package org.opendaylight.netvirt.aclservice;

import com.google.common.collect.Lists;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedSet;
import java.util.stream.Collectors;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.genius.infra.ManagedNewTransactionRunner;
import org.opendaylight.genius.infra.ManagedNewTransactionRunnerImpl;
import org.opendaylight.genius.mdsalutil.ActionInfo;
import org.opendaylight.genius.mdsalutil.FlowEntity;
import org.opendaylight.genius.mdsalutil.InstructionInfo;
import org.opendaylight.genius.mdsalutil.MDSALUtil;
import org.opendaylight.genius.mdsalutil.MatchInfoBase;
import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack;
import org.opendaylight.genius.mdsalutil.actions.ActionNxCtClear;
import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
import org.opendaylight.genius.mdsalutil.matches.MatchMetadata;
import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState;
import org.opendaylight.infrautils.jobcoordinator.JobCoordinator;
import org.opendaylight.netvirt.aclservice.api.AclInterfaceCache;
import org.opendaylight.netvirt.aclservice.api.AclServiceListener;
import org.opendaylight.netvirt.aclservice.api.AclServiceManager;
import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
import org.opendaylight.netvirt.aclservice.utils.AclConntrackClassifierType;
import org.opendaylight.netvirt.aclservice.utils.AclConstants;
import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
import org.opendaylight.netvirt.aclservice.utils.AclServiceOFFlowBuilder;
import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeBase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.class */
public abstract class AbstractAclServiceImpl implements AclServiceListener {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractAclServiceImpl.class);
    protected final IMdsalApiManager mdsalManager;
    protected final ManagedNewTransactionRunner txRunner;
    protected final Class<? extends ServiceModeBase> serviceMode;
    protected final AclDataUtil aclDataUtil;
    protected final AclServiceUtils aclServiceUtils;
    protected final JobCoordinator jobCoordinator;
    protected final AclInterfaceCache aclInterfaceCache;
    protected final Class<? extends DirectionBase> direction;
    protected final String directionString;

    public AbstractAclServiceImpl(Class<? extends ServiceModeBase> cls, DataBroker dataBroker, IMdsalApiManager iMdsalApiManager, AclDataUtil aclDataUtil, AclServiceUtils aclServiceUtils, JobCoordinator jobCoordinator, AclInterfaceCache aclInterfaceCache) {
        this.txRunner = new ManagedNewTransactionRunnerImpl(dataBroker);
        this.mdsalManager = iMdsalApiManager;
        this.serviceMode = cls;
        this.aclDataUtil = aclDataUtil;
        this.aclServiceUtils = aclServiceUtils;
        this.jobCoordinator = jobCoordinator;
        this.aclInterfaceCache = aclInterfaceCache;
        this.direction = this.serviceMode.equals(ServiceModeEgress.class) ? DirectionIngress.class : DirectionEgress.class;
        this.directionString = this.direction.equals(DirectionEgress.class) ? "Egress" : "Ingress";
    }

    public boolean applyAcl(AclInterface aclInterface) {
        if (aclInterface == null) {
            LOG.error("port cannot be null");
            return false;
        }
        if (aclInterface.getSecurityGroups() == null) {
            LOG.info("Port {} without SGs", aclInterface.getInterfaceId());
            return false;
        }
        BigInteger dpId = aclInterface.getDpId();
        if (dpId == null || aclInterface.getLPortTag() == null) {
            LOG.error("Unable to find DpId from ACL interface with id {}", aclInterface.getInterfaceId());
            return false;
        }
        LOG.debug("Applying ACL on port {} with DpId {}", aclInterface, dpId);
        ArrayList arrayList = new ArrayList();
        programAcl(arrayList, aclInterface, AclServiceManager.Action.ADD, 0);
        updateRemoteAclFilterTable(arrayList, aclInterface, 0);
        programFlows(AclConstants.ACL_JOB_KEY_PREFIX + aclInterface.getInterfaceId(), arrayList, 0);
        return true;
    }

    public boolean bindAcl(AclInterface aclInterface) {
        if (aclInterface == null || aclInterface.getSecurityGroups() == null) {
            LOG.error("Port and port security groups cannot be null for binding ACL service, port={}", aclInterface);
            return false;
        }
        bindService(aclInterface);
        return true;
    }

    public boolean unbindAcl(AclInterface aclInterface) {
        if (aclInterface == null) {
            LOG.error("Port cannot be null for unbinding ACL service");
            return false;
        }
        if (aclInterface.getDpId() == null) {
            return true;
        }
        unbindService(aclInterface);
        return true;
    }

    public boolean updateAcl(AclInterface aclInterface, AclInterface aclInterface2) {
        if (aclInterface2.getDpId() == null || aclInterface2.getLPortTag() == null) {
            LOG.debug("Unable to find DpId from ACL interface with id {} and lport {}", aclInterface2.getInterfaceId(), aclInterface2.getLPortTag());
            return false;
        }
        boolean z = true;
        boolean isPortSecurityEnabled = aclInterface2.isPortSecurityEnabled();
        if (aclInterface.isPortSecurityEnabled() != isPortSecurityEnabled) {
            LOG.debug("On ACL update, Port security is {} for {}", isPortSecurityEnabled ? "Enabled" : "Disabled", aclInterface2.getInterfaceId());
            z = isPortSecurityEnabled ? applyAcl(aclInterface2) : removeAcl(aclInterface);
        } else if (isPortSecurityEnabled) {
            processInterfaceUpdate(aclInterface, aclInterface2);
            LOG.debug("On ACL update, ACL has been updated for {}", aclInterface2.getInterfaceId());
        }
        return z;
    }

    private void processInterfaceUpdate(AclInterface aclInterface, AclInterface aclInterface2) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        List<AllowedAddressPairs> updatedAllowedAddressPairs = AclServiceUtils.getUpdatedAllowedAddressPairs(aclInterface2.getAllowedAddressPairs(), aclInterface.getAllowedAddressPairs());
        List<AllowedAddressPairs> updatedAllowedAddressPairs2 = AclServiceUtils.getUpdatedAllowedAddressPairs(aclInterface.getAllowedAddressPairs(), aclInterface2.getAllowedAddressPairs());
        if (updatedAllowedAddressPairs2 != null && !updatedAllowedAddressPairs2.isEmpty()) {
            programAclWithAllowedAddress(arrayList2, aclInterface, updatedAllowedAddressPairs2, AclServiceManager.Action.UPDATE, 1);
            updateRemoteAclFilterTable(arrayList2, aclInterface, aclInterface.getSecurityGroups(), updatedAllowedAddressPairs2, 1);
        }
        if (updatedAllowedAddressPairs != null && !updatedAllowedAddressPairs.isEmpty()) {
            programAclWithAllowedAddress(arrayList, aclInterface2, updatedAllowedAddressPairs, AclServiceManager.Action.UPDATE, 0);
            updateRemoteAclFilterTable(arrayList, aclInterface2, aclInterface2.getSecurityGroups(), updatedAllowedAddressPairs, 0);
        }
        if (aclInterface2.getSubnetInfo() != null && aclInterface.getSubnetInfo() == null) {
            programBroadcastRules(arrayList, aclInterface2, 0);
        }
        handleSubnetChange(aclInterface, aclInterface2, arrayList, arrayList2);
        List<Uuid> updatedAclList = AclServiceUtils.getUpdatedAclList(aclInterface2.getSecurityGroups(), aclInterface.getSecurityGroups());
        List<Uuid> updatedAclList2 = AclServiceUtils.getUpdatedAclList(aclInterface.getSecurityGroups(), aclInterface2.getSecurityGroups());
        if (!updatedAclList2.isEmpty() || !updatedAclList.isEmpty()) {
            handleAclChange(arrayList2, aclInterface, updatedAclList2, 1);
            handleAclChange(arrayList, aclInterface2, updatedAclList, 0);
        }
        programFlows(AclConstants.ACL_JOB_KEY_PREFIX + aclInterface2.getInterfaceId(), arrayList2, 1);
        programFlows(AclConstants.ACL_JOB_KEY_PREFIX + aclInterface2.getInterfaceId(), arrayList, 0);
    }

    private void handleSubnetChange(AclInterface aclInterface, AclInterface aclInterface2, List<FlowEntity> list, List<FlowEntity> list2) {
        List<SubnetInfo> subnetDiff = AclServiceUtils.getSubnetDiff(aclInterface.getSubnetInfo(), aclInterface2.getSubnetInfo());
        List<SubnetInfo> subnetDiff2 = AclServiceUtils.getSubnetDiff(aclInterface2.getSubnetInfo(), aclInterface.getSubnetInfo());
        if (subnetDiff != null && !subnetDiff.isEmpty()) {
            programIcmpv6RARule(list2, aclInterface2, subnetDiff, 1);
            programSubnetBroadcastRules(list2, aclInterface2, subnetDiff, 1);
        }
        if (subnetDiff2 == null || subnetDiff2.isEmpty()) {
            return;
        }
        programIcmpv6RARule(list, aclInterface2, subnetDiff2, 0);
        programSubnetBroadcastRules(list, aclInterface2, subnetDiff2, 0);
    }

    private void handleAclChange(List<FlowEntity> list, AclInterface aclInterface, List<Uuid> list2, int i) {
        programAclRules(list, aclInterface, list2, i == 1 ? 2 : i);
        updateRemoteAclFilterTable(list, aclInterface, list2, aclInterface.getAllowedAddressPairs(), i);
        programAclDispatcherTable(list, aclInterface, i);
    }

    protected SortedSet<Integer> getRemoteAclTags(AclInterface aclInterface) {
        return this.direction == DirectionIngress.class ? aclInterface.getIngressRemoteAclTags() : aclInterface.getEgressRemoteAclTags();
    }

    protected void programAclDispatcherTable(List<FlowEntity> list, AclInterface aclInterface, int i) {
        SortedSet<Integer> remoteAclTags = getRemoteAclTags(aclInterface);
        if (remoteAclTags.isEmpty()) {
            LOG.debug("No {} rules with remote group id for port={}", this.directionString, aclInterface.getInterfaceId());
            return;
        }
        Integer first = remoteAclTags.first();
        Integer last = remoteAclTags.last();
        programFirstRemoteAclEntryInDispatcherTable(list, aclInterface, first, i);
        programLastRemoteAclEntryInDispatcherTable(list, aclInterface, last, i);
        Integer num = first;
        for (Integer num2 : remoteAclTags) {
            if (!num2.equals(first)) {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(AclServiceUtils.buildMatchesForLPortTagAndRemoteAclTag(aclInterface.getLPortTag(), num, this.serviceMode));
                String str = this.directionString + "_ACL_Dispatcher_" + aclInterface.getDpId() + "_" + aclInterface.getLPortTag() + "_" + num2;
                List<InstructionInfo> gotoInstructionInfo = AclServiceOFFlowBuilder.getGotoInstructionInfo(getAclRuleBasedFilterTable());
                gotoInstructionInfo.add(AclServiceUtils.getWriteMetadataForRemoteAclTag(num2));
                addFlowEntryToList(list, aclInterface.getDpId(), getAclFilterCumDispatcherTable(), str, AclConstants.ACE_GOTO_NEXT_REMOTE_ACL_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, gotoInstructionInfo, i);
                num = num2;
            }
        }
    }

    protected void programFirstRemoteAclEntryInDispatcherTable(List<FlowEntity> list, AclInterface aclInterface, Integer num, int i) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(AclServiceUtils.buildLPortTagMatch(aclInterface.getLPortTag().intValue(), this.serviceMode));
        String str = this.directionString + "_ACL_Dispatcher_First_" + aclInterface.getDpId() + "_" + aclInterface.getLPortTag() + "_" + num;
        List<InstructionInfo> gotoInstructionInfo = AclServiceOFFlowBuilder.getGotoInstructionInfo(getAclRuleBasedFilterTable());
        gotoInstructionInfo.add(AclServiceUtils.getWriteMetadataForRemoteAclTag(num));
        addFlowEntryToList(list, aclInterface.getDpId(), getAclFilterCumDispatcherTable(), str, AclConstants.ACE_FIRST_REMOTE_ACL_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, gotoInstructionInfo, i);
    }

    protected void programLastRemoteAclEntryInDispatcherTable(List<FlowEntity> list, AclInterface aclInterface, Integer num, int i) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(AclServiceUtils.buildMatchesForLPortTagAndRemoteAclTag(aclInterface.getLPortTag(), num, this.serviceMode));
        addFlowEntryToList(list, aclInterface.getDpId(), getAclFilterCumDispatcherTable(), this.directionString + "_ACL_Dispatcher_Last_" + aclInterface.getDpId() + "_" + aclInterface.getLPortTag() + "_" + num, AclConstants.ACE_LAST_REMOTE_ACL_PRIORITY.intValue(), 0, 0, AclServiceUtils.getDropFlowCookie(aclInterface.getLPortTag().intValue()), arrayList, AclServiceOFFlowBuilder.getDropInstructionInfo(), i);
    }

    private void programAcl(List<FlowEntity> list, AclInterface aclInterface, AclServiceManager.Action action, int i) {
        programAclWithAllowedAddress(list, aclInterface, aclInterface.getAllowedAddressPairs(), action, i);
    }

    private void programAclWithAllowedAddress(List<FlowEntity> list, AclInterface aclInterface, List<AllowedAddressPairs> list2, AclServiceManager.Action action, int i) {
        BigInteger dpId = aclInterface.getDpId();
        int intValue = aclInterface.getLPortTag().intValue();
        LOG.debug("Applying ACL Allowed Address on DpId {}, lportTag {}, Action {}", new Object[]{dpId, Integer.valueOf(intValue), action});
        String interfaceId = aclInterface.getInterfaceId();
        programAntiSpoofingRules(list, aclInterface, list2, action, i);
        programAclPortSpecificFixedRules(list, dpId, list2, intValue, interfaceId, action, i);
        if (action == AclServiceManager.Action.ADD || action == AclServiceManager.Action.REMOVE) {
            programAclRules(list, aclInterface, aclInterface.getSecurityGroups(), i);
            programAclDispatcherTable(list, aclInterface, i);
        }
    }

    protected boolean programAclRules(List<FlowEntity> list, AclInterface aclInterface, List<Uuid> list2, int i) {
        BigInteger dpId = aclInterface.getDpId();
        LOG.debug("Applying custom rules on DpId {}, lportTag {}", dpId, aclInterface.getLPortTag());
        if (list2 == null || dpId == null) {
            LOG.warn("{} ACL parameters can not be null. dpId={}, aclUuidList={}", new Object[]{this.directionString, dpId, list2});
            return false;
        }
        for (Uuid uuid : list2) {
            Acl acl = this.aclDataUtil.getAcl(uuid.getValue());
            if (null == acl) {
                LOG.warn("The ACL {} not found in cache", uuid.getValue());
            } else {
                Iterator it = acl.getAccessListEntries().getAce().iterator();
                while (it.hasNext()) {
                    programAceRule(list, aclInterface, uuid.getValue(), (Ace) it.next(), i);
                }
            }
        }
        return true;
    }

    protected void programAceRule(List<FlowEntity> list, AclInterface aclInterface, String str, Ace ace, int i) {
        SecurityRuleAttr accesssListAttributes = AclServiceUtils.getAccesssListAttributes(ace);
        if (i == 0 && accesssListAttributes.isDeleted().booleanValue()) {
            LOG.trace("Ignoring {} rule which is already deleted", ace.getRuleName());
            return;
        }
        if (!isValidDirection(accesssListAttributes.getDirection())) {
            LOG.trace("Ignoring {} direction while processing for {} ACE Rule {}", new Object[]{accesssListAttributes.getDirection(), this.directionString, ace.getRuleName()});
            return;
        }
        LOG.debug("Program {} ACE rule for dpId={}, lportTag={}, addOrRemove={}, ace={}, portId={}", new Object[]{this.directionString, aclInterface.getDpId(), aclInterface.getLPortTag(), Integer.valueOf(i), ace.getRuleName(), aclInterface.getInterfaceId()});
        Matches matches = ace.getMatches();
        if (matches.getAceType() instanceof AceIp) {
            Map<String, List<MatchInfoBase>> programIpFlow = AclServiceOFFlowBuilder.programIpFlow(matches);
            if (AclServiceUtils.doesAceHaveRemoteGroupId(accesssListAttributes)) {
                programAceSpecificFlows(list, aclInterface, str, ace, programIpFlow, accesssListAttributes.getRemoteGroupId(), i);
            } else {
                programForAceNotHavingRemoteAclId(list, aclInterface, str, ace, programIpFlow, i);
            }
        }
    }

    protected void programForAceNotHavingRemoteAclId(List<FlowEntity> list, AclInterface aclInterface, String str, Ace ace, Map<String, List<MatchInfoBase>> map, int i) {
        if (null == map) {
            return;
        }
        MatchInfoBase buildLPortTagMatch = AclServiceUtils.buildLPortTagMatch(aclInterface.getLPortTag().intValue(), this.serviceMode);
        List<InstructionInfo> gotoInstructionInfo = AclServiceOFFlowBuilder.getGotoInstructionInfo(getAclCommitterTable());
        Integer aceFlowPriority = this.aclServiceUtils.getAceFlowPriority(str);
        for (Map.Entry<String, List<MatchInfoBase>> entry : map.entrySet()) {
            String key = entry.getKey();
            List<MatchInfoBase> value = entry.getValue();
            value.add(buildLPortTagMatch);
            addFlowEntryToList(list, aclInterface.getDpId(), getAclFilterCumDispatcherTable(), key + this.directionString + "_" + aclInterface.getDpId() + "_" + aclInterface.getLPortTag() + "_" + ace.key().getRuleName(), aceFlowPriority.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, value, gotoInstructionInfo, i == 2 ? 1 : i);
            if (i != 1) {
                programAclForExistingTrafficTable(aclInterface, ace, i, key, value, aceFlowPriority);
            }
        }
    }

    protected void programAceSpecificFlows(List<FlowEntity> list, AclInterface aclInterface, String str, Ace ace, Map<String, List<MatchInfoBase>> map, Uuid uuid, int i) {
        if (null == map) {
            return;
        }
        Integer aclTag = this.aclServiceUtils.getAclTag(uuid);
        if (aclTag == null || aclTag.intValue() == -1) {
            LOG.error("remoteAclTag={} is null or invalid for remoteAclId={}", aclTag, uuid);
            return;
        }
        List<MatchInfoBase> buildMatchesForLPortTagAndRemoteAclTag = AclServiceUtils.buildMatchesForLPortTagAndRemoteAclTag(aclInterface.getLPortTag(), aclTag, this.serviceMode);
        List<InstructionInfo> gotoInstructionInfo = AclServiceOFFlowBuilder.getGotoInstructionInfo(getAclRemoteAclTable());
        Integer aceFlowPriority = this.aclServiceUtils.getAceFlowPriority(str);
        for (Map.Entry<String, List<MatchInfoBase>> entry : map.entrySet()) {
            String key = entry.getKey();
            List<MatchInfoBase> value = entry.getValue();
            value.addAll(buildMatchesForLPortTagAndRemoteAclTag);
            addFlowEntryToList(list, aclInterface.getDpId(), getAclRuleBasedFilterTable(), key + this.directionString + "_" + aclInterface.getDpId() + "_" + aclInterface.getLPortTag() + "_" + ace.key().getRuleName(), aceFlowPriority.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, value, gotoInstructionInfo, i == 2 ? 1 : i);
            if (i != 1) {
                programAclForExistingTrafficTable(aclInterface, ace, i, key, value, aceFlowPriority);
            }
        }
    }

    private void programAclForExistingTrafficTable(AclInterface aclInterface, Ace ace, int i, String str, List<MatchInfoBase> list, Integer num) {
        String str2 = str + this.directionString + "_" + aclInterface.getDpId() + "_" + aclInterface.getLPortTag() + "_" + (ace.getMatches().getAceType().getAceIpVersion() instanceof AceIpv4 ? "_IPv4" : "_IPv6") + "_FlowAfterRuleDeleted";
        List<? extends MatchInfoBase> list2 = (List) list.stream().filter(matchInfoBase -> {
            return ((matchInfoBase instanceof NxMatchCtState) || (matchInfoBase instanceof MatchMetadata)) ? false : true;
        }).collect(Collectors.toList());
        list2.add(AclServiceUtils.buildLPortTagMatch(aclInterface.getLPortTag().intValue(), this.serviceMode));
        list2.add(new NxMatchCtState(32L, 40L));
        List<InstructionInfo> createCtMarkInstructionForNewState = AclServiceUtils.createCtMarkInstructionForNewState(Short.valueOf(getAclFilterCumDispatcherTable()), aclInterface.getElanId());
        ArrayList arrayList = new ArrayList();
        int i2 = i == 0 ? 1 : 0;
        addFlowEntryToList(arrayList, aclInterface.getDpId(), getAclForExistingTrafficTable(), str2, num.intValue(), 0, AclServiceUtils.getHardTimoutForApplyStatefulChangeOnExistingTraffic(ace, this.aclServiceUtils).intValue(), AclConstants.COOKIE_ACL_BASE, list2, createCtMarkInstructionForNewState, i2);
        programFlows(AclConstants.ACL_JOB_KEY_PREFIX + aclInterface.getInterfaceId(), arrayList, i2);
    }

    public boolean removeAcl(AclInterface aclInterface) {
        if (aclInterface.getDpId() == null) {
            LOG.warn("Unable to find DP Id from ACL interface with id {}", aclInterface.getInterfaceId());
            return false;
        }
        ArrayList arrayList = new ArrayList();
        programAcl(arrayList, aclInterface, AclServiceManager.Action.REMOVE, 1);
        updateRemoteAclFilterTable(arrayList, aclInterface, 1);
        programFlows(AclConstants.ACL_JOB_KEY_PREFIX + aclInterface.getInterfaceId(), arrayList, 1);
        return true;
    }

    public boolean applyAce(AclInterface aclInterface, String str, Ace ace) {
        if (!aclInterface.isPortSecurityEnabled() || aclInterface.getDpId() == null) {
            return false;
        }
        ArrayList arrayList = new ArrayList();
        programAceRule(arrayList, aclInterface, str, ace, 0);
        programFlows(AclConstants.ACL_JOB_KEY_PREFIX + aclInterface.getInterfaceId(), arrayList, 0);
        return true;
    }

    public boolean removeAce(AclInterface aclInterface, String str, Ace ace) {
        if (!aclInterface.isPortSecurityEnabled() || aclInterface.getDpId() == null) {
            return false;
        }
        ArrayList arrayList = new ArrayList();
        programAceRule(arrayList, aclInterface, str, ace, 2);
        programFlows(AclConstants.ACL_JOB_KEY_PREFIX + aclInterface.getInterfaceId(), arrayList, 1);
        return true;
    }

    public void updateRemoteAcl(Acl acl, Acl acl2, Collection<AclInterface> collection) {
        handleRemoteAclUpdate(acl, acl2, collection);
    }

    public abstract void bindService(AclInterface aclInterface);

    protected abstract void unbindService(AclInterface aclInterface);

    protected abstract void programAntiSpoofingRules(List<FlowEntity> list, AclInterface aclInterface, List<AllowedAddressPairs> list2, AclServiceManager.Action action, int i);

    protected abstract void programBroadcastRules(List<FlowEntity> list, AclInterface aclInterface, int i);

    protected abstract void programSubnetBroadcastRules(List<FlowEntity> list, AclInterface aclInterface, List<SubnetInfo> list2, int i);

    protected abstract void programIcmpv6RARule(List<FlowEntity> list, AclInterface aclInterface, List<SubnetInfo> list2, int i);

    /* JADX INFO: Access modifiers changed from: protected */
    public void addFlowEntryToList(List<FlowEntity> list, BigInteger bigInteger, short s, String str, int i, int i2, int i3, BigInteger bigInteger2, List<? extends MatchInfoBase> list2, List<InstructionInfo> list3, int i4) {
        List<InstructionInfo> list4 = null;
        if (i4 == 0) {
            list4 = list3;
        }
        FlowEntity buildFlowEntity = MDSALUtil.buildFlowEntity(bigInteger, s, str, i, str, i2, i3, bigInteger2, list2, list4);
        LOG.trace("Adding flow to list: DpnId {}, flowId {}", bigInteger, str);
        list.add(buildFlowEntity);
    }

    protected void programFlows(String str, List<FlowEntity> list, int i) {
        for (List list2 : Lists.partition(list, 30)) {
            this.jobCoordinator.enqueueJob(str, () -> {
                return Collections.singletonList(this.txRunner.callWithNewWriteOnlyTransactionAndSubmit(writeTransaction -> {
                    if (i == 0) {
                        Iterator it = list2.iterator();
                        while (it.hasNext()) {
                            this.mdsalManager.addFlowToTx((FlowEntity) it.next(), writeTransaction);
                        }
                        return;
                    }
                    Iterator it2 = list2.iterator();
                    while (it2.hasNext()) {
                        this.mdsalManager.removeFlowToTx((FlowEntity) it2.next(), writeTransaction);
                    }
                }));
            }, 3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<InstructionInfo> getDispatcherTableResubmitInstructions() {
        return getDispatcherTableResubmitInstructions(new ArrayList());
    }

    protected List<InstructionInfo> getDispatcherTableResubmitInstructions(List<ActionInfo> list) {
        short s = 17;
        if (ServiceModeEgress.class.equals(this.serviceMode)) {
            s = 220;
        }
        ArrayList arrayList = new ArrayList();
        list.add(new ActionNxResubmit(s));
        arrayList.add(new InstructionApplyActions(list));
        return arrayList;
    }

    protected void handleRemoteAclUpdate(Acl acl, Acl acl2, Collection<AclInterface> collection) {
        String aclName = acl2.getAclName();
        Collection<AclInterface> interfaceList = this.aclDataUtil.getInterfaceList(new Uuid(aclName));
        if (interfaceList == null || interfaceList.isEmpty()) {
            LOG.trace("handleRemoteAclUpdate: No interfaces found with ACL={}", aclName);
            return;
        }
        Set<Uuid> remoteAclIdsByDirection = AclServiceUtils.getRemoteAclIdsByDirection(acl, this.direction);
        Set<Uuid> remoteAclIdsByDirection2 = AclServiceUtils.getRemoteAclIdsByDirection(acl2, this.direction);
        HashSet hashSet = new HashSet(remoteAclIdsByDirection2);
        hashSet.removeAll(remoteAclIdsByDirection);
        HashSet hashSet2 = new HashSet(remoteAclIdsByDirection);
        hashSet2.removeAll(remoteAclIdsByDirection2);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (!hashSet.isEmpty() || !hashSet2.isEmpty()) {
            Iterator<AclInterface> it = collection.iterator();
            while (it.hasNext()) {
                programAclDispatcherTable(arrayList2, it.next(), 1);
            }
            Iterator<AclInterface> it2 = interfaceList.iterator();
            while (it2.hasNext()) {
                programAclDispatcherTable(arrayList, it2.next(), 0);
            }
        }
        Set<BigInteger> set = (Set) interfaceList.stream().map((v0) -> {
            return v0.getDpId();
        }).collect(Collectors.toSet());
        programRemoteAclTable(arrayList2, aclName, hashSet2, set, 1);
        programRemoteAclTable(arrayList, aclName, hashSet, set, 0);
        programFlows(aclName, arrayList2, 1);
        programFlows(aclName, arrayList, 0);
    }

    private void programRemoteAclTable(List<FlowEntity> list, String str, Set<Uuid> set, Set<BigInteger> set2, int i) {
        for (Uuid uuid : set) {
            Collection<AclInterface> interfaceList = this.aclDataUtil.getInterfaceList(uuid);
            if (interfaceList != null && !interfaceList.isEmpty()) {
                Set set3 = (Set) interfaceList.stream().map((v0) -> {
                    return v0.getAllowedAddressPairs();
                }).flatMap((v0) -> {
                    return v0.stream();
                }).filter(AclServiceUtils::isNotIpAllNetwork).collect(Collectors.toSet());
                Integer aclTag = this.aclServiceUtils.getAclTag(uuid);
                if (i == 0) {
                    for (BigInteger bigInteger : set2) {
                        Iterator it = set3.iterator();
                        while (it.hasNext()) {
                            programRemoteAclTableFlow(list, bigInteger, aclTag, (AllowedAddressPairs) it.next(), i);
                        }
                    }
                } else if (i == 1) {
                    Set<BigInteger> hashSet = new HashSet();
                    Map<String, Set<AclInterface>> remoteAclInterfaces = this.aclDataUtil.getRemoteAclInterfaces(uuid, this.direction);
                    if (remoteAclInterfaces != null) {
                        HashMap hashMap = new HashMap(remoteAclInterfaces);
                        hashMap.remove(str);
                        hashSet = collectDpns(hashMap);
                    }
                    HashSet<BigInteger> hashSet2 = new HashSet(set2);
                    hashSet2.removeAll(hashSet);
                    LOG.debug("Deleting flows in Remote ACL table for remoteAclId={}, direction={}, dpnsToOperate={}, remoteAclDpns={}, dpns={}", new Object[]{uuid.getValue(), this.directionString, hashSet2, hashSet, set2});
                    for (BigInteger bigInteger2 : hashSet2) {
                        Iterator it2 = set3.iterator();
                        while (it2.hasNext()) {
                            programRemoteAclTableFlow(list, bigInteger2, aclTag, (AllowedAddressPairs) it2.next(), i);
                        }
                    }
                }
            }
        }
    }

    private void updateRemoteAclFilterTable(List<FlowEntity> list, AclInterface aclInterface, int i) {
        updateRemoteAclFilterTable(list, aclInterface, aclInterface.getSecurityGroups(), aclInterface.getAllowedAddressPairs(), i);
    }

    private void updateRemoteAclFilterTable(List<FlowEntity> list, AclInterface aclInterface, List<Uuid> list2, List<AllowedAddressPairs> list3, int i) {
        if (list2 == null) {
            LOG.debug("Port {} without SGs", aclInterface.getInterfaceId());
            return;
        }
        String interfaceId = aclInterface.getInterfaceId();
        LOG.trace("updateRemoteAclFilterTable for portId={}, aclList={}, aaps={}, addOrRemove={}", new Object[]{interfaceId, list2, list3, Integer.valueOf(i)});
        for (Uuid uuid : list2) {
            if (this.aclDataUtil.getRemoteAcl(uuid, this.direction) != null) {
                Integer aclTag = this.aclServiceUtils.getAclTag(uuid);
                if (i == 0) {
                    syncRemoteAclTable(list, interfaceId, uuid, aclTag, list3, i);
                } else if (i == 1) {
                    this.jobCoordinator.enqueueJob(uuid.getValue().intern(), () -> {
                        ArrayList arrayList = new ArrayList();
                        syncRemoteAclTable(arrayList, interfaceId, uuid, aclTag, list3, i);
                        programFlows(AclConstants.ACL_JOB_KEY_PREFIX + uuid.getValue(), arrayList, 1);
                        return Collections.emptyList();
                    });
                }
            }
        }
        Iterator<Uuid> it = this.aclServiceUtils.getRemoteAclIdsByDirection(list2, this.direction).iterator();
        while (it.hasNext()) {
            syncRemoteAclTableFromOtherDpns(list, aclInterface, it.next(), i);
        }
    }

    private void syncRemoteAclTable(List<FlowEntity> list, String str, Uuid uuid, Integer num, List<AllowedAddressPairs> list2, int i) {
        Set<BigInteger> collectDpns = collectDpns(this.aclDataUtil.getRemoteAclInterfaces(uuid, this.direction));
        for (AllowedAddressPairs allowedAddressPairs : list2) {
            if (AclServiceUtils.isNotIpAllNetwork(allowedAddressPairs)) {
                if (this.aclServiceUtils.skipDeleteInCaseOfOverlappingIP(str, uuid, allowedAddressPairs.getIpAddress(), i)) {
                    LOG.debug("Skipping delete of IP={} in remote ACL table for remoteAclId={}, portId={}", new Object[]{allowedAddressPairs.getIpAddress(), str, uuid.getValue()});
                } else {
                    Iterator<BigInteger> it = collectDpns.iterator();
                    while (it.hasNext()) {
                        programRemoteAclTableFlow(list, it.next(), num, allowedAddressPairs, i);
                    }
                }
            }
        }
    }

    private void syncRemoteAclTableFromOtherDpns(List<FlowEntity> list, AclInterface aclInterface, Uuid uuid, int i) {
        Collection<AclInterface> interfaceList = this.aclDataUtil.getInterfaceList(uuid);
        if (interfaceList == null || interfaceList.isEmpty() || !isFirstPortInDpnWithRemoteAclId(aclInterface, uuid)) {
            return;
        }
        Integer aclTag = this.aclServiceUtils.getAclTag(uuid);
        for (AclInterface aclInterface2 : interfaceList) {
            if (!aclInterface.getInterfaceId().equals(aclInterface2.getInterfaceId())) {
                for (AllowedAddressPairs allowedAddressPairs : aclInterface2.getAllowedAddressPairs()) {
                    if (AclServiceUtils.isNotIpAllNetwork(allowedAddressPairs)) {
                        programRemoteAclTableFlow(list, aclInterface.getDpId(), aclTag, allowedAddressPairs, i);
                    }
                }
            }
        }
    }

    private boolean isFirstPortInDpnWithRemoteAclId(AclInterface aclInterface, Uuid uuid) {
        String interfaceId = aclInterface.getInterfaceId();
        BigInteger dpId = aclInterface.getDpId();
        Map<String, Set<AclInterface>> remoteAclInterfaces = this.aclDataUtil.getRemoteAclInterfaces(uuid, this.direction);
        if (remoteAclInterfaces == null) {
            return true;
        }
        Iterator<Set<AclInterface>> it = remoteAclInterfaces.values().iterator();
        while (it.hasNext()) {
            for (AclInterface aclInterface2 : it.next()) {
                if (!interfaceId.equals(aclInterface2.getInterfaceId()) && dpId.equals(aclInterface2.getDpId())) {
                    return false;
                }
            }
        }
        return true;
    }

    protected abstract void programRemoteAclTableFlow(List<FlowEntity> list, BigInteger bigInteger, Integer num, AllowedAddressPairs allowedAddressPairs, int i);

    protected Set<BigInteger> collectDpns(Map<String, Set<AclInterface>> map) {
        HashSet hashSet = new HashSet();
        if (map == null) {
            return hashSet;
        }
        for (Set<AclInterface> set : map.values()) {
            if (set != null) {
                Iterator<AclInterface> it = set.iterator();
                while (it.hasNext()) {
                    hashSet.add(it.next().getDpId());
                }
            }
        }
        return hashSet;
    }

    protected void programAclPortSpecificFixedRules(List<FlowEntity> list, BigInteger bigInteger, List<AllowedAddressPairs> list2, int i, String str, AclServiceManager.Action action, int i2) {
        programGotoClassifierTableRules(list, bigInteger, list2, i, i2);
        if (action == AclServiceManager.Action.ADD || action == AclServiceManager.Action.REMOVE) {
            programConntrackRecircRules(list, bigInteger, list2, i, str, i2);
            programPortSpecificDropRules(list, bigInteger, i, i2);
            programAclCommitRules(list, bigInteger, i, str, i2);
        }
        LOG.info("programAclPortSpecificFixedRules: flows for dpId={}, lportId={}, action={}, write={}", new Object[]{bigInteger, Integer.valueOf(i), action, Integer.valueOf(i2)});
    }

    protected abstract void programGotoClassifierTableRules(List<FlowEntity> list, BigInteger bigInteger, List<AllowedAddressPairs> list2, int i, int i2);

    protected void programConntrackRecircRules(List<FlowEntity> list, BigInteger bigInteger, List<AllowedAddressPairs> list2, int i, String str, int i2) {
        if (AclServiceUtils.doesIpv4AddressExists(list2)) {
            programConntrackRecircRule(list, bigInteger, i, str, MatchEthernetType.IPV4, i2);
        }
        if (AclServiceUtils.doesIpv6AddressExists(list2)) {
            programConntrackRecircRule(list, bigInteger, i, str, MatchEthernetType.IPV6, i2);
        }
    }

    protected void programConntrackRecircRule(List<FlowEntity> list, BigInteger bigInteger, int i, String str, MatchEthernetType matchEthernetType, int i2) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(matchEthernetType);
        arrayList.add(AclServiceUtils.buildLPortTagMatch(i, this.serviceMode));
        ArrayList arrayList2 = new ArrayList();
        if (i2 == 0) {
            Long elanIdFromAclInterface = getElanIdFromAclInterface(str);
            if (elanIdFromAclInterface == null) {
                LOG.error("ElanId not found for portId={}; Context: dpId={}, lportTag={}, addOrRemove={},", new Object[]{str, bigInteger, Integer.valueOf(i), Integer.valueOf(i2)});
                return;
            } else {
                ArrayList arrayList3 = new ArrayList();
                arrayList3.add(new ActionNxConntrack(2, 0, 0L, elanIdFromAclInterface.intValue(), getAclForExistingTrafficTable()));
                arrayList2.add(new InstructionApplyActions(arrayList3));
            }
        }
        addFlowEntryToList(list, bigInteger, getAclConntrackSenderTable(), this.directionString + "_Fixed_Conntrk_" + bigInteger + "_" + i + "_" + matchEthernetType + "_Recirc", AclConstants.ACL_DEFAULT_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, arrayList2, i2);
    }

    protected void programPortSpecificDropRules(List<FlowEntity> list, BigInteger bigInteger, int i, int i2) {
        LOG.debug("Programming Drop Rules: DpId={}, lportTag={}, addOrRemove={}", new Object[]{bigInteger, Integer.valueOf(i), Integer.valueOf(i2)});
        programConntrackInvalidDropRule(list, bigInteger, i, i2);
        programAclRuleMissDropRule(list, bigInteger, i, i2);
    }

    protected void programConntrackInvalidDropRule(List<FlowEntity> list, BigInteger bigInteger, int i, int i2) {
        addFlowEntryToList(list, bigInteger, getAclFilterCumDispatcherTable(), this.directionString + "_Fixed_Conntrk_Drop" + bigInteger + "_" + i + "_Tracked_Invalid", AclConstants.CT_STATE_TRACKED_INVALID_PRIORITY.intValue(), 0, 0, AclServiceUtils.getDropFlowCookie(i), AclServiceOFFlowBuilder.addLPortTagMatches(i, 48, 48, this.serviceMode), AclServiceOFFlowBuilder.getDropInstructionInfo(), i2);
    }

    protected void programAclRuleMissDropRule(List<FlowEntity> list, BigInteger bigInteger, int i, int i2) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(AclServiceUtils.buildLPortTagMatch(i, this.serviceMode));
        addFlowEntryToList(list, bigInteger, getAclFilterCumDispatcherTable(), this.directionString + "_Fixed_Acl_Rule_Miss_Drop_" + bigInteger + "_" + i, AclConstants.ACL_PORT_SPECIFIC_DROP_PRIORITY.intValue(), 0, 0, AclServiceUtils.getDropFlowCookie(i), arrayList, AclServiceOFFlowBuilder.getDropInstructionInfo(), i2);
    }

    protected void programAclCommitRules(List<FlowEntity> list, BigInteger bigInteger, int i, String str, int i2) {
        programAclCommitRuleForConntrack(list, bigInteger, i, str, MatchEthernetType.IPV4, i2);
        programAclCommitRuleForConntrack(list, bigInteger, i, str, MatchEthernetType.IPV6, i2);
        programAclCommitRuleForNonConntrack(list, bigInteger, i, i2);
    }

    protected void programAclCommitRuleForConntrack(List<FlowEntity> list, BigInteger bigInteger, int i, String str, MatchEthernetType matchEthernetType, int i2) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(matchEthernetType);
        arrayList.addAll(AclServiceUtils.buildMatchesForLPortTagAndConntrackClassifierType(i, AclConntrackClassifierType.CONNTRACK_SUPPORTED, this.serviceMode));
        ArrayList arrayList2 = new ArrayList();
        if (i2 == 0) {
            Long elanIdFromAclInterface = getElanIdFromAclInterface(str);
            if (elanIdFromAclInterface == null) {
                LOG.error("ElanId not found for portId={}; Context: dpId={}, lportTag={}, addOrRemove={}", new Object[]{str, bigInteger, Integer.valueOf(i), Integer.valueOf(i2)});
                return;
            } else {
                arrayList2.add(new ActionNxConntrack(2, 1, 0L, elanIdFromAclInterface.intValue(), (short) 255, Lists.newArrayList(new ActionNxConntrack.NxCtAction[]{new ActionNxConntrack.NxCtMark(1L)})));
                arrayList2.add(new ActionNxCtClear());
            }
        }
        addFlowEntryToList(list, bigInteger, getAclCommitterTable(), this.directionString + "_Acl_Commit_Conntrack_" + bigInteger + "_" + i + "_" + matchEthernetType, AclConstants.ACL_DEFAULT_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, getDispatcherTableResubmitInstructions(arrayList2), i2);
    }

    protected void programAclCommitRuleForNonConntrack(List<FlowEntity> list, BigInteger bigInteger, int i, int i2) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(AclServiceUtils.buildMatchesForLPortTagAndConntrackClassifierType(i, AclConntrackClassifierType.NON_CONNTRACK_SUPPORTED, this.serviceMode));
        addFlowEntryToList(list, bigInteger, getAclCommitterTable(), this.directionString + "_Acl_Commit_Non_Conntrack_" + bigInteger + "_" + i, AclConstants.ACL_DEFAULT_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, getDispatcherTableResubmitInstructions(), i2);
    }

    protected Long getElanIdFromAclInterface(String str) {
        AclInterface aclInterface = this.aclInterfaceCache.get(str);
        if (null != aclInterface) {
            return aclInterface.getElanId();
        }
        return null;
    }

    protected abstract boolean isValidDirection(Class<? extends DirectionBase> cls);

    protected abstract short getAclConntrackSenderTable();

    protected abstract short getAclForExistingTrafficTable();

    protected abstract short getAclFilterCumDispatcherTable();

    protected abstract short getAclRuleBasedFilterTable();

    protected abstract short getAclRemoteAclTable();

    protected abstract short getAclCommitterTable();
}
