package org.opendaylight.lispflowmapping.southbound.lisp;
+import com.google.common.base.Preconditions;
import io.netty.buffer.ByteBufUtil;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
+import java.util.Objects;
+import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.NotificationPublishService;
+import org.opendaylight.lispflowmapping.dsbackend.DataStoreBackEnd;
+import org.opendaylight.lispflowmapping.inmemorydb.HashMapDb;
+import org.opendaylight.lispflowmapping.southbound.authentication.LispAuthenticationUtil;
+import org.opendaylight.lispflowmapping.interfaces.lisp.ILispAuthentication;
import org.opendaylight.lispflowmapping.lisp.serializer.MapNotifySerializer;
import org.opendaylight.lispflowmapping.lisp.serializer.MapRegisterSerializer;
import org.opendaylight.lispflowmapping.lisp.serializer.MapReplySerializer;
import org.opendaylight.lispflowmapping.lisp.util.ByteUtil;
import org.opendaylight.lispflowmapping.lisp.util.LispAddressStringifier;
import org.opendaylight.lispflowmapping.lisp.util.MapRequestUtil;
+import org.opendaylight.lispflowmapping.mapcache.SimpleMapCache;
import org.opendaylight.lispflowmapping.southbound.LispSouthboundPlugin;
import org.opendaylight.lispflowmapping.southbound.LispSouthboundStats;
import org.opendaylight.lispflowmapping.southbound.lisp.cache.MapRegisterCache;
import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.map.register.cache.metadata.container.map.register.cache.metadata.EidLispAddressBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.map.register.cache.value.grouping.MapRegisterCacheValue;
import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.map.register.cache.value.grouping.MapRegisterCacheValueBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.mapping.record.container.MappingRecord;
import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.mapping.record.list.MappingRecordItem;
import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.transport.address.TransportAddressBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.mappingservice.rev150906.db.instance.AuthenticationKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.mappingservice.rev150906.mapping.authkey.container.MappingAuthkey;
import org.opendaylight.yangtools.yang.binding.Notification;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ChannelHandler.Sharable
public class LispSouthboundHandler extends SimpleChannelInboundHandler<DatagramPacket>
- implements ILispSouthboundService {
- private final MapRegisterCache mapRegisterCache;
+ implements ILispSouthboundService, AutoCloseable {
+ private MapRegisterCache mapRegisterCache;
+ private boolean mapRegisterCacheEnabled = true;
/**
* How long is record supposed to be relevant. After this time record isn't valid.
* If you modify this value, please update the LispSouthboundServiceTest class too.
*/
private static final long CACHE_RECORD_TIMEOUT = 90000;
+ private DataBroker dataBroker;
private NotificationPublishService notificationPublishService;
protected static final Logger LOG = LoggerFactory.getLogger(LispSouthboundHandler.class);
+ //TODO: think whether this field can be accessed through mappingservice or some other configuration parameter
+ private boolean authenticationEnabled = true;
+
private final LispSouthboundPlugin lispSbPlugin;
private LispSouthboundStats lispSbStats = null;
+ private SimpleMapCache smc;
+ private AuthenticationKeyDataListener authenticationKeyDataListener;
+ private DataStoreBackEnd dsbe;
- public LispSouthboundHandler(LispSouthboundPlugin lispSbPlugin, final MapRegisterCache mapRegisterCache) {
+ public LispSouthboundHandler(LispSouthboundPlugin lispSbPlugin) {
this.lispSbPlugin = lispSbPlugin;
if (lispSbPlugin != null) {
this.lispSbStats = lispSbPlugin.getStats();
}
- this.mapRegisterCache = mapRegisterCache;
- }
-
- public LispSouthboundHandler(LispSouthboundPlugin lispSbPlugin) {
- this(lispSbPlugin, new MapRegisterCache());
- }
-
- public void setNotificationProvider(NotificationPublishService nps) {
- this.notificationPublishService = nps;
+ this.mapRegisterCache = new MapRegisterCache();
+ this.smc = new SimpleMapCache(new HashMapDb());
}
public void handlePacket(DatagramPacket msg) {
private void handleMapRegister(ByteBuffer inBuffer, InetAddress sourceAddress, int port) {
try {
- final Map.Entry<MapRegisterCacheKey, byte[]> artificialEntry = MapRegisterPartialDeserializer
- .deserializePartially(inBuffer, sourceAddress);
- final MapRegisterCacheKey cacheKey = artificialEntry == null ? null : artificialEntry.getKey();
-
- final MapRegisterCacheValue cacheValue = resolveCacheValue(artificialEntry);
+ Map.Entry<MapRegisterCacheKey, byte[]> artificialEntry = null;
+ MapRegisterCacheKey cacheKey = null;
+ MapRegisterCacheValue cacheValue = null;
+ if (mapRegisterCacheEnabled) {
+ artificialEntry = MapRegisterPartialDeserializer.deserializePartially(inBuffer, sourceAddress);
+ cacheKey = artificialEntry == null ? null : artificialEntry.getKey();
+ cacheValue = resolveCacheValue(artificialEntry);
+ }
if (cacheValue != null) {
final MapRegisterCacheMetadata mapRegisterValue = cacheValue.getMapRegisterCacheMetadata();
LOG.debug("Map register message site-ID: {} xTR-ID: {} from cache.", mapRegisterValue.getSiteId(),
mapRegisterCache.refreshEntry(cacheKey);
sendNotificationIfPossible(createMappingKeepAlive(cacheValue));
if (mapRegisterValue.isWantMapNotify()) {
- sendMapNotifyMsg(inBuffer, sourceAddress, port);
+ sendMapNotifyMsg(inBuffer, sourceAddress, port, mapRegisterValue.getEidLispAddress());
}
+ lispSbStats.incrementCacheHits();
} else {
MapRegister mapRegister = MapRegisterSerializer.getInstance().deserialize(inBuffer, sourceAddress);
- AddMappingBuilder addMappingBuilder = new AddMappingBuilder();
- addMappingBuilder.setMapRegister(LispNotificationHelper.convertMapRegister(mapRegister));
- TransportAddressBuilder transportAddressBuilder = new TransportAddressBuilder();
- transportAddressBuilder.setIpAddress(LispNotificationHelper.getIpAddressBinaryFromInetAddress(
- sourceAddress));
- transportAddressBuilder.setPort(new PortNumber(port));
- addMappingBuilder.setTransportAddress(transportAddressBuilder.build());
- sendNotificationIfPossible(addMappingBuilder.build());
- if (artificialEntry != null) {
- final MapRegisterCacheMetadataBuilder cacheMetadataBldNew = new MapRegisterCacheMetadataBuilder();
- cacheMetadataBldNew.setEidLispAddress(provideEidPrefixesFromMessage(mapRegister));
- cacheMetadataBldNew.setXtrId(mapRegister.getXtrId());
- cacheMetadataBldNew.setSiteId(mapRegister.getSiteId());
- cacheMetadataBldNew.setWantMapNotify(mapRegister.isWantMapNotify());
- cacheMetadataBldNew.setMergeEnabled(mapRegister.isMergeEnabled());
- cacheMetadataBldNew.setTimestamp(System.currentTimeMillis());
-
- final MapRegisterCacheValueBuilder cacheValueBldNew = new MapRegisterCacheValueBuilder();
- cacheValueBldNew.setPacketData(artificialEntry.getValue());
- cacheValueBldNew.setMapRegisterCacheMetadata(cacheMetadataBldNew.build());
-
- mapRegisterCache.addEntry(cacheKey, cacheValueBldNew.build());
+ if (isAuthenticationSuccessful(mapRegister, inBuffer)) {
+ AddMappingBuilder addMappingBuilder = new AddMappingBuilder();
+ addMappingBuilder.setMapRegister(LispNotificationHelper.convertMapRegister(mapRegister));
+ TransportAddressBuilder transportAddressBuilder = new TransportAddressBuilder();
+ transportAddressBuilder.setIpAddress(LispNotificationHelper.getIpAddressBinaryFromInetAddress(
+ sourceAddress));
+ transportAddressBuilder.setPort(new PortNumber(port));
+ addMappingBuilder.setTransportAddress(transportAddressBuilder.build());
+ sendNotificationIfPossible(addMappingBuilder.build());
+ if (artificialEntry != null) {
+ final MapRegisterCacheMetadataBuilder cacheMetadataBldNew = new
+ MapRegisterCacheMetadataBuilder();
+ cacheMetadataBldNew.setEidLispAddress(provideEidPrefixesFromMessage(mapRegister));
+ cacheMetadataBldNew.setXtrId(mapRegister.getXtrId());
+ cacheMetadataBldNew.setSiteId(mapRegister.getSiteId());
+ cacheMetadataBldNew.setWantMapNotify(mapRegister.isWantMapNotify());
+ cacheMetadataBldNew.setMergeEnabled(mapRegister.isMergeEnabled());
+ cacheMetadataBldNew.setTimestamp(System.currentTimeMillis());
+
+ final MapRegisterCacheValueBuilder cacheValueBldNew = new MapRegisterCacheValueBuilder();
+ cacheValueBldNew.setPacketData(artificialEntry.getValue());
+ cacheValueBldNew.setMapRegisterCacheMetadata(cacheMetadataBldNew.build());
+
+ mapRegisterCache.addEntry(cacheKey, cacheValueBldNew.build());
+ }
}
+ lispSbStats.incrementCacheMisses();
}
} catch (RuntimeException re) {
throw new LispMalformedPacketException("Couldn't deserialize Map-Register (len="
return mappingKeepAliveBuilder.build();
}
- private void sendMapNotifyMsg(final ByteBuffer inBuffer, final InetAddress inetAddress, int portNumber) {
- ByteBuffer outBuffer = transformMapRegisterToMapNotify(inBuffer);
- outBuffer.position(0);
- lispSbPlugin.handleSerializedLispBuffer(inetAddress, outBuffer, MessageType.MapNotify, portNumber);
+ private void sendMapNotifyMsg(final ByteBuffer inBuffer, final InetAddress inetAddress, int portNumber,
+ List<EidLispAddress> eids) {
+
+ if (eids == null) {
+ LOG.warn("Map-Register Cache: missing EID list when trying to send Map-Notify!");
+ return;
+ }
+
+ final MappingAuthkey authKey = provideAuthenticateKey(eids);
+ if (authKey != null) {
+ ByteBuffer outBuffer = transformMapRegisterToMapNotify(inBuffer);
+ if (authKey.getKeyType() != 0) {
+ outBuffer = calculateAndSetNewMAC(outBuffer, authKey.getKeyString());
+ }
+ outBuffer.position(0);
+ lispSbPlugin.handleSerializedLispBuffer(inetAddress, outBuffer, MessageType.MapNotify, portNumber);
+ } else {
+ LOG.error("Map-Register Cache: authentication succeeded, but can't find auth key for sending Map-Notify");
+ }
+ }
+
+ /**
+ * Returns null if not all of eids have the same value of authentication key
+ */
+ private MappingAuthkey provideAuthenticateKey(final List<EidLispAddress> eidLispAddresses) {
+ MappingAuthkey firstAuthKey = null;
+ for (int i = 0; i < eidLispAddresses.size(); i++) {
+ final Eid eid = eidLispAddresses.get(i).getEid();
+ if (i == 0) {
+ firstAuthKey = smc.getAuthenticationKey(eid);
+ } else {
+ final MappingAuthkey authKey = smc.getAuthenticationKey(eid);
+ if (!Objects.equals(firstAuthKey, authKey)) {
+ return null;
+ }
+ }
+ }
+ return firstAuthKey;
+
+ }
+
+ /**
+ * Calculates new message authentication code (MAC) for notify message.
+ *
+ * @param buffer
+ * @return
+ */
+ private ByteBuffer calculateAndSetNewMAC(final ByteBuffer buffer, final String authKey) {
+ final byte[] authenticationData = LispAuthenticationUtil.createAuthenticationData(buffer, authKey);
+ buffer.position(ILispAuthentication.MAP_REGISTER_AND_NOTIFY_AUTHENTICATION_POSITION);
+ buffer.put(authenticationData);
+ return buffer;
}
private ByteBuffer transformMapRegisterToMapNotify(final ByteBuffer buffer) {
buffer.position(0);
- //TODO: also reset of authentication data is required. other trello card is opened for this task.
- byte[] byteReplacement = new byte[] {0x04, 0x00, 0x00};
+ byte typeAndFlags = buffer.get(0);
+ // Shift the xTR-ID present and built for an RTR bits to their correct position
+ byte flags = (byte) ((typeAndFlags << 2) & 0x0F);
+ // Set control message type to 4 (Map-Notify)
+ byte type = 0x40;
+ // Combine the nibbles
+ typeAndFlags = (byte) (type | flags);
+ byte[] byteReplacement = new byte[] {typeAndFlags, 0x00, 0x00};
buffer.put(byteReplacement);
+
return buffer;
}
return eidsResult;
}
+ /**
+ * Checks whether authentication data is valid.
+ *
+ * Methods pass through all records from map register message. For the EID of the first record it gets
+ * authentication key and does validation of authentication data again this authentication key. If it pass
+ * it just checks for remaining records (and its EID) whether they have the same authenticatin key stored in
+ * simple map cache (smc).
+ *
+ * @param mapRegister
+ * @param byteBuffer
+ * @return
+ */
+ private boolean isAuthenticationSuccessful(final MapRegister mapRegister, final ByteBuffer byteBuffer) {
+ if (!authenticationEnabled) {
+ return true;
+ }
+
+ if (smc == null) {
+ LOG.debug("Simple map cache wasn't instantieted and set.");
+ return false;
+ }
+
+ MappingAuthkey firstAuthKey = null;
+ final List<MappingRecordItem> mappingRecords = mapRegister.getMappingRecordItem();
+ for (int i = 0; i < mappingRecords.size(); i++) {
+ final MappingRecordItem recordItem = mappingRecords.get(i);
+ final MappingRecord mappingRecord = recordItem.getMappingRecord();
+ if (i == 0) {
+ firstAuthKey = smc.getAuthenticationKey(mappingRecord.getEid());
+ if (!LispAuthenticationUtil.validate(mapRegister, byteBuffer, mappingRecord.getEid(), firstAuthKey)) {
+ return false;
+ }
+ } else {
+ final Eid eid = mappingRecord.getEid();
+ final MappingAuthkey authKey = smc.getAuthenticationKey(eid);
+ if (!firstAuthKey.equals(authKey)) {
+ LOG.debug("Map register packet contained several eids. Authentication keys for first one and for " +
+ "{} are different.",LispAddressStringifier.getString(eid));
+ return false;
+ }
+ }
+ }
+ return true;
+ }
+
private void handleMapNotify(ByteBuffer inBuffer, InetAddress sourceAddress, int port) {
try {
MapNotify mapNotify = MapNotifySerializer.getInstance().deserialize(inBuffer);
}
}
+
private void handleMapReply(ByteBuffer inBuffer, InetAddress sourceAddress, int port) {
try {
MapReply mapReply = MapReplySerializer.getInstance().deserialize(inBuffer);
public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
LOG.error("Error on channel: " + cause, cause);
}
+
+ @Override
+ public void close() throws Exception {
+ authenticationKeyDataListener.closeDataChangeListener();
+ }
+
+ public void setSimpleMapCache(final SimpleMapCache smc) {
+ this.smc = smc;
+ }
+
+ public void setDataBroker(final DataBroker dataBroker) {
+ this.dataBroker = dataBroker;
+ }
+
+ public void setNotificationProvider(NotificationPublishService nps) {
+ this.notificationPublishService = nps;
+ }
+
+ public void setMapRegisterCache(final MapRegisterCache mapRegisterCache) {
+ this.mapRegisterCache = mapRegisterCache;
+ }
+
+ public void setMapRegisterCacheEnabled(final boolean mapRegisterCacheEnabled) {
+ this.mapRegisterCacheEnabled = mapRegisterCacheEnabled;
+ }
+
+ /**
+ * Restore all keys from MDSAL datastore
+ */
+ public void restoreDaoFromDatastore() {
+ final List<AuthenticationKey> authKeys = dsbe.getAllAuthenticationKeys();
+ LOG.info("Restoring {} keys from datastore into southbound DAO", authKeys.size());
+
+ for (AuthenticationKey authKey : authKeys) {
+ final Eid key = authKey.getEid();
+ final MappingAuthkey mappingAuthkey = authKey.getMappingAuthkey();
+ LOG.debug("Adding authentication key '{}' with key-ID {} for {}", mappingAuthkey.getKeyString(),
+ mappingAuthkey.getKeyType(),
+ LispAddressStringifier.getString(key));
+ smc.addAuthenticationKey(key, mappingAuthkey);
+ }
+ }
+
+ public void init() {
+ Preconditions.checkNotNull(dataBroker);
+ Preconditions.checkNotNull(smc);
+ this.authenticationKeyDataListener = new AuthenticationKeyDataListener(dataBroker, smc);
+ dsbe = new DataStoreBackEnd(dataBroker);
+ }
}