if (neutronPort.getPortSecurityEnabled()) {
this.processSecurityGroupUpdate(neutronPort);
}
+ if (isPortSecurityEnableUpdated(neutronPort)) {
+ this.processPortSecurityEnableUpdated(neutronPort);
+ }
}
if (!this.enabled) {
* added and removed and call the appropriate providers for updating the flows.
*/
try {
- NeutronPort originalPort = neutronPort.getOriginalPort();
List<NeutronSecurityGroup> addedGroup = getsecurityGroupChanged(neutronPort,
neutronPort.getOriginalPort());
List<NeutronSecurityGroup> deletedGroup = getsecurityGroupChanged(neutronPort.getOriginalPort(),
}
}
+ private void processPortSecurityEnableUpdated(NeutronPort neutronPort) {
+ LOG.trace("processPortSecurityEnableUpdated:" + neutronPort);
+ securityServicesManager.syncFixedSecurityGroup(neutronPort,
+ neutronPort.getPortSecurityEnabled());
+ }
+
+ private boolean isPortSecurityEnableUpdated(NeutronPort neutronPort) {
+ LOG.trace("isPortSecuirtyEnableUpdated:" + neutronPort);
+ if (neutronPort.getOriginalPort().getPortSecurityEnabled()
+ != neutronPort.getPortSecurityEnabled()) {
+ return true;
+ }
+ return false;
+ }
+
+
private List<NeutronSecurityGroup> getsecurityGroupChanged(NeutronPort port1, NeutronPort port2) {
LOG.trace("getsecurityGroupChanged:" + "Port1:" + port1 + "Port2" + port2);
if (port1 == null) {
}
+ @Override
+ public void syncFixedSecurityGroup(NeutronPort port, boolean write) {
+
+ Node node = getNode(port);
+ if (node == null) {
+ return;
+ }
+ NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
+ if (null == neutronNetwork) {
+ neutronNetwork = neutronL3Adapter.getNetworkFromCleanupCache(port.getNetworkUUID());
+ if (neutronNetwork == null) {
+ return;
+ }
+ }
+ OvsdbTerminationPointAugmentation intf = getInterface(node, port);
+ if (intf == null) {
+ return;
+ }
+ String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
+ if (attachedMac == null) {
+ LOG.debug("syncFixedSecurityGroup: No AttachedMac seen in {}", intf);
+ return;
+ }
+ long dpid = getDpidOfIntegrationBridge(node);
+ if (dpid == 0L) {
+ return;
+ }
+ String segmentationId = neutronNetwork.getProviderSegmentationID();
+ long localPort = southbound.getOFPort(intf);
+ NeutronPort dhcpPort = this.getDhcpServerPort(intf);
+ List<Neutron_IPs> srcAddressList = null;
+ srcAddressList = this.getIpAddressList(intf);
+ ingressAclProvider.programFixedSecurityGroup(dpid, segmentationId,
+ dhcpPort.getMacAddress(), localPort, attachedMac, write);
+ egressAclProvider.programFixedSecurityGroup(dpid, segmentationId,
+ attachedMac, localPort, srcAddressList, write);;
+
+ }
+
@Override
public void syncSecurityGroup(NeutronPort port, List<NeutronSecurityGroup> securityGroupList, boolean write) {
LOG.trace("syncSecurityGroup:" + securityGroupList + " Write:" + write);
NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
if (null == neutronNetwork) {
neutronNetwork = neutronL3Adapter.getNetworkFromCleanupCache(port.getNetworkUUID());
- }
- if (neutronNetwork == null) {
- return;
+ if (neutronNetwork == null) {
+ return;
+ }
}
String segmentationId = neutronNetwork.getProviderSegmentationID();
OvsdbTerminationPointAugmentation intf = getInterface(node, port);
long localPort = southbound.getOFPort(intf);
String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
if (attachedMac == null) {
- LOG.debug("programVlanRules: No AttachedMac seen in {}", intf);
+ LOG.debug("syncSecurityGroup: No AttachedMac seen in {}", intf);
return;
}
long dpid = getDpidOfIntegrationBridge(node);
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.ports.rev150712.port.attributes.FixedIps;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.ports.rev150712.ports.attributes.Ports;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.ports.rev150712.ports.attributes.ports.Port;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.portsecurity.rev150712.PortSecurityExtension;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
import org.opendaylight.yangtools.concepts.ListenerRegistration;
import org.opendaylight.yangtools.yang.binding.DataObject;
}
result.setBindingvifType(binding.getVifType());
result.setBindingvnicType(binding.getVnicType());
+ PortSecurityExtension portSecurity = port.getAugmentation(PortSecurityExtension.class);
+ if (portSecurity != null && portSecurity.isPortSecurityEnabled() != null) {
+ result.setPortSecurityEnabled(portSecurity.isPortSecurityEnabled());
+ }
}
private Map<String,NeutronPort> getChangedPorts(Map<InstanceIdentifier<?>, DataObject> changedData) {