Search in sources :

Example 16 with MatchesBuilder

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.MatchesBuilder in project netvirt by opendaylight.

the class AclMatchesTest method buildIpv4TcpMatchTest.

@Test
public void buildIpv4TcpMatchTest() {
    AceIpBuilder aceIpBuilder = new AceIpBuilder();
    aceIpBuilder.setAceIpVersion(new AceIpv4Builder().build());
    aceIpBuilder.setProtocol(IPProtocols.TCP.shortValue());
    SourcePortRangeBuilder srcPortRange = new SourcePortRangeBuilder();
    srcPortRange.setLowerPort(new PortNumber(TCP_SRC_LOWER_PORT));
    srcPortRange.setUpperPort(new PortNumber(TCP_SRC_UPPER_PORT));
    aceIpBuilder.setSourcePortRange(srcPortRange.build());
    DestinationPortRangeBuilder dstPortRange = new DestinationPortRangeBuilder();
    dstPortRange.setLowerPort(new PortNumber(TCP_DST_LOWER_PORT));
    dstPortRange.setUpperPort(new PortNumber(TCP_DST_UPPER_PORT));
    aceIpBuilder.setDestinationPortRange(dstPortRange.build());
    MatchesBuilder matchesBuilder = new MatchesBuilder();
    matchesBuilder.setAceType(aceIpBuilder.build());
    // Create the aclMatches that is the object to be tested
    AclMatches aclMatches = new AclMatches(matchesBuilder.build());
    MatchBuilder matchBuilder = aclMatches.buildMatch();
    // There should be an IPv4 etherType set
    EthernetMatch ethMatch = matchBuilder.getEthernetMatch();
    assertNotNull(ethMatch);
    assertEquals(ethMatch.getEthernetType().getType().getValue(), Long.valueOf(NwConstants.ETHTYPE_IPV4));
    // Make sure its TCP
    IpMatch ipMatch = matchBuilder.getIpMatch();
    assertNotNull(ipMatch);
    assertEquals(ipMatch.getIpProtocol(), Short.valueOf(IPProtocols.TCP.shortValue()));
    // Currently ranges arent supported, only the lower port is used
    TcpMatch tcpMatch = (TcpMatch) matchBuilder.getLayer4Match();
    assertEquals(tcpMatch.getTcpSourcePort().getValue(), Integer.valueOf(TCP_SRC_LOWER_PORT));
    assertEquals(tcpMatch.getTcpDestinationPort().getValue(), Integer.valueOf(TCP_DST_LOWER_PORT));
    // The layer3 match should be null
    assertNull(matchBuilder.getLayer3Match());
}
Also used : EthernetMatch(org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch) TcpMatch(org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch) DestinationPortRangeBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRangeBuilder) AceIpBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder) AceIpv4Builder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4Builder) PortNumber(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber) MatchesBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.MatchesBuilder) SourcePortRangeBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.SourcePortRangeBuilder) MatchBuilder(org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder) IpMatch(org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.IpMatch) Test(org.junit.Test)

Example 17 with MatchesBuilder

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.MatchesBuilder in project netvirt by opendaylight.

the class FlowClassifierTranslator method buildAcl.

public static Acl buildAcl(SfcFlowClassifier flowClassifier, String sfpName) {
    LOG.info("OpenStack Networking SFC pushed Flow classifier : {}", flowClassifier);
    AclBuilder aclBuilder = new AclBuilder();
    AceBuilder aceBuilder = new AceBuilder();
    ActionsBuilder actionsBuilder = new ActionsBuilder();
    RedirectToSfcBuilder redirectToSfcBuilder = new RedirectToSfcBuilder();
    NeutronPortsBuilder neutronPortsBuilder = new NeutronPortsBuilder();
    AceIpBuilder aceIpBuilder = new AceIpBuilder();
    DestinationPortRangeBuilder destinationPortRange = new DestinationPortRangeBuilder();
    SourcePortRangeBuilder sourcePortRangeBuilder = new SourcePortRangeBuilder();
    if (flowClassifier.getUuid() != null) {
        if (flowClassifier.getName() != null) {
            aclBuilder.setAclName(flowClassifier.getUuid().getValue() + "_" + flowClassifier.getName());
        } else {
            aclBuilder.setAclName(flowClassifier.getUuid().getValue());
        }
    }
    if (flowClassifier.getEthertype() != null) {
        IpPrefix sourceIp = null;
        IpPrefix destinationIp = null;
        if (flowClassifier.getSourceIpPrefix() != null) {
            sourceIp = flowClassifier.getSourceIpPrefix();
        }
        if (flowClassifier.getDestinationIpPrefix() != null) {
            destinationIp = flowClassifier.getDestinationIpPrefix();
        }
        if (flowClassifier.getEthertype() == EthertypeV4.class) {
            AceIpv4Builder aceIpv4Builder = new AceIpv4Builder();
            if (sourceIp != null && sourceIp.getIpv4Prefix() != null) {
                aceIpv4Builder.setSourceIpv4Network(sourceIp.getIpv4Prefix());
            }
            if (destinationIp != null && destinationIp.getIpv4Prefix() != null) {
                aceIpv4Builder.setDestinationIpv4Network(destinationIp.getIpv4Prefix());
            }
            aceIpBuilder.setAceIpVersion(aceIpv4Builder.build());
            aclBuilder.setAclType(Ipv4Acl.class);
        }
        if (flowClassifier.getEthertype() == EthertypeV6.class) {
            AceIpv6Builder aceIpv6Builder = new AceIpv6Builder();
            if (sourceIp != null && sourceIp.getIpv6Prefix() != null) {
                aceIpv6Builder.setSourceIpv6Network(sourceIp.getIpv6Prefix());
            }
            if (sourceIp != null && destinationIp.getIpv6Prefix() != null) {
                aceIpv6Builder.setDestinationIpv6Network(destinationIp.getIpv6Prefix());
            }
            aceIpBuilder.setAceIpVersion(aceIpv6Builder.build());
            aclBuilder.setAclType(Ipv6Acl.class);
        }
    }
    if (flowClassifier.getProtocol() != null) {
        if (flowClassifier.getProtocol() == ProtocolTcp.class) {
            aceIpBuilder.setProtocol(PROTO_TCP);
        }
        if (flowClassifier.getProtocol() == ProtocolUdp.class) {
            aceIpBuilder.setProtocol(PROTO_UDP);
        }
    }
    if (flowClassifier.getSourcePortRangeMin() != null) {
        sourcePortRangeBuilder.setLowerPort(new PortNumber(flowClassifier.getSourcePortRangeMin()));
        // set source port range only if lower port is specified as it is a mandatory parameter in acl model
        aceIpBuilder.setSourcePortRange(sourcePortRangeBuilder.build());
    }
    if (flowClassifier.getSourcePortRangeMax() != null) {
        sourcePortRangeBuilder.setUpperPort(new PortNumber(flowClassifier.getSourcePortRangeMax()));
    }
    if (flowClassifier.getDestinationPortRangeMin() != null) {
        destinationPortRange.setLowerPort(new PortNumber(flowClassifier.getDestinationPortRangeMin()));
        // set destination port range only if lower port is specified as it is a mandatory parameter in acl model
        aceIpBuilder.setDestinationPortRange(destinationPortRange.build());
    }
    if (flowClassifier.getDestinationPortRangeMax() != null) {
        destinationPortRange.setUpperPort(new PortNumber(flowClassifier.getDestinationPortRangeMax()));
    }
    if (flowClassifier.getLogicalSourcePort() != null) {
        neutronPortsBuilder.setSourcePortUuid(flowClassifier.getLogicalSourcePort().getValue());
    }
    if (flowClassifier.getLogicalDestinationPort() != null) {
        neutronPortsBuilder.setDestinationPortUuid(flowClassifier.getLogicalDestinationPort().getValue());
    }
    // currently not supported.
    // if (flowClassifier.getL7Parameter() != null) {
    // }
    MatchesBuilder matchesBuilder = new MatchesBuilder();
    matchesBuilder.setAceType(aceIpBuilder.build());
    matchesBuilder.addAugmentation(NeutronPorts.class, neutronPortsBuilder.build());
    // Set redirect-to-rsp action if rsp name is provided
    if (sfpName != null) {
        redirectToSfcBuilder.setSfpName(sfpName);
        actionsBuilder.addAugmentation(RedirectToSfc.class, redirectToSfcBuilder.build());
        aceBuilder.setActions(actionsBuilder.build());
    }
    aceBuilder.setMatches(matchesBuilder.build());
    // OpenStack networking-sfc don't pass action information
    // with flow classifier. It need to be determined using the
    // Port Chain data and then flow calssifier need to be updated
    // with the actions.
    aceBuilder.setRuleName(aclBuilder.getAclName() + RULE);
    aceBuilder.setKey(new AceKey(aceBuilder.getRuleName()));
    ArrayList<Ace> aceList = new ArrayList<>();
    aceList.add(aceBuilder.build());
    AccessListEntriesBuilder accessListEntriesBuilder = new AccessListEntriesBuilder();
    accessListEntriesBuilder.setAce(aceList);
    aclBuilder.setAccessListEntries(accessListEntriesBuilder.build());
    aclBuilder.setKey(new AclKey(aclBuilder.getAclName(), aclBuilder.getAclType()));
    LOG.info("Translated ACL Flow classfier : {}", aclBuilder.toString());
    return aclBuilder.build();
}
Also used : AceIpv6Builder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv6Builder) Ace(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace) NeutronPortsBuilder(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.sfc.acl.rev150105.NeutronPortsBuilder) AclKey(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.AclKey) ArrayList(java.util.ArrayList) AclBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.AclBuilder) MatchesBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.MatchesBuilder) IpPrefix(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix) AceKey(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.AceKey) AccessListEntriesBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.AccessListEntriesBuilder) ActionsBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.ActionsBuilder) AceBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.AceBuilder) DestinationPortRangeBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRangeBuilder) AceIpBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder) RedirectToSfcBuilder(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.sfc.acl.rev150105.RedirectToSfcBuilder) AceIpv4Builder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4Builder) PortNumber(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber) SourcePortRangeBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.SourcePortRangeBuilder)

Example 18 with MatchesBuilder

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.MatchesBuilder in project netvirt by opendaylight.

the class NeutronSecurityRuleListener method toAceBuilder.

private AceBuilder toAceBuilder(SecurityRule securityRule) {
    AceIpBuilder aceIpBuilder = new AceIpBuilder();
    SecurityRuleAttrBuilder securityRuleAttrBuilder = new SecurityRuleAttrBuilder();
    DestinationPortRangeBuilder destinationPortRangeBuilder = new DestinationPortRangeBuilder();
    boolean isDirectionIngress = false;
    if (securityRule.getDirection() != null) {
        securityRuleAttrBuilder.setDirection(DIRECTION_MAP.get(securityRule.getDirection()));
        isDirectionIngress = securityRule.getDirection().equals(DirectionIngress.class);
    }
    if (securityRule.getPortRangeMax() != null) {
        destinationPortRangeBuilder.setUpperPort(new PortNumber(securityRule.getPortRangeMax()));
    }
    if (securityRule.getPortRangeMin() != null) {
        destinationPortRangeBuilder.setLowerPort(new PortNumber(securityRule.getPortRangeMin()));
        // set destination port range if lower port is specified as it is mandatory parameter in acl model
        aceIpBuilder.setDestinationPortRange(destinationPortRangeBuilder.build());
    }
    aceIpBuilder = handleRemoteIpPrefix(securityRule, aceIpBuilder, isDirectionIngress);
    if (securityRule.getRemoteGroupId() != null) {
        securityRuleAttrBuilder.setRemoteGroupId(securityRule.getRemoteGroupId());
    }
    if (securityRule.getProtocol() != null) {
        SecurityRuleAttributes.Protocol protocol = securityRule.getProtocol();
        if (protocol.getUint8() != null) {
            // uint8
            aceIpBuilder.setProtocol(protocol.getUint8());
        } else {
            // symbolic protocol name
            aceIpBuilder.setProtocol(PROTOCOL_MAP.get(protocol.getIdentityref()));
        }
    }
    MatchesBuilder matchesBuilder = new MatchesBuilder();
    matchesBuilder.setAceType(aceIpBuilder.build());
    // set acl action as permit for the security rule
    ActionsBuilder actionsBuilder = new ActionsBuilder();
    actionsBuilder.setPacketHandling(new PermitBuilder().setPermit(true).build());
    AceBuilder aceBuilder = new AceBuilder();
    aceBuilder.setKey(new AceKey(securityRule.getUuid().getValue()));
    aceBuilder.setRuleName(securityRule.getUuid().getValue());
    aceBuilder.setMatches(matchesBuilder.build());
    aceBuilder.setActions(actionsBuilder.build());
    aceBuilder.addAugmentation(SecurityRuleAttr.class, securityRuleAttrBuilder.build());
    return aceBuilder;
}
Also used : SecurityRuleAttributes(org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.SecurityRuleAttributes) DirectionIngress(org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress) MatchesBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.MatchesBuilder) AceKey(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.AceKey) ActionsBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.ActionsBuilder) DestinationPortRangeBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRangeBuilder) AceBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.AceBuilder) AceIpBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder) SecurityRuleAttrBuilder(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttrBuilder) PermitBuilder(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.actions.packet.handling.PermitBuilder) PortNumber(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber)

Aggregations

MatchesBuilder (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.MatchesBuilder)18 AceIpBuilder (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder)13 Test (org.junit.Test)12 DestinationPortRangeBuilder (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRangeBuilder)9 AceIpv4Builder (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4Builder)8 PortNumber (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber)8 Matches (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches)7 MatchBuilder (org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder)7 EthernetMatch (org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch)6 AceIpv6Builder (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv6Builder)5 SourcePortRangeBuilder (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.SourcePortRangeBuilder)5 AceEthBuilder (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceEthBuilder)4 Ipv4Prefix (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix)4 Ipv6Prefix (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix)4 MacAddress (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress)4 AceIp (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp)3 Dscp (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Dscp)3 DestinationPortRange (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRange)3 SourcePortRange (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.SourcePortRange)3 NodeId (org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId)3