aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/onos/apps/acl
diff options
context:
space:
mode:
authorAshlee Young <ashlee@onosfw.com>2015-10-19 10:14:31 -0700
committerAshlee Young <ashlee@onosfw.com>2015-10-19 10:14:31 -0700
commite9bb60be43af477f17b30ee1f2ba205565b7fa15 (patch)
tree981fd759a44b751fc45cde774f46fda37c11c257 /framework/src/onos/apps/acl
parent74f3941756a1386cbc1fa99ee73fdc8376a0b6a0 (diff)
Updated onos src tree to commit id 1e60f97ae50c05b94fcb6a10520738bfb5efdfd1
Diffstat (limited to 'framework/src/onos/apps/acl')
-rw-r--r--framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclRule.java302
-rw-r--r--framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclService.java53
-rw-r--r--framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclStore.java132
-rw-r--r--framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclWebResource.java216
-rw-r--r--framework/src/onos/apps/acl/src/main/java/org/onos/acl/RuleId.java85
-rw-r--r--framework/src/onos/apps/acl/src/main/java/org/onos/acl/impl/AclManager.java337
-rw-r--r--framework/src/onos/apps/acl/src/main/java/org/onos/acl/impl/DistributedAclStore.java251
-rw-r--r--framework/src/onos/apps/acl/src/main/java/org/onos/acl/impl/package-info.java20
-rw-r--r--framework/src/onos/apps/acl/src/main/java/org/onos/acl/package-info.java20
-rw-r--r--framework/src/onos/apps/acl/src/main/java/org/onosproject/acl/AclWebResource.java1
-rw-r--r--framework/src/onos/apps/acl/src/test/java/org/onos/acl/web/AclWebResourceTest.java133
-rw-r--r--framework/src/onos/apps/acl/src/test/java/org/onos/acl/web/ResourceTest.java58
-rw-r--r--framework/src/onos/apps/acl/src/test/java/org/onos/acl/web/TestServiceDirectory.java51
13 files changed, 1 insertions, 1658 deletions
diff --git a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclRule.java b/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclRule.java
deleted file mode 100644
index edfa9355..00000000
--- a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclRule.java
+++ /dev/null
@@ -1,302 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
- * Advisers: Keqiu Li, Heng Qi and Haisheng Yu
- * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
- * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.onos.acl;
-
-import com.google.common.base.MoreObjects;
-import org.onlab.packet.IPv4;
-import org.onlab.packet.Ip4Prefix;
-import org.onosproject.core.IdGenerator;
-
-import java.util.Objects;
-
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.base.Preconditions.checkState;
-
-/**
- * ACL rule class.
- */
-public final class AclRule {
-
- private final RuleId id;
-
- private final Ip4Prefix srcIp;
- private final Ip4Prefix dstIp;
- private final byte ipProto;
- private final short dstTpPort;
- private final Action action;
-
- private static IdGenerator idGenerator;
-
- /**
- * Enum type for ACL rule's action.
- */
- public enum Action {
- DENY, ALLOW
- }
-
- /**
- * Constructor for serializer.
- */
- private AclRule() {
- this.id = null;
- this.srcIp = null;
- this.dstIp = null;
- this.ipProto = 0;
- this.dstTpPort = 0;
- this.action = null;
- }
-
- /**
- * Create a new ACL rule.
- *
- * @param srcIp source IP address
- * @param dstIp destination IP address
- * @param ipProto IP protocol
- * @param dstTpPort destination transport layer port
- * @param action ACL rule's action
- */
- private AclRule(Ip4Prefix srcIp,
- Ip4Prefix dstIp,
- byte ipProto,
- short dstTpPort,
- Action action) {
- checkState(idGenerator != null, "Id generator is not bound.");
- this.id = RuleId.valueOf(idGenerator.getNewId());
- this.srcIp = srcIp;
- this.dstIp = dstIp;
- this.ipProto = ipProto;
- this.dstTpPort = dstTpPort;
- this.action = action;
- }
-
- /**
- * Check if the first CIDR address is in (or the same as) the second CIDR address.
- */
- private boolean checkCIDRinCIDR(Ip4Prefix cidrAddr1, Ip4Prefix cidrAddr2) {
- if (cidrAddr2 == null) {
- return true;
- } else if (cidrAddr1 == null) {
- return false;
- }
- if (cidrAddr1.prefixLength() < cidrAddr2.prefixLength()) {
- return false;
- }
- int offset = 32 - cidrAddr2.prefixLength();
-
- int cidr1Prefix = cidrAddr1.address().toInt();
- int cidr2Prefix = cidrAddr2.address().toInt();
- cidr1Prefix = cidr1Prefix >> offset;
- cidr2Prefix = cidr2Prefix >> offset;
- cidr1Prefix = cidr1Prefix << offset;
- cidr2Prefix = cidr2Prefix << offset;
-
- return (cidr1Prefix == cidr2Prefix);
- }
-
- /**
- * Check if this ACL rule match the given ACL rule.
- * @param r ACL rule to check against
- * @return true if this ACL rule matches the given ACL ruleule.
- */
- public boolean checkMatch(AclRule r) {
- return (this.dstTpPort == r.dstTpPort || r.dstTpPort == 0)
- && (this.ipProto == r.ipProto || r.ipProto == 0)
- && (checkCIDRinCIDR(this.srcIp(), r.srcIp()))
- && (checkCIDRinCIDR(this.dstIp(), r.dstIp()));
- }
-
- /**
- * Returns a new ACL rule builder.
- *
- * @return ACL rule builder
- */
- public static Builder builder() {
- return new Builder();
- }
-
- /**
- * Builder of an ACL rule.
- */
- public static final class Builder {
-
- private Ip4Prefix srcIp = null;
- private Ip4Prefix dstIp = null;
- private byte ipProto = 0;
- private short dstTpPort = 0;
- private Action action = Action.DENY;
-
- private Builder() {
- // Hide constructor
- }
-
- /**
- * Sets the source IP address for the ACL rule that will be built.
- *
- * @param srcIp source IP address to use for built ACL rule
- * @return this builder
- */
- public Builder srcIp(String srcIp) {
- this.srcIp = Ip4Prefix.valueOf(srcIp);
- return this;
- }
-
- /**
- * Sets the destination IP address for the ACL rule that will be built.
- *
- * @param dstIp destination IP address to use for built ACL rule
- * @return this builder
- */
- public Builder dstIp(String dstIp) {
- this.dstIp = Ip4Prefix.valueOf(dstIp);
- return this;
- }
-
- /**
- * Sets the IP protocol for the ACL rule that will be built.
- *
- * @param ipProto IP protocol to use for built ACL rule
- * @return this builder
- */
- public Builder ipProto(byte ipProto) {
- this.ipProto = ipProto;
- return this;
- }
-
- /**
- * Sets the destination transport layer port for the ACL rule that will be built.
- *
- * @param dstTpPort destination transport layer port to use for built ACL rule
- * @return this builder
- */
- public Builder dstTpPort(short dstTpPort) {
- if ((ipProto == IPv4.PROTOCOL_TCP || ipProto == IPv4.PROTOCOL_UDP)) {
- this.dstTpPort = dstTpPort;
- }
- return this;
- }
-
- /**
- * Sets the action for the ACL rule that will be built.
- *
- * @param action action to use for built ACL rule
- * @return this builder
- */
- public Builder action(Action action) {
- this.action = action;
- return this;
- }
-
- /**
- * Builds an ACL rule from the accumulated parameters.
- * @return ACL rule instance
- */
- public AclRule build() {
- checkState(srcIp != null && dstIp != null, "Either srcIp or dstIp must be assigned.");
- checkState(ipProto == 0 || ipProto == IPv4.PROTOCOL_ICMP
- || ipProto == IPv4.PROTOCOL_TCP || ipProto == IPv4.PROTOCOL_UDP,
- "ipProto must be assigned to TCP, UDP, or ICMP.");
- return new AclRule(
- srcIp,
- dstIp,
- ipProto,
- dstTpPort,
- action
- );
- }
-
- }
-
- /**
- * Binds an id generator for unique ACL rule id generation.
- *
- * Note: A generator cannot be bound if there is already a generator bound.
- *
- * @param newIdGenerator id generator
- */
- public static void bindIdGenerator(IdGenerator newIdGenerator) {
- checkState(idGenerator == null, "Id generator is already bound.");
- idGenerator = checkNotNull(newIdGenerator);
- }
-
- public RuleId id() {
- return id;
- }
-
- public Ip4Prefix srcIp() {
- return srcIp;
- }
-
- public Ip4Prefix dstIp() {
- return this.dstIp;
- }
-
- public byte ipProto() {
- return ipProto;
- }
-
- public short dstTpPort() {
- return dstTpPort;
- }
-
- public Action action() {
- return action;
- }
-
- @Override
- public int hashCode() {
- return Objects.hash(action,
- id.fingerprint(),
- ipProto,
- srcIp,
- dstIp,
- dstTpPort);
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (obj instanceof AclRule) {
- AclRule that = (AclRule) obj;
- return Objects.equals(id, that.id) &&
- Objects.equals(srcIp, that.srcIp) &&
- Objects.equals(dstIp, that.dstIp) &&
- Objects.equals(ipProto, that.ipProto) &&
- Objects.equals(dstTpPort, that.dstTpPort) &&
- Objects.equals(action, that.action);
- }
- return false;
- }
-
- @Override
- public String toString() {
- return MoreObjects.toStringHelper(this)
- .omitNullValues()
- .add("id", id)
- .add("srcIp", srcIp)
- .add("dstIp", dstIp)
- .add("ipProto", ipProto)
- .add("dstTpPort", dstTpPort)
- .add("action", action)
- .toString();
- }
-
-}
diff --git a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclService.java b/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclService.java
deleted file mode 100644
index afa561e4..00000000
--- a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclService.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
- * Advisers: Keqiu Li, Heng Qi and Haisheng Yu
- * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
- * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.onos.acl;
-
-import java.util.List;
-
-/**
- * Service interface exported by ACL application.
- */
-public interface AclService {
-
- /**
- * Gets a list containing all ACL rules.
- * @return a list containing all ACL rules
- */
- List<AclRule> getAclRules();
-
- /**
- * Adds a new ACL rule.
- * @param rule ACL rule
- * @return true if successfully added, otherwise false
- */
- boolean addAclRule(AclRule rule);
-
- /**
- * Removes an exsiting ACL rule by rule id.
- * @param ruleId ACL rule identifier
- */
- void removeAclRule(RuleId ruleId);
-
- /**
- * Clears ACL and resets all.
- */
- void clearAcl();
-
-} \ No newline at end of file
diff --git a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclStore.java b/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclStore.java
deleted file mode 100644
index 88e49a73..00000000
--- a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclStore.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
- * Advisers: Keqiu Li, Heng Qi and Haisheng Yu
- * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
- * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.onos.acl;
-
-import org.onosproject.net.DeviceId;
-import org.onosproject.net.flow.FlowRule;
-import org.onosproject.store.Store;
-
-import java.util.List;
-import java.util.Set;
-
-/**
- * Service interface exported by ACL distributed store.
- */
-public interface AclStore extends Store {
-
- /**
- * Gets a list containing all ACL rules.
- * @return a list containing all ACL rules
- */
- List<AclRule> getAclRules();
-
- /**
- * Adds a new ACL rule.
- * @param rule new ACL rule
- */
- void addAclRule(AclRule rule);
-
- /**
- * Gets an existing ACL rule.
- * @param ruleId ACL rule id
- * @return ACL rule with the given id
- */
- AclRule getAclRule(RuleId ruleId);
-
- /**
- * Removes an existing ACL rule by rule id.
- * @param ruleId ACL rule id
- */
- void removeAclRule(RuleId ruleId);
-
- /**
- * Clears ACL and reset all.
- */
- void clearAcl();
-
- /**
- * Gets the current priority for new ACL flow rule by device id.
- * @param deviceId device id
- * @return new ACL flow rule's priority in the given device
- */
- int getPriorityByDevice(DeviceId deviceId);
-
- /**
- * Gets a set containing all ACL flow rules belonging to a given ACL rule.
- * @param ruleId ACL rule id
- * @return a set containing all ACL flow rules belonging to the given ACL rule
- */
- Set<FlowRule> getFlowByRule(RuleId ruleId);
-
- /**
- * Adds a new mapping from ACL rule to ACL flow rule.
- * @param ruleId ACL rule id
- * @param flowRule ACL flow rule
- */
- void addRuleToFlowMapping(RuleId ruleId, FlowRule flowRule);
-
- /**
- * Removes an existing mapping from ACL rule to ACL flow rule.
- * @param ruleId ACL rule id
- */
- void removeRuleToFlowMapping(RuleId ruleId);
-
- /**
- * Gets a list containing all allowing ACL rules matching a given denying ACL rule.
- * @param denyingRuleId denying ACL rule id
- * @return a list containing all allowing ACL rules matching the given denying ACL rule
- */
- List<RuleId> getAllowingRuleByDenyingRule(RuleId denyingRuleId);
-
- /**
- * Adds a new mapping from denying ACL rule to allowing ACL rule.
- * @param denyingRuleId denying ACL rule id
- * @param allowingRuleId allowing ACL rule id
- */
- void addDenyToAllowMapping(RuleId denyingRuleId, RuleId allowingRuleId);
-
- /**
- * Removes an exsiting mapping from denying ACL rule to allowing ACL rule.
- * @param denyingRuleId denying ACL rule id
- */
- void removeDenyToAllowMapping(RuleId denyingRuleId);
-
- /**
- * Checks if an existing ACL rule already works in a given device.
- * @param ruleId ACL rule id
- * @param deviceId devide id
- * @return true if the given ACL rule works in the given device
- */
- boolean checkIfRuleWorksInDevice(RuleId ruleId, DeviceId deviceId);
-
- /**
- * Adds a new mapping from ACL rule to device.
- * @param ruleId ACL rule id
- * @param deviceId device id
- */
- void addRuleToDeviceMapping(RuleId ruleId, DeviceId deviceId);
-
- /**
- * Removes an existing mapping from ACL rule to device.
- * @param ruleId ACL rule id
- */
- void removeRuleToDeviceMapping(RuleId ruleId);
-
-}
diff --git a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclWebResource.java b/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclWebResource.java
deleted file mode 100644
index 3f4dc769..00000000
--- a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/AclWebResource.java
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
- * Advisers: Keqiu Li, Heng Qi and Haisheng Yu
- * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
- * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.onos.acl;
-
-import com.fasterxml.jackson.core.JsonParser;
-import com.fasterxml.jackson.core.JsonToken;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.node.ArrayNode;
-import com.fasterxml.jackson.databind.node.ObjectNode;
-import org.onlab.packet.IPv4;
-import org.onosproject.rest.AbstractWebResource;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.List;
-
-// FIXME: This does now follow REST-full principles and should be refactored.
-/**
- * Manage ACL rules.
- */
-@Path("")
-public class AclWebResource extends AbstractWebResource {
-
- private final Logger log = LoggerFactory.getLogger(getClass());
-
- /**
- * Processes user's GET HTTP request for querying ACL rules.
- * @return response to the request
- */
- @GET
- public Response queryAclRule() {
- List<AclRule> rules = get(AclService.class).getAclRules();
- ObjectMapper mapper = new ObjectMapper();
- ObjectNode root = mapper.createObjectNode();
- ArrayNode arrayNode = mapper.createArrayNode();
- for (AclRule rule : rules) {
- ObjectNode node = mapper.createObjectNode();
- node.put("id", rule.id().toString());
- if (rule.srcIp() != null) {
- node.put("srcIp", rule.srcIp().toString());
- }
- if (rule.dstIp() != null) {
- node.put("dstIp", rule.dstIp().toString());
- }
- if (rule.ipProto() != 0) {
- switch (rule.ipProto()) {
- case IPv4.PROTOCOL_ICMP:
- node.put("ipProto", "ICMP");
- break;
- case IPv4.PROTOCOL_TCP:
- node.put("ipProto", "TCP");
- break;
- case IPv4.PROTOCOL_UDP:
- node.put("ipProto", "UDP");
- break;
- default:
- break;
- }
- }
- if (rule.dstTpPort() != 0) {
- node.put("dstTpPort", rule.dstTpPort());
- }
- node.put("action", rule.action().toString());
- arrayNode.add(node);
- }
- root.set("ACL rules", arrayNode);
- return Response.ok(root.toString(), MediaType.APPLICATION_JSON_TYPE).build();
- }
-
- /**
- * Processes user's POST HTTP request for add ACL rules.
- * @param stream input stream
- * @return response to the request
- */
- @POST
- @Path("add")
- public Response addAclRule(InputStream stream) {
- AclRule newRule;
- try {
- newRule = jsonToRule(stream);
- } catch (Exception e) {
- return Response.ok("{\"status\" : \"Failed! " + e.getMessage() + "\"}").build();
- }
-
- String status;
- if (get(AclService.class).addAclRule(newRule)) {
- status = "Success! New ACL rule is added.";
- } else {
- status = "Failed! New ACL rule matches an existing rule.";
- }
- return Response.ok("{\"status\" : \"" + status + "\"}").build();
- }
-
- /**
- * Processes user's GET HTTP request for removing ACL rule.
- * @param id ACL rule id (in hex string format)
- * @return response to the request
- */
- @GET
- @Path("remove/{id}")
- public Response removeAclRule(@PathParam("id") String id) {
- String status;
- RuleId ruleId = new RuleId(Long.parseLong(id.substring(2), 16));
- if (get(AclStore.class).getAclRule(ruleId) == null) {
- status = "Failed! There is no ACL rule with this id.";
- } else {
- get(AclService.class).removeAclRule(ruleId);
- status = "Success! ACL rule(id:" + id + ") is removed.";
- }
- return Response.ok("{\"status\" : \"" + status + "\"}").build();
- }
-
- /**
- * Processes user's GET HTTP request for clearing ACL.
- * @return response to the request
- */
- @GET
- @Path("clear")
- public Response clearACL() {
- get(AclService.class).clearAcl();
- return Response.ok("{\"status\" : \"ACL is cleared.\"}").build();
- }
-
- /**
- * Exception class for parsing a invalid ACL rule.
- */
- private class AclRuleParseException extends Exception {
- public AclRuleParseException(String message) {
- super(message);
- }
- }
-
- /**
- * Turns a JSON string into an ACL rule instance.
- */
- private AclRule jsonToRule(InputStream stream) throws AclRuleParseException, IOException {
- ObjectMapper mapper = new ObjectMapper();
- JsonNode jsonNode = mapper.readTree(stream);
- JsonParser jp = jsonNode.traverse();
- AclRule.Builder rule = AclRule.builder();
- jp.nextToken();
- if (jp.getCurrentToken() != JsonToken.START_OBJECT) {
- throw new AclRuleParseException("Expected START_OBJECT");
- }
-
- while (jp.nextToken() != JsonToken.END_OBJECT) {
- if (jp.getCurrentToken() != JsonToken.FIELD_NAME) {
- throw new AclRuleParseException("Expected FIELD_NAME");
- }
-
- String key = jp.getCurrentName();
- jp.nextToken();
- String value = jp.getText();
- if ("".equals(value)) {
- continue;
- }
-
- if ("srcIp".equals(key)) {
- rule.srcIp(value);
- } else if ("dstIp".equals(key)) {
- rule.dstIp(value);
- } else if ("ipProto".equals(key)) {
- if ("TCP".equalsIgnoreCase(value)) {
- rule.ipProto(IPv4.PROTOCOL_TCP);
- } else if ("UDP".equalsIgnoreCase(value)) {
- rule.ipProto(IPv4.PROTOCOL_UDP);
- } else if ("ICMP".equalsIgnoreCase(value)) {
- rule.ipProto(IPv4.PROTOCOL_ICMP);
- } else {
- throw new AclRuleParseException("ipProto must be assigned to TCP, UDP, or ICMP.");
- }
- } else if ("dstTpPort".equals(key)) {
- try {
- rule.dstTpPort(Short.parseShort(value));
- } catch (NumberFormatException e) {
- throw new AclRuleParseException("dstTpPort must be assigned to a numerical value.");
- }
- } else if ("action".equals(key)) {
- if (!"allow".equalsIgnoreCase(value) && !"deny".equalsIgnoreCase(value)) {
- throw new AclRuleParseException("action must be assigned to ALLOW or DENY.");
- }
- if ("allow".equalsIgnoreCase(value)) {
- rule.action(AclRule.Action.ALLOW);
- }
- }
- }
- return rule.build();
- }
-
-} \ No newline at end of file
diff --git a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/RuleId.java b/framework/src/onos/apps/acl/src/main/java/org/onos/acl/RuleId.java
deleted file mode 100644
index 754a6435..00000000
--- a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/RuleId.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
- * Advisers: Keqiu Li and Heng Qi
- * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
- * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.onos.acl;
-
-/**
- * ACL rule identifier suitable as an external key.
- * <p>This class is immutable.</p>
- */
-public final class RuleId {
- private final long value;
-
- /**
- * Creates an ACL rule identifier from the specified long value.
- *
- * @param value long value
- * @return ACL rule identifier
- */
- public static RuleId valueOf(long value) {
- return new RuleId(value);
- }
-
- /**
- * Constructor for serializer.
- */
- RuleId() {
- this.value = 0;
- }
-
- /**
- * Constructs the ID corresponding to a given long value.
- *
- * @param value the underlying value of this ID
- */
- RuleId(long value) {
- this.value = value;
- }
-
- /**
- * Returns the backing value.
- *
- * @return the value
- */
- public long fingerprint() {
- return value;
- }
-
- @Override
- public int hashCode() {
- return Long.hashCode(value);
- }
-
- @Override
- public boolean equals(Object obj) {
- if (obj == this) {
- return true;
- }
- if (!(obj instanceof RuleId)) {
- return false;
- }
- RuleId that = (RuleId) obj;
- return this.value == that.value;
- }
-
- @Override
- public String toString() {
- return "0x" + Long.toHexString(value);
- }
-}
diff --git a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/impl/AclManager.java b/framework/src/onos/apps/acl/src/main/java/org/onos/acl/impl/AclManager.java
deleted file mode 100644
index 0ffd4bcd..00000000
--- a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/impl/AclManager.java
+++ /dev/null
@@ -1,337 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
- * Advisers: Keqiu Li, Heng Qi and Haisheng Yu
- * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
- * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.onos.acl.impl;
-
-import org.onlab.packet.Ethernet;
-import org.onlab.packet.IPv4;
-import org.onlab.packet.Ip4Address;
-import org.onlab.packet.Ip4Prefix;
-import org.onlab.packet.IpAddress;
-import org.onlab.packet.TpPort;
-import org.onos.acl.AclRule;
-import org.onos.acl.AclService;
-import org.onos.acl.AclStore;
-import org.apache.felix.scr.annotations.Activate;
-import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Deactivate;
-import org.apache.felix.scr.annotations.Reference;
-import org.apache.felix.scr.annotations.ReferenceCardinality;
-import org.apache.felix.scr.annotations.Service;
-import org.onos.acl.RuleId;
-import org.onosproject.core.ApplicationId;
-import org.onosproject.core.CoreService;
-import org.onosproject.core.IdGenerator;
-import org.onosproject.mastership.MastershipService;
-import org.onosproject.net.DeviceId;
-import org.onosproject.net.Host;
-import org.onosproject.net.MastershipRole;
-import org.onosproject.net.PortNumber;
-import org.onosproject.net.flow.DefaultFlowEntry;
-import org.onosproject.net.flow.DefaultTrafficSelector;
-import org.onosproject.net.flow.DefaultTrafficTreatment;
-import org.onosproject.net.flow.FlowEntry;
-import org.onosproject.net.flow.FlowRule;
-import org.onosproject.net.flow.FlowRuleService;
-import org.onosproject.net.flow.TrafficSelector;
-import org.onosproject.net.flow.TrafficTreatment;
-import org.onosproject.net.flow.instructions.Instructions;
-import org.onosproject.net.host.HostEvent;
-import org.onosproject.net.host.HostListener;
-import org.onosproject.net.host.HostService;
-import org.slf4j.Logger;
-
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import static org.slf4j.LoggerFactory.getLogger;
-
-/**
- * Implementation of the ACL service.
- */
-@Component(immediate = true)
-@Service
-public class AclManager implements AclService {
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected CoreService coreService;
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected FlowRuleService flowRuleService;
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected HostService hostService;
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected MastershipService mastershipService;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected AclStore aclStore;
-
- private final Logger log = getLogger(getClass());
- private ApplicationId appId;
- private final HostListener hostListener = new InternalHostListener();
- private IdGenerator idGenerator;
-
- /**
- * Checks if the given IP address is in the given CIDR address.
- */
- private boolean checkIpInCIDR(Ip4Address ip, Ip4Prefix cidr) {
- int offset = 32 - cidr.prefixLength();
- int cidrPrefix = cidr.address().toInt();
- int ipIntValue = ip.toInt();
- cidrPrefix = cidrPrefix >> offset;
- ipIntValue = ipIntValue >> offset;
- cidrPrefix = cidrPrefix << offset;
- ipIntValue = ipIntValue << offset;
-
- return (cidrPrefix == ipIntValue);
- }
-
- private class InternalHostListener implements HostListener {
-
- /**
- * Generate new ACL flow rules for new host following the given ACL rule.
- */
- private void processHostAddedEvent(HostEvent event, AclRule rule) {
- DeviceId deviceId = event.subject().location().deviceId();
- for (IpAddress address : event.subject().ipAddresses()) {
- if ((rule.srcIp() != null) ?
- (checkIpInCIDR(address.getIp4Address(), rule.srcIp())) :
- (checkIpInCIDR(address.getIp4Address(), rule.dstIp()))) {
- if (!aclStore.checkIfRuleWorksInDevice(rule.id(), deviceId)) {
- List<RuleId> allowingRuleList = aclStore
- .getAllowingRuleByDenyingRule(rule.id());
- if (allowingRuleList != null) {
- for (RuleId allowingRuleId : allowingRuleList) {
- generateACLFlow(aclStore.getAclRule(allowingRuleId), deviceId);
- }
- }
- generateACLFlow(rule, deviceId);
- }
- }
- }
- }
-
- @Override
- public void event(HostEvent event) {
- // if a new host appears and an existing rule denies
- // its traffic, a new ACL flow rule is generated.
- if (event.type() == HostEvent.Type.HOST_ADDED) {
- DeviceId deviceId = event.subject().location().deviceId();
- if (mastershipService.getLocalRole(deviceId) == MastershipRole.MASTER) {
- for (AclRule rule : aclStore.getAclRules()) {
- if (rule.action() != AclRule.Action.ALLOW) {
- processHostAddedEvent(event, rule);
- }
- }
- }
- }
- }
- }
-
- @Activate
- public void activate() {
- appId = coreService.registerApplication("org.onos.acl");
- hostService.addListener(hostListener);
- idGenerator = coreService.getIdGenerator("acl-ids");
- AclRule.bindIdGenerator(idGenerator);
- log.info("Started");
- }
-
- @Deactivate
- public void deactivate() {
- hostService.removeListener(hostListener);
- flowRuleService.removeFlowRulesById(appId);
- aclStore.clearAcl();
- log.info("Stopped");
- }
-
- @Override
- public List<AclRule> getAclRules() {
- return aclStore.getAclRules();
- }
-
- /**
- * Checks if the new ACL rule matches an existing rule.
- * If existing allowing rules matches the new denying rule, store the mappings.
- * @return true if the new ACL rule matches an existing rule, false otherwise
- */
- private boolean matchCheck(AclRule newRule) {
- for (AclRule existingRule : aclStore.getAclRules()) {
- if (newRule.checkMatch(existingRule)) {
- return true;
- }
-
- if (existingRule.action() == AclRule.Action.ALLOW
- && newRule.action() == AclRule.Action.DENY) {
- if (existingRule.checkMatch(newRule)) {
- aclStore.addDenyToAllowMapping(newRule.id(), existingRule.id());
- }
- }
- }
- return false;
- }
-
- @Override
- public boolean addAclRule(AclRule rule) {
- if (matchCheck(rule)) {
- return false;
- }
- aclStore.addAclRule(rule);
- log.info("ACL rule(id:{}) is added.", rule.id());
- if (rule.action() != AclRule.Action.ALLOW) {
- enforceRuleAdding(rule);
- }
- return true;
- }
-
- /**
- * Gets a set containing all devices connecting with the hosts
- * whose IP address is in the given CIDR IP address.
- */
- private Set<DeviceId> getDeviceIdSet(Ip4Prefix cidrAddr) {
- Set<DeviceId> deviceIdSet = new HashSet<>();
- final Iterable<Host> hosts = hostService.getHosts();
-
- if (cidrAddr.prefixLength() != 32) {
- for (Host h : hosts) {
- for (IpAddress a : h.ipAddresses()) {
- if (checkIpInCIDR(a.getIp4Address(), cidrAddr)) {
- deviceIdSet.add(h.location().deviceId());
- }
- }
- }
- } else {
- for (Host h : hosts) {
- for (IpAddress a : h.ipAddresses()) {
- if (checkIpInCIDR(a.getIp4Address(), cidrAddr)) {
- deviceIdSet.add(h.location().deviceId());
- return deviceIdSet;
- }
- }
- }
- }
- return deviceIdSet;
- }
-
- /**
- * Enforces denying ACL rule by ACL flow rules.
- */
- private void enforceRuleAdding(AclRule rule) {
- Set<DeviceId> dpidSet;
- if (rule.srcIp() != null) {
- dpidSet = getDeviceIdSet(rule.srcIp());
- } else {
- dpidSet = getDeviceIdSet(rule.dstIp());
- }
-
- for (DeviceId deviceId : dpidSet) {
- List<RuleId> allowingRuleList = aclStore.getAllowingRuleByDenyingRule(rule.id());
- if (allowingRuleList != null) {
- for (RuleId allowingRuleId : allowingRuleList) {
- generateACLFlow(aclStore.getAclRule(allowingRuleId), deviceId);
- }
- }
- generateACLFlow(rule, deviceId);
- }
- }
-
- /**
- * Generates ACL flow rule according to ACL rule
- * and install it into related device.
- */
- private void generateACLFlow(AclRule rule, DeviceId deviceId) {
- if (rule == null || aclStore.checkIfRuleWorksInDevice(rule.id(), deviceId)) {
- return;
- }
-
- TrafficSelector.Builder selectorBuilder = DefaultTrafficSelector.builder();
- TrafficTreatment.Builder treatment = DefaultTrafficTreatment.builder();
- FlowEntry.Builder flowEntry = DefaultFlowEntry.builder();
-
- selectorBuilder.matchEthType(Ethernet.TYPE_IPV4);
- if (rule.srcIp() != null) {
- selectorBuilder.matchIPSrc(rule.srcIp());
- if (rule.dstIp() != null) {
- selectorBuilder.matchIPDst(rule.dstIp());
- }
- } else {
- selectorBuilder.matchIPDst(rule.dstIp());
- }
- if (rule.ipProto() != 0) {
- selectorBuilder.matchIPProtocol(Integer.valueOf(rule.ipProto()).byteValue());
- }
- if (rule.dstTpPort() != 0) {
- switch (rule.ipProto()) {
- case IPv4.PROTOCOL_TCP:
- selectorBuilder.matchTcpDst(TpPort.tpPort(rule.dstTpPort()));
- break;
- case IPv4.PROTOCOL_UDP:
- selectorBuilder.matchUdpDst(TpPort.tpPort(rule.dstTpPort()));
- break;
- default:
- break;
- }
- }
- if (rule.action() == AclRule.Action.ALLOW) {
- treatment.add(Instructions.createOutput(PortNumber.CONTROLLER));
- }
- flowEntry.forDevice(deviceId);
- flowEntry.withPriority(aclStore.getPriorityByDevice(deviceId));
- flowEntry.withSelector(selectorBuilder.build());
- flowEntry.withTreatment(treatment.build());
- flowEntry.fromApp(appId);
- flowEntry.makePermanent();
- // install flow rule
- flowRuleService.applyFlowRules(flowEntry.build());
- log.debug("ACL flow rule {} is installed in {}.", flowEntry.build(), deviceId);
- aclStore.addRuleToFlowMapping(rule.id(), flowEntry.build());
- aclStore.addRuleToDeviceMapping(rule.id(), deviceId);
- }
-
- @Override
- public void removeAclRule(RuleId ruleId) {
- aclStore.removeAclRule(ruleId);
- log.info("ACL rule(id:{}) is removed.", ruleId);
- enforceRuleRemoving(ruleId);
- }
-
- /**
- * Enforces removing an existing ACL rule.
- */
- private void enforceRuleRemoving(RuleId ruleId) {
- Set<FlowRule> flowSet = aclStore.getFlowByRule(ruleId);
- if (flowSet != null) {
- for (FlowRule flowRule : flowSet) {
- flowRuleService.removeFlowRules(flowRule);
- log.debug("ACL flow rule {} is removed from {}.", flowRule.toString(), flowRule.deviceId().toString());
- }
- }
- aclStore.removeRuleToFlowMapping(ruleId);
- aclStore.removeRuleToDeviceMapping(ruleId);
- aclStore.removeDenyToAllowMapping(ruleId);
- }
-
- @Override
- public void clearAcl() {
- aclStore.clearAcl();
- flowRuleService.removeFlowRulesById(appId);
- log.info("ACL is cleared.");
- }
-
-}
diff --git a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/impl/DistributedAclStore.java b/framework/src/onos/apps/acl/src/main/java/org/onos/acl/impl/DistributedAclStore.java
deleted file mode 100644
index 5c8a93cb..00000000
--- a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/impl/DistributedAclStore.java
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
- * Advisers: Keqiu Li, Heng Qi and Haisheng Yu
- * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
- * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.onos.acl.impl;
-
-import com.google.common.collect.Collections2;
-import org.onos.acl.AclRule;
-import org.onos.acl.AclStore;
-import org.apache.felix.scr.annotations.Activate;
-import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Deactivate;
-import org.apache.felix.scr.annotations.Reference;
-import org.apache.felix.scr.annotations.ReferenceCardinality;
-import org.apache.felix.scr.annotations.Service;
-import org.onlab.util.KryoNamespace;
-import org.onos.acl.RuleId;
-import org.onosproject.core.ApplicationId;
-import org.onosproject.core.CoreService;
-import org.onosproject.net.DeviceId;
-import org.onosproject.net.flow.FlowRule;
-import org.onosproject.store.AbstractStore;
-import org.onosproject.store.serializers.KryoNamespaces;
-import org.onosproject.store.service.ConsistentMap;
-import org.onosproject.store.service.Serializer;
-import org.onosproject.store.service.StorageService;
-import org.onosproject.store.service.Versioned;
-import org.slf4j.Logger;
-
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import static org.slf4j.LoggerFactory.getLogger;
-
-/**
- * Implementation of the ACL store service.
- */
-@Component(immediate = true)
-@Service
-public class DistributedAclStore extends AbstractStore implements AclStore {
-
- private final Logger log = getLogger(getClass());
- private final int defaultFlowMaxPriority = 30000;
-
- private ConsistentMap<RuleId, AclRule> ruleSet;
- private ConsistentMap<DeviceId, Integer> deviceToPriority;
- private ConsistentMap<RuleId, Set<DeviceId>> ruleToDevice;
- private ConsistentMap<RuleId, Set<FlowRule>> ruleToFlow;
- private ConsistentMap<RuleId, List<RuleId>> denyRuleToAllowRule;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected StorageService storageService;
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected CoreService coreService;
-
- @Activate
- public void activate() {
- ApplicationId appId = coreService.getAppId("org.onosproject.acl");
-
- KryoNamespace.Builder serializer = KryoNamespace.newBuilder()
- .register(KryoNamespaces.API)
- .register(AclRule.class)
- .register(AclRule.Action.class)
- .register(RuleId.class);
-
- ruleSet = storageService.<RuleId, AclRule>consistentMapBuilder()
- .withSerializer(Serializer.using(serializer.build()))
- .withName("acl-rule-set")
- .withApplicationId(appId)
- .withPurgeOnUninstall()
- .build();
-
- deviceToPriority = storageService.<DeviceId, Integer>consistentMapBuilder()
- .withSerializer(Serializer.using(serializer.build()))
- .withName("device-to-priority")
- .withApplicationId(appId)
- .withPurgeOnUninstall()
- .build();
-
- ruleToFlow = storageService.<RuleId, Set<FlowRule>>consistentMapBuilder()
- .withSerializer(Serializer.using(serializer.build()))
- .withName("rule-to-flow")
- .withApplicationId(appId)
- .withPurgeOnUninstall()
- .build();
-
- denyRuleToAllowRule = storageService.<RuleId, List<RuleId>>consistentMapBuilder()
- .withSerializer(Serializer.using(serializer.build()))
- .withName("deny-to-allow")
- .withApplicationId(appId)
- .withPurgeOnUninstall()
- .build();
-
- ruleToDevice = storageService.<RuleId, Set<DeviceId>>consistentMapBuilder()
- .withSerializer(Serializer.using(serializer.build()))
- .withName("rule-to-device")
- .withApplicationId(appId)
- .withPurgeOnUninstall()
- .build();
-
- log.info("Started");
- }
-
- @Deactivate
- public void deactive() {
- log.info("Stopped");
- }
-
- @Override
- public List<AclRule> getAclRules() {
- List<AclRule> aclRules = new ArrayList<>();
- aclRules.addAll(Collections2.transform(ruleSet.values(), Versioned::value));
- return aclRules;
- }
-
- @Override
- public void addAclRule(AclRule rule) {
- ruleSet.putIfAbsent(rule.id(), rule);
- }
-
- @Override
- public AclRule getAclRule(RuleId ruleId) {
- Versioned<AclRule> rule = ruleSet.get(ruleId);
- if (rule != null) {
- return rule.value();
- } else {
- return null;
- }
- }
-
- @Override
- public void removeAclRule(RuleId ruleId) {
- ruleSet.remove(ruleId);
- }
-
- @Override
- public void clearAcl() {
- ruleSet.clear();
- deviceToPriority.clear();
- ruleToFlow.clear();
- denyRuleToAllowRule.clear();
- ruleToDevice.clear();
- }
-
- @Override
- public int getPriorityByDevice(DeviceId deviceId) {
- return deviceToPriority.compute(deviceId,
- (id, priority) -> (priority == null) ? defaultFlowMaxPriority : (priority - 1))
- .value();
- }
-
- @Override
- public Set<FlowRule> getFlowByRule(RuleId ruleId) {
- Versioned<Set<FlowRule>> flowRuleSet = ruleToFlow.get(ruleId);
- if (flowRuleSet != null) {
- return flowRuleSet.value();
- } else {
- return null;
- }
- }
-
- @Override
- public void addRuleToFlowMapping(RuleId ruleId, FlowRule flowRule) {
- ruleToFlow.computeIf(ruleId,
- flowRuleSet -> (flowRuleSet == null || !flowRuleSet.contains(flowRule)),
- (id, flowRuleSet) -> {
- Set<FlowRule> newSet = new HashSet<>();
- if (flowRuleSet != null) {
- newSet.addAll(flowRuleSet);
- }
- newSet.add(flowRule);
- return newSet;
- });
- }
-
- @Override
- public void removeRuleToFlowMapping(RuleId ruleId) {
- ruleToFlow.remove(ruleId);
- }
-
- @Override
- public List<RuleId> getAllowingRuleByDenyingRule(RuleId denyingRuleId) {
- Versioned<List<RuleId>> allowRuleIdSet = denyRuleToAllowRule.get(denyingRuleId);
- if (allowRuleIdSet != null) {
- return allowRuleIdSet.value();
- } else {
- return null;
- }
- }
-
- @Override
- public void addDenyToAllowMapping(RuleId denyingRuleId, RuleId allowingRuleId) {
- denyRuleToAllowRule.computeIf(denyingRuleId,
- ruleIdList -> (ruleIdList == null || !ruleIdList.contains(allowingRuleId)),
- (id, ruleIdList) -> {
- ArrayList<RuleId> newList = new ArrayList<>();
- if (ruleIdList != null) {
- newList.addAll(ruleIdList);
- }
- newList.add(allowingRuleId);
- return newList;
- });
- }
-
- @Override
- public void removeDenyToAllowMapping(RuleId denyingRuleId) {
- denyRuleToAllowRule.remove(denyingRuleId);
- }
-
- @Override
- public boolean checkIfRuleWorksInDevice(RuleId ruleId, DeviceId deviceId) {
- return ruleToDevice.containsKey(ruleId) && ruleToDevice.get(ruleId).value().contains(deviceId);
- }
-
- @Override
- public void addRuleToDeviceMapping(RuleId ruleId, DeviceId deviceId) {
- ruleToDevice.computeIf(ruleId,
- deviceIdSet -> (deviceIdSet == null || !deviceIdSet.contains(deviceId)),
- (id, deviceIdSet) -> {
- Set<DeviceId> newSet = new HashSet<>();
- if (deviceIdSet != null) {
- newSet.addAll(deviceIdSet);
- }
- newSet.add(deviceId);
- return newSet;
- });
- }
-
- @Override
- public void removeRuleToDeviceMapping(RuleId ruleId) {
- ruleToDevice.remove(ruleId);
- }
-
-}
diff --git a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/impl/package-info.java b/framework/src/onos/apps/acl/src/main/java/org/onos/acl/impl/package-info.java
deleted file mode 100644
index e9aa1448..00000000
--- a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/impl/package-info.java
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * ACL application implementation.
- */
-package org.onos.acl.impl;
diff --git a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/package-info.java b/framework/src/onos/apps/acl/src/main/java/org/onos/acl/package-info.java
deleted file mode 100644
index fa4131ee..00000000
--- a/framework/src/onos/apps/acl/src/main/java/org/onos/acl/package-info.java
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * ACL application.
- */
-package org.onos.acl;
diff --git a/framework/src/onos/apps/acl/src/main/java/org/onosproject/acl/AclWebResource.java b/framework/src/onos/apps/acl/src/main/java/org/onosproject/acl/AclWebResource.java
index e792efba..9ec4c883 100644
--- a/framework/src/onos/apps/acl/src/main/java/org/onosproject/acl/AclWebResource.java
+++ b/framework/src/onos/apps/acl/src/main/java/org/onosproject/acl/AclWebResource.java
@@ -98,6 +98,7 @@ public class AclWebResource extends AbstractWebResource {
*
* @param stream JSON data describing the rule
* @return 200 OK
+ * @throws URISyntaxException uri syntax exception
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
diff --git a/framework/src/onos/apps/acl/src/test/java/org/onos/acl/web/AclWebResourceTest.java b/framework/src/onos/apps/acl/src/test/java/org/onos/acl/web/AclWebResourceTest.java
deleted file mode 100644
index bb7d8051..00000000
--- a/framework/src/onos/apps/acl/src/test/java/org/onos/acl/web/AclWebResourceTest.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
- * Advisers: Keqiu Li and Heng Qi
- * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
- * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onos.acl.web;
-
-import com.sun.jersey.api.client.WebResource;
-import org.onos.acl.AclService;
-import org.onos.acl.AclStore;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.onlab.osgi.ServiceDirectory;
-import org.onlab.rest.BaseResource;
-import org.onos.acl.AclRule;
-import org.onosproject.core.IdGenerator;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.concurrent.atomic.AtomicLong;
-
-import static org.easymock.EasyMock.*;
-import static org.hamcrest.Matchers.containsString;
-import static org.junit.Assert.assertThat;
-
-/**
- * Test class for ACL application REST resource.
- */
-public class AclWebResourceTest extends ResourceTest {
-
- final AclService mockAclService = createMock(AclService.class);
- final AclStore mockAclStore = createMock(AclStore.class);
- final List<AclRule> rules = new ArrayList<>();
-
- @Before
- public void setUp() {
- expect(mockAclService.getAclRules()).andReturn(rules).anyTimes();
- ServiceDirectory testDirectory = new TestServiceDirectory().add(AclService.class, mockAclService)
- .add(AclStore.class, mockAclStore);
- BaseResource.setServiceDirectory(testDirectory);
- }
-
- @After
- public void tearDown() {
- verify(mockAclService);
- }
-
- /**
- * Mock id generator for testing.
- */
- private class MockIdGenerator implements IdGenerator {
- private AtomicLong nextId = new AtomicLong(0);
-
- @Override
- public long getNewId() {
- return nextId.getAndIncrement();
- }
- }
-
- @Test
- public void testaddRule() throws IOException {
- WebResource rs = resource();
- String response;
- String json;
- IdGenerator idGenerator = new MockIdGenerator();
- AclRule.bindIdGenerator(idGenerator);
-
- replay(mockAclService);
-
- // input a invalid JSON string that contains neither nw_src and nw_dst
- json = "{\"ipProto\":\"TCP\",\"dstTpPort\":\"80\"}";
- response = rs.path("add").post(String.class, json);
- assertThat(response, containsString("Failed! Either srcIp or dstIp must be assigned."));
-
- // input a invalid JSON string that doesn't contain CIDR mask bits
- json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
- response = rs.path("add").post(String.class, json);
- assertThat(response, containsString("Malformed IPv4 prefix string: 10.0.0.1. " +
- "Address must take form \"x.x.x.x/y\""));
-
- // input a invalid JSON string that contains a invalid IP address
- json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.256/32\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
- response = rs.path("add").post(String.class, json);
- assertThat(response, containsString("Invalid IP address string: 10.0.0.256"));
-
- // input a invalid JSON string that contains a invalid IP address
- json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.01/32\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
- response = rs.path("add").post(String.class, json);
- assertThat(response, containsString("Invalid IP address string: 10.0.01"));
-
- // input a invalid JSON string that contains a invalid CIDR mask bits
- json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/a\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
- response = rs.path("add").post(String.class, json);
- assertThat(response, containsString("Failed! For input string: \"a\""));
-
- // input a invalid JSON string that contains a invalid CIDR mask bits
- json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/33\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
- response = rs.path("add").post(String.class, json);
- assertThat(response, containsString("Invalid prefix length 33. The value must be in the interval [0, 32]"));
-
- // input a invalid JSON string that contains a invalid ipProto value
- json = "{\"ipProto\":\"ARP\",\"srcIp\":\"10.0.0.1/32\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
- response = rs.path("add").post(String.class, json);
- assertThat(response, containsString("ipProto must be assigned to TCP, UDP, or ICMP."));
-
- // input a invalid JSON string that contains a invalid dstTpPort value
- json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/32\",\"dstTpPort\":\"a\",\"action\":\"DENY\"}";
- response = rs.path("add").post(String.class, json);
- assertThat(response, containsString("dstTpPort must be assigned to a numerical value."));
-
- // input a invalid JSON string that contains a invalid action value
- json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/32\",\"dstTpPort\":\"80\",\"action\":\"PERMIT\"}";
- response = rs.path("add").post(String.class, json);
- assertThat(response, containsString("action must be assigned to ALLOW or DENY."));
- }
-}
diff --git a/framework/src/onos/apps/acl/src/test/java/org/onos/acl/web/ResourceTest.java b/framework/src/onos/apps/acl/src/test/java/org/onos/acl/web/ResourceTest.java
deleted file mode 100644
index 04cd10bd..00000000
--- a/framework/src/onos/apps/acl/src/test/java/org/onos/acl/web/ResourceTest.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
- * Advisers: Keqiu Li and Heng Qi
- * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
- * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.onos.acl.web;
-
-import com.sun.jersey.test.framework.AppDescriptor;
-import com.sun.jersey.test.framework.JerseyTest;
-import com.sun.jersey.test.framework.WebAppDescriptor;
-
-import java.io.IOException;
-import java.net.ServerSocket;
-
-/**
- * Base class for REST API tests. Performs common configuration operations.
- */
-public class ResourceTest extends JerseyTest {
-
- /**
- * Assigns an available port for the test.
- *
- * @param defaultPort If a port cannot be determined, this one is used.
- * @return free port
- */
- @Override
- public int getPort(int defaultPort) {
- try {
- ServerSocket socket = new ServerSocket(0);
- socket.setReuseAddress(true);
- int port = socket.getLocalPort();
- socket.close();
- return port;
- } catch (IOException ioe) {
- return defaultPort;
- }
- }
-
- @Override
- public AppDescriptor configure() {
- return new WebAppDescriptor.Builder("org.onos.acl").build();
- }
-
-}
diff --git a/framework/src/onos/apps/acl/src/test/java/org/onos/acl/web/TestServiceDirectory.java b/framework/src/onos/apps/acl/src/test/java/org/onos/acl/web/TestServiceDirectory.java
deleted file mode 100644
index 6dbd302c..00000000
--- a/framework/src/onos/apps/acl/src/test/java/org/onos/acl/web/TestServiceDirectory.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
- * Advisers: Keqiu Li and Heng Qi
- * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
- * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.onos.acl.web;
-
-import com.google.common.collect.ClassToInstanceMap;
-import com.google.common.collect.MutableClassToInstanceMap;
-import org.onlab.osgi.ServiceDirectory;
-
-/**
- * Service directory implementation suitable for testing.
- */
-public class TestServiceDirectory implements ServiceDirectory {
-
-
- private ClassToInstanceMap<Object> services = MutableClassToInstanceMap.create();
-
- @Override
- public <T> T get(Class<T> serviceClass) {
- return services.getInstance(serviceClass);
- }
-
- /**
- * Adds a new service to the directory.
- *
- * @param serviceClass service class
- * @param service service instance
- * @return self
- */
- public TestServiceDirectory add(Class serviceClass, Object service) {
- services.putInstance(serviceClass, service);
- return this;
- }
-
-}