Limit BUM traffic to DHCP namespaces

[netvirt.git] / aclservice / impl / src / main / java / org / opendaylight / netvirt / aclservice / utils / AclServiceUtils.java

diff --git a/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclServiceUtils.java b/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclServiceUtils.java
index 49cc0cfb7a4532eae4716b01405bf323cea57c44..014a13ef6af14d33f907ceba4fd501b0018e7054 100644 (file)
--- a/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclServiceUtils.java
+++ b/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclServiceUtils.java
@@ -31,9 +31,9 @@ import java.util.SortedSet;
 import java.util.TreeSet;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
-import javax.annotation.Nullable;
 import javax.inject.Inject;
 import javax.inject.Singleton;
+import org.eclipse.jdt.annotation.Nullable;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
 import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
@@ -116,6 +116,7 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeCon
 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.config.rev160806.AclserviceConfig;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.AclPortsLookup;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddressBuilder;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionV6;
@@ -215,9 +216,8 @@ public final class AclServiceUtils {
      * @param interfaceName the interface name.
      * @return the interface state.
      */
-    @Nullable
     public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state
-        .Interface getInterfaceStateFromOperDS(DataBroker dataBroker, String interfaceName) {
+        .@Nullable Interface getInterfaceStateFromOperDS(DataBroker dataBroker, String interfaceName) {
         InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
             .interfaces.state.Interface> ifStateId = buildStateInterfaceId(interfaceName);
         return MDSALUtil.read(LogicalDatastoreType.OPERATIONAL, ifStateId, dataBroker).orNull();
@@ -246,12 +246,10 @@ public final class AclServiceUtils {
     @Nullable
     public static SecurityRuleAttr getAccessListAttributes(Ace ace) {
         if (ace == null) {
-            LOG.error("Ace is Null");
             return null;
         }
         SecurityRuleAttr aceAttributes = ace.augmentation(SecurityRuleAttr.class);
         if (aceAttributes == null) {
-            LOG.error("Ace is null");
             return null;
         }
         return aceAttributes;
@@ -705,7 +703,7 @@ public final class AclServiceUtils {
         ElanInterface elanInterface = getElanInterfaceByElanInterfaceName(elanInterfaceName, broker);
         if (null != elanInterface) {
             ElanInstance elanInfo = getElanInstanceByName(elanInterface.getElanInstanceName(), broker);
-            return elanInfo.getElanTag();
+            return elanInfo != null ? elanInfo.getElanTag() : null;
         }
         return null;
     }
@@ -825,13 +823,25 @@ public final class AclServiceUtils {
     }
 
     /**
-     * Indicates whether the interface has port security enabled.
+     * Indicates whether the interface has port security enabled or interface is DHCP service port.
      *
      * @param aclInterface the interface.
-     * @return true if port is security enabled.
+     * @return true if port is security enabled or is a DHCP service port.
      */
     public static boolean isOfInterest(AclInterface aclInterface) {
-        return aclInterface != null && aclInterface.isPortSecurityEnabled();
+        return aclInterface != null && (aclInterface.isPortSecurityEnabled()
+                || aclInterface.getInterfaceType() == InterfaceAcl.InterfaceType.DhcpService);
+    }
+
+    /**
+     * Indicates whether the interface has port security enabled or interface is DHCP service port.
+     *
+     * @param aclInterface the interface.
+     * @return true if port is security enabled or is a DHCP service port.
+     */
+    public static boolean isOfInterest(InterfaceAcl aclInterface) {
+        return aclInterface != null && (aclInterface.isPortSecurityEnabled()
+                || aclInterface.getInterfaceType() == InterfaceAcl.InterfaceType.DhcpService);
     }
 
     /**
@@ -955,14 +965,15 @@ public final class AclServiceUtils {
         return flowMatches;
     }
 
-    public static boolean isOfAclInterest(Acl acl) {
+    public static List<Ace> getAceListFromAcl(Acl acl) {
         if (acl.getAccessListEntries() != null) {
             List<Ace> aceList = acl.getAccessListEntries().getAce();
-            if (aceList != null && !aceList.isEmpty()) {
-                return aceList.get(0).augmentation(SecurityRuleAttr.class) != null;
+            if (aceList != null && !aceList.isEmpty()
+                    && aceList.get(0).augmentation(SecurityRuleAttr.class) != null) {
+                return aceList;
             }
         }
-        return false;
+        return Collections.emptyList();
     }
 
     /**
@@ -1021,7 +1032,8 @@ public final class AclServiceUtils {
         if (accessListEntries != null && accessListEntries.getAce() != null) {
             for (Ace ace : accessListEntries.getAce()) {
                 SecurityRuleAttr aceAttr = AclServiceUtils.getAccessListAttributes(ace);
-                if (Objects.equals(aceAttr.getDirection(), direction) && doesAceHaveRemoteGroupId(aceAttr)) {
+                if (aceAttr != null && Objects.equals(aceAttr.getDirection(), direction)
+                        && doesAceHaveRemoteGroupId(aceAttr)) {
                     remoteAclIds.add(aceAttr.getRemoteGroupId());
                 }
             }
@@ -1124,7 +1136,7 @@ public final class AclServiceUtils {
 
         for (Uuid aclId : aclList) {
             String aclName = aclId.getValue();
-            jobCoordinator.enqueueJob(aclName.intern(), () -> {
+            jobCoordinator.enqueueJob(aclName, () -> {
                 List<ListenableFuture<Void>> futures = new ArrayList<>();
                 futures.add(txRunner.callWithNewWriteOnlyTransactionAndSubmit(OPERATIONAL, tx -> {
                     for (AllowedAddressPairs aap : allowedAddresses) {
@@ -1153,7 +1165,7 @@ public final class AclServiceUtils {
 
         for (Uuid aclId : aclList) {
             String aclName = aclId.getValue();
-            jobCoordinator.enqueueJob(aclName.intern(), () -> {
+            jobCoordinator.enqueueJob(aclName, () -> {
                 List<ListenableFuture<Void>> futures = new ArrayList<>();
                 futures.add(txRunner.callWithNewWriteOnlyTransactionAndSubmit(OPERATIONAL, tx -> {
                     for (AllowedAddressPairs aap : allowedAddresses) {