use of org.onosproject.openstacknetworking.api.Constants.PRIORITY_FORCED_ACL_RULE in project onos by opennetworkinglab.
the class OpenstackAddAclCommand method doExecute.
@Override
protected void doExecute() {
OpenstackFlowRuleService flowRuleService = get(OpenstackFlowRuleService.class);
CoreService coreService = get(CoreService.class);
ApplicationId appId = coreService.getAppId(OPENSTACK_NETWORKING_APP_ID);
InstancePortService instancePortService = get(InstancePortService.class);
IpAddress srcIpAddress;
IpAddress dstIpAddress;
try {
srcIpAddress = IpAddress.valueOf(srcIpStr);
dstIpAddress = IpAddress.valueOf(dstIpStr);
} catch (IllegalArgumentException e) {
log.error("IllegalArgumentException occurred because of {}", e);
return;
}
TrafficSelector.Builder sBuilder = DefaultTrafficSelector.builder().matchEthType(Ethernet.TYPE_IPV4).matchIPSrc(srcIpAddress.toIpPrefix()).matchIPDst(dstIpAddress.toIpPrefix());
TrafficTreatment treatment = DefaultTrafficTreatment.builder().drop().build();
if (srcPort != 0 || dstPort != 0) {
sBuilder.matchIPProtocol(IPv4.PROTOCOL_TCP);
if (srcPort != 0) {
sBuilder.matchTcpSrc(TpPort.tpPort(srcPort));
}
if (dstPort != 0) {
sBuilder.matchTcpDst(TpPort.tpPort(dstPort));
}
}
log.info("Deny the packet from srcIp: {}, dstPort: {} to dstIp: {}, dstPort: {}", srcIpAddress.toString(), srcPort, dstIpAddress.toString(), dstPort);
Optional<InstancePort> instancePort = instancePortService.instancePorts().stream().filter(port -> port.ipAddress().toString().equals(dstIpStr)).findAny();
if (!instancePort.isPresent()) {
log.info("Instance port that matches with the given dst ip address isn't present {}");
return;
}
flowRuleService.setRule(appId, instancePort.get().deviceId(), sBuilder.build(), treatment, PRIORITY_FORCED_ACL_RULE, DHCP_TABLE, true);
}
use of org.onosproject.openstacknetworking.api.Constants.PRIORITY_FORCED_ACL_RULE in project onos by opennetworkinglab.
the class OpenstackRemoveAclCommand method doExecute.
@Override
protected void doExecute() {
OpenstackFlowRuleService flowRuleService = get(OpenstackFlowRuleService.class);
CoreService coreService = get(CoreService.class);
ApplicationId appId = coreService.getAppId(OPENSTACK_NETWORKING_APP_ID);
InstancePortService instancePortService = get(InstancePortService.class);
IpAddress srcIpAddress = null;
IpAddress dstIpAddress = null;
try {
srcIpAddress = IpAddress.valueOf(srcIpStr);
dstIpAddress = IpAddress.valueOf(dstIpStr);
} catch (IllegalArgumentException e) {
log.error("IllegalArgumentException occurred because of {}", e);
return;
}
TrafficSelector.Builder sBuilder = DefaultTrafficSelector.builder().matchEthType(Ethernet.TYPE_IPV4).matchIPSrc(srcIpAddress.toIpPrefix()).matchIPDst(dstIpAddress.toIpPrefix());
TrafficTreatment treatment = DefaultTrafficTreatment.builder().drop().build();
if (srcPort != 0 || dstPort != 0) {
sBuilder.matchIPProtocol(IPv4.PROTOCOL_TCP);
if (srcPort != 0) {
sBuilder.matchTcpSrc(TpPort.tpPort(srcPort));
}
if (dstPort != 0) {
sBuilder.matchTcpDst(TpPort.tpPort(dstPort));
}
}
log.info("Deny the packet from srcIp: {}, dstPort: {} to dstIp: {}, dstPort: {}", srcIpAddress.toString(), srcPort, dstIpAddress.toString(), dstPort);
Optional<InstancePort> instancePort = instancePortService.instancePorts().stream().filter(port -> port.ipAddress().toString().equals(dstIpStr)).findAny();
if (!instancePort.isPresent()) {
log.info("Instance port that matches with the given dst ip address isn't present {}");
return;
}
flowRuleService.setRule(appId, instancePort.get().deviceId(), sBuilder.build(), treatment, PRIORITY_FORCED_ACL_RULE, DHCP_TABLE, false);
}
Aggregations