package org.opendaylight.netvirt.aclservice;

import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.genius.infra.Datastore;
import org.opendaylight.genius.mdsalutil.FlowEntity;
import org.opendaylight.genius.mdsalutil.InstructionInfo;
import org.opendaylight.genius.mdsalutil.MDSALUtil;
import org.opendaylight.genius.mdsalutil.MatchInfoBase;
import org.opendaylight.genius.mdsalutil.MetaDataUtil;
import org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable;
import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetDestination;
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
import org.opendaylight.genius.mdsalutil.matches.MatchMetadata;
import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchRegister;
import org.opendaylight.genius.utils.ServiceIndex;
import org.opendaylight.infrautils.jobcoordinator.JobCoordinator;
import org.opendaylight.netvirt.aclservice.api.AclInterfaceCache;
import org.opendaylight.netvirt.aclservice.api.AclServiceManager;
import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
import org.opendaylight.netvirt.aclservice.utils.AclConstants;
import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
import org.opendaylight.netvirt.aclservice.utils.AclServiceOFFlowBuilder;
import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefixBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.port.subnets.port.subnet.SubnetInfo;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg6;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/netvirt/aclservice/IngressAclServiceImpl.class */
public class IngressAclServiceImpl extends AbstractAclServiceImpl {
    private static final Logger LOG = LoggerFactory.getLogger(IngressAclServiceImpl.class);

    public IngressAclServiceImpl(DataBroker dataBroker, IMdsalApiManager iMdsalApiManager, AclDataUtil aclDataUtil, AclServiceUtils aclServiceUtils, JobCoordinator jobCoordinator, AclInterfaceCache aclInterfaceCache) {
        super(ServiceModeEgress.class, dataBroker, iMdsalApiManager, aclDataUtil, aclServiceUtils, jobCoordinator, aclInterfaceCache);
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    public void bindService(AclInterface aclInterface) {
        String interfaceId = aclInterface.getInterfaceId();
        this.jobCoordinator.enqueueJob(interfaceId, () -> {
            ArrayList arrayList = new ArrayList();
            arrayList.add(MDSALUtil.buildAndGetGotoTableInstruction((short) 239, 0 + 1));
            BoundServices boundServices = AclServiceUtils.getBoundServices(String.format("%s.%s.%s", "acl", "egressacl", interfaceId), ServiceIndex.getIndex("EGRESS_ACL_SERVICE", (short) 6), 6, AclConstants.COOKIE_ACL_BASE, arrayList);
            InstanceIdentifier<BoundServices> buildServiceId = AclServiceUtils.buildServiceId(interfaceId, ServiceIndex.getIndex("EGRESS_ACL_SERVICE", (short) 6), this.serviceMode);
            return Collections.singletonList(this.txRunner.callWithNewWriteOnlyTransactionAndSubmit(Datastore.CONFIGURATION, typedWriteTransaction -> {
                typedWriteTransaction.put(buildServiceId, boundServices, true);
            }));
        });
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void unbindService(AclInterface aclInterface) {
        String interfaceId = aclInterface.getInterfaceId();
        InstanceIdentifier<BoundServices> buildServiceId = AclServiceUtils.buildServiceId(interfaceId, ServiceIndex.getIndex("EGRESS_ACL_SERVICE", (short) 6), this.serviceMode);
        LOG.debug("UnBinding ACL service for interface {}", interfaceId);
        this.jobCoordinator.enqueueJob(interfaceId, () -> {
            return Collections.singletonList(this.txRunner.callWithNewWriteOnlyTransactionAndSubmit(Datastore.CONFIGURATION, typedWriteTransaction -> {
                typedWriteTransaction.delete(buildServiceId);
            }));
        });
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programAntiSpoofingRules(List<FlowEntity> list, AclInterface aclInterface, List<AllowedAddressPairs> list2, AclServiceManager.Action action, int i) {
        LOG.info("{} programAntiSpoofingRules for port {}, AAPs={}, action={}, addOrRemove={}", new Object[]{this.directionString, aclInterface.getInterfaceId(), list2, action, Integer.valueOf(i)});
        BigInteger dpId = aclInterface.getDpId();
        int intValue = aclInterface.getLPortTag().intValue();
        if (action == AclServiceManager.Action.ADD || action == AclServiceManager.Action.REMOVE) {
            programCommitterDropFlow(list, dpId, intValue, i);
            ingressAclDhcpAllowServerTraffic(list, dpId, intValue, i);
            ingressAclDhcpv6AllowServerTraffic(list, dpId, intValue, i);
            ingressAclIcmpv6AllowedTraffic(list, aclInterface, i);
            programIcmpv6RARule(list, aclInterface, aclInterface.getSubnetInfo(), i);
            programArpRule(list, dpId, intValue, i);
            programIpv4BroadcastRule(list, aclInterface, aclInterface.getSubnetInfo(), i);
        }
    }

    private void programCommitterDropFlow(List<FlowEntity> list, BigInteger bigInteger, int i, int i2) {
        ArrayList arrayList = new ArrayList();
        List<InstructionInfo> dropInstructionInfo = AclServiceOFFlowBuilder.getDropInstructionInfo();
        BigInteger and = MetaDataUtil.METADATA_MASK_ACL_DROP.and(AclConstants.METADATA_DROP_FLAG.shiftLeft(2));
        BigInteger and2 = MetaDataUtil.METADATA_MASK_ACL_DROP.and(AclConstants.METADATA_DROP_FLAG.shiftLeft(2));
        arrayList.add(new NxMatchRegister(NxmNxReg6.class, MetaDataUtil.getLportTagForReg6(i).longValue(), Long.valueOf(MetaDataUtil.getLportTagMaskForReg6())));
        arrayList.add(new MatchMetadata(and, and2));
        addFlowEntryToList(list, bigInteger, getAclCommitterTable(), "Ingress_" + bigInteger + "_" + i + "_Drop", AclConstants.CT_STATE_TRACKED_INVALID_PRIORITY.intValue(), 0, 0, AclServiceUtils.getDropFlowCookie(i), arrayList, dropInstructionInfo, i2);
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programGotoClassifierTableRules(List<FlowEntity> list, BigInteger bigInteger, List<AllowedAddressPairs> list2, int i, int i2) {
        for (AllowedAddressPairs allowedAddressPairs : list2) {
            IpPrefixOrAddress ipAddress = allowedAddressPairs.getIpAddress();
            MacAddress macAddress = allowedAddressPairs.getMacAddress();
            ArrayList arrayList = new ArrayList();
            arrayList.add(AclServiceUtils.buildLPortTagMatch(i, this.serviceMode));
            arrayList.add(new MatchEthernetDestination(macAddress));
            arrayList.addAll(AclServiceUtils.buildIpMatches(ipAddress, AclServiceManager.MatchCriteria.MATCH_DESTINATION));
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(new InstructionGotoTable(getAclConntrackClassifierTable()));
            addFlowEntryToList(list, bigInteger, getAclAntiSpoofingTable(), "Ingress_Fixed_Goto_Classifier_" + bigInteger + "_" + i + "_" + macAddress.getValue() + "_" + ipAddress.stringValue(), AclConstants.PROTO_MATCH_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, arrayList2, i2);
        }
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programRemoteAclTableFlow(List<FlowEntity> list, BigInteger bigInteger, Integer num, AllowedAddressPairs allowedAddressPairs, int i) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(AclServiceUtils.buildIpAndSrcServiceMatch(num, allowedAddressPairs));
        addFlowEntryToList(list, bigInteger, getAclRemoteAclTable(), "Acl_Filter_Ingress_" + allowedAddressPairs.getIpAddress().stringValue() + "_" + num, AclConstants.ACL_DEFAULT_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, AclServiceOFFlowBuilder.getGotoInstructionInfo(getAclCommitterTable()), i);
    }

    protected void ingressAclDhcpAllowServerTraffic(List<FlowEntity> list, BigInteger bigInteger, int i, int i2) {
        addFlowEntryToList(list, bigInteger, getAclAntiSpoofingTable(), "Ingress_DHCP_Server_v4" + bigInteger + "_" + i + "_Permit_", AclConstants.PROTO_DHCP_SERVER_MATCH_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, AclServiceUtils.buildDhcpMatches(67, 68, i, this.serviceMode), getDispatcherTableResubmitInstructions(), i2);
    }

    protected void ingressAclDhcpv6AllowServerTraffic(List<FlowEntity> list, BigInteger bigInteger, int i, int i2) {
        addFlowEntryToList(list, bigInteger, getAclAntiSpoofingTable(), "Ingress_DHCP_Server_v6_" + bigInteger + "_" + i + "_Permit_", AclConstants.PROTO_DHCP_SERVER_MATCH_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, AclServiceUtils.buildDhcpV6Matches(AclConstants.DHCP_SERVER_PORT_IPV6, AclConstants.DHCP_CLIENT_PORT_IPV6, i, this.serviceMode), getDispatcherTableResubmitInstructions(), i2);
    }

    private void ingressAclIcmpv6AllowedTraffic(List<FlowEntity> list, AclInterface aclInterface, int i) {
        BigInteger dpId = aclInterface.getDpId();
        int intValue = aclInterface.getLPortTag().intValue();
        List<InstructionInfo> dispatcherTableResubmitInstructions = getDispatcherTableResubmitInstructions();
        List<MatchInfoBase> buildIcmpV6Matches = AclServiceUtils.buildIcmpV6Matches(AclConstants.ICMPV6_TYPE_MLD_QUERY, 0, intValue, this.serviceMode);
        short aclAntiSpoofingTable = getAclAntiSpoofingTable();
        addFlowEntryToList(list, dpId, aclAntiSpoofingTable, "Ingress_ICMPv6_" + dpId + "_" + intValue + "_" + AclConstants.ICMPV6_TYPE_MLD_QUERY + "_Permit_", AclConstants.PROTO_IPV6_ALLOWED_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, buildIcmpV6Matches, dispatcherTableResubmitInstructions, i);
        addFlowEntryToList(list, dpId, aclAntiSpoofingTable, "Ingress_ICMPv6_" + dpId + "_" + intValue + "_" + AclConstants.ICMPV6_TYPE_NS + "_Permit_", AclConstants.PROTO_IPV6_ALLOWED_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, AclServiceUtils.buildIcmpV6Matches(AclConstants.ICMPV6_TYPE_NS, 0, intValue, this.serviceMode), dispatcherTableResubmitInstructions, i);
        addFlowEntryToList(list, dpId, aclAntiSpoofingTable, "Ingress_ICMPv6_" + dpId + "_" + intValue + "_" + AclConstants.ICMPV6_TYPE_NA + "_Permit_", AclConstants.PROTO_IPV6_ALLOWED_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, AclServiceUtils.buildIcmpV6Matches(AclConstants.ICMPV6_TYPE_NA, 0, intValue, this.serviceMode), dispatcherTableResubmitInstructions, i);
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programIcmpv6RARule(List<FlowEntity> list, AclInterface aclInterface, List<SubnetInfo> list2, int i) {
        if (AclServiceUtils.isIpv6Subnet(list2).booleanValue()) {
            List<InstructionInfo> dispatcherTableResubmitInstructions = getDispatcherTableResubmitInstructions();
            List<MatchInfoBase> buildIcmpV6Matches = AclServiceUtils.buildIcmpV6Matches(AclConstants.ICMPV6_TYPE_RA, 0, aclInterface.getLPortTag().intValue(), this.serviceMode);
            buildIcmpV6Matches.addAll(AclServiceUtils.buildIpMatches(new IpPrefixOrAddress(IpPrefixBuilder.getDefaultInstance(AclConstants.IPV6_LINK_LOCAL_PREFIX)), AclServiceManager.MatchCriteria.MATCH_SOURCE));
            addFlowEntryToList(list, aclInterface.getDpId(), getAclAntiSpoofingTable(), "Ingress_ICMPv6_" + aclInterface.getDpId() + "_" + aclInterface.getLPortTag() + "_" + AclConstants.ICMPV6_TYPE_RA + "_LinkLocal_Permit_", AclConstants.PROTO_IPV6_ALLOWED_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, buildIcmpV6Matches, dispatcherTableResubmitInstructions, i);
        }
    }

    protected void programArpRule(List<FlowEntity> list, BigInteger bigInteger, int i, int i2) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(MatchEthernetType.ARP);
        arrayList.add(AclServiceUtils.buildLPortTagMatch(i, this.serviceMode));
        List<InstructionInfo> dispatcherTableResubmitInstructions = getDispatcherTableResubmitInstructions();
        Logger logger = LOG;
        Object[] objArr = new Object[3];
        objArr[0] = i2 == 1 ? "Deleting" : "Adding";
        objArr[1] = bigInteger;
        objArr[2] = Integer.valueOf(i);
        logger.debug("{} ARP Rule on DPID {}, lportTag {}", objArr);
        addFlowEntryToList(list, bigInteger, getAclAntiSpoofingTable(), "Ingress_ARP_" + bigInteger + "_" + i, AclConstants.PROTO_ARP_TRAFFIC_MATCH_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, dispatcherTableResubmitInstructions, i2);
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programBroadcastRules(List<FlowEntity> list, AclInterface aclInterface, int i) {
        programIpv4BroadcastRule(list, aclInterface, aclInterface.getSubnetInfo(), i);
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programSubnetBroadcastRules(List<FlowEntity> list, AclInterface aclInterface, List<SubnetInfo> list2, int i) {
        programIpv4BroadcastRule(list, aclInterface, list2, i);
    }

    private void programIpv4BroadcastRule(List<FlowEntity> list, AclInterface aclInterface, List<SubnetInfo> list2, int i) {
        BigInteger dpId = aclInterface.getDpId();
        int intValue = aclInterface.getLPortTag().intValue();
        MatchInfoBase buildLPortTagMatch = AclServiceUtils.buildLPortTagMatch(intValue, this.serviceMode);
        if (list2 == null) {
            LOG.warn("IP Broadcast CIDRs are missing for port {}", aclInterface.getInterfaceId());
            return;
        }
        for (String str : AclServiceUtils.getIpBroadcastAddresses(list2)) {
            List<MatchInfoBase> buildBroadcastIpV4Matches = AclServiceUtils.buildBroadcastIpV4Matches(str);
            buildBroadcastIpV4Matches.add(buildLPortTagMatch);
            ArrayList arrayList = new ArrayList();
            arrayList.add(new InstructionGotoTable(getAclConntrackClassifierTable()));
            addFlowEntryToList(list, dpId, getAclAntiSpoofingTable(), "Ingress_v4_Broadcast_" + dpId + "_" + intValue + "_" + str + "_Permit", AclConstants.PROTO_MATCH_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, buildBroadcastIpV4Matches, arrayList, i);
        }
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected boolean isValidDirection(Class<? extends DirectionBase> cls) {
        return cls.equals(DirectionIngress.class);
    }

    private short getAclAntiSpoofingTable() {
        return (short) 240;
    }

    private short getAclConntrackClassifierTable() {
        return (short) 241;
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected short getAclConntrackSenderTable() {
        return (short) 242;
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected short getAclForExistingTrafficTable() {
        return (short) 243;
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected short getAclFilterCumDispatcherTable() {
        return (short) 244;
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected short getAclRuleBasedFilterTable() {
        return (short) 245;
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected short getAclRemoteAclTable() {
        return (short) 246;
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected short getAclCommitterTable() {
        return (short) 247;
    }
}
