use of org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource in project netvirt by opendaylight.
the class EgressAclServiceImpl method egressAclDhcpv6AllowClientTraffic.
/**
* Add rule to ensure only DHCPv6 server traffic from the specified mac is
* allowed.
*
* @param dpId the dpid
* @param allowedAddresses the allowed addresses
* @param lportTag the lport tag
* @param addOrRemove whether to add or remove the flow
*/
private void egressAclDhcpv6AllowClientTraffic(BigInteger dpId, List<AllowedAddressPairs> allowedAddresses, int lportTag, int addOrRemove) {
List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions();
for (AllowedAddressPairs aap : allowedAddresses) {
if (AclServiceUtils.isIPv4Address(aap)) {
continue;
}
List<MatchInfoBase> matches = new ArrayList<>();
matches.addAll(AclServiceUtils.buildDhcpV6Matches(AclConstants.DHCP_CLIENT_PORT_IPV6, AclConstants.DHCP_SERVER_PORT_IPV6, lportTag, serviceMode));
matches.add(new MatchEthernetSource(aap.getMacAddress()));
String flowName = "Egress_DHCP_Client_v6" + "_" + dpId + "_" + lportTag + "_" + aap.getMacAddress().getValue() + "_Permit_";
syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
}
use of org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource in project netvirt by opendaylight.
the class EgressAclServiceImpl method programArpRule.
/**
* Adds the rule to allow arp packets.
*
* @param dpId the dpId
* @param allowedAddresses the allowed addresses
* @param lportTag the lport tag
* @param addOrRemove whether to add or remove the flow
*/
protected void programArpRule(BigInteger dpId, List<AllowedAddressPairs> allowedAddresses, int lportTag, int addOrRemove) {
for (AllowedAddressPairs allowedAddress : allowedAddresses) {
if (!AclServiceUtils.isIPv4Address(allowedAddress)) {
// For IPv6 allowed addresses
continue;
}
IpPrefixOrAddress allowedAddressIp = allowedAddress.getIpAddress();
MacAddress allowedAddressMac = allowedAddress.getMacAddress();
List<MatchInfoBase> arpIpMatches = AclServiceUtils.buildArpIpMatches(allowedAddressIp);
List<MatchInfoBase> matches = new ArrayList<>();
matches.add(MatchEthernetType.ARP);
matches.add(new MatchArpSha(allowedAddressMac));
matches.add(new MatchEthernetSource(allowedAddressMac));
matches.addAll(arpIpMatches);
matches.add(AclServiceUtils.buildLPortTagMatch(lportTag, serviceMode));
List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions();
LOG.debug("{} ARP Rule on DPID {}, lportTag {}", addOrRemove == NwConstants.DEL_FLOW ? "Deleting" : "Adding", dpId, lportTag);
String flowName = "Egress_ARP_" + dpId + "_" + lportTag + "_" + allowedAddress.getMacAddress().getValue() + String.valueOf(allowedAddressIp.getValue());
syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_ARP_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
}
use of org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource in project netvirt by opendaylight.
the class EgressAclServiceImpl method programGotoClassifierTableRules.
@Override
protected void programGotoClassifierTableRules(BigInteger dpId, List<AllowedAddressPairs> aaps, int lportTag, int addOrRemove) {
List<AllowedAddressPairs> filteredAAPs = AclServiceUtils.excludeMulticastAAPs(aaps);
for (AllowedAddressPairs aap : filteredAAPs) {
IpPrefixOrAddress attachIp = aap.getIpAddress();
MacAddress mac = aap.getMacAddress();
List<MatchInfoBase> matches = new ArrayList<>();
matches.add(AclServiceUtils.buildLPortTagMatch(lportTag, serviceMode));
matches.add(new MatchEthernetSource(mac));
matches.addAll(AclServiceUtils.buildIpMatches(attachIp, MatchCriteria.MATCH_SOURCE));
List<InstructionInfo> gotoInstructions = new ArrayList<>();
gotoInstructions.add(new InstructionGotoTable(getAclConntrackClassifierTable()));
String flowName = "Egress_Fixed_Goto_Classifier_" + dpId + "_" + lportTag + "_" + mac.getValue() + "_" + String.valueOf(attachIp.getValue());
syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, gotoInstructions, addOrRemove);
}
}
Aggregations