Examples with InterfaceAcl org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl used on opensource projects

Example 1 with InterfaceAcl

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl in project netvirt by opendaylight.

the class AclInterfaceStateListener method add.

@Override
protected void add(InstanceIdentifier<Interface> key, Interface added) {
    if (!L2vlan.class.equals(added.getType())) {
        return;
    }
    org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface iface;
    iface = interfaceManager.getInterfaceInfoFromConfigDataStore(added.getName());
    if (iface == null) {
        LOG.error("No interface with name {} available in interfaceConfig, servicing interfaceState ADD" + "for ACL failed", added.getName());
        return;
    }
    InterfaceAcl aclInPort = iface.getAugmentation(InterfaceAcl.class);
    if (aclInPort == null) {
        LOG.trace("Interface {} is not an ACL Interface, ignoring ADD interfaceState event", added.getName());
        return;
    }
    AclInterface aclInterface = aclInterfaceCache.addOrUpdate(added.getName(), (prevAclInterface, builder) -> {
        builder.dpId(AclServiceUtils.getDpIdFromIterfaceState(added)).lPortTag(added.getIfIndex()).isMarkedForDelete(false);
        if (AclServiceUtils.isOfInterest(prevAclInterface)) {
            if (prevAclInterface.getSubnetIpPrefixes() == null) {
                // For upgrades
                List<IpPrefixOrAddress> subnetIpPrefixes = AclServiceUtils.getSubnetIpPrefixes(dataBroker, added.getName());
                builder.subnetIpPrefixes(subnetIpPrefixes);
            }
            SortedSet<Integer> ingressRemoteAclTags = aclServiceUtils.getRemoteAclTags(aclInPort.getSecurityGroups(), DirectionIngress.class);
            SortedSet<Integer> egressRemoteAclTags = aclServiceUtils.getRemoteAclTags(aclInPort.getSecurityGroups(), DirectionEgress.class);
            builder.ingressRemoteAclTags(ingressRemoteAclTags).egressRemoteAclTags(egressRemoteAclTags);
        }
    });
    if (AclServiceUtils.isOfInterest(aclInterface)) {
        List<Uuid> aclList = aclInterface.getSecurityGroups();
        if (aclList != null) {
            aclDataUtil.addAclInterfaceMap(aclList, aclInterface);
        }
        if (aclInterface.getElanId() == null) {
            LOG.debug("On Add event, skip ADD since ElanId is not updated");
            return;
        }
        if (aclClusterUtil.isEntityOwner()) {
            LOG.debug("On add event, notify ACL service manager to add ACL for interface: {}", aclInterface);
            aclServiceManger.notify(aclInterface, null, Action.BIND);
            if (aclList != null) {
                aclServiceUtils.addAclPortsLookup(aclInterface, aclList, aclInterface.getAllowedAddressPairs());
            }
            aclServiceManger.notify(aclInterface, null, Action.ADD);
        }
    }
}

Example 2 with InterfaceAcl

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl in project netvirt by opendaylight.

the class AclInterfaceListener method addOrUpdateAclInterfaceCache.

private AclInterface addOrUpdateAclInterfaceCache(String interfaceId, InterfaceAcl aclInPort, boolean isSgChanged, org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface interfaceState) {
    AclInterface aclInterface = aclInterfaceCache.addOrUpdate(interfaceId, (prevAclInterface, builder) -> {
        List<Uuid> sgs = new ArrayList<>();
        if (aclInPort != null) {
            sgs = aclInPort.getSecurityGroups();
            builder.portSecurityEnabled(aclInPort.isPortSecurityEnabled()).securityGroups(sgs).allowedAddressPairs(aclInPort.getAllowedAddressPairs());
        }
        if ((prevAclInterface == null || prevAclInterface.getLPortTag() == null) && interfaceState != null) {
            builder.dpId(AclServiceUtils.getDpIdFromIterfaceState(interfaceState)).lPortTag(interfaceState.getIfIndex()).isMarkedForDelete(false);
        }
        if (prevAclInterface == null) {
            builder.subnetIpPrefixes(AclServiceUtils.getSubnetIpPrefixes(dataBroker, interfaceId));
        }
        if (prevAclInterface == null || prevAclInterface.getElanId() == null) {
            builder.elanId(AclServiceUtils.getElanIdFromInterface(interfaceId, dataBroker));
        }
        if (prevAclInterface == null || isSgChanged) {
            builder.ingressRemoteAclTags(aclServiceUtils.getRemoteAclTags(sgs, DirectionIngress.class)).egressRemoteAclTags(aclServiceUtils.getRemoteAclTags(sgs, DirectionEgress.class));
        }
    });
    // Clone and return the ACL interface object
    return AclInterface.builder(aclInterface).build();
}

Example 3 with InterfaceAcl

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl in project netvirt by opendaylight.

the class AclInterfaceListener method update.

@Override
public void update(InstanceIdentifier<Interface> key, Interface portBefore, Interface portAfter) {
    if (portBefore.getAugmentation(ParentRefs.class) == null && portAfter.getAugmentation(ParentRefs.class) != null) {
        LOG.trace("Ignoring event for update in ParentRefs for {} ", portAfter.getName());
        return;
    }
    LOG.trace("Received AclInterface update event, portBefore={}, portAfter={}", portBefore, portAfter);
    InterfaceAcl aclInPortAfter = portAfter.getAugmentation(InterfaceAcl.class);
    InterfaceAcl aclInPortBefore = portBefore.getAugmentation(InterfaceAcl.class);
    String interfaceId = portAfter.getName();
    org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface interfaceState = AclServiceUtils.getInterfaceStateFromOperDS(dataBroker, interfaceId);
    AclInterface aclInterfaceBefore = aclInterfaceCache.get(interfaceId);
    if (aclInterfaceBefore == null || isPortSecurityEnabledNow(aclInPortBefore, aclInPortAfter)) {
        // Updating cache now as it might have not updated when
        // port-security-enable=false
        aclInterfaceBefore = addOrUpdateAclInterfaceCache(interfaceId, aclInPortBefore, true, interfaceState);
    }
    if (aclInPortAfter != null && aclInPortAfter.isPortSecurityEnabled() || aclInPortBefore != null && aclInPortBefore.isPortSecurityEnabled()) {
        boolean isSgChanged = isSecurityGroupsChanged(aclInPortBefore.getSecurityGroups(), aclInPortAfter.getSecurityGroups());
        AclInterface aclInterfaceAfter = addOrUpdateAclInterfaceCache(interfaceId, aclInPortAfter, isSgChanged, interfaceState);
        if (aclClusterUtil.isEntityOwner()) {
            // Handle bind/unbind service irrespective of interface state (up/down)
            boolean isPortSecurityEnable = aclInterfaceAfter.isPortSecurityEnabled();
            boolean isPortSecurityEnableBefore = aclInterfaceBefore.isPortSecurityEnabled();
            // if port security enable is changed and is disabled, unbind ACL service
            if (isPortSecurityEnableBefore != isPortSecurityEnable && !isPortSecurityEnable) {
                LOG.debug("Notify unbind ACL service for interface={}, isPortSecurityEnable={}", interfaceId, isPortSecurityEnable);
                aclServiceManager.notify(aclInterfaceAfter, null, Action.UNBIND);
            }
            if (interfaceState != null && interfaceState.getOperStatus().equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface.OperStatus.Up)) {
                // if port security enable is changed and is enabled, bind ACL service
                if (isPortSecurityEnableBefore != isPortSecurityEnable && isPortSecurityEnable) {
                    LOG.debug("Notify bind ACL service for interface={}, isPortSecurityEnable={}", interfaceId, isPortSecurityEnable);
                    aclServiceManager.notify(aclInterfaceAfter, null, Action.BIND);
                }
                LOG.debug("On update event, notify ACL service manager to update ACL for interface: {}", interfaceId);
                // handle add for AclPortsLookup before processing update
                try {
                    Futures.allAsList(aclServiceUtils.addAclPortsLookupForInterfaceUpdate(aclInterfaceBefore, aclInterfaceAfter)).get();
                } catch (InterruptedException | ExecutionException e) {
                    LOG.error("Error adding ACL ports for interface update", e);
                }
                aclServiceManager.notify(aclInterfaceAfter, aclInterfaceBefore, AclServiceManager.Action.UPDATE);
                // handle delete for AclPortsLookup after processing update
                try {
                    Futures.allAsList(aclServiceUtils.deleteAclPortsLookupForInterfaceUpdate(aclInterfaceBefore, aclInterfaceAfter)).get();
                } catch (InterruptedException | ExecutionException e) {
                    LOG.error("Error deleting ACL ports for interface update", e);
                }
            }
        }
        updateCacheWithAclChange(aclInterfaceBefore, aclInterfaceAfter);
    }
}

Example 4 with InterfaceAcl

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl in project netvirt by opendaylight.

the class AclInterfaceListener method add.

@Override
public void add(InstanceIdentifier<Interface> key, Interface port) {
    LOG.trace("Received AclInterface add event, port={}", port);
    InterfaceAcl aclInPort = port.getAugmentation(InterfaceAcl.class);
    if (aclInPort != null && aclInPort.isPortSecurityEnabled()) {
        String interfaceId = port.getName();
        AclInterface aclInterface = addOrUpdateAclInterfaceCache(interfaceId, aclInPort);
        // if interface state event comes first followed by interface config event.
        if (aclInterface.getDpId() != null && aclInterface.getElanId() != null && aclClusterUtil.isEntityOwner()) {
            LOG.debug("On add event, notify ACL bind/add for interface: {}", interfaceId);
            aclServiceManager.notify(aclInterface, null, Action.BIND);
            aclServiceManager.notify(aclInterface, null, Action.ADD);
        }
    }
}

Example 5 with InterfaceAcl

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl in project netvirt by opendaylight.

the class AclInstanceRecoveryHandler method recoverService.

@Override
public void recoverService(String entityId) {
    LOG.info("Recover ACL instance {}", entityId);
    Uuid aclId = new Uuid(entityId);
    Collection<AclInterface> aclInterfaces = aclDataUtil.getInterfaceList(aclId);
    for (AclInterface aclInterface : aclInterfaces) {
        String aclInterfaceId = aclInterface.getInterfaceId();
        Optional<Interface> interfaceOptional = AclServiceUtils.getInterface(dataBroker, aclInterfaceId);
        if (interfaceOptional.isPresent()) {
            Interface interfaceBefore = interfaceOptional.get();
            LOG.debug("Starting Recovery of acl Instance {} for interface {}", entityId, interfaceBefore.getName());
            InterfaceAcl interfaceAclBefore = interfaceBefore.getAugmentation(InterfaceAcl.class);
            List<Uuid> sgList = new ArrayList<>(interfaceAclBefore.getSecurityGroups());
            sgList.remove(aclId);
            InterfaceAcl interfaceAclAfter = new InterfaceAclBuilder(interfaceAclBefore).setSecurityGroups(sgList).build();
            Interface interfaceAfter = new InterfaceBuilder(interfaceBefore).addAugmentation(InterfaceAcl.class, interfaceAclAfter).build();
            aclInterfaceListener.update(null, interfaceBefore, interfaceAfter);
            aclInterfaceListener.update(null, interfaceAfter, interfaceBefore);
        } else {
            LOG.error("Interfaces not present for aclInterface {} ", aclInterfaceId);
        }
    }
}