2 * Copyright © 2016, 2017 Red Hat, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.netvirt.aclservice.utils;
11 import com.google.common.base.Optional;
13 import java.math.BigInteger;
14 import java.util.ArrayList;
15 import java.util.HashMap;
16 import java.util.Iterator;
17 import java.util.List;
19 import java.util.concurrent.ExecutionException;
20 import java.util.concurrent.Future;
22 import javax.inject.Inject;
23 import javax.inject.Singleton;
25 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
26 import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
27 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
28 import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException;
29 import org.opendaylight.genius.mdsalutil.MDSALUtil;
30 import org.opendaylight.genius.mdsalutil.MatchInfo;
31 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
32 import org.opendaylight.genius.mdsalutil.MetaDataUtil;
33 import org.opendaylight.genius.mdsalutil.NxMatchFieldType;
34 import org.opendaylight.genius.mdsalutil.NxMatchInfo;
35 import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
36 import org.opendaylight.genius.mdsalutil.matches.MatchIcmpv6;
37 import org.opendaylight.genius.mdsalutil.matches.MatchIpProtocol;
38 import org.opendaylight.genius.mdsalutil.matches.MatchIpv4Destination;
39 import org.opendaylight.genius.mdsalutil.matches.MatchIpv4Source;
40 import org.opendaylight.genius.mdsalutil.matches.MatchIpv6Destination;
41 import org.opendaylight.genius.mdsalutil.matches.MatchIpv6Source;
42 import org.opendaylight.genius.mdsalutil.matches.MatchMetadata;
43 import org.opendaylight.genius.mdsalutil.matches.MatchUdpDestinationPort;
44 import org.opendaylight.genius.mdsalutil.matches.MatchUdpSourcePort;
45 import org.opendaylight.netvirt.aclservice.api.AclServiceManager.MatchCriteria;
46 import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
47 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.AccessLists;
48 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.Ipv4Acl;
49 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl;
50 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.AclKey;
51 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
52 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress;
53 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
54 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
55 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesState;
56 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
57 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey;
58 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.AllocateIdInput;
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.AllocateIdInputBuilder;
62 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.AllocateIdOutput;
63 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.IdManagerService;
64 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.ReleaseIdInput;
65 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.ReleaseIdInputBuilder;
66 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceInput;
67 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceInputBuilder;
68 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceOutput;
69 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService;
70 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceBindings;
71 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeBase;
72 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceTypeFlowBased;
73 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.StypeOpenflow;
74 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.StypeOpenflowBuilder;
75 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.ServicesInfo;
76 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.ServicesInfoKey;
77 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices;
78 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServicesBuilder;
79 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServicesKey;
80 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
81 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.config.rev160806.AclserviceConfig;
82 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl;
83 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
84 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
85 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
86 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.ElanInstances;
87 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.ElanInterfaces;
88 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.instances.ElanInstance;
89 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.instances.ElanInstanceKey;
90 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.interfaces.ElanInterface;
91 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.interfaces.ElanInterfaceKey;
92 import org.opendaylight.yangtools.yang.binding.DataObject;
93 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
94 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier.InstanceIdentifierBuilder;
95 import org.opendaylight.yangtools.yang.common.RpcResult;
96 import org.slf4j.Logger;
97 import org.slf4j.LoggerFactory;
100 @SuppressWarnings("deprecation")
101 public final class AclServiceUtils {
103 private static final Logger LOG = LoggerFactory.getLogger(AclServiceUtils.class);
105 private final AclDataUtil aclDataUtil;
106 private final AclserviceConfig config;
109 public AclServiceUtils(AclDataUtil aclDataUtil, AclserviceConfig config) {
111 this.aclDataUtil = aclDataUtil;
112 this.config = config;
116 * Retrieves the Interface from the datastore.
117 * @param broker the data broker
118 * @param interfaceName the interface name
119 * @return the interface.
121 public static Optional<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces
122 .Interface> getInterface(DataBroker broker, String interfaceName) {
123 return read(broker, LogicalDatastoreType.CONFIGURATION, getInterfaceIdentifier(interfaceName));
127 * Builds the interface identifier.
128 * @param interfaceName the interface name.
129 * @return the interface identifier.
131 public static InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
132 .interfaces.Interface> getInterfaceIdentifier(String interfaceName) {
133 return InstanceIdentifier.builder(Interfaces.class)
135 org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces
136 .Interface.class, new InterfaceKey(interfaceName)).build();
140 * Retrieves the object from the datastore.
141 * @param broker the data broker.
142 * @param datastoreType the data store type.
143 * @param path the wild card path.
144 * @param <T> type of DataObject
145 * @return the required object.
147 public static <T extends DataObject> Optional<T> read(
148 DataBroker broker, LogicalDatastoreType datastoreType, InstanceIdentifier<T> path) {
149 try (ReadOnlyTransaction tx = broker.newReadOnlyTransaction()) {
150 return tx.read(datastoreType, path).checkedGet();
151 } catch (ReadFailedException e) {
152 LOG.warn("Failed to read InstanceIdentifier {} from {}", path, datastoreType, e);
153 return Optional.absent();
158 * Retrieves the acl matching the key from the data store.
160 * @param broker the data broker
161 * @param aclKey the acl key
164 public static Acl getAcl(DataBroker broker, String aclKey) {
165 return read(broker, LogicalDatastoreType.CONFIGURATION, getAclInstanceIdentifier(aclKey)).orNull();
168 /** Creates the Acl instance identifier.
170 * @param aclKey the acl key
171 * @return the instance identifier
173 public static InstanceIdentifier<Acl> getAclInstanceIdentifier(String aclKey) {
174 return InstanceIdentifier
175 .builder(AccessLists.class)
177 new AclKey(aclKey,Ipv4Acl.class))
182 * Get the data path number for the interface.
183 * @param interfaceManagerRpcService interfaceManagerRpcService instance.
184 * @param ifName the interface name.
187 public static BigInteger getDpnForInterface(OdlInterfaceRpcService interfaceManagerRpcService, String ifName) {
188 BigInteger nodeId = BigInteger.ZERO;
190 GetDpidFromInterfaceInput dpIdInput =
191 new GetDpidFromInterfaceInputBuilder().setIntfName(ifName).build();
192 Future<RpcResult<GetDpidFromInterfaceOutput>> dpIdOutput =
193 interfaceManagerRpcService.getDpidFromInterface(dpIdInput);
194 RpcResult<GetDpidFromInterfaceOutput> dpIdResult = dpIdOutput.get();
195 if (dpIdResult.isSuccessful()) {
196 nodeId = dpIdResult.getResult().getDpid();
198 LOG.error("Could not retrieve DPN Id for interface {}", ifName);
200 } catch (NullPointerException | InterruptedException | ExecutionException e) {
201 LOG.error("Exception when getting dpn for interface {}", ifName, e);
207 * Retrieves the interface state.
208 * @param dataBroker the data broker.
209 * @param interfaceName the interface name.
210 * @return the interface state.
212 public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state
213 .Interface getInterfaceStateFromOperDS(DataBroker dataBroker, String interfaceName) {
214 InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
215 .interfaces.state.Interface> ifStateId = buildStateInterfaceId(interfaceName);
216 return MDSALUtil.read(LogicalDatastoreType.OPERATIONAL, ifStateId, dataBroker).orNull();
220 * Build the interface state.
221 * @param interfaceName the interface name.
222 * @return the interface state.
224 public static InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
225 .interfaces.state.Interface> buildStateInterfaceId(String interfaceName) {
226 InstanceIdentifierBuilder<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
227 .interfaces.state.Interface> idBuilder = InstanceIdentifier.builder(InterfacesState.class)
228 .child(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces
229 .state.Interface.class, new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces
230 .rev140508.interfaces.state.InterfaceKey(interfaceName));
231 return idBuilder.build();
235 * Checks whether port security is enabled for the port.
236 * @param port the port.
237 * @return the port security is enabled/not.
239 public static boolean isPortSecurityEnabled(AclInterface port) {
240 return port.isPortSecurityEnabled();
244 * Checks whether port security is enabled for the port.
245 * @param port the port.
246 * @return the list of security groups.
248 public static List<Uuid> getInterfaceAcls(Interface port) {
250 LOG.error("Port is Null");
253 InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class);
254 if (aclInPort == null) {
255 LOG.error("getSecurityGroupInPortList: no security group associated}",
259 return aclInPort.getSecurityGroups();
263 * Retrieves the security rule attribute augmentation from the access list.
264 * @param ace the access list entry
265 * @return the security rule attributes
267 public static SecurityRuleAttr getAccesssListAttributes(Ace ace) {
269 LOG.error("Ace is Null");
272 SecurityRuleAttr aceAttributes = ace.getAugmentation(SecurityRuleAttr.class);
273 if (aceAttributes == null) {
274 LOG.error("Ace is null");
277 return aceAttributes;
281 * Returns the DHCP match.
283 * @param srcPort the source port.
284 * @param dstPort the destination port.
285 * @param lportTag the lport tag
286 * @return list of matches.
288 public static List<MatchInfoBase> buildDhcpMatches(int srcPort, int dstPort, int lportTag) {
289 List<MatchInfoBase> matches = new ArrayList<>(6);
290 matches.add(MatchEthernetType.IPV4);
291 matches.add(MatchIpProtocol.UDP);
292 matches.add(new MatchUdpDestinationPort(dstPort));
293 matches.add(new MatchUdpSourcePort(srcPort));
294 matches.add(AclServiceUtils.buildLPortTagMatch(lportTag));
299 * Returns the DHCPv6 match.
301 * @param srcPort the source port.
302 * @param dstPort the destination port.
303 * @param lportTag the lport tag
304 * @return list of matches.
306 public static List<MatchInfoBase> buildDhcpV6Matches(int srcPort, int dstPort, int lportTag) {
307 List<MatchInfoBase> matches = new ArrayList<>(6);
308 matches.add(MatchEthernetType.IPV6);
309 matches.add(MatchIpProtocol.UDP);
310 matches.add(new MatchUdpDestinationPort(dstPort));
311 matches.add(new MatchUdpSourcePort(srcPort));
312 matches.add(AclServiceUtils.buildLPortTagMatch(lportTag));
317 * Returns the ICMPv6 match.
319 * @param icmpType the icmpv6-type.
320 * @param icmpCode the icmpv6-code.
321 * @param lportTag the lport tag
322 * @return list of matches.
324 public static List<MatchInfoBase> buildIcmpV6Matches(int icmpType, int icmpCode, int lportTag) {
325 List<MatchInfoBase> matches = new ArrayList<>(6);
326 matches.add(MatchEthernetType.IPV6);
327 matches.add(MatchIpProtocol.ICMPV6);
329 matches.add(new MatchIcmpv6((short) icmpType, (short) icmpCode));
331 matches.add(AclServiceUtils.buildLPortTagMatch(lportTag));
336 * Builds the service id.
338 * @param interfaceName the interface name
339 * @param serviceIndex the service index
340 * @param serviceMode the service mode
341 * @return the instance identifier
343 public static InstanceIdentifier<BoundServices> buildServiceId(String interfaceName, short serviceIndex,
344 Class<? extends ServiceModeBase> serviceMode) {
345 return InstanceIdentifier.builder(ServiceBindings.class)
346 .child(ServicesInfo.class, new ServicesInfoKey(interfaceName, serviceMode))
347 .child(BoundServices.class, new BoundServicesKey(serviceIndex)).build();
351 * Gets the bound services.
353 * @param serviceName the service name
354 * @param servicePriority the service priority
355 * @param flowPriority the flow priority
356 * @param cookie the cookie
357 * @param instructions the instructions
358 * @return the bound services
360 public static BoundServices getBoundServices(String serviceName, short servicePriority, int flowPriority,
361 BigInteger cookie, List<Instruction> instructions) {
362 StypeOpenflowBuilder augBuilder = new StypeOpenflowBuilder().setFlowCookie(cookie).setFlowPriority(flowPriority)
363 .setInstruction(instructions);
364 return new BoundServicesBuilder().setKey(new BoundServicesKey(servicePriority)).setServiceName(serviceName)
365 .setServicePriority(servicePriority).setServiceType(ServiceTypeFlowBased.class)
366 .addAugmentation(StypeOpenflow.class, augBuilder.build()).build();
369 public static List<Uuid> getUpdatedAclList(List<Uuid> updatedAclList, List<Uuid> currentAclList) {
370 if (updatedAclList == null) {
373 List<Uuid> newAclList = new ArrayList<>(updatedAclList);
374 if (currentAclList == null) {
377 List<Uuid> origAclList = new ArrayList<>(currentAclList);
378 for (Iterator<Uuid> iterator = newAclList.iterator(); iterator.hasNext();) {
379 Uuid updatedAclUuid = iterator.next();
380 for (Uuid currentAclUuid :origAclList) {
381 if (updatedAclUuid.getValue().equals(currentAclUuid.getValue())) {
389 public static List<AllowedAddressPairs> getUpdatedAllowedAddressPairs(
390 List<AllowedAddressPairs> updatedAllowedAddressPairs,
391 List<AllowedAddressPairs> currentAllowedAddressPairs) {
392 if (updatedAllowedAddressPairs == null) {
395 List<AllowedAddressPairs> newAllowedAddressPairs = new ArrayList<>(updatedAllowedAddressPairs);
396 if (currentAllowedAddressPairs == null) {
397 return newAllowedAddressPairs;
399 List<AllowedAddressPairs> origAllowedAddressPairs = new ArrayList<>(currentAllowedAddressPairs);
400 for (Iterator<AllowedAddressPairs> iterator = newAllowedAddressPairs.iterator(); iterator.hasNext();) {
401 AllowedAddressPairs updatedAllowedAddressPair = iterator.next();
402 for (AllowedAddressPairs currentAllowedAddressPair : origAllowedAddressPairs) {
403 if (updatedAllowedAddressPair.getKey().equals(currentAllowedAddressPair.getKey())) {
409 return newAllowedAddressPairs;
412 public static List<AllowedAddressPairs> getPortAllowedAddresses(Interface port) {
414 LOG.error("Port is Null");
417 InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class);
418 if (aclInPort == null) {
419 LOG.error("getSecurityGroupInPortList: no security group associated to Interface port: {}", port.getName());
422 return aclInPort.getAllowedAddressPairs();
425 public static BigInteger getDpIdFromIterfaceState(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf
426 .interfaces.rev140508.interfaces.state.Interface interfaceState) {
427 BigInteger dpId = null;
428 List<String> ofportIds = interfaceState.getLowerLayerIf();
429 if (ofportIds != null && !ofportIds.isEmpty()) {
430 NodeConnectorId nodeConnectorId = new NodeConnectorId(ofportIds.get(0));
431 dpId = BigInteger.valueOf(MDSALUtil.getDpnIdFromPortName(nodeConnectorId));
437 * Builds the ip matches.
439 * @param ipPrefixOrAddress the ip prefix or address
440 * @param matchCriteria the source_ip or destination_ip used for the match
443 public static List<MatchInfoBase> buildIpMatches(IpPrefixOrAddress ipPrefixOrAddress,
444 MatchCriteria matchCriteria) {
445 List<MatchInfoBase> flowMatches = new ArrayList<>();
446 IpPrefix ipPrefix = ipPrefixOrAddress.getIpPrefix();
447 if (ipPrefix != null) {
448 if (ipPrefix.getIpv4Prefix() != null) {
449 flowMatches.add(MatchEthernetType.IPV4);
450 flowMatches.add(matchCriteria == MatchCriteria.MATCH_SOURCE ? new MatchIpv4Source(
451 ipPrefix.getIpv4Prefix()) : new MatchIpv4Destination(ipPrefix.getIpv4Prefix()));
453 flowMatches.add(MatchEthernetType.IPV6);
454 flowMatches.add(matchCriteria == MatchCriteria.MATCH_SOURCE ? new MatchIpv6Source(
455 ipPrefix.getIpv6Prefix()) : new MatchIpv6Destination(ipPrefix.getIpv6Prefix()));
458 IpAddress ipAddress = ipPrefixOrAddress.getIpAddress();
459 if (ipAddress.getIpv4Address() != null) {
460 flowMatches.add(MatchEthernetType.IPV4);
461 flowMatches.add(matchCriteria == MatchCriteria.MATCH_SOURCE ? new MatchIpv4Source(
462 ipAddress.getIpv4Address().getValue(), "32") : new MatchIpv4Destination(
463 ipAddress.getIpv4Address().getValue(), "32"));
465 flowMatches.add(MatchEthernetType.IPV6);
466 flowMatches.add(matchCriteria == MatchCriteria.MATCH_SOURCE ? new MatchIpv6Source(
467 ipAddress.getIpv6Address().getValue() + "/128") : new MatchIpv6Destination(
468 ipAddress.getIpv6Address().getValue() + "/128"));
475 * Gets the lport tag match.
477 * @param lportTag the lport tag
478 * @return the lport tag match
480 public static MatchInfo buildLPortTagMatch(int lportTag) {
481 return new MatchMetadata(MetaDataUtil.getLportTagMetaData(lportTag), MetaDataUtil.METADATA_MASK_LPORT_TAG);
484 public static List<Ace> getAceWithRemoteAclId(DataBroker dataBroker, AclInterface port, Uuid remoteAcl) {
485 List<Ace> remoteAclRuleList = new ArrayList<>();
486 List<Uuid> aclList = port.getSecurityGroups();
487 for (Uuid aclId : aclList) {
488 Acl acl = getAcl(dataBroker, aclId.getValue());
489 List<Ace> aceList = acl.getAccessListEntries().getAce();
490 for (Ace ace : aceList) {
491 Uuid tempRemoteAcl = getAccesssListAttributes(ace).getRemoteGroupId();
492 if (tempRemoteAcl != null && tempRemoteAcl.equals(remoteAcl)) {
493 remoteAclRuleList.add(ace);
497 return remoteAclRuleList;
500 public Map<String, List<MatchInfoBase>> getFlowForRemoteAcl(Uuid remoteAclId, String ignoreInterfaceId,
501 Map<String, List<MatchInfoBase>>
502 flowMatchesMap, boolean
503 isSourceIpMacMatch) {
504 List<AclInterface> interfaceList = aclDataUtil.getInterfaceList(remoteAclId);
505 if (flowMatchesMap == null || interfaceList == null || interfaceList.isEmpty()) {
508 Map<String, List<MatchInfoBase>> updatedFlowMatchesMap = new HashMap<>();
509 MatchInfoBase ipv4Match = MatchEthernetType.IPV4;
510 MatchInfoBase ipv6Match = MatchEthernetType.IPV6;
511 for (String flowName : flowMatchesMap.keySet()) {
512 List<MatchInfoBase> flows = flowMatchesMap.get(flowName);
513 for (AclInterface port : interfaceList) {
514 if (port.getInterfaceId().equals(ignoreInterfaceId)) {
517 //get allow address pair
518 List<AllowedAddressPairs> allowedAddressPair = port.getAllowedAddressPairs();
519 // iterate over allow address pair and update match type
520 for (AllowedAddressPairs aap : allowedAddressPair) {
521 List<MatchInfoBase> matchInfoBaseList;
523 if (flows.contains(ipv4Match) && isIPv4Address(aap)) {
524 matchInfoBaseList = updateAAPMatches(isSourceIpMacMatch, flows, aap);
525 flowId = flowName + "_ipv4_remoteACL_interface_aap_" + aap.getKey();
526 updatedFlowMatchesMap.put(flowId, matchInfoBaseList);
527 } else if (flows.contains(ipv6Match) && !isIPv4Address(aap)) {
528 matchInfoBaseList = updateAAPMatches(isSourceIpMacMatch, flows, aap);
529 flowId = flowName + "_ipv6_remoteACL_interface_aap_" + aap.getKey();
530 updatedFlowMatchesMap.put(flowId, matchInfoBaseList);
537 return updatedFlowMatchesMap;
540 public AclserviceConfig getConfig() {
544 private static boolean isIPv4Address(AllowedAddressPairs aap) {
545 IpPrefixOrAddress ipPrefixOrAddress = aap.getIpAddress();
546 IpPrefix ipPrefix = ipPrefixOrAddress.getIpPrefix();
547 if (ipPrefix != null) {
548 if (ipPrefix.getIpv4Prefix() != null) {
552 IpAddress ipAddress = ipPrefixOrAddress.getIpAddress();
553 if (ipAddress.getIpv4Address() != null) {
560 public static Map<String, List<MatchInfoBase>> getFlowForAllowedAddresses(List<AllowedAddressPairs>
561 syncAllowedAddresses,
562 Map<String, List<MatchInfoBase>>
563 flowMatchesMap, boolean
564 isSourceIpMacMatch) {
565 if (flowMatchesMap == null) {
568 Map<String, List<MatchInfoBase>> updatedFlowMatchesMap = new HashMap<>();
569 MatchInfoBase ipv4Match = MatchEthernetType.IPV4;
570 MatchInfoBase ipv6Match = MatchEthernetType.IPV6;
571 for (String flowName : flowMatchesMap.keySet()) {
572 List<MatchInfoBase> flows = flowMatchesMap.get(flowName);
573 // iterate over allow address pair and update match type
574 for (AllowedAddressPairs aap : syncAllowedAddresses) {
575 List<MatchInfoBase> matchInfoBaseList;
577 if (flows.contains(ipv4Match) && isIPv4Address(aap)) {
578 matchInfoBaseList = updateAAPMatches(isSourceIpMacMatch, flows, aap);
579 flowId = flowName + "_ipv4_remoteACL_interface_aap_" + aap.getKey();
580 updatedFlowMatchesMap.put(flowId, matchInfoBaseList);
581 } else if (flows.contains(ipv6Match) && !isIPv4Address(aap)) {
582 matchInfoBaseList = updateAAPMatches(isSourceIpMacMatch, flows, aap);
583 flowId = flowName + "_ipv6_remoteACL_interface_aap_" + aap.getKey();
584 updatedFlowMatchesMap.put(flowId, matchInfoBaseList);
589 return updatedFlowMatchesMap;
592 public static Long getElanIdFromInterface(String elanInterfaceName,DataBroker broker) {
593 ElanInterface elanInterface = getElanInterfaceByElanInterfaceName(elanInterfaceName, broker);
594 if (null != elanInterface) {
595 ElanInstance elanInfo = getElanInstanceByName(elanInterface.getElanInstanceName(), broker);
596 return elanInfo.getElanTag();
601 public static ElanInterface getElanInterfaceByElanInterfaceName(String elanInterfaceName,DataBroker broker) {
602 InstanceIdentifier<ElanInterface> elanInterfaceId = getElanInterfaceConfigurationDataPathId(elanInterfaceName);
603 return read(broker, LogicalDatastoreType.CONFIGURATION, elanInterfaceId).orNull();
606 public static InstanceIdentifier<ElanInterface> getElanInterfaceConfigurationDataPathId(String interfaceName) {
607 return InstanceIdentifier.builder(ElanInterfaces.class)
608 .child(ElanInterface.class, new ElanInterfaceKey(interfaceName)).build();
611 // elan-instances config container
612 public static ElanInstance getElanInstanceByName(String elanInstanceName, DataBroker broker) {
613 InstanceIdentifier<ElanInstance> elanIdentifierId = getElanInstanceConfigurationDataPath(elanInstanceName);
614 return read(broker, LogicalDatastoreType.CONFIGURATION, elanIdentifierId).orNull();
617 public static InstanceIdentifier<ElanInstance> getElanInstanceConfigurationDataPath(String elanInstanceName) {
618 return InstanceIdentifier.builder(ElanInstances.class)
619 .child(ElanInstance.class, new ElanInstanceKey(elanInstanceName)).build();
622 private static List<MatchInfoBase> updateAAPMatches(boolean isSourceIpMacMatch, List<MatchInfoBase> flows,
623 AllowedAddressPairs aap) {
624 List<MatchInfoBase> matchInfoBaseList;
625 if (isSourceIpMacMatch) {
626 matchInfoBaseList = AclServiceUtils.buildIpMatches(aap.getIpAddress(), MatchCriteria.MATCH_SOURCE);
628 matchInfoBaseList = AclServiceUtils.buildIpMatches(aap.getIpAddress(), MatchCriteria.MATCH_DESTINATION);
630 matchInfoBaseList.addAll(flows);
631 return matchInfoBaseList;
634 public static MatchInfoBase getMatchInfoByType(List<MatchInfoBase> flows, NxMatchFieldType type) {
635 for (MatchInfoBase mib : flows) {
636 if (mib instanceof NxMatchInfo) {
637 if (((NxMatchInfo)mib).getMatchField() == type) {
645 public static boolean containsMatchFieldType(List<MatchInfoBase> flows, NxMatchFieldType type) {
646 MatchInfoBase mib = getMatchInfoByType(flows, type);
653 public static boolean containsTcpMatchField(List<MatchInfoBase> flows) {
654 return flows.contains(MatchIpProtocol.TCP);
657 public static boolean containsUdpMatchField(List<MatchInfoBase> flows) {
658 return flows.contains(MatchIpProtocol.UDP);
661 public static Integer allocateId(IdManagerService idManager, String poolName, String idKey) {
662 AllocateIdInput getIdInput = new AllocateIdInputBuilder().setPoolName(poolName).setIdKey(idKey).build();
664 Future<RpcResult<AllocateIdOutput>> result = idManager.allocateId(getIdInput);
665 RpcResult<AllocateIdOutput> rpcResult = result.get();
666 if (rpcResult.isSuccessful()) {
667 return rpcResult.getResult().getIdValue().intValue();
669 LOG.warn("RPC Call to Get Unique Id returned with Errors {}", rpcResult.getErrors());
671 } catch (InterruptedException | ExecutionException e) {
672 LOG.warn("Exception when getting Unique Id", e);
674 return AclConstants.PROTO_MATCH_PRIORITY;
677 public static void releaseId(IdManagerService idManager, String poolName, String idKey) {
678 ReleaseIdInput idInput = new ReleaseIdInputBuilder().setPoolName(poolName).setIdKey(idKey).build();
680 Future<RpcResult<Void>> result = idManager.releaseId(idInput);
681 RpcResult<Void> rpcResult = result.get();
682 if (!rpcResult.isSuccessful()) {
683 LOG.warn("RPC Call to release Id {} with Key {} returned with Errors {}", idKey, rpcResult.getErrors());
685 } catch (InterruptedException | ExecutionException e) {
686 LOG.warn("Exception when releasing Id for key {}", idKey, e);
691 * Indicates whether the interface has port security enabled.
692 * @param aclInterface the interface.
693 * @return true if port is security enabled.
695 public static boolean isOfInterest(AclInterface aclInterface) {
696 return aclInterface != null && aclInterface.getPortSecurityEnabled() != null
697 && aclInterface.isPortSecurityEnabled();