Examples with Acl org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl used on opensource projects

Example 41 with Acl

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.

the class IngressAclServiceImpl method bindService.

/**
 * Bind service.
 *
 * @param aclInterface the acl interface
 */
@Override
public void bindService(AclInterface aclInterface) {
    String interfaceName = aclInterface.getInterfaceId();
    jobCoordinator.enqueueJob(interfaceName, () -> {
        int instructionKey = 0;
        List<Instruction> instructions = new ArrayList<>();
        instructions.add(MDSALUtil.buildAndGetGotoTableInstruction(NwConstants.EGRESS_ACL_DUMMY_TABLE, ++instructionKey));
        int flowPriority = NwConstants.EGRESS_ACL_SERVICE_INDEX;
        short serviceIndex = ServiceIndex.getIndex(NwConstants.EGRESS_ACL_SERVICE_NAME, NwConstants.EGRESS_ACL_SERVICE_INDEX);
        BoundServices serviceInfo = AclServiceUtils.getBoundServices(String.format("%s.%s.%s", "acl", "egressacl", interfaceName), serviceIndex, flowPriority, AclConstants.COOKIE_ACL_BASE, instructions);
        InstanceIdentifier<BoundServices> path = AclServiceUtils.buildServiceId(interfaceName, ServiceIndex.getIndex(NwConstants.EGRESS_ACL_SERVICE_NAME, NwConstants.EGRESS_ACL_SERVICE_INDEX), serviceMode);
        return Collections.singletonList(txRunner.callWithNewWriteOnlyTransactionAndSubmit(tx -> tx.put(LogicalDatastoreType.CONFIGURATION, path, serviceInfo, WriteTransaction.CREATE_MISSING_PARENTS)));
    });
}

Example 42 with Acl

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.

the class AclElanInterfaceListener method add.

@Override
protected void add(InstanceIdentifier<ElanInterface> key, ElanInterface elanInterface) {
    String interfaceId = elanInterface.getName();
    AclInterface aclInterface = aclInterfaceCache.updateIfPresent(interfaceId, (prevAclInterface, builder) -> {
        if (prevAclInterface.getElanId() == null) {
            ElanInstance elanInfo = AclServiceUtils.getElanInstanceByName(elanInterface.getElanInstanceName(), dataBroker);
            builder.elanId(elanInfo.getElanTag());
            return true;
        }
        return false;
    });
    if (aclInterface == null) {
        LOG.debug("On Add event, ignore if AclInterface was not found in cache or was not updated");
        return;
    }
    if (aclInterface.getDpId() != null && aclClusterUtil.isEntityOwner()) {
        // Notify ADD flows, if InterfaceStateListener has processed before ELAN-ID getting populated
        LOG.debug("On add event, notify ACL service manager to BIND/ADD ACL for interface: {}", aclInterface);
        aclServiceManager.notify(aclInterface, null, Action.BIND);
        aclServiceManager.notify(aclInterface, null, Action.ADD);
    }
}

Example 43 with Acl

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.

the class AclEventListener method getChangedAceList.

private List<Ace> getChangedAceList(Acl updatedAcl, Acl currentAcl) {
    if (updatedAcl == null) {
        return null;
    }
    List<Ace> updatedAceList = updatedAcl.getAccessListEntries() == null ? new ArrayList<>() : new ArrayList<>(updatedAcl.getAccessListEntries().getAce());
    if (currentAcl == null) {
        return updatedAceList;
    }
    List<Ace> currentAceList = currentAcl.getAccessListEntries() == null ? new ArrayList<>() : new ArrayList<>(currentAcl.getAccessListEntries().getAce());
    for (Iterator<Ace> iterator = updatedAceList.iterator(); iterator.hasNext(); ) {
        Ace ace1 = iterator.next();
        for (Ace ace2 : currentAceList) {
            if (ace1.getRuleName().equals(ace2.getRuleName())) {
                iterator.remove();
            }
        }
    }
    return updatedAceList;
}

Example 44 with Acl

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.

the class AclInterfaceListener method addOrUpdateAclInterfaceCache.

private AclInterface addOrUpdateAclInterfaceCache(String interfaceId, InterfaceAcl aclInPort, boolean isSgChanged, org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface interfaceState) {
    AclInterface aclInterface = aclInterfaceCache.addOrUpdate(interfaceId, (prevAclInterface, builder) -> {
        List<Uuid> sgs = new ArrayList<>();
        if (aclInPort != null) {
            sgs = aclInPort.getSecurityGroups();
            builder.portSecurityEnabled(aclInPort.isPortSecurityEnabled()).securityGroups(sgs).allowedAddressPairs(aclInPort.getAllowedAddressPairs());
        }
        if ((prevAclInterface == null || prevAclInterface.getLPortTag() == null) && interfaceState != null) {
            builder.dpId(AclServiceUtils.getDpIdFromIterfaceState(interfaceState)).lPortTag(interfaceState.getIfIndex()).isMarkedForDelete(false);
        }
        if (prevAclInterface == null) {
            builder.subnetIpPrefixes(AclServiceUtils.getSubnetIpPrefixes(dataBroker, interfaceId));
        }
        if (prevAclInterface == null || prevAclInterface.getElanId() == null) {
            builder.elanId(AclServiceUtils.getElanIdFromInterface(interfaceId, dataBroker));
        }
        if (prevAclInterface == null || isSgChanged) {
            builder.ingressRemoteAclTags(aclServiceUtils.getRemoteAclTags(sgs, DirectionIngress.class)).egressRemoteAclTags(aclServiceUtils.getRemoteAclTags(sgs, DirectionEgress.class));
        }
    });
    // Clone and return the ACL interface object
    return AclInterface.builder(aclInterface).build();
}

Example 45 with Acl

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.

the class AclInterfaceListener method update.

@Override
public void update(InstanceIdentifier<Interface> key, Interface portBefore, Interface portAfter) {
    if (portBefore.getAugmentation(ParentRefs.class) == null && portAfter.getAugmentation(ParentRefs.class) != null) {
        LOG.trace("Ignoring event for update in ParentRefs for {} ", portAfter.getName());
        return;
    }
    LOG.trace("Received AclInterface update event, portBefore={}, portAfter={}", portBefore, portAfter);
    InterfaceAcl aclInPortAfter = portAfter.getAugmentation(InterfaceAcl.class);
    InterfaceAcl aclInPortBefore = portBefore.getAugmentation(InterfaceAcl.class);
    String interfaceId = portAfter.getName();
    org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface interfaceState = AclServiceUtils.getInterfaceStateFromOperDS(dataBroker, interfaceId);
    AclInterface aclInterfaceBefore = aclInterfaceCache.get(interfaceId);
    if (aclInterfaceBefore == null || isPortSecurityEnabledNow(aclInPortBefore, aclInPortAfter)) {
        // Updating cache now as it might have not updated when
        // port-security-enable=false
        aclInterfaceBefore = addOrUpdateAclInterfaceCache(interfaceId, aclInPortBefore, true, interfaceState);
    }
    if (aclInPortAfter != null && aclInPortAfter.isPortSecurityEnabled() || aclInPortBefore != null && aclInPortBefore.isPortSecurityEnabled()) {
        boolean isSgChanged = isSecurityGroupsChanged(aclInPortBefore.getSecurityGroups(), aclInPortAfter.getSecurityGroups());
        AclInterface aclInterfaceAfter = addOrUpdateAclInterfaceCache(interfaceId, aclInPortAfter, isSgChanged, interfaceState);
        if (aclClusterUtil.isEntityOwner()) {
            // Handle bind/unbind service irrespective of interface state (up/down)
            boolean isPortSecurityEnable = aclInterfaceAfter.isPortSecurityEnabled();
            boolean isPortSecurityEnableBefore = aclInterfaceBefore.isPortSecurityEnabled();
            // if port security enable is changed and is disabled, unbind ACL service
            if (isPortSecurityEnableBefore != isPortSecurityEnable && !isPortSecurityEnable) {
                LOG.debug("Notify unbind ACL service for interface={}, isPortSecurityEnable={}", interfaceId, isPortSecurityEnable);
                aclServiceManager.notify(aclInterfaceAfter, null, Action.UNBIND);
            }
            if (interfaceState != null && interfaceState.getOperStatus().equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface.OperStatus.Up)) {
                // if port security enable is changed and is enabled, bind ACL service
                if (isPortSecurityEnableBefore != isPortSecurityEnable && isPortSecurityEnable) {
                    LOG.debug("Notify bind ACL service for interface={}, isPortSecurityEnable={}", interfaceId, isPortSecurityEnable);
                    aclServiceManager.notify(aclInterfaceAfter, null, Action.BIND);
                }
                LOG.debug("On update event, notify ACL service manager to update ACL for interface: {}", interfaceId);
                // handle add for AclPortsLookup before processing update
                try {
                    Futures.allAsList(aclServiceUtils.addAclPortsLookupForInterfaceUpdate(aclInterfaceBefore, aclInterfaceAfter)).get();
                } catch (InterruptedException | ExecutionException e) {
                    LOG.error("Error adding ACL ports for interface update", e);
                }
                aclServiceManager.notify(aclInterfaceAfter, aclInterfaceBefore, AclServiceManager.Action.UPDATE);
                // handle delete for AclPortsLookup after processing update
                try {
                    Futures.allAsList(aclServiceUtils.deleteAclPortsLookupForInterfaceUpdate(aclInterfaceBefore, aclInterfaceAfter)).get();
                } catch (InterruptedException | ExecutionException e) {
                    LOG.error("Error deleting ACL ports for interface update", e);
                }
            }
        }
        updateCacheWithAclChange(aclInterfaceBefore, aclInterfaceAfter);
    }
}