use of org.opendaylight.yang.gen.v1.http.openconfig.net.yang.network.instance.rev151018.network.instance.top.network.instances.network.instance.protocols.Protocol in project netvirt by opendaylight.
the class AclServiceOFFlowBuilder method programIcmpFlow.
/**
*Converts icmp matches to flows.
* @param acl the access control list
* @return the map containing the flows and the respective flow id
*/
public static Map<String, List<MatchInfoBase>> programIcmpFlow(AceIp acl) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
// For ICMP port range indicates type and code
SourcePortRange sourcePortRange = acl.getSourcePortRange();
String flowId = "ICMP_";
if (sourcePortRange != null) {
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(new MatchIcmpv4(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V4_SOURCE_" + sourcePortRange.getLowerPort().getValue() + sourcePortRange.getUpperPort().getValue();
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(new MatchIcmpv6(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V6_SOURCE_" + sourcePortRange.getLowerPort().getValue() + "_" + sourcePortRange.getUpperPort().getValue() + "_";
}
}
DestinationPortRange destinationPortRange = acl.getDestinationPortRange();
if (destinationPortRange != null) {
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(new MatchIcmpv4(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V4_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(new MatchIcmpv6(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V6_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
}
}
if (acl.getAceIpVersion() instanceof AceIpv6 && acl.getProtocol() == NwConstants.IP_PROT_ICMP) {
// We are aligning our implementation similar to Neutron Firewall driver where a Security
// Group rule with "Ethertype as IPv6 and Protocol as icmp" is treated as ICMPV6 SG Rule.
flowMatches.add(new MatchIpProtocol(AclConstants.IP_PROT_ICMPV6));
} else {
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
}
Map<String, List<MatchInfoBase>> flowMatchesMap = new HashMap<>();
flowMatchesMap.put(flowId, flowMatches);
return flowMatchesMap;
}
use of org.opendaylight.yang.gen.v1.http.openconfig.net.yang.network.instance.rev151018.network.instance.top.network.instances.network.instance.protocols.Protocol in project netvirt by opendaylight.
the class AclServiceTestBase method newMatch.
// TODO refactor this instead of stealing it from org.opendaylight.netvirt.neutronvpn.NeutronSecurityRuleListener
protected Matches newMatch(int srcLowerPort, int srcUpperPort, int destLowerPort, int destupperPort, int srcRemoteIpPrefix, int dstRemoteIpPrefix, short protocol) {
AceIpBuilder aceIpBuilder = new AceIpBuilder();
if (destLowerPort != -1) {
DestinationPortRangeBuilder destinationPortRangeBuilder = new DestinationPortRangeBuilder();
destinationPortRangeBuilder.setLowerPort(new PortNumber(destLowerPort));
destinationPortRangeBuilder.setUpperPort(new PortNumber(destupperPort));
aceIpBuilder.setDestinationPortRange(destinationPortRangeBuilder.build());
}
AceIpv4Builder aceIpv4Builder = new AceIpv4Builder();
if (srcRemoteIpPrefix == AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED) {
aceIpv4Builder.setSourceIpv4Network(new Ipv4Prefix(AclConstants.IPV4_ALL_NETWORK));
}
if (dstRemoteIpPrefix == AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED) {
aceIpv4Builder.setSourceIpv4Network(new Ipv4Prefix(AclConstants.IPV4_ALL_NETWORK));
}
if (protocol != -1) {
aceIpBuilder.setProtocol(protocol);
}
aceIpBuilder.setAceIpVersion(aceIpv4Builder.build());
MatchesBuilder matchesBuilder = new MatchesBuilder();
matchesBuilder.setAceType(aceIpBuilder.build());
return matchesBuilder.build();
}
use of org.opendaylight.yang.gen.v1.http.openconfig.net.yang.network.instance.rev151018.network.instance.top.network.instances.network.instance.protocols.Protocol in project netvirt by opendaylight.
the class AclServiceTestBaseIPv6 method newMatch.
@Override
protected Matches newMatch(int srcLowerPort, int srcUpperPort, int destLowerPort, int destupperPort, int srcRemoteIpPrefix, int dstRemoteIpPrefix, short protocol) {
AceIpBuilder aceIpBuilder = new AceIpBuilder();
if (destLowerPort != -1) {
DestinationPortRangeBuilder destinationPortRangeBuilder = new DestinationPortRangeBuilder();
destinationPortRangeBuilder.setLowerPort(new PortNumber(destLowerPort));
destinationPortRangeBuilder.setUpperPort(new PortNumber(destupperPort));
aceIpBuilder.setDestinationPortRange(destinationPortRangeBuilder.build());
}
AceIpv6Builder aceIpv6Builder = new AceIpv6Builder();
if (srcRemoteIpPrefix == AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED) {
aceIpv6Builder.setSourceIpv6Network(new Ipv6Prefix(AclConstants.IPV6_ALL_NETWORK));
}
if (dstRemoteIpPrefix == AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED) {
aceIpv6Builder.setSourceIpv6Network(new Ipv6Prefix(AclConstants.IPV6_ALL_NETWORK));
}
if (protocol != -1) {
aceIpBuilder.setProtocol(protocol);
}
aceIpBuilder.setAceIpVersion(aceIpv6Builder.build());
MatchesBuilder matchesBuilder = new MatchesBuilder();
matchesBuilder.setAceType(aceIpBuilder.build());
return matchesBuilder.build();
}
use of org.opendaylight.yang.gen.v1.http.openconfig.net.yang.network.instance.rev151018.network.instance.top.network.instances.network.instance.protocols.Protocol in project netvirt by opendaylight.
the class AclServiceTestUtils method prepareAceIpBuilder.
public static AceIpBuilder prepareAceIpBuilder(String srcIpv4Net, String dstIpv4Net, String lowerPort, String upperPort, short protocol) {
AceIpBuilder builder = new AceIpBuilder();
AceIpv4Builder v4builder = new AceIpv4Builder();
if (srcIpv4Net != null) {
v4builder.setSourceIpv4Network(new Ipv4Prefix(srcIpv4Net));
} else {
v4builder.setSourceIpv4Network(null);
}
if (dstIpv4Net != null) {
v4builder.setDestinationIpv4Network(new Ipv4Prefix(dstIpv4Net));
} else {
v4builder.setDestinationIpv4Network(null);
}
builder.setAceIpVersion(v4builder.build());
if (lowerPort != null && upperPort != null) {
SourcePortRangeBuilder srcPortBuilder = new SourcePortRangeBuilder();
srcPortBuilder.setLowerPort(PortNumber.getDefaultInstance(lowerPort));
srcPortBuilder.setUpperPort(PortNumber.getDefaultInstance(upperPort));
builder.setSourcePortRange(srcPortBuilder.build());
DestinationPortRangeBuilder dstPortBuilder = new DestinationPortRangeBuilder();
dstPortBuilder.setLowerPort(PortNumber.getDefaultInstance(lowerPort));
dstPortBuilder.setUpperPort(PortNumber.getDefaultInstance(upperPort));
builder.setDestinationPortRange(dstPortBuilder.build());
}
builder.setProtocol(protocol);
return builder;
}
use of org.opendaylight.yang.gen.v1.http.openconfig.net.yang.network.instance.rev151018.network.instance.top.network.instances.network.instance.protocols.Protocol in project netvirt by opendaylight.
the class ExternalRoutersListener method updateNaptFlowsWithVpnId.
public void updateNaptFlowsWithVpnId(BigInteger dpnId, String routerName, long routerId, long bgpVpnId) {
// For the router ID get the internal IP , internal port and the corresponding external IP and external Port.
IpPortMapping ipPortMapping = NatUtil.getIportMapping(dataBroker, routerId);
if (ipPortMapping == null) {
LOG.error("updateNaptFlowsWithVpnId : Unable to retrieve the IpPortMapping");
return;
}
// Get the External Gateway MAC Address
String extGwMacAddress = NatUtil.getExtGwMacAddFromRouterName(dataBroker, routerName);
if (extGwMacAddress != null) {
LOG.debug("updateNaptFlowsWithVpnId : External Gateway MAC address {} found for External Router ID {}", extGwMacAddress, routerId);
} else {
LOG.error("updateNaptFlowsWithVpnId : No External Gateway MAC address found for External Router ID {}", routerId);
return;
}
List<IntextIpProtocolType> intextIpProtocolTypes = ipPortMapping.getIntextIpProtocolType();
for (IntextIpProtocolType intextIpProtocolType : intextIpProtocolTypes) {
List<IpPortMap> ipPortMaps = intextIpProtocolType.getIpPortMap();
for (IpPortMap ipPortMap : ipPortMaps) {
String ipPortInternal = ipPortMap.getIpPortInternal();
String[] ipPortParts = ipPortInternal.split(":");
if (ipPortParts.length != 2) {
LOG.error("updateNaptFlowsWithVpnId : Unable to retrieve the Internal IP and port");
return;
}
String internalIp = ipPortParts[0];
String internalPort = ipPortParts[1];
LOG.debug("updateNaptFlowsWithVpnId : Found Internal IP {} and Internal Port {}", internalIp, internalPort);
ProtocolTypes protocolTypes = intextIpProtocolType.getProtocol();
NAPTEntryEvent.Protocol protocol;
switch(protocolTypes) {
case TCP:
protocol = NAPTEntryEvent.Protocol.TCP;
break;
case UDP:
protocol = NAPTEntryEvent.Protocol.UDP;
break;
default:
protocol = NAPTEntryEvent.Protocol.TCP;
}
SessionAddress internalAddress = new SessionAddress(internalIp, Integer.parseInt(internalPort));
SessionAddress externalAddress = naptManager.getExternalAddressMapping(routerId, internalAddress, protocol);
long internetVpnid = NatUtil.getNetworkVpnIdFromRouterId(dataBroker, routerId);
naptEventHandler.buildAndInstallNatFlows(dpnId, NwConstants.INBOUND_NAPT_TABLE, internetVpnid, routerId, bgpVpnId, externalAddress, internalAddress, protocol, extGwMacAddress);
naptEventHandler.buildAndInstallNatFlows(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, internetVpnid, routerId, bgpVpnId, internalAddress, externalAddress, protocol, extGwMacAddress);
}
}
}
Aggregations