use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp in project netvirt by opendaylight.
the class AclServiceOFFlowBuilder method programIcmpFlow.
/**
*Converts icmp matches to flows.
* @param acl the access control list
* @return the map containing the flows and the respective flow id
*/
public static Map<String, List<MatchInfoBase>> programIcmpFlow(AceIp acl) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
// For ICMP port range indicates type and code
SourcePortRange sourcePortRange = acl.getSourcePortRange();
String flowId = "ICMP_";
if (sourcePortRange != null) {
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(new MatchIcmpv4(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V4_SOURCE_" + sourcePortRange.getLowerPort().getValue() + sourcePortRange.getUpperPort().getValue();
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(new MatchIcmpv6(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V6_SOURCE_" + sourcePortRange.getLowerPort().getValue() + "_" + sourcePortRange.getUpperPort().getValue() + "_";
}
}
DestinationPortRange destinationPortRange = acl.getDestinationPortRange();
if (destinationPortRange != null) {
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(new MatchIcmpv4(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V4_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(new MatchIcmpv6(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V6_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
}
}
if (acl.getAceIpVersion() instanceof AceIpv6 && acl.getProtocol() == NwConstants.IP_PROT_ICMP) {
// We are aligning our implementation similar to Neutron Firewall driver where a Security
// Group rule with "Ethertype as IPv6 and Protocol as icmp" is treated as ICMPV6 SG Rule.
flowMatches.add(new MatchIpProtocol(AclConstants.IP_PROT_ICMPV6));
} else {
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
}
Map<String, List<MatchInfoBase>> flowMatchesMap = new HashMap<>();
flowMatchesMap.put(flowId, flowMatches);
return flowMatchesMap;
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp in project netvirt by opendaylight.
the class AclServiceOFFlowBuilder method addDstIpMatches.
/**
* Adds destination ip matches to the flows.
* @param acl the access control list
* @return the list of flows.
*/
public static List<MatchInfoBase> addDstIpMatches(AceIp acl) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(MatchEthernetType.IPV4);
Ipv4Prefix dstNetwork = ((AceIpv4) acl.getAceIpVersion()).getDestinationIpv4Network();
if (null != dstNetwork && !dstNetwork.getValue().equals(AclConstants.IPV4_ALL_NETWORK)) {
flowMatches.add(new MatchIpv4Destination(dstNetwork));
}
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(MatchEthernetType.IPV6);
Ipv6Prefix dstNetwork = ((AceIpv6) acl.getAceIpVersion()).getDestinationIpv6Network();
if (null != dstNetwork && !dstNetwork.getValue().equals(AclConstants.IPV6_ALL_NETWORK)) {
flowMatches.add(new MatchIpv6Destination(dstNetwork));
}
}
return flowMatches;
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp in project netvirt by opendaylight.
the class AbstractAclServiceImpl method programAceRule.
/**
* Programs the ace specific rule.
*
* @param port acl interface
* @param aclName the acl name
* @param ace rule to be program
* @param addOrRemove whether to delete or add flow
*/
protected void programAceRule(AclInterface port, String aclName, Ace ace, int addOrRemove) {
SecurityRuleAttr aceAttr = AclServiceUtils.getAccesssListAttributes(ace);
if (!isValidDirection(aceAttr.getDirection())) {
LOG.trace("Ignoring {} direction while processing for {} ACE Rule {}", aceAttr.getDirection(), this.directionString, ace.getRuleName());
return;
}
LOG.debug("Program {} ACE rule for dpId={}, lportTag={}, addOrRemove={}, ace={}, portId={}", this.directionString, port.getDpId(), port.getLPortTag(), addOrRemove, ace.getRuleName(), port.getInterfaceId());
Matches matches = ace.getMatches();
Map<String, List<MatchInfoBase>> flowMap = null;
if (matches.getAceType() instanceof AceIp) {
flowMap = AclServiceOFFlowBuilder.programIpFlow(matches);
if (!AclServiceUtils.doesAceHaveRemoteGroupId(aceAttr)) {
// programming for ACE which doesn't have any remote group Id
programForAceNotHavingRemoteAclId(port, aclName, ace, flowMap, addOrRemove);
} else {
Uuid remoteAclId = aceAttr.getRemoteGroupId();
// programming for ACE which have remote group Id
programAceSpecificFlows(port, aclName, ace, flowMap, remoteAclId, addOrRemove);
}
}
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp in project netvirt by opendaylight.
the class AclMatches method addDscpMatch.
private void addDscpMatch(AceIp aceIp) {
setIpv4EtherType();
IpMatchBuilder ipMatch = new IpMatchBuilder();
Dscp dscp = new Dscp(aceIp.getDscp());
ipMatch.setIpDscp(dscp);
matchBuilder.setIpMatch(mergeIpMatch(matchBuilder, ipMatch));
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp in project netvirt by opendaylight.
the class AclMatches method addIpV6Match.
private void addIpV6Match(AceIp aceIp) {
setIpv6EtherType();
AceIpv6 aceIpv6 = (AceIpv6) aceIp.getAceIpVersion();
if (aceIpv6.getSourceIpv6Network() != null) {
Ipv6MatchBuilder ipv6match = new Ipv6MatchBuilder();
ipv6match.setIpv6Source(aceIpv6.getSourceIpv6Network());
matchBuilder.setLayer3Match(mergeIpv6Match(matchBuilder, ipv6match));
}
if (aceIpv6.getDestinationIpv6Network() != null) {
Ipv6MatchBuilder ipv6match = new Ipv6MatchBuilder();
ipv6match.setIpv6Destination(aceIpv6.getDestinationIpv6Network());
matchBuilder.setLayer3Match(mergeIpv6Match(matchBuilder, ipv6match));
}
}
Aggregations