Example 91 with Matches
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceUtils method getHardTimoutForApplyStatefulChangeOnExistingTraffic.
/**
* Returns the hard timeout based on the protocol when a ACL rule removed from the instance.
* It will returns the timeout configured in the {@link AclserviceConfig} class.
*
* @param ace the ace
* @param aclServiceUtils acl service utils
* @return the hard time out
*/
public static Integer getHardTimoutForApplyStatefulChangeOnExistingTraffic(Ace ace, AclServiceUtils aclServiceUtils) {
int hardTimeout = AclConstants.SECURITY_GROUP_ICMP_IDLE_TIME_OUT;
Matches matches = ace.getMatches();
AceIp acl = (AceIp) matches.getAceType();
Short protocol = acl.getProtocol();
if (protocol == null) {
return hardTimeout;
} else if (protocol == NwConstants.IP_PROT_TCP) {
hardTimeout = aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout();
} else if (protocol == NwConstants.IP_PROT_UDP) {
hardTimeout = aclServiceUtils.getConfig().getSecurityGroupUdpIdleTimeout();
}
return hardTimeout;
}
Also used :
Matches(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches)
AceIp(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp)
Example 92 with Matches
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceUtils method buildMatchesForLPortTagAndConntrackClassifierType.
public static Collection<? extends MatchInfoBase> buildMatchesForLPortTagAndConntrackClassifierType(int lportTag, AclConntrackClassifierType conntrackClassifierType, Class<? extends ServiceModeBase> serviceMode) {
List<MatchInfoBase> matches = new ArrayList<>();
if (serviceMode != null && serviceMode.isAssignableFrom(ServiceModeEgress.class)) {
matches.add(AclServiceUtils.buildLPortTagMatch(lportTag, serviceMode));
matches.add(AclServiceUtils.buildAclConntrackClassifierTypeMatch(conntrackClassifierType));
} else {
// In case of ingress service mode, only metadata is used for
// matching both lportTag and conntrackClassifierType. Hence performing "or"
// operation on both lportTag and conntrackClassifierType metadata.
BigInteger metaData = MetaDataUtil.getLportTagMetaData(lportTag).or(MetaDataUtil.getAclConntrackClassifierTypeFromMetaData(conntrackClassifierType.getValue()));
BigInteger metaDataMask = MetaDataUtil.METADATA_MASK_LPORT_TAG.or(MetaDataUtil.METADATA_MASK_ACL_CONNTRACK_CLASSIFIER_TYPE);
matches.add(new MatchMetadata(metaData, metaDataMask));
}
return matches;
}
Also used :
MatchMetadata(org.opendaylight.genius.mdsalutil.matches.MatchMetadata)
ServiceModeEgress(org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeEgress)
ArrayList(java.util.ArrayList)
BigInteger(java.math.BigInteger)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
Example 93 with Matches
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceTestBase method newInterfaceWithDstAllPorts.
@Test
public void newInterfaceWithDstAllPorts() throws Exception {
LOG.info("newInterfaceWithDstAllPorts - start");
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder().interfaceName(PORT_1).addAllIpPrefixOrAddress(Collections.singletonList(new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
// Given
Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 1, 65535, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1).newMatches(matches).newDirection(DirectionEgress.class).build());
matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 1, 65535, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED, (short) NwConstants.IP_PROT_UDP);
dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches).newDirection(DirectionIngress.class).build());
// When
putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
asyncEventsWaiter.awaitEventsConsumption();
// Then
newInterfaceWithDstAllPortsCheck();
LOG.info("newInterfaceWithDstAllPorts - end");
}
Also used :
Matches(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches)
IpPrefixOrAddress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress)
Test(org.junit.Test)
Example 94 with Matches
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceTestBase method newInterfaceWithEtherTypeAcl.
@Test
public void newInterfaceWithEtherTypeAcl() throws Exception {
LOG.info("newInterfaceWithEtherTypeAcl - start");
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2));
dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder().interfaceName(PORT_1).addAllIpPrefixOrAddress(Collections.singletonList(new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder().interfaceName(PORT_2).addAllIpPrefixOrAddress(Collections.singletonList(new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_UNSPECIFIED, AclConstants.DEST_UPPER_PORT_UNSPECIFIED, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) -1);
dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1).newMatches(matches).newDirection(DirectionEgress.class).build());
matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_UNSPECIFIED, AclConstants.DEST_UPPER_PORT_UNSPECIFIED, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED, (short) -1);
dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches).newDirection(DirectionIngress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
// When
putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
asyncEventsWaiter.awaitEventsConsumption();
// Then
newInterfaceWithEtherTypeAclCheck();
LOG.info("newInterfaceWithEtherTypeAcl - end");
}
Also used :
Uuid(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid)
Matches(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches)
IpPrefixOrAddress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress)
DirectionIngress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress)
Test(org.junit.Test)
Example 95 with Matches
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class EgressAclServiceImpl method egressAclDhcpv6AllowClientTraffic.
/**
* Add rule to ensure only DHCPv6 server traffic from the specified mac is
* allowed.
*
* @param dpId the dpid
* @param allowedAddresses the allowed addresses
* @param lportTag the lport tag
* @param addOrRemove whether to add or remove the flow
*/
private void egressAclDhcpv6AllowClientTraffic(BigInteger dpId, List<AllowedAddressPairs> allowedAddresses, int lportTag, int addOrRemove) {
List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions();
for (AllowedAddressPairs aap : allowedAddresses) {
if (AclServiceUtils.isIPv4Address(aap)) {
continue;
}
List<MatchInfoBase> matches = new ArrayList<>();
matches.addAll(AclServiceUtils.buildDhcpV6Matches(AclConstants.DHCP_CLIENT_PORT_IPV6, AclConstants.DHCP_SERVER_PORT_IPV6, lportTag, serviceMode));
matches.add(new MatchEthernetSource(aap.getMacAddress()));
String flowName = "Egress_DHCP_Client_v6" + "_" + dpId + "_" + lportTag + "_" + aap.getMacAddress().getValue() + "_Permit_";
syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
}
Also used :
InstructionInfo(org.opendaylight.genius.mdsalutil.InstructionInfo)
MatchEthernetSource(org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource)
ArrayList(java.util.ArrayList)
AllowedAddressPairs(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
Aggregations
ArrayList (java.util.ArrayList)66
MatchInfo (org.opendaylight.genius.mdsalutil.MatchInfo)31
MatchInfoBase (org.opendaylight.genius.mdsalutil.MatchInfoBase)30
Flow (org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow)28
Matches (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches)22
BigInteger (java.math.BigInteger)21
InstructionInfo (org.opendaylight.genius.mdsalutil.InstructionInfo)21
MatchMetadata (org.opendaylight.genius.mdsalutil.matches.MatchMetadata)20
Test (org.junit.Test)18
MacAddress (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress)17
List (java.util.List)16
ActionInfo (org.opendaylight.genius.mdsalutil.ActionInfo)16
InstructionApplyActions (org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions)15
Instruction (org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction)15
IpPrefixOrAddress (org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress)13
InstructionGotoTable (org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable)12
FlowEntity (org.opendaylight.genius.mdsalutil.FlowEntity)10
Uuid (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid)10
FlowId (org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowId)8
NodeId (org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId)8
