Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / 6f5b646aa7884e8b13568c98eae1d05eeb4407e8 / . / apps / openstacknetworking / app / src / main / java / org / onosproject / openstacknetworking / cli / OpenstackRemoveAclCommand.java
blob: dde4c5aa8026ab6b5b69ecc860015be0aebc2339 [file] [log] [blame]
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]1/*
2 * Copyright 2018-present Open Networking Foundation
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16package org.onosproject.openstacknetworking.cli;
17
Ray Milkey86ad7bb2018-09-27 12:32:28 -0700[diff] [blame]18import org.apache.karaf.shell.api.action.Argument;
19import org.apache.karaf.shell.api.action.Command;
Ray Milkey7a2dee52018-09-28 10:58:28 -0700[diff] [blame]20import org.apache.karaf.shell.api.action.lifecycle.Service;
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]21import org.onlab.packet.Ethernet;
22import org.onlab.packet.IPv4;
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]23import org.onlab.packet.IpAddress;
24import org.onlab.packet.TpPort;
25import org.onosproject.cli.AbstractShellCommand;
26import org.onosproject.core.ApplicationId;
27import org.onosproject.core.CoreService;
28import org.onosproject.net.flow.DefaultTrafficSelector;
29import org.onosproject.net.flow.DefaultTrafficTreatment;
30import org.onosproject.net.flow.TrafficSelector;
31import org.onosproject.net.flow.TrafficTreatment;
32import org.onosproject.openstacknetworking.api.InstancePort;
33import org.onosproject.openstacknetworking.api.InstancePortService;
34import org.onosproject.openstacknetworking.api.OpenstackFlowRuleService;
35
36import java.util.Optional;
37
Jian Li5c09e212018-10-24 18:23:58 +0900[diff] [blame]38import static org.onosproject.openstacknetworking.api.Constants.DHCP_TABLE;
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]39import static org.onosproject.openstacknetworking.api.Constants.OPENSTACK_NETWORKING_APP_ID;
40import static org.onosproject.openstacknetworking.api.Constants.PRIORITY_FORCED_ACL_RULE;
41
Daniel Parka3ffbdb2018-11-28 13:51:39 +0900[diff] [blame]42/**
43 * Removes the registered acl.
44 */
Ray Milkey7a2dee52018-09-28 10:58:28 -0700[diff] [blame]45@Service
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]46@Command(scope = "onos", name = "openstack-remove-acl",
Daniel Parkcd91a072018-07-09 16:00:40 +0900[diff] [blame]47 description = "Remove acl rules to VM")
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]48public class OpenstackRemoveAclCommand extends AbstractShellCommand {
49 @Argument(index = 0, name = "src ip", description = "src ip address", required = true)
Daniel Parkcd91a072018-07-09 16:00:40 +0900[diff] [blame]50 private String srcIpStr = null;
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]51
Daniel Parkcd91a072018-07-09 16:00:40 +0900[diff] [blame]52 @Argument(index = 1, name = "src ip", description = "src tcp port", required = true)
53 private int srcPort = 0;
54
55 @Argument(index = 2, name = "dst ip", description = "dst ip address", required = true)
56 private String dstIpStr = null;
57
58 @Argument(index = 3, name = "dst port", description = "dst tcp port", required = true)
59 private int dstPort = 0;
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]60
61 @Override
Ray Milkey86ad7bb2018-09-27 12:32:28 -0700[diff] [blame]62 protected void doExecute() {
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]63
64 OpenstackFlowRuleService flowRuleService = AbstractShellCommand.get(OpenstackFlowRuleService.class);
65 CoreService coreService = AbstractShellCommand.get(CoreService.class);
66
67 ApplicationId appId = coreService.getAppId(OPENSTACK_NETWORKING_APP_ID);
68
69 InstancePortService instancePortService = AbstractShellCommand.get(InstancePortService.class);
70
Daniel Parkcd91a072018-07-09 16:00:40 +0900[diff] [blame]71 IpAddress srcIpAddress = null;
72
73 IpAddress dstIpAddress = null;
74
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]75 try {
Daniel Parkcd91a072018-07-09 16:00:40 +0900[diff] [blame]76 srcIpAddress = IpAddress.valueOf(srcIpStr);
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]77
Daniel Parkcd91a072018-07-09 16:00:40 +0900[diff] [blame]78 dstIpAddress = IpAddress.valueOf(dstIpStr);
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]79 } catch (IllegalArgumentException e) {
Daniel Parka3ffbdb2018-11-28 13:51:39 +0900[diff] [blame]80 log.error("IllegalArgumentException occurred because of {}", e);
Ray Milkeyf6911bd2018-07-10 08:50:10 -0700[diff] [blame]81 return;
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]82 }
Daniel Parkcd91a072018-07-09 16:00:40 +0900[diff] [blame]83
84 TrafficSelector.Builder sBuilder = DefaultTrafficSelector.builder()
85 .matchEthType(Ethernet.TYPE_IPV4)
86 .matchIPSrc(srcIpAddress.toIpPrefix())
87 .matchIPDst(dstIpAddress.toIpPrefix());
88
89 TrafficTreatment treatment = DefaultTrafficTreatment.builder().
90 drop().build();
91
92 if (srcPort != 0 || dstPort != 0) {
93 sBuilder.matchIPProtocol(IPv4.PROTOCOL_TCP);
94 if (srcPort != 0) {
95 sBuilder.matchTcpSrc(TpPort.tpPort(srcPort));
96 }
97
98 if (dstPort != 0) {
99 sBuilder.matchTcpDst(TpPort.tpPort(dstPort));
100 }
101 }
102
103 log.info("Deny the packet from srcIp: {}, dstPort: {} to dstIp: {}, dstPort: {}",
104 srcIpAddress.toString(),
105 srcPort,
106 dstIpAddress.toString(),
107 dstPort);
108
109 Optional<InstancePort> instancePort = instancePortService.instancePorts().stream()
110 .filter(port -> port.ipAddress().toString().equals(dstIpStr))
111 .findAny();
112
113 if (!instancePort.isPresent()) {
114 log.info("Instance port that matches with the given dst ip address isn't present {}");
115 return;
116 }
117
118 flowRuleService.setRule(
119 appId,
120 instancePort.get().deviceId(),
121 sBuilder.build(),
122 treatment,
123 PRIORITY_FORCED_ACL_RULE,
Jian Li5c09e212018-10-24 18:23:58 +0900[diff] [blame]124 DHCP_TABLE,
Daniel Parkcd91a072018-07-09 16:00:40 +0900[diff] [blame]125 false);
Daniel Park0e1c7b52018-07-07 01:00:14 +0900[diff] [blame]126 }
127}