Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 1 | /* |
Brian O'Connor | 5ab426f | 2016-04-09 01:19:45 -0700 | [diff] [blame] | 2 | * Copyright 2015-present Open Networking Laboratory |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
Ray Milkey | 8526700 | 2016-11-16 11:06:35 -0800 | [diff] [blame^] | 15 | * |
| 16 | * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China |
| 17 | * Advisers: Keqiu Li, Heng Qi and Haisheng Yu |
| 18 | * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002) |
| 19 | * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute. |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 20 | */ |
Thomas Vachuska | 9bb3235 | 2015-09-25 11:31:22 -0700 | [diff] [blame] | 21 | package org.onosproject.acl.impl; |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 22 | |
| 23 | import com.google.common.collect.Collections2; |
Thomas Vachuska | 9bb3235 | 2015-09-25 11:31:22 -0700 | [diff] [blame] | 24 | import org.onosproject.acl.AclRule; |
| 25 | import org.onosproject.acl.AclStore; |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 26 | import org.apache.felix.scr.annotations.Activate; |
| 27 | import org.apache.felix.scr.annotations.Component; |
| 28 | import org.apache.felix.scr.annotations.Deactivate; |
| 29 | import org.apache.felix.scr.annotations.Reference; |
| 30 | import org.apache.felix.scr.annotations.ReferenceCardinality; |
| 31 | import org.apache.felix.scr.annotations.Service; |
| 32 | import org.onlab.util.KryoNamespace; |
Thomas Vachuska | 9bb3235 | 2015-09-25 11:31:22 -0700 | [diff] [blame] | 33 | import org.onosproject.acl.RuleId; |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 34 | import org.onosproject.core.ApplicationId; |
| 35 | import org.onosproject.core.CoreService; |
| 36 | import org.onosproject.net.DeviceId; |
| 37 | import org.onosproject.net.flow.FlowRule; |
| 38 | import org.onosproject.store.AbstractStore; |
| 39 | import org.onosproject.store.serializers.KryoNamespaces; |
| 40 | import org.onosproject.store.service.ConsistentMap; |
| 41 | import org.onosproject.store.service.Serializer; |
| 42 | import org.onosproject.store.service.StorageService; |
| 43 | import org.onosproject.store.service.Versioned; |
| 44 | import org.slf4j.Logger; |
| 45 | |
| 46 | import java.util.ArrayList; |
| 47 | import java.util.HashSet; |
| 48 | import java.util.List; |
| 49 | import java.util.Set; |
| 50 | |
| 51 | import static org.slf4j.LoggerFactory.getLogger; |
| 52 | |
| 53 | /** |
| 54 | * Implementation of the ACL store service. |
| 55 | */ |
| 56 | @Component(immediate = true) |
| 57 | @Service |
| 58 | public class DistributedAclStore extends AbstractStore implements AclStore { |
| 59 | |
| 60 | private final Logger log = getLogger(getClass()); |
| 61 | private final int defaultFlowMaxPriority = 30000; |
| 62 | |
| 63 | private ConsistentMap<RuleId, AclRule> ruleSet; |
| 64 | private ConsistentMap<DeviceId, Integer> deviceToPriority; |
| 65 | private ConsistentMap<RuleId, Set<DeviceId>> ruleToDevice; |
| 66 | private ConsistentMap<RuleId, Set<FlowRule>> ruleToFlow; |
| 67 | private ConsistentMap<RuleId, List<RuleId>> denyRuleToAllowRule; |
| 68 | |
| 69 | @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY) |
| 70 | protected StorageService storageService; |
| 71 | @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY) |
| 72 | protected CoreService coreService; |
| 73 | |
| 74 | @Activate |
| 75 | public void activate() { |
| 76 | ApplicationId appId = coreService.getAppId("org.onosproject.acl"); |
| 77 | |
| 78 | KryoNamespace.Builder serializer = KryoNamespace.newBuilder() |
| 79 | .register(KryoNamespaces.API) |
| 80 | .register(AclRule.class) |
| 81 | .register(AclRule.Action.class) |
| 82 | .register(RuleId.class); |
| 83 | |
| 84 | ruleSet = storageService.<RuleId, AclRule>consistentMapBuilder() |
| 85 | .withSerializer(Serializer.using(serializer.build())) |
| 86 | .withName("acl-rule-set") |
| 87 | .withApplicationId(appId) |
| 88 | .withPurgeOnUninstall() |
| 89 | .build(); |
| 90 | |
| 91 | deviceToPriority = storageService.<DeviceId, Integer>consistentMapBuilder() |
| 92 | .withSerializer(Serializer.using(serializer.build())) |
| 93 | .withName("device-to-priority") |
| 94 | .withApplicationId(appId) |
| 95 | .withPurgeOnUninstall() |
| 96 | .build(); |
| 97 | |
| 98 | ruleToFlow = storageService.<RuleId, Set<FlowRule>>consistentMapBuilder() |
| 99 | .withSerializer(Serializer.using(serializer.build())) |
| 100 | .withName("rule-to-flow") |
| 101 | .withApplicationId(appId) |
| 102 | .withPurgeOnUninstall() |
| 103 | .build(); |
| 104 | |
| 105 | denyRuleToAllowRule = storageService.<RuleId, List<RuleId>>consistentMapBuilder() |
| 106 | .withSerializer(Serializer.using(serializer.build())) |
| 107 | .withName("deny-to-allow") |
| 108 | .withApplicationId(appId) |
| 109 | .withPurgeOnUninstall() |
| 110 | .build(); |
| 111 | |
| 112 | ruleToDevice = storageService.<RuleId, Set<DeviceId>>consistentMapBuilder() |
| 113 | .withSerializer(Serializer.using(serializer.build())) |
| 114 | .withName("rule-to-device") |
| 115 | .withApplicationId(appId) |
| 116 | .withPurgeOnUninstall() |
| 117 | .build(); |
| 118 | |
| 119 | log.info("Started"); |
| 120 | } |
| 121 | |
| 122 | @Deactivate |
| 123 | public void deactive() { |
| 124 | log.info("Stopped"); |
| 125 | } |
| 126 | |
| 127 | @Override |
| 128 | public List<AclRule> getAclRules() { |
| 129 | List<AclRule> aclRules = new ArrayList<>(); |
| 130 | aclRules.addAll(Collections2.transform(ruleSet.values(), Versioned::value)); |
| 131 | return aclRules; |
| 132 | } |
| 133 | |
| 134 | @Override |
| 135 | public void addAclRule(AclRule rule) { |
| 136 | ruleSet.putIfAbsent(rule.id(), rule); |
| 137 | } |
| 138 | |
| 139 | @Override |
| 140 | public AclRule getAclRule(RuleId ruleId) { |
| 141 | Versioned<AclRule> rule = ruleSet.get(ruleId); |
| 142 | if (rule != null) { |
| 143 | return rule.value(); |
| 144 | } else { |
| 145 | return null; |
| 146 | } |
| 147 | } |
| 148 | |
| 149 | @Override |
| 150 | public void removeAclRule(RuleId ruleId) { |
| 151 | ruleSet.remove(ruleId); |
| 152 | } |
| 153 | |
| 154 | @Override |
| 155 | public void clearAcl() { |
| 156 | ruleSet.clear(); |
| 157 | deviceToPriority.clear(); |
| 158 | ruleToFlow.clear(); |
| 159 | denyRuleToAllowRule.clear(); |
| 160 | ruleToDevice.clear(); |
| 161 | } |
| 162 | |
| 163 | @Override |
| 164 | public int getPriorityByDevice(DeviceId deviceId) { |
| 165 | return deviceToPriority.compute(deviceId, |
| 166 | (id, priority) -> (priority == null) ? defaultFlowMaxPriority : (priority - 1)) |
| 167 | .value(); |
| 168 | } |
| 169 | |
| 170 | @Override |
| 171 | public Set<FlowRule> getFlowByRule(RuleId ruleId) { |
| 172 | Versioned<Set<FlowRule>> flowRuleSet = ruleToFlow.get(ruleId); |
| 173 | if (flowRuleSet != null) { |
| 174 | return flowRuleSet.value(); |
| 175 | } else { |
| 176 | return null; |
| 177 | } |
| 178 | } |
| 179 | |
| 180 | @Override |
| 181 | public void addRuleToFlowMapping(RuleId ruleId, FlowRule flowRule) { |
| 182 | ruleToFlow.computeIf(ruleId, |
| 183 | flowRuleSet -> (flowRuleSet == null || !flowRuleSet.contains(flowRule)), |
| 184 | (id, flowRuleSet) -> { |
| 185 | Set<FlowRule> newSet = new HashSet<>(); |
| 186 | if (flowRuleSet != null) { |
| 187 | newSet.addAll(flowRuleSet); |
| 188 | } |
| 189 | newSet.add(flowRule); |
| 190 | return newSet; |
| 191 | }); |
| 192 | } |
| 193 | |
| 194 | @Override |
| 195 | public void removeRuleToFlowMapping(RuleId ruleId) { |
| 196 | ruleToFlow.remove(ruleId); |
| 197 | } |
| 198 | |
| 199 | @Override |
| 200 | public List<RuleId> getAllowingRuleByDenyingRule(RuleId denyingRuleId) { |
| 201 | Versioned<List<RuleId>> allowRuleIdSet = denyRuleToAllowRule.get(denyingRuleId); |
| 202 | if (allowRuleIdSet != null) { |
| 203 | return allowRuleIdSet.value(); |
| 204 | } else { |
| 205 | return null; |
| 206 | } |
| 207 | } |
| 208 | |
| 209 | @Override |
| 210 | public void addDenyToAllowMapping(RuleId denyingRuleId, RuleId allowingRuleId) { |
| 211 | denyRuleToAllowRule.computeIf(denyingRuleId, |
| 212 | ruleIdList -> (ruleIdList == null || !ruleIdList.contains(allowingRuleId)), |
| 213 | (id, ruleIdList) -> { |
| 214 | ArrayList<RuleId> newList = new ArrayList<>(); |
| 215 | if (ruleIdList != null) { |
| 216 | newList.addAll(ruleIdList); |
| 217 | } |
| 218 | newList.add(allowingRuleId); |
| 219 | return newList; |
| 220 | }); |
| 221 | } |
| 222 | |
| 223 | @Override |
| 224 | public void removeDenyToAllowMapping(RuleId denyingRuleId) { |
| 225 | denyRuleToAllowRule.remove(denyingRuleId); |
| 226 | } |
| 227 | |
| 228 | @Override |
| 229 | public boolean checkIfRuleWorksInDevice(RuleId ruleId, DeviceId deviceId) { |
| 230 | return ruleToDevice.containsKey(ruleId) && ruleToDevice.get(ruleId).value().contains(deviceId); |
| 231 | } |
| 232 | |
| 233 | @Override |
| 234 | public void addRuleToDeviceMapping(RuleId ruleId, DeviceId deviceId) { |
| 235 | ruleToDevice.computeIf(ruleId, |
| 236 | deviceIdSet -> (deviceIdSet == null || !deviceIdSet.contains(deviceId)), |
| 237 | (id, deviceIdSet) -> { |
Sho SHIMIZU | 6cfc02d | 2015-09-11 11:19:11 -0700 | [diff] [blame] | 238 | Set<DeviceId> newSet = new HashSet<>(); |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 239 | if (deviceIdSet != null) { |
| 240 | newSet.addAll(deviceIdSet); |
| 241 | } |
| 242 | newSet.add(deviceId); |
| 243 | return newSet; |
| 244 | }); |
| 245 | } |
| 246 | |
| 247 | @Override |
| 248 | public void removeRuleToDeviceMapping(RuleId ruleId) { |
| 249 | ruleToDevice.remove(ruleId); |
| 250 | } |
| 251 | |
Sho SHIMIZU | 6cfc02d | 2015-09-11 11:19:11 -0700 | [diff] [blame] | 252 | } |