use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl in project netvirt by opendaylight.
the class AclInterfaceStateListener method add.
@Override
protected void add(InstanceIdentifier<Interface> key, Interface added) {
if (!L2vlan.class.equals(added.getType())) {
return;
}
org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface iface;
iface = interfaceManager.getInterfaceInfoFromConfigDataStore(added.getName());
if (iface == null) {
LOG.error("No interface with name {} available in interfaceConfig, servicing interfaceState ADD" + "for ACL failed", added.getName());
return;
}
InterfaceAcl aclInPort = iface.getAugmentation(InterfaceAcl.class);
if (aclInPort == null) {
LOG.trace("Interface {} is not an ACL Interface, ignoring ADD interfaceState event", added.getName());
return;
}
AclInterface aclInterface = aclInterfaceCache.addOrUpdate(added.getName(), (prevAclInterface, builder) -> {
builder.dpId(AclServiceUtils.getDpIdFromIterfaceState(added)).lPortTag(added.getIfIndex()).isMarkedForDelete(false);
if (AclServiceUtils.isOfInterest(prevAclInterface)) {
if (prevAclInterface.getSubnetIpPrefixes() == null) {
// For upgrades
List<IpPrefixOrAddress> subnetIpPrefixes = AclServiceUtils.getSubnetIpPrefixes(dataBroker, added.getName());
builder.subnetIpPrefixes(subnetIpPrefixes);
}
SortedSet<Integer> ingressRemoteAclTags = aclServiceUtils.getRemoteAclTags(aclInPort.getSecurityGroups(), DirectionIngress.class);
SortedSet<Integer> egressRemoteAclTags = aclServiceUtils.getRemoteAclTags(aclInPort.getSecurityGroups(), DirectionEgress.class);
builder.ingressRemoteAclTags(ingressRemoteAclTags).egressRemoteAclTags(egressRemoteAclTags);
}
});
if (AclServiceUtils.isOfInterest(aclInterface)) {
List<Uuid> aclList = aclInterface.getSecurityGroups();
if (aclList != null) {
aclDataUtil.addAclInterfaceMap(aclList, aclInterface);
}
if (aclInterface.getElanId() == null) {
LOG.debug("On Add event, skip ADD since ElanId is not updated");
return;
}
if (aclClusterUtil.isEntityOwner()) {
LOG.debug("On add event, notify ACL service manager to add ACL for interface: {}", aclInterface);
aclServiceManger.notify(aclInterface, null, Action.BIND);
if (aclList != null) {
aclServiceUtils.addAclPortsLookup(aclInterface, aclList, aclInterface.getAllowedAddressPairs());
}
aclServiceManger.notify(aclInterface, null, Action.ADD);
}
}
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl in project netvirt by opendaylight.
the class AclInterfaceListener method addOrUpdateAclInterfaceCache.
private AclInterface addOrUpdateAclInterfaceCache(String interfaceId, InterfaceAcl aclInPort, boolean isSgChanged, org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface interfaceState) {
AclInterface aclInterface = aclInterfaceCache.addOrUpdate(interfaceId, (prevAclInterface, builder) -> {
List<Uuid> sgs = new ArrayList<>();
if (aclInPort != null) {
sgs = aclInPort.getSecurityGroups();
builder.portSecurityEnabled(aclInPort.isPortSecurityEnabled()).securityGroups(sgs).allowedAddressPairs(aclInPort.getAllowedAddressPairs());
}
if ((prevAclInterface == null || prevAclInterface.getLPortTag() == null) && interfaceState != null) {
builder.dpId(AclServiceUtils.getDpIdFromIterfaceState(interfaceState)).lPortTag(interfaceState.getIfIndex()).isMarkedForDelete(false);
}
if (prevAclInterface == null) {
builder.subnetIpPrefixes(AclServiceUtils.getSubnetIpPrefixes(dataBroker, interfaceId));
}
if (prevAclInterface == null || prevAclInterface.getElanId() == null) {
builder.elanId(AclServiceUtils.getElanIdFromInterface(interfaceId, dataBroker));
}
if (prevAclInterface == null || isSgChanged) {
builder.ingressRemoteAclTags(aclServiceUtils.getRemoteAclTags(sgs, DirectionIngress.class)).egressRemoteAclTags(aclServiceUtils.getRemoteAclTags(sgs, DirectionEgress.class));
}
});
// Clone and return the ACL interface object
return AclInterface.builder(aclInterface).build();
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl in project netvirt by opendaylight.
the class AclInterfaceListener method update.
@Override
public void update(InstanceIdentifier<Interface> key, Interface portBefore, Interface portAfter) {
if (portBefore.getAugmentation(ParentRefs.class) == null && portAfter.getAugmentation(ParentRefs.class) != null) {
LOG.trace("Ignoring event for update in ParentRefs for {} ", portAfter.getName());
return;
}
LOG.trace("Received AclInterface update event, portBefore={}, portAfter={}", portBefore, portAfter);
InterfaceAcl aclInPortAfter = portAfter.getAugmentation(InterfaceAcl.class);
InterfaceAcl aclInPortBefore = portBefore.getAugmentation(InterfaceAcl.class);
String interfaceId = portAfter.getName();
org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface interfaceState = AclServiceUtils.getInterfaceStateFromOperDS(dataBroker, interfaceId);
AclInterface aclInterfaceBefore = aclInterfaceCache.get(interfaceId);
if (aclInterfaceBefore == null || isPortSecurityEnabledNow(aclInPortBefore, aclInPortAfter)) {
// Updating cache now as it might have not updated when
// port-security-enable=false
aclInterfaceBefore = addOrUpdateAclInterfaceCache(interfaceId, aclInPortBefore, true, interfaceState);
}
if (aclInPortAfter != null && aclInPortAfter.isPortSecurityEnabled() || aclInPortBefore != null && aclInPortBefore.isPortSecurityEnabled()) {
boolean isSgChanged = isSecurityGroupsChanged(aclInPortBefore.getSecurityGroups(), aclInPortAfter.getSecurityGroups());
AclInterface aclInterfaceAfter = addOrUpdateAclInterfaceCache(interfaceId, aclInPortAfter, isSgChanged, interfaceState);
if (aclClusterUtil.isEntityOwner()) {
// Handle bind/unbind service irrespective of interface state (up/down)
boolean isPortSecurityEnable = aclInterfaceAfter.isPortSecurityEnabled();
boolean isPortSecurityEnableBefore = aclInterfaceBefore.isPortSecurityEnabled();
// if port security enable is changed and is disabled, unbind ACL service
if (isPortSecurityEnableBefore != isPortSecurityEnable && !isPortSecurityEnable) {
LOG.debug("Notify unbind ACL service for interface={}, isPortSecurityEnable={}", interfaceId, isPortSecurityEnable);
aclServiceManager.notify(aclInterfaceAfter, null, Action.UNBIND);
}
if (interfaceState != null && interfaceState.getOperStatus().equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface.OperStatus.Up)) {
// if port security enable is changed and is enabled, bind ACL service
if (isPortSecurityEnableBefore != isPortSecurityEnable && isPortSecurityEnable) {
LOG.debug("Notify bind ACL service for interface={}, isPortSecurityEnable={}", interfaceId, isPortSecurityEnable);
aclServiceManager.notify(aclInterfaceAfter, null, Action.BIND);
}
LOG.debug("On update event, notify ACL service manager to update ACL for interface: {}", interfaceId);
// handle add for AclPortsLookup before processing update
try {
Futures.allAsList(aclServiceUtils.addAclPortsLookupForInterfaceUpdate(aclInterfaceBefore, aclInterfaceAfter)).get();
} catch (InterruptedException | ExecutionException e) {
LOG.error("Error adding ACL ports for interface update", e);
}
aclServiceManager.notify(aclInterfaceAfter, aclInterfaceBefore, AclServiceManager.Action.UPDATE);
// handle delete for AclPortsLookup after processing update
try {
Futures.allAsList(aclServiceUtils.deleteAclPortsLookupForInterfaceUpdate(aclInterfaceBefore, aclInterfaceAfter)).get();
} catch (InterruptedException | ExecutionException e) {
LOG.error("Error deleting ACL ports for interface update", e);
}
}
}
updateCacheWithAclChange(aclInterfaceBefore, aclInterfaceAfter);
}
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl in project netvirt by opendaylight.
the class AclInterfaceListener method add.
@Override
public void add(InstanceIdentifier<Interface> key, Interface port) {
LOG.trace("Received AclInterface add event, port={}", port);
InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class);
if (aclInPort != null && aclInPort.isPortSecurityEnabled()) {
String interfaceId = port.getName();
AclInterface aclInterface = addOrUpdateAclInterfaceCache(interfaceId, aclInPort);
// if interface state event comes first followed by interface config event.
if (aclInterface.getDpId() != null && aclInterface.getElanId() != null && aclClusterUtil.isEntityOwner()) {
LOG.debug("On add event, notify ACL bind/add for interface: {}", interfaceId);
aclServiceManager.notify(aclInterface, null, Action.BIND);
aclServiceManager.notify(aclInterface, null, Action.ADD);
}
}
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl in project netvirt by opendaylight.
the class AclInstanceRecoveryHandler method recoverService.
@Override
public void recoverService(String entityId) {
LOG.info("Recover ACL instance {}", entityId);
Uuid aclId = new Uuid(entityId);
Collection<AclInterface> aclInterfaces = aclDataUtil.getInterfaceList(aclId);
for (AclInterface aclInterface : aclInterfaces) {
String aclInterfaceId = aclInterface.getInterfaceId();
Optional<Interface> interfaceOptional = AclServiceUtils.getInterface(dataBroker, aclInterfaceId);
if (interfaceOptional.isPresent()) {
Interface interfaceBefore = interfaceOptional.get();
LOG.debug("Starting Recovery of acl Instance {} for interface {}", entityId, interfaceBefore.getName());
InterfaceAcl interfaceAclBefore = interfaceBefore.getAugmentation(InterfaceAcl.class);
List<Uuid> sgList = new ArrayList<>(interfaceAclBefore.getSecurityGroups());
sgList.remove(aclId);
InterfaceAcl interfaceAclAfter = new InterfaceAclBuilder(interfaceAclBefore).setSecurityGroups(sgList).build();
Interface interfaceAfter = new InterfaceBuilder(interfaceBefore).addAugmentation(InterfaceAcl.class, interfaceAclAfter).build();
aclInterfaceListener.update(null, interfaceBefore, interfaceAfter);
aclInterfaceListener.update(null, interfaceAfter, interfaceBefore);
} else {
LOG.error("Interfaces not present for aclInterface {} ", aclInterfaceId);
}
}
}
Aggregations