoveFlowPriorityFromCache(poolName, flowName);
628 priority = aclServiceUtils.allocateAndSaveFlowPriorityInCache(poolName, flowName);
633 protected Long getElanIdFromAclInterface(String elanInterfaceName) {
634 AclInterface aclInterface = aclInterfaceCache.get(elanInterfaceName);
635 if (null != aclInterface) {
636 return aclInterface.getElanId();