import org.opendaylight.genius.mdsalutil.MatchFieldType;
import org.opendaylight.genius.mdsalutil.MatchInfo;
import org.opendaylight.genius.mdsalutil.MatchInfoBase;
+import org.opendaylight.genius.mdsalutil.MetaDataUtil;
import org.opendaylight.genius.mdsalutil.NwConstants;
-import org.opendaylight.genius.mdsalutil.NxMatchFieldType;
-import org.opendaylight.genius.mdsalutil.NxMatchInfo;
import org.opendaylight.genius.mdsalutil.packet.IPProtocols;
+import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.AccessLists;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.Ipv4Acl;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.AclKey;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesState;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServicesBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServicesKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
import org.opendaylight.yangtools.yang.binding.DataObject;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier.InstanceIdentifierBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class AclServiceUtils {
+public final class AclServiceUtils {
private static final Logger LOG = LoggerFactory.getLogger(AclServiceUtils.class);
* @param port the port.
* @return the port security is enabled/not.
*/
- public static boolean isPortSecurityEnabled(Interface port) {
- if (port == null) {
- LOG.error("Port is Null");
- return false;
- }
- InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class);
- if (aclInPort == null) {
- LOG.error("getSecurityGroupInPortList: no security group associated to Interface port: {}", port.getName());
- return false;
- }
- return aclInPort.isPortSecurityEnabled();
+ public static boolean isPortSecurityEnabled(AclInterface port) {
+ return port.isPortSecurityEnabled();
}
/**
/**
* Returns the DHCP match.
+ *
* @param srcPort the source port.
* @param dstPort the destination port.
+ * @param lportTag the lport tag
* @return list of matches.
*/
- private static List<MatchInfoBase> buildDhcpMatches(int srcPort, int dstPort, MatchInfo portMatch) {
+ public static List<MatchInfoBase> buildDhcpMatches(int srcPort, int dstPort, int lportTag) {
List<MatchInfoBase> matches = new ArrayList<>(6);
matches.add(new MatchInfo(MatchFieldType.eth_type,
new long[] { NwConstants.ETHTYPE_IPV4 }));
matches.add(new MatchInfo(MatchFieldType.ip_proto,
new long[] { IPProtocols.UDP.intValue() }));
matches.add(new MatchInfo(MatchFieldType.udp_dst,
- new long[] { srcPort }));
+ new long[] { dstPort }));
matches.add(new MatchInfo(MatchFieldType.udp_src,
- new long[] { dstPort}));
- matches.add(portMatch);
- matches.add(new NxMatchInfo(NxMatchFieldType.ct_state,
- new long[] { AclConstants.TRACKED_NEW_CT_STATE, AclConstants.TRACKED_NEW_CT_STATE_MASK}));
+ new long[] { srcPort}));
+ matches.add(AclServiceUtils.buildLPortTagMatch(lportTag));
return matches;
}
- /**
- * Builds a list of matches for DHCP filtering on the source's MAC address.
- *
- * @param srcPort The source port.
- * @param dstPort The destination port.
- * @param attachMac The attached port's MAC address.
- *
- * @return The matches.
- */
- public static List<MatchInfoBase> buildDhcpSourceMatches(int srcPort, int dstPort, String attachMac) {
- return buildDhcpMatches(srcPort, dstPort, new MatchInfo(MatchFieldType.eth_src, new String[] { attachMac }));
- }
-
- /**
- * Builds a list of matches for DHCP filtering on the destination's MAC address.
- *
- * @param srcPort The source port.
- * @param dstPort The destination port.
- * @param attachMac The attached port's MAC address.
- *
- * @return The matches.
- */
- public static List<MatchInfoBase> buildDhcpDestinationMatches(int srcPort, int dstPort, String attachMac) {
- return buildDhcpMatches(srcPort, dstPort, new MatchInfo(MatchFieldType.eth_dst, new String[] { attachMac }));
- }
-
/**
* Builds the service id.
*
.addAugmentation(StypeOpenflow.class, augBuilder.build()).build();
}
- public static List<Uuid> getUpdatedAclList(Interface updatedPort, Interface currentPort) {
- if (updatedPort == null) {
+ public static List<Uuid> getUpdatedAclList(List<Uuid> updatedAclList, List<Uuid> currentAclList) {
+ if (updatedAclList == null) {
return null;
}
- List<Uuid> updatedAclList = new ArrayList<>(AclServiceUtils.getInterfaceAcls(updatedPort));
- if (currentPort == null) {
- return updatedAclList;
+ List<Uuid> newAclList = new ArrayList<>(updatedAclList);
+ if (currentAclList == null) {
+ return newAclList;
}
- List<Uuid> currentAclList = new ArrayList<>(AclServiceUtils.getInterfaceAcls(currentPort));
- for (Iterator<Uuid> iterator = updatedAclList.iterator(); iterator.hasNext();) {
+ List<Uuid> origAclList = new ArrayList<>(currentAclList);
+ for (Iterator<Uuid> iterator = newAclList.iterator(); iterator.hasNext();) {
Uuid updatedAclUuid = iterator.next();
- for (Uuid currentAclUuid :currentAclList) {
+ for (Uuid currentAclUuid :origAclList) {
if (updatedAclUuid.getValue().equals(currentAclUuid.getValue())) {
iterator.remove();
}
}
}
- return updatedAclList;
+ return newAclList;
+ }
+
+ public static List<AllowedAddressPairs> getUpdatedAllowedAddressPairs(
+ List<AllowedAddressPairs> updatedAllowedAddressPairs,
+ List<AllowedAddressPairs> currentAllowedAddressPairs) {
+ if (updatedAllowedAddressPairs == null) {
+ return null;
+ }
+ List<AllowedAddressPairs> newAllowedAddressPairs = new ArrayList<>(updatedAllowedAddressPairs);
+ if (currentAllowedAddressPairs == null) {
+ return newAllowedAddressPairs;
+ }
+ List<AllowedAddressPairs> origAllowedAddressPairs = new ArrayList<>(currentAllowedAddressPairs);
+ for (Iterator<AllowedAddressPairs> iterator = newAllowedAddressPairs.iterator(); iterator.hasNext();) {
+ AllowedAddressPairs updatedAllowedAddressPair = iterator.next();
+ for (AllowedAddressPairs currentAllowedAddressPair : origAllowedAddressPairs) {
+ if (updatedAllowedAddressPair.getKey().equals(currentAllowedAddressPair.getKey())) {
+ iterator.remove();
+ break;
+ }
+ }
+ }
+ return newAllowedAddressPairs;
}
+ public static List<AllowedAddressPairs> getPortAllowedAddresses(Interface port) {
+ if (port == null) {
+ LOG.error("Port is Null");
+ return null;
+ }
+ InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class);
+ if (aclInPort == null) {
+ LOG.error("getSecurityGroupInPortList: no security group associated to Interface port: {}", port.getName());
+ return null;
+ }
+ return aclInPort.getAllowedAddressPairs();
+ }
+
+ public static BigInteger getDpIdFromIterfaceState(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf
+ .interfaces.rev140508.interfaces.state.Interface interfaceState) {
+ BigInteger dpId = null;
+ String interfaceName = interfaceState.getName();
+ List<String> ofportIds = interfaceState.getLowerLayerIf();
+ if (ofportIds != null && !ofportIds.isEmpty()) {
+ NodeConnectorId nodeConnectorId = new NodeConnectorId(ofportIds.get(0));
+ dpId = BigInteger.valueOf(MDSALUtil.getDpnIdFromPortName(nodeConnectorId));
+ }
+ return dpId;
+ }
+
+ /**
+ * Builds the ip matches.
+ *
+ * @param ipPrefixOrAddress the ip prefix or address
+ * @param ipv4MatchType the ipv4 match type
+ * @return the list
+ */
+ public static List<MatchInfoBase> buildIpMatches(IpPrefixOrAddress ipPrefixOrAddress,
+ MatchFieldType ipv4MatchType) {
+ List<MatchInfoBase> flowMatches = new ArrayList<>();
+ flowMatches.add(new MatchInfo(MatchFieldType.eth_type, new long[] {NwConstants.ETHTYPE_IPV4}));
+ IpPrefix ipPrefix = ipPrefixOrAddress.getIpPrefix();
+ if (ipPrefix != null) {
+ if (ipPrefix.getIpv4Prefix().getValue() != null) {
+ String[] ipaddressValues = ipPrefix.getIpv4Prefix().getValue().split("/");
+ flowMatches.add(new MatchInfo(ipv4MatchType, new String[] {ipaddressValues[0], ipaddressValues[1]}));
+ } else {
+ // Handle IPv6
+ }
+ } else {
+ IpAddress ipAddress = ipPrefixOrAddress.getIpAddress();
+ if (ipAddress.getIpv4Address() != null) {
+ flowMatches
+ .add(new MatchInfo(ipv4MatchType, new String[] {ipAddress.getIpv4Address().getValue(), "32"}));
+ } else {
+ // Handle IPv6
+ }
+ }
+ return flowMatches;
+ }
+
+ /**
+ * Gets the lport tag match.
+ *
+ * @param lportTag the lport tag
+ * @return the lport tag match
+ */
+ public static MatchInfo buildLPortTagMatch(int lportTag) {
+ return new MatchInfo(MatchFieldType.metadata,
+ new BigInteger[] {MetaDataUtil.getLportTagMetaData(lportTag), MetaDataUtil.METADATA_MASK_LPORT_TAG});
+ }
}