Code Review / netvirt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "Add blueprint wiring for ipv6service"
[netvirt.git] / vpnservice / aclservice / impl / src / main / java / org / opendaylight / netvirt / aclservice / utils / AclServiceUtils.java
1 /*
2  * Copyright (c) 2016 Red Hat, Inc. and others. All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8
9 package org.opendaylight.netvirt.aclservice.utils;
10
11 import com.google.common.base.Optional;
12 import java.math.BigInteger;
13 import java.util.ArrayList;
14 import java.util.HashMap;
15 import java.util.Iterator;
16 import java.util.List;
17 import java.util.Map;
18 import java.util.concurrent.ExecutionException;
19 import java.util.concurrent.Future;
20 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
21 import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
22 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
23 import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException;
24 import org.opendaylight.genius.mdsalutil.MDSALUtil;
25 import org.opendaylight.genius.mdsalutil.MatchFieldType;
26 import org.opendaylight.genius.mdsalutil.MatchInfo;
27 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
28 import org.opendaylight.genius.mdsalutil.MetaDataUtil;
29 import org.opendaylight.genius.mdsalutil.NwConstants;
30 import org.opendaylight.genius.mdsalutil.packet.IPProtocols;
31 import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
32 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.AccessLists;
33 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.Ipv4Acl;
34 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl;
35 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.AclKey;
36 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
37 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress;
38 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
39 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
40 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesState;
41 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
42 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey;
43 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceInput;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceInputBuilder;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceOutput;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceBindings;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeBase;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceTypeFlowBased;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.StypeOpenflow;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.StypeOpenflowBuilder;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.ServicesInfo;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.ServicesInfoKey;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServicesBuilder;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServicesKey;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl;
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
62 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
63 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
64 import org.opendaylight.yangtools.yang.binding.DataObject;
65 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
66 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier.InstanceIdentifierBuilder;
67 import org.opendaylight.yangtools.yang.common.RpcResult;
68 import org.slf4j.Logger;
69 import org.slf4j.LoggerFactory;
70
71 public final class AclServiceUtils {
72
73     private static final Logger LOG = LoggerFactory.getLogger(AclServiceUtils.class);
74
75     private AclServiceUtils() { }
76
77     /**
78      * Retrieves the Interface from the datastore.
79      * @param broker the data broker
80      * @param interfaceName the interface name
81      * @return the interface.
82      */
83     public static Optional<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces
84         .Interface> getInterface(DataBroker broker, String interfaceName) {
85         return read(broker, LogicalDatastoreType.CONFIGURATION, getInterfaceIdentifier(interfaceName));
86     }
87
88     /**
89      * Builds the interface identifier.
90      * @param interfaceName the interface name.
91      * @return the interface identifier.
92      */
93     public static InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
94         .interfaces.Interface> getInterfaceIdentifier(String interfaceName) {
95         return InstanceIdentifier.builder(Interfaces.class)
96                 .child(
97                     org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces
98                     .Interface.class, new InterfaceKey(interfaceName)).build();
99     }
100
101     /**
102      * Retrieves the object from the datastore.
103      * @param broker the data broker.
104      * @param datastoreType the data store type.
105      * @param path the wild card path.
106      * @return the required object.
107      */
108     public static <T extends DataObject> Optional<T> read(
109             DataBroker broker, LogicalDatastoreType datastoreType, InstanceIdentifier<T> path) {
110
111         Optional<T> result = Optional.absent();
112         ReadOnlyTransaction tx = broker.newReadOnlyTransaction();
113         try {
114             result = tx.read(datastoreType, path).checkedGet();
115         } catch (ReadFailedException e) {
116             LOG.warn("Failed to read InstanceIdentifier {} from {}", path, datastoreType, e);
117         } finally {
118             tx.close();
119         }
120         return result;
121     }
122
123     /**
124      * Retrieves the acl matching the key from the data store.
125      *
126      * @param broker the data broker
127      * @param aclKey the acl key
128      * @return the acl
129      */
130     public static Acl getAcl(DataBroker broker, String aclKey) {
131         Optional<Acl> optAcl = read(broker,
132             LogicalDatastoreType.CONFIGURATION, getAclInstanceIdentifier(aclKey));
133         if (optAcl.isPresent()) {
134             return optAcl.get();
135         }
136         return null;
137     }
138
139     /** Creates the Acl instance identifier.
140      *
141      * @param aclKey the acl key
142      * @return the instance identifier
143      */
144     public static InstanceIdentifier<Acl> getAclInstanceIdentifier(String aclKey) {
145         return InstanceIdentifier
146                 .builder(AccessLists.class)
147                 .child(Acl.class,
148                         new AclKey(aclKey,Ipv4Acl.class))
149                 .build();
150     }
151
152     /**
153      * Get the data path number for the interface.
154      * @param interfaceManagerRpcService interfaceManagerRpcService instance.
155      * @param ifName the interface name.
156      * @return the dpn.
157      */
158     public static BigInteger getDpnForInterface(OdlInterfaceRpcService interfaceManagerRpcService, String ifName) {
159         BigInteger nodeId = BigInteger.ZERO;
160         try {
161             GetDpidFromInterfaceInput dpIdInput =
162                     new GetDpidFromInterfaceInputBuilder().setIntfName(ifName).build();
163             Future<RpcResult<GetDpidFromInterfaceOutput>> dpIdOutput =
164                     interfaceManagerRpcService.getDpidFromInterface(dpIdInput);
165             RpcResult<GetDpidFromInterfaceOutput> dpIdResult = dpIdOutput.get();
166             if (dpIdResult.isSuccessful()) {
167                 nodeId = dpIdResult.getResult().getDpid();
168             } else {
169                 LOG.error("Could not retrieve DPN Id for interface {}", ifName);
170             }
171         } catch (NullPointerException | InterruptedException | ExecutionException e) {
172             LOG.error("Exception when getting dpn for interface {}", ifName,  e);
173         }
174         return nodeId;
175     }
176
177     /**
178      * Retrieves the interface state.
179      * @param dataBroker the data broker.
180      * @param interfaceName the interface name.
181      * @return the interface state.
182      */
183     public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state
184         .Interface getInterfaceStateFromOperDS(DataBroker dataBroker, String interfaceName) {
185         InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
186             .interfaces.state.Interface> ifStateId = buildStateInterfaceId(interfaceName);
187         Optional<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
188             .interfaces.state.Interface> ifStateOptional = MDSALUtil.read(LogicalDatastoreType
189                 .OPERATIONAL, ifStateId, dataBroker);
190         if (!ifStateOptional.isPresent()) {
191             return null;
192         }
193
194         return ifStateOptional.get();
195     }
196
197     /**
198      * Build the interface state.
199      * @param interfaceName the interface name.
200      * @return the interface state.
201      */
202     public static InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
203         .interfaces.state.Interface> buildStateInterfaceId(String interfaceName) {
204         InstanceIdentifierBuilder<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
205             .interfaces.state.Interface> idBuilder = InstanceIdentifier.builder(InterfacesState.class)
206             .child(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces
207             .state.Interface.class, new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces
208             .rev140508.interfaces.state.InterfaceKey(interfaceName));
209         return idBuilder.build();
210     }
211
212     /**
213      * Checks whether port security is enabled for the port.
214      * @param port the port.
215      * @return the port security is enabled/not.
216      */
217     public static boolean isPortSecurityEnabled(AclInterface port) {
218         return port.isPortSecurityEnabled();
219     }
220
221     /**
222      * Checks whether port security is enabled for the port.
223      * @param port the port.
224      * @return the list of security groups.
225      */
226     public static List<Uuid> getInterfaceAcls(Interface port) {
227         if (port == null) {
228             LOG.error("Port is Null");
229             return null;
230         }
231         InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class);
232         if (aclInPort == null) {
233             LOG.error("getSecurityGroupInPortList: no security group associated}",
234                 port.getName());
235             return null;
236         }
237         return aclInPort.getSecurityGroups();
238     }
239
240     /**
241      * Retrieves the security rule attribute augmentation from the access list.
242      * @param ace the access list entry
243      * @return the security rule attributes
244      */
245     public static SecurityRuleAttr  getAccesssListAttributes(Ace ace) {
246         if (ace == null) {
247             LOG.error("Ace is Null");
248             return null;
249         }
250         SecurityRuleAttr aceAttributes = ace.getAugmentation(SecurityRuleAttr.class);
251         if (aceAttributes == null) {
252             LOG.error("Ace is null");
253             return null;
254         }
255         return aceAttributes;
256     }
257
258     /**
259      * Returns the DHCP match.
260      *
261      * @param srcPort the source port.
262      * @param dstPort the destination port.
263      * @param lportTag the lport tag
264      * @return list of matches.
265      */
266     public static List<MatchInfoBase> buildDhcpMatches(int srcPort, int dstPort, int lportTag) {
267         List<MatchInfoBase> matches = new ArrayList<>(6);
268         matches.add(new MatchInfo(MatchFieldType.eth_type,
269                 new long[] { NwConstants.ETHTYPE_IPV4 }));
270         matches.add(new MatchInfo(MatchFieldType.ip_proto,
271                 new long[] { IPProtocols.UDP.intValue() }));
272         matches.add(new MatchInfo(MatchFieldType.udp_dst,
273                 new long[] { dstPort }));
274         matches.add(new MatchInfo(MatchFieldType.udp_src,
275                 new long[] { srcPort}));
276         matches.add(AclServiceUtils.buildLPortTagMatch(lportTag));
277         return matches;
278     }
279
280     /**
281      * Builds the service id.
282      *
283      * @param interfaceName the interface name
284      * @param serviceIndex the service index
285      * @param serviceMode the service mode
286      * @return the instance identifier
287      */
288     public static InstanceIdentifier<BoundServices> buildServiceId(String interfaceName, short serviceIndex,
289             Class<? extends ServiceModeBase> serviceMode) {
290         return InstanceIdentifier.builder(ServiceBindings.class)
291                 .child(ServicesInfo.class, new ServicesInfoKey(interfaceName, serviceMode))
292                 .child(BoundServices.class, new BoundServicesKey(serviceIndex)).build();
293     }
294
295     /**
296      * Gets the bound services.
297      *
298      * @param serviceName the service name
299      * @param servicePriority the service priority
300      * @param flowPriority the flow priority
301      * @param cookie the cookie
302      * @param instructions the instructions
303      * @return the bound services
304      */
305     public static BoundServices getBoundServices(String serviceName, short servicePriority, int flowPriority,
306             BigInteger cookie, List<Instruction> instructions) {
307         StypeOpenflowBuilder augBuilder = new StypeOpenflowBuilder().setFlowCookie(cookie).setFlowPriority(flowPriority)
308                 .setInstruction(instructions);
309         return new BoundServicesBuilder().setKey(new BoundServicesKey(servicePriority)).setServiceName(serviceName)
310                 .setServicePriority(servicePriority).setServiceType(ServiceTypeFlowBased.class)
311                 .addAugmentation(StypeOpenflow.class, augBuilder.build()).build();
312     }
313
314     public static List<Uuid> getUpdatedAclList(List<Uuid> updatedAclList, List<Uuid> currentAclList) {
315         if (updatedAclList == null) {
316             return null;
317         }
318         List<Uuid> newAclList = new ArrayList<>(updatedAclList);
319         if (currentAclList == null) {
320             return newAclList;
321         }
322         List<Uuid> origAclList = new ArrayList<>(currentAclList);
323         for (Iterator<Uuid> iterator = newAclList.iterator(); iterator.hasNext();) {
324             Uuid updatedAclUuid = iterator.next();
325             for (Uuid currentAclUuid :origAclList) {
326                 if (updatedAclUuid.getValue().equals(currentAclUuid.getValue())) {
327                     iterator.remove();
328                 }
329             }
330         }
331         return newAclList;
332     }
333
334     public static List<AllowedAddressPairs> getUpdatedAllowedAddressPairs(
335             List<AllowedAddressPairs> updatedAllowedAddressPairs,
336             List<AllowedAddressPairs> currentAllowedAddressPairs) {
337         if (updatedAllowedAddressPairs == null) {
338             return null;
339         }
340         List<AllowedAddressPairs> newAllowedAddressPairs = new ArrayList<>(updatedAllowedAddressPairs);
341         if (currentAllowedAddressPairs == null) {
342             return newAllowedAddressPairs;
343         }
344         List<AllowedAddressPairs> origAllowedAddressPairs = new ArrayList<>(currentAllowedAddressPairs);
345         for (Iterator<AllowedAddressPairs> iterator = newAllowedAddressPairs.iterator(); iterator.hasNext();) {
346             AllowedAddressPairs updatedAllowedAddressPair = iterator.next();
347             for (AllowedAddressPairs currentAllowedAddressPair : origAllowedAddressPairs) {
348                 if (updatedAllowedAddressPair.getKey().equals(currentAllowedAddressPair.getKey())) {
349                     iterator.remove();
350                     break;
351                 }
352             }
353         }
354         return newAllowedAddressPairs;
355     }
356
357     public static List<AllowedAddressPairs> getPortAllowedAddresses(Interface port) {
358         if (port == null) {
359             LOG.error("Port is Null");
360             return null;
361         }
362         InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class);
363         if (aclInPort == null) {
364             LOG.error("getSecurityGroupInPortList: no security group associated to Interface port: {}", port.getName());
365             return null;
366         }
367         return aclInPort.getAllowedAddressPairs();
368     }
369
370     public static BigInteger getDpIdFromIterfaceState(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf
371             .interfaces.rev140508.interfaces.state.Interface interfaceState) {
372         BigInteger dpId = null;
373         String interfaceName = interfaceState.getName();
374         List<String> ofportIds = interfaceState.getLowerLayerIf();
375         if (ofportIds != null && !ofportIds.isEmpty()) {
376             NodeConnectorId nodeConnectorId = new NodeConnectorId(ofportIds.get(0));
377             dpId = BigInteger.valueOf(MDSALUtil.getDpnIdFromPortName(nodeConnectorId));
378         }
379         return dpId;
380     }
381
382     /**
383      * Builds the ip matches.
384      *
385      * @param ipPrefixOrAddress the ip prefix or address
386      * @param ipv4MatchType the ipv4 match type
387      * @return the list
388      */
389     public static List<MatchInfoBase> buildIpMatches(IpPrefixOrAddress ipPrefixOrAddress,
390             MatchFieldType ipv4MatchType) {
391         List<MatchInfoBase> flowMatches = new ArrayList<>();
392         flowMatches.add(new MatchInfo(MatchFieldType.eth_type, new long[] {NwConstants.ETHTYPE_IPV4}));
393         IpPrefix ipPrefix = ipPrefixOrAddress.getIpPrefix();
394         if (ipPrefix != null) {
395             if (ipPrefix.getIpv4Prefix().getValue() != null) {
396                 String[] ipaddressValues = ipPrefix.getIpv4Prefix().getValue().split("/");
397                 flowMatches.add(new MatchInfo(ipv4MatchType, new String[] {ipaddressValues[0], ipaddressValues[1]}));
398             } else {
399                 // Handle IPv6
400             }
401         } else {
402             IpAddress ipAddress = ipPrefixOrAddress.getIpAddress();
403             if (ipAddress.getIpv4Address() != null) {
404                 flowMatches
405                         .add(new MatchInfo(ipv4MatchType, new String[] {ipAddress.getIpv4Address().getValue(), "32"}));
406             } else {
407                 // Handle IPv6
408             }
409         }
410         return flowMatches;
411     }
412
413     /**
414      * Gets the lport tag match.
415      *
416      * @param lportTag the lport tag
417      * @return the lport tag match
418      */
419     public static MatchInfo buildLPortTagMatch(int lportTag) {
420         return new MatchInfo(MatchFieldType.metadata,
421                 new BigInteger[] {MetaDataUtil.getLportTagMetaData(lportTag), MetaDataUtil.METADATA_MASK_LPORT_TAG});
422     }
423
424     public static List<Ace> getAceWithRemoteAclId(DataBroker dataBroker, AclInterface port, Uuid remoteAcl) {
425         List<Ace> remoteAclRuleList = new ArrayList<>();
426         List<Uuid> aclList = port.getSecurityGroups();
427         for (Uuid aclId : aclList) {
428             Acl acl = getAcl(dataBroker, aclId.getValue());
429             List<Ace> aceList = acl.getAccessListEntries().getAce();
430             for (Ace ace : aceList) {
431                 Uuid tempRemoteAcl = getAccesssListAttributes(ace).getRemoteGroupId();
432                 if (tempRemoteAcl != null && tempRemoteAcl.equals(remoteAcl)) {
433                     remoteAclRuleList.add(ace);
434                 }
435             }
436         }
437         return remoteAclRuleList;
438     }
439
440     public static Map<String, List<MatchInfoBase>> getFlowForRemoteAcl(Uuid remoteAclId, String ignoreInterfaceId,
441                                                                        Map<String, List<MatchInfoBase>>
442                                                                                flowMatchesMap, boolean
443                                                                                isSourceIpMacMatch) {
444         List<AclInterface> interfaceList = AclDataUtil.getInterfaceList(remoteAclId);
445         if (flowMatchesMap == null || interfaceList == null || interfaceList.isEmpty()) {
446             return null;
447         }
448         Map<String, List<MatchInfoBase>> updatedFlowMatchesMap = new HashMap<>();
449         for (String flowName : flowMatchesMap.keySet()) {
450             List<MatchInfoBase> flows = flowMatchesMap.get(flowName);
451             for (AclInterface port : interfaceList) {
452                 if (port.getInterfaceId().equals(ignoreInterfaceId)) {
453                     continue;
454                 }
455                 //get allow address pair
456                 List<AllowedAddressPairs> allowedAddressPair = port.getAllowedAddressPairs();
457                 // iterate over allow address pair and update match type
458                 for (AllowedAddressPairs aap : allowedAddressPair) {
459                     List<MatchInfoBase> matchInfoBaseList = updateAAPMatches(isSourceIpMacMatch, flows, aap);
460                     String flowId = flowName + "_remoteACL_interface_" + port.getInterfaceId() + "_aap_" + aap.getKey();
461                     updatedFlowMatchesMap.put(flowId, matchInfoBaseList);
462                 }
463
464             }
465
466         }
467         return updatedFlowMatchesMap;
468     }
469
470     public static Map<String, List<MatchInfoBase>> getFlowForAllowedAddresses(List<AllowedAddressPairs>
471                                                                                       syncAllowedAddresses,
472                                                                               Map<String, List<MatchInfoBase>>
473                                                                                       flowMatchesMap, boolean
474                                                                                       isSourceIpMacMatch) {
475         if (flowMatchesMap == null) {
476             return null;
477         }
478         Map<String, List<MatchInfoBase>> updatedFlowMatchesMap = new HashMap<>();
479         for (String flowName : flowMatchesMap.keySet()) {
480             List<MatchInfoBase> flows = flowMatchesMap.get(flowName);
481             // iterate over allow address pair and update match type
482             for (AllowedAddressPairs aap : syncAllowedAddresses) {
483                 List<MatchInfoBase> matchInfoBaseList = updateAAPMatches(isSourceIpMacMatch, flows, aap);
484                 String flowId = flowName + "_remoteACL_interface_aap_" + aap.getKey();
485                 updatedFlowMatchesMap.put(flowId, matchInfoBaseList);
486             }
487
488         }
489         return updatedFlowMatchesMap;
490     }
491
492     private static List<MatchInfoBase> updateAAPMatches(boolean isSourceIpMacMatch, List<MatchInfoBase> flows,
493                                                         AllowedAddressPairs aap) {
494         List<MatchInfoBase> matchInfoBaseList;
495         if (isSourceIpMacMatch) {
496             flows.remove(MatchFieldType.ipv4_source);
497             matchInfoBaseList = AclServiceUtils.buildIpMatches(aap.getIpAddress(), MatchFieldType.ipv4_source);
498         } else {
499             flows.remove(MatchFieldType.ipv4_destination);
500             matchInfoBaseList = AclServiceUtils.buildIpMatches(aap.getIpAddress(), MatchFieldType.ipv4_destination);
501         }
502         matchInfoBaseList.addAll(flows);
503         return matchInfoBaseList;
504     }
505
506 }
NetVirt - Archived