Example 6 with Matches
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceOFFlowBuilder method programUdpFlow.
/**
*Converts UDP matches to flows.
* @param acl the access control list
* @return the map containing the flows and the respective flow id
*/
public static Map<String, List<MatchInfoBase>> programUdpFlow(AceIp acl) {
Map<String, List<MatchInfoBase>> flowMatchesMap = new HashMap<>();
SourcePortRange sourcePortRange = acl.getSourcePortRange();
DestinationPortRange destinationPortRange = acl.getDestinationPortRange();
if (sourcePortRange == null && destinationPortRange == null) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
String flowId = "UDP_SOURCE_ALL_";
flowMatchesMap.put(flowId, flowMatches);
return flowMatchesMap;
}
if (sourcePortRange != null) {
Map<Integer, Integer> portMaskMap = getLayer4MaskForRange(sourcePortRange.getLowerPort().getValue(), sourcePortRange.getUpperPort().getValue());
for (Entry<Integer, Integer> entry : portMaskMap.entrySet()) {
Integer port = entry.getKey();
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
Integer mask = entry.getValue();
if (mask != AclConstants.ALL_LAYER4_PORT_MASK) {
flowMatches.add(new NxMatchUdpSourcePort(port, mask));
}
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
String flowId = "UDP_SOURCE_" + port + "_" + mask;
flowMatchesMap.put(flowId, flowMatches);
}
}
if (destinationPortRange != null) {
Map<Integer, Integer> portMaskMap = getLayer4MaskForRange(destinationPortRange.getLowerPort().getValue(), destinationPortRange.getUpperPort().getValue());
for (Entry<Integer, Integer> entry : portMaskMap.entrySet()) {
Integer port = entry.getKey();
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
Integer mask = entry.getValue();
if (mask != AclConstants.ALL_LAYER4_PORT_MASK) {
flowMatches.add(new NxMatchUdpDestinationPort(port, mask));
}
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
String flowId = "UDP_DESTINATION_" + port + "_" + mask;
flowMatchesMap.put(flowId, flowMatches);
}
}
return flowMatchesMap;
}
Also used :
SourcePortRange(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.SourcePortRange)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
MatchIpProtocol(org.opendaylight.genius.mdsalutil.matches.MatchIpProtocol)
NxMatchUdpDestinationPort(org.opendaylight.genius.mdsalutil.nxmatches.NxMatchUdpDestinationPort)
DestinationPortRange(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRange)
ArrayList(java.util.ArrayList)
List(java.util.List)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
NxMatchUdpSourcePort(org.opendaylight.genius.mdsalutil.nxmatches.NxMatchUdpSourcePort)
Example 7 with Matches
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceOFFlowBuilder method programIcmpFlow.
/**
*Converts icmp matches to flows.
* @param acl the access control list
* @return the map containing the flows and the respective flow id
*/
public static Map<String, List<MatchInfoBase>> programIcmpFlow(AceIp acl) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
// For ICMP port range indicates type and code
SourcePortRange sourcePortRange = acl.getSourcePortRange();
String flowId = "ICMP_";
if (sourcePortRange != null) {
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(new MatchIcmpv4(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V4_SOURCE_" + sourcePortRange.getLowerPort().getValue() + sourcePortRange.getUpperPort().getValue();
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(new MatchIcmpv6(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V6_SOURCE_" + sourcePortRange.getLowerPort().getValue() + "_" + sourcePortRange.getUpperPort().getValue() + "_";
}
}
DestinationPortRange destinationPortRange = acl.getDestinationPortRange();
if (destinationPortRange != null) {
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(new MatchIcmpv4(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V4_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(new MatchIcmpv6(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V6_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
}
}
if (acl.getAceIpVersion() instanceof AceIpv6 && acl.getProtocol() == NwConstants.IP_PROT_ICMP) {
// We are aligning our implementation similar to Neutron Firewall driver where a Security
// Group rule with "Ethertype as IPv6 and Protocol as icmp" is treated as ICMPV6 SG Rule.
flowMatches.add(new MatchIpProtocol(AclConstants.IP_PROT_ICMPV6));
} else {
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
}
Map<String, List<MatchInfoBase>> flowMatchesMap = new HashMap<>();
flowMatchesMap.put(flowId, flowMatches);
return flowMatchesMap;
}
Also used :
SourcePortRange(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.SourcePortRange)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
MatchIpProtocol(org.opendaylight.genius.mdsalutil.matches.MatchIpProtocol)
DestinationPortRange(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRange)
MatchIcmpv4(org.opendaylight.genius.mdsalutil.matches.MatchIcmpv4)
MatchIcmpv6(org.opendaylight.genius.mdsalutil.matches.MatchIcmpv6)
ArrayList(java.util.ArrayList)
List(java.util.List)
AceIpv6(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv6)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
AceIpv4(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4)
Example 8 with Matches
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceOFFlowBuilder method addDstIpMatches.
/**
* Adds destination ip matches to the flows.
* @param acl the access control list
* @return the list of flows.
*/
public static List<MatchInfoBase> addDstIpMatches(AceIp acl) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(MatchEthernetType.IPV4);
Ipv4Prefix dstNetwork = ((AceIpv4) acl.getAceIpVersion()).getDestinationIpv4Network();
if (null != dstNetwork && !dstNetwork.getValue().equals(AclConstants.IPV4_ALL_NETWORK)) {
flowMatches.add(new MatchIpv4Destination(dstNetwork));
}
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(MatchEthernetType.IPV6);
Ipv6Prefix dstNetwork = ((AceIpv6) acl.getAceIpVersion()).getDestinationIpv6Network();
if (null != dstNetwork && !dstNetwork.getValue().equals(AclConstants.IPV6_ALL_NETWORK)) {
flowMatches.add(new MatchIpv6Destination(dstNetwork));
}
}
return flowMatches;
}
Also used :
MatchIpv6Destination(org.opendaylight.genius.mdsalutil.matches.MatchIpv6Destination)
ArrayList(java.util.ArrayList)
MatchIpv4Destination(org.opendaylight.genius.mdsalutil.matches.MatchIpv4Destination)
AceIpv6(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv6)
Ipv4Prefix(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
AceIpv4(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4)
Ipv6Prefix(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix)
Example 9 with Matches
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceUtils method buildMatchesForLPortTagAndRemoteAclTag.
public static List<MatchInfoBase> buildMatchesForLPortTagAndRemoteAclTag(Integer lportTag, Integer remoteAclTag, Class<? extends ServiceModeBase> serviceMode) {
List<MatchInfoBase> matches = new ArrayList<>();
if (serviceMode != null && serviceMode.isAssignableFrom(ServiceModeEgress.class)) {
matches.add(AclServiceUtils.buildLPortTagMatch(lportTag, serviceMode));
matches.add(AclServiceUtils.buildRemoteAclTagMetadataMatch(remoteAclTag));
} else {
// In case of ingress service mode, only metadata is used for
// matching both lportTag and aclTag. Hence performing "or"
// operation on both lportTag and aclTag metadata.
BigInteger metaData = MetaDataUtil.getLportTagMetaData(lportTag).or(getRemoteAclTagMetadata(BigInteger.valueOf(remoteAclTag)));
BigInteger metaDataMask = MetaDataUtil.METADATA_MASK_LPORT_TAG.or(MetaDataUtil.METADATA_MASK_REMOTE_ACL_TAG);
matches.add(new MatchMetadata(metaData, metaDataMask));
}
return matches;
}
Also used :
MatchMetadata(org.opendaylight.genius.mdsalutil.matches.MatchMetadata)
ServiceModeEgress(org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeEgress)
ArrayList(java.util.ArrayList)
BigInteger(java.math.BigInteger)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
Example 10 with Matches
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceUtils method buildArpIpMatches.
/**
* Builds the arp ip matches.
* @param ipPrefixOrAddress the ip prefix or address
* @return the MatchInfoBase list
*/
public static List<MatchInfoBase> buildArpIpMatches(IpPrefixOrAddress ipPrefixOrAddress) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
IpPrefix ipPrefix = ipPrefixOrAddress.getIpPrefix();
if (ipPrefix != null) {
Ipv4Prefix ipv4Prefix = ipPrefix.getIpv4Prefix();
if (ipv4Prefix != null && !ipv4Prefix.getValue().equals(AclConstants.IPV4_ALL_NETWORK)) {
flowMatches.add(new MatchArpSpa(ipv4Prefix));
}
} else {
IpAddress ipAddress = ipPrefixOrAddress.getIpAddress();
if (ipAddress != null && ipAddress.getIpv4Address() != null) {
flowMatches.add(new MatchArpSpa(ipAddress.getIpv4Address().getValue(), "32"));
}
}
return flowMatches;
}
Also used :
IpPrefix(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix)
ArrayList(java.util.ArrayList)
MatchArpSpa(org.opendaylight.genius.mdsalutil.matches.MatchArpSpa)
IpAddress(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress)
Ipv4Prefix(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix)
MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)
Aggregations
ArrayList (java.util.ArrayList)66
MatchInfo (org.opendaylight.genius.mdsalutil.MatchInfo)31
MatchInfoBase (org.opendaylight.genius.mdsalutil.MatchInfoBase)30
Flow (org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow)28
Matches (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches)22
BigInteger (java.math.BigInteger)21
InstructionInfo (org.opendaylight.genius.mdsalutil.InstructionInfo)21
MatchMetadata (org.opendaylight.genius.mdsalutil.matches.MatchMetadata)20
Test (org.junit.Test)18
MacAddress (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress)17
List (java.util.List)16
ActionInfo (org.opendaylight.genius.mdsalutil.ActionInfo)16
InstructionApplyActions (org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions)15
Instruction (org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction)15
IpPrefixOrAddress (org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress)13
InstructionGotoTable (org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable)12
FlowEntity (org.opendaylight.genius.mdsalutil.FlowEntity)10
Uuid (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid)10
FlowId (org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowId)8
NodeId (org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId)8
