2 * Copyright (c) 2016 Red Hat, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.netvirt.aclservice.utils;
11 import com.google.common.base.Optional;
12 import java.math.BigInteger;
13 import java.util.ArrayList;
14 import java.util.Iterator;
15 import java.util.List;
16 import java.util.concurrent.ExecutionException;
17 import java.util.concurrent.Future;
18 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
19 import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
20 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
21 import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException;
22 import org.opendaylight.genius.mdsalutil.MDSALUtil;
23 import org.opendaylight.genius.mdsalutil.MatchFieldType;
24 import org.opendaylight.genius.mdsalutil.MatchInfo;
25 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
26 import org.opendaylight.genius.mdsalutil.MetaDataUtil;
27 import org.opendaylight.genius.mdsalutil.NwConstants;
28 import org.opendaylight.genius.mdsalutil.packet.IPProtocols;
29 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.AccessLists;
30 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.Ipv4Acl;
31 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl;
32 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.AclKey;
33 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
34 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress;
35 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
36 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
37 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesState;
38 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
39 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey;
40 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceInput;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceInputBuilder;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceOutput;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceBindings;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeBase;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceTypeFlowBased;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.StypeOpenflow;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.StypeOpenflowBuilder;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.ServicesInfo;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.ServicesInfoKey;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServicesBuilder;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServicesKey;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
61 import org.opendaylight.yangtools.yang.binding.DataObject;
62 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
63 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier.InstanceIdentifierBuilder;
64 import org.opendaylight.yangtools.yang.common.RpcResult;
65 import org.slf4j.Logger;
66 import org.slf4j.LoggerFactory;
68 public class AclServiceUtils {
70 private static final Logger LOG = LoggerFactory.getLogger(AclServiceUtils.class);
72 private AclServiceUtils() { }
75 * Retrieves the Interface from the datastore.
76 * @param broker the data broker
77 * @param interfaceName the interface name
78 * @return the interface.
80 public static Optional<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces
81 .Interface> getInterface(DataBroker broker, String interfaceName) {
82 return read(broker, LogicalDatastoreType.CONFIGURATION, getInterfaceIdentifier(interfaceName));
86 * Builds the interface identifier.
87 * @param interfaceName the interface name.
88 * @return the interface identifier.
90 public static InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
91 .interfaces.Interface> getInterfaceIdentifier(String interfaceName) {
92 return InstanceIdentifier.builder(Interfaces.class)
94 org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces
95 .Interface.class, new InterfaceKey(interfaceName)).build();
99 * Retrieves the object from the datastore.
100 * @param broker the data broker.
101 * @param datastoreType the data store type.
102 * @param path the wild card path.
103 * @return the required object.
105 public static <T extends DataObject> Optional<T> read(
106 DataBroker broker, LogicalDatastoreType datastoreType, InstanceIdentifier<T> path) {
108 Optional<T> result = Optional.absent();
109 ReadOnlyTransaction tx = broker.newReadOnlyTransaction();
111 result = tx.read(datastoreType, path).checkedGet();
112 } catch (ReadFailedException e) {
113 LOG.warn("Failed to read InstanceIdentifier {} from {}", path, datastoreType, e);
121 * Retrieves the acl matching the key from the data store.
123 * @param broker the data broker
124 * @param aclKey the acl key
127 public static Acl getAcl(DataBroker broker, String aclKey) {
128 Optional<Acl> optAcl = read(broker,
129 LogicalDatastoreType.CONFIGURATION, getAclInstanceIdentifier(aclKey));
130 if (optAcl.isPresent()) {
136 /** Creates the Acl instance identifier.
138 * @param aclKey the acl key
139 * @return the instance identifier
141 public static InstanceIdentifier<Acl> getAclInstanceIdentifier(String aclKey) {
142 return InstanceIdentifier
143 .builder(AccessLists.class)
145 new AclKey(aclKey,Ipv4Acl.class))
150 * Get the data path number for the interface.
151 * @param interfaceManagerRpcService interfaceManagerRpcService instance.
152 * @param ifName the interface name.
155 public static BigInteger getDpnForInterface(OdlInterfaceRpcService interfaceManagerRpcService, String ifName) {
156 BigInteger nodeId = BigInteger.ZERO;
158 GetDpidFromInterfaceInput dpIdInput =
159 new GetDpidFromInterfaceInputBuilder().setIntfName(ifName).build();
160 Future<RpcResult<GetDpidFromInterfaceOutput>> dpIdOutput =
161 interfaceManagerRpcService.getDpidFromInterface(dpIdInput);
162 RpcResult<GetDpidFromInterfaceOutput> dpIdResult = dpIdOutput.get();
163 if (dpIdResult.isSuccessful()) {
164 nodeId = dpIdResult.getResult().getDpid();
166 LOG.error("Could not retrieve DPN Id for interface {}", ifName);
168 } catch (NullPointerException | InterruptedException | ExecutionException e) {
169 LOG.error("Exception when getting dpn for interface {}", ifName, e);
175 * Retrieves the interface state.
176 * @param dataBroker the data broker.
177 * @param interfaceName the interface name.
178 * @return the interface state.
180 public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state
181 .Interface getInterfaceStateFromOperDS(DataBroker dataBroker, String interfaceName) {
182 InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
183 .interfaces.state.Interface> ifStateId = buildStateInterfaceId(interfaceName);
184 Optional<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
185 .interfaces.state.Interface> ifStateOptional = MDSALUtil.read(LogicalDatastoreType
186 .OPERATIONAL, ifStateId, dataBroker);
187 if (!ifStateOptional.isPresent()) {
191 return ifStateOptional.get();
195 * Build the interface state.
196 * @param interfaceName the interface name.
197 * @return the interface state.
199 public static InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
200 .interfaces.state.Interface> buildStateInterfaceId(String interfaceName) {
201 InstanceIdentifierBuilder<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
202 .interfaces.state.Interface> idBuilder = InstanceIdentifier.builder(InterfacesState.class)
203 .child(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces
204 .state.Interface.class, new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces
205 .rev140508.interfaces.state.InterfaceKey(interfaceName));
206 return idBuilder.build();
210 * Checks whether port security is enabled for the port.
211 * @param port the port.
212 * @return the port security is enabled/not.
214 public static boolean isPortSecurityEnabled(Interface port) {
216 LOG.error("Port is Null");
219 InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class);
220 if (aclInPort == null) {
221 LOG.error("getSecurityGroupInPortList: no security group associated to Interface port: {}", port.getName());
224 return aclInPort.isPortSecurityEnabled();
228 * Checks whether port security is enabled for the port.
229 * @param port the port.
230 * @return the list of security groups.
232 public static List<Uuid> getInterfaceAcls(Interface port) {
234 LOG.error("Port is Null");
237 InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class);
238 if (aclInPort == null) {
239 LOG.error("getSecurityGroupInPortList: no security group associated}",
243 return aclInPort.getSecurityGroups();
247 * Retrieves the security rule attribute augmentation from the access list.
248 * @param ace the access list entry
249 * @return the security rule attributes
251 public static SecurityRuleAttr getAccesssListAttributes(Ace ace) {
253 LOG.error("Ace is Null");
256 SecurityRuleAttr aceAttributes = ace.getAugmentation(SecurityRuleAttr.class);
257 if (aceAttributes == null) {
258 LOG.error("Ace is null");
261 return aceAttributes;
265 * Returns the DHCP match.
266 * @param srcPort the source port.
267 * @param dscPort the destination port.
268 * @return list of matches.
270 public static List<MatchInfoBase> programDhcpMatches(int srcPort, int dscPort) {
271 List<MatchInfoBase> matches = new ArrayList<>();
272 matches.add(new MatchInfo(MatchFieldType.eth_type,
273 new long[] { NwConstants.ETHTYPE_IPV4 }));
274 matches.add(new MatchInfo(MatchFieldType.ip_proto,
275 new long[] { IPProtocols.UDP.intValue() }));
276 matches.add(new MatchInfo(MatchFieldType.udp_dst,
277 new long[] { srcPort }));
278 matches.add(new MatchInfo(MatchFieldType.udp_src,
279 new long[] { dscPort}));
284 * Builds the service id.
286 * @param interfaceName the interface name
287 * @param serviceIndex the service index
288 * @param serviceMode the service mode
289 * @return the instance identifier
291 public static InstanceIdentifier<BoundServices> buildServiceId(String interfaceName, short serviceIndex,
292 Class<? extends ServiceModeBase> serviceMode) {
293 return InstanceIdentifier.builder(ServiceBindings.class)
294 .child(ServicesInfo.class, new ServicesInfoKey(interfaceName, serviceMode))
295 .child(BoundServices.class, new BoundServicesKey(serviceIndex)).build();
299 * Gets the bound services.
301 * @param serviceName the service name
302 * @param servicePriority the service priority
303 * @param flowPriority the flow priority
304 * @param cookie the cookie
305 * @param instructions the instructions
306 * @return the bound services
308 public static BoundServices getBoundServices(String serviceName, short servicePriority, int flowPriority,
309 BigInteger cookie, List<Instruction> instructions) {
310 StypeOpenflowBuilder augBuilder = new StypeOpenflowBuilder().setFlowCookie(cookie).setFlowPriority(flowPriority)
311 .setInstruction(instructions);
312 return new BoundServicesBuilder().setKey(new BoundServicesKey(servicePriority)).setServiceName(serviceName)
313 .setServicePriority(servicePriority).setServiceType(ServiceTypeFlowBased.class)
314 .addAugmentation(StypeOpenflow.class, augBuilder.build()).build();
317 public static List<Uuid> getUpdatedAclList(Interface updatedPort, Interface currentPort) {
318 if (updatedPort == null) {
321 List<Uuid> updatedAclList = new ArrayList<>(AclServiceUtils.getInterfaceAcls(updatedPort));
322 if (currentPort == null) {
323 return updatedAclList;
325 List<Uuid> currentAclList = new ArrayList<>(AclServiceUtils.getInterfaceAcls(currentPort));
326 for (Iterator<Uuid> iterator = updatedAclList.iterator(); iterator.hasNext();) {
327 Uuid updatedAclUuid = iterator.next();
328 for (Uuid currentAclUuid :currentAclList) {
329 if (updatedAclUuid.getValue().equals(currentAclUuid.getValue())) {
334 return updatedAclList;
337 public static List<AllowedAddressPairs> getUpdatedAllowedAddressPairs(Interface updatedPort,
338 Interface currentPort) {
339 if (updatedPort == null) {
342 List<AllowedAddressPairs> updatedAllowedAddressPairs =
343 new ArrayList<>(AclServiceUtils.getPortAllowedAddresses(updatedPort));
344 if (currentPort == null) {
345 return updatedAllowedAddressPairs;
347 List<AllowedAddressPairs> currentAllowedAddressPairs =
348 new ArrayList<>(AclServiceUtils.getPortAllowedAddresses(currentPort));
349 for (Iterator<AllowedAddressPairs> iterator = updatedAllowedAddressPairs.iterator(); iterator.hasNext();) {
350 AllowedAddressPairs updatedAllowedAddressPair = iterator.next();
351 for (AllowedAddressPairs currentAllowedAddressPair : currentAllowedAddressPairs) {
352 if (updatedAllowedAddressPair.getKey().equals(currentAllowedAddressPair.getKey())) {
358 return updatedAllowedAddressPairs;
361 public static List<AllowedAddressPairs> getPortAllowedAddresses(Interface port) {
363 LOG.error("Port is Null");
366 InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class);
367 if (aclInPort == null) {
368 LOG.error("getSecurityGroupInPortList: no security group associated to Interface port: {}", port.getName());
371 return aclInPort.getAllowedAddressPairs();
374 public static BigInteger getDpIdFromIterfaceState(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf
375 .interfaces.rev140508.interfaces.state.Interface interfaceState) {
376 BigInteger dpId = null;
377 String interfaceName = interfaceState.getName();
378 List<String> ofportIds = interfaceState.getLowerLayerIf();
379 if (ofportIds != null && !ofportIds.isEmpty()) {
380 NodeConnectorId nodeConnectorId = new NodeConnectorId(ofportIds.get(0));
381 dpId = BigInteger.valueOf(MDSALUtil.getDpnIdFromPortName(nodeConnectorId));
386 public static List<MatchInfoBase> getAllowedIpMatches(IpPrefixOrAddress allowedIp, MatchFieldType ipv4MatchType) {
387 List<MatchInfoBase> flowMatches = new ArrayList<>();
388 flowMatches.add(new MatchInfo(MatchFieldType.eth_type, new long[] { NwConstants.ETHTYPE_IPV4 }));
389 IpPrefix ipPrefix = allowedIp.getIpPrefix();
390 if (ipPrefix != null) {
391 if (ipPrefix.getIpv4Prefix().getValue() != null) {
392 String[] ipaddressValues = ipPrefix.getIpv4Prefix().getValue().split("/");
393 flowMatches.add(new MatchInfo(ipv4MatchType, new String[] {ipaddressValues[0], ipaddressValues[1]}));
398 IpAddress ipAddress = allowedIp.getIpAddress();
399 if (ipAddress.getIpv4Address() != null) {
400 flowMatches.add(new MatchInfo(ipv4MatchType,
401 new String[] {ipAddress.getIpv4Address().getValue(), "32"}));
409 public static List<MatchInfo> getLPortTagMatches(int lportTag) {
410 List<MatchInfo> mkMatches = new ArrayList<MatchInfo>();
412 mkMatches.add(new MatchInfo(MatchFieldType.metadata, new BigInteger[] {
413 MetaDataUtil.getLportTagMetaData(lportTag),
414 MetaDataUtil.METADATA_MASK_LPORT_TAG }));
415 mkMatches.add(new MatchInfo(MatchFieldType.tunnel_id, new BigInteger[] {BigInteger.valueOf(lportTag)}));