Example 46 with Acl
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.
the class AclInterfaceListener method add.
@Override
public void add(InstanceIdentifier<Interface> key, Interface port) {
LOG.trace("Received AclInterface add event, port={}", port);
InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class);
if (aclInPort != null && aclInPort.isPortSecurityEnabled()) {
String interfaceId = port.getName();
AclInterface aclInterface = addOrUpdateAclInterfaceCache(interfaceId, aclInPort);
// if interface state event comes first followed by interface config event.
if (aclInterface.getDpId() != null && aclInterface.getElanId() != null && aclClusterUtil.isEntityOwner()) {
LOG.debug("On add event, notify ACL bind/add for interface: {}", interfaceId);
aclServiceManager.notify(aclInterface, null, Action.BIND);
aclServiceManager.notify(aclInterface, null, Action.ADD);
}
}
}
Also used :
AclInterface(org.opendaylight.netvirt.aclservice.api.utils.AclInterface)
InterfaceAcl(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl)
Example 47 with Acl
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.
the class AclInterfaceStateListener method remove.
@Override
protected void remove(InstanceIdentifier<Interface> key, Interface deleted) {
if (!L2vlan.class.equals(deleted.getType())) {
return;
}
String interfaceId = deleted.getName();
AclInterface aclInterface = aclInterfaceCache.remove(interfaceId);
if (AclServiceUtils.isOfInterest(aclInterface)) {
List<Uuid> aclList = aclInterface.getSecurityGroups();
if (aclClusterUtil.isEntityOwner()) {
LOG.debug("On remove event, notify ACL service manager to remove ACL from interface: {}", aclInterface);
aclServiceManger.notify(aclInterface, null, Action.UNBIND);
aclServiceManger.notify(aclInterface, null, Action.REMOVE);
if (aclList != null) {
aclServiceUtils.deleteAclPortsLookup(aclInterface, aclList, aclInterface.getAllowedAddressPairs());
}
}
if (aclList != null) {
aclDataUtil.removeAclInterfaceMap(aclList, aclInterface);
}
}
}
Also used :
AclInterface(org.opendaylight.netvirt.aclservice.api.utils.AclInterface)
L2vlan(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana._if.type.rev140508.L2vlan)
Uuid(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid)
Example 48 with Acl
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.
the class AclNodeListener method add.
@Override
protected void add(InstanceIdentifier<FlowCapableNode> key, FlowCapableNode dataObjectModification) {
NodeKey nodeKey = key.firstKeyOf(Node.class);
BigInteger dpId = MDSALUtil.getDpnIdFromNodeName(nodeKey.getId());
LOG.info("Received ACL node [{}] add event", dpId);
if (securityGroupMode != null && securityGroupMode != SecurityGroupMode.Stateful) {
LOG.error("Invalid security group mode ({}) obtained from AclserviceConfig. dpId={}", securityGroupMode, dpId);
return;
}
jobCoordinator.enqueueJob(String.valueOf(dpId), () -> Collections.singletonList(txRunner.callWithNewWriteOnlyTransactionAndSubmit(tx -> {
new AclNodeDefaultFlowsTxBuilder(dpId, mdsalManager, config, tx).build();
LOG.info("Adding default ACL flows for dpId={}", dpId);
})), AclConstants.JOB_MAX_RETRIES);
LOG.trace("FlowCapableNode (dpid: {}) add event is processed.", dpId);
}
Also used :
BigInteger(java.math.BigInteger)
AclNodeDefaultFlowsTxBuilder(org.opendaylight.netvirt.aclservice.utils.AclNodeDefaultFlowsTxBuilder)
NodeKey(org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeKey)
Example 49 with Acl
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.
the class AclInstanceRecoveryHandler method recoverService.
@Override
public void recoverService(String entityId) {
LOG.info("Recover ACL instance {}", entityId);
Uuid aclId = new Uuid(entityId);
Collection<AclInterface> aclInterfaces = aclDataUtil.getInterfaceList(aclId);
for (AclInterface aclInterface : aclInterfaces) {
String aclInterfaceId = aclInterface.getInterfaceId();
Optional<Interface> interfaceOptional = AclServiceUtils.getInterface(dataBroker, aclInterfaceId);
if (interfaceOptional.isPresent()) {
Interface interfaceBefore = interfaceOptional.get();
LOG.debug("Starting Recovery of acl Instance {} for interface {}", entityId, interfaceBefore.getName());
InterfaceAcl interfaceAclBefore = interfaceBefore.getAugmentation(InterfaceAcl.class);
List<Uuid> sgList = new ArrayList<>(interfaceAclBefore.getSecurityGroups());
sgList.remove(aclId);
InterfaceAcl interfaceAclAfter = new InterfaceAclBuilder(interfaceAclBefore).setSecurityGroups(sgList).build();
Interface interfaceAfter = new InterfaceBuilder(interfaceBefore).addAugmentation(InterfaceAcl.class, interfaceAclAfter).build();
aclInterfaceListener.update(null, interfaceBefore, interfaceAfter);
aclInterfaceListener.update(null, interfaceAfter, interfaceBefore);
} else {
LOG.error("Interfaces not present for aclInterface {} ", aclInterfaceId);
}
}
}
Also used :
AclInterface(org.opendaylight.netvirt.aclservice.api.utils.AclInterface)
InterfaceAclBuilder(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAclBuilder)
Uuid(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid)
ArrayList(java.util.ArrayList)
InterfaceBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceBuilder)
InterfaceAcl(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl)
AclInterface(org.opendaylight.netvirt.aclservice.api.utils.AclInterface)
Interface(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface)
ServiceRecoveryInterface(org.opendaylight.genius.srm.ServiceRecoveryInterface)
Example 50 with Acl
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.
the class AbstractAclServiceImpl method programAclForExistingTrafficTable.
private void programAclForExistingTrafficTable(AclInterface port, Ace ace, int addOrRemove, String flowName, List<MatchInfoBase> matches, Integer priority) {
AceIp acl = (AceIp) ace.getMatches().getAceType();
final String newFlowName = flowName + this.directionString + "_" + port.getDpId() + "_" + port.getLPortTag() + "_" + ((acl.getAceIpVersion() instanceof AceIpv4) ? "_IPv4" : "_IPv6") + "_FlowAfterRuleDeleted";
final List<MatchInfoBase> newMatches = matches.stream().filter(obj -> !(obj instanceof NxMatchCtState || obj instanceof MatchMetadata)).collect(Collectors.toList());
newMatches.add(AclServiceUtils.buildLPortTagMatch(port.getLPortTag(), serviceMode));
newMatches.add(new NxMatchCtState(AclConstants.TRACKED_RPL_CT_STATE, AclConstants.TRACKED_RPL_CT_STATE_MASK));
List<InstructionInfo> instructions = AclServiceUtils.createCtMarkInstructionForNewState(getAclFilterCumDispatcherTable(), port.getElanId());
// Reversing the flow add/delete operation for this table.
int operation = (addOrRemove == NwConstants.ADD_FLOW) ? NwConstants.DEL_FLOW : NwConstants.ADD_FLOW;
syncFlow(port.getDpId(), getAclForExistingTrafficTable(), newFlowName, priority, "ACL", 0, AclServiceUtils.getHardTimoutForApplyStatefulChangeOnExistingTraffic(ace, aclServiceUtils), AclConstants.COOKIE_ACL_BASE, newMatches, instructions, operation);
}
Also used :
AceIpv4(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4)
NxMatchCtState(org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState)
Acl(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl)
SortedSet(java.util.SortedSet)
LoggerFactory(org.slf4j.LoggerFactory)
AclServiceListener(org.opendaylight.netvirt.aclservice.api.AclServiceListener)
ActionNxResubmit(org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit)
Uuid(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid)
ActionInfo(org.opendaylight.genius.mdsalutil.ActionInfo)
AllowedAddressPairs(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs)
Map(java.util.Map)
BigInteger(java.math.BigInteger)
MDSALUtil(org.opendaylight.genius.mdsalutil.MDSALUtil)
DirectionIngress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress)
MatchMetadata(org.opendaylight.genius.mdsalutil.matches.MatchMetadata)
AclConstants(org.opendaylight.netvirt.aclservice.utils.AclConstants)
ManagedNewTransactionRunner(org.opendaylight.genius.infra.ManagedNewTransactionRunner)
AclDataUtil(org.opendaylight.netvirt.aclservice.utils.AclDataUtil)
Collection(java.util.Collection)
InstructionApplyActions(org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions)
Set(java.util.Set)
AclConntrackClassifierType(org.opendaylight.netvirt.aclservice.utils.AclConntrackClassifierType)
Matches(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches)
Collectors(java.util.stream.Collectors)
DataBroker(org.opendaylight.controller.md.sal.binding.api.DataBroker)
FlowEntity(org.opendaylight.genius.mdsalutil.FlowEntity)
List(java.util.List)
NxCtAction(org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack.NxCtAction)
Entry(java.util.Map.Entry)
AceIp(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp)
DirectionEgress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress)
HashMap(java.util.HashMap)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
ServiceModeBase(org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeBase)
AclServiceUtils(org.opendaylight.netvirt.aclservice.utils.AclServiceUtils)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
Lists(com.google.common.collect.Lists)
AclInterfaceCache(org.opendaylight.netvirt.aclservice.api.AclInterfaceCache)
ManagedNewTransactionRunnerImpl(org.opendaylight.genius.infra.ManagedNewTransactionRunnerImpl)
MatchEthernetType(org.opendaylight.genius.mdsalutil.matches.MatchEthernetType)
SecurityRuleAttr(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr)
NwConstants(org.opendaylight.genius.mdsalutil.NwConstants)
AccessListEntries(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.AccessListEntries)
AclServiceOFFlowBuilder(org.opendaylight.netvirt.aclservice.utils.AclServiceOFFlowBuilder)
ServiceModeEgress(org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeEgress)
DirectionBase(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase)
AclInterface(org.opendaylight.netvirt.aclservice.api.utils.AclInterface)
Logger(org.slf4j.Logger)
JobCoordinator(org.opendaylight.infrautils.jobcoordinator.JobCoordinator)
Ace(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace)
ActionNxConntrack(org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack)
InstructionInfo(org.opendaylight.genius.mdsalutil.InstructionInfo)
IMdsalApiManager(org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager)
Action(org.opendaylight.netvirt.aclservice.api.AclServiceManager.Action)
Collections(java.util.Collections)
MatchMetadata(org.opendaylight.genius.mdsalutil.matches.MatchMetadata)
InstructionInfo(org.opendaylight.genius.mdsalutil.InstructionInfo)
AceIp(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp)
NxMatchCtState(org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState)
AceIpv4(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
Aggregations
ArrayList (java.util.ArrayList)27
MatchInfoBase (org.opendaylight.genius.mdsalutil.MatchInfoBase)19
AclInterface (org.opendaylight.netvirt.aclservice.api.utils.AclInterface)16
BigInteger (java.math.BigInteger)15
Uuid (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid)15
InstructionInfo (org.opendaylight.genius.mdsalutil.InstructionInfo)13
AllowedAddressPairs (org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs)13
List (java.util.List)12
IpPrefixOrAddress (org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress)10
HashMap (java.util.HashMap)9
HashSet (java.util.HashSet)9
Ace (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace)9
Set (java.util.Set)8
Acl (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl)8
Collections (java.util.Collections)7
DataBroker (org.opendaylight.controller.md.sal.binding.api.DataBroker)7
MDSALUtil (org.opendaylight.genius.mdsalutil.MDSALUtil)7
NwConstants (org.opendaylight.genius.mdsalutil.NwConstants)7
InstructionGotoTable (org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable)7
MatchEthernetType (org.opendaylight.genius.mdsalutil.matches.MatchEthernetType)7
