protected void programAceRule(List<FlowEntity> flowEntries, AclInterface port, String aclName, Ace ace,
int addOrRemove) {
SecurityRuleAttr aceAttr = AclServiceUtils.getAccessListAttributes(ace);
+ if (aceAttr == null) {
+ LOG.error("Ace {} of Acl {} is either null or not having SecurityRuleAttr",
+ ((ace == null) ? null : ace.getRuleName()), aclName);
+ return;
+ }
if (addOrRemove == NwConstants.ADD_FLOW && aceAttr.isDeleted()) {
LOG.trace("Ignoring {} rule which is already deleted", ace.getRuleName());
return;
@Override
protected void remove(InstanceIdentifier<Acl> key, Acl acl) {
- String aclName = acl.getAclName();
- if (!AclServiceUtils.isOfAclInterest(acl)) {
- LOG.trace("{} does not have SecurityRuleAttr augmentation", aclName);
- return;
- }
-
LOG.trace("On remove event, remove ACL: {}", acl);
+ String aclName = acl.getAclName();
this.aclDataUtil.removeAcl(aclName);
Integer aclTag = this.aclDataUtil.getAclTag(aclName);
if (aclTag != null) {
this.aclDataUtil.removeAclTag(aclName);
- this.aclServiceUtils.releaseAclTag(aclName);
}
updateRemoteAclCache(acl.getAccessListEntries().getAce(), aclName, AclServiceManager.Action.REMOVE);
if (aclClusterUtil.isEntityOwner()) {
+ if (aclTag != null) {
+ this.aclServiceUtils.releaseAclTag(aclName);
+ }
// Handle Rule deletion If SG Remove event is received before SG Rule delete event
List<Ace> aceList = acl.getAccessListEntries().getAce();
Collection<AclInterface> aclInterfaces =
@Override
protected void update(InstanceIdentifier<Acl> key, Acl aclBefore, Acl aclAfter) {
- if (!AclServiceUtils.isOfAclInterest(aclAfter) && !AclServiceUtils.isOfAclInterest(aclBefore)) {
- LOG.trace("before {} and after {} does not have SecurityRuleAttr augmentation",
- aclBefore.getAclName(), aclAfter.getAclName());
- return;
- }
String aclName = aclAfter.getAclName();
Collection<AclInterface> interfacesBefore =
ImmutableSet.copyOf(aclDataUtil.getInterfaceList(new Uuid(aclName)));
@Override
protected void add(InstanceIdentifier<Acl> key, Acl acl) {
- String aclName = acl.getAclName();
- if (!AclServiceUtils.isOfAclInterest(acl)) {
- LOG.trace("{} does not have SecurityRuleAttr augmentation", aclName);
- return;
- }
-
LOG.trace("On add event, add ACL: {}", acl);
this.aclDataUtil.addAcl(acl);
+ String aclName = acl.getAclName();
Integer aclTag = this.aclServiceUtils.allocateAclTag(aclName);
if (aclTag != null && aclTag != AclConstants.INVALID_ACL_TAG) {
this.aclDataUtil.addAclTag(aclName, aclTag);
if (AclServiceUtils.isOfInterest(aclInterface)) {
List<Uuid> aclList = aclInterface.getSecurityGroups();
if (aclList != null) {
- aclDataUtil.addAclInterfaceMap(aclList, aclInterface);
+ aclDataUtil.addOrUpdateAclInterfaceMap(aclList, aclInterface);
}
if (aclInterface.getElanId() == null) {
LOG.debug("On Add event, skip ADD since ElanId is not updated");
return this.aclMap.get(aclName);
}
- public void addAclInterfaceMap(List<Uuid> aclList, AclInterface port) {
- for (Uuid acl : aclList) {
- addAclInterface(acl, port);
- }
- }
-
- private void addAclInterface(Uuid acl, AclInterface port) {
- aclInterfaceMap.computeIfAbsent(acl, key -> new ConcurrentHashMap<>())
- .putIfAbsent(port.getInterfaceId(), port);
- }
-
public void addOrUpdateAclInterfaceMap(List<Uuid> aclList, AclInterface port) {
for (Uuid acl : aclList) {
aclInterfaceMap.computeIfAbsent(acl, key -> new ConcurrentHashMap<>()).put(port.getInterfaceId(), port);
@Nullable
public static SecurityRuleAttr getAccessListAttributes(Ace ace) {
if (ace == null) {
- LOG.error("Ace is Null");
return null;
}
SecurityRuleAttr aceAttributes = ace.augmentation(SecurityRuleAttr.class);
if (aceAttributes == null) {
- LOG.error("Ace is null");
return null;
}
return aceAttributes;
return flowMatches;
}
- public static boolean isOfAclInterest(Acl acl) {
- if (acl.getAccessListEntries() != null) {
- List<Ace> aceList = acl.getAccessListEntries().getAce();
- if (aceList != null && !aceList.isEmpty()) {
- return aceList.get(0).augmentation(SecurityRuleAttr.class) != null;
- }
- }
- return false;
- }
-
/**
* Builds the ip protocol matches.
*
if (accessListEntries != null && accessListEntries.getAce() != null) {
for (Ace ace : accessListEntries.getAce()) {
SecurityRuleAttr aceAttr = AclServiceUtils.getAccessListAttributes(ace);
- if (Objects.equals(aceAttr.getDirection(), direction) && doesAceHaveRemoteGroupId(aceAttr)) {
+ if (aceAttr != null && Objects.equals(aceAttr.getDirection(), direction)
+ && doesAceHaveRemoteGroupId(aceAttr)) {
remoteAclIds.add(aceAttr.getRemoteGroupId());
}
}
final BigInteger dpId = new BigInteger("123");
assertFalse(aclDataUtil.doesDpnHaveAclInterface(dpId));
- aclDataUtil.addAclInterfaceMap(Arrays.asList(ACL1, ACL2), PORT1);
+ aclDataUtil.addOrUpdateAclInterfaceMap(Arrays.asList(ACL1, ACL2), PORT1);
assertAclInterfaces(ACL1, PORT1);
assertAclInterfaces(ACL2, PORT1);
- aclDataUtil.addAclInterfaceMap(Arrays.asList(ACL1), PORT2);
+ aclDataUtil.addOrUpdateAclInterfaceMap(Arrays.asList(ACL1), PORT2);
assertAclInterfaces(ACL1, PORT1, PORT2);
assertAclInterfaces(ACL2, PORT1);
assertFalse(aclDataUtil.doesDpnHaveAclInterface(dpId));
- aclDataUtil.addAclInterfaceMap(Arrays.asList(ACL1), PORT2);
+ aclDataUtil.addOrUpdateAclInterfaceMap(Arrays.asList(ACL1), PORT2);
assertAclInterfaces(ACL1, PORT1, PORT2);
aclDataUtil.addOrUpdateAclInterfaceMap(Arrays.asList(ACL1), PORT3);
assertNotNull(map);
assertEquals(0, map.size());
- aclDataUtil.addAclInterfaceMap(Arrays.asList(ACL2), PORT1);
- aclDataUtil.addAclInterfaceMap(Arrays.asList(ACL2), PORT2);
+ aclDataUtil.addOrUpdateAclInterfaceMap(Arrays.asList(ACL2), PORT1);
+ aclDataUtil.addOrUpdateAclInterfaceMap(Arrays.asList(ACL2), PORT2);
map = aclDataUtil.getRemoteAclInterfaces(ACL1, direction);
assertEquals(1, map.size());
assertAclInterfaces(map.get(ACL2.getValue()), PORT1, PORT2);
- aclDataUtil.addAclInterfaceMap(Arrays.asList(ACL3), PORT3);
+ aclDataUtil.addOrUpdateAclInterfaceMap(Arrays.asList(ACL3), PORT3);
map = aclDataUtil.getRemoteAclInterfaces(ACL1, direction);
assertEquals(2, map.size());
assertAclInterfaces(map.get(ACL2.getValue()), PORT1, PORT2);