import java.util.ArrayList;
import java.util.List;
import java.util.Map;
+import java.util.Set;
+
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.genius.mdsalutil.MatchInfoBase;
import org.opendaylight.genius.mdsalutil.MetaDataUtil;
import org.opendaylight.genius.mdsalutil.NwConstants;
+import org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable;
+import org.opendaylight.genius.mdsalutil.instructions.InstructionWriteMetadata;
import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
import org.opendaylight.genius.utils.ServiceIndex;
import org.opendaylight.netvirt.aclservice.api.AclServiceManager.Action;
+import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
import org.opendaylight.netvirt.aclservice.utils.AclConstants;
import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
import org.opendaylight.netvirt.aclservice.utils.AclServiceOFFlowBuilder;
}
Matches matches = ace.getMatches();
AceType aceType = matches.getAceType();
- Map<String,List<MatchInfoBase>> flowMap = null;
+ Map<String, List<MatchInfoBase>> flowMap = null;
if (aceType instanceof AceIp) {
flowMap = AclServiceOFFlowBuilder.programIpFlow(matches);
- if (syncAllowedAddresses != null) {
- flowMap = AclServiceUtils.getFlowForAllowedAddresses(syncAllowedAddresses, flowMap, true);
- } else if (aceAttr.getRemoteGroupId() != null) {
+ if (aceAttr.getRemoteGroupId() != null) {
flowMap = aclServiceUtils.getFlowForRemoteAcl(aceAttr.getRemoteGroupId(), portId, flowMap, true);
+ } else if (syncAllowedAddresses != null) {
+ flowMap = AclServiceUtils.getFlowForAllowedAddresses(syncAllowedAddresses, flowMap, true);
}
}
if (null == flowMap) {
}
}
+ @Override
+ protected void writeCurrentAclForRemoteAcls(Uuid acl, int addOrRemove, Long elanTag, AllowedAddressPairs ip,
+ BigInteger aclId) {
+ List<MatchInfoBase> flowMatches = new ArrayList<>();
+ flowMatches.addAll(AclServiceUtils.buildIpAndElanDstMatch(elanTag, ip, dataBroker));
+
+ List<InstructionInfo> instructions = new ArrayList<>();
+
+ InstructionWriteMetadata writeMetatdata =
+ new InstructionWriteMetadata(aclId, MetaDataUtil.METADATA_MASK_REMOTE_ACL_ID);
+ instructions.add(writeMetatdata);
+ instructions.add(new InstructionGotoTable(getIngressAclFilterTable()));
+
+ String flowNameAdded = "Acl_Filter_Ingress_" + new String(ip.getIpAddress().getValue()) + "_" + elanTag;
+
+ Map<String, Set<AclInterface>> mapAclWithPortSet = aclDataUtil.getRemoteAclInterfaces(acl);
+ Set<BigInteger> dpns = collectDpns(mapAclWithPortSet);
+ for (BigInteger dpId : dpns) {
+ LOG.debug("writing rule for ip {} and rlanId {} in ingress acl remote table {}", getIpPrefixOrAddress(ip),
+ elanTag, getIngressAclRemoteAclTable());
+ syncFlow(dpId, getIngressAclRemoteAclTable(), flowNameAdded, AclConstants.NO_PRIORITY, "ACL", 0, 0,
+ AclConstants.COOKIE_ACL_BASE, flowMatches, instructions, addOrRemove);
+ }
+ }
+
+ protected short getIngressAclFilterTable() {
+ return NwConstants.INGRESS_ACL_FILTER_TABLE;
+ }
+
+ protected short getIngressAclRemoteAclTable() {
+ return NwConstants.INGRESS_ACL_REMOTE_ACL_TABLE;
+ }
+
+ @Override
+ protected void writeRemoteAclForCurrentAclForInterface(BigInteger dpId, int addOrRemove, AclInterface inter,
+ BigInteger aclId, Long elanTag) {
+ for (AllowedAddressPairs ip : inter.getAllowedAddressPairs()) {
+ if (!AclServiceUtils.isNotIpv4AllNetwork(ip)) {
+ continue;
+ }
+ List<MatchInfoBase> flowMatches = new ArrayList<>();
+ flowMatches.addAll(AclServiceUtils.buildIpAndElanDstMatch(elanTag, ip, dataBroker));
+
+ List<InstructionInfo> instructions = new ArrayList<>();
+
+ InstructionWriteMetadata writeMetatdata =
+ new InstructionWriteMetadata(aclId, MetaDataUtil.METADATA_MASK_REMOTE_ACL_ID);
+ instructions.add(writeMetatdata);
+ instructions.add(new InstructionGotoTable(getIngressAclFilterTable()));
+
+ String flowNameAdded =
+ "Acl_Filter_Ingress_" + new String(ip.getIpAddress().getValue()) + "_" + elanTag;
+
+ LOG.debug("writing rule for ip {} and elanId {} in ingress acl remote table {}",
+ getIpPrefixOrAddress(ip), elanTag, getIngressAclRemoteAclTable());
+ syncFlow(dpId, getIngressAclRemoteAclTable(), flowNameAdded, AclConstants.NO_PRIORITY, "ACL", 0,
+ 0, AclConstants.COOKIE_ACL_BASE, flowMatches, instructions, addOrRemove);
+ }
+ }
+
protected abstract String syncSpecificAclFlow(BigInteger dpId, int lportTag, int addOrRemove, Ace ace,
String portId, Map<String, List<MatchInfoBase>> flowMap, String flowName);
Code Review / netvirt.git / blobdiff