Add an ACL application
- change both of the constructors in AclRule.class to be private
- change AclRule.class to be final
- remove useless reference
|URL|Notes|
|-|-|
|GET onos/v1/acl | Lists all existing ACL rules.|
|GET onos/v1/acl/remove/{id} | Removes an existing ACL rule by id|
|GET onos/v1/acl/clear | Clears ACL and reset all|
|POST onos/v1/acl/add | Adds a new ACL rule|
|Key|Value|Notes|
|-|-|-|
|ipProto | string | "TCP" or "UDP" or "ICMP" (ignoring case)|
|srcIp | IPv4 address[/mask] | Either src-ip or dst-ip must be specified.|
|dstIp | IPv4 address[/mask] | Either src-ip or dst-ip must be specified.|
|dstTpPort | number | Valid when nw-proto == "TCP" or "UDP".|
|action | string | "DENY" or "ALLOW" (ignoring case), set to "DENY" if not specified.|
Change-Id: I55170d5f50814eabef43b1bf2ee33af41b5987e4
diff --git a/apps/acl/src/main/java/org/onos/acl/AclStore.java b/apps/acl/src/main/java/org/onos/acl/AclStore.java
new file mode 100644
index 0000000..47531b2
--- /dev/null
+++ b/apps/acl/src/main/java/org/onos/acl/AclStore.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
+ * Advisers: Keqiu Li and Heng Qi
+ * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
+ * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onos.acl;
+
+import org.onosproject.net.DeviceId;
+import org.onosproject.net.flow.FlowRule;
+import org.onosproject.store.Store;
+
+import java.util.List;
+import java.util.Set;
+
+/**
+ * Service interface exported by ACL distributed store.
+ */
+public interface AclStore extends Store {
+
+ /**
+ * Gets a list containing all ACL rules.
+ * @return a list containing all ACL rules
+ */
+ List<AclRule> getAclRules();
+
+ /**
+ * Adds a new ACL rule.
+ * @param rule new ACL rule
+ */
+ void addAclRule(AclRule rule);
+
+ /**
+ * Gets an existing ACL rule.
+ * @param ruleId ACL rule id
+ * @return ACL rule with the given id
+ */
+ AclRule getAclRule(RuleId ruleId);
+
+ /**
+ * Removes an existing ACL rule by rule id.
+ * @param ruleId ACL rule id
+ */
+ void removeAclRule(RuleId ruleId);
+
+ /**
+ * Clears ACL and reset all.
+ */
+ void clearAcl();
+
+ /**
+ * Gets the current priority for new ACL flow rule by device id.
+ * @param deviceId device id
+ * @return new ACL flow rule's priority in the given device
+ */
+ int getPriorityByDevice(DeviceId deviceId);
+
+ /**
+ * Gets a set containing all ACL flow rules belonging to a given ACL rule.
+ * @param ruleId ACL rule id
+ * @return a set containing all ACL flow rules belonging to the given ACL rule
+ */
+ Set<FlowRule> getFlowByRule(RuleId ruleId);
+
+ /**
+ * Adds a new mapping from ACL rule to ACL flow rule.
+ * @param ruleId ACL rule id
+ * @param flowRule ACL flow rule
+ */
+ void addRuleToFlowMapping(RuleId ruleId, FlowRule flowRule);
+
+ /**
+ * Removes an existing mapping from ACL rule to ACL flow rule.
+ * @param ruleId ACL rule id
+ */
+ void removeRuleToFlowMapping(RuleId ruleId);
+
+ /**
+ * Gets a list containing all allowing ACL rules matching a given denying ACL rule.
+ * @param denyingRuleId denying ACL rule id
+ * @return a list containing all allowing ACL rules matching the given denying ACL rule
+ */
+ List<RuleId> getAllowingRuleByDenyingRule(RuleId denyingRuleId);
+
+ /**
+ * Adds a new mapping from denying ACL rule to allowing ACL rule.
+ * @param denyingRuleId denying ACL rule id
+ * @param allowingRuleId allowing ACL rule id
+ */
+ void addDenyToAllowMapping(RuleId denyingRuleId, RuleId allowingRuleId);
+
+ /**
+ * Removes an exsiting mapping from denying ACL rule to allowing ACL rule.
+ * @param denyingRuleId denying ACL rule id
+ */
+ void removeDenyToAllowMapping(RuleId denyingRuleId);
+
+ /**
+ * Checks if an existing ACL rule already works in a given device.
+ * @param ruleId ACL rule id
+ * @param deviceId devide id
+ * @return true if the given ACL rule works in the given device
+ */
+ boolean checkIfRuleWorksInDevice(RuleId ruleId, DeviceId deviceId);
+
+ /**
+ * Adds a new mapping from ACL rule to device.
+ * @param ruleId ACL rule id
+ * @param deviceId device id
+ */
+ void addRuleToDeviceMapping(RuleId ruleId, DeviceId deviceId);
+
+ /**
+ * Removes an existing mapping from ACL rule to device.
+ * @param ruleId ACL rule id
+ */
+ void removeRuleToDeviceMapping(RuleId ruleId);
+
+}