package org.opendaylight.netvirt.aclservice;

import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.genius.infra.Datastore;
import org.opendaylight.genius.mdsalutil.FlowEntity;
import org.opendaylight.genius.mdsalutil.InstructionInfo;
import org.opendaylight.genius.mdsalutil.MDSALUtil;
import org.opendaylight.genius.mdsalutil.MatchInfoBase;
import org.opendaylight.genius.mdsalutil.MetaDataUtil;
import org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable;
import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
import org.opendaylight.genius.mdsalutil.matches.MatchArpSha;
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource;
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
import org.opendaylight.genius.mdsalutil.matches.MatchMetadata;
import org.opendaylight.genius.utils.ServiceIndex;
import org.opendaylight.infrautils.jobcoordinator.JobCoordinator;
import org.opendaylight.netvirt.aclservice.api.AclInterfaceCache;
import org.opendaylight.netvirt.aclservice.api.AclServiceManager;
import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
import org.opendaylight.netvirt.aclservice.utils.AclConstants;
import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
import org.opendaylight.netvirt.aclservice.utils.AclServiceOFFlowBuilder;
import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeIngress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.SubnetInfo;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/netvirt/aclservice/EgressAclServiceImpl.class */
public class EgressAclServiceImpl extends AbstractAclServiceImpl {
    private static final Logger LOG = LoggerFactory.getLogger(EgressAclServiceImpl.class);

    public EgressAclServiceImpl(DataBroker dataBroker, IMdsalApiManager iMdsalApiManager, AclDataUtil aclDataUtil, AclServiceUtils aclServiceUtils, JobCoordinator jobCoordinator, AclInterfaceCache aclInterfaceCache) {
        super(ServiceModeIngress.class, dataBroker, iMdsalApiManager, aclDataUtil, aclServiceUtils, jobCoordinator, aclInterfaceCache);
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    public void bindService(AclInterface aclInterface) {
        String interfaceId = aclInterface.getInterfaceId();
        this.jobCoordinator.enqueueJob(interfaceId, () -> {
            ArrayList arrayList = new ArrayList();
            arrayList.add(MDSALUtil.buildAndGetGotoTableInstruction(getAclAntiSpoofingTable(), 0 + 1));
            short index = ServiceIndex.getIndex(AclConstants.INGRESS_ACL_SERVICE_NAME, (short) 2);
            BoundServices boundServices = AclServiceUtils.getBoundServices(String.format("%s.%s.%s", "acl", "ingressacl", interfaceId), index, 2, AclConstants.COOKIE_ACL_BASE, arrayList);
            InstanceIdentifier<BoundServices> buildServiceId = AclServiceUtils.buildServiceId(interfaceId, index, this.serviceMode);
            return Collections.singletonList(this.txRunner.callWithNewWriteOnlyTransactionAndSubmit(Datastore.CONFIGURATION, typedWriteTransaction -> {
                typedWriteTransaction.put(buildServiceId, boundServices, true);
            }));
        });
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void unbindService(AclInterface aclInterface) {
        String interfaceId = aclInterface.getInterfaceId();
        InstanceIdentifier<BoundServices> buildServiceId = AclServiceUtils.buildServiceId(interfaceId, ServiceIndex.getIndex(AclConstants.INGRESS_ACL_SERVICE_NAME, (short) 2), this.serviceMode);
        LOG.debug("UnBinding ACL service for interface {}", interfaceId);
        this.jobCoordinator.enqueueJob(interfaceId, () -> {
            return Collections.singletonList(this.txRunner.callWithNewWriteOnlyTransactionAndSubmit(Datastore.CONFIGURATION, typedWriteTransaction -> {
                typedWriteTransaction.delete(buildServiceId);
            }));
        });
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programAntiSpoofingRules(List<FlowEntity> list, AclInterface aclInterface, List<AllowedAddressPairs> list2, AclServiceManager.Action action, int i) {
        LOG.info("{} programAntiSpoofingRules for port {}, AAPs={}, action={}, addOrRemove={}", new Object[]{this.directionString, aclInterface.getInterfaceId(), list2, action, Integer.valueOf(i)});
        BigInteger dpId = aclInterface.getDpId();
        int intValue = aclInterface.getLPortTag().intValue();
        if (action != AclServiceManager.Action.UPDATE) {
            programCommitterDropFlow(list, dpId, intValue, i);
            egressAclIcmpv6AllowedList(list, dpId, intValue, i);
        }
        List<AllowedAddressPairs> excludeMulticastAAPs = AclServiceUtils.excludeMulticastAAPs(list2);
        if (!hasDuplicateMac(aclInterface.getAllowedAddressPairs(), excludeMulticastAAPs, action)) {
            programL2BroadcastAllowRule(list, aclInterface, excludeMulticastAAPs, i);
            egressAclDhcpAllowClientTraffic(list, aclInterface, excludeMulticastAAPs, intValue, i);
            egressAclDhcpv6AllowClientTraffic(list, aclInterface, excludeMulticastAAPs, intValue, i);
        }
        programArpRule(list, dpId, excludeMulticastAAPs, intValue, i);
    }

    private void programCommitterDropFlow(List<FlowEntity> list, BigInteger bigInteger, int i, int i2) {
        ArrayList arrayList = new ArrayList();
        List<InstructionInfo> dropInstructionInfo = AclServiceOFFlowBuilder.getDropInstructionInfo();
        arrayList.add(new MatchMetadata(MetaDataUtil.getLportTagMetaData(i).or(MetaDataUtil.getAclDropMetaData(AclConstants.METADATA_DROP_FLAG)), MetaDataUtil.METADATA_MASK_LPORT_TAG.or(MetaDataUtil.METADATA_MASK_ACL_DROP)));
        addFlowEntryToList(list, bigInteger, getAclCommitterTable(), "Egress_" + bigInteger + "_" + i + "_Drop", AclConstants.CT_STATE_TRACKED_INVALID_PRIORITY.intValue(), 0, 0, AclServiceUtils.getDropFlowCookie(i), arrayList, dropInstructionInfo, i2);
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programRemoteAclTableFlow(List<FlowEntity> list, BigInteger bigInteger, Integer num, AllowedAddressPairs allowedAddressPairs, int i) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(AclServiceUtils.buildIpAndDstServiceMatch(num, allowedAddressPairs));
        addFlowEntryToList(list, bigInteger, getAclRemoteAclTable(), "Acl_Filter_Egress_" + allowedAddressPairs.getIpAddress().stringValue() + "_" + num, AclConstants.ACL_DEFAULT_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, AclServiceOFFlowBuilder.getGotoInstructionInfo(getAclCommitterTable()), i);
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programGotoClassifierTableRules(List<FlowEntity> list, BigInteger bigInteger, List<AllowedAddressPairs> list2, int i, int i2) {
        for (AllowedAddressPairs allowedAddressPairs : AclServiceUtils.excludeMulticastAAPs(list2)) {
            IpPrefixOrAddress ipAddress = allowedAddressPairs.getIpAddress();
            MacAddress macAddress = allowedAddressPairs.getMacAddress();
            ArrayList arrayList = new ArrayList();
            arrayList.add(AclServiceUtils.buildLPortTagMatch(i, this.serviceMode));
            arrayList.add(new MatchEthernetSource(macAddress));
            arrayList.addAll(AclServiceUtils.buildIpMatches(ipAddress, AclServiceManager.MatchCriteria.MATCH_SOURCE));
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(new InstructionGotoTable(getAclConntrackClassifierTable()));
            addFlowEntryToList(list, bigInteger, getAclAntiSpoofingTable(), "Egress_Fixed_Goto_Classifier_" + bigInteger + "_" + i + "_" + macAddress.getValue() + "_" + ipAddress.stringValue(), AclConstants.PROTO_MATCH_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, arrayList2, i2);
        }
    }

    private void egressAclIcmpv6AllowedList(List<FlowEntity> list, BigInteger bigInteger, int i, int i2) {
        List<InstructionInfo> dispatcherTableResubmitInstructions = getDispatcherTableResubmitInstructions();
        for (Integer num : AclConstants.allowedIcmpv6NdList()) {
            addFlowEntryToList(list, bigInteger, getAclAntiSpoofingTable(), "Egress_ICMPv6_" + bigInteger + "_" + i + "_" + num + "_Permit_", AclConstants.PROTO_IPV6_ALLOWED_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, AclServiceUtils.buildIcmpV6Matches(num.intValue(), 0, i, this.serviceMode), dispatcherTableResubmitInstructions, i2);
        }
    }

    private void egressAclDhcpAllowClientTraffic(List<FlowEntity> list, AclInterface aclInterface, List<AllowedAddressPairs> list2, int i, int i2) {
        BigInteger dpId = aclInterface.getDpId();
        List<InstructionInfo> dispatcherTableResubmitInstructions = getDispatcherTableResubmitInstructions();
        for (AllowedAddressPairs allowedAddressPairs : list2) {
            if (AclServiceUtils.isIPv4Address(allowedAddressPairs)) {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(AclServiceUtils.buildDhcpMatches(68, 67, i, this.serviceMode));
                arrayList.add(new MatchEthernetSource(allowedAddressPairs.getMacAddress()));
                addFlowEntryToList(list, dpId, getAclAntiSpoofingTable(), "Egress_DHCP_Client_v4" + dpId + "_" + i + "_" + allowedAddressPairs.getMacAddress().getValue() + "_Permit_", AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, dispatcherTableResubmitInstructions, i2);
            }
        }
    }

    private void egressAclDhcpv6AllowClientTraffic(List<FlowEntity> list, AclInterface aclInterface, List<AllowedAddressPairs> list2, int i, int i2) {
        BigInteger dpId = aclInterface.getDpId();
        List<InstructionInfo> dispatcherTableResubmitInstructions = getDispatcherTableResubmitInstructions();
        for (AllowedAddressPairs allowedAddressPairs : list2) {
            if (!AclServiceUtils.isIPv4Address(allowedAddressPairs)) {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(AclServiceUtils.buildDhcpV6Matches(AclConstants.DHCP_CLIENT_PORT_IPV6, AclConstants.DHCP_SERVER_PORT_IPV6, i, this.serviceMode));
                arrayList.add(new MatchEthernetSource(allowedAddressPairs.getMacAddress()));
                addFlowEntryToList(list, dpId, getAclAntiSpoofingTable(), "Egress_DHCP_Client_v6_" + dpId + "_" + i + "_" + allowedAddressPairs.getMacAddress().getValue() + "_Permit_", AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, dispatcherTableResubmitInstructions, i2);
            }
        }
    }

    protected void programArpRule(List<FlowEntity> list, BigInteger bigInteger, List<AllowedAddressPairs> list2, int i, int i2) {
        for (AllowedAddressPairs allowedAddressPairs : list2) {
            if (AclServiceUtils.isIPv4Address(allowedAddressPairs)) {
                IpPrefixOrAddress ipAddress = allowedAddressPairs.getIpAddress();
                MacAddress macAddress = allowedAddressPairs.getMacAddress();
                List<MatchInfoBase> buildArpIpMatches = AclServiceUtils.buildArpIpMatches(ipAddress);
                ArrayList arrayList = new ArrayList();
                arrayList.add(MatchEthernetType.ARP);
                arrayList.add(new MatchArpSha(macAddress));
                arrayList.add(new MatchEthernetSource(macAddress));
                arrayList.addAll(buildArpIpMatches);
                arrayList.add(AclServiceUtils.buildLPortTagMatch(i, this.serviceMode));
                List<InstructionInfo> dispatcherTableResubmitInstructions = getDispatcherTableResubmitInstructions();
                Logger logger = LOG;
                Object[] objArr = new Object[3];
                objArr[0] = i2 == 1 ? "Deleting" : "Adding";
                objArr[1] = bigInteger;
                objArr[2] = Integer.valueOf(i);
                logger.debug("{} ARP Rule on DPID {}, lportTag {}", objArr);
                addFlowEntryToList(list, bigInteger, getAclAntiSpoofingTable(), "Egress_ARP_" + bigInteger + "_" + i + "_" + allowedAddressPairs.getMacAddress().getValue() + ipAddress.stringValue(), AclConstants.PROTO_ARP_TRAFFIC_MATCH_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, dispatcherTableResubmitInstructions, i2);
            }
        }
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programIcmpv6RARule(List<FlowEntity> list, AclInterface aclInterface, List<SubnetInfo> list2, int i) {
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programBroadcastRules(List<FlowEntity> list, AclInterface aclInterface, AclServiceManager.Action action, int i) {
        List<AllowedAddressPairs> allowedAddressPairs = aclInterface.getAllowedAddressPairs();
        List<AllowedAddressPairs> excludeMulticastAAPs = AclServiceUtils.excludeMulticastAAPs(allowedAddressPairs);
        if (hasDuplicateMac(allowedAddressPairs, excludeMulticastAAPs, action)) {
            return;
        }
        programL2BroadcastAllowRule(list, aclInterface, excludeMulticastAAPs, i);
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programSubnetBroadcastRules(List<FlowEntity> list, AclInterface aclInterface, List<SubnetInfo> list2, int i) {
    }

    private void programL2BroadcastAllowRule(List<FlowEntity> list, AclInterface aclInterface, List<AllowedAddressPairs> list2, int i) {
        BigInteger dpId = aclInterface.getDpId();
        int intValue = aclInterface.getLPortTag().intValue();
        for (MacAddress macAddress : (Set) list2.stream().map((v0) -> {
            return v0.getMacAddress();
        }).collect(Collectors.toSet())) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new MatchEthernetSource(macAddress));
            arrayList.add(AclServiceUtils.buildLPortTagMatch(intValue, this.serviceMode));
            addFlowEntryToList(list, dpId, getAclAntiSpoofingTable(), "Egress_L2Broadcast_" + dpId + "_" + intValue + "_" + macAddress.getValue(), AclConstants.PROTO_L2BROADCAST_TRAFFIC_MATCH_PRIORITY.intValue(), 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, getDispatcherTableResubmitInstructions(), i);
        }
    }

    private boolean hasDuplicateMac(List<AllowedAddressPairs> list, List<AllowedAddressPairs> list2, AclServiceManager.Action action) {
        if (action != AclServiceManager.Action.UPDATE) {
            return false;
        }
        List list3 = (List) AclServiceUtils.excludeMulticastAAPs(list).stream().filter(allowedAddressPairs -> {
            return !list2.contains(allowedAddressPairs);
        }).collect(Collectors.toList());
        Set set = (Set) list2.stream().map(allowedAddressPairs2 -> {
            return allowedAddressPairs2.getMacAddress();
        }).collect(Collectors.toSet());
        return !((List) list3.stream().filter(allowedAddressPairs3 -> {
            return set.contains(allowedAddressPairs3.getMacAddress());
        }).collect(Collectors.toList())).isEmpty();
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected boolean isValidDirection(Class<? extends DirectionBase> cls) {
        return cls.equals(DirectionEgress.class);
    }

    private short getAclAntiSpoofingTable() {
        return (short) 210;
    }

    private short getAclConntrackClassifierTable() {
        return (short) 211;
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected short getAclConntrackSenderTable() {
        return (short) 212;
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected short getAclForExistingTrafficTable() {
        return (short) 213;
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected short getAclFilterCumDispatcherTable() {
        return (short) 214;
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected short getAclRuleBasedFilterTable() {
        return (short) 215;
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected short getAclRemoteAclTable() {
        return (short) 216;
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected short getAclCommitterTable() {
        return (short) 217;
    }
}
