Search in sources :

Example 1 with Protocol

use of org.opendaylight.yang.gen.v1.http.openconfig.net.yang.network.instance.rev151018.network.instance.top.network.instances.network.instance.protocols.Protocol in project netvirt by opendaylight.

the class AclServiceOFFlowBuilder method programIcmpFlow.

/**
 *Converts icmp matches to flows.
 * @param acl the access control list
 * @return the map containing the flows and the respective flow id
 */
public static Map<String, List<MatchInfoBase>> programIcmpFlow(AceIp acl) {
    List<MatchInfoBase> flowMatches = new ArrayList<>();
    flowMatches.addAll(addSrcIpMatches(acl));
    flowMatches.addAll(addDstIpMatches(acl));
    // For ICMP port range indicates type and code
    SourcePortRange sourcePortRange = acl.getSourcePortRange();
    String flowId = "ICMP_";
    if (sourcePortRange != null) {
        if (acl.getAceIpVersion() instanceof AceIpv4) {
            flowMatches.add(new MatchIcmpv4(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
            flowId = flowId + "V4_SOURCE_" + sourcePortRange.getLowerPort().getValue() + sourcePortRange.getUpperPort().getValue();
        } else if (acl.getAceIpVersion() instanceof AceIpv6) {
            flowMatches.add(new MatchIcmpv6(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
            flowId = flowId + "V6_SOURCE_" + sourcePortRange.getLowerPort().getValue() + "_" + sourcePortRange.getUpperPort().getValue() + "_";
        }
    }
    DestinationPortRange destinationPortRange = acl.getDestinationPortRange();
    if (destinationPortRange != null) {
        if (acl.getAceIpVersion() instanceof AceIpv4) {
            flowMatches.add(new MatchIcmpv4(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
            flowId = flowId + "V4_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
        } else if (acl.getAceIpVersion() instanceof AceIpv6) {
            flowMatches.add(new MatchIcmpv6(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
            flowId = flowId + "V6_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
        }
    }
    if (acl.getAceIpVersion() instanceof AceIpv6 && acl.getProtocol() == NwConstants.IP_PROT_ICMP) {
        // We are aligning our implementation similar to Neutron Firewall driver where a Security
        // Group rule with "Ethertype as IPv6 and Protocol as icmp" is treated as ICMPV6 SG Rule.
        flowMatches.add(new MatchIpProtocol(AclConstants.IP_PROT_ICMPV6));
    } else {
        flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
    }
    Map<String, List<MatchInfoBase>> flowMatchesMap = new HashMap<>();
    flowMatchesMap.put(flowId, flowMatches);
    return flowMatchesMap;
}
Also used : SourcePortRange(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.SourcePortRange) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) MatchIpProtocol(org.opendaylight.genius.mdsalutil.matches.MatchIpProtocol) DestinationPortRange(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRange) MatchIcmpv4(org.opendaylight.genius.mdsalutil.matches.MatchIcmpv4) MatchIcmpv6(org.opendaylight.genius.mdsalutil.matches.MatchIcmpv6) ArrayList(java.util.ArrayList) List(java.util.List) AceIpv6(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv6) MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase) AceIpv4(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4)

Example 2 with Protocol

use of org.opendaylight.yang.gen.v1.http.openconfig.net.yang.network.instance.rev151018.network.instance.top.network.instances.network.instance.protocols.Protocol in project netvirt by opendaylight.

the class AclServiceTestBase method newMatch.

// TODO refactor this instead of stealing it from org.opendaylight.netvirt.neutronvpn.NeutronSecurityRuleListener
protected Matches newMatch(int srcLowerPort, int srcUpperPort, int destLowerPort, int destupperPort, int srcRemoteIpPrefix, int dstRemoteIpPrefix, short protocol) {
    AceIpBuilder aceIpBuilder = new AceIpBuilder();
    if (destLowerPort != -1) {
        DestinationPortRangeBuilder destinationPortRangeBuilder = new DestinationPortRangeBuilder();
        destinationPortRangeBuilder.setLowerPort(new PortNumber(destLowerPort));
        destinationPortRangeBuilder.setUpperPort(new PortNumber(destupperPort));
        aceIpBuilder.setDestinationPortRange(destinationPortRangeBuilder.build());
    }
    AceIpv4Builder aceIpv4Builder = new AceIpv4Builder();
    if (srcRemoteIpPrefix == AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED) {
        aceIpv4Builder.setSourceIpv4Network(new Ipv4Prefix(AclConstants.IPV4_ALL_NETWORK));
    }
    if (dstRemoteIpPrefix == AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED) {
        aceIpv4Builder.setSourceIpv4Network(new Ipv4Prefix(AclConstants.IPV4_ALL_NETWORK));
    }
    if (protocol != -1) {
        aceIpBuilder.setProtocol(protocol);
    }
    aceIpBuilder.setAceIpVersion(aceIpv4Builder.build());
    MatchesBuilder matchesBuilder = new MatchesBuilder();
    matchesBuilder.setAceType(aceIpBuilder.build());
    return matchesBuilder.build();
}
Also used : DestinationPortRangeBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRangeBuilder) AceIpBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder) PortNumber(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber) AceIpv4Builder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4Builder) MatchesBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.MatchesBuilder) Ipv4Prefix(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix)

Example 3 with Protocol

use of org.opendaylight.yang.gen.v1.http.openconfig.net.yang.network.instance.rev151018.network.instance.top.network.instances.network.instance.protocols.Protocol in project netvirt by opendaylight.

the class AclServiceTestBaseIPv6 method newMatch.

@Override
protected Matches newMatch(int srcLowerPort, int srcUpperPort, int destLowerPort, int destupperPort, int srcRemoteIpPrefix, int dstRemoteIpPrefix, short protocol) {
    AceIpBuilder aceIpBuilder = new AceIpBuilder();
    if (destLowerPort != -1) {
        DestinationPortRangeBuilder destinationPortRangeBuilder = new DestinationPortRangeBuilder();
        destinationPortRangeBuilder.setLowerPort(new PortNumber(destLowerPort));
        destinationPortRangeBuilder.setUpperPort(new PortNumber(destupperPort));
        aceIpBuilder.setDestinationPortRange(destinationPortRangeBuilder.build());
    }
    AceIpv6Builder aceIpv6Builder = new AceIpv6Builder();
    if (srcRemoteIpPrefix == AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED) {
        aceIpv6Builder.setSourceIpv6Network(new Ipv6Prefix(AclConstants.IPV6_ALL_NETWORK));
    }
    if (dstRemoteIpPrefix == AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED) {
        aceIpv6Builder.setSourceIpv6Network(new Ipv6Prefix(AclConstants.IPV6_ALL_NETWORK));
    }
    if (protocol != -1) {
        aceIpBuilder.setProtocol(protocol);
    }
    aceIpBuilder.setAceIpVersion(aceIpv6Builder.build());
    MatchesBuilder matchesBuilder = new MatchesBuilder();
    matchesBuilder.setAceType(aceIpBuilder.build());
    return matchesBuilder.build();
}
Also used : AceIpv6Builder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv6Builder) DestinationPortRangeBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRangeBuilder) AceIpBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder) PortNumber(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber) MatchesBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.MatchesBuilder) Ipv6Prefix(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix)

Example 4 with Protocol

use of org.opendaylight.yang.gen.v1.http.openconfig.net.yang.network.instance.rev151018.network.instance.top.network.instances.network.instance.protocols.Protocol in project netvirt by opendaylight.

the class AclServiceTestUtils method prepareAceIpBuilder.

public static AceIpBuilder prepareAceIpBuilder(String srcIpv4Net, String dstIpv4Net, String lowerPort, String upperPort, short protocol) {
    AceIpBuilder builder = new AceIpBuilder();
    AceIpv4Builder v4builder = new AceIpv4Builder();
    if (srcIpv4Net != null) {
        v4builder.setSourceIpv4Network(new Ipv4Prefix(srcIpv4Net));
    } else {
        v4builder.setSourceIpv4Network(null);
    }
    if (dstIpv4Net != null) {
        v4builder.setDestinationIpv4Network(new Ipv4Prefix(dstIpv4Net));
    } else {
        v4builder.setDestinationIpv4Network(null);
    }
    builder.setAceIpVersion(v4builder.build());
    if (lowerPort != null && upperPort != null) {
        SourcePortRangeBuilder srcPortBuilder = new SourcePortRangeBuilder();
        srcPortBuilder.setLowerPort(PortNumber.getDefaultInstance(lowerPort));
        srcPortBuilder.setUpperPort(PortNumber.getDefaultInstance(upperPort));
        builder.setSourcePortRange(srcPortBuilder.build());
        DestinationPortRangeBuilder dstPortBuilder = new DestinationPortRangeBuilder();
        dstPortBuilder.setLowerPort(PortNumber.getDefaultInstance(lowerPort));
        dstPortBuilder.setUpperPort(PortNumber.getDefaultInstance(upperPort));
        builder.setDestinationPortRange(dstPortBuilder.build());
    }
    builder.setProtocol(protocol);
    return builder;
}
Also used : DestinationPortRangeBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRangeBuilder) AceIpBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder) AceIpv4Builder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4Builder) Ipv4Prefix(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix) SourcePortRangeBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.SourcePortRangeBuilder)

Example 5 with Protocol

use of org.opendaylight.yang.gen.v1.http.openconfig.net.yang.network.instance.rev151018.network.instance.top.network.instances.network.instance.protocols.Protocol in project netvirt by opendaylight.

the class ExternalRoutersListener method updateNaptFlowsWithVpnId.

public void updateNaptFlowsWithVpnId(BigInteger dpnId, String routerName, long routerId, long bgpVpnId) {
    // For the router ID get the internal IP , internal port and the corresponding external IP and external Port.
    IpPortMapping ipPortMapping = NatUtil.getIportMapping(dataBroker, routerId);
    if (ipPortMapping == null) {
        LOG.error("updateNaptFlowsWithVpnId : Unable to retrieve the IpPortMapping");
        return;
    }
    // Get the External Gateway MAC Address
    String extGwMacAddress = NatUtil.getExtGwMacAddFromRouterName(dataBroker, routerName);
    if (extGwMacAddress != null) {
        LOG.debug("updateNaptFlowsWithVpnId : External Gateway MAC address {} found for External Router ID {}", extGwMacAddress, routerId);
    } else {
        LOG.error("updateNaptFlowsWithVpnId : No External Gateway MAC address found for External Router ID {}", routerId);
        return;
    }
    List<IntextIpProtocolType> intextIpProtocolTypes = ipPortMapping.getIntextIpProtocolType();
    for (IntextIpProtocolType intextIpProtocolType : intextIpProtocolTypes) {
        List<IpPortMap> ipPortMaps = intextIpProtocolType.getIpPortMap();
        for (IpPortMap ipPortMap : ipPortMaps) {
            String ipPortInternal = ipPortMap.getIpPortInternal();
            String[] ipPortParts = ipPortInternal.split(":");
            if (ipPortParts.length != 2) {
                LOG.error("updateNaptFlowsWithVpnId : Unable to retrieve the Internal IP and port");
                return;
            }
            String internalIp = ipPortParts[0];
            String internalPort = ipPortParts[1];
            LOG.debug("updateNaptFlowsWithVpnId : Found Internal IP {} and Internal Port {}", internalIp, internalPort);
            ProtocolTypes protocolTypes = intextIpProtocolType.getProtocol();
            NAPTEntryEvent.Protocol protocol;
            switch(protocolTypes) {
                case TCP:
                    protocol = NAPTEntryEvent.Protocol.TCP;
                    break;
                case UDP:
                    protocol = NAPTEntryEvent.Protocol.UDP;
                    break;
                default:
                    protocol = NAPTEntryEvent.Protocol.TCP;
            }
            SessionAddress internalAddress = new SessionAddress(internalIp, Integer.parseInt(internalPort));
            SessionAddress externalAddress = naptManager.getExternalAddressMapping(routerId, internalAddress, protocol);
            long internetVpnid = NatUtil.getNetworkVpnIdFromRouterId(dataBroker, routerId);
            naptEventHandler.buildAndInstallNatFlows(dpnId, NwConstants.INBOUND_NAPT_TABLE, internetVpnid, routerId, bgpVpnId, externalAddress, internalAddress, protocol, extGwMacAddress);
            naptEventHandler.buildAndInstallNatFlows(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, internetVpnid, routerId, bgpVpnId, internalAddress, externalAddress, protocol, extGwMacAddress);
        }
    }
}
Also used : IntextIpPortMap(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.IntextIpPortMap) IpPortMap(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.intext.ip.port.map.ip.port.mapping.intext.ip.protocol.type.IpPortMap) IntextIpProtocolType(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.intext.ip.port.map.ip.port.mapping.IntextIpProtocolType) ProtocolTypes(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ProtocolTypes) IpPortMapping(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.intext.ip.port.map.IpPortMapping)

Aggregations

Test (org.junit.Test)16 ArrayList (java.util.ArrayList)15 BigInteger (java.math.BigInteger)9 Ipv4Prefix (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix)8 PortNumber (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber)8 ExecutionException (java.util.concurrent.ExecutionException)7 Ipv4Match (org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv4Match)6 TcpMatch (org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch)6 UdpMatch (org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch)6 ProtocolTypes (org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ProtocolTypes)6 VersionDatapathIdConvertorData (org.opendaylight.openflowplugin.openflow.md.core.sal.convertor.data.VersionDatapathIdConvertorData)5 AceIpBuilder (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder)5 Ipv4Address (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Address)5 ByteBuf (io.netty.buffer.ByteBuf)4 List (java.util.List)4 Match (org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.Match)4 EthernetMatch (org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch)4 Icmpv4Match (org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match)4 IpMatch (org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.IpMatch)4 IntextIpPortMap (org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.IntextIpPortMap)4