use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4 in project netvirt by opendaylight.
the class AclMatches method invertMatches.
public static Matches invertMatches(Matches matches) {
LOG.trace("Invert matches: {}", matches);
MatchesBuilder matchesBuilder = new MatchesBuilder(matches);
if (matches.getAceType() instanceof AceIp) {
AceIp aceIp = (AceIp) matches.getAceType();
AceIpBuilder aceIpBuilder = new AceIpBuilder(aceIp);
aceIpBuilder.setDestinationPortRange(null);
aceIpBuilder.setSourcePortRange(null);
SourcePortRange sourcePortRange = aceIp.getSourcePortRange();
DestinationPortRange destinationPortRange = aceIp.getDestinationPortRange();
if (sourcePortRange != null) {
DestinationPortRangeBuilder destinationPortRangeBuilder = new DestinationPortRangeBuilder();
destinationPortRangeBuilder.setLowerPort(sourcePortRange.getLowerPort());
destinationPortRangeBuilder.setUpperPort(sourcePortRange.getUpperPort());
aceIpBuilder.setDestinationPortRange(destinationPortRangeBuilder.build());
}
if (destinationPortRange != null) {
SourcePortRangeBuilder sourcePortRangeBuilder = new SourcePortRangeBuilder();
sourcePortRangeBuilder.setLowerPort(destinationPortRange.getLowerPort());
sourcePortRangeBuilder.setUpperPort(destinationPortRange.getUpperPort());
aceIpBuilder.setSourcePortRange(sourcePortRangeBuilder.build());
}
if (aceIp.getAceIpVersion() instanceof AceIpv4) {
AceIpv4 aceIpv4 = (AceIpv4) aceIp.getAceIpVersion();
Ipv4Prefix destinationIpv4Network = aceIpv4.getDestinationIpv4Network();
Ipv4Prefix sourceIpv4Network = aceIpv4.getSourceIpv4Network();
AceIpv4Builder aceIpv4Builder = new AceIpv4Builder(aceIpv4);
aceIpv4Builder.setDestinationIpv4Network(sourceIpv4Network);
aceIpv4Builder.setSourceIpv4Network(destinationIpv4Network);
aceIpBuilder.setAceIpVersion(aceIpv4Builder.build());
} else if (aceIp.getAceIpVersion() instanceof AceIpv6) {
AceIpv6 aceIpv6 = (AceIpv6) aceIp.getAceIpVersion();
Ipv6Prefix destinationIpv6Network = aceIpv6.getDestinationIpv6Network();
Ipv6Prefix sourceIpv6Network = aceIpv6.getSourceIpv6Network();
AceIpv6Builder aceIpv6Builder = new AceIpv6Builder(aceIpv6);
aceIpv6Builder.setDestinationIpv6Network(sourceIpv6Network);
aceIpv6Builder.setSourceIpv6Network(destinationIpv6Network);
aceIpBuilder.setAceIpVersion(aceIpv6Builder.build());
}
matchesBuilder.setAceType(aceIpBuilder.build());
} else if (matches.getAceType() instanceof AceEth) {
AceEth aceEth = (AceEth) matches.getAceType();
MacAddress destinationMacAddress = aceEth.getDestinationMacAddress();
MacAddress destinationMacAddressMask = aceEth.getDestinationMacAddressMask();
MacAddress sourceMacAddress = aceEth.getSourceMacAddress();
MacAddress sourceMacAddressMask = aceEth.getSourceMacAddressMask();
AceEthBuilder aceEthBuilder = new AceEthBuilder(aceEth);
aceEthBuilder.setDestinationMacAddress(sourceMacAddress);
aceEthBuilder.setDestinationMacAddressMask(sourceMacAddressMask);
aceEthBuilder.setSourceMacAddress(destinationMacAddress);
aceEthBuilder.setSourceMacAddressMask(destinationMacAddressMask);
matchesBuilder.setAceType(aceEthBuilder.build());
}
Matches invertedMatches = matchesBuilder.build();
LOG.trace("Inverted matches: {}", invertedMatches);
return invertedMatches;
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4 in project netvirt by opendaylight.
the class AclMatches method addIpV4Match.
private void addIpV4Match(AceIp aceIp) {
setIpv4EtherType();
AceIpv4 aceIpv4 = (AceIpv4) aceIp.getAceIpVersion();
if (aceIpv4.getDestinationIpv4Network() != null) {
Ipv4MatchBuilder ipv4match = new Ipv4MatchBuilder();
ipv4match.setIpv4Destination(aceIpv4.getDestinationIpv4Network());
matchBuilder.setLayer3Match(mergeIpv4Match(matchBuilder, ipv4match));
}
if (aceIpv4.getSourceIpv4Network() != null) {
Ipv4MatchBuilder ipv4match = new Ipv4MatchBuilder();
ipv4match.setIpv4Source(aceIpv4.getSourceIpv4Network());
matchBuilder.setLayer3Match(mergeIpv4Match(matchBuilder, ipv4match));
}
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4 in project netvirt by opendaylight.
the class AclMatchesTest method buildIpv4MatchTest.
@Test
public void buildIpv4MatchTest() {
AceIpv4Builder aceIpv4 = new AceIpv4Builder();
aceIpv4.setDestinationIpv4Network(new Ipv4Prefix(IPV4_DST_STR));
aceIpv4.setSourceIpv4Network(new Ipv4Prefix(IPV4_SRC_STR));
AceIpBuilder aceIpBuilder = new AceIpBuilder();
aceIpBuilder.setAceIpVersion(aceIpv4.build());
MatchesBuilder matchesBuilder = new MatchesBuilder();
matchesBuilder.setAceType(aceIpBuilder.build());
// Create the aclMatches that is the object to be tested
AclMatches aclMatches = new AclMatches(matchesBuilder.build());
MatchBuilder matchBuilder = aclMatches.buildMatch();
// The layer3 match should be there with src/dst values
Ipv4Match l3 = (Ipv4Match) matchBuilder.getLayer3Match();
assertNotNull(l3);
assertEquals(l3.getIpv4Destination().getValue().toString(), IPV4_DST_STR);
assertEquals(l3.getIpv4Source().getValue().toString(), IPV4_SRC_STR);
// There should be an IPv4 etherType set
EthernetMatch ethMatch = matchBuilder.getEthernetMatch();
assertNotNull(ethMatch);
assertEquals(ethMatch.getEthernetType().getType().getValue(), Long.valueOf(NwConstants.ETHTYPE_IPV4));
// The rest should be null
assertNull(matchBuilder.getIpMatch());
assertNull(matchBuilder.getLayer4Match());
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4 in project netvirt by opendaylight.
the class AclServiceOFFlowBuilder method programIcmpFlow.
/**
*Converts icmp matches to flows.
* @param acl the access control list
* @return the map containing the flows and the respective flow id
*/
public static Map<String, List<MatchInfoBase>> programIcmpFlow(AceIp acl) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
// For ICMP port range indicates type and code
SourcePortRange sourcePortRange = acl.getSourcePortRange();
String flowId = "ICMP_";
if (sourcePortRange != null) {
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(new MatchIcmpv4(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V4_SOURCE_" + sourcePortRange.getLowerPort().getValue() + sourcePortRange.getUpperPort().getValue();
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(new MatchIcmpv6(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V6_SOURCE_" + sourcePortRange.getLowerPort().getValue() + "_" + sourcePortRange.getUpperPort().getValue() + "_";
}
}
DestinationPortRange destinationPortRange = acl.getDestinationPortRange();
if (destinationPortRange != null) {
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(new MatchIcmpv4(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V4_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(new MatchIcmpv6(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V6_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
}
}
if (acl.getAceIpVersion() instanceof AceIpv6 && acl.getProtocol() == NwConstants.IP_PROT_ICMP) {
// We are aligning our implementation similar to Neutron Firewall driver where a Security
// Group rule with "Ethertype as IPv6 and Protocol as icmp" is treated as ICMPV6 SG Rule.
flowMatches.add(new MatchIpProtocol(AclConstants.IP_PROT_ICMPV6));
} else {
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
}
Map<String, List<MatchInfoBase>> flowMatchesMap = new HashMap<>();
flowMatchesMap.put(flowId, flowMatches);
return flowMatchesMap;
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4 in project netvirt by opendaylight.
the class AclServiceOFFlowBuilder method addDstIpMatches.
/**
* Adds destination ip matches to the flows.
* @param acl the access control list
* @return the list of flows.
*/
public static List<MatchInfoBase> addDstIpMatches(AceIp acl) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(MatchEthernetType.IPV4);
Ipv4Prefix dstNetwork = ((AceIpv4) acl.getAceIpVersion()).getDestinationIpv4Network();
if (null != dstNetwork && !dstNetwork.getValue().equals(AclConstants.IPV4_ALL_NETWORK)) {
flowMatches.add(new MatchIpv4Destination(dstNetwork));
}
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(MatchEthernetType.IPV6);
Ipv6Prefix dstNetwork = ((AceIpv6) acl.getAceIpVersion()).getDestinationIpv6Network();
if (null != dstNetwork && !dstNetwork.getValue().equals(AclConstants.IPV6_ALL_NETWORK)) {
flowMatches.add(new MatchIpv6Destination(dstNetwork));
}
}
return flowMatches;
}
Aggregations