git.opendaylight Code Review - netvirt.git/blob

   1 /*
   2  * Copyright (c) 2014, 2015 Red Hat, Inc. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.netvirt.openstack.netvirt.impl;
  10
  11 import org.opendaylight.netvirt.openstack.netvirt.ConfigInterface;
  12 import org.opendaylight.netvirt.openstack.netvirt.api.ConfigurationService;
  13 import org.opendaylight.netvirt.openstack.netvirt.api.Constants;
  14 import org.opendaylight.netvirt.openstack.netvirt.api.EgressAclProvider;
  15 import org.opendaylight.netvirt.openstack.netvirt.api.IngressAclProvider;
  16 import org.opendaylight.netvirt.openstack.netvirt.api.NodeCacheManager;
  17 import org.opendaylight.netvirt.openstack.netvirt.api.SecurityGroupCacheManger;
  18 import org.opendaylight.netvirt.openstack.netvirt.api.SecurityServicesManager;
  19 import org.opendaylight.netvirt.openstack.netvirt.api.Southbound;
  20 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronNetwork;
  21 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronPort;
  22 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityGroup;
  23 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityRule;
  24 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSubnet;
  25 import org.opendaylight.netvirt.openstack.netvirt.translator.Neutron_IPs;
  26 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronNetworkCRUD;
  27 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronPortCRUD;
  28 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronSubnetCRUD;
  29 import org.opendaylight.netvirt.utils.servicehelper.ServiceHelper;
  30 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.ovsdb.rev150105.OvsdbTerminationPointAugmentation;
  31 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
  32 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
  33 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.node.TerminationPoint;
  34 import org.osgi.framework.ServiceReference;
  35 import org.slf4j.Logger;
  36 import org.slf4j.LoggerFactory;
  37
  38 import java.util.ArrayList;
  39 import java.util.List;
  40 import java.util.HashMap;
  41 import java.util.Map;
  42
  43 public class SecurityServicesImpl implements ConfigInterface, SecurityServicesManager {
  44
  45     private static final Logger LOG = LoggerFactory.getLogger(TenantNetworkManagerImpl.class);
  46     private volatile INeutronPortCRUD neutronPortCache;
  47     private volatile INeutronSubnetCRUD neutronSubnetCache;
  48     private volatile Southbound southbound;
  49     private volatile NodeCacheManager nodeCacheManager;
  50     private volatile INeutronNetworkCRUD neutronNetworkCache;
  51     private volatile ConfigurationService configurationService;
  52     private volatile IngressAclProvider ingressAclProvider;
  53     private volatile EgressAclProvider egressAclProvider;
  54     private volatile NeutronL3Adapter neutronL3Adapter;
  55     private volatile SecurityGroupCacheManger securityGroupCacheManger;
  56     private volatile Map<NodeId, Long> nodeIdToDpIdCache = new HashMap<NodeId, Long>();
  57     private boolean isConntrackEnabled = false;
  58
  59     public SecurityServicesImpl() {
  60         super();
  61     }
  62
  63     public SecurityServicesImpl(boolean isConntrack) {
  64         super();
  65         this.isConntrackEnabled = isConntrack;
  66     }
  67
  68     @Override
  69     public boolean isPortSecurityReady(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
  70         if (neutronPortCache == null) {
  71             LOG.error("neutron port is null");
  72             return false;
  73         }
  74         LOG.trace("isPortSecurityReady for {}", terminationPointAugmentation.getName());
  75         String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
  76                                                                        Constants.EXTERNAL_ID_INTERFACE_ID);
  77         if (neutronPortId == null) {
  78             return false;
  79         }
  80         NeutronPort neutronPort = neutronL3Adapter.getPortPreferablyFromCleanupCache(neutronPortId);
  81         if (neutronPort == null) {
  82             return false;
  83         }
  84         String deviceOwner = neutronPort.getDeviceOwner();
  85         if (!deviceOwner.contains("compute")) {
  86             LOG.debug("Port {} is not a compute host, it is a: {}", neutronPortId, deviceOwner);
  87         }
  88         LOG.debug("isPortSecurityReady() is a {} ", deviceOwner);
  89         List<NeutronSecurityGroup> securityGroups = neutronPort.getSecurityGroups();
  90         if (securityGroups.isEmpty()) {
  91             LOG.debug("Check for device: {} does not contain a Security Group for port: {}", deviceOwner,
  92                       neutronPortId);
  93             return false;
  94         }
  95         LOG.debug("Security Group Check {} does contain a Neutron Security Group", neutronPortId);
  96         return true;
  97     }
  98
  99     @Override
 100     public List<NeutronSecurityGroup> getSecurityGroupInPortList(OvsdbTerminationPointAugmentation
 101                                                              terminationPointAugmentation) {
 102         List<NeutronSecurityGroup> neutronSecurityGroups = new ArrayList<>();
 103         if (neutronPortCache == null) {
 104             LOG.error("neutron port is null");
 105             return neutronSecurityGroups;
 106         }
 107         LOG.trace("getSecurityGroupInPortList for {}", terminationPointAugmentation.getName());
 108         String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 109                                                                        Constants.EXTERNAL_ID_INTERFACE_ID);
 110         if (neutronPortId == null) {
 111             return neutronSecurityGroups;
 112         }
 113         NeutronPort neutronPort = neutronL3Adapter.getPortPreferablyFromCleanupCache(neutronPortId);
 114         if (neutronPort == null) {
 115             return neutronSecurityGroups;
 116         }
 117         neutronSecurityGroups = neutronPort.getSecurityGroups();
 118         return neutronSecurityGroups;
 119
 120     }
 121
 122     @Override
 123     public NeutronPort getDhcpServerPort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 124         if (neutronPortCache == null) {
 125             LOG.warn("getDHCPServerPort: neutron port cache is null");
 126         }
 127         LOG.trace("getDHCPServerPort for {}",
 128                   terminationPointAugmentation.getName());
 129         NeutronPort neutronPort = null;
 130         try {
 131             String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 132                                                                            Constants.EXTERNAL_ID_INTERFACE_ID);
 133             if (neutronPortId == null) {
 134                 return null;
 135             }
 136             if (null != neutronPortCache) {
 137                 neutronPort = neutronL3Adapter.getPortPreferablyFromCleanupCache(neutronPortId);
 138                 if (neutronPort == null) {
 139                     return null;
 140                 }
 141             }
 142             /* if the current port is a DHCP port, return the same*/
 143             if (neutronPort.getDeviceOwner().contains("dhcp")) {
 144                 return neutronPort;
 145             }
 146             /*Since all the fixed ip assigned to a port should be
 147              *from the same network, first port is sufficient.*/
 148             List<Neutron_IPs> fixedIps = neutronPort.getFixedIPs();
 149             if (null == fixedIps || 0 == fixedIps.size() ) {
 150                 LOG.error("getDHCPServerPort: No fixed ip is assigned");
 151                 return null;
 152             }
 153             /* Get all the ports in the subnet and identify the dhcp port*/
 154             String subnetUuid = fixedIps.iterator().next().getSubnetUUID();
 155             NeutronSubnet neutronSubnet = neutronSubnetCache.getSubnet(subnetUuid);
 156             if (neutronSubnet == null) {
 157                 LOG.error("getDHCPServerPort: No subnet is found for " + subnetUuid);
 158                 return null;
 159             }
 160             List<NeutronPort> ports = neutronSubnet.getPortsInSubnet();
 161             for (NeutronPort port : ports) {
 162                 if (port.getDeviceOwner().contains("dhcp")) {
 163                     return port;
 164                 }
 165             }
 166         } catch (Exception e) {
 167             LOG.error("getDHCPServerPort:getDHCPServerPort failed due to ", e);
 168             return null;
 169         }
 170         return null;
 171     }
 172
 173     @Override
 174     public NeutronPort getNeutronPortFromDhcpIntf(
 175             OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 176         if (neutronPortCache == null) {
 177             LOG.error("getNeutronPortFromDhcpIntf: neutron port is null");
 178             return null;
 179         }
 180         String neutronPortId = southbound.getInterfaceExternalIdsValue(
 181                 terminationPointAugmentation,
 182                 Constants.EXTERNAL_ID_INTERFACE_ID);
 183         if (neutronPortId == null) {
 184             return null;
 185         }
 186         NeutronPort neutronPort = neutronL3Adapter.getPortPreferablyFromCleanupCache(neutronPortId);
 187         if (neutronPort == null) {
 188             return null;
 189         }
 190         /* if the current port is a DHCP port, return true*/
 191         if (neutronPort.getDeviceOwner().contains("dhcp")) {
 192             LOG.trace("getNeutronPortFromDhcpIntf: neutronPort is a dhcp port", neutronPort );
 193             return neutronPort;
 194         }
 195         return null;
 196     }
 197
 198
 199     @Override
 200     public NeutronPort getNeutronPortFromCache(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 201         NeutronPort neutronPort = null;
 202         LOG.trace("getNeutronPortFromCache for {}",
 203                 terminationPointAugmentation.getName());
 204         try {
 205             String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 206                     Constants.EXTERNAL_ID_INTERFACE_ID);
 207             if (neutronPortId == null) {
 208                 return null;
 209             }
 210             if (null != neutronPortCache) {
 211                 neutronPort = neutronL3Adapter.getPortPreferablyFromCleanupCache(neutronPortId);
 212                 if (neutronPort == null) {
 213                     return null;
 214                 }
 215             }
 216             LOG.trace("getNeutronPortFromCache: neutron port of {} got from cleanupcache", neutronPortId);
 217         } catch (Exception e) {
 218             LOG.warn("getNeutronPortFromCache:getNeutronPortFromCache failed due to ", e);
 219             return null;
 220         }
 221         return neutronPort;
 222     }
 223
 224
 225
 226     @Override
 227     public boolean isComputePort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 228         if (neutronPortCache == null) {
 229             LOG.warn("isComputePort : neutronPortCache is null");
 230         }
 231         NeutronPort neutronPort = null;
 232         LOG.trace("isComputePort for {}", terminationPointAugmentation.getName());
 233         String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 234                                                                        Constants.EXTERNAL_ID_INTERFACE_ID);
 235         if (neutronPortId == null) {
 236             return false;
 237         }
 238         if (neutronPortCache != null) {
 239             neutronPort = neutronPortCache.getPort(neutronPortId);
 240         }
 241         if (neutronPort == null) {
 242             neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
 243             if (neutronPort == null) {
 244                 return false;
 245             }
 246         }
 247         /*Check the device owner and if it contains compute to identify
 248          * whether it is a compute port.*/
 249         String deviceOwner = neutronPort.getDeviceOwner();
 250         if (!deviceOwner.contains("compute")) {
 251             LOG.debug("isComputePort : Port {} is not a DHCP server port for device owner {}",
 252                       neutronPortId,deviceOwner);
 253             return false;
 254         }
 255         return true;
 256     }
 257
 258     @Override
 259     public boolean isLastPortinSubnet(Node node, OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 260         if (neutronPortCache == null) {
 261             LOG.error("isLastPortinSubnet: neutronPortCache is null");
 262         }
 263         NeutronPort neutronPort = null;
 264         try {
 265             LOG.trace("isLastPortinSubnet: for {}", terminationPointAugmentation.getName());
 266             String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 267                                                                            Constants.EXTERNAL_ID_INTERFACE_ID);
 268             if (neutronPortId == null) {
 269                 return false;
 270             }
 271             if (neutronPortCache != null) {
 272                 neutronPort = neutronPortCache.getPort(neutronPortId);
 273             }
 274             if (neutronPort == null) {
 275                 neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
 276                 if (neutronPort == null) {
 277                     LOG.error("isLastPortinSubnet: neutron port of {} is not found", neutronPortId);
 278                     return false;
 279                 }
 280             }
 281             List<Neutron_IPs> neutronPortFixedIp = neutronPort.getFixedIPs();
 282             if (null == neutronPortFixedIp || neutronPortFixedIp.isEmpty()) {
 283                 return false;
 284             }
 285             /*Get all the ports in the current node and check whether there
 286              * is any port belonging to the same subnet of the input
 287              */
 288             List<TerminationPoint> terminationPoints = node.getTerminationPoint();
 289             if (terminationPoints != null && !terminationPoints.isEmpty()) {
 290                 for (TerminationPoint tp : terminationPoints) {
 291                     OvsdbTerminationPointAugmentation ovsdbTerminationPointAugmentation =
 292                             tp.getAugmentation(OvsdbTerminationPointAugmentation.class);
 293                     if (ovsdbTerminationPointAugmentation != null && !ovsdbTerminationPointAugmentation
 294                             .getName().equals(Constants.INTEGRATION_BRIDGE)) {
 295                         String portId = southbound.getInterfaceExternalIdsValue(ovsdbTerminationPointAugmentation,
 296                                                                                 Constants.EXTERNAL_ID_INTERFACE_ID);
 297                         if (null != portId) {
 298                             NeutronPort port = neutronPortCache.getPort(portId);
 299                             if (null != port && !(port.getID().equals(neutronPort.getID()))
 300                                     && port.getDeviceOwner().contains("compute")) {
 301                                 List<Neutron_IPs> portFixedIp = port.getFixedIPs();
 302                                 if (null == portFixedIp || portFixedIp.isEmpty()) {
 303                                     return false;
 304                                 }
 305                                 if (portFixedIp.iterator().next().getSubnetUUID()
 306                                         .equals(neutronPort.getFixedIPs().iterator().next().getSubnetUUID())) {
 307                                     LOG.trace("isLastPortinSubnet: Port is not the only port.");
 308                                     return false;
 309                                 }
 310                             }
 311                         }
 312                     }
 313                 }
 314             }
 315         } catch (Exception e) {
 316             LOG.error("isLastPortinSubnet: isLastPortinSubnet failed due to ", e);
 317             return false;
 318         }
 319         return true;
 320     }
 321
 322     @Override
 323     public boolean isLastPortinBridge(Node node, OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 324         LOG.trace("isLastPortinBridge: for {}", terminationPointAugmentation.getName());
 325         List<TerminationPoint> terminationPoints = node.getTerminationPoint();
 326         /*Check whether the node has any port other than br-int*/
 327         if (terminationPoints != null && !terminationPoints.isEmpty()) {
 328             for (TerminationPoint tp : terminationPoints) {
 329                 OvsdbTerminationPointAugmentation ovsdbTerminationPointAugmentation =
 330                         tp.getAugmentation(OvsdbTerminationPointAugmentation.class);
 331                 if (null != ovsdbTerminationPointAugmentation
 332                         && !(ovsdbTerminationPointAugmentation.getName().equals(Constants.INTEGRATION_BRIDGE))
 333                         && !(terminationPointAugmentation.getInterfaceUuid()
 334                         .equals(ovsdbTerminationPointAugmentation.getInterfaceUuid()))) {
 335                     LOG.debug("isLastPortinBridge: it the last port in bridge {}",
 336                             terminationPointAugmentation.getName());
 337                     return false;
 338                 }
 339             }
 340         }
 341         return true;
 342     }
 343
 344     @Override
 345     public List<Neutron_IPs> getIpAddressList(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
 346         if (neutronPortCache == null) {
 347             LOG.warn("getIpAddress: neutronPortCache is null");
 348         }
 349         NeutronPort neutronPort = null;
 350         LOG.trace("getIpAddress: for {}", terminationPointAugmentation.getName());
 351         String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
 352                                                                        Constants.EXTERNAL_ID_INTERFACE_ID);
 353         if (neutronPortId == null) {
 354             return null;
 355         }
 356         if (neutronPortCache != null) {
 357             neutronPort = neutronPortCache.getPort(neutronPortId);
 358         }
 359         if (neutronPort == null) {
 360             neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
 361         }
 362         if (neutronPort == null) {
 363             LOG.error("getIpAddress: neutron port of {} is not found", neutronPortId);
 364             return null;
 365         }
 366         return neutronPort.getFixedIPs();
 367     }
 368
 369     @Override
 370     public List<Neutron_IPs> getVmListForSecurityGroup(String portUuid, String securityGroupUuid) {
 371         List<Neutron_IPs> vmListForSecurityGroup = new ArrayList<>();
 372         /*For every port check whether security grouplist contains the current
 373          * security group.*/
 374         try {
 375             for (String neutronPortUuid:neutronL3Adapter.getPortCleanupCache().keySet()) {
 376                 NeutronPort neutronPort = neutronL3Adapter.getPortCleanupCache().get(neutronPortUuid);
 377                 if (!neutronPort.getDeviceOwner().contains("compute")) {
 378                     LOG.debug("getVMListForSecurityGroup : the port {} is not "
 379                             + "compute port belongs to {}", neutronPort.getID(), neutronPort.getDeviceOwner());
 380                     continue;
 381                 }
 382                 if (portUuid.equals(neutronPort.getID())) {
 383                     continue;
 384                 }
 385                 List<NeutronSecurityGroup> securityGroups = neutronPort.getSecurityGroups();
 386                 if (null != securityGroups) {
 387                     for (NeutronSecurityGroup securityGroup:securityGroups) {
 388                         if (securityGroup.getSecurityGroupUUID().equals(securityGroupUuid)) {
 389                             LOG.debug("getVMListForSecurityGroup : adding ports with ips {} "
 390                                     + "compute port", neutronPort.getFixedIPs());
 391                             if (neutronPort.getFixedIPs() != null) {
 392                                 vmListForSecurityGroup.addAll(neutronPort.getFixedIPs());
 393                             }
 394                         }
 395                     }
 396                 }
 397
 398             }
 399         } catch (Exception e) {
 400             LOG.error("getVMListForSecurityGroup: getVMListForSecurityGroup"
 401                     + " failed due to ", e);
 402             return null;
 403         }
 404         return vmListForSecurityGroup;
 405
 406     }
 407
 408     @Override
 409     public void syncFixedSecurityGroup(NeutronPort port, boolean write) {
 410
 411         Node node = getNode(port);
 412         if (node == null) {
 413             return;
 414         }
 415         NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
 416         if (null == neutronNetwork) {
 417             neutronNetwork = neutronL3Adapter.getNetworkFromCleanupCache(port.getNetworkUUID());
 418             if (neutronNetwork == null) {
 419                 return;
 420             }
 421         }
 422         OvsdbTerminationPointAugmentation intf = getInterface(node, port);
 423         if (intf == null) {
 424             return;
 425         }
 426         String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
 427         if (attachedMac == null) {
 428             LOG.debug("syncFixedSecurityGroup: No AttachedMac seen in {}", intf);
 429             return;
 430         }
 431         long dpid = getDpidOfIntegrationBridge(node);
 432         if (dpid == 0L) {
 433             return;
 434         }
 435         String segmentationId = neutronNetwork.getProviderSegmentationID();
 436         long localPort = southbound.getOFPort(intf);
 437         NeutronPort dhcpPort = this.getDhcpServerPort(intf);
 438         if (dhcpPort != null) {
 439             ingressAclProvider.programFixedSecurityGroup(dpid, segmentationId,
 440                 dhcpPort.getMacAddress(), localPort, attachedMac, write);
 441         }
 442         List<Neutron_IPs> srcAddressList = null;
 443         srcAddressList = this.getIpAddressList(intf);
 444         egressAclProvider.programFixedSecurityGroup(dpid, segmentationId,
 445             attachedMac, localPort, srcAddressList, write);
 446     }
 447
 448     @Override
 449     public void syncSecurityGroup(NeutronPort port, List<NeutronSecurityGroup> securityGroupList, boolean write) {
 450         LOG.trace("syncSecurityGroup:" + securityGroupList + " Write:" + write);
 451         if (null != port && null != port.getSecurityGroups()) {
 452             Node node = getNode(port);
 453             if (node == null) {
 454                 return;
 455             }
 456             NodeId nodeId = node.getNodeId();
 457             NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
 458             if (null == neutronNetwork) {
 459                 neutronNetwork = neutronL3Adapter.getNetworkFromCleanupCache(port.getNetworkUUID());
 460                 if (neutronNetwork == null) {
 461                     return;
 462                 }
 463             }
 464             String segmentationId = neutronNetwork.getProviderSegmentationID();
 465             OvsdbTerminationPointAugmentation intf = getInterface(node, port);
 466             if (intf == null) {
 467                 return;
 468             }
 469             long localPort = southbound.getOFPort(intf);
 470             String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
 471             if (attachedMac == null) {
 472                 LOG.debug("syncSecurityGroup: No AttachedMac seen in {}", intf);
 473                 return;
 474             }
 475             long dpid = getDpidOfIntegrationBridge(node);
 476             if (dpid == 0L) {
 477                 return;
 478             }
 479             String neutronPortId = southbound.getInterfaceExternalIdsValue(intf,
 480                                                                            Constants.EXTERNAL_ID_INTERFACE_ID);
 481             if (neutronPortId == null) {
 482                 LOG.debug("syncSecurityGroup: No neutronPortId seen in {}", intf);
 483                 return;
 484             }
 485             for (NeutronSecurityGroup securityGroupInPort:securityGroupList) {
 486                 ingressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
 487                                                           securityGroupInPort, neutronPortId, nodeId, write);
 488                 egressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
 489                                                          securityGroupInPort, neutronPortId, nodeId, write);
 490                 if (write) {
 491                     securityGroupCacheManger.portAdded(securityGroupInPort.getSecurityGroupUUID(), neutronPortId);
 492                 } else {
 493                     securityGroupCacheManger.portRemoved(securityGroupInPort.getSecurityGroupUUID(), neutronPortId);
 494                 }
 495             }
 496         }
 497     }
 498
 499     @Override
 500     public void syncSecurityRule(NeutronPort port, NeutronSecurityRule securityRule, Neutron_IPs vmIp, NodeId nodeId,
 501             NeutronSecurityGroup securityGroup, boolean write) {
 502         LOG.trace("syncSecurityGroup:" + securityRule + " Write:" + write);
 503         if (null != port && null != port.getSecurityGroups()) {
 504             if (nodeId != null) {
 505                 syncSecurityRules(port, securityRule, vmIp, nodeId, port.getMacAddress(), securityGroup, write);
 506             } else {
 507                 return;
 508             }
 509         }
 510     }
 511
 512     private void syncSecurityRules(NeutronPort port, NeutronSecurityRule securityRule, Neutron_IPs vmIp, NodeId nodeId,
 513             String attachedMac, NeutronSecurityGroup securityGroup, boolean write) {
 514         NeutronNetwork neutronNetwork = neutronL3Adapter.getNetworkFromCleanupCache(port.getNetworkUUID());
 515         if (null == neutronNetwork) {
 516             neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
 517         }
 518         if (neutronNetwork == null) {
 519             return;
 520         }
 521         String segmentationId = neutronNetwork.getProviderSegmentationID();
 522         Node node = nodeCacheManager.getNode(nodeId);
 523         Long dpId = this.nodeIdToDpIdCache.get(nodeId);
 524         if(dpId == null ) {
 525             dpId = getDpidOfIntegrationBridge(node);
 526             if (dpId != 0L) {
 527                 this.nodeIdToDpIdCache.put(nodeId , dpId);
 528             }
 529         }
 530         if (dpId == 0L) {
 531             return;
 532         }
 533
 534         if (NeutronSecurityRule.ETHERTYPE_IPV4.equals(securityRule.getSecurityRuleEthertype())) {
 535             if (NeutronSecurityRule.DIRECTION_INGRESS.equals(securityRule.getSecurityRuleDirection())) {
 536                 ingressAclProvider.programPortSecurityRule(dpId, segmentationId, attachedMac,
 537                         securityRule, securityGroup, vmIp, write);
 538             } else if (NeutronSecurityRule.DIRECTION_EGRESS.equals(securityRule.getSecurityRuleDirection())) {
 539                 egressAclProvider.programPortSecurityRule(dpId, segmentationId, attachedMac,
 540                         securityRule, securityGroup, vmIp, write);
 541             }
 542         }
 543     }
 544
 545     private long getDpidOfIntegrationBridge(Node node) {
 546         LOG.trace("getDpidOfIntegrationBridge:" + node);
 547         long dpid = 0L;
 548         if (southbound.getBridgeName(node).equals(configurationService.getIntegrationBridgeName())) {
 549             dpid = getDpid(node);
 550         }
 551         if (dpid == 0L) {
 552             LOG.warn("getDpidOfIntegerationBridge: dpid not found: {}", node);
 553         }
 554         return dpid;
 555     }
 556
 557     private long getDpid(Node node) {
 558         LOG.trace("getDpid" + node);
 559         long dpid = southbound.getDataPathId(node);
 560         if (dpid == 0) {
 561             LOG.warn("getDpid: dpid not found: {}", node);
 562         }
 563         return dpid;
 564     }
 565
 566     private Node getNode(NeutronPort port) {
 567         LOG.trace("getNode:Port" + port);
 568         List<Node> toplogyNodes = southbound.readOvsdbTopologyNodes();
 569
 570         for (Node topologyNode : toplogyNodes) {
 571             try {
 572                 Node node = southbound.getBridgeNode(topologyNode,Constants.INTEGRATION_BRIDGE);
 573                 if (node == null) {
 574                     LOG.error("getNode: br-int interface is not found for node:{}", topologyNode.getNodeId().getValue());
 575                 }
 576                 List<OvsdbTerminationPointAugmentation> ovsdbPorts = southbound.getTerminationPointsOfBridge(node);
 577                 for (OvsdbTerminationPointAugmentation ovsdbPort : ovsdbPorts) {
 578                     String uuid = southbound.getInterfaceExternalIdsValue(ovsdbPort,
 579                                                             Constants.EXTERNAL_ID_INTERFACE_ID);
 580                     if (null != uuid && uuid.equals(port.getID())) {
 581                         return node;
 582                     }
 583                 }
 584             } catch (Exception e) {
 585                 LOG.error("Exception during handlingNeutron network delete", e);
 586             }
 587         }
 588         LOG.info("no node found for port:" + port);
 589         return null;
 590     }
 591
 592     private OvsdbTerminationPointAugmentation getInterface(Node node, NeutronPort port) {
 593         LOG.trace("getInterface:Node:" + node + " Port:" + port);
 594         try {
 595             List<OvsdbTerminationPointAugmentation> ovsdbPorts = southbound.getTerminationPointsOfBridge(node);
 596             for (OvsdbTerminationPointAugmentation ovsdbPort : ovsdbPorts) {
 597                 String uuid = southbound.getInterfaceExternalIdsValue(ovsdbPort,
 598                                                                       Constants.EXTERNAL_ID_INTERFACE_ID);
 599                 if (null != uuid && uuid.equals(port.getID())) {
 600                     return ovsdbPort;
 601                 }
 602             }
 603         } catch (Exception e) {
 604             LOG.error("Exception during handlingNeutron network delete", e);
 605         }
 606         LOG.info("no interface found for node: " + node + " port:" + port);
 607         return null;
 608     }
 609
 610     @Override
 611     public boolean isPortSecurityEnabled(OvsdbTerminationPointAugmentation intf) {
 612         NeutronPort neutronPort = getNeutronPortFromCache(intf);
 613         if (null == neutronPort) {
 614             LOG.error("Neutron Port is null: " + intf);
 615             return false;
 616         }
 617         if (neutronPort.getPortSecurityEnabled()) {
 618             LOG.info("Port Security is enabled for Port: " + neutronPort);
 619             return true;
 620         }
 621         LOG.info("Port Security is  not enabled for Port: " + neutronPort);
 622         return false;
 623     }
 624
 625     @Override
 626     public void setDependencies(ServiceReference serviceReference) {
 627         neutronL3Adapter =
 628                 (NeutronL3Adapter) ServiceHelper.getGlobalInstance(NeutronL3Adapter.class, this);
 629         southbound =
 630                 (Southbound) ServiceHelper.getGlobalInstance(Southbound.class, this);
 631         neutronNetworkCache =
 632                 (INeutronNetworkCRUD) ServiceHelper.getGlobalInstance(INeutronNetworkCRUD.class, this);
 633         nodeCacheManager =
 634                 (NodeCacheManager) ServiceHelper.getGlobalInstance(NodeCacheManager.class, this);
 635         configurationService =
 636                 (ConfigurationService) ServiceHelper.getGlobalInstance(ConfigurationService.class, this);
 637         securityGroupCacheManger =
 638                 (SecurityGroupCacheManger) ServiceHelper.getGlobalInstance(SecurityGroupCacheManger.class, this);
 639     }
 640
 641     @Override
 642     public void setDependencies(Object impl) {
 643         if (impl instanceof INeutronPortCRUD) {
 644             neutronPortCache = (INeutronPortCRUD)impl;
 645         } else if (impl instanceof INeutronSubnetCRUD) {
 646             neutronSubnetCache = (INeutronSubnetCRUD) impl;
 647         } else if (impl instanceof IngressAclProvider) {
 648             ingressAclProvider = (IngressAclProvider) impl;
 649         } else if (impl instanceof EgressAclProvider) {
 650             egressAclProvider = (EgressAclProvider) impl;
 651         }
 652     }
 653
 654     @Override
 655     public boolean isConntrackEnabled() {
 656         return isConntrackEnabled;
 657     }
 658 }