use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceOFFlowBuilder method programUdpFlow.
/**
*Converts UDP matches to flows.
* @param acl the access control list
* @return the map containing the flows and the respective flow id
*/
public static Map<String, List<MatchInfoBase>> programUdpFlow(AceIp acl) {
Map<String, List<MatchInfoBase>> flowMatchesMap = new HashMap<>();
SourcePortRange sourcePortRange = acl.getSourcePortRange();
DestinationPortRange destinationPortRange = acl.getDestinationPortRange();
if (sourcePortRange == null && destinationPortRange == null) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
String flowId = "UDP_SOURCE_ALL_";
flowMatchesMap.put(flowId, flowMatches);
return flowMatchesMap;
}
if (sourcePortRange != null) {
Map<Integer, Integer> portMaskMap = getLayer4MaskForRange(sourcePortRange.getLowerPort().getValue(), sourcePortRange.getUpperPort().getValue());
for (Entry<Integer, Integer> entry : portMaskMap.entrySet()) {
Integer port = entry.getKey();
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
Integer mask = entry.getValue();
if (mask != AclConstants.ALL_LAYER4_PORT_MASK) {
flowMatches.add(new NxMatchUdpSourcePort(port, mask));
}
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
String flowId = "UDP_SOURCE_" + port + "_" + mask;
flowMatchesMap.put(flowId, flowMatches);
}
}
if (destinationPortRange != null) {
Map<Integer, Integer> portMaskMap = getLayer4MaskForRange(destinationPortRange.getLowerPort().getValue(), destinationPortRange.getUpperPort().getValue());
for (Entry<Integer, Integer> entry : portMaskMap.entrySet()) {
Integer port = entry.getKey();
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
Integer mask = entry.getValue();
if (mask != AclConstants.ALL_LAYER4_PORT_MASK) {
flowMatches.add(new NxMatchUdpDestinationPort(port, mask));
}
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
String flowId = "UDP_DESTINATION_" + port + "_" + mask;
flowMatchesMap.put(flowId, flowMatches);
}
}
return flowMatchesMap;
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceOFFlowBuilder method programIcmpFlow.
/**
*Converts icmp matches to flows.
* @param acl the access control list
* @return the map containing the flows and the respective flow id
*/
public static Map<String, List<MatchInfoBase>> programIcmpFlow(AceIp acl) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
// For ICMP port range indicates type and code
SourcePortRange sourcePortRange = acl.getSourcePortRange();
String flowId = "ICMP_";
if (sourcePortRange != null) {
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(new MatchIcmpv4(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V4_SOURCE_" + sourcePortRange.getLowerPort().getValue() + sourcePortRange.getUpperPort().getValue();
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(new MatchIcmpv6(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V6_SOURCE_" + sourcePortRange.getLowerPort().getValue() + "_" + sourcePortRange.getUpperPort().getValue() + "_";
}
}
DestinationPortRange destinationPortRange = acl.getDestinationPortRange();
if (destinationPortRange != null) {
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(new MatchIcmpv4(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V4_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(new MatchIcmpv6(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V6_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
}
}
if (acl.getAceIpVersion() instanceof AceIpv6 && acl.getProtocol() == NwConstants.IP_PROT_ICMP) {
// We are aligning our implementation similar to Neutron Firewall driver where a Security
// Group rule with "Ethertype as IPv6 and Protocol as icmp" is treated as ICMPV6 SG Rule.
flowMatches.add(new MatchIpProtocol(AclConstants.IP_PROT_ICMPV6));
} else {
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
}
Map<String, List<MatchInfoBase>> flowMatchesMap = new HashMap<>();
flowMatchesMap.put(flowId, flowMatches);
return flowMatchesMap;
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceOFFlowBuilder method addDstIpMatches.
/**
* Adds destination ip matches to the flows.
* @param acl the access control list
* @return the list of flows.
*/
public static List<MatchInfoBase> addDstIpMatches(AceIp acl) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(MatchEthernetType.IPV4);
Ipv4Prefix dstNetwork = ((AceIpv4) acl.getAceIpVersion()).getDestinationIpv4Network();
if (null != dstNetwork && !dstNetwork.getValue().equals(AclConstants.IPV4_ALL_NETWORK)) {
flowMatches.add(new MatchIpv4Destination(dstNetwork));
}
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(MatchEthernetType.IPV6);
Ipv6Prefix dstNetwork = ((AceIpv6) acl.getAceIpVersion()).getDestinationIpv6Network();
if (null != dstNetwork && !dstNetwork.getValue().equals(AclConstants.IPV6_ALL_NETWORK)) {
flowMatches.add(new MatchIpv6Destination(dstNetwork));
}
}
return flowMatches;
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceUtils method buildMatchesForLPortTagAndRemoteAclTag.
public static List<MatchInfoBase> buildMatchesForLPortTagAndRemoteAclTag(Integer lportTag, Integer remoteAclTag, Class<? extends ServiceModeBase> serviceMode) {
List<MatchInfoBase> matches = new ArrayList<>();
if (serviceMode != null && serviceMode.isAssignableFrom(ServiceModeEgress.class)) {
matches.add(AclServiceUtils.buildLPortTagMatch(lportTag, serviceMode));
matches.add(AclServiceUtils.buildRemoteAclTagMetadataMatch(remoteAclTag));
} else {
// In case of ingress service mode, only metadata is used for
// matching both lportTag and aclTag. Hence performing "or"
// operation on both lportTag and aclTag metadata.
BigInteger metaData = MetaDataUtil.getLportTagMetaData(lportTag).or(getRemoteAclTagMetadata(BigInteger.valueOf(remoteAclTag)));
BigInteger metaDataMask = MetaDataUtil.METADATA_MASK_LPORT_TAG.or(MetaDataUtil.METADATA_MASK_REMOTE_ACL_TAG);
matches.add(new MatchMetadata(metaData, metaDataMask));
}
return matches;
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.
the class AclServiceUtils method buildArpIpMatches.
/**
* Builds the arp ip matches.
* @param ipPrefixOrAddress the ip prefix or address
* @return the MatchInfoBase list
*/
public static List<MatchInfoBase> buildArpIpMatches(IpPrefixOrAddress ipPrefixOrAddress) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
IpPrefix ipPrefix = ipPrefixOrAddress.getIpPrefix();
if (ipPrefix != null) {
Ipv4Prefix ipv4Prefix = ipPrefix.getIpv4Prefix();
if (ipv4Prefix != null && !ipv4Prefix.getValue().equals(AclConstants.IPV4_ALL_NETWORK)) {
flowMatches.add(new MatchArpSpa(ipv4Prefix));
}
} else {
IpAddress ipAddress = ipPrefixOrAddress.getIpAddress();
if (ipAddress != null && ipAddress.getIpv4Address() != null) {
flowMatches.add(new MatchArpSpa(ipAddress.getIpv4Address().getValue(), "32"));
}
}
return flowMatches;
}
Aggregations