use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace in project netvirt by opendaylight.
the class AbstractAclServiceImpl method programAceRule.
/**
* Programs the ace specific rule.
*
* @param port acl interface
* @param aclName the acl name
* @param ace rule to be program
* @param addOrRemove whether to delete or add flow
*/
protected void programAceRule(AclInterface port, String aclName, Ace ace, int addOrRemove) {
SecurityRuleAttr aceAttr = AclServiceUtils.getAccesssListAttributes(ace);
if (!isValidDirection(aceAttr.getDirection())) {
LOG.trace("Ignoring {} direction while processing for {} ACE Rule {}", aceAttr.getDirection(), this.directionString, ace.getRuleName());
return;
}
LOG.debug("Program {} ACE rule for dpId={}, lportTag={}, addOrRemove={}, ace={}, portId={}", this.directionString, port.getDpId(), port.getLPortTag(), addOrRemove, ace.getRuleName(), port.getInterfaceId());
Matches matches = ace.getMatches();
Map<String, List<MatchInfoBase>> flowMap = null;
if (matches.getAceType() instanceof AceIp) {
flowMap = AclServiceOFFlowBuilder.programIpFlow(matches);
if (!AclServiceUtils.doesAceHaveRemoteGroupId(aceAttr)) {
// programming for ACE which doesn't have any remote group Id
programForAceNotHavingRemoteAclId(port, aclName, ace, flowMap, addOrRemove);
} else {
Uuid remoteAclId = aceAttr.getRemoteGroupId();
// programming for ACE which have remote group Id
programAceSpecificFlows(port, aclName, ace, flowMap, remoteAclId, addOrRemove);
}
}
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace in project netvirt by opendaylight.
the class AbstractAclServiceImpl method programAclRules.
/**
* Programs the acl custom rules.
*
* @param port acl interface
* @param aclUuidList the list of acl uuid to be applied
* @param addOrRemove whether to delete or add flow
* @return program succeeded
*/
protected boolean programAclRules(AclInterface port, List<Uuid> aclUuidList, int addOrRemove) {
BigInteger dpId = port.getDpId();
LOG.debug("Applying custom rules on DpId {}, lportTag {}", dpId, port.getLPortTag());
if (aclUuidList == null || dpId == null) {
LOG.warn("{} ACL parameters can not be null. dpId={}, aclUuidList={}", this.directionString, dpId, aclUuidList);
return false;
}
for (Uuid aclUuid : aclUuidList) {
Acl acl = this.aclDataUtil.getAcl(aclUuid.getValue());
if (null == acl) {
LOG.warn("The ACL {} not found in cache", aclUuid.getValue());
continue;
}
AccessListEntries accessListEntries = acl.getAccessListEntries();
List<Ace> aceList = accessListEntries.getAce();
for (Ace ace : aceList) {
programAceRule(port, aclUuid.getValue(), ace, addOrRemove);
}
}
return true;
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace in project netvirt by opendaylight.
the class PolicyServiceUtil method getAcePolicyClassifier.
public Optional<String> getAcePolicyClassifier(Ace ace) {
Actions actions = ace.getActions();
SetPolicyClassifier setPolicyClassifier = actions.getAugmentation(SetPolicyClassifier.class);
if (setPolicyClassifier == null) {
LOG.warn("No valid policy action found for ACE rule {}", ace.getRuleName());
return Optional.absent();
}
Class<? extends DirectionBase> direction;
try {
direction = setPolicyClassifier.getDirection();
} catch (IllegalArgumentException e) {
LOG.warn("Failed to parse policy classifier direction");
return Optional.absent();
}
if (direction == null || !direction.isAssignableFrom(DirectionEgress.class)) {
LOG.trace("Ignoring non egress policy ACE rule {}", ace.getRuleName());
return Optional.absent();
}
return Optional.of(setPolicyClassifier.getPolicyClassifier());
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace in project netvirt by opendaylight.
the class ConfigurationClassifierImpl method getEntriesForAce.
private Set<ClassifierRenderableEntry> getEntriesForAce(Ace ace) {
String ruleName = ace.getRuleName();
LOG.debug("Generating classifier entries for Ace: {}", ruleName);
LOG.trace("Ace details: {}", ace);
Optional<NetvirtsfcAclActions> sfcActions = Optional.ofNullable(ace.getActions()).map(actions -> actions.getAugmentation(RedirectToSfc.class));
String rspName = sfcActions.map(NetvirtsfcAclActions::getRspName).map(Strings::emptyToNull).orElse(null);
String sfpName = sfcActions.map(NetvirtsfcAclActions::getSfpName).map(Strings::emptyToNull).orElse(null);
if (rspName == null && sfpName == null) {
LOG.debug("Ace {} ignored: no valid SFC redirect action", ruleName);
return Collections.emptySet();
}
if (rspName != null && sfpName != null) {
LOG.warn("Ace {} ignored: both SFP and a RSP as redirect actions not supported", ruleName);
return Collections.emptySet();
}
Matches matches = ace.getMatches();
if (matches == null) {
LOG.warn("Ace {} ignored: no matches", ruleName);
return Collections.emptySet();
}
NeutronNetwork network = matches.getAugmentation(NeutronNetwork.class);
if (sfpName != null && network != null) {
LOG.warn("Ace {} ignored: SFP redirect action with neutron network match not supported", ruleName);
return Collections.emptySet();
}
String sourcePort = Optional.ofNullable(matches.getAugmentation(NeutronPorts.class)).map(NeutronPorts::getSourcePortUuid).map(Strings::emptyToNull).orElse(null);
String destinationPort = Optional.ofNullable(matches.getAugmentation(NeutronPorts.class)).map(NeutronPorts::getDestinationPortUuid).map(Strings::emptyToNull).orElse(null);
if (rspName != null) {
return getEntriesForRspRedirect(ruleName, sourcePort, destinationPort, network, rspName, matches);
}
return getEntriesForSfpRedirect(ruleName, sourcePort, destinationPort, sfpName, matches);
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace in project netvirt by opendaylight.
the class ConfigurationClassifierImpl method getEntriesForRspRedirect.
private Set<ClassifierRenderableEntry> getEntriesForRspRedirect(String ruleName, String sourcePort, String destinationPort, NeutronNetwork neutronNetwork, String rspName, Matches matches) {
RenderedServicePath rsp = sfcProvider.getRenderedServicePath(rspName).orElse(null);
if (rsp == null) {
LOG.debug("Ace {} ignored: RSP {} not yet available", ruleName, rspName);
return Collections.emptySet();
}
if (destinationPort != null) {
LOG.warn("Ace {}: destination port is ignored combined with RSP redirect");
}
List<String> interfaces = new ArrayList<>();
if (neutronNetwork != null) {
interfaces.addAll(netvirtProvider.getLogicalInterfacesFromNeutronNetwork(neutronNetwork));
}
if (sourcePort != null) {
interfaces.add(sourcePort);
}
if (interfaces.isEmpty()) {
LOG.debug("Ace {} ignored: no interfaces to match against", ruleName);
return Collections.emptySet();
}
return this.buildEntries(ruleName, interfaces, matches, rsp);
}
Aggregations