*/
package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13;
-import com.google.common.base.Optional;
-import com.google.common.util.concurrent.CheckedFuture;
+import java.math.BigInteger;
+import java.net.InetAddress;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ExecutionException;
+
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
import org.opendaylight.controller.networkconfig.neutron.NeutronNetwork;
+import org.opendaylight.controller.networkconfig.neutron.NeutronSecurityGroup;
import org.opendaylight.controller.sal.core.Node;
import org.opendaylight.controller.sal.utils.HexEncode;
import org.opendaylight.controller.sal.utils.Status;
import org.opendaylight.controller.sal.utils.StatusCode;
import org.opendaylight.ovsdb.lib.notation.Row;
import org.opendaylight.ovsdb.lib.notation.UUID;
-import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
import org.opendaylight.ovsdb.openstack.netvirt.NetworkHandler;
import org.opendaylight.ovsdb.openstack.netvirt.api.BridgeConfigurationManager;
+import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
+import org.opendaylight.ovsdb.openstack.netvirt.api.IngressAclProvider;
import org.opendaylight.ovsdb.openstack.netvirt.api.NetworkingProvider;
+import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
import org.opendaylight.ovsdb.openstack.netvirt.api.TenantNetworkManager;
import org.opendaylight.ovsdb.plugin.api.OvsdbConfigurationService;
import org.opendaylight.ovsdb.plugin.api.OvsdbConnectionService;
-import org.opendaylight.ovsdb.utils.mdsal.openflow.MatchUtils;
-import org.opendaylight.ovsdb.utils.mdsal.openflow.InstructionUtils;
import org.opendaylight.ovsdb.plugin.api.StatusWithUuid;
import org.opendaylight.ovsdb.schema.openvswitch.Bridge;
import org.opendaylight.ovsdb.schema.openvswitch.Interface;
import org.opendaylight.ovsdb.schema.openvswitch.Port;
+import org.opendaylight.ovsdb.utils.mdsal.openflow.InstructionUtils;
+import org.opendaylight.ovsdb.utils.mdsal.openflow.MatchUtils;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Uri;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.action.GroupActionCase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.l2.types.rev130827.EtherType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.l2.types.rev130827.VlanId;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.math.BigInteger;
-import java.net.InetAddress;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ExecutionException;
+import com.google.common.util.concurrent.CheckedFuture;
/**
* Open vSwitch OpenFlow 1.3 Networking Provider for OpenStack Neutron
private volatile OvsdbConfigurationService ovsdbConfigurationService;
private volatile OvsdbConnectionService connectionService;
private volatile MdsalConsumer mdsalConsumer;
+ private volatile SecurityServicesManager securityServicesManager;
+ private volatile IngressAclProvider ingressAclProvider;
+
+ public static final String NAME = "OF13Provider";
public OF13Provider(){
}
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ @Override
+ public boolean supportsServices() {
+ return true;
+ }
+
@Override
public boolean hasPerTenantTunneling() {
return false;
if (networkType.equalsIgnoreCase(NetworkHandler.NETWORK_TYPE_VLAN)) {
logger.debug("Program local vlan rules for interface {}", intf.getName());
programLocalVlanRules(node, dpid, segmentationId, attachedMac, localPort);
- } else if (networkType.equalsIgnoreCase(NetworkHandler.NETWORK_TYPE_GRE) ||
+ }
+ /* If the network type is tunnel based (VXLAN/GRRE/etc) with Neutron Port Security ACLs */
+ if ((networkType.equalsIgnoreCase(NetworkHandler.NETWORK_TYPE_GRE) || networkType.equalsIgnoreCase
+ (NetworkHandler.NETWORK_TYPE_VXLAN)) && securityServicesManager.isPortSecurityReady(intf)) {
+ logger.debug("Neutron port has a Port Security Group");
+ /* Retrieve the security group UUID from the Neutron Port */
+ NeutronSecurityGroup securityGroupInPort = securityServicesManager.getSecurityGroupInPort(intf);
+ logger.debug("Program Local rules for networkType: {} does contain a Port Security Group: {} " +
+ "to be installed on DPID: {}", networkType, securityGroupInPort, dpid);
+ ingressAclProvider.programPortSecurityACL(node, dpid, segmentationId, attachedMac, localPort,
+ securityGroupInPort);
+ }
+ else if (networkType.equalsIgnoreCase(NetworkHandler.NETWORK_TYPE_GRE) ||
networkType.equalsIgnoreCase(NetworkHandler.NETWORK_TYPE_VXLAN)) {
logger.debug("Program local bridge rules for interface {}", intf.getName());
programLocalBridgeRules(node, dpid, segmentationId, attachedMac, localPort);
}
}
- private NodeBuilder createNodeBuilder(String nodeId) {
+ public static NodeBuilder createNodeBuilder(String nodeId) {
NodeBuilder builder = new NodeBuilder();
builder.setId(new NodeId(nodeId));
builder.setKey(new NodeKey(builder.getId()));