import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfo;
/**
* The Class AclInterface.
/** The allowed address pairs. */
private final List<AllowedAddressPairs> allowedAddressPairs;
- /** The IP broadcast CIDRs. */
- private final List<IpPrefixOrAddress> subnetIpPrefixes;
+ /** List to contain subnet IP CIDRs along with subnet gateway IP. */
+ List<SubnetInfo> subnetInfo;
/** The ingress remote acl tags. */
private final SortedSet<Integer> ingressRemoteAclTags;
this.portSecurityEnabled = builder.portSecurityEnabled;
this.securityGroups = builder.securityGroups;
this.allowedAddressPairs = builder.allowedAddressPairs;
- this.subnetIpPrefixes = builder.subnetIpPrefixes;
+ this.subnetInfo = builder.subnetInfo;
this.ingressRemoteAclTags = builder.ingressRemoteAclTags;
this.egressRemoteAclTags = builder.egressRemoteAclTags;
this.isMarkedForDelete = builder.isMarkedForDelete;
}
/**
- * Gets the Subnet IP Prefix.
+ * Gets the Subnet info.
*
- * @return the Subnet IP Prefix
+ * @return the Subnet info
*/
- public List<IpPrefixOrAddress> getSubnetIpPrefixes() {
- return subnetIpPrefixes;
+ public List<SubnetInfo> getSubnetInfo() {
+ return subnetInfo;
}
/**
public String toString() {
return "AclInterface [interfaceId=" + interfaceId + ", lportTag=" + lportTag + ", dpId=" + dpId + ", elanId="
+ elanId + ", portSecurityEnabled=" + portSecurityEnabled + ", securityGroups=" + securityGroups
- + ", allowedAddressPairs=" + allowedAddressPairs + ", subnetIpPrefixes=" + subnetIpPrefixes
+ + ", allowedAddressPairs=" + allowedAddressPairs + ", subnetInfo=" + subnetInfo
+ ", ingressRemoteAclTags=" + ingressRemoteAclTags + ", egressRemoteAclTags=" + egressRemoteAclTags
+ ", isMarkedForDelete=" + isMarkedForDelete + "]";
}
private boolean portSecurityEnabled;
private List<Uuid> securityGroups;
private List<AllowedAddressPairs> allowedAddressPairs;
- private List<IpPrefixOrAddress> subnetIpPrefixes;
+ private List<SubnetInfo> subnetInfo;
private SortedSet<Integer> ingressRemoteAclTags;
private SortedSet<Integer> egressRemoteAclTags;
private boolean isMarkedForDelete;
this.portSecurityEnabled = from.portSecurityEnabled;
this.securityGroups = from.securityGroups;
this.allowedAddressPairs = from.allowedAddressPairs;
- this.subnetIpPrefixes = from.subnetIpPrefixes;
+ this.subnetInfo = from.subnetInfo;
this.ingressRemoteAclTags = from.ingressRemoteAclTags;
this.egressRemoteAclTags = from.egressRemoteAclTags;
this.isMarkedForDelete = from.isMarkedForDelete;
return this;
}
- public Builder subnetIpPrefixes(List<IpPrefixOrAddress> list) {
- this.subnetIpPrefixes = list == null ? null : ImmutableList.copyOf(list);
+ public Builder subnetInfo(List<SubnetInfo> list) {
+ this.subnetInfo = list == null ? null : ImmutableList.copyOf(list);
return this;
}
}
+ // IP VERSION
+ identity ip-version-base {
+ description "the base identity for ip versions";
+ }
+
+ identity ip-version-v4 {
+ description "IPv4";
+ base ip-version-base;
+ }
+
+ identity ip-version-v6 {
+ description "IPv6";
+ base ip-version-base;
+ }
+
+ // DHCP
+ identity dhcpv6-base {
+ description "the base identity for DHCPv6 information";
+ }
+
+ identity dhcpv6-off {
+ description "DHCPv6 off";
+ base dhcpv6-base;
+ }
+
+ identity dhcpv6-stateful {
+ description "DHCPv6 stateful";
+ base dhcpv6-base;
+ }
+
+ identity dhcpv6-slaac {
+ description "SLAAC";
+ base dhcpv6-base;
+ }
+
+ identity dhcpv6-stateless {
+ description "DHCPv6 stateless";
+ base dhcpv6-base;
+ }
+
typedef ip-prefix-or-address {
description "ip prefix or ip address";
type union {
}
}
- container ports-subnet-ip-prefixes {
- list port-subnet-ip-prefixes {
+ container port-subnets {
+ config false;
+ list port-subnet {
key port-id;
leaf port-id {
type string;
description "Port ID";
}
- leaf-list subnet-ip-prefixes {
- type ip-prefix-or-address;
- description "Subnet IP Prefixes of the Port.";
+ list subnet-info {
+ key subnet-id;
+ leaf subnet-id {
+ type yang:uuid;
+ description "Subnet ID";
+ }
+ leaf ip-version {
+ description "IP version";
+ type identityref {
+ base "ip-version-base";
+ }
+ }
+ leaf ip-prefix {
+ type ip-prefix-or-address;
+ description "Subnet IP prefix.";
+ }
+ leaf ipv6-ra-mode {
+ description "IPv6 RA mode";
+ type identityref {
+ base "dhcpv6-base";
+ }
+ }
+ leaf gateway-ip {
+ type inet:ip-address;
+ description "default gateway used by devices in this subnet";
+ }
}
}
}
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
programAclWithAllowedAddress(portAfter, addedAaps, Action.UPDATE, NwConstants.ADD_FLOW);
updateRemoteAclFilterTable(portAfter, portAfter.getSecurityGroups(), addedAaps, NwConstants.ADD_FLOW);
}
- if (portAfter.getSubnetIpPrefixes() != null && portBefore.getSubnetIpPrefixes() == null) {
+ if (portAfter.getSubnetInfo() != null && portBefore.getSubnetInfo() == null) {
programBroadcastRules(portAfter, NwConstants.ADD_FLOW);
}
+ handleSubnetChange(portBefore, portAfter);
List<Uuid> addedAcls = AclServiceUtils.getUpdatedAclList(portAfter.getSecurityGroups(),
portBefore.getSecurityGroups());
handleAclChange(portAfter, addedAcls, NwConstants.ADD_FLOW);
}
+ private void handleSubnetChange(AclInterface portBefore, AclInterface portAfter) {
+ List<SubnetInfo> deletedSubnets =
+ AclServiceUtils.getSubnetDiff(portBefore.getSubnetInfo(), portAfter.getSubnetInfo());
+ List<SubnetInfo> addedSubnets =
+ AclServiceUtils.getSubnetDiff(portAfter.getSubnetInfo(), portBefore.getSubnetInfo());
+
+ if (deletedSubnets != null && !deletedSubnets.isEmpty()) {
+ programIcmpv6RARule(portAfter, deletedSubnets, NwConstants.DEL_FLOW);
+ }
+ if (addedSubnets != null && !addedSubnets.isEmpty()) {
+ programIcmpv6RARule(portAfter, addedSubnets, NwConstants.ADD_FLOW);
+ }
+ }
+
private void handleAclChange(AclInterface port, List<Uuid> aclList, int addOrRemove) {
int operationForAclRules = (addOrRemove == NwConstants.DEL_FLOW) ? NwConstants.MOD_FLOW : addOrRemove;
programAclRules(port, aclList, operationForAclRules);
*/
protected abstract void programBroadcastRules(AclInterface port, int addOrRemove);
+ protected abstract void programIcmpv6RARule(AclInterface port, List<SubnetInfo> subnets, int addOrRemove);
+
/**
* Writes/remove the flow to/from the datastore.
*
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfo;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
}
}
+ @Override
+ protected void programIcmpv6RARule(AclInterface port, List<SubnetInfo> subnets, int addOrRemove) {
+ // No action required on egress.
+ }
+
/**
* Programs broadcast rules.
*
import org.opendaylight.genius.utils.ServiceIndex;
import org.opendaylight.infrautils.jobcoordinator.JobCoordinator;
import org.opendaylight.netvirt.aclservice.api.AclInterfaceCache;
+import org.opendaylight.netvirt.aclservice.api.AclServiceManager;
import org.opendaylight.netvirt.aclservice.api.AclServiceManager.Action;
import org.opendaylight.netvirt.aclservice.api.AclServiceManager.MatchCriteria;
import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
import org.opendaylight.netvirt.aclservice.utils.AclServiceOFFlowBuilder;
import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfo;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
if (action == Action.ADD || action == Action.REMOVE) {
ingressAclDhcpAllowServerTraffic(dpid, lportTag, addOrRemove);
ingressAclDhcpv6AllowServerTraffic(dpid, lportTag, addOrRemove);
- ingressAclIcmpv6AllowedTraffic(dpid, lportTag, addOrRemove);
+ ingressAclIcmpv6AllowedTraffic(port, addOrRemove);
+ programIcmpv6RARule(port, port.getSubnetInfo(), addOrRemove);
programArpRule(dpid, lportTag, addOrRemove);
programIpv4BroadcastRule(port, addOrRemove);
}
/**
- * Add rules to ensure that certain ICMPv6 like MLD_QUERY (130), NS (135), NA (136) are allowed into the VM.
+ * Add rules to ensure that certain ICMPv6 like MLD_QUERY (130), RS (134), NS (135), NA (136) are
+ * allowed into the VM.
*
- * @param dpId the dpid
- * @param lportTag the lport tag
+ * @param port the port
* @param addOrRemove is write or delete
*/
- private void ingressAclIcmpv6AllowedTraffic(BigInteger dpId, int lportTag, int addOrRemove) {
+ private void ingressAclIcmpv6AllowedTraffic(AclInterface port, int addOrRemove) {
+ BigInteger dpId = port.getDpId();
+ int lportTag = port.getLPortTag();
List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions();
// Allow ICMPv6 Multicast Listener Query packets.
AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
+ @Override
+ protected void programIcmpv6RARule(AclInterface port, List<SubnetInfo> subnets, int addOrRemove) {
+ // Allow ICMPv6 Router Advertisement packets from external routers only if ipv6_ra_mode is not
+ // specified for an IPv6 subnet.
+ if (!AclServiceUtils.isIpv6RaAllowedFromExternalRouters(subnets)) {
+ return;
+ }
+ List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions();
+ List<MatchInfoBase> matches =
+ AclServiceUtils.buildIcmpV6Matches(AclConstants.ICMPV6_TYPE_RA, 0, port.getLPortTag(), serviceMode);
+ // Allow ICMPv6 Router Advertisement packets if originating from any LinkLocal Address.
+ matches.addAll(AclServiceUtils.buildIpMatches(
+ new IpPrefixOrAddress(new IpPrefix(AclConstants.IPV6_LINK_LOCAL_PREFIX.toCharArray())),
+ AclServiceManager.MatchCriteria.MATCH_SOURCE));
+
+ String flowName = "Ingress_ICMPv6" + "_" + port.getDpId() + "_" + port.getLPortTag() + "_"
+ + AclConstants.ICMPV6_TYPE_RA + "_LinkLocal_Permit_";
+ syncFlow(port.getDpId(), getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_IPV6_ALLOWED_PRIORITY, "ACL",
+ 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
+ }
+
/**
* Adds the rule to allow arp packets.
*
BigInteger dpId = port.getDpId();
int lportTag = port.getLPortTag();
MatchInfoBase lportMatchInfo = AclServiceUtils.buildLPortTagMatch(lportTag, serviceMode);
- List<IpPrefixOrAddress> cidrs = port.getSubnetIpPrefixes();
- if (cidrs != null) {
- List<String> broadcastAddresses = AclServiceUtils.getIpBroadcastAddresses(cidrs);
+ List<SubnetInfo> subnetInfoList = port.getSubnetInfo();
+ if (subnetInfoList != null) {
+ List<String> broadcastAddresses = AclServiceUtils.getIpBroadcastAddresses(subnetInfoList);
for (String broadcastAddress : broadcastAddresses) {
List<MatchInfoBase> matches =
AclServiceUtils.buildBroadcastIpV4Matches(broadcastAddress);
if (aclInterface.getDpId() != null) {
aclServiceManager.notify(aclInterface, null, Action.REMOVE);
}
- AclServiceUtils.deleteSubnetIpPrefixes(dataBroker, interfaceId);
+ aclServiceUtils.deleteSubnetInfo(interfaceId);
}
}
}
.lPortTag(interfaceState.getIfIndex()).isMarkedForDelete(false);
}
- if (prevAclInterface == null) {
- builder.subnetIpPrefixes(AclServiceUtils.getSubnetIpPrefixes(dataBroker, interfaceId));
- }
+ builder.subnetInfo(aclServiceUtils.getSubnetInfo(interfaceId));
if (prevAclInterface == null || prevAclInterface.getElanId() == null) {
builder.elanId(AclServiceUtils.getElanIdFromInterface(interfaceId, dataBroker));
}
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfo;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
.isMarkedForDelete(false);
if (AclServiceUtils.isOfInterest(prevAclInterface)) {
- if (prevAclInterface.getSubnetIpPrefixes() == null) {
+ if (prevAclInterface.getSubnetInfo() == null) {
// For upgrades
- List<IpPrefixOrAddress> subnetIpPrefixes = AclServiceUtils.getSubnetIpPrefixes(dataBroker,
- added.getName());
- builder.subnetIpPrefixes(subnetIpPrefixes);
+ List<SubnetInfo> subnetInfo = aclServiceUtils.getSubnetInfo(added.getName());
+ builder.subnetInfo(subnetInfo);
}
SortedSet<Integer> ingressRemoteAclTags =
aclServiceUtils.getRemoteAclTags(aclInPort.getSecurityGroups(), DirectionIngress.class);
String IPV4_ALL_NETWORK = "0.0.0.0/0";
String IPV6_ALL_NETWORK = "::/0";
+ String IPV6_LINK_LOCAL_PREFIX = "fe80::/10";
String BROADCAST_MAC = "ff:ff:ff:ff:ff:ff";
String IPV4_ALL_SUBNET_BROADCAST_ADDR = "255.255.255.255";
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.PortsSubnetIpPrefixes;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionV6;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.PortSubnets;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.acl.ports.lookup.AclPortsByIp;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.acl.ports.lookup.AclPortsByIpKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.acl.ports.lookup.acl.ports.by.ip.acl.ip.prefixes.PortIdsBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.acl.ports.lookup.acl.ports.by.ip.acl.ip.prefixes.PortIdsKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.ports.subnet.ip.prefixes.PortSubnetIpPrefixes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.ports.subnet.ip.prefixes.PortSubnetIpPrefixesKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.PortSubnet;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.PortSubnetKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfo;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.ElanInstances;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.ElanInterfaces;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.instances.ElanInstance;
*/
public static List<MatchInfoBase> buildIcmpV6Matches(int icmpType, int icmpCode, int lportTag,
Class<? extends ServiceModeBase> serviceMode) {
- List<MatchInfoBase> matches = new ArrayList<>(6);
+ List<MatchInfoBase> matches = new ArrayList<>();
matches.add(MatchEthernetType.IPV6);
matches.add(MatchIpProtocol.ICMPV6);
if (icmpType != 0) {
return dpId;
}
- public static List<String> getIpBroadcastAddresses(List<IpPrefixOrAddress> cidrs) {
+ public static List<String> getIpBroadcastAddresses(List<SubnetInfo> subnetInfoList) {
List<String> ipBroadcastAddresses = new ArrayList<>();
- for (IpPrefixOrAddress cidr : cidrs) {
- IpPrefix cidrIpPrefix = cidr.getIpPrefix();
+ for (SubnetInfo subnetInfo : subnetInfoList) {
+ IpPrefix cidrIpPrefix = subnetInfo.getIpPrefix().getIpPrefix();
if (cidrIpPrefix != null) {
Ipv4Prefix cidrIpv4Prefix = cidrIpPrefix.getIpv4Prefix();
if (cidrIpv4Prefix != null) {
.child(ElanInstance.class, new ElanInstanceKey(elanInstanceName)).build();
}
- public static List<IpPrefixOrAddress> getSubnetIpPrefixes(DataBroker broker, String portId) {
- InstanceIdentifier<PortSubnetIpPrefixes> id = InstanceIdentifier.builder(PortsSubnetIpPrefixes.class)
- .child(PortSubnetIpPrefixes.class, new PortSubnetIpPrefixesKey(portId)).build();
- Optional<PortSubnetIpPrefixes> portSubnetIpPrefixes = read(broker, LogicalDatastoreType.OPERATIONAL, id);
- if (portSubnetIpPrefixes.isPresent()) {
- return portSubnetIpPrefixes.get().getSubnetIpPrefixes();
+ public List<SubnetInfo> getSubnetInfo(String portId) {
+ InstanceIdentifier<PortSubnet> id = InstanceIdentifier.builder(PortSubnets.class)
+ .child(PortSubnet.class, new PortSubnetKey(portId)).build();
+
+ Optional<PortSubnet> portSubnet = read(dataBroker, LogicalDatastoreType.OPERATIONAL, id);
+ if (portSubnet.isPresent()) {
+ return portSubnet.get().getSubnetInfo();
}
return null;
}
- public static void deleteSubnetIpPrefixes(DataBroker broker, String portId) {
- InstanceIdentifier<PortSubnetIpPrefixes> id = InstanceIdentifier.builder(PortsSubnetIpPrefixes.class)
- .child(PortSubnetIpPrefixes.class, new PortSubnetIpPrefixesKey(portId)).build();
- MDSALUtil.syncDelete(broker, LogicalDatastoreType.OPERATIONAL, id);
+ public void deleteSubnetInfo(String portId) {
+ InstanceIdentifier<PortSubnet> id = InstanceIdentifier.builder(PortSubnets.class)
+ .child(PortSubnet.class, new PortSubnetKey(portId)).build();
+ try {
+ SingleTransactionDataBroker.syncDelete(dataBroker, LogicalDatastoreType.OPERATIONAL, id);
+ } catch (TransactionCommitFailedException e) {
+ LOG.error("Failed to delete subnet info for port={}", portId, e);
+ }
}
private static List<MatchInfoBase> updateAAPMatches(boolean isSourceIpMacMatch, List<MatchInfoBase> flows,
}
return inetAddress;
}
+
+ public static Boolean isIpv6RaAllowedFromExternalRouters(List<SubnetInfo> subnetInfoList) {
+ if (subnetInfoList != null && !subnetInfoList.isEmpty()) {
+ for (SubnetInfo subnetInfo : subnetInfoList) {
+ if (subnetInfo != null && IpVersionV6.class.equals(subnetInfo.getIpVersion())
+ && subnetInfo.getIpv6RaMode() == null) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Gets the subnet difference by performing (subnetInfo1 - subnetInfo2).
+ *
+ * @param subnetInfo1 the subnet info 1
+ * @param subnetInfo2 the subnet info 2
+ * @return the subnet diff
+ */
+ public static List<SubnetInfo> getSubnetDiff(List<SubnetInfo> subnetInfo1, List<SubnetInfo> subnetInfo2) {
+ if (subnetInfo1 == null) {
+ return Collections.emptyList();
+ }
+ List<SubnetInfo> newSubnetList = new ArrayList<>(subnetInfo1);
+ if (subnetInfo2 == null) {
+ return newSubnetList;
+ }
+ newSubnetList.removeAll(subnetInfo2);
+ return newSubnetList;
+ }
}
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.MatchesBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4Builder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionBase;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionV4;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairsBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfo;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfoBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfoKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.instances.ElanInstance;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.instances.ElanInstanceBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.interfaces.ElanInterface;
static String IP_PREFIX_2 = "10.0.0.2/32";
static String IP_PREFIX_3 = "10.0.0.3/32";
static String IP_PREFIX_4 = "10.0.0.4/32";
- static String SUBNET_IP_PREFIX_1 = "10.0.0.0/24";
static long ELAN_TAG = 5000L;
+ static String SUBNET_IP_PREFIX_1 = "10.0.0.0/24";
+ static Uuid SUBNET_ID_1 = new Uuid("39add98b-63b7-42e6-8368-ff807eee165e");
+ static SubnetInfo SUBNET_INFO_1 = buildSubnetInfo(SUBNET_ID_1, SUBNET_IP_PREFIX_1, IpVersionV4.class, "10.0.0.1");
+
static final AllowedAddressPairs AAP_PORT_1 = buildAap(IP_PREFIX_1, PORT_MAC_1);
static final AllowedAddressPairs AAP_PORT_2 = buildAap(IP_PREFIX_2, PORT_MAC_2);
static final AllowedAddressPairs AAP_PORT_3 = buildAap(IP_PREFIX_3, PORT_MAC_3);
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
testInterfaceManager.addInterfaceInfo(newInterfaceInfo("port1"));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName("port1")
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName("port1").addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
// When
putNewStateInterface(dataBroker, "port1", PORT_MAC_1);
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_1)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_2)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_1).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_2).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_UNSPECIFIED,
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_1)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_2)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_1).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_2).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_UNSPECIFIED,
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_1)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_2)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_1).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_2).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
// Given
Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_1)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_2)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_1).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_2).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
// Given
Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_1)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_2)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_1).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_2).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
// Given
prepareInterfaceWithIcmpAcl();
LOG.info("newInterfaceWithDstPortRange - start");
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_1)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_1).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
// Given
Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 333, 777, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
LOG.info("newInterfaceWithDstAllPorts - start");
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_1)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_1).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
// Given
Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 1, 65535, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
LOG.info("newInterfaceWithTwoAclsHavingSameRules - start");
newAllowedAddressPair(PORT_3, Arrays.asList(SG_UUID_1, SG_UUID_2), Collections.singletonList(AAP_PORT_3));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_3)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_3).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
// Given
Matches icmpEgressMatches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_2,
public void newInterfaceWithIcmpAclHavingOverlappingMac() throws Exception {
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_1)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_2)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_1).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_2).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
// Given
prepareInterfaceWithIcmpAcl();
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1),
Arrays.asList(AAP_PORT_2, buildAap(AclConstants.IPV4_ALL_NETWORK, PORT_MAC_2)));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_1)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_2)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_1).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_2).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
prepareInterfaceWithIcmpAcl();
// When
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1),
Arrays.asList(AAP_PORT_2, aapWithSameMac, aapWithDifferentMac));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_1)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
- dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder()
- .interfaceName(PORT_2)
- .addAllIpPrefixOrAddress(Collections.singletonList(
- new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_1).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
+ dataBrokerUtil.put(new IdentifiedPortSubnetBuilder().interfaceName(PORT_2).addAllSubnetInfo(
+ Collections.singletonList(SUBNET_INFO_1)));
prepareInterfaceWithIcmpAcl();
// When
.setMacAddress(new MacAddress(macAddress)).build();
}
+ protected static SubnetInfo buildSubnetInfo(Uuid subnetId, String ipPrefix,
+ Class<? extends IpVersionBase> ipVersion, String gwIp) {
+ return new SubnetInfoBuilder().setKey(new SubnetInfoKey(subnetId)).setIpVersion(ipVersion)
+ .setIpPrefix(new IpPrefixOrAddress(ipPrefix.toCharArray()))
+ .setGatewayIp(new IpAddress(gwIp.toCharArray())).build();
+ }
+
protected void setUpData() throws Exception {
newElan(ELAN, ELAN_TAG);
newElanInterface(ELAN, PORT_1, true);
*/
package org.opendaylight.netvirt.aclservice.tests
+import java.util.ArrayList
+import java.util.List
+import javax.annotation.concurrent.NotThreadSafe
import org.opendaylight.netvirt.aclservice.tests.infra.DataTreeIdentifierDataObjectPairBuilder
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.PortSubnets
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.PortSubnet
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.PortSubnetBuilder
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.PortSubnetKey
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfo
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier
import static org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType.OPERATIONAL
-import static extension org.opendaylight.mdsal.binding.testutils.XtendBuilderExtensions.operator_doubleGreaterThan
-import javax.annotation.concurrent.NotThreadSafe
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.ports.subnet.ip.prefixes.PortSubnetIpPrefixesBuilder
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.ports.subnet.ip.prefixes.PortSubnetIpPrefixesKey
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.ports.subnet.ip.prefixes.PortSubnetIpPrefixes
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.PortsSubnetIpPrefixes
-
-import java.util.List
-import java.util.ArrayList
+import static extension org.opendaylight.mdsal.binding.testutils.XtendBuilderExtensions.operator_doubleGreaterThan
@NotThreadSafe
-class IdentifiedSubnetIpPrefixBuilder implements DataTreeIdentifierDataObjectPairBuilder<PortSubnetIpPrefixes> {
+class IdentifiedPortSubnetBuilder implements DataTreeIdentifierDataObjectPairBuilder<PortSubnet> {
var String newInterfaceName
- List<IpPrefixOrAddress> newIpPrefixOrAddress = new ArrayList
+ List<SubnetInfo> subnetInfoList = new ArrayList
override dataObject() {
- new PortSubnetIpPrefixesBuilder >> [
- key = new PortSubnetIpPrefixesKey(newInterfaceName)
+ new PortSubnetBuilder >> [
+ key = new PortSubnetKey(newInterfaceName)
portId = newInterfaceName
- subnetIpPrefixes = newIpPrefixOrAddress
+ subnetInfo = subnetInfoList
]
}
override identifier() {
- InstanceIdentifier.builder(PortsSubnetIpPrefixes)
- .child(PortSubnetIpPrefixes, new PortSubnetIpPrefixesKey(newInterfaceName)).build
+ InstanceIdentifier.builder(PortSubnets)
+ .child(PortSubnet, new PortSubnetKey(newInterfaceName)).build
}
override type() {
this
}
- def addAllIpPrefixOrAddress(List<IpPrefixOrAddress> ipPrefixOrAddress) {
- this.newIpPrefixOrAddress.addAll(ipPrefixOrAddress)
+ def addAllSubnetInfo(List<SubnetInfo> subnetInfoList) {
+ this.subnetInfoList.addAll(subnetInfoList)
this
}
private static final String ACL_INT_TAB = " %-4s %-4s %-4s %-4s %-4s %-6s %-20s %-20s %-4s";
private static final String ACL_INT_TAB_FOR = KEY_TAB + ACL_INT_TAB;
private static final String ACL_INT_HEAD = String.format(ACL_INT_TAB_FOR, "UUID", "PortSecurityEnabled",
- "InterfaceId", "LPortTag", "DpId", "ElanId", "SecurityGroups", "AllowedAddressPairs", "SubnetIpPrefixes",
+ "InterfaceId", "LPortTag", "DpId", "ElanId", "SecurityGroups", "AllowedAddressPairs", "SubnetInfo",
"MarkedForDelete")
+ "\n -------------------------------------------------------------------------------------------------";
private static final String REM_ID_TAB = " %-20s ";
aclInterface.isPortSecurityEnabled(), aclInterface.getInterfaceId(),
aclInterface.getLPortTag(), aclInterface.getDpId(), aclInterface.getElanId(),
aclInterface.getSecurityGroups(), aclInterface.getAllowedAddressPairs(),
- aclInterface.getSubnetIpPrefixes(), aclInterface.isMarkedForDelete()));
+ aclInterface.getSubnetInfo(), aclInterface.isMarkedForDelete()));
}
}
} else if (uuidStr == null) {
aclInterface.isPortSecurityEnabled(), aclInterface.getInterfaceId(),
aclInterface.getLPortTag(), aclInterface.getDpId(), aclInterface.getElanId(),
aclInterface.getSecurityGroups(), aclInterface.getAllowedAddressPairs(),
- aclInterface.getSubnetIpPrefixes(), aclInterface.isMarkedForDelete()));
+ aclInterface.getSubnetInfo(), aclInterface.isMarkedForDelete()));
}
}
}
aclInterface.isPortSecurityEnabled(), aclInterface.getInterfaceId(),
aclInterface.getLPortTag(), aclInterface.getDpId(), aclInterface.getElanId(),
aclInterface.getSecurityGroups(), aclInterface.getAllowedAddressPairs(),
- aclInterface.getSubnetIpPrefixes(), aclInterface.isMarkedForDelete()));
+ aclInterface.getSubnetInfo(), aclInterface.isMarkedForDelete()));
} else if (key == null) {
if (!validateAll()) {
aclInterface.isPortSecurityEnabled(), aclInterface.getInterfaceId(),
aclInterface.getLPortTag(), aclInterface.getDpId(), aclInterface.getElanId(),
aclInterface.getSecurityGroups(), aclInterface.getAllowedAddressPairs(),
- aclInterface.getSubnetIpPrefixes(), aclInterface.isMarkedForDelete()));
+ aclInterface.getSubnetInfo(), aclInterface.isMarkedForDelete()));
}
}
}
})));
}
- private static InterfaceAclBuilder handlePortSecurityUpdated(Port portOriginal,
+ private InterfaceAclBuilder handlePortSecurityUpdated(Port portOriginal,
Port portUpdated, boolean origSecurityEnabled, boolean updatedSecurityEnabled,
InterfaceBuilder interfaceBuilder) {
InterfaceAclBuilder interfaceAclBuilder = null;
if (updatedSecurityEnabled) {
// Handle security group enabled
NeutronvpnUtils.populateInterfaceAclBuilder(interfaceAclBuilder, portUpdated);
+ neutronvpnUtils.populateSubnetInfo(portUpdated);
} else {
// Handle security group disabled
interfaceAclBuilder.setSecurityGroups(new ArrayList<>());
interfaceAclBuilder.setAllowedAddressPairs(NeutronvpnUtils.getAllowedAddressPairsForFixedIps(
updatedAddressPairs, portOriginal.getMacAddress(), portOriginal.getFixedIps(),
portUpdated.getFixedIps()));
+
+ if (portOriginal.getFixedIps() != null
+ && !portOriginal.getFixedIps().equals(portUpdated.getFixedIps())) {
+ neutronvpnUtils.populateSubnetInfo(portUpdated);
+ }
}
}
return interfaceAclBuilder;
interfaceAclBuilder.setPortSecurityEnabled(true);
NeutronvpnUtils.populateInterfaceAclBuilder(interfaceAclBuilder, port);
interfaceBuilder.addAugmentation(InterfaceAcl.class, interfaceAclBuilder.build());
- neutronvpnUtils.populateSubnetIpPrefixes(port);
+ neutronvpnUtils.populateSubnetInfo(port);
}
return interfaceBuilder.build();
}
*/
package org.opendaylight.netvirt.neutronvpn;
+import com.google.common.collect.ImmutableBiMap;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.AclBase;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.Ipv4Acl;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.Dhcpv6Base;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.Dhcpv6Off;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.Dhcpv6Slaac;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.Dhcpv6Stateful;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.Dhcpv6Stateless;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.IpVersionBase;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.IpVersionV4;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.IpVersionV6;
public interface NeutronSecurityRuleConstants {
Class<DirectionEgress> DIRECTION_EGRESS = DirectionEgress.class;
// default acp type
Class<? extends AclBase> ACLTYPE = Ipv4Acl.class;
+ ImmutableBiMap<Class<? extends IpVersionBase>, Class<? extends org.opendaylight.yang.gen.v1.urn.opendaylight
+ .netvirt.aclservice.rev160608.IpVersionBase>> IP_VERSION_MAP =
+ ImmutableBiMap.of(IpVersionV4.class,
+ org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionV4.class,
+ IpVersionV6.class,
+ org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionV6.class);
+
+ ImmutableBiMap<Class<? extends Dhcpv6Base>, Class<? extends org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt
+ .aclservice.rev160608.Dhcpv6Base>> RA_MODE_MAP =
+ ImmutableBiMap.of(Dhcpv6Off.class,
+ org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.Dhcpv6Off.class,
+ Dhcpv6Stateful.class,
+ org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.Dhcpv6Stateful.class,
+ Dhcpv6Slaac.class,
+ org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.Dhcpv6Slaac.class,
+ Dhcpv6Stateless.class,
+ org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.Dhcpv6Stateless.class);
}
import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException;
+import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
import org.opendaylight.genius.datastoreutils.SingleTransactionDataBroker;
import org.opendaylight.genius.mdsalutil.MDSALUtil;
import org.opendaylight.infrautils.jobcoordinator.JobCoordinator;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.IdManagerService;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.ReleaseIdInput;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.ReleaseIdInputBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.Dhcpv6Base;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAclBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.PortsSubnetIpPrefixes;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionBase;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.PortSubnets;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairsBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.ports.subnet.ip.prefixes.PortSubnetIpPrefixes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.ports.subnet.ip.prefixes.PortSubnetIpPrefixesBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.ports.subnet.ip.prefixes.PortSubnetIpPrefixesKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.PortSubnet;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.PortSubnetBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.PortSubnetKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfo;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfoBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfoKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.SegmentTypeBase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.SegmentTypeFlat;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.SegmentTypeGre;
interfaceAclBuilder.setAllowedAddressPairs(aclAllowedAddressPairs);
}
- protected void populateSubnetIpPrefixes(Port port) {
- List<IpPrefixOrAddress> subnetIpPrefixes = getSubnetIpPrefixes(port);
- if (subnetIpPrefixes != null) {
+ protected void populateSubnetInfo(Port port) {
+ List<SubnetInfo> portSubnetInfo = getSubnetInfo(port);
+ if (portSubnetInfo != null) {
String portId = port.getUuid().getValue();
- InstanceIdentifier<PortSubnetIpPrefixes> portSubnetIpPrefixIdentifier =
- NeutronvpnUtils.buildPortSubnetIpPrefixIdentifier(portId);
- PortSubnetIpPrefixesBuilder subnetIpPrefixesBuilder = new PortSubnetIpPrefixesBuilder()
- .setKey(new PortSubnetIpPrefixesKey(portId)).setPortId(portId)
- .setSubnetIpPrefixes(subnetIpPrefixes);
- MDSALUtil.syncWrite(dataBroker, LogicalDatastoreType.OPERATIONAL, portSubnetIpPrefixIdentifier,
- subnetIpPrefixesBuilder.build());
- LOG.debug("Created Subnet IP Prefixes for port {}", port.getUuid().getValue());
+ InstanceIdentifier<PortSubnet> portSubnetIdentifier = buildPortSubnetIdentifier(portId);
+
+ PortSubnetBuilder portSubnetBuilder = new PortSubnetBuilder().setKey(new PortSubnetKey(portId))
+ .setPortId(portId).setSubnetInfo(portSubnetInfo);
+ try {
+ SingleTransactionDataBroker.syncWrite(dataBroker, LogicalDatastoreType.OPERATIONAL,
+ portSubnetIdentifier, portSubnetBuilder.build());
+ } catch (TransactionCommitFailedException e) {
+ LOG.error("Failed to populate subnet info for port={}", portId, e);
+ }
+ LOG.debug("Created Subnet info for port={}", portId);
}
}
- protected List<IpPrefixOrAddress> getSubnetIpPrefixes(Port port) {
- List<Uuid> subnetIds = getSubnetIdsFromNetworkId(port.getNetworkId());
- if (subnetIds == null) {
- LOG.error("Failed to get Subnet Ids for the Network {}", port.getNetworkId());
+ protected List<SubnetInfo> getSubnetInfo(Port port) {
+ List<FixedIps> portFixedIps = port.getFixedIps();
+ if (portFixedIps == null) {
+ LOG.error("Failed to get Fixed IPs for the port {}", port.getName());
return null;
}
- List<IpPrefixOrAddress> subnetIpPrefixes = new ArrayList<>();
- for (Uuid subnetId : subnetIds) {
+ List<SubnetInfo> subnetInfoList = new ArrayList<>();
+ for (FixedIps portFixedIp : portFixedIps) {
+ Uuid subnetId = portFixedIp.getSubnetId();
Subnet subnet = getNeutronSubnet(subnetId);
if (subnet != null) {
- subnetIpPrefixes.add(new IpPrefixOrAddress(subnet.getCidr()));
+ Class<? extends IpVersionBase> ipVersion =
+ NeutronSecurityRuleConstants.IP_VERSION_MAP.get(subnet.getIpVersion());
+ Class<? extends Dhcpv6Base> raMode = subnet.getIpv6RaMode() == null ? null
+ : NeutronSecurityRuleConstants.RA_MODE_MAP.get(subnet.getIpv6RaMode());
+ SubnetInfo subnetInfo = new SubnetInfoBuilder().setKey(new SubnetInfoKey(subnetId))
+ .setIpVersion(ipVersion).setIpPrefix(new IpPrefixOrAddress(subnet.getCidr()))
+ .setIpv6RaMode(raMode).setGatewayIp(subnet.getGatewayIp()).build();
+ subnetInfoList.add(subnetInfo);
}
}
- return subnetIpPrefixes;
+ return subnetInfoList;
}
protected Subnet getNeutronSubnet(Uuid subnetId) {
FloatingIpIdToPortMappingKey(floatingIpId)).build();
}
- static InstanceIdentifier<PortSubnetIpPrefixes> buildPortSubnetIpPrefixIdentifier(String portId) {
- InstanceIdentifier<PortSubnetIpPrefixes> id = InstanceIdentifier.builder(PortsSubnetIpPrefixes.class)
- .child(PortSubnetIpPrefixes.class, new PortSubnetIpPrefixesKey(portId)).build();
+ static InstanceIdentifier<PortSubnet> buildPortSubnetIdentifier(String portId) {
+ InstanceIdentifier<PortSubnet> id = InstanceIdentifier.builder(PortSubnets.class)
+ .child(PortSubnet.class, new PortSubnetKey(portId)).build();
return id;
}