+
+ public static List<Ace> getAceWithRemoteAclId(DataBroker dataBroker, AclInterface port, Uuid remoteAcl) {
+ List<Ace> remoteAclRuleList = new ArrayList<>();
+ List<Uuid> aclList = port.getSecurityGroups();
+ for (Uuid aclId : aclList) {
+ Acl acl = getAcl(dataBroker, aclId.getValue());
+ List<Ace> aceList = acl.getAccessListEntries().getAce();
+ for (Ace ace : aceList) {
+ Uuid tempRemoteAcl = getAccesssListAttributes(ace).getRemoteGroupId();
+ if (tempRemoteAcl != null && tempRemoteAcl.equals(remoteAcl)) {
+ remoteAclRuleList.add(ace);
+ }
+ }
+ }
+ return remoteAclRuleList;
+ }
+
+ public Map<String, List<MatchInfoBase>> getFlowForRemoteAcl(Uuid remoteAclId, String ignoreInterfaceId,
+ Map<String, List<MatchInfoBase>>
+ flowMatchesMap, boolean
+ isSourceIpMacMatch) {
+ List<AclInterface> interfaceList = aclDataUtil.getInterfaceList(remoteAclId);
+ if (flowMatchesMap == null || interfaceList == null || interfaceList.isEmpty()) {
+ return null;
+ }
+ Map<String, List<MatchInfoBase>> updatedFlowMatchesMap = new HashMap<>();
+ MatchInfoBase ipv4Match = new MatchInfo(MatchFieldType.eth_type, new long[] {NwConstants.ETHTYPE_IPV4});
+ MatchInfoBase ipv6Match = new MatchInfo(MatchFieldType.eth_type, new long[] {NwConstants.ETHTYPE_IPV6});
+ for (String flowName : flowMatchesMap.keySet()) {
+ List<MatchInfoBase> flows = flowMatchesMap.get(flowName);
+ for (AclInterface port : interfaceList) {
+ if (port.getInterfaceId().equals(ignoreInterfaceId)) {
+ continue;
+ }
+ //get allow address pair
+ List<AllowedAddressPairs> allowedAddressPair = port.getAllowedAddressPairs();
+ // iterate over allow address pair and update match type
+ for (AllowedAddressPairs aap : allowedAddressPair) {
+ List<MatchInfoBase> matchInfoBaseList;
+ String flowId;
+ if (flows.contains(ipv4Match) && isIPv4Address(aap)) {
+ matchInfoBaseList = updateAAPMatches(isSourceIpMacMatch, flows, aap);
+ flowId = flowName + "_ipv4_remoteACL_interface_aap_" + aap.getKey();
+ updatedFlowMatchesMap.put(flowId, matchInfoBaseList);
+ } else if (flows.contains(ipv6Match) && !isIPv4Address(aap)) {
+ matchInfoBaseList = updateAAPMatches(isSourceIpMacMatch, flows, aap);
+ flowId = flowName + "_ipv6_remoteACL_interface_aap_" + aap.getKey();
+ updatedFlowMatchesMap.put(flowId, matchInfoBaseList);
+ }
+ }
+
+ }
+
+ }
+ return updatedFlowMatchesMap;
+ }
+
+ public AclserviceConfig getConfig() {
+ return config;
+ }
+
+ private static boolean isIPv4Address(AllowedAddressPairs aap) {
+ IpPrefixOrAddress ipPrefixOrAddress = aap.getIpAddress();
+ IpPrefix ipPrefix = ipPrefixOrAddress.getIpPrefix();
+ if (ipPrefix != null) {
+ if (ipPrefix.getIpv4Prefix() != null) {
+ return true;
+ }
+ } else {
+ IpAddress ipAddress = ipPrefixOrAddress.getIpAddress();
+ if (ipAddress.getIpv4Address() != null) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public static Map<String, List<MatchInfoBase>> getFlowForAllowedAddresses(List<AllowedAddressPairs>
+ syncAllowedAddresses,
+ Map<String, List<MatchInfoBase>>
+ flowMatchesMap, boolean
+ isSourceIpMacMatch) {
+ if (flowMatchesMap == null) {
+ return null;
+ }
+ Map<String, List<MatchInfoBase>> updatedFlowMatchesMap = new HashMap<>();
+ MatchInfoBase ipv4Match = new MatchInfo(MatchFieldType.eth_type, new long[] {NwConstants.ETHTYPE_IPV4});
+ MatchInfoBase ipv6Match = new MatchInfo(MatchFieldType.eth_type, new long[] {NwConstants.ETHTYPE_IPV6});
+ for (String flowName : flowMatchesMap.keySet()) {
+ List<MatchInfoBase> flows = flowMatchesMap.get(flowName);
+ // iterate over allow address pair and update match type
+ for (AllowedAddressPairs aap : syncAllowedAddresses) {
+ List<MatchInfoBase> matchInfoBaseList;
+ String flowId;
+ if (flows.contains(ipv4Match) && isIPv4Address(aap)) {
+ matchInfoBaseList = updateAAPMatches(isSourceIpMacMatch, flows, aap);
+ flowId = flowName + "_ipv4_remoteACL_interface_aap_" + aap.getKey();
+ updatedFlowMatchesMap.put(flowId, matchInfoBaseList);
+ } else if (flows.contains(ipv6Match) && !isIPv4Address(aap)) {
+ matchInfoBaseList = updateAAPMatches(isSourceIpMacMatch, flows, aap);
+ flowId = flowName + "_ipv6_remoteACL_interface_aap_" + aap.getKey();
+ updatedFlowMatchesMap.put(flowId, matchInfoBaseList);
+ }
+ }
+
+ }
+ return updatedFlowMatchesMap;
+ }
+
+ public static Long getElanIdFromInterface(String elanInterfaceName,DataBroker broker) {
+ ElanInterface elanInterface = getElanInterfaceByElanInterfaceName(elanInterfaceName, broker);
+ if (null != elanInterface) {
+ ElanInstance elanInfo = getElanInstanceByName(elanInterface.getElanInstanceName(), broker);
+ return elanInfo.getElanTag();
+ }
+ return null;
+ }
+
+ public static ElanInterface getElanInterfaceByElanInterfaceName(String elanInterfaceName,DataBroker broker) {
+ InstanceIdentifier<ElanInterface> elanInterfaceId = getElanInterfaceConfigurationDataPathId(elanInterfaceName);
+ Optional<ElanInterface> existingElanInterface = read(broker,
+ LogicalDatastoreType.CONFIGURATION, elanInterfaceId);
+ if (existingElanInterface.isPresent()) {
+ return existingElanInterface.get();
+ }
+ return null;
+ }
+
+ public static InstanceIdentifier<ElanInterface> getElanInterfaceConfigurationDataPathId(String interfaceName) {
+ return InstanceIdentifier.builder(ElanInterfaces.class)
+ .child(ElanInterface.class, new ElanInterfaceKey(interfaceName)).build();
+ }
+
+ // elan-instances config container
+ public static ElanInstance getElanInstanceByName(String elanInstanceName, DataBroker broker) {
+ InstanceIdentifier<ElanInstance> elanIdentifierId = getElanInstanceConfigurationDataPath(elanInstanceName);
+ Optional<ElanInstance> elanInstance = read(broker, LogicalDatastoreType.CONFIGURATION,
+ elanIdentifierId);
+ if (elanInstance.isPresent()) {
+ return elanInstance.get();
+ }
+ return null;
+ }
+
+ public static InstanceIdentifier<ElanInstance> getElanInstanceConfigurationDataPath(String elanInstanceName) {
+ return InstanceIdentifier.builder(ElanInstances.class)
+ .child(ElanInstance.class, new ElanInstanceKey(elanInstanceName)).build();
+ }
+
+ private static List<MatchInfoBase> updateAAPMatches(boolean isSourceIpMacMatch, List<MatchInfoBase> flows,
+ AllowedAddressPairs aap) {
+ List<MatchInfoBase> matchInfoBaseList;
+ if (isSourceIpMacMatch) {
+ matchInfoBaseList = AclServiceUtils.buildIpMatches(aap.getIpAddress(), MatchCriteria.MATCH_SOURCE);
+ } else {
+ matchInfoBaseList = AclServiceUtils.buildIpMatches(aap.getIpAddress(), MatchCriteria.MATCH_DESTINATION);
+ }
+ matchInfoBaseList.addAll(flows);
+ return matchInfoBaseList;
+ }
+
+ public static MatchInfoBase popMatchInfoByType(List<MatchInfoBase> flows, MatchFieldType type) {
+ MatchInfoBase mib = getMatchInfoByType(flows, type);
+ if (mib != null) {
+ flows.remove(mib);
+ }
+ return mib;
+ }
+
+ public static MatchInfo getMatchInfoByType(List<MatchInfoBase> flows, MatchFieldType type) {
+ for (MatchInfoBase mib : flows) {
+ if (mib instanceof MatchInfo) {
+ if (((MatchInfo)mib).getMatchField() == type) {
+ return (MatchInfo) mib;
+ }
+ }
+ }
+ return null;
+ }
+
+ public static MatchInfoBase getMatchInfoByType(List<MatchInfoBase> flows, NxMatchFieldType type) {
+ for (MatchInfoBase mib : flows) {
+ if (mib instanceof NxMatchInfo) {
+ if (((NxMatchInfo)mib).getMatchField() == type) {
+ return mib;
+ }
+ }
+ }
+ return null;
+ }
+
+ public static boolean containsMatchFieldType(List<MatchInfoBase> flows, MatchFieldType type) {
+ MatchInfoBase mib = getMatchInfoByType(flows, type);
+ if (mib != null) {
+ return true;
+ }
+ return false;
+ }
+
+ public static boolean containsMatchFieldType(List<MatchInfoBase> flows, NxMatchFieldType type) {
+ MatchInfoBase mib = getMatchInfoByType(flows, type);
+ if (mib != null) {
+ return true;
+ }
+ return false;
+ }
+
+ public static boolean containsMatchFieldTypeAndValue(List<MatchInfoBase> flows, MatchFieldType type,
+ long[] values) {
+ MatchInfo mib = getMatchInfoByType(flows, type);
+ if (mib != null && Arrays.equals(mib.getMatchValues(), values)) {
+ return true;
+ }
+
+ return false;
+ }
+
+ public static boolean containsTcpMatchField(List<MatchInfoBase> flows) {
+ return containsMatchFieldTypeAndValue(flows, MatchFieldType.ip_proto, new long[] {IPProtocols.TCP.intValue()});
+ }
+
+ public static boolean containsUdpMatchField(List<MatchInfoBase> flows) {
+ return containsMatchFieldTypeAndValue(flows, MatchFieldType.ip_proto, new long[] {IPProtocols.UDP.intValue()});
+ }
+
+ public static Integer allocateId(IdManagerService idManager, String poolName, String idKey) {
+ AllocateIdInput getIdInput = new AllocateIdInputBuilder().setPoolName(poolName).setIdKey(idKey).build();
+ try {
+ Future<RpcResult<AllocateIdOutput>> result = idManager.allocateId(getIdInput);
+ RpcResult<AllocateIdOutput> rpcResult = result.get();
+ if (rpcResult.isSuccessful()) {
+ return rpcResult.getResult().getIdValue().intValue();
+ } else {
+ LOG.warn("RPC Call to Get Unique Id returned with Errors {}", rpcResult.getErrors());
+ }
+ } catch (InterruptedException | ExecutionException e) {
+ LOG.warn("Exception when getting Unique Id", e);
+ }
+ return AclConstants.PROTO_MATCH_PRIORITY;
+ }
+
+ public static void releaseId(IdManagerService idManager, String poolName, String idKey) {
+ ReleaseIdInput idInput = new ReleaseIdInputBuilder().setPoolName(poolName).setIdKey(idKey).build();
+ try {
+ Future<RpcResult<Void>> result = idManager.releaseId(idInput);
+ RpcResult<Void> rpcResult = result.get();
+ if (!rpcResult.isSuccessful()) {
+ LOG.warn("RPC Call to release Id {} with Key {} returned with Errors {}", idKey, rpcResult.getErrors());
+ }
+ } catch (InterruptedException | ExecutionException e) {
+ LOG.warn("Exception when releasing Id for key {}", idKey, e);
+ }
+ }