package org.opendaylight.netvirt.aclservice.utils;
-import static org.opendaylight.controller.md.sal.binding.api.WriteTransaction.CREATE_MISSING_PARENTS;
import static org.opendaylight.genius.infra.Datastore.CONFIGURATION;
import static org.opendaylight.genius.infra.Datastore.OPERATIONAL;
+import static org.opendaylight.mdsal.binding.api.WriteTransaction.CREATE_MISSING_PARENTS;
-import com.google.common.base.Optional;
import com.google.common.collect.Lists;
import com.google.common.net.InetAddresses;
import com.google.common.util.concurrent.ListenableFuture;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
+import java.util.Optional;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Future;
import javax.inject.Inject;
import javax.inject.Singleton;
+import org.eclipse.jdt.annotation.NonNull;
import org.eclipse.jdt.annotation.Nullable;
-import org.opendaylight.controller.md.sal.binding.api.DataBroker;
-import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
-import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
-import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException;
import org.opendaylight.genius.infra.Datastore.Operational;
import org.opendaylight.genius.infra.ManagedNewTransactionRunner;
import org.opendaylight.genius.infra.ManagedNewTransactionRunnerImpl;
import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchRegister;
import org.opendaylight.genius.mdsalutil.packet.IPProtocols;
import org.opendaylight.infrautils.jobcoordinator.JobCoordinator;
+import org.opendaylight.mdsal.binding.api.DataBroker;
+import org.opendaylight.mdsal.binding.api.ReadTransaction;
+import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.netvirt.aclservice.api.AclServiceManager.MatchCriteria;
import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.AccessLists;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.AllocateIdInput;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.AllocateIdInputBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.AllocateIdOutput;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.CreateIdPoolInput;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.CreateIdPoolInputBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.CreateIdPoolOutput;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.DeleteIdPoolInput;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.DeleteIdPoolInputBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.DeleteIdPoolOutput;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.IdManagerService;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.ReleaseIdInput;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.ReleaseIdInputBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.ReleaseIdOutput;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceBindings;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeBase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.config.rev160806.AclserviceConfig;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.AclPortsLookup;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.AclserviceAugmentation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddressBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionV6;
import org.opendaylight.yangtools.yang.binding.DataObject;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier.InstanceIdentifierBuilder;
-import org.opendaylight.yangtools.yang.common.RpcResult;
+import org.opendaylight.yangtools.yang.common.Uint64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
private final ManagedNewTransactionRunner txRunner;
private final AclDataUtil aclDataUtil;
private final AclserviceConfig config;
- private final IdManagerService idManager;
private final JobCoordinator jobCoordinator;
@Inject
public AclServiceUtils(DataBroker dataBroker, AclDataUtil aclDataUtil, AclserviceConfig config,
- IdManagerService idManager, JobCoordinator jobCoordinator) {
+ JobCoordinator jobCoordinator) {
this.dataBroker = dataBroker;
this.txRunner = new ManagedNewTransactionRunnerImpl(dataBroker);
this.aclDataUtil = aclDataUtil;
this.config = config;
- this.idManager = idManager;
this.jobCoordinator = jobCoordinator;
}
*/
public static <T extends DataObject> Optional<T> read(
DataBroker broker, LogicalDatastoreType datastoreType, InstanceIdentifier<T> path) {
- try (ReadOnlyTransaction tx = broker.newReadOnlyTransaction()) {
- return tx.read(datastoreType, path).checkedGet();
- } catch (ReadFailedException e) {
+ try (ReadTransaction tx = broker.newReadOnlyTransaction()) {
+ return tx.read(datastoreType, path).get();
+ } catch (InterruptedException | ExecutionException e) {
LOG.error("Failed to read InstanceIdentifier {} from {}", path, datastoreType, e);
- return Optional.absent();
+ return Optional.empty();
}
}
.@Nullable Interface getInterfaceStateFromOperDS(DataBroker dataBroker, String interfaceName) {
InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508
.interfaces.state.Interface> ifStateId = buildStateInterfaceId(interfaceName);
- return MDSALUtil.read(LogicalDatastoreType.OPERATIONAL, ifStateId, dataBroker).orNull();
+ return MDSALUtil.read(LogicalDatastoreType.OPERATIONAL, ifStateId, dataBroker).orElse(null);
}
/**
@Nullable
public static SecurityRuleAttr getAccessListAttributes(Ace ace) {
if (ace == null) {
- LOG.error("Ace is Null");
return null;
}
SecurityRuleAttr aceAttributes = ace.augmentation(SecurityRuleAttr.class);
if (aceAttributes == null) {
- LOG.error("Ace is null");
return null;
}
return aceAttributes;
* @return the bound services
*/
public static BoundServices getBoundServices(String serviceName, short servicePriority, int flowPriority,
- BigInteger cookie, List<Instruction> instructions) {
+ Uint64 cookie, List<Instruction> instructions) {
StypeOpenflowBuilder augBuilder = new StypeOpenflowBuilder().setFlowCookie(cookie).setFlowPriority(flowPriority)
.setInstruction(instructions);
return new BoundServicesBuilder().withKey(new BoundServicesKey(servicePriority)).setServiceName(serviceName)
return newAclList;
}
List<Uuid> origAclList = new ArrayList<>(currentAclList);
- for (Iterator<Uuid> iterator = newAclList.iterator(); iterator.hasNext();) {
- Uuid updatedAclUuid = iterator.next();
- for (Uuid currentAclUuid :origAclList) {
- if (updatedAclUuid.getValue().equals(currentAclUuid.getValue())) {
- iterator.remove();
- }
- }
- }
+ newAclList.removeAll(origAclList);
return newAclList;
}
- @Nullable
public static List<AllowedAddressPairs> getUpdatedAllowedAddressPairs(
@Nullable List<AllowedAddressPairs> updatedAllowedAddressPairs,
@Nullable List<AllowedAddressPairs> currentAllowedAddressPairs) {
if (updatedAllowedAddressPairs == null) {
- return null;
+ return Collections.emptyList();
}
List<AllowedAddressPairs> newAllowedAddressPairs = new ArrayList<>(updatedAllowedAddressPairs);
if (currentAllowedAddressPairs == null) {
MetaDataUtil.METADATA_MASK_REMOTE_ACL_TAG);
}
- public static BigInteger getRemoteAclTagMetadata(BigInteger remoteAclTag) {
- return remoteAclTag.shiftLeft(4);
+ public static Uint64 getRemoteAclTagMetadata(BigInteger remoteAclTag) {
+ return Uint64.valueOf(remoteAclTag.shiftLeft(4));
}
- public static BigInteger getDropFlowCookie(int lport) {
- return MetaDataUtil.getLportTagMetaData(lport).or(AclConstants.COOKIE_ACL_DROP_FLOW);
+ public static Uint64 getDropFlowCookie(int lport) {
+ return Uint64.fromLongBits(MetaDataUtil.getLportTagMetaData(lport).longValue()
+ | AclConstants.COOKIE_ACL_DROP_FLOW.longValue());
}
/**
// In case of ingress service mode, only metadata is used for
// matching both lportTag and aclTag. Hence performing "or"
// operation on both lportTag and aclTag metadata.
- BigInteger metaData = MetaDataUtil.getLportTagMetaData(lportTag)
- .or(getRemoteAclTagMetadata(BigInteger.valueOf(remoteAclTag)));
- BigInteger metaDataMask =
- MetaDataUtil.METADATA_MASK_LPORT_TAG.or(MetaDataUtil.METADATA_MASK_REMOTE_ACL_TAG);
+ Uint64 metaData = Uint64.fromLongBits(MetaDataUtil.getLportTagMetaData(lportTag).longValue()
+ | (getRemoteAclTagMetadata(BigInteger.valueOf(remoteAclTag)).longValue()));
+ Uint64 metaDataMask = Uint64.fromLongBits(MetaDataUtil.METADATA_MASK_LPORT_TAG.longValue()
+ | MetaDataUtil.METADATA_MASK_REMOTE_ACL_TAG.longValue());
matches.add(new MatchMetadata(metaData, metaDataMask));
}
return matches;
// In case of ingress service mode, only metadata is used for
// matching both lportTag and conntrackClassifierType. Hence performing "or"
// operation on both lportTag and conntrackClassifierType metadata.
- BigInteger metaData = MetaDataUtil.getLportTagMetaData(lportTag)
- .or(MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(conntrackClassifierType.getValue()));
- BigInteger metaDataMask =
- MetaDataUtil.METADATA_MASK_LPORT_TAG.or(MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE);
+ Uint64 metaData = Uint64.fromLongBits(MetaDataUtil.getLportTagMetaData(lportTag).longValue()
+ | (MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(
+ Uint64.valueOf(conntrackClassifierType.getValue()))).longValue());
+ Uint64 metaDataMask = Uint64.fromLongBits(MetaDataUtil.METADATA_MASK_LPORT_TAG.longValue()
+ | MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE.longValue());
matches.add(new MatchMetadata(metaData, metaDataMask));
}
return matches;
public static InstructionWriteMetadata getWriteMetadataForAclClassifierType(
AclConntrackClassifierType conntrackClassifierType) {
- return new InstructionWriteMetadata(
- MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(conntrackClassifierType.getValue()),
+ return new InstructionWriteMetadata(MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(
+ Uint64.valueOf(conntrackClassifierType.getValue())),
MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE);
}
public static MatchInfoBase buildAclConntrackClassifierTypeMatch(
AclConntrackClassifierType conntrackSupportedType) {
return new MatchMetadata(
- MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(conntrackSupportedType.getValue()),
- MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE);
+ MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(
+ Uint64.valueOf(conntrackSupportedType.getValue())),
+ MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE);
}
public AclserviceConfig getConfig() {
ElanInterface elanInterface = getElanInterfaceByElanInterfaceName(elanInterfaceName, broker);
if (null != elanInterface) {
ElanInstance elanInfo = getElanInstanceByName(elanInterface.getElanInstanceName(), broker);
- return elanInfo.getElanTag();
+ return elanInfo != null ? elanInfo.getElanTag().toJava() : null;
}
return null;
}
@Nullable
public static ElanInterface getElanInterfaceByElanInterfaceName(String elanInterfaceName,DataBroker broker) {
InstanceIdentifier<ElanInterface> elanInterfaceId = getElanInterfaceConfigurationDataPathId(elanInterfaceName);
- return read(broker, LogicalDatastoreType.CONFIGURATION, elanInterfaceId).orNull();
+ return read(broker, LogicalDatastoreType.CONFIGURATION, elanInterfaceId).orElse(null);
}
public static InstanceIdentifier<ElanInterface> getElanInterfaceConfigurationDataPathId(String interfaceName) {
@Nullable
public static ElanInstance getElanInstanceByName(String elanInstanceName, DataBroker broker) {
InstanceIdentifier<ElanInstance> elanIdentifierId = getElanInstanceConfigurationDataPath(elanInstanceName);
- return read(broker, LogicalDatastoreType.CONFIGURATION, elanIdentifierId).orNull();
+ return read(broker, LogicalDatastoreType.CONFIGURATION, elanIdentifierId).orElse(null);
}
public static InstanceIdentifier<ElanInstance> getElanInstanceConfigurationDataPath(String elanInstanceName) {
}
}
- public static Integer allocateId(IdManagerService idManager, String poolName, String idKey, Integer defaultId) {
- AllocateIdInput getIdInput = new AllocateIdInputBuilder().setPoolName(poolName).setIdKey(idKey).build();
- try {
- Future<RpcResult<AllocateIdOutput>> result = idManager.allocateId(getIdInput);
- RpcResult<AllocateIdOutput> rpcResult = result.get();
- if (rpcResult.isSuccessful()) {
- Integer allocatedId = rpcResult.getResult().getIdValue().intValue();
- LOG.debug("Allocated ACL ID: {} with key: {} into pool: {}", allocatedId, idKey, poolName);
- return allocatedId;
- } else {
- LOG.error("RPC Call to Get Unique Id for key {} from pool {} returned with Errors {}",
- idKey, poolName, rpcResult.getErrors());
- }
- } catch (InterruptedException | ExecutionException e) {
- LOG.error("Exception when getting Unique Id for key {} from pool {} ", idKey, poolName, e);
- }
- return defaultId;
- }
-
- public static void releaseId(IdManagerService idManager, String poolName, String idKey) {
- ReleaseIdInput idInput = new ReleaseIdInputBuilder().setPoolName(poolName).setIdKey(idKey).build();
- try {
- RpcResult<ReleaseIdOutput> rpcResult = idManager.releaseId(idInput).get();
- if (!rpcResult.isSuccessful()) {
- LOG.error("RPC Call to release Id with Key {} from pool {} returned with Errors {}",
- idKey, poolName, rpcResult.getErrors());
- } else {
- LOG.debug("Released ACL ID with key: {} from pool: {}", idKey, poolName);
- }
- } catch (InterruptedException | ExecutionException e) {
- LOG.error("Exception when releasing Id for key {} from pool {} ", idKey, poolName, e);
- }
- }
-
/**
- * Gets the ACL tag from cache. If not found in cache, tries to allocate and
- * return the value.
- *
- * @param aclId the acl id
+ * Gets ACL tag from Acl.
+ * @param acl Acl object
* @return the acl tag
*/
- @Nullable
- public Integer getAclTag(final Uuid aclId) {
- String aclName = aclId.getValue();
- Integer aclTag = this.aclDataUtil.getAclTag(aclName);
- if (aclTag == null) {
- LOG.debug("ACL tag not found in cache for ACL={}, trying to allocate again.", aclName);
- aclTag = allocateAclTag(aclName);
- if (aclTag != null && aclTag != AclConstants.INVALID_ACL_TAG) {
- this.aclDataUtil.addAclTag(aclName, aclTag);
- }
+ public static Integer getAclTag(Acl acl) {
+ Integer aclTag = null;
+ AclserviceAugmentation aclserviceAugmentation = acl.augmentation(AclserviceAugmentation.class);
+ if (aclserviceAugmentation != null) {
+ aclTag = aclserviceAugmentation.getAclTag().intValue();
}
return aclTag;
}
/**
- * Allocate ACL tag.
+ * Gets the ACL tag from cache.
*
- * @param aclName the ACL name
- * @return the integer
- */
- public Integer allocateAclTag(String aclName) {
- return AclServiceUtils.allocateId(this.idManager, AclConstants.ACL_TAG_POOL_NAME, aclName,
- AclConstants.INVALID_ACL_TAG);
- }
-
- /**
- * Release ACL tag.
- *
- * @param aclName the ACL name
+ * @param aclId the acl id
+ * @return the acl tag
*/
- public void releaseAclTag(String aclName) {
- AclServiceUtils.releaseId(this.idManager, AclConstants.ACL_TAG_POOL_NAME, aclName);
+ public Integer getAclTag(final Uuid aclId) {
+ String aclName = aclId.getValue();
+ return this.aclDataUtil.getAclTag(aclName);
}
/**
- * Indicates whether the interface has port security enabled.
+ * Indicates whether the interface has port security enabled or interface is DHCP service port.
*
* @param aclInterface the interface.
- * @return true if port is security enabled.
+ * @return true if port is security enabled or is a DHCP service port.
*/
public static boolean isOfInterest(AclInterface aclInterface) {
- return aclInterface != null && aclInterface.isPortSecurityEnabled();
+ return aclInterface != null && (aclInterface.isPortSecurityEnabled()
+ || aclInterface.getInterfaceType() == InterfaceAcl.InterfaceType.DhcpService);
}
/**
- * Creates the id pool for ACL tag.
+ * Indicates whether the interface has port security enabled or interface is DHCP service port.
*
- * @param poolName the pool name
- */
- private void createIdPoolForAclTag(String poolName) {
- CreateIdPoolInput createPool = new CreateIdPoolInputBuilder()
- .setPoolName(poolName).setLow(AclConstants.ACL_TAG_POOL_START)
- .setHigh(AclConstants.ACL_TAG_POOL_END).build();
- try {
- Future<RpcResult<CreateIdPoolOutput>> result = this.idManager.createIdPool(createPool);
- if (result != null && result.get().isSuccessful()) {
- LOG.debug("Created IdPool for {}", poolName);
- }
- } catch (InterruptedException | ExecutionException e) {
- LOG.error("Failed to create ID pool [{}] for remote ACL ids", poolName, e);
- throw new RuntimeException("Failed to create ID pool [{}] for remote ACL ids", e);
- }
- }
-
- /**
- * Delete id pool.
- *
- * @param poolName the pool name
- */
- public void deleteIdPool(String poolName) {
- DeleteIdPoolInput deletePool = new DeleteIdPoolInputBuilder().setPoolName(poolName).build();
- try {
- Future<RpcResult<DeleteIdPoolOutput>> result = this.idManager.deleteIdPool(deletePool);
- if (result != null && result.get().isSuccessful()) {
- LOG.debug("Deleted IdPool for {}", poolName);
- }
- } catch (InterruptedException | ExecutionException e) {
- LOG.error("Failed to delete ID pool [{}]", poolName, e);
- throw new RuntimeException("Failed to delete ID pool [" + poolName + "]", e);
- }
- }
-
- /**
- * Creates remote the acl id pools.
- */
- public void createRemoteAclIdPool() {
- createIdPoolForAclTag(AclConstants.ACL_TAG_POOL_NAME);
- }
-
- /**
- * Delete remote the acl id pools.
+ * @param aclInterface the interface.
+ * @return true if port is security enabled or is a DHCP service port.
*/
- public void deleteRemoteAclIdPool() {
- deleteIdPool(AclConstants.ACL_TAG_POOL_NAME);
+ public static boolean isOfInterest(InterfaceAcl aclInterface) {
+ return aclInterface != null && (aclInterface.isPortSecurityEnabled()
+ || aclInterface.getInterfaceType() == InterfaceAcl.InterfaceType.DhcpService);
}
public static List<? extends MatchInfoBase> buildIpAndSrcServiceMatch(Integer aclTag, AllowedAddressPairs aap) {
return flowMatches;
}
- public static boolean isOfAclInterest(Acl acl) {
- if (acl.getAccessListEntries() != null) {
- List<Ace> aceList = acl.getAccessListEntries().getAce();
- if (aceList != null && !aceList.isEmpty()) {
- return aceList.get(0).augmentation(SecurityRuleAttr.class) != null;
- }
+ public static @NonNull List<Ace> aceList(@NonNull Acl acl) {
+ final AccessListEntries ale = acl.getAccessListEntries();
+ return ale == null ? Collections.emptyList() : ale.nonnullAce();
+ }
+
+ public static @NonNull List<Ace> getAceListFromAcl(Acl acl) {
+ List<Ace> aceList = aceList(acl);
+ if (!aceList.isEmpty() && aceList.get(0).augmentation(SecurityRuleAttr.class) != null) {
+ return aceList;
}
- return false;
+ return Collections.emptyList();
}
/**
public static Set<Uuid> getRemoteAclIdsByDirection(Acl acl, Class<? extends DirectionBase> direction) {
Set<Uuid> remoteAclIds = new HashSet<>();
- AccessListEntries accessListEntries = acl.getAccessListEntries();
- if (accessListEntries != null && accessListEntries.getAce() != null) {
- for (Ace ace : accessListEntries.getAce()) {
- SecurityRuleAttr aceAttr = AclServiceUtils.getAccessListAttributes(ace);
- if (Objects.equals(aceAttr.getDirection(), direction) && doesAceHaveRemoteGroupId(aceAttr)) {
- remoteAclIds.add(aceAttr.getRemoteGroupId());
- }
+ for (Ace ace : aceList(acl)) {
+ SecurityRuleAttr aceAttr = AclServiceUtils.getAccessListAttributes(ace);
+ if (aceAttr != null && Objects.equals(aceAttr.getDirection(), direction)
+ && doesAceHaveRemoteGroupId(aceAttr)) {
+ remoteAclIds.add(aceAttr.getRemoteGroupId());
}
}
return remoteAclIds;
return skipDelete;
}
+ public boolean doesRemoteAclIdExistsInAcls(List<Uuid> aclIds, Uuid remoteAclId,
+ Class<? extends DirectionBase> direction) {
+ if (aclIds == null) {
+ return false;
+ }
+ for (Uuid aclId : aclIds) {
+ Acl acl = this.aclDataUtil.getAcl(aclId.getValue());
+ if (null == acl) {
+ LOG.warn("ACL {} not found in cache.", aclId.getValue());
+ continue;
+ }
+ AccessListEntries accessListEntries = acl.getAccessListEntries();
+ if (accessListEntries != null && accessListEntries.getAce() != null) {
+ for (Ace ace : accessListEntries.getAce()) {
+ SecurityRuleAttr aceAttr = AclServiceUtils.getAccessListAttributes(ace);
+ if (aceAttr != null && aceAttr.getDirection().equals(direction)
+ && doesAceHaveRemoteGroupId(aceAttr)) {
+ if (aceAttr.getRemoteGroupId().equals(remoteAclId)) {
+ return true;
+ }
+ }
+ }
+ }
+ }
+ return false;
+ }
+
public static InstanceIdentifier<AclPortsByIp> aclPortsByIpPath(String aclName) {
return InstanceIdentifier.builder(AclPortsLookup.class)
.child(AclPortsByIp.class, new AclPortsByIpKey(aclName)).build();
LOG.debug("Processing interface additions for port {}", portAfter.getInterfaceId());
List<AllowedAddressPairs> addedAllowedAddressPairs = getUpdatedAllowedAddressPairs(
portAfter.getAllowedAddressPairs(), portBefore.getAllowedAddressPairs());
- if (addedAllowedAddressPairs != null && !addedAllowedAddressPairs.isEmpty()) {
+ if (!addedAllowedAddressPairs.isEmpty()) {
addAclPortsLookup(portAfter, portAfter.getSecurityGroups(), addedAllowedAddressPairs);
}
List<Uuid> addedAcls = getUpdatedAclList(portAfter.getSecurityGroups(), portBefore.getSecurityGroups());
- if (addedAcls != null && !addedAcls.isEmpty()) {
+ if (!addedAcls.isEmpty()) {
addAclPortsLookup(portAfter, addedAcls, portAfter.getAllowedAddressPairs());
}
}
LOG.debug("Processing interface removals for port {}", portAfter.getInterfaceId());
List<AllowedAddressPairs> deletedAllowedAddressPairs = getUpdatedAllowedAddressPairs(
portBefore.getAllowedAddressPairs(), portAfter.getAllowedAddressPairs());
- if (deletedAllowedAddressPairs != null && !deletedAllowedAddressPairs.isEmpty()) {
+ if (!deletedAllowedAddressPairs.isEmpty()) {
deleteAclPortsLookup(portAfter, portAfter.getSecurityGroups(), deletedAllowedAddressPairs);
}
List<Uuid> deletedAcls = getUpdatedAclList(portBefore.getSecurityGroups(), portAfter.getSecurityGroups());
- if (deletedAcls != null && !deletedAcls.isEmpty()) {
+ if (!deletedAcls.isEmpty()) {
deleteAclPortsLookup(portAfter, deletedAcls, portAfter.getAllowedAddressPairs());
}
}
for (Uuid aclId : aclList) {
String aclName = aclId.getValue();
- jobCoordinator.enqueueJob(aclName.intern(), () -> {
+ jobCoordinator.enqueueJob(aclName, () -> {
List<ListenableFuture<Void>> futures = new ArrayList<>();
futures.add(txRunner.callWithNewWriteOnlyTransactionAndSubmit(OPERATIONAL, tx -> {
for (AllowedAddressPairs aap : allowedAddresses) {
for (Uuid aclId : aclList) {
String aclName = aclId.getValue();
- jobCoordinator.enqueueJob(aclName.intern(), () -> {
+ jobCoordinator.enqueueJob(aclName, () -> {
List<ListenableFuture<Void>> futures = new ArrayList<>();
futures.add(txRunner.callWithNewWriteOnlyTransactionAndSubmit(OPERATIONAL, tx -> {
for (AllowedAddressPairs aap : allowedAddresses) {
@Nullable
private AclPortsByIp getAclPortsByIpFromOperDs(String aclName) {
InstanceIdentifier<AclPortsByIp> path = aclPortsByIpPath(aclName);
- try (ReadOnlyTransaction tx = dataBroker.newReadOnlyTransaction()) {
- return tx.read(LogicalDatastoreType.OPERATIONAL, path).checkedGet().orNull();
- } catch (ReadFailedException e) {
+ try (ReadTransaction tx = dataBroker.newReadOnlyTransaction()) {
+ return tx.read(LogicalDatastoreType.OPERATIONAL, path).get().orElse(null);
+ } catch (InterruptedException | ExecutionException e) {
LOG.error("Failed to read ACL ports {}", path, e);
return null;
}
@Nullable
private AclIpPrefixes getAclIpPrefixesFromOperDs(String aclName, IpPrefixOrAddress ipPrefix) {
InstanceIdentifier<AclIpPrefixes> path = getAclIpPrefixesPath(aclName, ipPrefix);
- try (ReadOnlyTransaction tx = dataBroker.newReadOnlyTransaction()) {
- return tx.read(LogicalDatastoreType.OPERATIONAL, path).checkedGet().orNull();
- } catch (ReadFailedException e) {
+ try (ReadTransaction tx = dataBroker.newReadOnlyTransaction()) {
+ return tx.read(LogicalDatastoreType.OPERATIONAL, path).get().orElse(null);
+ } catch (InterruptedException | ExecutionException e) {
LOG.error("Failed to read ACL IP prefixes {}", path, e);
return null;
}
int hardTimeout = AclConstants.SECURITY_GROUP_ICMP_IDLE_TIME_OUT;
Matches matches = ace.getMatches();
AceIp acl = (AceIp) matches.getAceType();
- Short protocol = acl.getProtocol();
+ Short protocol = acl.getProtocol() != null ? acl.getProtocol().toJava() : null;
if (protocol == null) {
return hardTimeout;
- } else if (protocol == NwConstants.IP_PROT_TCP) {
- hardTimeout = aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout();
- } else if (protocol == NwConstants.IP_PROT_UDP) {
- hardTimeout = aclServiceUtils.getConfig().getSecurityGroupUdpIdleTimeout();
+ } else if (protocol == NwConstants.IP_PROT_TCP
+ && aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout() != null) {
+ hardTimeout = aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout().toJava();
+ } else if (protocol == NwConstants.IP_PROT_UDP
+ && aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout() != null) {
+ hardTimeout = aclServiceUtils.getConfig().getSecurityGroupUdpIdleTimeout().toJava();
}
return hardTimeout;
}