[SONA] Enable connection tracking only when security group is enabled
Change-Id: Ia5731c8c878c48c53e7397bf51687dd31c9b839f
diff --git a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/api/OpenstackSecurityGroupService.java b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/api/OpenstackSecurityGroupService.java
index c224ac6..98ac3b7 100644
--- a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/api/OpenstackSecurityGroupService.java
+++ b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/api/OpenstackSecurityGroupService.java
@@ -40,4 +40,18 @@
* @return security group
*/
SecurityGroup securityGroup(String sgId);
+
+ /**
+ * Returns whether security group is enabled or not.
+ *
+ * @return true security group is enabled, false otherwise
+ */
+ boolean isSecurityGroupEnabled();
+
+ /**
+ * Sets security group enable option.
+ *
+ * @param option security group enable option
+ */
+ void setSecurityGroupEnabled(boolean option);
}
diff --git a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSecurityGroupHandler.java b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSecurityGroupHandler.java
index 23622f4..23beaf9 100644
--- a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSecurityGroupHandler.java
+++ b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSecurityGroupHandler.java
@@ -129,6 +129,7 @@
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected OpenstackNodeService osNodeService;
+ @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected DriverService driverService;
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
@@ -206,6 +207,7 @@
useSecurityGroup ? "enabled" : "disabled");
}
+ securityGroupService.setSecurityGroupEnabled(useSecurityGroup);
resetSecurityGroupRules();
}
diff --git a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSecurityGroupManager.java b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSecurityGroupManager.java
index 2e5891d..f6a4de7 100644
--- a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSecurityGroupManager.java
+++ b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSecurityGroupManager.java
@@ -70,6 +70,8 @@
private static final String ERR_NOT_FOUND = "not found";
private static final String ERR_DUPLICATE = "already exist";
+ private boolean useSecurityGroup = false;
+
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected CoreService coreService;
@@ -189,6 +191,16 @@
}
@Override
+ public boolean isSecurityGroupEnabled() {
+ return useSecurityGroup;
+ }
+
+ @Override
+ public void setSecurityGroupEnabled(boolean option) {
+ useSecurityGroup = option;
+ }
+
+ @Override
public void clear() {
osSecurityGroupStore.clear();
}
diff --git a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSwitchingHandler.java b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSwitchingHandler.java
index 4622660..514425b 100644
--- a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSwitchingHandler.java
+++ b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSwitchingHandler.java
@@ -43,6 +43,7 @@
import org.onosproject.openstacknetworking.api.OpenstackNetworkEvent;
import org.onosproject.openstacknetworking.api.OpenstackNetworkListener;
import org.onosproject.openstacknetworking.api.OpenstackNetworkService;
+import org.onosproject.openstacknetworking.api.OpenstackSecurityGroupService;
import org.onosproject.openstacknode.api.OpenstackNode;
import org.onosproject.openstacknode.api.OpenstackNodeService;
import org.openstack4j.model.network.Network;
@@ -54,7 +55,6 @@
import static java.util.concurrent.Executors.newSingleThreadExecutor;
import static org.onlab.util.Tools.groupedThreads;
-
import static org.onosproject.openstacknetworking.api.Constants.ACL_TABLE;
import static org.onosproject.openstacknetworking.api.Constants.FORWARDING_TABLE;
import static org.onosproject.openstacknetworking.api.Constants.OPENSTACK_NETWORKING_APP_ID;
@@ -108,6 +108,9 @@
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected DriverService driverService;
+ @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+ protected OpenstackSecurityGroupService securityGroupService;
+
private final ExecutorService eventExecutor = newSingleThreadExecutor(
groupedThreads(this.getClass().getSimpleName(), "event-handler"));
private final InstancePortListener instancePortListener = new InternalInstancePortListener();
@@ -254,17 +257,19 @@
RulePopulatorUtil.niciraConnTrackTreatmentBuilder(driverService, instPort.deviceId())
.commit(true).build();
- TrafficTreatment treatment = DefaultTrafficTreatment.builder()
+ TrafficTreatment.Builder tb = DefaultTrafficTreatment.builder()
.setTunnelId(getVni(instPort))
- .transition(ACL_TABLE)
- .extension(ctTreatment, instPort.deviceId())
- .build();
+ .transition(ACL_TABLE);
+
+ if (securityGroupService.isSecurityGroupEnabled()) {
+ tb.extension(ctTreatment, instPort.deviceId());
+ }
osFlowRuleService.setRule(
appId,
instPort.deviceId(),
selector,
- treatment,
+ tb.build(),
PRIORITY_TUNNEL_TAG_RULE,
SRC_VNI_TABLE,
install);