Examples with Matches org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches used on opensource projects

Example 26 with Matches

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.

the class NaptManager method getExternalAddressMapping.

/**
 * method to get external ip/port mapping when provided with internal ip/port pair
 * If already a mapping exist for the given input, then the existing mapping is returned
 * instead of overwriting with new ip/port pair.
 *
 * @param segmentId     - Router ID
 * @param sourceAddress - internal ip address/port pair
 * @param protocol      - TCP/UDP
 * @return external ip address/port
 */
// TODO Clean up the exception handling
@SuppressWarnings("checkstyle:IllegalCatch")
public SessionAddress getExternalAddressMapping(long segmentId, SessionAddress sourceAddress, NAPTEntryEvent.Protocol protocol) {
    LOG.debug("getExternalAddressMapping : called with segmentId {}, internalIp {} and port {}", segmentId, sourceAddress.getIpAddress(), sourceAddress.getPortNumber());
    /*
         1. Get Internal IP, Port in IP:Port format
         2. Inside DB with routerId get the list of entries and check if it matches with existing IP:Port
         3. If True return SessionAddress of ExternalIp and Port
         4. Else check ip Map and Form the ExternalIp and Port and update DB and then return ExternalIp and Port
         */
    // SessionAddress externalIpPort = new SessionAddress();
    String internalIpPort = sourceAddress.getIpAddress() + ":" + sourceAddress.getPortNumber();
    // First check existing Port Map.
    SessionAddress existingIpPort = checkIpPortMap(segmentId, internalIpPort, protocol);
    if (existingIpPort != null) {
        // populate externalIpPort from IpPortMap and return
        LOG.debug("getExternalAddressMapping : successfully returning existingIpPort as {} and {}", existingIpPort.getIpAddress(), existingIpPort.getPortNumber());
        return existingIpPort;
    } else {
        // Now check in ip-map
        String externalIp = checkIpMap(segmentId, sourceAddress.getIpAddress());
        if (externalIp == null) {
            LOG.error("getExternalAddressMapping : Unexpected error, internal to external " + "ip map does not exist");
            return null;
        } else {
            /* Logic assuming internalIp is always ip and not subnet
                  * case 1: externalIp is ip
                  *        a) goto externalIp pool and getPort and return
                  *        b) else return error
                  * case 2: externalIp is subnet
                  *        a) Take first externalIp and goto that Pool and getPort
                  *             if port -> return
                  *             else Take second externalIp and create that Pool and getPort
                  *             if port ->return
                  *             else
                  *             Continue same with third externalIp till we exhaust subnet
                  *        b) Nothing worked return error
                  */
            SubnetUtils externalIpSubnet;
            List<String> allIps = new ArrayList<>();
            String subnetPrefix = "/" + String.valueOf(NatConstants.DEFAULT_PREFIX);
            boolean extSubnetFlag = false;
            if (!externalIp.contains(subnetPrefix)) {
                extSubnetFlag = true;
                externalIpSubnet = new SubnetUtils(externalIp);
                allIps = Arrays.asList(externalIpSubnet.getInfo().getAllAddresses());
                LOG.debug("getExternalAddressMapping : total count of externalIps available {}", externalIpSubnet.getInfo().getAddressCount());
            } else {
                LOG.debug("getExternalAddressMapping : getExternalAddress single ip case");
                if (externalIp.contains(subnetPrefix)) {
                    // remove /32 what we got from checkIpMap
                    externalIp = externalIp.substring(0, externalIp.indexOf(subnetPrefix));
                }
                allIps.add(externalIp);
            }
            boolean nextExtIpFlag = false;
            for (String extIp : allIps) {
                LOG.info("getExternalAddressMapping : Looping externalIPs with externalIP now as {}", extIp);
                if (nextExtIpFlag) {
                    createNaptPortPool(extIp);
                    LOG.debug("getExternalAddressMapping : Created Pool for next Ext IP {}", extIp);
                }
                AllocateIdInput getIdInput = new AllocateIdInputBuilder().setPoolName(extIp).setIdKey(internalIpPort).build();
                try {
                    Future<RpcResult<AllocateIdOutput>> result = idManager.allocateId(getIdInput);
                    RpcResult<AllocateIdOutput> rpcResult;
                    if (result != null && result.get().isSuccessful()) {
                        LOG.debug("getExternalAddressMapping : Got id from idManager");
                        rpcResult = result.get();
                    } else {
                        LOG.error("getExternalAddressMapping : getExternalAddressMapping, idManager could not " + "allocate id retry if subnet");
                        if (!extSubnetFlag) {
                            LOG.error("getExternalAddressMapping : getExternalAddressMapping returning null " + "for single IP case, may be ports exhausted");
                            return null;
                        }
                        LOG.debug("getExternalAddressMapping : Could be ports exhausted case, " + "try with another externalIP if possible");
                        nextExtIpFlag = true;
                        continue;
                    }
                    int extPort = rpcResult.getResult().getIdValue().intValue();
                    // Write to ip-port-map before returning
                    IpPortExternalBuilder ipExt = new IpPortExternalBuilder();
                    IpPortExternal ipPortExt = ipExt.setIpAddress(extIp).setPortNum(extPort).build();
                    IpPortMap ipm = new IpPortMapBuilder().setKey(new IpPortMapKey(internalIpPort)).setIpPortInternal(internalIpPort).setIpPortExternal(ipPortExt).build();
                    LOG.debug("getExternalAddressMapping : writing into ip-port-map with " + "externalIP {} and port {}", ipPortExt.getIpAddress(), ipPortExt.getPortNum());
                    try {
                        MDSALUtil.syncWrite(dataBroker, LogicalDatastoreType.CONFIGURATION, getIpPortMapIdentifier(segmentId, internalIpPort, protocol), ipm);
                    } catch (UncheckedExecutionException uee) {
                        LOG.error("getExternalAddressMapping : Failed to write into ip-port-map with exception", uee);
                    }
                    // Write to snat-internal-ip-port-info
                    String internalIpAddress = sourceAddress.getIpAddress();
                    int ipPort = sourceAddress.getPortNumber();
                    ProtocolTypes protocolType = NatUtil.getProtocolType(protocol);
                    List<Integer> portList = new ArrayList<>(NatUtil.getInternalIpPortListInfo(dataBroker, segmentId, internalIpAddress, protocolType));
                    portList.add(ipPort);
                    IntIpProtoTypeBuilder builder = new IntIpProtoTypeBuilder();
                    IntIpProtoType intIpProtocolType = builder.setKey(new IntIpProtoTypeKey(protocolType)).setPorts(portList).build();
                    try {
                        MDSALUtil.syncWrite(dataBroker, LogicalDatastoreType.CONFIGURATION, NatUtil.buildSnatIntIpPortIdentifier(segmentId, internalIpAddress, protocolType), intIpProtocolType);
                    } catch (Exception ex) {
                        LOG.error("getExternalAddressMapping : Failed to write into snat-internal-ip-port-info " + "with exception", ex);
                    }
                    SessionAddress externalIpPort = new SessionAddress(extIp, extPort);
                    LOG.debug("getExternalAddressMapping : successfully returning externalIP {} " + "and port {}", externalIpPort.getIpAddress(), externalIpPort.getPortNumber());
                    return externalIpPort;
                } catch (InterruptedException | ExecutionException e) {
                    LOG.error("getExternalAddressMapping : Exception caught", e);
                    return null;
                }
            }
        // end of for loop
        }
    // end of else ipmap present
    }
    // end of else check ipmap
    LOG.error("getExternalAddressMapping : Unable to handle external IP address and port mapping with segmentId {}," + "internalIp {} and internalPort {}", segmentId, sourceAddress.getIpAddress(), sourceAddress.getPortNumber());
    return null;
}

Example 27 with Matches

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.

the class ConntrackBasedSnatService method createOutboundTblTrackEntry.

protected void createOutboundTblTrackEntry(BigInteger dpnId, Long routerId, String extGwMacAddress, int addOrRemove) {
    LOG.info("createOutboundTblTrackEntry : called for switch {}, routerId {}", dpnId, routerId);
    List<MatchInfoBase> matches = new ArrayList<>();
    matches.add(MatchEthernetType.IPV4);
    matches.add(new NxMatchCtState(SNAT_CT_STATE, SNAT_CT_STATE_MASK));
    matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
    ArrayList<ActionInfo> listActionInfo = new ArrayList<>();
    if (addOrRemove == NwConstants.ADD_FLOW) {
        listActionInfo.add(new ActionSetFieldEthernetSource(new MacAddress(extGwMacAddress)));
    }
    ArrayList<InstructionInfo> instructionInfo = new ArrayList<>();
    listActionInfo.add(new ActionNxResubmit(NwConstants.NAPT_PFIB_TABLE));
    instructionInfo.add(new InstructionApplyActions(listActionInfo));
    String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
    flowRef += "trkest";
    syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef, NatConstants.SNAT_TRK_FLOW_PRIORITY, flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructionInfo, addOrRemove);
}

Example 28 with Matches

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.

the class ConntrackBasedSnatService method createOutboundTblEntry.

protected void createOutboundTblEntry(BigInteger dpnId, long routerId, String externalIp, int elanId, String extGwMacAddress, int addOrRemove) {
    LOG.info("createOutboundTblEntry : dpId {} and routerId {}", dpnId, routerId);
    List<MatchInfoBase> matches = new ArrayList<>();
    matches.add(MatchEthernetType.IPV4);
    matches.add(new NxMatchCtState(TRACKED_NEW_CT_STATE, TRACKED_NEW_CT_MASK));
    matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
    List<ActionInfo> actionsInfos = new ArrayList<>();
    if (addOrRemove == NwConstants.ADD_FLOW) {
        actionsInfos.add(new ActionSetFieldEthernetSource(new MacAddress(extGwMacAddress)));
    }
    List<NxCtAction> ctActionsListCommit = new ArrayList<>();
    int rangePresent = NxActionNatRangePresent.NXNATRANGEIPV4MIN.getIntValue();
    int flags = NxActionNatFlags.NXNATFSRC.getIntValue();
    NxCtAction nxCtActionCommit = new ActionNxConntrack.NxNat(0, flags, rangePresent, new IpPrefixOrAddress(externalIp.toCharArray()).getIpAddress(), null, 0, 0);
    ctActionsListCommit.add(nxCtActionCommit);
    int ctCommitFlag = 1;
    ActionNxConntrack actionNxConntrackSubmit = new ActionNxConntrack(ctCommitFlag, 0, elanId, NwConstants.NAPT_PFIB_TABLE, ctActionsListCommit);
    actionsInfos.add(actionNxConntrackSubmit);
    List<InstructionInfo> instructions = new ArrayList<>();
    instructions.add(new InstructionApplyActions(actionsInfos));
    String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
    syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef, NatConstants.SNAT_NEW_FLOW_PRIORITY, flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
}

Example 29 with Matches

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.

the class ExternalNetworksChangeListenerTest method testSnatFlowEntity.

@Test
// TODO Clean up the exception handling
@SuppressWarnings("checkstyle:IllegalCatch")
public void testSnatFlowEntity() {
    FlowEntity flowMock = mock(FlowEntity.class);
    final short snatTable = 40;
    final int defaultSnatFlowPriority = 0;
    final String flowidSeparator = ".";
    String routerName = "200";
    List<BucketInfo> bucketInfo = new ArrayList<>();
    List<ActionInfo> listActionInfoPrimary = new ArrayList<>();
    listActionInfoPrimary.add(new ActionOutput(new Uri("3")));
    BucketInfo bucketPrimary = new BucketInfo(listActionInfoPrimary);
    List<ActionInfo> listActionInfoSecondary = new ArrayList<>();
    listActionInfoSecondary.add(new ActionOutput(new Uri("4")));
    BucketInfo bucketSecondary = new BucketInfo(listActionInfoPrimary);
    bucketInfo.add(0, bucketPrimary);
    bucketInfo.add(1, bucketSecondary);
    List<MatchInfo> matches = new ArrayList<>();
    matches.add(MatchEthernetType.IPV4);
    List<InstructionInfo> instructions = new ArrayList<>();
    List<ActionInfo> actionsInfos = new ArrayList<>();
    long groupId = 300;
    actionsInfos.add(new ActionGroup(groupId));
    instructions.add(new InstructionApplyActions(actionsInfos));
    BigInteger dpnId = new BigInteger("100");
    long routerId = 200;
    String snatFlowidPrefix = "SNAT.";
    String flowRef = snatFlowidPrefix + dpnId + flowidSeparator + snatTable + flowidSeparator + routerId;
    BigInteger cookieSnat = NatUtil.getCookieSnatFlow(routerId);
    try {
        PowerMockito.when(MDSALUtil.class, "buildFlowEntity", dpnId, snatTable, flowRef, defaultSnatFlowPriority, flowRef, 0, 0, cookieSnat, matches, instructions).thenReturn(flowMock);
    } catch (Exception e) {
        // Test failed anyways
        assertEquals("true", "false");
    }
/* TODO : Fix this to mock it properly when it reads DS
        extNetworks.buildSnatFlowEntity(dpnId, routerName, groupId);
        PowerMockito.verifyStatic(); */
}

Example 30 with Matches

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches in project netvirt by opendaylight.

the class AbstractAclServiceImpl method programAceRule.

/**
 * Programs the ace specific rule.
 *
 * @param port acl interface
 * @param aclName the acl name
 * @param ace rule to be program
 * @param addOrRemove whether to delete or add flow
 */
protected void programAceRule(AclInterface port, String aclName, Ace ace, int addOrRemove) {
    SecurityRuleAttr aceAttr = AclServiceUtils.getAccesssListAttributes(ace);
    if (!isValidDirection(aceAttr.getDirection())) {
        LOG.trace("Ignoring {} direction while processing for {} ACE Rule {}", aceAttr.getDirection(), this.directionString, ace.getRuleName());
        return;
    }
    LOG.debug("Program {} ACE rule for dpId={}, lportTag={}, addOrRemove={}, ace={}, portId={}", this.directionString, port.getDpId(), port.getLPortTag(), addOrRemove, ace.getRuleName(), port.getInterfaceId());
    Matches matches = ace.getMatches();
    Map<String, List<MatchInfoBase>> flowMap = null;
    if (matches.getAceType() instanceof AceIp) {
        flowMap = AclServiceOFFlowBuilder.programIpFlow(matches);
        if (!AclServiceUtils.doesAceHaveRemoteGroupId(aceAttr)) {
            // programming for ACE which doesn't have any remote group Id
            programForAceNotHavingRemoteAclId(port, aclName, ace, flowMap, addOrRemove);
        } else {
            Uuid remoteAclId = aceAttr.getRemoteGroupId();
            // programming for ACE which have remote group Id
            programAceSpecificFlows(port, aclName, ace, flowMap, remoteAclId, addOrRemove);
        }
    }
}