Code Review / netvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 662b6f9)
NETVIRT-1123: Remote ACL issue during cross SG rules 09/68809/2
authorSomashekar Byrappa <somashekar.b@altencalsoftlabs.com>
Tue, 27 Feb 2018 10:46:35 +0000 (16:16 +0530)
committerSomashekar Byrappa <somashekar.b@altencalsoftlabs.com>
Wed, 28 Feb 2018 06:25:23 +0000 (11:55 +0530)
Remote ACL table was not programmed when port is the first port on
the dpn for a remote ACL in the below scenario.

VM1(sg1) <-> VM2(sg2)

sg1 -> allow icmp to/from sg2
sg2 -> allow icmp to/from sg1

Change-Id: I7991daa98730a9922aa52665489345a43b66f2c8
Signed-off-by: Somashekar Byrappa <somashekar.b@altencalsoftlabs.com>
aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.java patch | blob | history

diff --git a/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.java b/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.java
index 3b220a8d02dc2e3c4dcd0926a9531ecc97d858e0..13ee33e0197d6f7bfdcb7b61c24c10267969f593 100644 (file)
--- a/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.java
+++ b/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.java
@@ -685,9 +685,12 @@ public abstract class AbstractAclServiceImpl implements AclServiceListener {
                         syncRemoteAclTable(portId, aclId, aclTag, aaps, addOrRemove);
                     }
                 }
-                syncRemoteAclTableFromOtherDpns(port, aclId, aclTag, addOrRemove);
             }
         }
+        Set<Uuid> remoteAclIds = aclServiceUtils.getRemoteAclIdsByDirection(aclList, direction);
+        for (Uuid remoteAclId : remoteAclIds) {
+            syncRemoteAclTableFromOtherDpns(port, remoteAclId, addOrRemove);
+        }
     }
 
     private void syncRemoteAclTable(String portId, Uuid acl, Integer aclTag, List<AllowedAddressPairs> aaps,
@@ -710,33 +713,42 @@ public abstract class AbstractAclServiceImpl implements AclServiceListener {
         }
     }
 
-    private void syncRemoteAclTableFromOtherDpns(AclInterface port, Uuid acl, Integer aclTag, int addOrRemove) {
-        Collection<AclInterface> aclInterfaces = aclDataUtil.getInterfaceList(acl);
-        BigInteger dpId = port.getDpId();
-        boolean isFirstPortInDpn = true;
-        if (aclInterfaces != null) {
+    private void syncRemoteAclTableFromOtherDpns(AclInterface port, Uuid remoteAclId, int addOrRemove) {
+        Collection<AclInterface> aclInterfaces = aclDataUtil.getInterfaceList(remoteAclId);
+
+        if (aclInterfaces != null && !aclInterfaces.isEmpty() && isFirstPortInDpnWithRemoteAclId(port, remoteAclId)) {
+            Integer aclTag = aclServiceUtils.getAclTag(remoteAclId);
             for (AclInterface aclInterface : aclInterfaces) {
                 if (port.getInterfaceId().equals(aclInterface.getInterfaceId())) {
                     continue;
                 }
-                if (dpId.equals(aclInterface.getDpId())) {
-                    isFirstPortInDpn = false;
-                    break;
+                for (AllowedAddressPairs aap : aclInterface.getAllowedAddressPairs()) {
+                    if (AclServiceUtils.isNotIpAllNetwork(aap)) {
+                        programRemoteAclTableFlow(port.getDpId(), aclTag, aap, addOrRemove);
+                    }
                 }
             }
-            if (isFirstPortInDpn) {
-                for (AclInterface aclInterface : aclInterfaces) {
-                    if (port.getInterfaceId().equals(aclInterface.getInterfaceId())) {
+        }
+    }
+
+    private boolean isFirstPortInDpnWithRemoteAclId(AclInterface port, Uuid remoteAclId) {
+        String portId = port.getInterfaceId();
+        BigInteger dpId = port.getDpId();
+        Map<String, Set<AclInterface>> remoteAclInterfacesMap =
+                aclDataUtil.getRemoteAclInterfaces(remoteAclId, direction);
+        if (remoteAclInterfacesMap != null) {
+            for (Set<AclInterface> interfaceSet : remoteAclInterfacesMap.values()) {
+                for (AclInterface aclInterface : interfaceSet) {
+                    if (portId.equals(aclInterface.getInterfaceId())) {
                         continue;
                     }
-                    for (AllowedAddressPairs aap : aclInterface.getAllowedAddressPairs()) {
-                        if (AclServiceUtils.isNotIpAllNetwork(aap)) {
-                            programRemoteAclTableFlow(port.getDpId(), aclTag, aap, addOrRemove);
-                        }
+                    if (dpId.equals(aclInterface.getDpId())) {
+                        return false;
                     }
                 }
             }
         }
+        return true;
     }
 
     protected abstract void programRemoteAclTableFlow(BigInteger dpId, Integer aclTag, AllowedAddressPairs aap,
NetVirt - Archived