Examples with AceIp org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp used on opensource projects

Example 6 with AceIp

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp in project netvirt by opendaylight.

the class AclServiceOFFlowBuilder method programIcmpFlow.

/**
 *Converts icmp matches to flows.
 * @param acl the access control list
 * @return the map containing the flows and the respective flow id
 */
public static Map<String, List<MatchInfoBase>> programIcmpFlow(AceIp acl) {
    List<MatchInfoBase> flowMatches = new ArrayList<>();
    flowMatches.addAll(addSrcIpMatches(acl));
    flowMatches.addAll(addDstIpMatches(acl));
    // For ICMP port range indicates type and code
    SourcePortRange sourcePortRange = acl.getSourcePortRange();
    String flowId = "ICMP_";
    if (sourcePortRange != null) {
        if (acl.getAceIpVersion() instanceof AceIpv4) {
            flowMatches.add(new MatchIcmpv4(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
            flowId = flowId + "V4_SOURCE_" + sourcePortRange.getLowerPort().getValue() + sourcePortRange.getUpperPort().getValue();
        } else if (acl.getAceIpVersion() instanceof AceIpv6) {
            flowMatches.add(new MatchIcmpv6(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
            flowId = flowId + "V6_SOURCE_" + sourcePortRange.getLowerPort().getValue() + "_" + sourcePortRange.getUpperPort().getValue() + "_";
        }
    }
    DestinationPortRange destinationPortRange = acl.getDestinationPortRange();
    if (destinationPortRange != null) {
        if (acl.getAceIpVersion() instanceof AceIpv4) {
            flowMatches.add(new MatchIcmpv4(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
            flowId = flowId + "V4_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
        } else if (acl.getAceIpVersion() instanceof AceIpv6) {
            flowMatches.add(new MatchIcmpv6(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
            flowId = flowId + "V6_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
        }
    }
    if (acl.getAceIpVersion() instanceof AceIpv6 && acl.getProtocol() == NwConstants.IP_PROT_ICMP) {
        // We are aligning our implementation similar to Neutron Firewall driver where a Security
        // Group rule with "Ethertype as IPv6 and Protocol as icmp" is treated as ICMPV6 SG Rule.
        flowMatches.add(new MatchIpProtocol(AclConstants.IP_PROT_ICMPV6));
    } else {
        flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
    }
    Map<String, List<MatchInfoBase>> flowMatchesMap = new HashMap<>();
    flowMatchesMap.put(flowId, flowMatches);
    return flowMatchesMap;
}

Example 7 with AceIp

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp in project netvirt by opendaylight.

the class AclServiceOFFlowBuilder method addDstIpMatches.

/**
 * Adds destination ip matches to the flows.
 * @param acl the access control list
 * @return the list of flows.
 */
public static List<MatchInfoBase> addDstIpMatches(AceIp acl) {
    List<MatchInfoBase> flowMatches = new ArrayList<>();
    if (acl.getAceIpVersion() instanceof AceIpv4) {
        flowMatches.add(MatchEthernetType.IPV4);
        Ipv4Prefix dstNetwork = ((AceIpv4) acl.getAceIpVersion()).getDestinationIpv4Network();
        if (null != dstNetwork && !dstNetwork.getValue().equals(AclConstants.IPV4_ALL_NETWORK)) {
            flowMatches.add(new MatchIpv4Destination(dstNetwork));
        }
    } else if (acl.getAceIpVersion() instanceof AceIpv6) {
        flowMatches.add(MatchEthernetType.IPV6);
        Ipv6Prefix dstNetwork = ((AceIpv6) acl.getAceIpVersion()).getDestinationIpv6Network();
        if (null != dstNetwork && !dstNetwork.getValue().equals(AclConstants.IPV6_ALL_NETWORK)) {
            flowMatches.add(new MatchIpv6Destination(dstNetwork));
        }
    }
    return flowMatches;
}

Example 8 with AceIp

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp in project netvirt by opendaylight.

the class AbstractAclServiceImpl method programAceRule.

/**
 * Programs the ace specific rule.
 *
 * @param port acl interface
 * @param aclName the acl name
 * @param ace rule to be program
 * @param addOrRemove whether to delete or add flow
 */
protected void programAceRule(AclInterface port, String aclName, Ace ace, int addOrRemove) {
    SecurityRuleAttr aceAttr = AclServiceUtils.getAccesssListAttributes(ace);
    if (!isValidDirection(aceAttr.getDirection())) {
        LOG.trace("Ignoring {} direction while processing for {} ACE Rule {}", aceAttr.getDirection(), this.directionString, ace.getRuleName());
        return;
    }
    LOG.debug("Program {} ACE rule for dpId={}, lportTag={}, addOrRemove={}, ace={}, portId={}", this.directionString, port.getDpId(), port.getLPortTag(), addOrRemove, ace.getRuleName(), port.getInterfaceId());
    Matches matches = ace.getMatches();
    Map<String, List<MatchInfoBase>> flowMap = null;
    if (matches.getAceType() instanceof AceIp) {
        flowMap = AclServiceOFFlowBuilder.programIpFlow(matches);
        if (!AclServiceUtils.doesAceHaveRemoteGroupId(aceAttr)) {
            // programming for ACE which doesn't have any remote group Id
            programForAceNotHavingRemoteAclId(port, aclName, ace, flowMap, addOrRemove);
        } else {
            Uuid remoteAclId = aceAttr.getRemoteGroupId();
            // programming for ACE which have remote group Id
            programAceSpecificFlows(port, aclName, ace, flowMap, remoteAclId, addOrRemove);
        }
    }
}

Example 9 with AceIp

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp in project netvirt by opendaylight.

the class AclMatches method addDscpMatch.

private void addDscpMatch(AceIp aceIp) {
    setIpv4EtherType();
    IpMatchBuilder ipMatch = new IpMatchBuilder();
    Dscp dscp = new Dscp(aceIp.getDscp());
    ipMatch.setIpDscp(dscp);
    matchBuilder.setIpMatch(mergeIpMatch(matchBuilder, ipMatch));
}

Example 10 with AceIp

use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp in project netvirt by opendaylight.

the class AclMatches method addIpV6Match.

private void addIpV6Match(AceIp aceIp) {
    setIpv6EtherType();
    AceIpv6 aceIpv6 = (AceIpv6) aceIp.getAceIpVersion();
    if (aceIpv6.getSourceIpv6Network() != null) {
        Ipv6MatchBuilder ipv6match = new Ipv6MatchBuilder();
        ipv6match.setIpv6Source(aceIpv6.getSourceIpv6Network());
        matchBuilder.setLayer3Match(mergeIpv6Match(matchBuilder, ipv6match));
    }
    if (aceIpv6.getDestinationIpv6Network() != null) {
        Ipv6MatchBuilder ipv6match = new Ipv6MatchBuilder();
        ipv6match.setIpv6Destination(aceIpv6.getDestinationIpv6Network());
        matchBuilder.setLayer3Match(mergeIpv6Match(matchBuilder, ipv6match));
    }
}