X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=blobdiff_plain;f=aclservice%2Fimpl%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fnetvirt%2Faclservice%2Futils%2FAclServiceUtils.java;h=c1e0f7b2c8b55a0b5c6df792d166aa954a8626c8;hb=ec4cef104dfb84a67b1cda61607afad86a7e5dfc;hp=00fe3e6354921b8b4bf2b462b22a850c42c8d029;hpb=993aa2a49eb88f074aee0958f3740860e3d6d675;p=netvirt.git diff --git a/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclServiceUtils.java b/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclServiceUtils.java index 00fe3e6354..c1e0f7b2c8 100644 --- a/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclServiceUtils.java +++ b/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclServiceUtils.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016 Red Hat, Inc. and others. All rights reserved. + * Copyright (c) 2016, 2018 Red Hat, Inc. and others. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v1.0 which accompanies this distribution, @@ -8,6 +8,10 @@ package org.opendaylight.netvirt.aclservice.utils; +import static org.opendaylight.controller.md.sal.binding.api.WriteTransaction.CREATE_MISSING_PARENTS; +import static org.opendaylight.genius.infra.Datastore.CONFIGURATION; +import static org.opendaylight.genius.infra.Datastore.OPERATIONAL; + import com.google.common.base.Optional; import com.google.common.collect.Lists; import com.google.common.net.InetAddresses; @@ -18,37 +22,33 @@ import java.net.UnknownHostException; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; -import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.List; -import java.util.Map; -import java.util.Map.Entry; +import java.util.Objects; import java.util.Set; import java.util.SortedSet; import java.util.TreeSet; import java.util.concurrent.ExecutionException; import java.util.concurrent.Future; -import javax.annotation.Nullable; import javax.inject.Inject; import javax.inject.Singleton; +import org.eclipse.jdt.annotation.NonNull; +import org.eclipse.jdt.annotation.Nullable; import org.opendaylight.controller.md.sal.binding.api.DataBroker; import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction; -import org.opendaylight.controller.md.sal.binding.api.WriteTransaction; import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException; -import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException; -import org.opendaylight.genius.datastoreutils.SingleTransactionDataBroker; +import org.opendaylight.genius.infra.Datastore.Operational; import org.opendaylight.genius.infra.ManagedNewTransactionRunner; import org.opendaylight.genius.infra.ManagedNewTransactionRunnerImpl; -import org.opendaylight.genius.interfacemanager.globals.InterfaceServiceUtil; +import org.opendaylight.genius.infra.TypedWriteTransaction; import org.opendaylight.genius.mdsalutil.ActionInfo; import org.opendaylight.genius.mdsalutil.InstructionInfo; import org.opendaylight.genius.mdsalutil.MDSALUtil; import org.opendaylight.genius.mdsalutil.MatchInfoBase; import org.opendaylight.genius.mdsalutil.MetaDataUtil; import org.opendaylight.genius.mdsalutil.NwConstants; -import org.opendaylight.genius.mdsalutil.NxMatchInfo; import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack; import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack.NxCtAction; import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions; @@ -68,6 +68,7 @@ import org.opendaylight.genius.mdsalutil.matches.MatchUdpDestinationPort; import org.opendaylight.genius.mdsalutil.matches.MatchUdpSourcePort; import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchRegister; import org.opendaylight.genius.mdsalutil.packet.IPProtocols; +import org.opendaylight.infrautils.jobcoordinator.JobCoordinator; import org.opendaylight.netvirt.aclservice.api.AclServiceManager.MatchCriteria; import org.opendaylight.netvirt.aclservice.api.utils.AclInterface; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.AccessLists; @@ -84,7 +85,6 @@ import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types. import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesState; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid; @@ -94,15 +94,14 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406. import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.AllocateIdOutput; import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.CreateIdPoolInput; import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.CreateIdPoolInputBuilder; +import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.CreateIdPoolOutput; import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.DeleteIdPoolInput; import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.DeleteIdPoolInputBuilder; +import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.DeleteIdPoolOutput; import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.IdManagerService; import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.ReleaseIdInput; import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.ReleaseIdInputBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceInput; -import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceInputBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceOutput; -import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService; +import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.ReleaseIdOutput; import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceBindings; import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeBase; import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeEgress; @@ -120,7 +119,8 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev16060 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.PortsSubnetIpPrefixes; +import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddressBuilder; +import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionV6; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.acl.ports.lookup.AclPortsByIp; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.acl.ports.lookup.AclPortsByIpKey; @@ -130,8 +130,7 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev16060 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.acl.ports.lookup.acl.ports.by.ip.acl.ip.prefixes.PortIdsBuilder; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.acl.ports.lookup.acl.ports.by.ip.acl.ip.prefixes.PortIdsKey; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs; -import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.ports.subnet.ip.prefixes.PortSubnetIpPrefixes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.ports.subnet.ip.prefixes.PortSubnetIpPrefixesKey; +import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.SubnetInfo; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.ElanInstances; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.ElanInterfaces; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.instances.ElanInstance; @@ -139,10 +138,12 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.interfaces.ElanInterface; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.interfaces.ElanInterfaceKey; import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg6; +import org.opendaylight.yang.gen.v1.urn.opendaylight.serviceutils.srm.types.rev180626.NetvirtAcl; import org.opendaylight.yangtools.yang.binding.DataObject; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier.InstanceIdentifierBuilder; import org.opendaylight.yangtools.yang.common.RpcResult; +import org.opendaylight.yangtools.yang.common.Uint64; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -150,23 +151,23 @@ import org.slf4j.LoggerFactory; public final class AclServiceUtils { private static final Logger LOG = LoggerFactory.getLogger(AclServiceUtils.class); - public static final AclserviceConfig.DefaultBehavior DEFAULT_DENY = AclserviceConfig.DefaultBehavior.Deny; - public static final AclserviceConfig.DefaultBehavior DEFAULT_ALLOW = AclserviceConfig.DefaultBehavior.Allow; private final DataBroker dataBroker; private final ManagedNewTransactionRunner txRunner; private final AclDataUtil aclDataUtil; private final AclserviceConfig config; private final IdManagerService idManager; + private final JobCoordinator jobCoordinator; @Inject public AclServiceUtils(DataBroker dataBroker, AclDataUtil aclDataUtil, AclserviceConfig config, - IdManagerService idManager) { + IdManagerService idManager, JobCoordinator jobCoordinator) { this.dataBroker = dataBroker; this.txRunner = new ManagedNewTransactionRunnerImpl(dataBroker); this.aclDataUtil = aclDataUtil; this.config = config; this.idManager = idManager; + this.jobCoordinator = jobCoordinator; } /** @@ -211,52 +212,6 @@ public final class AclServiceUtils { } } - /** - * Retrieves the acl matching the key from the data store. - * - * @param broker the data broker - * @param aclKey the acl key - * @return the acl - */ - public static Acl getAcl(DataBroker broker, String aclKey) { - return read(broker, LogicalDatastoreType.CONFIGURATION, getAclInstanceIdentifier(aclKey)).orNull(); - } - - /** Creates the Acl instance identifier. - * - * @param aclKey the acl key - * @return the instance identifier - */ - public static InstanceIdentifier getAclInstanceIdentifier(String aclKey) { - return InstanceIdentifier.builder(AccessLists.class).child(Acl.class, new AclKey(aclKey, Ipv4Acl.class)) - .build(); - } - - /** - * Get the data path number for the interface. - * @param interfaceManagerRpcService interfaceManagerRpcService instance. - * @param ifName the interface name. - * @return the dpn. - */ - public static BigInteger getDpnForInterface(OdlInterfaceRpcService interfaceManagerRpcService, String ifName) { - BigInteger nodeId = BigInteger.ZERO; - try { - GetDpidFromInterfaceInput dpIdInput = - new GetDpidFromInterfaceInputBuilder().setIntfName(ifName).build(); - Future> dpIdOutput = - interfaceManagerRpcService.getDpidFromInterface(dpIdInput); - RpcResult dpIdResult = dpIdOutput.get(); - if (dpIdResult.isSuccessful()) { - nodeId = dpIdResult.getResult().getDpid(); - } else { - LOG.error("Could not retrieve DPN Id for interface {}", ifName); - } - } catch (NullPointerException | InterruptedException | ExecutionException e) { - LOG.error("Exception when getting dpn for interface {}", ifName, e); - } - return nodeId; - } - /** * Retrieves the interface state. * @param dataBroker the data broker. @@ -264,7 +219,7 @@ public final class AclServiceUtils { * @return the interface state. */ public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state - .Interface getInterfaceStateFromOperDS(DataBroker dataBroker, String interfaceName) { + .@Nullable Interface getInterfaceStateFromOperDS(DataBroker dataBroker, String interfaceName) { InstanceIdentifier ifStateId = buildStateInterfaceId(interfaceName); return MDSALUtil.read(LogicalDatastoreType.OPERATIONAL, ifStateId, dataBroker).orNull(); @@ -285,47 +240,18 @@ public final class AclServiceUtils { return idBuilder.build(); } - /** - * Checks whether port security is enabled for the port. - * @param port the port. - * @return the port security is enabled/not. - */ - public static boolean isPortSecurityEnabled(AclInterface port) { - return port.isPortSecurityEnabled(); - } - - /** - * Checks whether port security is enabled for the port. - * @param port the port. - * @return the list of security groups. - */ - public static List getInterfaceAcls(Interface port) { - if (port == null) { - LOG.error("Port is Null"); - return null; - } - InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class); - if (aclInPort == null) { - LOG.error("getSecurityGroupInPortList: no security group associated}", - port.getName()); - return null; - } - return aclInPort.getSecurityGroups(); - } - /** * Retrieves the security rule attribute augmentation from the access list. * @param ace the access list entry * @return the security rule attributes */ - public static SecurityRuleAttr getAccesssListAttributes(Ace ace) { + @Nullable + public static SecurityRuleAttr getAccessListAttributes(Ace ace) { if (ace == null) { - LOG.error("Ace is Null"); return null; } - SecurityRuleAttr aceAttributes = ace.getAugmentation(SecurityRuleAttr.class); + SecurityRuleAttr aceAttributes = ace.augmentation(SecurityRuleAttr.class); if (aceAttributes == null) { - LOG.error("Ace is null"); return null; } return aceAttributes; @@ -382,7 +308,7 @@ public final class AclServiceUtils { */ public static List buildIcmpV6Matches(int icmpType, int icmpCode, int lportTag, Class serviceMode) { - List matches = new ArrayList<>(6); + List matches = new ArrayList<>(); matches.add(MatchEthernetType.IPV6); matches.add(MatchIpProtocol.ICMPV6); if (icmpType != 0) { @@ -395,7 +321,7 @@ public final class AclServiceUtils { public static List buildBroadcastIpV4Matches(String ipAddr) { List matches = new ArrayList<>(2); matches.add(new MatchEthernetDestination(new MacAddress(AclConstants.BROADCAST_MAC))); - matches.addAll(AclServiceUtils.buildIpMatches(new IpPrefixOrAddress(ipAddr.toCharArray()), + matches.addAll(AclServiceUtils.buildIpMatches(IpPrefixOrAddressBuilder.getDefaultInstance(ipAddr), MatchCriteria.MATCH_DESTINATION)); return matches; } @@ -432,10 +358,10 @@ public final class AclServiceUtils { * @return the bound services */ public static BoundServices getBoundServices(String serviceName, short servicePriority, int flowPriority, - BigInteger cookie, List instructions) { + Uint64 cookie, List instructions) { StypeOpenflowBuilder augBuilder = new StypeOpenflowBuilder().setFlowCookie(cookie).setFlowPriority(flowPriority) .setInstruction(instructions); - return new BoundServicesBuilder().setKey(new BoundServicesKey(servicePriority)).setServiceName(serviceName) + return new BoundServicesBuilder().withKey(new BoundServicesKey(servicePriority)).setServiceName(serviceName) .setServicePriority(servicePriority).setServiceType(ServiceTypeFlowBased.class) .addAugmentation(StypeOpenflow.class, augBuilder.build()).build(); } @@ -449,22 +375,15 @@ public final class AclServiceUtils { return newAclList; } List origAclList = new ArrayList<>(currentAclList); - for (Iterator iterator = newAclList.iterator(); iterator.hasNext();) { - Uuid updatedAclUuid = iterator.next(); - for (Uuid currentAclUuid :origAclList) { - if (updatedAclUuid.getValue().equals(currentAclUuid.getValue())) { - iterator.remove(); - } - } - } + newAclList.removeAll(origAclList); return newAclList; } public static List getUpdatedAllowedAddressPairs( - List updatedAllowedAddressPairs, - List currentAllowedAddressPairs) { + @Nullable List updatedAllowedAddressPairs, + @Nullable List currentAllowedAddressPairs) { if (updatedAllowedAddressPairs == null) { - return null; + return Collections.emptyList(); } List newAllowedAddressPairs = new ArrayList<>(updatedAllowedAddressPairs); if (currentAllowedAddressPairs == null) { @@ -474,7 +393,7 @@ public final class AclServiceUtils { for (Iterator iterator = newAllowedAddressPairs.iterator(); iterator.hasNext();) { AllowedAddressPairs updatedAllowedAddressPair = iterator.next(); for (AllowedAddressPairs currentAllowedAddressPair : origAllowedAddressPairs) { - if (updatedAllowedAddressPair.getKey().equals(currentAllowedAddressPair.getKey())) { + if (updatedAllowedAddressPair.key().equals(currentAllowedAddressPair.key())) { iterator.remove(); break; } @@ -483,19 +402,7 @@ public final class AclServiceUtils { return newAllowedAddressPairs; } - public static List getPortAllowedAddresses(Interface port) { - if (port == null) { - LOG.error("Port is Null"); - return null; - } - InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class); - if (aclInPort == null) { - LOG.error("getSecurityGroupInPortList: no security group associated to Interface port: {}", port.getName()); - return null; - } - return aclInPort.getAllowedAddressPairs(); - } - + @Nullable public static BigInteger getDpIdFromIterfaceState(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf .interfaces.rev140508.interfaces.state.Interface interfaceState) { BigInteger dpId = null; @@ -507,10 +414,10 @@ public final class AclServiceUtils { return dpId; } - public static List getIpBroadcastAddresses(List cidrs) { + public static List getIpBroadcastAddresses(List subnetInfoList) { List ipBroadcastAddresses = new ArrayList<>(); - for (IpPrefixOrAddress cidr : cidrs) { - IpPrefix cidrIpPrefix = cidr.getIpPrefix(); + for (SubnetInfo subnetInfo : subnetInfoList) { + IpPrefix cidrIpPrefix = subnetInfo.getIpPrefix().getIpPrefix(); if (cidrIpPrefix != null) { Ipv4Prefix cidrIpv4Prefix = cidrIpPrefix.getIpv4Prefix(); if (cidrIpv4Prefix != null) { @@ -602,8 +509,13 @@ public final class AclServiceUtils { MetaDataUtil.METADATA_MASK_REMOTE_ACL_TAG); } - public static BigInteger getRemoteAclTagMetadata(BigInteger remoteAclTag) { - return remoteAclTag.shiftLeft(4); + public static Uint64 getRemoteAclTagMetadata(BigInteger remoteAclTag) { + return Uint64.valueOf(remoteAclTag.shiftLeft(4)); + } + + public static Uint64 getDropFlowCookie(int lport) { + return Uint64.fromLongBits(MetaDataUtil.getLportTagMetaData(lport).longValue() + | AclConstants.COOKIE_ACL_DROP_FLOW.longValue()); } /** @@ -687,10 +599,10 @@ public final class AclServiceUtils { // In case of ingress service mode, only metadata is used for // matching both lportTag and aclTag. Hence performing "or" // operation on both lportTag and aclTag metadata. - BigInteger metaData = MetaDataUtil.getLportTagMetaData(lportTag) - .or(getRemoteAclTagMetadata(BigInteger.valueOf(remoteAclTag))); - BigInteger metaDataMask = - MetaDataUtil.METADATA_MASK_LPORT_TAG.or(MetaDataUtil.METADATA_MASK_REMOTE_ACL_TAG); + Uint64 metaData = Uint64.fromLongBits(MetaDataUtil.getLportTagMetaData(lportTag).longValue() + | (getRemoteAclTagMetadata(BigInteger.valueOf(remoteAclTag)).longValue())); + Uint64 metaDataMask = Uint64.fromLongBits(MetaDataUtil.METADATA_MASK_LPORT_TAG.longValue() + | MetaDataUtil.METADATA_MASK_REMOTE_ACL_TAG.longValue()); matches.add(new MatchMetadata(metaData, metaDataMask)); } return matches; @@ -706,10 +618,11 @@ public final class AclServiceUtils { // In case of ingress service mode, only metadata is used for // matching both lportTag and conntrackClassifierType. Hence performing "or" // operation on both lportTag and conntrackClassifierType metadata. - BigInteger metaData = MetaDataUtil.getLportTagMetaData(lportTag) - .or(MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(conntrackClassifierType.getValue())); - BigInteger metaDataMask = - MetaDataUtil.METADATA_MASK_LPORT_TAG.or(MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE); + Uint64 metaData = Uint64.fromLongBits(MetaDataUtil.getLportTagMetaData(lportTag).longValue() + | (MetaDataUtil.getAclConntrackClassifierTypeFromMetaData( + Uint64.valueOf(conntrackClassifierType.getValue()))).longValue()); + Uint64 metaDataMask = Uint64.fromLongBits(MetaDataUtil.METADATA_MASK_LPORT_TAG.longValue() + | MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE.longValue()); matches.add(new MatchMetadata(metaData, metaDataMask)); } return matches; @@ -717,11 +630,16 @@ public final class AclServiceUtils { public static InstructionWriteMetadata getWriteMetadataForAclClassifierType( AclConntrackClassifierType conntrackClassifierType) { - return new InstructionWriteMetadata( - MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(conntrackClassifierType.getValue()), + return new InstructionWriteMetadata(MetaDataUtil.getAclConntrackClassifierTypeFromMetaData( + Uint64.valueOf(conntrackClassifierType.getValue())), MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE); } + public static InstructionWriteMetadata getWriteMetadataForDropFlag() { + return new InstructionWriteMetadata(MetaDataUtil.getAclDropMetaData(AclConstants.METADATA_DROP_FLAG), + MetaDataUtil.METADATA_MASK_ACL_DROP); + } + public static InstructionWriteMetadata getWriteMetadataForRemoteAclTag(Integer remoteAclTag) { return new InstructionWriteMetadata(getRemoteAclTagMetadata(BigInteger.valueOf(remoteAclTag)), MetaDataUtil.METADATA_MASK_REMOTE_ACL_TAG); @@ -730,8 +648,9 @@ public final class AclServiceUtils { public static MatchInfoBase buildAclConntrackClassifierTypeMatch( AclConntrackClassifierType conntrackSupportedType) { return new MatchMetadata( - MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(conntrackSupportedType.getValue()), - MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE); + MetaDataUtil.getAclConntrackClassifierTypeFromMetaData( + Uint64.valueOf(conntrackSupportedType.getValue())), + MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE); } public AclserviceConfig getConfig() { @@ -754,36 +673,6 @@ public final class AclServiceUtils { return false; } - public static Map> getFlowForAllowedAddresses( - List syncAllowedAddresses, Map> flowMatchesMap, - boolean isSourceIpMacMatch) { - if (flowMatchesMap == null) { - return null; - } - Map> updatedFlowMatchesMap = new HashMap<>(); - MatchInfoBase ipv4Match = MatchEthernetType.IPV4; - MatchInfoBase ipv6Match = MatchEthernetType.IPV6; - for (Entry> entry : flowMatchesMap.entrySet()) { - String flowName = entry.getKey(); - List flows = entry.getValue(); - // iterate over allow address pair and update match type - for (AllowedAddressPairs aap : syncAllowedAddresses) { - List matchInfoBaseList; - String flowId; - if (flows.contains(ipv4Match) && isIPv4Address(aap) && isNotIpv4AllNetwork(aap)) { - matchInfoBaseList = updateAAPMatches(isSourceIpMacMatch, flows, aap); - flowId = flowName + "_ipv4_remoteACL_interface_aap_" + getAapFlowId(aap); - updatedFlowMatchesMap.put(flowId, matchInfoBaseList); - } else if (flows.contains(ipv6Match) && !isIPv4Address(aap) && isNotIpv6AllNetwork(aap)) { - matchInfoBaseList = updateAAPMatches(isSourceIpMacMatch, flows, aap); - flowId = flowName + "_ipv6_remoteACL_interface_aap_" + getAapFlowId(aap); - updatedFlowMatchesMap.put(flowId, matchInfoBaseList); - } - } - } - return updatedFlowMatchesMap; - } - public static boolean isNotIpv4AllNetwork(AllowedAddressPairs aap) { IpPrefix ipPrefix = aap.getIpAddress().getIpPrefix(); if (ipPrefix != null && ipPrefix.getIpv4Prefix() != null @@ -806,19 +695,17 @@ public final class AclServiceUtils { return isNotIpv4AllNetwork(aap) && isNotIpv6AllNetwork(aap); } - private static String getAapFlowId(AllowedAddressPairs aap) { - return aap.getMacAddress().getValue() + "_" + String.valueOf(aap.getIpAddress().getValue()); - } - - public static Long getElanIdFromInterface(String elanInterfaceName,DataBroker broker) { + @Nullable + public static Long getElanIdFromInterface(String elanInterfaceName, DataBroker broker) { ElanInterface elanInterface = getElanInterfaceByElanInterfaceName(elanInterfaceName, broker); if (null != elanInterface) { ElanInstance elanInfo = getElanInstanceByName(elanInterface.getElanInstanceName(), broker); - return elanInfo.getElanTag(); + return elanInfo != null ? elanInfo.getElanTag().toJava() : null; } return null; } + @Nullable public static ElanInterface getElanInterfaceByElanInterfaceName(String elanInterfaceName,DataBroker broker) { InstanceIdentifier elanInterfaceId = getElanInterfaceConfigurationDataPathId(elanInterfaceName); return read(broker, LogicalDatastoreType.CONFIGURATION, elanInterfaceId).orNull(); @@ -830,6 +717,7 @@ public final class AclServiceUtils { } // elan-instances config container + @Nullable public static ElanInstance getElanInstanceByName(String elanInstanceName, DataBroker broker) { InstanceIdentifier elanIdentifierId = getElanInstanceConfigurationDataPath(elanInstanceName); return read(broker, LogicalDatastoreType.CONFIGURATION, elanIdentifierId).orNull(); @@ -840,53 +728,20 @@ public final class AclServiceUtils { .child(ElanInstance.class, new ElanInstanceKey(elanInstanceName)).build(); } - public static List getSubnetIpPrefixes(DataBroker broker, String portId) { - InstanceIdentifier id = InstanceIdentifier.builder(PortsSubnetIpPrefixes.class) - .child(PortSubnetIpPrefixes.class, new PortSubnetIpPrefixesKey(portId)).build(); - Optional portSubnetIpPrefixes = read(broker, LogicalDatastoreType.OPERATIONAL, id); - if (portSubnetIpPrefixes.isPresent()) { - return portSubnetIpPrefixes.get().getSubnetIpPrefixes(); + public void deleteAcesFromConfigDS(String aclName, List deletedAceRules) { + List> acesParts = Lists.partition(deletedAceRules, AclConstants.ACES_PER_TRANSACTION); + for (List acePart : acesParts) { + jobCoordinator.enqueueJob(aclName, + () -> Collections.singletonList(txRunner.callWithNewReadWriteTransactionAndSubmit(CONFIGURATION, + tx -> { + for (Ace ace: acePart) { + InstanceIdentifier id = InstanceIdentifier.builder(AccessLists.class) + .child(Acl.class, new AclKey(aclName, Ipv4Acl.class)).child(AccessListEntries.class) + .child(Ace.class, ace.key()).build(); + tx.delete(id); + } + })), AclConstants.ACEDELETE_MAX_RETRIES); } - return null; - } - - public static void deleteSubnetIpPrefixes(DataBroker broker, String portId) { - InstanceIdentifier id = InstanceIdentifier.builder(PortsSubnetIpPrefixes.class) - .child(PortSubnetIpPrefixes.class, new PortSubnetIpPrefixesKey(portId)).build(); - MDSALUtil.syncDelete(broker, LogicalDatastoreType.OPERATIONAL, id); - } - - private static List updateAAPMatches(boolean isSourceIpMacMatch, List flows, - AllowedAddressPairs aap) { - List matchInfoBaseList; - if (isSourceIpMacMatch) { - matchInfoBaseList = AclServiceUtils.buildIpMatches(aap.getIpAddress(), MatchCriteria.MATCH_SOURCE); - } else { - matchInfoBaseList = AclServiceUtils.buildIpMatches(aap.getIpAddress(), MatchCriteria.MATCH_DESTINATION); - } - matchInfoBaseList.addAll(flows); - return matchInfoBaseList; - } - - public static MatchInfoBase getMatchInfoByType(List flows, Class type) { - for (MatchInfoBase mib : flows) { - if (type.isAssignableFrom(mib.getClass())) { - return mib; - } - } - return null; - } - - public static boolean containsMatchFieldType(List flows, Class type) { - return getMatchInfoByType(flows, type) != null; - } - - public static boolean containsTcpMatchField(List flows) { - return flows.contains(MatchIpProtocol.TCP); - } - - public static boolean containsUdpMatchField(List flows) { - return flows.contains(MatchIpProtocol.UDP); } public static Integer allocateId(IdManagerService idManager, String poolName, String idKey, Integer defaultId) { @@ -911,8 +766,7 @@ public final class AclServiceUtils { public static void releaseId(IdManagerService idManager, String poolName, String idKey) { ReleaseIdInput idInput = new ReleaseIdInputBuilder().setPoolName(poolName).setIdKey(idKey).build(); try { - Future> result = idManager.releaseId(idInput); - RpcResult rpcResult = result.get(); + RpcResult rpcResult = idManager.releaseId(idInput).get(); if (!rpcResult.isSuccessful()) { LOG.error("RPC Call to release Id with Key {} from pool {} returned with Errors {}", idKey, poolName, rpcResult.getErrors()); @@ -931,6 +785,7 @@ public final class AclServiceUtils { * @param aclId the acl id * @return the acl tag */ + @Nullable public Integer getAclTag(final Uuid aclId) { String aclName = aclId.getValue(); Integer aclTag = this.aclDataUtil.getAclTag(aclName); @@ -951,9 +806,8 @@ public final class AclServiceUtils { * @return the integer */ public Integer allocateAclTag(String aclName) { - Integer aclTag = AclServiceUtils.allocateId(this.idManager, AclConstants.ACL_TAG_POOL_NAME, aclName, - AclConstants.INVALID_ACL_TAG); - return aclTag; + return AclServiceUtils.allocateId(this.idManager, AclConstants.ACL_TAG_POOL_NAME, aclName, + AclConstants.INVALID_ACL_TAG); } /** @@ -966,13 +820,25 @@ public final class AclServiceUtils { } /** - * Indicates whether the interface has port security enabled. + * Indicates whether the interface has port security enabled or interface is DHCP service port. * * @param aclInterface the interface. - * @return true if port is security enabled. + * @return true if port is security enabled or is a DHCP service port. */ public static boolean isOfInterest(AclInterface aclInterface) { - return aclInterface != null && aclInterface.isPortSecurityEnabled(); + return aclInterface != null && (aclInterface.isPortSecurityEnabled() + || aclInterface.getInterfaceType() == InterfaceAcl.InterfaceType.DhcpService); + } + + /** + * Indicates whether the interface has port security enabled or interface is DHCP service port. + * + * @param aclInterface the interface. + * @return true if port is security enabled or is a DHCP service port. + */ + public static boolean isOfInterest(InterfaceAcl aclInterface) { + return aclInterface != null && (aclInterface.isPortSecurityEnabled() + || aclInterface.getInterfaceType() == InterfaceAcl.InterfaceType.DhcpService); } /** @@ -985,7 +851,7 @@ public final class AclServiceUtils { .setPoolName(poolName).setLow(AclConstants.ACL_TAG_POOL_START) .setHigh(AclConstants.ACL_TAG_POOL_END).build(); try { - Future> result = this.idManager.createIdPool(createPool); + Future> result = this.idManager.createIdPool(createPool); if (result != null && result.get().isSuccessful()) { LOG.debug("Created IdPool for {}", poolName); } @@ -1003,7 +869,7 @@ public final class AclServiceUtils { public void deleteIdPool(String poolName) { DeleteIdPoolInput deletePool = new DeleteIdPoolInputBuilder().setPoolName(poolName).build(); try { - Future> result = this.idManager.deleteIdPool(deletePool); + Future> result = this.idManager.deleteIdPool(deletePool); if (result != null && result.get().isSuccessful()) { LOG.debug("Deleted IdPool for {}", poolName); } @@ -1096,30 +962,17 @@ public final class AclServiceUtils { return flowMatches; } - public static boolean isOfAclInterest(Acl acl) { - if (acl.getAccessListEntries() != null) { - List aceList = acl.getAccessListEntries().getAce(); - if (aceList != null && !aceList.isEmpty()) { - return aceList.get(0).getAugmentation(SecurityRuleAttr.class) != null; - } - } - return false; - } - - public static void addLportTagMetadataMatch(int lportTag, List flowMatches, - Class serviceMode) { - MatchInfoBase lportMatch = buildLPortTagMatch(lportTag, serviceMode); - InterfaceServiceUtil.mergeMetadataMatchsOrAdd(flowMatches, lportMatch); + public static @NonNull List aceList(@NonNull Acl acl) { + final AccessListEntries ale = acl.getAccessListEntries(); + return ale == null ? Collections.emptyList() : ale.nonnullAce(); } - /** - * Returns ACL specific key for synchronization. - * - * @param key the generic key - * @return ACL key that can be used with synchronization - */ - public static String getAclKeyForSynchronization(String key) { - return key + AclConstants.ACL_SYNC_KEY_EXT; + public static @NonNull List getAceListFromAcl(Acl acl) { + List aceList = aceList(acl); + if (!aceList.isEmpty() && aceList.get(0).augmentation(SecurityRuleAttr.class) != null) { + return aceList; + } + return Collections.emptyList(); } /** @@ -1143,7 +996,7 @@ public final class AclServiceUtils { return aceAttr != null && aceAttr.getRemoteGroupId() != null; } - public SortedSet getRemoteAclTags(List aclIds, Class direction) { + public SortedSet getRemoteAclTags(@Nullable List aclIds, Class direction) { SortedSet remoteAclTags = new TreeSet<>(); Set remoteAclIds = getRemoteAclIdsByDirection(aclIds, direction); for (Uuid remoteAclId : remoteAclIds) { @@ -1155,7 +1008,7 @@ public final class AclServiceUtils { return remoteAclTags; } - public Set getRemoteAclIdsByDirection(List aclIds, Class direction) { + public Set getRemoteAclIdsByDirection(@Nullable List aclIds, Class direction) { Set remoteAclIds = new HashSet<>(); if (aclIds == null || aclIds.isEmpty()) { return remoteAclIds; @@ -1174,13 +1027,11 @@ public final class AclServiceUtils { public static Set getRemoteAclIdsByDirection(Acl acl, Class direction) { Set remoteAclIds = new HashSet<>(); - AccessListEntries accessListEntries = acl.getAccessListEntries(); - if (accessListEntries != null && accessListEntries.getAce() != null) { - for (Ace ace : accessListEntries.getAce()) { - SecurityRuleAttr aceAttr = AclServiceUtils.getAccesssListAttributes(ace); - if (aceAttr.getDirection().equals(direction) && doesAceHaveRemoteGroupId(aceAttr)) { - remoteAclIds.add(aceAttr.getRemoteGroupId()); - } + for (Ace ace : aceList(acl)) { + SecurityRuleAttr aceAttr = AclServiceUtils.getAccessListAttributes(ace); + if (aceAttr != null && Objects.equals(aceAttr.getDirection(), direction) + && doesAceHaveRemoteGroupId(aceAttr)) { + remoteAclIds.add(aceAttr.getRemoteGroupId()); } } return remoteAclIds; @@ -1215,7 +1066,7 @@ public final class AclServiceUtils { List portIds = new ArrayList<>(aclIpPrefixes.getPortIds()); // Checking if there are any other ports excluding ignorePorts long noOfRemotePorts = - portIds.stream().map(x -> x.getPortId()).filter(y -> !ignorePorts.contains(y)).count(); + portIds.stream().map(PortIds::getPortId).filter(y -> !ignorePorts.contains(y)).count(); if (noOfRemotePorts > 0) { skipDelete = true; } @@ -1223,11 +1074,6 @@ public final class AclServiceUtils { return skipDelete; } - public static void deleteAclPortsLookupEntry(String aclName, DataBroker broker) - throws TransactionCommitFailedException { - SingleTransactionDataBroker.syncDelete(broker, LogicalDatastoreType.OPERATIONAL, aclPortsByIpPath(aclName)); - } - public static InstanceIdentifier aclPortsByIpPath(String aclName) { return InstanceIdentifier.builder(AclPortsLookup.class) .child(AclPortsByIp.class, new AclPortsByIpKey(aclName)).build(); @@ -1245,41 +1091,35 @@ public final class AclServiceUtils { .build(); } - public List> addAclPortsLookupForInterfaceUpdate(AclInterface portBefore, - AclInterface portAfter) { - List> futures = new ArrayList<>(); + public void addAclPortsLookupForInterfaceUpdate(AclInterface portBefore, AclInterface portAfter) { LOG.debug("Processing interface additions for port {}", portAfter.getInterfaceId()); List addedAllowedAddressPairs = getUpdatedAllowedAddressPairs( portAfter.getAllowedAddressPairs(), portBefore.getAllowedAddressPairs()); - if (addedAllowedAddressPairs != null && !addedAllowedAddressPairs.isEmpty()) { - futures.addAll(addAclPortsLookup(portAfter, portAfter.getSecurityGroups(), addedAllowedAddressPairs)); + if (!addedAllowedAddressPairs.isEmpty()) { + addAclPortsLookup(portAfter, portAfter.getSecurityGroups(), addedAllowedAddressPairs); } List addedAcls = getUpdatedAclList(portAfter.getSecurityGroups(), portBefore.getSecurityGroups()); - if (addedAcls != null && !addedAcls.isEmpty()) { - futures.addAll(addAclPortsLookup(portAfter, addedAcls, portAfter.getAllowedAddressPairs())); + if (!addedAcls.isEmpty()) { + addAclPortsLookup(portAfter, addedAcls, portAfter.getAllowedAddressPairs()); } - return futures; } - public List> deleteAclPortsLookupForInterfaceUpdate(AclInterface portBefore, - AclInterface portAfter) { - List> futures = new ArrayList<>(); + public void deleteAclPortsLookupForInterfaceUpdate(AclInterface portBefore, AclInterface portAfter) { LOG.debug("Processing interface removals for port {}", portAfter.getInterfaceId()); List deletedAllowedAddressPairs = getUpdatedAllowedAddressPairs( portBefore.getAllowedAddressPairs(), portAfter.getAllowedAddressPairs()); - if (deletedAllowedAddressPairs != null && !deletedAllowedAddressPairs.isEmpty()) { - futures.addAll(deleteAclPortsLookup(portAfter, portAfter.getSecurityGroups(), deletedAllowedAddressPairs)); + if (!deletedAllowedAddressPairs.isEmpty()) { + deleteAclPortsLookup(portAfter, portAfter.getSecurityGroups(), deletedAllowedAddressPairs); } List deletedAcls = getUpdatedAclList(portBefore.getSecurityGroups(), portAfter.getSecurityGroups()); - if (deletedAcls != null && !deletedAcls.isEmpty()) { - futures.addAll(deleteAclPortsLookup(portAfter, deletedAcls, portAfter.getAllowedAddressPairs())); + if (!deletedAcls.isEmpty()) { + deleteAclPortsLookup(portAfter, deletedAcls, portAfter.getAllowedAddressPairs()); } - return futures; } - public List> addAclPortsLookup(AclInterface port, List aclList, + public void addAclPortsLookup(AclInterface port, List aclList, List allowedAddresses) { String portId = port.getInterfaceId(); LOG.trace("Adding AclPortsLookup for port={}, acls={}, AAPs={}", portId, aclList, allowedAddresses); @@ -1287,28 +1127,28 @@ public final class AclServiceUtils { if (aclList == null || allowedAddresses == null || allowedAddresses.isEmpty()) { LOG.warn("aclList or allowedAddresses is null. port={}, acls={}, AAPs={}", portId, aclList, allowedAddresses); - return Collections.emptyList(); + return; } - List> futures = new ArrayList<>(); + for (Uuid aclId : aclList) { String aclName = aclId.getValue(); - synchronized (aclName.intern()) { - futures.add(txRunner.callWithNewWriteOnlyTransactionAndSubmit(tx -> { + jobCoordinator.enqueueJob(aclName, () -> { + List> futures = new ArrayList<>(); + futures.add(txRunner.callWithNewWriteOnlyTransactionAndSubmit(OPERATIONAL, tx -> { for (AllowedAddressPairs aap : allowedAddresses) { PortIds portIdObj = - new PortIdsBuilder().setKey(new PortIdsKey(portId)).setPortId(portId).build(); + new PortIdsBuilder().withKey(new PortIdsKey(portId)).setPortId(portId).build(); InstanceIdentifier path = AclServiceUtils.getPortIdsPathInAclPortsLookup(aclName, aap.getIpAddress(), portId); - tx.put(LogicalDatastoreType.OPERATIONAL, path, portIdObj, - WriteTransaction.CREATE_MISSING_PARENTS); + tx.put(path, portIdObj, CREATE_MISSING_PARENTS); } })); - } + return futures; + }); } - return futures; } - public List> deleteAclPortsLookup(AclInterface port, List aclList, + public void deleteAclPortsLookup(AclInterface port, List aclList, List allowedAddresses) { String portId = port.getInterfaceId(); LOG.trace("Deleting AclPortsLookup for port={}, acls={}, AAPs={}", portId, aclList, allowedAddresses); @@ -1316,27 +1156,28 @@ public final class AclServiceUtils { if (aclList == null || allowedAddresses == null || allowedAddresses.isEmpty()) { LOG.warn("aclList or allowedAddresses is null. port={}, acls={}, AAPs={}", portId, aclList, allowedAddresses); - return Collections.emptyList(); + return; } - List> futures = new ArrayList<>(); + for (Uuid aclId : aclList) { String aclName = aclId.getValue(); - synchronized (aclName.intern()) { - futures.add(txRunner.callWithNewWriteOnlyTransactionAndSubmit(tx -> { + jobCoordinator.enqueueJob(aclName, () -> { + List> futures = new ArrayList<>(); + futures.add(txRunner.callWithNewWriteOnlyTransactionAndSubmit(OPERATIONAL, tx -> { for (AllowedAddressPairs aap : allowedAddresses) { InstanceIdentifier path = AclServiceUtils.getPortIdsPathInAclPortsLookup(aclName, aap.getIpAddress(), portId); - tx.delete(LogicalDatastoreType.OPERATIONAL, path); + tx.delete(path); } cleanUpStaleEntriesInAclPortsLookup(aclName, tx); })); - } + return futures; + }); } - return futures; } - private void cleanUpStaleEntriesInAclPortsLookup(String aclName, WriteTransaction tx) { + private void cleanUpStaleEntriesInAclPortsLookup(String aclName, TypedWriteTransaction tx) { AclPortsByIp aclPortsByIp = getAclPortsByIpFromOperDs(aclName); if (aclPortsByIp == null) { return; @@ -1356,13 +1197,13 @@ public final class AclServiceUtils { deleteEntireAcl = deleteMap; } if (deleteEntireAcl) { - tx.delete(LogicalDatastoreType.OPERATIONAL, AclServiceUtils.aclPortsByIpPath(aclName)); + tx.delete(AclServiceUtils.aclPortsByIpPath(aclName)); } else { for (AclIpPrefixes ipPrefix : ipPrefixes) { if (ipPrefix.getPortIds() == null || ipPrefix.getPortIds().isEmpty()) { InstanceIdentifier delPath = AclServiceUtils.getAclIpPrefixesPath(aclName, ipPrefix.getIpPrefix()); - tx.delete(LogicalDatastoreType.OPERATIONAL, delPath); + tx.delete(delPath); } } } @@ -1403,7 +1244,7 @@ public final class AclServiceUtils { // To handle overlapping rules, aclTag is added to priority priority += aclTag; } else { - LOG.warn("aclTag=[] is null or invalid for aclName={}", aclTag, aclName); + LOG.warn("aclTag={} is null or invalid for aclName={}", aclTag, aclName); } return priority; } @@ -1421,13 +1262,15 @@ public final class AclServiceUtils { int hardTimeout = AclConstants.SECURITY_GROUP_ICMP_IDLE_TIME_OUT; Matches matches = ace.getMatches(); AceIp acl = (AceIp) matches.getAceType(); - Short protocol = acl.getProtocol(); + Short protocol = acl.getProtocol() != null ? acl.getProtocol().toJava() : null; if (protocol == null) { return hardTimeout; - } else if (protocol == NwConstants.IP_PROT_TCP) { - hardTimeout = aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout(); - } else if (protocol == NwConstants.IP_PROT_UDP) { - hardTimeout = aclServiceUtils.getConfig().getSecurityGroupUdpIdleTimeout(); + } else if (protocol == NwConstants.IP_PROT_TCP + && aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout() != null) { + hardTimeout = aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout().toJava(); + } else if (protocol == NwConstants.IP_PROT_UDP + && aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout() != null) { + hardTimeout = aclServiceUtils.getConfig().getSecurityGroupUdpIdleTimeout().toJava(); } return hardTimeout; } @@ -1457,39 +1300,74 @@ public final class AclServiceUtils { return instructions; } - public static List excludeMulticastAAPs(List allowedAddresses) { + public static List excludeMulticastAAPs(@Nullable List allowedAddresses) { List filteredAAPs = new ArrayList<>(); - for (AllowedAddressPairs allowedAddress : allowedAddresses) { - InetAddress inetAddr = getInetAddress(allowedAddress.getIpAddress()); - if (inetAddr != null && !inetAddr.isMulticastAddress()) { - filteredAAPs.add(allowedAddress); + if (allowedAddresses != null) { + for (AllowedAddressPairs allowedAddress : allowedAddresses) { + InetAddress inetAddr = getInetAddress(allowedAddress.getIpAddress()); + if (inetAddr != null && !inetAddr.isMulticastAddress()) { + filteredAAPs.add(allowedAddress); + } } } return filteredAAPs; } + public static String getRecoverServiceRegistryKey() { + return NetvirtAcl.class.toString(); + } + + @Nullable private static InetAddress getInetAddress(IpPrefixOrAddress ipPrefixOrAddress) { - InetAddress inetAddress = null; - String addr = null; + String addr; IpPrefix ipPrefix = ipPrefixOrAddress.getIpPrefix(); if (ipPrefix != null) { - addr = String.valueOf(ipPrefix.getValue()).split("/")[0]; + addr = ipPrefix.stringValue().split("/")[0]; } else { IpAddress ipAddress = ipPrefixOrAddress.getIpAddress(); if (ipAddress == null) { LOG.error("Invalid address : {}", ipPrefixOrAddress); return null; } else { - addr = String.valueOf(ipAddress.getValue()); + addr = ipAddress.stringValue(); } } try { - inetAddress = InetAddress.getByName(addr); + return InetAddress.getByName(addr); } catch (UnknownHostException e) { - LOG.error("Invalid address : {}", addr, e.getMessage()); + LOG.error("Invalid address : {}", addr, e); return null; } - return inetAddress; + } + + public static Boolean isIpv6Subnet(List subnetInfoList) { + if (subnetInfoList != null && !subnetInfoList.isEmpty()) { + for (SubnetInfo subnetInfo : subnetInfoList) { + if (subnetInfo != null && IpVersionV6.class.equals(subnetInfo.getIpVersion())) { + return true; + } + } + } + return false; + } + + /** + * Gets the subnet difference by performing (subnetInfo1 - subnetInfo2). + * + * @param subnetInfo1 the subnet info 1 + * @param subnetInfo2 the subnet info 2 + * @return the subnet diff + */ + public static List getSubnetDiff(List subnetInfo1, List subnetInfo2) { + if (subnetInfo1 == null) { + return Collections.emptyList(); + } + List newSubnetList = new ArrayList<>(subnetInfo1); + if (subnetInfo2 == null) { + return newSubnetList; + } + newSubnetList.removeAll(subnetInfo2); + return newSubnetList; } }