Examples with Matches org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches used on opensource projects

Example 16 with Matches

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.

the class AclServiceTestBase method newMatch.

// TODO refactor this instead of stealing it from org.opendaylight.netvirt.neutronvpn.NeutronSecurityRuleListener
protected Matches newMatch(int srcLowerPort, int srcUpperPort, int destLowerPort, int destupperPort, int srcRemoteIpPrefix, int dstRemoteIpPrefix, short protocol) {
    AceIpBuilder aceIpBuilder = new AceIpBuilder();
    if (destLowerPort != -1) {
        DestinationPortRangeBuilder destinationPortRangeBuilder = new DestinationPortRangeBuilder();
        destinationPortRangeBuilder.setLowerPort(new PortNumber(destLowerPort));
        destinationPortRangeBuilder.setUpperPort(new PortNumber(destupperPort));
        aceIpBuilder.setDestinationPortRange(destinationPortRangeBuilder.build());
    }
    AceIpv4Builder aceIpv4Builder = new AceIpv4Builder();
    if (srcRemoteIpPrefix == AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED) {
        aceIpv4Builder.setSourceIpv4Network(new Ipv4Prefix(AclConstants.IPV4_ALL_NETWORK));
    }
    if (dstRemoteIpPrefix == AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED) {
        aceIpv4Builder.setSourceIpv4Network(new Ipv4Prefix(AclConstants.IPV4_ALL_NETWORK));
    }
    if (protocol != -1) {
        aceIpBuilder.setProtocol(protocol);
    }
    aceIpBuilder.setAceIpVersion(aceIpv4Builder.build());
    MatchesBuilder matchesBuilder = new MatchesBuilder();
    matchesBuilder.setAceType(aceIpBuilder.build());
    return matchesBuilder.build();
}

Example 17 with Matches

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.

the class AclServiceTestBase method newInterfaceWithDstPortRange.

@Test
public void newInterfaceWithDstPortRange() throws Exception {
    LOG.info("newInterfaceWithDstPortRange - start");
    newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
    dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder().interfaceName(PORT_1).addAllIpPrefixOrAddress(Collections.singletonList(new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
    // Given
    Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 333, 777, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
    dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1).newMatches(matches).newDirection(DirectionEgress.class).build());
    matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 2000, 2003, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED, (short) NwConstants.IP_PROT_UDP);
    dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches).newDirection(DirectionIngress.class).build());
    // When
    putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
    asyncEventsWaiter.awaitEventsConsumption();
    // Then
    newInterfaceWithDstPortRangeCheck();
    LOG.info("newInterfaceWithDstPortRange - end");
}

Example 18 with Matches

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.

the class AclServiceTestBase method newInterfaceWithUdpDstAcl.

@Test
public void newInterfaceWithUdpDstAcl() throws Exception {
    LOG.info("newInterfaceWithUdpDstAcl - start");
    newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
    newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2));
    dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder().interfaceName(PORT_1).addAllIpPrefixOrAddress(Collections.singletonList(new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
    dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder().interfaceName(PORT_2).addAllIpPrefixOrAddress(Collections.singletonList(new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
    // Given
    Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_UDP);
    dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1).newMatches(matches).newDirection(DirectionEgress.class).build());
    matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED, (short) NwConstants.IP_PROT_UDP);
    dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches).newDirection(DirectionIngress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
    // When
    putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
    putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
    asyncEventsWaiter.awaitEventsConsumption();
    // Then
    newInterfaceWithUdpDstAclCheck();
    LOG.info("newInterfaceWithUdpDstAcl - end");
}

Example 19 with Matches

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.

the class AclServiceTestBaseIPv6 method newMatch.

@Override
protected Matches newMatch(int srcLowerPort, int srcUpperPort, int destLowerPort, int destupperPort, int srcRemoteIpPrefix, int dstRemoteIpPrefix, short protocol) {
    AceIpBuilder aceIpBuilder = new AceIpBuilder();
    if (destLowerPort != -1) {
        DestinationPortRangeBuilder destinationPortRangeBuilder = new DestinationPortRangeBuilder();
        destinationPortRangeBuilder.setLowerPort(new PortNumber(destLowerPort));
        destinationPortRangeBuilder.setUpperPort(new PortNumber(destupperPort));
        aceIpBuilder.setDestinationPortRange(destinationPortRangeBuilder.build());
    }
    AceIpv6Builder aceIpv6Builder = new AceIpv6Builder();
    if (srcRemoteIpPrefix == AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED) {
        aceIpv6Builder.setSourceIpv6Network(new Ipv6Prefix(AclConstants.IPV6_ALL_NETWORK));
    }
    if (dstRemoteIpPrefix == AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED) {
        aceIpv6Builder.setSourceIpv6Network(new Ipv6Prefix(AclConstants.IPV6_ALL_NETWORK));
    }
    if (protocol != -1) {
        aceIpBuilder.setProtocol(protocol);
    }
    aceIpBuilder.setAceIpVersion(aceIpv6Builder.build());
    MatchesBuilder matchesBuilder = new MatchesBuilder();
    matchesBuilder.setAceType(aceIpBuilder.build());
    return matchesBuilder.build();
}

Example 20 with Matches

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.

the class EgressAclServiceImpl method egressAclDhcpAllowClientTraffic.

/**
 * Add rule to ensure only DHCP server traffic from the specified mac is allowed.
 *
 * @param dpId the dpid
 * @param allowedAddresses the allowed addresses
 * @param lportTag the lport tag
 * @param addOrRemove whether to add or remove the flow
 */
private void egressAclDhcpAllowClientTraffic(BigInteger dpId, List<AllowedAddressPairs> allowedAddresses, int lportTag, int addOrRemove) {
    List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions();
    for (AllowedAddressPairs aap : allowedAddresses) {
        if (!AclServiceUtils.isIPv4Address(aap)) {
            continue;
        }
        List<MatchInfoBase> matches = new ArrayList<>();
        matches.addAll(AclServiceUtils.buildDhcpMatches(AclConstants.DHCP_CLIENT_PORT_IPV4, AclConstants.DHCP_SERVER_PORT_IPV4, lportTag, serviceMode));
        matches.add(new MatchEthernetSource(aap.getMacAddress()));
        String flowName = "Egress_DHCP_Client_v4" + dpId + "_" + lportTag + "_" + aap.getMacAddress().getValue() + "_Permit_";
        syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
    }
}