package org.opendaylight.netvirt.aclservice.utils;
import static org.opendaylight.controller.md.sal.binding.api.WriteTransaction.CREATE_MISSING_PARENTS;
+import static org.opendaylight.genius.infra.Datastore.CONFIGURATION;
import static org.opendaylight.genius.infra.Datastore.OPERATIONAL;
import com.google.common.base.Optional;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
+import java.util.Objects;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
-import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Singleton;
+import org.eclipse.jdt.annotation.NonNull;
+import org.eclipse.jdt.annotation.Nullable;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchRegister;
import org.opendaylight.genius.mdsalutil.packet.IPProtocols;
import org.opendaylight.infrautils.jobcoordinator.JobCoordinator;
-import org.opendaylight.infrautils.utils.concurrent.ListenableFutures;
import org.opendaylight.netvirt.aclservice.api.AclServiceManager.MatchCriteria;
import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.AccessLists;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.Ipv4Acl;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.AclKey;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.AccessListEntries;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.config.rev160806.AclserviceConfig;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.AclPortsLookup;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddressBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionV6;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.PortSubnets;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.acl.ports.lookup.AclPortsByIp;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.acl.ports.lookup.AclPortsByIpKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.acl.ports.lookup.acl.ports.by.ip.acl.ip.prefixes.PortIdsBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.acl.ports.lookup.acl.ports.by.ip.acl.ip.prefixes.PortIdsKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.PortSubnet;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.PortSubnetKey;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfo;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.SubnetInfo;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.ElanInstances;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.ElanInterfaces;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.instances.ElanInstance;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier.InstanceIdentifierBuilder;
import org.opendaylight.yangtools.yang.common.RpcResult;
+import org.opendaylight.yangtools.yang.common.Uint64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
* @return the interface state.
*/
public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state
- .Interface getInterfaceStateFromOperDS(DataBroker dataBroker, String interfaceName) {
+ .@Nullable Interface getInterfaceStateFromOperDS(DataBroker dataBroker, String interfaceName) {
InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
.interfaces.state.Interface> ifStateId = buildStateInterfaceId(interfaceName);
return MDSALUtil.read(LogicalDatastoreType.OPERATIONAL, ifStateId, dataBroker).orNull();
* @param ace the access list entry
* @return the security rule attributes
*/
- public static SecurityRuleAttr getAccesssListAttributes(Ace ace) {
+ @Nullable
+ public static SecurityRuleAttr getAccessListAttributes(Ace ace) {
if (ace == null) {
- LOG.error("Ace is Null");
return null;
}
SecurityRuleAttr aceAttributes = ace.augmentation(SecurityRuleAttr.class);
if (aceAttributes == null) {
- LOG.error("Ace is null");
return null;
}
return aceAttributes;
* @return the bound services
*/
public static BoundServices getBoundServices(String serviceName, short servicePriority, int flowPriority,
- BigInteger cookie, List<Instruction> instructions) {
+ Uint64 cookie, List<Instruction> instructions) {
StypeOpenflowBuilder augBuilder = new StypeOpenflowBuilder().setFlowCookie(cookie).setFlowPriority(flowPriority)
.setInstruction(instructions);
return new BoundServicesBuilder().withKey(new BoundServicesKey(servicePriority)).setServiceName(serviceName)
return newAclList;
}
List<Uuid> origAclList = new ArrayList<>(currentAclList);
- for (Iterator<Uuid> iterator = newAclList.iterator(); iterator.hasNext();) {
- Uuid updatedAclUuid = iterator.next();
- for (Uuid currentAclUuid :origAclList) {
- if (updatedAclUuid.getValue().equals(currentAclUuid.getValue())) {
- iterator.remove();
- }
- }
- }
+ newAclList.removeAll(origAclList);
return newAclList;
}
public static List<AllowedAddressPairs> getUpdatedAllowedAddressPairs(
- List<AllowedAddressPairs> updatedAllowedAddressPairs,
- List<AllowedAddressPairs> currentAllowedAddressPairs) {
+
@Nullable List<AllowedAddressPairs> updatedAllowedAddressPairs,
+
@Nullable List<AllowedAddressPairs> currentAllowedAddressPairs) {
if (updatedAllowedAddressPairs == null) {
- return null;
+ return Collections.emptyList();
}
List<AllowedAddressPairs> newAllowedAddressPairs = new ArrayList<>(updatedAllowedAddressPairs);
if (currentAllowedAddressPairs == null) {
return newAllowedAddressPairs;
}
+ @Nullable
public static BigInteger getDpIdFromIterfaceState(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf
.interfaces.rev140508.interfaces.state.Interface interfaceState) {
BigInteger dpId = null;
MetaDataUtil.METADATA_MASK_REMOTE_ACL_TAG);
}
- public static BigInteger getRemoteAclTagMetadata(BigInteger remoteAclTag) {
- return remoteAclTag.shiftLeft(4);
+ public static Uint64 getRemoteAclTagMetadata(BigInteger remoteAclTag) {
+ return Uint64.valueOf(remoteAclTag.shiftLeft(4));
}
- public static BigInteger getDropFlowCookie(int lport) {
- return MetaDataUtil.getLportTagMetaData(lport).or(AclConstants.COOKIE_ACL_DROP_FLOW);
+ public static Uint64 getDropFlowCookie(int lport) {
+ return Uint64.fromLongBits(MetaDataUtil.getLportTagMetaData(lport).longValue()
+ | AclConstants.COOKIE_ACL_DROP_FLOW.longValue());
}
/**
// In case of ingress service mode, only metadata is used for
// matching both lportTag and aclTag. Hence performing "or"
// operation on both lportTag and aclTag metadata.
- BigInteger metaData = MetaDataUtil.getLportTagMetaData(lportTag)
- .or(getRemoteAclTagMetadata(BigInteger.valueOf(remoteAclTag)));
- BigInteger metaDataMask =
- MetaDataUtil.METADATA_MASK_LPORT_TAG.or(MetaDataUtil.METADATA_MASK_REMOTE_ACL_TAG);
+ Uint64 metaData = Uint64.fromLongBits(MetaDataUtil.getLportTagMetaData(lportTag).longValue()
+ | (getRemoteAclTagMetadata(BigInteger.valueOf(remoteAclTag)).longValue()));
+ Uint64 metaDataMask = Uint64.fromLongBits(MetaDataUtil.METADATA_MASK_LPORT_TAG.longValue()
+ | MetaDataUtil.METADATA_MASK_REMOTE_ACL_TAG.longValue());
matches.add(new MatchMetadata(metaData, metaDataMask));
}
return matches;
// In case of ingress service mode, only metadata is used for
// matching both lportTag and conntrackClassifierType. Hence performing "or"
// operation on both lportTag and conntrackClassifierType metadata.
- BigInteger metaData = MetaDataUtil.getLportTagMetaData(lportTag)
- .or(MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(conntrackClassifierType.getValue()));
- BigInteger metaDataMask =
- MetaDataUtil.METADATA_MASK_LPORT_TAG.or(MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE);
+ Uint64 metaData = Uint64.fromLongBits(MetaDataUtil.getLportTagMetaData(lportTag).longValue()
+ | (MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(
+ Uint64.valueOf(conntrackClassifierType.getValue()))).longValue());
+ Uint64 metaDataMask = Uint64.fromLongBits(MetaDataUtil.METADATA_MASK_LPORT_TAG.longValue()
+ | MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE.longValue());
matches.add(new MatchMetadata(metaData, metaDataMask));
}
return matches;
public static InstructionWriteMetadata getWriteMetadataForAclClassifierType(
AclConntrackClassifierType conntrackClassifierType) {
- return new InstructionWriteMetadata(
- MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(conntrackClassifierType.getValue()),
+ return new InstructionWriteMetadata(MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(
+ Uint64.valueOf(conntrackClassifierType.getValue())),
MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE);
}
public static MatchInfoBase buildAclConntrackClassifierTypeMatch(
AclConntrackClassifierType conntrackSupportedType) {
return new MatchMetadata(
- MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(conntrackSupportedType.getValue()),
- MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE);
+ MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(
+ Uint64.valueOf(conntrackSupportedType.getValue())),
+ MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE);
}
public AclserviceConfig getConfig() {
return isNotIpv4AllNetwork(aap) && isNotIpv6AllNetwork(aap);
}
- public static Long getElanIdFromInterface(String elanInterfaceName,DataBroker broker) {
+ @Nullable
+ public static Long getElanIdFromInterface(String elanInterfaceName, DataBroker broker) {
ElanInterface elanInterface = getElanInterfaceByElanInterfaceName(elanInterfaceName, broker);
if (null != elanInterface) {
ElanInstance elanInfo = getElanInstanceByName(elanInterface.getElanInstanceName(), broker);
- return elanInfo.getElanTag();
+ return elanInfo != null ? elanInfo.getElanTag().toJava() : null;
}
return null;
}
+ @Nullable
public static ElanInterface getElanInterfaceByElanInterfaceName(String elanInterfaceName,DataBroker broker) {
InstanceIdentifier<ElanInterface> elanInterfaceId = getElanInterfaceConfigurationDataPathId(elanInterfaceName);
return read(broker, LogicalDatastoreType.CONFIGURATION, elanInterfaceId).orNull();
}
// elan-instances config container
+ @Nullable
public static ElanInstance getElanInstanceByName(String elanInstanceName, DataBroker broker) {
InstanceIdentifier<ElanInstance> elanIdentifierId = getElanInstanceConfigurationDataPath(elanInstanceName);
return read(broker, LogicalDatastoreType.CONFIGURATION, elanIdentifierId).orNull();
.child(ElanInstance.class, new ElanInstanceKey(elanInstanceName)).build();
}
- public List<SubnetInfo> getSubnetInfo(String portId) {
- InstanceIdentifier<PortSubnet> id = InstanceIdentifier.builder(PortSubnets.class)
- .child(PortSubnet.class, new PortSubnetKey(portId)).build();
-
- Optional<PortSubnet> portSubnet = read(dataBroker, LogicalDatastoreType.OPERATIONAL, id);
- if (portSubnet.isPresent()) {
- return portSubnet.get().getSubnetInfo();
+ public void deleteAcesFromConfigDS(String aclName, List<Ace> deletedAceRules) {
+ List<List<Ace>> acesParts = Lists.partition(deletedAceRules, AclConstants.ACES_PER_TRANSACTION);
+ for (List<Ace> acePart : acesParts) {
+ jobCoordinator.enqueueJob(aclName,
+ () -> Collections.singletonList(txRunner.callWithNewReadWriteTransactionAndSubmit(CONFIGURATION,
+ tx -> {
+ for (Ace ace: acePart) {
+ InstanceIdentifier<Ace> id = InstanceIdentifier.builder(AccessLists.class)
+ .child(Acl.class, new AclKey(aclName, Ipv4Acl.class)).child(AccessListEntries.class)
+ .child(Ace.class, ace.key()).build();
+ tx.delete(id);
+ }
+ })), AclConstants.ACEDELETE_MAX_RETRIES);
}
- return null;
- }
-
- public void deleteSubnetInfo(String portId) {
- InstanceIdentifier<PortSubnet> id = InstanceIdentifier.builder(PortSubnets.class)
- .child(PortSubnet.class, new PortSubnetKey(portId)).build();
- ListenableFutures.addErrorLogging(txRunner.callWithNewWriteOnlyTransactionAndSubmit(
- OPERATIONAL, tx -> tx.delete(id)), LOG, "Failed to delete subnet info for port: " + portId);
}
public static Integer allocateId(IdManagerService idManager, String poolName, String idKey, Integer defaultId) {
* @param aclId the acl id
* @return the acl tag
*/
+ @Nullable
public Integer getAclTag(final Uuid aclId) {
String aclName = aclId.getValue();
Integer aclTag = this.aclDataUtil.getAclTag(aclName);
}
/**
- * Indicates whether the interface has port security enabled.
+ * Indicates whether the interface has port security enabled or interface is DHCP service port.
*
* @param aclInterface the interface.
- * @return true if port is security enabled.
+ * @return true if port is security enabled or is a DHCP service port.
*/
public static boolean isOfInterest(AclInterface aclInterface) {
- return aclInterface != null && aclInterface.isPortSecurityEnabled();
+ return aclInterface != null && (aclInterface.isPortSecurityEnabled()
+ || aclInterface.getInterfaceType() == InterfaceAcl.InterfaceType.DhcpService);
+ }
+
+ /**
+ * Indicates whether the interface has port security enabled or interface is DHCP service port.
+ *
+ * @param aclInterface the interface.
+ * @return true if port is security enabled or is a DHCP service port.
+ */
+ public static boolean isOfInterest(InterfaceAcl aclInterface) {
+ return aclInterface != null && (aclInterface.isPortSecurityEnabled()
+ || aclInterface.getInterfaceType() == InterfaceAcl.InterfaceType.DhcpService);
}
/**
return flowMatches;
}
- public static boolean isOfAclInterest(Acl acl) {
- if (acl.getAccessListEntries() != null) {
- List<Ace> aceList = acl.getAccessListEntries().getAce();
- if (aceList != null && !aceList.isEmpty()) {
- return aceList.get(0).augmentation(SecurityRuleAttr.class) != null;
- }
+ public static @NonNull List<Ace> aceList(@NonNull Acl acl) {
+ final AccessListEntries ale = acl.getAccessListEntries();
+ return ale == null ? Collections.emptyList() : ale.nonnullAce();
+ }
+
+ public static @NonNull List<Ace> getAceListFromAcl(Acl acl) {
+ List<Ace> aceList = aceList(acl);
+ if (!aceList.isEmpty() && aceList.get(0).augmentation(SecurityRuleAttr.class) != null) {
+ return aceList;
}
- return false;
+ return Collections.emptyList();
}
/**
return aceAttr != null && aceAttr.getRemoteGroupId() != null;
}
- public SortedSet<Integer> getRemoteAclTags(List<Uuid> aclIds, Class<? extends DirectionBase> direction) {
+ public SortedSet<Integer> getRemoteAclTags(@Nullable List<Uuid> aclIds, Class<? extends DirectionBase> direction) {
SortedSet<Integer> remoteAclTags = new TreeSet<>();
Set<Uuid> remoteAclIds = getRemoteAclIdsByDirection(aclIds, direction);
for (Uuid remoteAclId : remoteAclIds) {
return remoteAclTags;
}
- public Set<Uuid> getRemoteAclIdsByDirection(List<Uuid> aclIds, Class<? extends DirectionBase> direction) {
+ public Set<Uuid> getRemoteAclIdsByDirection(@Nullable List<Uuid> aclIds, Class<? extends DirectionBase> direction) {
Set<Uuid> remoteAclIds = new HashSet<>();
if (aclIds == null || aclIds.isEmpty()) {
return remoteAclIds;
public static Set<Uuid> getRemoteAclIdsByDirection(Acl acl, Class<? extends DirectionBase> direction) {
Set<Uuid> remoteAclIds = new HashSet<>();
- AccessListEntries accessListEntries = acl.getAccessListEntries();
- if (accessListEntries != null && accessListEntries.getAce() != null) {
- for (Ace ace : accessListEntries.getAce()) {
- SecurityRuleAttr aceAttr = AclServiceUtils.getAccesssListAttributes(ace);
- if (aceAttr.getDirection().equals(direction) && doesAceHaveRemoteGroupId(aceAttr)) {
- remoteAclIds.add(aceAttr.getRemoteGroupId());
- }
+ for (Ace ace : aceList(acl)) {
+ SecurityRuleAttr aceAttr = AclServiceUtils.getAccessListAttributes(ace);
+ if (aceAttr != null && Objects.equals(aceAttr.getDirection(), direction)
+ && doesAceHaveRemoteGroupId(aceAttr)) {
+ remoteAclIds.add(aceAttr.getRemoteGroupId());
}
}
return remoteAclIds;
LOG.debug("Processing interface additions for port {}", portAfter.getInterfaceId());
List<AllowedAddressPairs> addedAllowedAddressPairs = getUpdatedAllowedAddressPairs(
portAfter.getAllowedAddressPairs(), portBefore.getAllowedAddressPairs());
- if (addedAllowedAddressPairs != null && !addedAllowedAddressPairs.isEmpty()) {
+ if (!addedAllowedAddressPairs.isEmpty()) {
addAclPortsLookup(portAfter, portAfter.getSecurityGroups(), addedAllowedAddressPairs);
}
List<Uuid> addedAcls = getUpdatedAclList(portAfter.getSecurityGroups(), portBefore.getSecurityGroups());
- if (addedAcls != null && !addedAcls.isEmpty()) {
+ if (!addedAcls.isEmpty()) {
addAclPortsLookup(portAfter, addedAcls, portAfter.getAllowedAddressPairs());
}
}
LOG.debug("Processing interface removals for port {}", portAfter.getInterfaceId());
List<AllowedAddressPairs> deletedAllowedAddressPairs = getUpdatedAllowedAddressPairs(
portBefore.getAllowedAddressPairs(), portAfter.getAllowedAddressPairs());
- if (deletedAllowedAddressPairs != null && !deletedAllowedAddressPairs.isEmpty()) {
+ if (!deletedAllowedAddressPairs.isEmpty()) {
deleteAclPortsLookup(portAfter, portAfter.getSecurityGroups(), deletedAllowedAddressPairs);
}
List<Uuid> deletedAcls = getUpdatedAclList(portBefore.getSecurityGroups(), portAfter.getSecurityGroups());
- if (deletedAcls != null && !deletedAcls.isEmpty()) {
+ if (!deletedAcls.isEmpty()) {
deleteAclPortsLookup(portAfter, deletedAcls, portAfter.getAllowedAddressPairs());
}
}
for (Uuid aclId : aclList) {
String aclName = aclId.getValue();
- jobCoordinator.enqueueJob(aclName.intern(), () -> {
+ jobCoordinator.enqueueJob(aclName, () -> {
List<ListenableFuture<Void>> futures = new ArrayList<>();
futures.add(txRunner.callWithNewWriteOnlyTransactionAndSubmit(OPERATIONAL, tx -> {
for (AllowedAddressPairs aap : allowedAddresses) {
for (Uuid aclId : aclList) {
String aclName = aclId.getValue();
- jobCoordinator.enqueueJob(aclName.intern(), () -> {
+ jobCoordinator.enqueueJob(aclName, () -> {
List<ListenableFuture<Void>> futures = new ArrayList<>();
futures.add(txRunner.callWithNewWriteOnlyTransactionAndSubmit(OPERATIONAL, tx -> {
for (AllowedAddressPairs aap : allowedAddresses) {
int hardTimeout = AclConstants.SECURITY_GROUP_ICMP_IDLE_TIME_OUT;
Matches matches = ace.getMatches();
AceIp acl = (AceIp) matches.getAceType();
- Short protocol = acl.getProtocol();
+ Short protocol = acl.getProtocol() != null ? acl.getProtocol().toJava() : null;
if (protocol == null) {
return hardTimeout;
- } else if (protocol == NwConstants.IP_PROT_TCP) {
- hardTimeout = aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout();
- } else if (protocol == NwConstants.IP_PROT_UDP) {
- hardTimeout = aclServiceUtils.getConfig().getSecurityGroupUdpIdleTimeout();
+ } else if (protocol == NwConstants.IP_PROT_TCP
+ && aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout() != null) {
+ hardTimeout = aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout().toJava();
+ } else if (protocol == NwConstants.IP_PROT_UDP
+ && aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout() != null) {
+ hardTimeout = aclServiceUtils.getConfig().getSecurityGroupUdpIdleTimeout().toJava();
}
return hardTimeout;
}
return instructions;
}
- public static List<AllowedAddressPairs> excludeMulticastAAPs(List<AllowedAddressPairs> allowedAddresses) {
+ public static List<AllowedAddressPairs> excludeMulticastAAPs(
@Nullable List<AllowedAddressPairs> allowedAddresses) {
List<AllowedAddressPairs> filteredAAPs = new ArrayList<>();
- for (AllowedAddressPairs allowedAddress : allowedAddresses) {
- InetAddress inetAddr = getInetAddress(allowedAddress.getIpAddress());
- if (inetAddr != null && !inetAddr.isMulticastAddress()) {
- filteredAAPs.add(allowedAddress);
+ if (allowedAddresses != null) {
+ for (AllowedAddressPairs allowedAddress : allowedAddresses) {
+ InetAddress inetAddr = getInetAddress(allowedAddress.getIpAddress());
+ if (inetAddr != null && !inetAddr.isMulticastAddress()) {
+ filteredAAPs.add(allowedAddress);
+ }
}
}
return filteredAAPs;
return NetvirtAcl.class.toString();
}
+ @Nullable
private static InetAddress getInetAddress(IpPrefixOrAddress ipPrefixOrAddress) {
- InetAddress inetAddress = null;
- String addr = null;
+ String addr;
IpPrefix ipPrefix = ipPrefixOrAddress.getIpPrefix();
if (ipPrefix != null) {
}
}
try {
- inetAddress = InetAddress.getByName(addr);
+ return InetAddress.getByName(addr);
} catch (UnknownHostException e) {
LOG.error("Invalid address : {}", addr, e);
return null;
}
- return inetAddress;
}
public static Boolean isIpv6Subnet(List<SubnetInfo> subnetInfoList) {
Code Review / netvirt.git / blobdiff