Example 36 with Acl
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.
the class EgressAclServiceImpl method egressAclDhcpv6AllowClientTraffic.
/**
* Add rule to ensure only DHCPv6 server traffic from the specified mac is
* allowed.
*
* @param dpId the dpid
* @param allowedAddresses the allowed addresses
* @param lportTag the lport tag
* @param addOrRemove whether to add or remove the flow
*/
private void egressAclDhcpv6AllowClientTraffic(BigInteger dpId, List<AllowedAddressPairs> allowedAddresses, int lportTag, int addOrRemove) {
List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions();
for (AllowedAddressPairs aap : allowedAddresses) {
if (AclServiceUtils.isIPv4Address(aap)) {
continue;
}
List<MatchInfoBase> matches = new ArrayList<>();
matches.addAll(AclServiceUtils.buildDhcpV6Matches(AclConstants.DHCP_CLIENT_PORT_IPV6, AclConstants.DHCP_SERVER_PORT_IPV6, lportTag, serviceMode));
matches.add(new MatchEthernetSource(aap.getMacAddress()));
String flowName = "Egress_DHCP_Client_v6" + "_" + dpId + "_" + lportTag + "_" + aap.getMacAddress().getValue() + "_Permit_";
syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
}
Also used :
InstructionInfo(org.opendaylight.genius.mdsalutil.InstructionInfo)
MatchEthernetSource(org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource)
ArrayList(java.util.ArrayList)
AllowedAddressPairs(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
Example 37 with Acl
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.
the class EgressAclServiceImpl method programArpRule.
/**
* Adds the rule to allow arp packets.
*
* @param dpId the dpId
* @param allowedAddresses the allowed addresses
* @param lportTag the lport tag
* @param addOrRemove whether to add or remove the flow
*/
protected void programArpRule(BigInteger dpId, List<AllowedAddressPairs> allowedAddresses, int lportTag, int addOrRemove) {
for (AllowedAddressPairs allowedAddress : allowedAddresses) {
if (!AclServiceUtils.isIPv4Address(allowedAddress)) {
// For IPv6 allowed addresses
continue;
}
IpPrefixOrAddress allowedAddressIp = allowedAddress.getIpAddress();
MacAddress allowedAddressMac = allowedAddress.getMacAddress();
List<MatchInfoBase> arpIpMatches = AclServiceUtils.buildArpIpMatches(allowedAddressIp);
List<MatchInfoBase> matches = new ArrayList<>();
matches.add(MatchEthernetType.ARP);
matches.add(new MatchArpSha(allowedAddressMac));
matches.add(new MatchEthernetSource(allowedAddressMac));
matches.addAll(arpIpMatches);
matches.add(AclServiceUtils.buildLPortTagMatch(lportTag, serviceMode));
List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions();
LOG.debug("{} ARP Rule on DPID {}, lportTag {}", addOrRemove == NwConstants.DEL_FLOW ? "Deleting" : "Adding", dpId, lportTag);
String flowName = "Egress_ARP_" + dpId + "_" + lportTag + "_" + allowedAddress.getMacAddress().getValue() + String.valueOf(allowedAddressIp.getValue());
syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_ARP_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
}
Also used :
MatchArpSha(org.opendaylight.genius.mdsalutil.matches.MatchArpSha)
InstructionInfo(org.opendaylight.genius.mdsalutil.InstructionInfo)
IpPrefixOrAddress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress)
MatchEthernetSource(org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource)
ArrayList(java.util.ArrayList)
AllowedAddressPairs(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs)
MacAddress(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
Example 38 with Acl
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.
the class EgressAclServiceImpl method programGotoClassifierTableRules.
@Override
protected void programGotoClassifierTableRules(BigInteger dpId, List<AllowedAddressPairs> aaps, int lportTag, int addOrRemove) {
List<AllowedAddressPairs> filteredAAPs = AclServiceUtils.excludeMulticastAAPs(aaps);
for (AllowedAddressPairs aap : filteredAAPs) {
IpPrefixOrAddress attachIp = aap.getIpAddress();
MacAddress mac = aap.getMacAddress();
List<MatchInfoBase> matches = new ArrayList<>();
matches.add(AclServiceUtils.buildLPortTagMatch(lportTag, serviceMode));
matches.add(new MatchEthernetSource(mac));
matches.addAll(AclServiceUtils.buildIpMatches(attachIp, MatchCriteria.MATCH_SOURCE));
List<InstructionInfo> gotoInstructions = new ArrayList<>();
gotoInstructions.add(new InstructionGotoTable(getAclConntrackClassifierTable()));
String flowName = "Egress_Fixed_Goto_Classifier_" + dpId + "_" + lportTag + "_" + mac.getValue() + "_" + String.valueOf(attachIp.getValue());
syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, gotoInstructions, addOrRemove);
}
}
Also used :
InstructionGotoTable(org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable)
InstructionInfo(org.opendaylight.genius.mdsalutil.InstructionInfo)
IpPrefixOrAddress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress)
MatchEthernetSource(org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource)
ArrayList(java.util.ArrayList)
AllowedAddressPairs(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs)
MacAddress(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
Example 39 with Acl
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.
the class EgressAclServiceImpl method bindService.
/**
* Bind service.
*
* @param aclInterface the acl interface
*/
@Override
public void bindService(AclInterface aclInterface) {
String interfaceName = aclInterface.getInterfaceId();
jobCoordinator.enqueueJob(interfaceName, () -> {
int instructionKey = 0;
List<Instruction> instructions = new ArrayList<>();
instructions.add(MDSALUtil.buildAndGetGotoTableInstruction(getAclAntiSpoofingTable(), ++instructionKey));
short serviceIndex = ServiceIndex.getIndex(AclConstants.INGRESS_ACL_SERVICE_NAME, AclConstants.INGRESS_ACL_SERVICE_INDEX);
int flowPriority = AclConstants.INGRESS_ACL_SERVICE_INDEX;
BoundServices serviceInfo = AclServiceUtils.getBoundServices(String.format("%s.%s.%s", "acl", "ingressacl", interfaceName), serviceIndex, flowPriority, AclConstants.COOKIE_ACL_BASE, instructions);
InstanceIdentifier<BoundServices> path = AclServiceUtils.buildServiceId(interfaceName, serviceIndex, serviceMode);
return Collections.singletonList(txRunner.callWithNewWriteOnlyTransactionAndSubmit(tx -> tx.put(LogicalDatastoreType.CONFIGURATION, path, serviceInfo, WriteTransaction.CREATE_MISSING_PARENTS)));
});
}
Also used :
ServiceModeIngress(org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeIngress)
LoggerFactory(org.slf4j.LoggerFactory)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
AclServiceUtils(org.opendaylight.netvirt.aclservice.utils.AclServiceUtils)
ArrayList(java.util.ArrayList)
ServiceIndex(org.opendaylight.genius.utils.ServiceIndex)
AllowedAddressPairs(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs)
MatchEthernetSource(org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource)
AclInterfaceCache(org.opendaylight.netvirt.aclservice.api.AclInterfaceCache)
MatchEthernetType(org.opendaylight.genius.mdsalutil.matches.MatchEthernetType)
BigInteger(java.math.BigInteger)
NwConstants(org.opendaylight.genius.mdsalutil.NwConstants)
MDSALUtil(org.opendaylight.genius.mdsalutil.MDSALUtil)
MacAddress(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress)
MatchArpSha(org.opendaylight.genius.mdsalutil.matches.MatchArpSha)
AclServiceOFFlowBuilder(org.opendaylight.netvirt.aclservice.utils.AclServiceOFFlowBuilder)
DirectionBase(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase)
AclInterface(org.opendaylight.netvirt.aclservice.api.utils.AclInterface)
MatchCriteria(org.opendaylight.netvirt.aclservice.api.AclServiceManager.MatchCriteria)
BoundServices(org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices)
Logger(org.slf4j.Logger)
AclConstants(org.opendaylight.netvirt.aclservice.utils.AclConstants)
AclDataUtil(org.opendaylight.netvirt.aclservice.utils.AclDataUtil)
LogicalDatastoreType(org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType)
JobCoordinator(org.opendaylight.infrautils.jobcoordinator.JobCoordinator)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
WriteTransaction(org.opendaylight.controller.md.sal.binding.api.WriteTransaction)
DataBroker(org.opendaylight.controller.md.sal.binding.api.DataBroker)
List(java.util.List)
InstructionInfo(org.opendaylight.genius.mdsalutil.InstructionInfo)
InstanceIdentifier(org.opendaylight.yangtools.yang.binding.InstanceIdentifier)
IMdsalApiManager(org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager)
InstructionGotoTable(org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable)
Action(org.opendaylight.netvirt.aclservice.api.AclServiceManager.Action)
IpPrefixOrAddress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress)
Collections(java.util.Collections)
Instruction(org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction)
DirectionEgress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress)
BoundServices(org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices)
ArrayList(java.util.ArrayList)
Instruction(org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction)
Example 40 with Acl
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl in project netvirt by opendaylight.
the class IngressAclServiceImpl method programGotoClassifierTableRules.
@Override
protected void programGotoClassifierTableRules(BigInteger dpId, List<AllowedAddressPairs> aaps, int lportTag, int addOrRemove) {
for (AllowedAddressPairs aap : aaps) {
IpPrefixOrAddress attachIp = aap.getIpAddress();
MacAddress mac = aap.getMacAddress();
List<MatchInfoBase> matches = new ArrayList<>();
matches.add(AclServiceUtils.buildLPortTagMatch(lportTag, serviceMode));
matches.add(new MatchEthernetDestination(mac));
matches.addAll(AclServiceUtils.buildIpMatches(attachIp, MatchCriteria.MATCH_DESTINATION));
List<InstructionInfo> gotoInstructions = new ArrayList<>();
gotoInstructions.add(new InstructionGotoTable(getAclConntrackClassifierTable()));
String flowName = "Ingress_Fixed_Goto_Classifier_" + dpId + "_" + lportTag + "_" + mac.getValue() + "_" + String.valueOf(attachIp.getValue());
syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, gotoInstructions, addOrRemove);
}
}
Also used :
InstructionGotoTable(org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable)
InstructionInfo(org.opendaylight.genius.mdsalutil.InstructionInfo)
IpPrefixOrAddress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress)
ArrayList(java.util.ArrayList)
AllowedAddressPairs(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs)
MatchEthernetDestination(org.opendaylight.genius.mdsalutil.matches.MatchEthernetDestination)
MacAddress(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
Aggregations
ArrayList (java.util.ArrayList)27
MatchInfoBase (org.opendaylight.genius.mdsalutil.MatchInfoBase)19
AclInterface (org.opendaylight.netvirt.aclservice.api.utils.AclInterface)16
BigInteger (java.math.BigInteger)15
Uuid (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid)15
InstructionInfo (org.opendaylight.genius.mdsalutil.InstructionInfo)13
AllowedAddressPairs (org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs)13
List (java.util.List)12
IpPrefixOrAddress (org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress)10
HashMap (java.util.HashMap)9
HashSet (java.util.HashSet)9
Ace (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace)9
Set (java.util.Set)8
Acl (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl)8
Collections (java.util.Collections)7
DataBroker (org.opendaylight.controller.md.sal.binding.api.DataBroker)7
MDSALUtil (org.opendaylight.genius.mdsalutil.MDSALUtil)7
NwConstants (org.opendaylight.genius.mdsalutil.NwConstants)7
InstructionGotoTable (org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable)7
MatchEthernetType (org.opendaylight.genius.mdsalutil.matches.MatchEthernetType)7
