Examples with Ace org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace used on opensource projects

Example 1 with Ace

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace in project netvirt by opendaylight.

the class AbstractAclServiceImpl method programAceRule.

/**
 * Programs the ace specific rule.
 *
 * @param port acl interface
 * @param aclName the acl name
 * @param ace rule to be program
 * @param addOrRemove whether to delete or add flow
 */
protected void programAceRule(AclInterface port, String aclName, Ace ace, int addOrRemove) {
    SecurityRuleAttr aceAttr = AclServiceUtils.getAccesssListAttributes(ace);
    if (!isValidDirection(aceAttr.getDirection())) {
        LOG.trace("Ignoring {} direction while processing for {} ACE Rule {}", aceAttr.getDirection(), this.directionString, ace.getRuleName());
        return;
    }
    LOG.debug("Program {} ACE rule for dpId={}, lportTag={}, addOrRemove={}, ace={}, portId={}", this.directionString, port.getDpId(), port.getLPortTag(), addOrRemove, ace.getRuleName(), port.getInterfaceId());
    Matches matches = ace.getMatches();
    Map<String, List<MatchInfoBase>> flowMap = null;
    if (matches.getAceType() instanceof AceIp) {
        flowMap = AclServiceOFFlowBuilder.programIpFlow(matches);
        if (!AclServiceUtils.doesAceHaveRemoteGroupId(aceAttr)) {
            // programming for ACE which doesn't have any remote group Id
            programForAceNotHavingRemoteAclId(port, aclName, ace, flowMap, addOrRemove);
        } else {
            Uuid remoteAclId = aceAttr.getRemoteGroupId();
            // programming for ACE which have remote group Id
            programAceSpecificFlows(port, aclName, ace, flowMap, remoteAclId, addOrRemove);
        }
    }
}

Example 2 with Ace

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace in project netvirt by opendaylight.

the class AbstractAclServiceImpl method programAclRules.

/**
 * Programs the acl custom rules.
 *
 * @param port acl interface
 * @param aclUuidList the list of acl uuid to be applied
 * @param addOrRemove whether to delete or add flow
 * @return program succeeded
 */
protected boolean programAclRules(AclInterface port, List<Uuid> aclUuidList, int addOrRemove) {
    BigInteger dpId = port.getDpId();
    LOG.debug("Applying custom rules on DpId {}, lportTag {}", dpId, port.getLPortTag());
    if (aclUuidList == null || dpId == null) {
        LOG.warn("{} ACL parameters can not be null. dpId={}, aclUuidList={}", this.directionString, dpId, aclUuidList);
        return false;
    }
    for (Uuid aclUuid : aclUuidList) {
        Acl acl = this.aclDataUtil.getAcl(aclUuid.getValue());
        if (null == acl) {
            LOG.warn("The ACL {} not found in cache", aclUuid.getValue());
            continue;
        }
        AccessListEntries accessListEntries = acl.getAccessListEntries();
        List<Ace> aceList = accessListEntries.getAce();
        for (Ace ace : aceList) {
            programAceRule(port, aclUuid.getValue(), ace, addOrRemove);
        }
    }
    return true;
}

Example 3 with Ace

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace in project netvirt by opendaylight.

the class PolicyServiceUtil method getAcePolicyClassifier.

public Optional<String> getAcePolicyClassifier(Ace ace) {
    Actions actions = ace.getActions();
    SetPolicyClassifier setPolicyClassifier = actions.getAugmentation(SetPolicyClassifier.class);
    if (setPolicyClassifier == null) {
        LOG.warn("No valid policy action found for ACE rule {}", ace.getRuleName());
        return Optional.absent();
    }
    Class<? extends DirectionBase> direction;
    try {
        direction = setPolicyClassifier.getDirection();
    } catch (IllegalArgumentException e) {
        LOG.warn("Failed to parse policy classifier direction");
        return Optional.absent();
    }
    if (direction == null || !direction.isAssignableFrom(DirectionEgress.class)) {
        LOG.trace("Ignoring non egress policy ACE rule {}", ace.getRuleName());
        return Optional.absent();
    }
    return Optional.of(setPolicyClassifier.getPolicyClassifier());
}

Example 4 with Ace

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace in project netvirt by opendaylight.

the class ConfigurationClassifierImpl method getEntriesForAce.

private Set<ClassifierRenderableEntry> getEntriesForAce(Ace ace) {
    String ruleName = ace.getRuleName();
    LOG.debug("Generating classifier entries for Ace: {}", ruleName);
    LOG.trace("Ace details: {}", ace);
    Optional<NetvirtsfcAclActions> sfcActions = Optional.ofNullable(ace.getActions()).map(actions -> actions.getAugmentation(RedirectToSfc.class));
    String rspName = sfcActions.map(NetvirtsfcAclActions::getRspName).map(Strings::emptyToNull).orElse(null);
    String sfpName = sfcActions.map(NetvirtsfcAclActions::getSfpName).map(Strings::emptyToNull).orElse(null);
    if (rspName == null && sfpName == null) {
        LOG.debug("Ace {} ignored: no valid SFC redirect action", ruleName);
        return Collections.emptySet();
    }
    if (rspName != null && sfpName != null) {
        LOG.warn("Ace {} ignored: both SFP and a RSP as redirect actions not supported", ruleName);
        return Collections.emptySet();
    }
    Matches matches = ace.getMatches();
    if (matches == null) {
        LOG.warn("Ace {} ignored: no matches", ruleName);
        return Collections.emptySet();
    }
    NeutronNetwork network = matches.getAugmentation(NeutronNetwork.class);
    if (sfpName != null && network != null) {
        LOG.warn("Ace {} ignored: SFP redirect action with neutron network match not supported", ruleName);
        return Collections.emptySet();
    }
    String sourcePort = Optional.ofNullable(matches.getAugmentation(NeutronPorts.class)).map(NeutronPorts::getSourcePortUuid).map(Strings::emptyToNull).orElse(null);
    String destinationPort = Optional.ofNullable(matches.getAugmentation(NeutronPorts.class)).map(NeutronPorts::getDestinationPortUuid).map(Strings::emptyToNull).orElse(null);
    if (rspName != null) {
        return getEntriesForRspRedirect(ruleName, sourcePort, destinationPort, network, rspName, matches);
    }
    return getEntriesForSfpRedirect(ruleName, sourcePort, destinationPort, sfpName, matches);
}

Example 5 with Ace

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace in project netvirt by opendaylight.

the class ConfigurationClassifierImpl method getEntriesForRspRedirect.

private Set<ClassifierRenderableEntry> getEntriesForRspRedirect(String ruleName, String sourcePort, String destinationPort, NeutronNetwork neutronNetwork, String rspName, Matches matches) {
    RenderedServicePath rsp = sfcProvider.getRenderedServicePath(rspName).orElse(null);
    if (rsp == null) {
        LOG.debug("Ace {} ignored: RSP {} not yet available", ruleName, rspName);
        return Collections.emptySet();
    }
    if (destinationPort != null) {
        LOG.warn("Ace {}: destination port is ignored combined with RSP redirect");
    }
    List<String> interfaces = new ArrayList<>();
    if (neutronNetwork != null) {
        interfaces.addAll(netvirtProvider.getLogicalInterfacesFromNeutronNetwork(neutronNetwork));
    }
    if (sourcePort != null) {
        interfaces.add(sourcePort);
    }
    if (interfaces.isEmpty()) {
        LOG.debug("Ace {} ignored: no interfaces to match against", ruleName);
        return Collections.emptySet();
    }
    return this.buildEntries(ruleName, interfaces, matches, rsp);
}